Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are metaverse pioneers making the same old security mistakes?

Maria Korolov | Feb. 24, 2015
History repeats itself when it comes to development mistakes in the metaverse.

"The only thing they care about is tying it to a payment system, so they'll leaving the authentication up to PayPal," he said. "But it's a separate system, not baked within the virtual world."

Content protection
On the Web, and on the Internet in general, content protection has long been a hopeless cause. Text, photographs, sound files and videos can be easily copied and passed around. The ability to see a site's HTML code is built right into the browser.

OpenSim actually has a higher level of built-in content protection than the Web. It duplicated Second Life's permissions system, which specifies whether particular items can be copied, modified, or transferred. But the system is by no means bullet-proof.

In particular, the hypergrid network that connects OpenSim worlds and allows avatars, communications and content to travel between them can also be used to transport stolen virtual goods.

"I don't think the hypergrid should be used by anybody, unless they just don't care about the content," said Maxwell.

Content protection could have been built into the Web -- and the hypergrid -- from the start, said Maxwell, but people just weren't thinking about it.

"Intellectual property is protected quite frequently through digital signatures," he said. "In the course of my job, I sign legal documents using my common access card that the military issued me as a proxy for my real signature."

And, on the Web, financial information is protected as well, he said, protected enough for online financial services and commerce sites to flourish.

But content protection hasn't been universally welcomed online, even when technically feasible.

"Consumers have unanimously voted no to DRM-ed music, which in reality is exactly the same as certificates for content," said Geir Nøklebye, owner of the Xmir Grid, an OpenSim virtual world based in Norway. "Besides, it is very complicated and costly to manage."

Secure communications
By default, Internet traffic is all in the clear.

So are communications between OpenSim avatars, as are communications between avatars and OpenSim world servers, and communications between different servers.

On the Web, encryption was bolted on later -- but it is not yet available in OpenSim.

"There needs to be a way to ensure that communications are private," said Maxwell. Even something as simple as fetching an item from inventory could be valuable information to an enemy.

In the case of training simulations, for example, it could allow foreign powers to figure out how soldiers are trained, which could give them an advantage in the field, he said.

"I do not want the enemy to listen in and learn our tactics," he said.

In the case of corporate worlds, it could provide hackers with insights that they could use for social engineering.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.