To date, AREA members have funded 11 AR research projects on a wide range of timely topics critical to the adoption of enterprise AR. Now the AREA is pleased to announce a call for proposals for its 12th research project, which will examine the landscape of cybersecurity threats and mitigation measures, recommend strategies for reducing attack surfaces, and develop running code to permit AREA members to test SSO and secure data retrieval using wearable AR devices. Building on prior research, commissioned by the AREA in its first research project in 2017, this project will address topics such as:
- The applicability of existing open authentication standards for use in AR in the enterprise
- How federated identity and Single Sign On (SSO) works in the context of AR
- Assessment of how smartcards work via USB-C adapter, retina scanning and Bluetooth keyboards can be used for username/passwords
- How to implement identity gating and connect with existing enterprise IT security systems in AR applications built with game engines (e.g., Unity applications for HoloLens)
- Secure onboarding (connectivity, device management, and application configuration) of AR devices using established industry standards
- Open vs closed system architecture risks that should be considered.
- Understanding what is the right balance between security and user experience based on security controls.
- Understanding privileged access and conditional access requirements for AR use.
- Identification of appropriate physical security requirements (i.e. asset tagging and geofencing) for AR devices.
- Recommended mechanisms to perform authentication on systems with limited user input
- Mechanisms to keep sensitive proprietary data safe from risk vectors when authoring or using AR applications
- Designing systems to allow for changing authentication back-ends, as more organizations move towards zero-trust
- Frameworks to effectively assess the practical cyber threat of introducing new AR devices to a secure enterprise environment
This AREA research project will produce: an updated framework to understand the areas of risk and potential impact unique to AR devices and AR software, so that proper mitigation measures can be designed, a decision support tool based on the framework, code in a cloud environment for testing SSO and secure data retrieval methods, a gap analysis that can be published to guide future work in consensus-based SDOs focusing on security protocols, an executive summary of the project, and a member-exclusive webinar.
The AREA Research Committee budget for this project is $15,000. Organizations interested in conducting this research for the fixed fee are invited to submit proposals. All proposals must be submitted by 12 noon Eastern Daylight Time on November 1, 2022.
Full information on the project needs, desired outcomes and required components of a winning proposal, including a submission form, can be found here.
If you have any questions concerning this project or the AREA Research Committee, please email the Research Committee.