□ Overview and purpose of realistic content security model
Sensory content refers to content that maximizes human senses and interacts with users based on data by utilizing sensory technologies such as virtual reality, augmented reality, and hologram. These immersive contents provide a high sense of reality and experience through features such as immersion, interaction, and intelligence.
The immersive content industry ecosystem is composed of content, platform, network, and devices, and immersive content is based on the development of ICT technology, such as the expansion of the spread of smartphones and the evolution of devices, and the active investment of world-class IT companies such as Facebook, Google, and Apple. is growing rapidly.
 |
| Immersive Content Security Mode : VR/AR Service |
In addition, as the sensory content industry is a major future growth engine, many countries are promoting policies to foster the sensory content industry. The immersive content industry is in the limelight due to its high utilization through convergence with industries in various fields such as education, national defense, and medical as well as culture, art, and tourism. As a result, the importance of realistic content has been further highlighted. The Korean government is also promoting various policies to lead the realistic content industry.
The immersive content industry, which is rapidly developing due to these environmental and policy factors, is also becoming a reality as various security threats such as information leakage and user privacy invasion through security vulnerabilities of each component of the platform, network, and device.
In addition, the metaverse-related industry that provides new experiences through the new virtual world is also active, and many problems are observed that new threats occurring in the virtual world lead to the real world, so caution is required. In order to support the development of the safe sensory content industry, a ‘realistic content security model’ was developed and distributed. Using this, it is necessary to improve the applicability of security by supporting vulnerability checks and consulting at industrial sites and to enhance the reality of the security model.
□ Realistic content security model
The government supports the development of security guidelines, the establishment of a secure living lab, the development of standard security models, institutionalization, and diffusion to strengthen security for the convergence industry. The immersive content security sector, which was selected as one of the five convergence industries and continuously developed, was provided in various ways, from immersive content security living labs to security models and consulting support, depending on the stage.
In order to support the development of a safe sensory content industry, the sensory content industry was classified and its components and structure analyzed to develop a ‘realistic content security model’ that presented security requirements to respond to possible security threats.
□ Realistic content security model PART1: VR/AR service
VR/AR service’ identified and presented security threats to the overall service environment from production to transmission and use of immersive content and countermeasure technologies. In order to prevent the identified security threats in advance and respond continuously, security requirements were defined and security measures were proposed.
A total of 184 security requirements were classified into 7 categories (administrative security, information system, content application, content API, MEC cloud management console, device used, source code) to be applied in the realistic content service environment. Defined.
Administrative security requirements should be applied overall in the immersive content production and transmission environment, and information system, content application, content API, MEC cloud management console, device used, and source code security requirements are selectively applied according to the system configuration for each service environment. Security requirements applicable to
□ Realistic content (VR, AR) service components and protection targets
▶ Content creation system
Content creation server
Configuration management server
Test server
NAS server
Content DBMS
Content creation tools (Unity, Unreal, MultiGen, etc.)
Network Equipment
Information protection system
PC for content creation, etc.
▶ Content
Source code
Video content
▶ Transmission system (MEC platform, content system)
5G MEC cloud management console
Cloud instance (server)
Cloud container
Cloud storage
Cloud DBMS
Content transmission server
Content application server
Content API
Content DBMS
Content creation tools (Unity, Unreal, MultiGen, etc.)
Network Equipment
Information protection system
Operator PC
▶ Content platform (OTT)
Content transmission server
Content application server
Content API
Cloud management console
Content DBMS
Network Equipment
Information protection system
Operator PC
Content provision application, etc.
▶ Device used
HMDs
AR Glass
Smartphone
Content player such as hologram device
□ Realistic content (VR, AR) security architecture
For a safe immersive content service environment, security threats that can occur in immersive content services were identified and protection targets identified. It is a security architecture to respond to security threats in the overall service environment of immersive content production, transmission, and use.
Source : Ministry of Science and ICT, Korea Internet & Security Agency
