Secure and Privacy-Preserving Authentication Scheme Using Decentralized Identifier in Metaverse Environment

The metaverse provides a virtual world with many social activities that parallel the real world. As the metaverse attracts more attention, the importance of security and privacy preservation is increasing significantly. In the metaverse, users have the capability to create various avatars, which can be exploited to deceive or threaten others, leading to internal security issues. Additionally, users attempting to access the metaverse are susceptible to various external security threats since they communicate with service providers through public channels. To address these challenges, we propose an authentication scheme using blockchain, a decentralized identifier, and a verifiable credential to enable metaverse users to perform secure identity verification and authentication without disclosing sensitive information to service providers. Furthermore, the proposed approach mitigates privacy concerns associated with the management of personal information by enabling users to prove the necessary identity information independently without relying on service providers. We demonstrate that the proposed scheme is resistant to malicious security attacks and provides privacy preservation by performing security analyses, such as AVISPA simulation, BAN logic, and the real-or-random (ROR) model. We also show that the performance of our proposed scheme is better suited for the metaverse environment by providing greater security and efficiency when compared to competing schemes.