METAseen：分析基于 Web 3.0 的元宇宙中的网络流量和隐私政策

IF 7.5 2区计算机科学 Q1 TELECOMMUNICATIONS

Digital Communications and Networks Pub Date : 2025-02-01 DOI:10.1016/j.dcan.2023.11.006

Beiyuan Yu , Yizhong Liu , Shanyao Ren , Ziyu Zhou , Jianwei Liu

{"title":"METAseen：分析基于 Web 3.0 的元宇宙中的网络流量和隐私政策","authors":"Beiyuan Yu , Yizhong Liu , Shanyao Ren , Ziyu Zhou , Jianwei Liu","doi":"10.1016/j.dcan.2023.11.006","DOIUrl":null,"url":null,"abstract":"<div><div>Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality (VR) and blockchain technology but introduces privacy risks. Now, a series of challenges arise in Metaverse security, including massive data traffic breaches, large-scale user tracking, analysis activities, unreliable Artificial Intelligence (AI) analysis results, and social engineering security for people. In this work, we concentrate on Decentraland and Sandbox, two well-known Metaverse applications in Web 3.0. Our experiments analyze, for the first time, the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy. We develop a lightweight traffic processing approach suitable for the Web 3.0 environment, which does not rely on complex decryption or reverse engineering techniques.</div><div>We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts. This method provides a new approach to de-anonymizing users' identities through Metaverse applications. Our system, METAseen, analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices. The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information (PII), device information, and Metaverse-related data. By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider, we discovered that far more than 49% of the Metaverse data flows needed to be disclosed appropriately.</div></div>","PeriodicalId":48631,"journal":{"name":"Digital Communications and Networks","volume":"11 1","pages":"Pages 13-25"},"PeriodicalIF":7.5000,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"METAseen: analyzing network traffic and privacy policies in Web 3.0 based Metaverse\",\"authors\":\"Beiyuan Yu , Yizhong Liu , Shanyao Ren , Ziyu Zhou , Jianwei Liu\",\"doi\":\"10.1016/j.dcan.2023.11.006\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality (VR) and blockchain technology but introduces privacy risks. Now, a series of challenges arise in Metaverse security, including massive data traffic breaches, large-scale user tracking, analysis activities, unreliable Artificial Intelligence (AI) analysis results, and social engineering security for people. In this work, we concentrate on Decentraland and Sandbox, two well-known Metaverse applications in Web 3.0. Our experiments analyze, for the first time, the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy. We develop a lightweight traffic processing approach suitable for the Web 3.0 environment, which does not rely on complex decryption or reverse engineering techniques.</div><div>We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts. This method provides a new approach to de-anonymizing users' identities through Metaverse applications. Our system, METAseen, analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices. The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information (PII), device information, and Metaverse-related data. By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider, we discovered that far more than 49% of the Metaverse data flows needed to be disclosed appropriately.</div></div>\",\"PeriodicalId\":48631,\"journal\":{\"name\":\"Digital Communications and Networks\",\"volume\":\"11 1\",\"pages\":\"Pages 13-25\"},\"PeriodicalIF\":7.5000,\"publicationDate\":\"2025-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Digital Communications and Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2352864823001694\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Communications and Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2352864823001694","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

摘要

虚拟世界是利用虚拟现实（VR）和区块链技术为用户构建虚拟环境的新兴概念，但存在隐私风险。现在，元宇宙安全面临着一系列挑战，包括大规模数据流量泄露、大规模用户跟踪、分析活动、不可靠的人工智能（AI）分析结果以及针对人类的社会工程安全。在这项工作中，我们专注于Decentraland和Sandbox，这是Web 3.0中两个著名的元宇宙应用程序。我们的实验首次从网络流量和隐私政策相结合的角度分析了Metaverse应用和服务暴露的个人隐私数据。我们开发了一种适合Web 3.0环境的轻量级流量处理方法，它不依赖于复杂的解密或逆向工程技术。我们提出了一种智能合约交互流量分析方法，能够检索用户与Metaverse应用程序和区块链智能合约的交互。该方法提供了一种通过Metaverse应用程序对用户身份进行去匿名化的新方法。我们的系统METAseen分析并比较网络流量和Metaverse应用程序的隐私政策，以识别有争议的数据收集实践。一致性检查实验表明，Metaverse应用程序公开的数据类型包括个人身份信息（PII）、设备信息和与Metaverse相关的数据。通过将网络流量中观察到的数据流与Metaverse服务提供商的隐私法规中所做的断言进行比较，我们发现远远超过49%的Metaverse数据流需要适当地披露。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

METAseen: analyzing network traffic and privacy policies in Web 3.0 based Metaverse

Metaverse is a new emerging concept building up a virtual environment for the user using Virtual Reality (VR) and blockchain technology but introduces privacy risks. Now, a series of challenges arise in Metaverse security, including massive data traffic breaches, large-scale user tracking, analysis activities, unreliable Artificial Intelligence (AI) analysis results, and social engineering security for people. In this work, we concentrate on Decentraland and Sandbox, two well-known Metaverse applications in Web 3.0. Our experiments analyze, for the first time, the personal privacy data exposed by Metaverse applications and services from a combined perspective of network traffic and privacy policy. We develop a lightweight traffic processing approach suitable for the Web 3.0 environment, which does not rely on complex decryption or reverse engineering techniques.

We propose a smart contract interaction traffic analysis method capable of retrieving user interactions with Metaverse applications and blockchain smart contracts. This method provides a new approach to de-anonymizing users' identities through Metaverse applications. Our system, METAseen, analyzes and compares network traffic with the privacy policies of Metaverse applications to identify controversial data collection practices. The consistency check experiment reveals that the data types exposed by Metaverse applications include Personal Identifiable Information (PII), device information, and Metaverse-related data. By comparing the data flows observed in the network traffic with assertions made in the privacy regulations of the Metaverse service provider, we discovered that far more than 49% of the Metaverse data flows needed to be disclosed appropriately.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Digital Communications and Networks Computer Science-Hardware and Architecture

CiteScore

12.80

自引率

5.10%

发文量

915

审稿时长

30 weeks

期刊介绍： Digital Communications and Networks is a prestigious journal that emphasizes on communication systems and networks. We publish only top-notch original articles and authoritative reviews, which undergo rigorous peer-review. We are proud to announce that all our articles are fully Open Access and can be accessed on ScienceDirect. Our journal is recognized and indexed by eminent databases such as the Science Citation Index Expanded (SCIE) and Scopus. In addition to regular articles, we may also consider exceptional conference papers that have been significantly expanded. Furthermore, we periodically release special issues that focus on specific aspects of the field. In conclusion, Digital Communications and Networks is a leading journal that guarantees exceptional quality and accessibility for researchers and scholars in the field of communication systems and networks.