Immersive content refers to next-generation content that maximizes human five senses to provide experiences similar to reality. New content in the 5G era, realistic content has begun. Realistic contents represented by immersion, interaction, and intelligence are typical examples. Examples include virtual reality (VR), augmented reality (AR), mixed reality (MR), and hologram.
□ Overview and purpose of realistic content security model
Sensory content refers to content that maximizes human senses and interacts with users based on data by utilizing sensory technologies such as virtual reality, augmented reality, and hologram. These immersive contents provide a high sense of reality and experience through features such as immersion, interaction, and intelligence.
The immersive content industry ecosystem is composed of content, platform, network, and devices, and immersive content is based on the development of ICT technology, such as the expansion of the spread of smartphones and the evolution of devices, and the active investment of world-class IT companies such as Facebook, Google, and Apple. is growing rapidly
In addition, as the sensory content industry is a major future growth engine, many countries are promoting policies to foster the sensory content industry. The immersive content industry is in the limelight due to its high utilization through convergence with industries in various fields such as education, defense, and medical as well as culture, art, and tourism. As a result, the importance of realistic content has been further highlighted. The Korean government is also promoting various policies to lead the realistic content industry.
The immersive content industry, which is rapidly developing due to these environmental and policy factors, is also becoming a reality as various security threats such as information leakage and user privacy invasion through security vulnerabilities of each component of platform, network, and device.
In addition, the metaverse-related industry that provides new experiences through the new virtual world is also active, and many problems are observed that new threats occurring in the virtual world lead to the real world, so caution is required. In order to support the development of the safe sensory content industry, a ‘realistic content security model’ was developed and distributed. Using this, it is necessary to improve the applicability of security by supporting vulnerability checks and consulting at industrial sites and to enhance the reality of the security model.
□ Realistic content security model
The government supports the development of security guidelines, the establishment of a secure living lab, the development of standard security models, institutionalization, and diffusion to strengthen security for the convergence industry. The immersive content security sector, which was selected as one of the five convergence industries and continuously developed, was provided in various ways, from immersive content security living labs to security models and consulting support, depending on the stage.
In order to support the development of a safe sensory content industry, the sensory content industry was classified and its components and structure analyzed to develop a ‘realistic content security model’ that presented security requirements to respond to possible security threats.
□ Realistic Contents Security Model PART2: Metaverse, Digital Twin
 |
| Metaverse, Digital Twin |
Metaverse, Digital Twin’ analyzes the service structure and flow from production to transmission and use of the area to identify possible security threats and suggests countermeasures.
In order to present specific measures to prevent and remove the identified security threats, the security requirements to be applied in the metaverse and digital twin environments are described. The security requirements to be applied in the metaverse and digital twin service environment were divided into seven categories (administrative security, information system, content application, content API, MEC cloud management console, device used, source code, and personal information). Inspection and countermeasures for the corresponding security requirements can be found in Chapter 5 of the Realistic Contents Security Model Part 1, and can be referred to by the item number of each security requirement.
□Realistic content (Metaverse, Digital Twin) service components and subject to protection
▶ Simulation production
Simulation production server
Simulation distribution server
Test server
Configuration management server
NAS server
DBMS for development
Digital Twin DB
Simulation DB
Analysis DB
PC for simulation production
Business PC
Simulation content
Simulation source code, etc.
▶ 5G network
5G MEC cloud management console
Cloud storage
Cloud container
Cloud instance (server)
Cloud DBMS, etc.
▶ Simulation system
Simulation API Server
Application server providing simulation
Digital twin main server
Digital twin virtual server
Simulation transmission server
Web server providing simulation
Digital twin virtualization server
Simulation API
Simulation provision application
Simulation DB
Network Equipment
Information protection system
Operator PC, etc.
▶ Device used
Devices using holograms
Administrator HMD
Administrator PC
Administrator terminal, etc.
□ Realistic content (metaverse, digital twin) security architecture
Based on the configuration of the metaverse and digital twin services, protection targets and security threat scenarios were derived, and based on this, a security architecture was derived and presented. The area is divided into ‘production environment, transmission environment, and use environment’, and security technologies and solutions are mapped and presented to respond to security threats.
▶ Metaverse Security Model
The metaverse security model presents more detailed security requirements by classifying the realistic content security model PART2: Metaverse and Digital Twin, developed in 21, by classifying the structure of the ‘Metaverse Ecosystem’, service flow, and stakeholders in the ecosystem. It is divided into ‘Metabus operators’, ‘Metabus content creators’, and ‘Metabus service users’, and the security rules to be followed by each stakeholder are presented and detailed so that they can be used immediately.
In the metaverse security model, the life cycle of the metaverse is classified, and stakeholders are guided to implement security accordingly. Therefore, the subject of protection here must be interpreted including the components and life cycle activities in the metaverse structure included in the life cycle.
▶ Metaverse Security Architecture
After analyzing the security threats identified through metaverse structure, life cycle, and role analysis among stakeholders, and countermeasures against them, the metaverse security architecture was presented as follows.
 |
| Metaverse Security Architecture |
Source : Ministry of Science and ICT, Korea Internet & Security Agency
