POSTER: ReAvatar: Virtual Reality De-anonymization Attack through Correlating Movement Signatures

Abstract

Virtual reality (VR) is on the precipice of entering mainstream entertainment with devices equipped with a multitude of sensing, tracking, and internet capabilities that can reshape the current infotainment industry such as online gaming or conferences with novel features. With VR techniques, the online gamer or conference attendances could choose to keep their identity anonymous by easily altering their appearances (i.e., avatars). However, in this study, we present ReAvatar, a novel de-anonymization attack that identifies users by their virtual avatar via a correlation in specific recorded movements. Using 3D pose estimation, we train a sophisticated machine learning model with user movement data recorded while performing a set of movements in real life and then again with their avatars. We then map correlations between these two sets of movement data using a bespoke agglomerative clustering algorithm and establish relationship between the user's virtual and real-life identity. ReAvatar achieves 89.60% accuracy in detecting a unique user among multiple avatars. The security and privacy implications of this paper will be foundational for users and researchers alike that explore the realm of virtual reality.