key: cord-0551708-juhq6qsb
authors: Wang, Yuntao; Su, Zhou; Zhang, Ning; Liu, Dongxiao; Xing, Rui; Luan, Tom H.; Shen, Xuemin
title: A Survey on Metaverse: Fundamentals, Security, and Privacy
date: 2022-03-05
journal: nan
DOI: nan
sha: 3332c131b27e72aa0fe834f74a68cafb729f4715
doc_id: 551708
cord_uid: juhq6qsb

Metaverse, as an evolving paradigm of the next-generation Internet, aims to build a fully immersive, hyper spatiotemporal, and self-sustaining virtual shared space for humans to play, work, and socialize. Driven by recent advances in emerging technologies such as extended reality, artificial intelligence, and blockchain, metaverse is stepping from the science fiction to an upcoming reality. However, severe privacy invasions and security breaches (inherited from underlying technologies or emerged in the new digital ecology) of metaverse can impede its wide deployment. At the same time, a series of fundamental challenges (e.g., scalability and interoperability) can arise in metaverse security provisioning owing to the intrinsic characteristics of metaverse, such as immersive realism, hyper spatiotemporality, sustainability, and heterogeneity. In this paper, we present a comprehensive survey of the fundamentals, security, and privacy of metaverse. Specifically, we first investigate a novel distributed metaverse architecture and its key characteristics with ternary-world interactions. Then, we discuss the security and privacy threats, present the critical challenges of metaverse systems, and review the state-of-the-art countermeasures. Finally, we draw open research directions for building future metaverse systems.

The metaverse, literally a combination of the prefix "meta" (meaning transcendence) and the suffix "verse" (shorthand for universe), is a computer-generated world with a consistent value system and an independent economic system linked to the physical world. The term metaverse was created by Neil Stephenson in his science fiction novel named Snow Crash in 1992. In this novel, humans in the physical world enter and live in the metaverse (a parallel virtual world) through digital avatars (in analogy to user's physical self) via virtual reality (VR) equipment. Since its first appearance, the concept of metaverse is still evolving with various descriptions, such as a second life [1] , 3D virtual worlds [2] , and life-logging [3] . Commonly, the metaverse is regarded as a fully immersive, hyper spatiotemporal, and self-sustaining virtual shared space blending the ternary physical, human, and digital worlds [4] . Metaverse is recognized as an evolving paradigm of the next-generation Internet after the web and the mobile Internet revolutions [5] , where users can live as digital natives and experience an alternative life in virtuality.

The metaverse integrates a variety of emerging technologies [6] - [8] . In particular, digital twin produces a mirror image of the real world, VR and augmented reality (AR) provide immersive 3D experience, 5G and beyond offers ultra-high reliable and ultralow latency connections for massive metaverse devices, wearable sensors and brain-computer interface (BCI) enable user/avatar interaction in the metaverse, artificial intelligence (AI) enables the large-scale metaverse creation and rendering, and blockchain and non-fungible token (NFT) play an important role in determining authentic rights for metaverse assets [9] . Currently, with the popularity of smart devices and the maturity of enabling technologies, the metaverse is stepping out of its infancy into an upcoming reality in the near future. Furthermore, significant innovations and advances in the above emerging technologies are giving birth to a new information ecology and new demands for applications, as well as the metaverse for becoming a platform of the new ecology and applications [8] . Driven by realistic demands and the prospect of feasibility of metaverse construction, metaverse recently has attracted increasing attention from around the world and many tech giants such as Facebook, Microsoft, Tencent, and NVIDIA have announced their ventures into Metaverse. Particularly, Facebook rebranded itself as "Meta" to dedicate itself to building the future metaverse [10] .

Generally, the development of metaverse consists of three successive phases from a macro perspective [6] : (i) digital twins, (ii) digital natives, and eventually (iii) surreality, as depicted in Fig. 1 . The first phase produces a mirror world consisting of large-scale and high-fidelity digital twins of humans and things in virtual environments, aimed for a vivid digital representation of the physical reality. In this phase, virtual activities and properties such as user emotion and movement are imitations of their physical counterparts, where reality and virtuality are two parallel spaces. The second phase mainly focuses on the native content creation, where digital natives represented by avatars can produce innovations and insights inside the digital worlds and such digital creations may only exist in the virtual spaces. In this phase, the massively created contents in the digital world become equal with their physical counterparts, and the digital world has the ability arXiv:2203.02662v2 [cs.CR] 8 Apr 2022 to transform and innovate the production process of the physical world, thereby creating more intersections between these two worlds. The metaverse grows to its maturity in the last phase and turns into a persistent and self-sustaining surreality world which assimilates the reality into itself. The seamless integration and mutual symbiosis of physical and virtual worlds will be realized in this phase, where the scope of virtual world will be larger than that of real world and more scenes and lives that do not exist in reality can exist in virtual realms.

In spite of the promising sign of metaverse, security and privacy issues are the prime concerns that hinder its further development. A wide range of security breaches and privacy invasions may arise in the metaverse from the management of massive data streams, pervasive user profiling activities, unfair outcomes of AI algorithms, to the safety of physical infrastructures and human bodies. Firstly, since metaverse integrates a variety of latest technologies and systems built on them as its basis, their vulnerabilities and intrinsic flaws may also be inherited by the metaverse. There have been incidents of emerging technologies, such as hijacking of wearable devices or cloud storage, theft of virtual currencies, and the misconduct of AI to produce fake news. Secondly, driven by the interweaving of various technologies, the effects of existing threats can be amplified and become more severe in virtual worlds, while new threats nonexistent in physical and cyber spaces can breed such as virtual stalking and virtual spying [11] . Particularly, the personal data involved in the metaverse can be more granular and unprecedentedly ubiquitous to build a digital copy of the real world, which opens new horizons for crimes on private big data [12] . For example, to build a virtual scene using AI algorithms, users will inevitably wear wearable AR/VR devices with built-in sensors to comprehensively collect brain wave patterns, facial expressions, eye movements, hand movements, speech and biometric features, as well as the surrounding environment. Besides, as users need to be uniquely identified in the metaverse, it means that headsets, VR glasses, or other devices can be used for tracking users' real locations illegally [13] . Lastly, hackers can exploit system vulnerabilities and compromise devices as entry points to invade real-world equipments such as household appliances to threaten personal safety, and even threaten critical infrastructures such as power grid systems, high-speed rail systems, and water supply systems via advanced persistent threat (APT) attacks [14] .

Nevertheless, existing security countermeasures can still be ineffective and lack adaptability for metaverse applications. Particularly, the intrinsic characteristics of metaverse including immersiveness, hyper spatiotemporality, sustainability, interoperability, scalability, and heterogeneity may bring about a series of challenges for efficient security provision. 1) The real-time fully immersive experience in the metaverse brings not only sensual pleasures of the flawless virtual environment, but also challenges in the secure fusion of massive multimodal user-sensitive big data for interactions between users and avatars/environments. 2) The integration of the ternary world contributes to the hyper spatiotemporality in the metaverse [15] , which greatly increases the complexity and difficulty of trust management. Due to the deepening blurring of the boundary between the real and the virtual, the metaverse will make the fact and fiction more confusing such as Deepfake events, especially for regulations and digital forensics. 3) To get rid of the single point of failure (SPoF) and the control by a few powerful entities, the metaverse should be built on a decentralized architecture to be self-sustaining and persistent [16] , which raises severe challenges in reaching unambiguous consensus among massive entities in the time-varying metaverse. 4) The interoperability and scalability in the metaverse indicate users can freely shuttle across various sub-metaverses concurrently under different scenes and interaction modes [17] , which also poses challenges to ensure fast service authorization, compliance auditing, and accountability enforcement in seamless service mitigation and multi-source data fusion. 5) The virtual worlds in the large-scale metaverse can be highly heterogeneous in terms of hardware implementation, communication interfaces, and softwares, which poses huge interoperability difficulties.

The topic of metaverse has attracted various research attention. Until now, there have been several survey papers from different aspects of the metaverse. For example, Dionisio et al. [2] specify four characteristics of viable 3D virtual worlds (or metaverse) including ubiquity, realism, scalability, and interoperability, and discuss ongoing improvements of the underlying virtual world technology. Lee et al. [6] review and examine eight fundamental technologies to build up the metaverse as well as its opportunities from six user-centric factors. Huynh-The et al. [18] study the role of AI approaches in the foundation and development of the metaverse. Yang et al. [7] investigate the potential of AI and blockchain technologies for future metaverse construction. Ning et al. [4] present a survey of the development status of metaverse in terms of national policies, industrial projects, infrastructures, supporting technologies, VR, and social metaverse. Park et al. [19] discuss three components (i.e., hardware, software, and content) of metaverse and review the user interaction, implementation, and representative applications in the metaverse. Xu et al. [20] present an in-depth survey on the edge-enabled metaverse from communication, networking, computation, and blockchain perspectives. Leenes [11] investigate potential privacy risks in the online game Second Life from both social and legal perspectives. Different from the above existing surveys on the general metaverse [2] , [4] , [6] , [11] , [19] , AI-empowered metaverse [7] , [18] , edge-enabled metaverse [20] , or the potential in service provisioning in social VR/AR games [12] , retailing [21] , education [22] , social goods [8] , and computational arts [23] , we focus on the perspective of metaverse security and privacy such as potential security/privacy threats, critical security/privacy challenges, and state-of-the-art defenses, etc.

In this paper, we present a comprehensive survey on the fundamentals of metaverse, as well as the key challenges and solutions to build the secure and privacy-preserving metaverse. By discussing existing/potential solutions for the challenges related to metaverse characteristics, our survey offers critical insights and useful guidelines for readers to better understand how these security/privacy threats could arise and be prevented in the metaverse. The contributions of this survey are four-fold. Refs. Contribution 2008 [11] Discussions on privacy risks in the game Second Life from both social and legal perspectives. 2009 [21] Survey on metaverse applications in terms of retailing.

2013 [2] Discussions on key features of metaverse and ongoing improvements of the underlying virtual world technology.

2018 [12] Survey on privacy issues and countermeasures related to digital footprints in social metaverse games. 2020 [22] Survey on metaverse applications in terms of education. 2021 [8] Survey on metaverse applications in terms of social goods. 2021 [6] Review on eight fundamental technologies to build up the metaverse and its opportunities from six user-centric factors.

2021 [4] Overview of metaverse development in terms of national policies, industrial projects, infrastructures, supporting technologies, VR, and social metaverse. 2021 [23] Survey on metaverse applications in terms of digital arts. 2022 [7] Discuss the potential of AI and blockchain technologies in future metaverse construction.

2022 [18] Discuss the role of AI from six technical aspects in the development of the metaverse.

2022 [19] Discuss the hardware, software, and content components of metaverse and review user interaction, implementation, and representative applications in the metaverse.

2022 [20] An in-depth survey on the edge-enabled metaverse in terms of communication, networking, and computation.

Comprehensive survey of the fundamentals, security, and privacy of metaverse, discussions on the general architecture, characteristics, and security/privacy threats of the metaverse, discussions on critical challenges, state-of-the-art solutions, and future research directions in building secure metaverse.

• We discuss the fundamentals of metaverse including the general architecture, key characteristics, and enabling technologies, as well as existing modern prototypes of metaverse applications. • We investigate the security and privacy threats in the metaverse from seven aspects (i.e., identity, data, privacy, network, economy, governance, and physical/social effects) and discuss the critical challenges to address them. • We survey the state-of-the-art security and privacy countermeasures in both academic and industry and discuss their feasibility toward building the secure and privacy-preserving metaverse paradigm. • We outline open future research directions in building the secure, privacy-preserving, and efficient metaverse realm. Table I summarizes the contribution of our work in comparison to previous relevant surveys in the metaverse.

The remainder of this paper is organized as follows. Section II presents the standards, architecture, characteristics, supporting technologies, and current prototypes of the metaverse. Section III presents the taxonomy of security and privacy threats in the metaverse and Section IV discusses the critical challenges and existing/potential solutions to resolve them. Then, we discuss open research issues in Section V. Finally, we draw the conclusions in Section VI. The key acronyms are listed in Table II. II. AN OVERVIEW OF METAVERSE In this section, we introduce the metaverse from the following aspects: existing standards, the general architecture, key characteristics, enabling technologies, potential applications, and existing prototypes. [24] . R → V adaptation means the conversion of sensory data from the real world (RW) to virtual world (VW) object characteristics. V → R adaptation means the conversion of sensory effects from VW into actuator commands to RW. V → V adaptation means the conversion of native representations of information in a VW to the standard format. [25] . IEEE 2888.1, IEEE 2888.2, and IEEE 2888.3 specify the standards on sensor interface, actuator interface, and orchestration of digital synchronization, respectively.

In this subsection, we briefly introduce two existing metaverserelated standards, i.e., ISO/IEC 23005 (MPEG-V) [24] and IEEE 2888 [25] .

1) As the first standardized framework for networked virtual environments (NVEs) in the metaverse, ISO/IEC 23005 (MPEG-V) aims to standardize the interfaces between the real world and the virtual world, as well as between virtual worlds, to realize seamless information exchange, simultaneous reactions, and interoperability between them [24] . Its first version was published in 2011, and the latest 4th edition was released in 2020. ISO/IEC 23005 standards are applicable for a variety of metaverse-related business services, where the association of audiovisual information, rendered sensory effects, and characteristics of virtual objects (e.g., avatars and virtual items) can benefit the interactions between virtual and real worlds. Fig. 2 illustrates the general architecture of ISO/IEC 23005 standards, which contains three scenarios of media exchanges.

• The first scenario involves information exchange from the real world to a virtual world (i.e., R → V adaptation), which uses sensory data captured from the real world as inputs and generates virtual world object characteristics (VWOCs) by considering sensor capacity and users' sensing preferences. • The second scenario is the media exchange from a virtual world to the real world (i.e., V → R adaptation), which employs sensory effects and VWOCs as inputs and produces commands to actuators in the real world by considering the effect of actuator capacity and users' actuation preferences. • Lastly, data adaptation between virtual worlds is performed by converting proprietary VWOCs to normatively specified VWOCs via the V → V adaptation engine. 2) ISO/IEC 23005 standards mainly focus on the sensory effects and lack capability in offering general-purpose interfaces between virtual and real worlds. As a supplement to ISO/IEC 23005 standards, IEEE 2888 project launched in 2019 aims to define standardized interfaces for synchronization of cyber and physical worlds [25] . By specifying information formats and application program interfaces (APIs) to control actuators and obtain sensory information, IEEE 2888 standards offer foundations for building metaverse systems, where both virtual and real worlds can affect each other. It includes four parts [17] : (i) specification of sensor interface (IEEE 2888.1); (ii) standard for actuator interface (IEEE 2888.2); (iii) standard on orchestration of digital synchronization (IEEE 2888.3); and (iv) standard on architecture for VR disaster response training system (IEEE 2888.4).

The first three standards offer common technologies to synchronize virtual and real worlds in real implementations, while the last one offers guideline architectures in using three former parts for a specific application. Fig. 3 illustrates the general architecture of IEEE 2888 standards. In Fig. 3 , the sensory information and actuator-related information are exchanged between virtual and real worlds via IEEE 2888.1 and IEEE 2888.2 standards, respectively. Besides, the definition, synchronization, and mission control data are defined by the IEEE 2888.3 standard for digital things (i.e., virtual objects).

Metaverse is a self-sustaining, hyper spatiotemporal, and 3D immersive virtual shared space, created by the convergence of physically persistent virtual space and virtually enhanced physical reality. In other words, the metaverse is a synthesized world which is composed of user-controlled avatars, digital things, virtual environments, and other computer-generated elements, where humans (represented by avatars) can use their virtual identity through any smart device to communicate, collaborate, and socialize with each other. The construction of metaverse blends the ternary physical, human, and digital worlds. Fig. 4 shows the general architecture of the metaverse with consideration of its intrinsic ternicity. In the following, we elaborate on the relationships between the three worlds, the components in the metaverse, and the information flow of the metaverse in detail.

1) Human Society: The metaverse is regarded as humancentric [26] . Human users along with their inner psychologies and social interactions constitute the human world. Equipped with smart wearable devices (e.g., VR/AR helmets), humans can interact and control their digital avatars to play, work, socialize, and interact with other avatars or virtual entities in the metaverse via human-computer interaction (HCI) and extended reality (XR) technologies [27] (as depicted in the film Ready Player One).

2) Physical Infrastructures: The physical world offers supporting infrastructures (including sensing/control, communication, computation, and storage infrastructures) to the metaverse to support multi-sensory data perception, transmission, processing, and caching, as well as physical control, thereby enabling efficient interactions with both the digital and human worlds. Specifically, pervasive smart objects, sensors, and actuators constitute the sensing/control infrastructure to enable all-around and multimodal data perception from the environment and human bodies and high-accuracy device control. Networking connectivity is provided via the communication infrastructure consisting of various heterogeneous wireless or wired networks (e.g., cellular communications, unmanned aerial vehicle (UAV) communications, and satellite communications). Besides, powerful computation and storage capacities are provisioned via the computation and storage infrastructure assisted by cloud-edge-end computing [28] . For instance, a virtual world runs at a minimum rate of 30 frames per second [29] , posing huge computational demands and latency constraints (e.g., within 1/30th of a second at most) in rendering high-quality graphics for each avatar.

3) Interconnected Virtual Worlds: According to ISO/IEC 23005 and IEEE 2888 standards [24] , [25] , the digital world can be composed of a series of interconnected distributed virtual worlds (i.e., sub-metaverses), and each sub-metaverse can offer certain kinds of virtual goods/services (e.g., gaming, social dating, online museum, and online concert) and virtual environments (e.g., game scenes and virtual cities) to users represented as digital avatars.

• Digital avatars. Avatars refer to the digital representation of human users in the metaverse. A user can create various avatars in different metaverse applications, and the produced avatars can be like a human shape, animals, imaginary creatures, etc. • Virtual environments. Virtual environments refer to the simulated real or imaginary environments (consisting of 3D digital things and their attributes) in the metaverse. Besides, the virtual environments in the metaverse can have distinct spatiotemporal dimensions (e.g., in ancient times or future worlds) for users to experience an alternate life. • Virtual goods/services. Virtual goods refer to the tradeable commodities (e.g., skins, digital arts, and land parcels) produced by virtual service providers (VSPs) or the users in the metaverse. Virtual services in the metaverse have a broad of scopes including digital market, digital currency, digital regulation, social service, etc.

There are two main sources of information in the metaverse: one is the input of the real world (i.e., the captured information and obtained knowledge from the real space digitally displayed in the virtual space), and the other is the output of virtual worlds (i.e., the information generated by avatars, digital objects, and metaverse services in the virtual space).

4) Metaverse Engine: The metaverse engine [20] uses the big data from the real world as inputs to generate, maintain, and update the virtual world via the interactivity, AI, digital twin, and blockchain technologies. Particularly, with the assistance of XR and HCI (especially brain-computer interaction (BCI)) techniques, users situated in physical environments are able to immersively control their digital avatars in the metaverse via their senses and bodies for diverse collective and social activities such as car racing, dating, and virtual item trading. The virtual economy as a spontaneous derivative of such digital creation activities of avatars can be built in the metaverse. AI algorithms perform personalized avatar/content creation, largescale metaverse rending, and intelligent service offering to enrich the metaverse ecology. Besides, the knowledge derived via AIbased big data analytics can be beneficial to perform simulating, digitalizing, and mirroring the real world via digital twin technology to produce vivid virtual environments for users to experience. Finally, the created digital twins, as well as created naive contents by avatars, can be transparently managed, uniquely tokenized, and monetized by the blockchain technology to enable trustfree trading and service offering, towards building the economic system and value system in the metaverse. More details of these enabling technologies are elaborated at Sect. II-D.

In summary, information is the core resource of the metaverse and the free data flow in the ternary world makes the digital ecology, which eventually promotes the integration of virtual and actual worlds. Next, we discuss the information flow in a single world and across different worlds, respectively. 5) In-World Information Flow: The human society or human world is interconnected by the social network and formed based on common activities and mutual interactions among human beings.

In the physical world, the IoT-enabled sensing/control infrastructure plays an important role in digitalizing /transforming the physical world via pervasive sensors and actuators, and the generated IoT big data is transmitted and processed via network and computation infrastructures.

In the digital world, the produced digital information of the physical and human worlds are processed and managed via the metaverse engine to support large-scale metaverse creation/rendering and various metaverse services. Besides, users, represented as avatars, can produce and distribute digital creations across various sub-metaverses to promote the creativity of metaverse.

6) Information Flow Across Worlds: As depicted in Fig. 4 , the subjective consciousness, the Internet, and the IoT are the main media among the three worlds.

Humans observe objective information from the physical world, transform it into knowledge and intelligence through subjective consciousness, and then use them as guidance to change the objective world. Besides, humans can interact with physical objects via HCI technology and experience virtually augmented reality (e.g., holographic telepresence) via XR technology.

The human world and the digital world are connected through the Internet, i.e., the largest computer network in the world. Users can interact with the digital world via smart devices such as smartphones, wearable sensors, and VR helmets, for the creation, sharing, and acquisition of knowledge.

The IoT infrastructure bridges the physical world and the digital world by using inter-connected smart devices for digitalization, and thereby information can flow freely between the two worlds [30] . Besides, the feedback information from the digital world (e.g., processed results of big data and intelligent decisions) can guide the transformation (e.g., manufacturing process) of the physical world.

In web 1.0, Internet users are just content consumers, where contents are provided by the websites. In web 2.0 (i.e., mobile Internet), users are both content producers and consumers, and the websites turn into platforms for service offering. Typical such platforms include Wikipedia, WeChat, and TikTok. Metaverse is recognized as the evolving paradigm of web 3.0. In metaverse, as shown in Fig. 5 , users represented as digital avatars can seamlessly shuttle across various virtual worlds (i.e., sub-metaverses) to experience a digital life, as well as make digital creations and economic interactions, supported by physical infrastructures and the metaverse engine. Specifically, metaverse exhibits unique features from the following perspectives.

1) Immersiveness: The immersiveness means that the computer-generated virtual space is sufficiently realistic to allow users to feel psychologically and emotionally immersed [31] . It can be also called immersive realism [2] . According to the perspective of realism, human beings interact with the environment through their senses and their bodies. The immersive realism can be approached through the structure of sensory perception (e.g., sight, sound, touch, temperature, and balance) and expression (e.g., gestures).

2) Hyper Spatiotemporality: The real world is restricted by the finiteness of space and the irreversibility of time. As metaverse is a virtual space-time continuum parallel to the real one, the hyper spatiotemporality refers to the break of limitations of time and space [4] . As such, users can freely shuttle across various worlds with different spatiotemporal dimensions to experience an alternate life with seamless scene transformation.

3) Sustainability: The sustainability indicates that the metaverse maintains a closed economic loop and a consistent value system with a high level of independence. On the one hand, it should be open, i.e., continuously arousing users' enthusiasm in digital content creation as well as open innovations. On the other hand, to remain persistent, it should be built on a decentralized architecture to get rid of SPoF risks and prevent from being controlled by a few powerful entities. 

The interoperability in the metaverse represents that (i) users can seamlessly move across virtual worlds (i.e., sub-metaverses) without interruption of the immersive experience [6] ; and (ii) digital assets for rendering or reconstruction of virtual worlds are interchangeable across distinct platforms [2] . 5) Scalability: The scalability refers to the capacity of metaverse to remain efficient with the number of concurrent users/avatars, the level of scene complexity, and the mode of user/avatar interactions (in terms of type, scope, and range) [2] . 6) Heterogeneity: The heterogeneity of metaverse includes heterogeneous virtual spaces (e.g., with distinct implementations), heterogeneous physical devices (e.g., with distinct interfaces), heterogeneous data types (e.g., unstructured and structured), heterogeneous communication modes (e.g., cellular and satellite communications), as well as the diversity of human psychology. It also entails the poor interoperability of metaverse systems.

As shown in Fig. 6 , there are the following six enabling technologies underlying the metaverse.

1) Interactivity: With the maturity of miniaturized sensors, embedded technology, and XR technology, XR devices such as helmet-mounted displays (HMDs) are expected to be the main terminal for entering the metaverse [32] . The XR deeply incorporates virtual reality/augmented reality/mixed reality (VR/AR/MR) technologies to offer multi-sensory immersiveness, augmented experience, and real-time user/avatar/environment interaction via front-projected holographic display, HCI (especially BCI), and large-scale 3D modeling [33] . Particularly, VR provides immersive experiences in a virtual world, AR delivers true presence experiences of virtual holograms, graphics, and videos in the real world, and MR offers a transition experience between VR and AR. The wearable XR devices perform fine-grained humanspecific information perception, as well as ubiquitous sensing for objects and surroundings, with the assistance of indoor smart devices (e.g., cameras). In this manner, the user/avatar interactivity will no longer be limited to mobile inputs (e.g., hand-held phones and laptops), but all kinds of interactive devices connected to the metaverse. Besides, negative experiences such as dizziness in wearing XR helmets can be resolved by low-latency edge computing systems and AI-empowered real-time rendering.

2) Digital Twin: Digital twin represents the digital clone of objects and systems in the real world with high fidelity and consciousness [34] . It enables the mirroring of physical entities, as well as prediction and optimization of their virtual bodies, by analyzing real-time streams of sensory data, physical models, and historical information. In digital twin, data fed back from physical entities can be used for self-learning and self-adaption in the mirrored space. Moreover, digital twins can provide precise digital models of the expected objects with intended attributes in the metaverse with high accuracy through the simulation of complex physical processes and the assistance of AI technologies, which is beneficial for large-scale metaverse creation and rendering. Besides, digital twin enables predictive maintenance and accident traceability for physical safety, due to the bidirectional connection between physical entities and their virtual counterparts, thereby improving efficiency and reducing risks in the physical world.

3) Networking: In the metaverse, networking technologies such as 6G, software-defined network (SDN), and IoT empower the ubiquitous network access and real-time massive data transmission between real and virtual worlds, as well as between sub-metaverses. Beyond 5G (B5G) and 6G offer possibilities for ubiquitous, real-time, and ultra-reliable communications for massive metaverse devices with enhanced mobility support [35] . In 6G, space-air-ground integrated network (SAGIN) [36] is a promising trend for seamless and ubiquitous network access to metaverse services. SDN enables the flexible and scalable management of large-scale metaverse networks via the separation of the control plane and data plane. In SDN-based metaverse, the physical devices and resources are managed by a logically centralized controller using a standardized interface such as OpenFlow, thereby virtualized computation, storage, and bandwidth resources can be dynamically allocated according to realtime demands of various sub-metaverses [37] . Besides, IoT is a network of numerous physical objects that are embedded with sensors, softwares, communication components, and other technologies with the aim to connect, exchange, and process data between things, systems, clouds, and users over the Internet [38] . In the metaverse, IoT sensors are extensions of human senses. 4) Ubiquitous Computing: Ubiquitous computing, or ubicomp aims to create an environment where computing appears anytime and everywhere for users [39] . Through pervasive (often mobile) smart objects embedded in the environment or carried on the human body, ubiquitous computing enables smooth adaptation to the interactions between human users and the physical space. With ubicomp, instead of using specific equipment (e.g., laptop), human users can freely interact with their avatars and experience real-time immersive metaverse services via ubiquitous smart objects and network access in the environment. For improved users' quality-of-experience (QoE) in ubicomp, as shown in Fig. 7 , the cloud-edge-end computing [28] orchestrates the highly scalable cloud infrastructures (with powerful computation and storage capacity) and heterogeneous edge computing infrastructures (closer to end users/devices) via complex inner/inter-layer cooperation paradigms. As such, it allows flexible and on-demand resource allocation to satisfy various requirements of end users/devices in different metaverse applications. 5) AI: AI technology acts as the "brain" of metaverse which empowers personalized metaverse services (e.g., vivid and customized avatar creation), massive metaverse scene creation and rendering, multilingual support in the metaverse by learning from massive multimodal input via big data inference [18] . Moreover, AI enables smart interactions (e.g., smart shopping guide and user movement prediction) between user and avatar/NPC (non-player character) via intelligent decision-making. For example, by continuously learning users' facial expressions, emotions, hairstyles, and so on, AI algorithms can create vivid and personalized avatars and intelligently recommend interested goods or information to users in the metaverse. Typically, there exist four types of AI models: supervised, unsupervised, semi-supervised, and reinforcement learning (RL) [40] . In supervised learning, labeled training samples are required, while unlabeled data applies to unsupervised learning. Semi-supervised learning falls in between these two. RL mainly focuses on smart decision-making under uncertain environments. More details of AI in the metaverse can refer to the survey [18] . 6) Blockchain: To be persistent, the metaverse should be constructed on a decentralized architecture to avoid centralization risks such as SPoF, low transparency, and control by a few entities [16] . Besides, the virtual economy and value system provided by the blockchain are essential components of the metaverse. As shown in Fig. 8 , blockchain technologies offer an open and decentralized solution for building the sustainable virtual economy, as well as constructing the value system in the metaverse. Blockchain is a distributed ledger, in which data is structured into hash-chained blocks and featured with decentralization, immutability, transparency, and auditability [36] . The blockchain can be classified into three categories, i.e., public, consortium, and private, based on the decentralization degree [36] . The consensus protocols are the key component of blockchain, which determines the ledger consistency and system scalability. Besides, smart contracts can be deployed atop the blockchain to allow automatic function execution among distrustful parties in a prescribed fashion. NFT represents irreplaceable and indivisible tokens [41] , which can help asset identification and ownership provenance in the blockchain. De-Fi stands for decentralized finance, which aims to deliver secure, transparent, and complex financial services (e.g., stock/currency exchange) in the metaverse.

In this subsection, we introduce existing representative prototypes in the following metaverse applications.

1) Game: Game is the current hottest metaverse application. Considering the technological maturity, user matching, and content adaptability, games are an excellent way to explore the metaverse. We list some representative examples of metaverse games. The sandbox game Second Life 1 offers a modifiable 3D virtual world where players can join in as avatars and create their virtual architectures and sell them, as well as participate in social activities such as art shows and even political gatherings and visiting embassy. Roblox 2 is a global user-created game platform, in which players can create games and design items such as skins and clothes. It proposes eight key features of the metaverse: identity, friends, immersion, anywhere, diversity, low latency, economy, and civilization [42] . Fortnite 3 is a massive multi-player online (MMO) shooter game designed by Epic Games, where players can build buildings and bunkers as well as construct islands, while the in-game items such as skins can only be designed by the platform.

2) Social Experience: Metaverse can revolutionize our society and enable a series of immersive social applications such as virtual lives, virtual shopping, virtual dating, virtual chatting, global travel, and even space/time travel. For example, Lil Nas X held a virtual concert on Roblox in 2020, with over 30 million fans participating. Players can unlock special Lil Nas X goods in the digital store, e.g., commemorative items and emotions. Due to the COVID-19 situation, UC Berkeley celebrated graduation festivities virtually in Minecraft in 2020 by digitally copying the campus scenery. Besides, Tencent developed a Digital Palace Museum 4 in 2018 which allows tourists to freely visit the palace museum and its exhibitions with a panoramic and immersive view by wearing VR helmets in their homes. 3) Online Collaboration: Metaverse also opens new possibilities for immersive virtual collaboration in terms of telecommuting in virtual workplaces, study and learning in virtual classrooms, and panel discussion and meeting in virtual conference rooms. For example, Horizon Workroom 5 is an office collaboration software (run in Oculus Quest 2 helmet) released by Meta (parent company of Facebook), which allows people in any physical location to work and meet together in the same virtual room. Microsoft Mesh 6 is an MR platform supported by Azure, which enables users working from multiple sites to cooperate virtually via holographic presence and shared experience from anywhere in a digital copy of their office.

Another promising application is 3D simulation, modeling, and architectural design on metaverse. For example, NVIDIA has built its open platform named Omniverse 7 to support multi-user real-time 3D simulation and visualization of physical objects and attributes in a shared virtual space for industrial applications, e.g., automotive design. Besides, Omniverse can be compatible with Disney Pixart's open-source platform Universal Scene Description (USD).

The metaverse mainly includes four modes of content creation: professional-generated content (PGC), professional-and user-generated content (PUGC), user-generated content (UGC), and AI-generated content (AIGC), as illustrated in Table III . In PGC mode, contents (e.g., games) are created by professional content producers on the platform, and ordinary users are just participants and content viewers/experiencers. In UGC mode, all users produce contents and trade them freely in the marketplace provided by the platform, which is featured with high freedom degree, low cost, high diversification, and decentralization [43] . Users are dominant in the content production process under the UGC mode. For example, creators of game scenes, skins, and items in Roblox can earn a certain percentage of Robux (i.e., virtual tokens exchangeable with real-world currency) paid by their experiencers, leading to a virtuous cycle. The PUGC mode is the combination of PGC and UGC modes, in which contents are jointly produced by professionals and ordinary users. In the metaverse, as the number of content consumers can be far greater than the number of content producers, the AIGC mode can help VSPs to create massive qualified and personalized contents with much-improved efficiency and much-reduced cost. In AIGC, there exist two types of content creation: (i) AI fully replaces users for content production; and (ii) AI assists users to produce contents. An example is that in the MetaHuman project [44] , Epic Games leverages AI algorithms to quickly create life-like virtual characters such as conversational virtual assistants.

There are existing decentralized virtual worlds with a builtin creator economy supported by the Ethereum blockchain such as Decentraland 8 and Cryptovoxels 9 . In Decentraland, users can trade the land parcel and equipments in the marketplace and build their own buildings as well as social games by calling the builder function, where the trading details are immutably recorded in Ethereum for auditablility. In Cryptovoxels, players can trade the lands and build virtual stores and art galleries in the virtual world "Origin City". Besides, users can display and trade their digital assets such as artwork inside buildings.

Table IV summarizes existing modern prototypes in different metaverse applications in terms of the six key characteristics of the metaverse.

In this section, we elaborate on the typical security threats in the metaverse by classifying them from the following seven dimensions: identity, data, privacy, network, economy, physical/social effects, and governance. Fig. 9 depicts the proposed taxonomy of security threats in the metaverse.

In the metaverse, identity management plays a vital role for massive users/avatars in metaverse service offering. The identities of users/avatars in the metaverse can be illegally stolen, impersonated, and interoperability issues can be encountered in authentication across virtual worlds.

1) Identity Theft. If the identity of a user is stolen in the metaverse, his/her avatars, digital assets, social relationships, and even the digital life can be leaked and lost, which can be more severe than that in traditional information systems. For example, hackers can steal users' personal information (e.g., full names, secret keys of digital assets, and banking details) in Roblox through hacked personal VR glasses, phishing email scams, and authentication loopholes to commit fraud and crimes (e.g., steal the victim's avatar and digital assets) in Roblox. For example, in 2022, the accounts of 17 users in the Opensea NFT marketplace 8 https://decentraland.org/ 9 https://www.cryptovoxels.com/ are hacked due to smart contract flaws and phishing attacks, causing a lost of $1.7 million [45] .

2) Impersonation Attack. An attacker can carry out the impersonation attack by pretending to be another authorized entity to gain access to a service or system in the metaverse [46] . For example, hackers can invade the Oculus helmet and exploit the stolen behavioral and biological data gathered by the inbuilt motion-tracking system to create digital replicas of the user and impersonate the victim to facilitate social engineering attacks. The hackers can also create a fake avatar using digital replicas of the victim to deceive, fraud, and even commit a crime against the victim's friends in the metaverse. Another example is that attackers can exploit Bluetooth impersonation threats [47] to impersonate trusted endpoints and illegally access metaverse services by inserting rogue wearable devices into the established Bluetooth pairing.

3) Avatar Authentication Issue. Compared with real-world identity authentication, the authentication of avatars (e.g., the verification of their friends' avatars) for users in the metaverse can be more challenging through verifying facial features, voice, video footage, and so on. Besides, adversaries can create multiple AI bots (i.e., digital humans), which appear, hear, and behave identical to user's real avatar, in the virtual world (e.g., Roblox) by imitating user's appearance, voice, and behaviors [12] . As a consequence, more additional personal information might be required as evidence to ensure secure avatar authentication, which may also open new privacy breach issues.

As the metaverse assimilates the reality into itself, the human, physical, and virtual worlds are seamlessly integrated into the metaverse, causing identity linkability concerns across the ternary worlds [48] . For example, a malicious player A in Roblox can track another player B by the name appeared above the corresponding avatar of player B and infer his/her position in the real world. Another example is that hackers may track the position of users via compromised VR headsets or glasses [13] .

For users/avatars in the metaverse, it is fundamental to ensure fast, efficient, and trusted cross-platform and cross-domain identity authentication, i.e., across various service domains and virtual worlds (built on distinct platforms such as blockchains) [2] . For example, the trustfree and interoperable asset exchange and avatar transfer between Roblox and Fortnite, as well as among distinct administrative domains for offering different services in Roblox. 

The data collected or generated by wearable devices and users/avatars may suffer from threats in terms of data tampering, false data injection, low-quality UGC, ownership/provenance tracing, and intellectual property violation in the metaverse.

1) Data Tampering Attack. Integrity features ensure effective checking and detection of any modification during data communication among the ternary worlds and various sub-metaverses. Adversaries may modify, forge, replace, and remove the raw data throughout the life-cycle of metaverse data services to interfere with the normal activities of users, avatars, or physical entities [49] . Besides, adversaries may remain undetected by falsifying corresponding log files or message-digest results to hide their criminal traces in the virtual space.

2) False Data Injection Attack. Attackers can inject falsified information such as false messages and wrong instructions to mislead metaverse systems [50] . For example, AI-aided content creation can help improve user immersiveness in the early stage of the metaverse, and adversaries can inject adversary training samples or poisoned gradients during centralized or distributed AI training, respectively, to generate biased AI models. The returned wrong feedbacks or instructions may also threaten the safety of physical equipment and even personal safety. For example, falsified feedbacks such as excessive voltage can cause damage and malfunction of wearable XR devices. Another example is that the tampered hundredfold magnifications of bodily pain in being shot in Fortnite (a metaverse game) may cause the death of human user.

3) Issues in Managing New Types of Metaverse Data. Compared with the current Internet, the metaverse requires new hardware and devices to gather various new types of data (e.g., eye movement, facial expression, and head movement), which is previously uncollected, to make fully immersive user experiences [29] . Besides, end-devices in the metaverse (e.g., VR glasses and haptic gloves) can be capable of capturing iris biometrics, fingerprints, or other user-sensitive biometric information. Consequently, it raises new challenges in collecting, managing, and storing these enormous user-sensitive metaverse data, as well as the cyber/physical security of metaverse devices.

For each virtual world (e.g., Horizon and Fortnite), the corporations (e.g., Meta and Epic Games) that create and manage it can monetize these private data to streamline and tailor their services or products towards users' expectations, thereby facilitating precision marketing for benefits. Other relevant issues to be addressed include who will be the subject of responsibility for collecting, handling, storing, securing, and destroying these data.

4) Threats to Data Quality of UGC and Physical Input. In metaverse, selfish users/avatars may contribute low-quality contents under the UGC mode to save their costs, thereby undermining user experience such as unreal experience in the synthesized environment [51] . For example, they may share unaligned and severe non-IID data during the collaborative training process of the content recommendation model in the metaverse , causing inaccurate content recommendation. Another example is that uncalibrated wearable sensors can generate inaccurate and even erroneous sensory data to mislead the creation of digital twins in the metaverse , causing poor user experience.

5) Threats to UGC Ownership and Provenance. Different from the asset registration procedure supervised by the government in the real world, the metaverse is an open and fully autonomous space and there exists no centralized authority. Due to the lack of authority, it is hard to trace the ownership and provenance of various UGCs produced by massive avatars under different virtual worlds in the metaverse, as well as turn UGCs into protected assets [52] . Besides, UGCs can be shared in real time within the virtual world or across various virtual worlds and unlimitedly replicated due to the digital attributes, making it harder for efficient provenance and ownership tracing.

6) Threats to Intellectual Property Protection. Different from the actual world, the definition of intellectual property in the metaverse should be adapted to enforce licensing boundaries and usage rights for the owners with the evolvement and expanding scale of the metaverse [48] . Moreover, severe challenges may arise in defining and protecting intellectual property (e.g., avatars, UGCs, and AIGCs) in the new metaverse ecology, as the geographic boundaries of countries are broken down in the metaverse. For example, there have already been disputes owing to the use of celebrity lookalikes in video games [53] . Given the commercial value created by avatars, such kinds of disputes may spike exponentially in the future metaverse.

When enjoying digital lives in the metaverse, user privacy including location privacy, habit, living styles, and so on may be offended during the life-cycle of data services including data perception, transmission, processing, governance, and storage.

1) Pervasive Data Collection. To immersively interact with an avatar, it requires pervasive user profiling activities at an unreasonably granular level [12] including facial expressions, eye/hand movements, speech and biometric features, and even brain wave patterns. Besides, via advanced XR and HCI technologies, it can facilitate the analysis of physical movements and user attributes and even enable user tracking [13] . For example, the motion sensors and four built-in cameras in the Oculus helmet help track the head direction and movement, draw our rooms, as well as monitor our positions and environment in real time with submillimeter accuracy , when we browse the Roblox and interact with other avatars. If this device is hacked by attackers, severe crimes can be committed on the basis of these large-volume of sensitive data.

Another example is the attractive virtual office (e.g., Horizon Workroom and Microsoft Mesh), which may arise significant security and privacy risks to employees. On one hand, employee conversations, the emails they send, the URLs they visit, their behaviors, and even the tones of their voices may be monitored by the managers. On the other hand, the immersive workplace may be prone to other security and privacy issues such as intrusions, snooping, and impostors.

2) Privacy Leakage in Data Transmission. In metaverse systems, abundant personally identifiable information collected from wearables (e.g., HMDs) are transferred via wired and wireless communications, the confidentiality of which should be prohibited from unauthorized individuals/services [54] . Although communications are encrypted and information is confidentially transmitted, adversaries may still access the raw data by eavesdropping on the specific channel and even track users' locations via differential attacks [55] and advanced inference attacks [56] .

3) Privacy Leakage in Data Processing. In metaverse services, the aggregation and processing of massive data collected from human bodies and their surrounding environments are essential for the creation and rendering of avatars and virtual environments, in which users' sensitive information may be leaked [57] . For example, the aggregation of private data (belonging to different users) to a central storage for training personalized avatar appearance models may offend user privacy and violate existing realworld regulations such as General Data Protection Regulation (GDPR) [58] . Besides, adversaries may infer users' privacy (e.g., preferences) by analyzing and linking the published processing results (e.g., synthetic avatars) in various virtual spaces such as Roblox and Fortnite.

4) Privacy Leakage in Cloud/Edge Storage. The storage of these private and sensitive information (e.g., user profiling) of massive users in cloud servers or edge devices may also raise privacy disclosure issues. For example, hackers may deduce users' privacy information by frequent queries via differential attacks [55] and even compromise the cloud/edge storage via distributed denial-of-service (DDoS) attacks [59] . In 2006, a customer database of the Second Life (a metaverse game) was hacked and the user data was breached including unencrypted usernames and addresses, as well as encrypted payment details and passwords [60] . 5) Rogue or Compromised End Devices. In the metaverse, more wearable sensors will be placed on human bodies and their surroundings to allow avatars to make natural eye contact, capture hand gesture, reflect facial expression, and so on in real time. A significant risk is that these wearable devices can have a completely authentic sense of who you are, how you talk, behave, feel, and express yourself. The use of rogue or compromised wearable end devices (e.g., VR glasses) in the metaverse is becoming an entryway for data breaches and malware invasions, and the problem may be more severe with the popularity of wearable devices for entering the metaverse [13] . Under the manipulation of rogue or compromised end devices, the avatars in the metaverse may turn into a source of data collection, thereby infringing user privacy. For example, as advanced wearable devices such as Oculus helmets and haptic gloves can track eye movements and hand gestures, hackers can recreate user actions and even sensitive passwords for personal accounts by following the eye and finger movements in tapping in codes on a virtual keypad.

6) Unauthorized Data Access. Complex metaverse services will generate new types of personal profiling data (e.g., biometric information, daily routine, and user habits). To deliver seamless personalized services (e.g., customized avatar appearance) in the metaverse, different VSPs in distinct sub-metaverses need to access real-time user/avatar profiling activities [61] . Malicious VSPs may carry out attacks for unauthorized data access to earn benefits. An example is that malicious VSPs may illegally elevate their rights in data access via attacks such as buffer overflow and tampering access control lists [62] . Besides, as such massive personal information is produced and transmitted in real time, it is complicated to decide exactly what personal information to be shared, with whom, under what condition, for what purpose, and when it is destroyed. 7) Misuse of User/Avatar Data. In the life-cycle of data services in the metaverse, user/avatar-related data can be disclosed intentionally by attackers or unintentionally by VSPs to facilitate user profiling and targeted advertising activities. Besides, due to the potential non-interoperability of certain sub-metaverses, it is hard to trace the data misuse activities in the large-scale metaverse.

8) Threats to Digital Footprints. As the behavior pattern, preferences, habits, and activities of avatars in the metaverse can reflect the real statuses of its physical counterpart, attackers can collect the digital footprints of avatars and exploit the similarity linked to real users to facilitate accurate user profiling and even illegal activities [4] . Besides, metaverse usually offers the third person view with a wider viewing angle of their avatar's surroundings than that in the real world [11] , which may infringe on other players' behavior privacy without awareness. For example, an avatar may conduct the virtual stalking/spying attack in Roblox by following your avatar and recording all your digital footprints, e.g., purchasing behaviors, to facilitate social engineering attacks. 9) Threats to Accountability. XR and HCI devices intrinsically gather more sensitive data such as locations , behavior patterns, and surroundings of users than traditional smart devices. For example, in Pokémon Go (a location-based AR game) [63] , players can discover, capture, and battle Pokémon using mobile devices with GPS. The accountability in the metaverse is important to ensure users' sensitive data are handled with privacy compliance. For metaverse service providers, the audit process of the compliance of privacy regulations (e.g., GDPR) for accountability can be clumpy and time-consuming under the centralized service offering architecture. Besides, it is hard for VSPs to ensure the transparency of regulation compliance during the life-cycle of data management [64] , especially in the new digital ecology of metaverse.

10) Threats to Customized Privacy. Similar to existing Internet service platforms, distinct users generally exhibit customized privacy preferences for different services or interaction objects [65] under distinct sub-metaverses. For example, a user in Roblox may be more sensitive to monetary trading activities than social activities. Besides, users/avatars may be more sensitive in interacting with strangers than acquaintances, friends, or relatives. However, challenges exist in developing customized privacy preservation policies for personal data management while considering avatars in the metaverse as individual information subjects [66] , as well as the characteristics of users and sub-metaverses.

In the metaverse, traditional threats (e.g., physical-layer security) to the communication networks can also be effective, as the metaverse evolves from the current Internet and incorporates existing wireless communication technologies. Here, we list some typical threats as below.

1) SPoF. In the construction of metaverse systems, the centralized architecture (e.g., cloud-based system) brings convenience for user/avatar management and cost saving in operations [67] . Nevertheless, it can be prone to the SPoF caused by the damage of physical root servers and DDoS attacks. Besides, it raises trust and transparency challenges in trust-free exchange of virtual goods, virtual currencies, and digital assets across various virtual worlds in the metaverse.

2) DDoS. As the metaverse includes massive tiny wearable devices, adversaries may compromise these metaverse end-devices and make them part of a botnet [59] (e.g., Mirai) to conduct DDoS attacks to make network outage and service unavailability by overwhelming the centralized server with giant traffic within short time periods. Besides, owing to the constrained communication pressure and storage space on the blockchain, part of NFT functions may be performed on off-chain systems in practical applications [68] , where adversaries may launch DDoS attacks to cause service unavailability of the NFT system.

3) Sybil Attacks. Sybil adversaries may manipulate multiple faked/stolen identities to gain disproportionately large influence [69] on metaverse services (e.g., reputation service , blockchain consensus, and voting-based service in digital governance) and even take over the metaverse network, thereby compromising system effectiveness. For example, adversaries may be able to out-vote genuine nodes by producing sufficient Sybil identities to refuse to deliver or receive some blocks, thereby effectively blocking other nodes from a blockchain network in the metaverse.

Various attacks may threaten the creator economy in the metaverse from the service trust, digital asset ownership, and economic fairness aspects.

1) Service Trust Issues in UGC & Virtual Object Trading. In the open metaverse marketplace, avatars may be distrustful entities without historical interactions. There exist inherent fraud risks [70] (e.g., repudiation and refusal-to-pay) during UGC and virtual object trading among different stakeholders in the metaverse. Besides, in the construction of virtual objects via digital twin technologies, the metaverse has to guarantee that the produced and deployed digital copies are authentic and trustworthy [71] . For example, malicious users/avatars may buy the UGCs or virtual objects in Roblox and illegally sell the digital duplicates of them to other users/avatars to earn profits. In addition, adversaries may exploit vulnerabilities in metaverse systems to commit fraud and undermine service trust. An example is that the Binance Smart Chain (BSC)-based metaverse project Paraluni lost over $1.7 million in 2022 due to the reentrancy flaw in smart contracts [72] .

2) Threats to Digital Asset Ownership. Due to the lack of central authority and the complex circulation and ownership forms (e.g., collective ownership and shared ownership [73] ) in the distributed metaverse system, it poses huge challenges for the generation, pricing, trusted trading, and ownership traceability in the life-cycle of digital assets in the creator economy. Empowered by blockchain technology, the indivisible, tamper-proof, and irreplaceable NFT offers a promising solution for asset identification and ownership provenance in the metaverse [41] . However, NFTs also face threats such as ransomware, scams, and phishing attacks. For example, adversaries may mint the same NFT on multiple blockchains at the same time. Besides, evil actors may cash out their shares after inflating the value of NFTs, or they may sell NFTs to gain benefits before minting anything, where these De-Fi scams cause $129 million lost in 2020 [74] .

3) Threats to Economic Fairness in Creator Economy. Welldesigned incentives [75] , [76] are benign impetuses to promote user participation and open creativity in resource sharing and digital asset trading in the creator economy. The following three adversaries which threaten economic fairness are considered.

• Strategic users/avatars may manipulate the digital market in the metaverse to make enormous profits by breaking the supply and demand status [75] . For example, in metaverse auctions, strategic avatars may overclaim its bid, instead of its true valuation, to manipulate the auction market and win the auction. • Free-riding users/avatars may unfairly gain revenues and enjoy metaverse services without contributing to the metaverse market [77] , thereby compromising the sustainability of creator economy. For example, a free-riding avatar may submit meaningless local updates in collectively training an intelligent 3D navigation model under distributed AI and unfairly enjoy the benefits from the trained metaverse model. • Collusive users/avatars in the metaverse may collude with each other or with the VSP to perform market manipulation and gain economic benefits [76] . For example, collusive avatars may collude to manipulate the results of metaverse auctions and earn illegal revenues.

The metaverse is an extended form of the cyber-physicalsocial system (CPSS) [78] , in which physical systems, human society, and cyber systems are interconnected with complex interactions. The threats in virtual worlds also severely affect physical infrastructures, personal safety, and human society.

1) Threats to Personal Safety. In the metaverse, hackers can attack wearable devices, XR helmets, and other indoor sensors (e.g., cameras) to obtain the life routine and track the realtime position of users to facilitate burglary, which may threaten their safety [79] . A report released by the XR Security Initiative (XRSI) shows that an adversary can manipulate a VR device to reset the hardware's physical boundaries [80] . Thereby, a user in metaverse can be potentially pushed toward a flight of stairs or misdirected into dangerous physical situations (e.g., a street).

Besides, the metaverse can open up new opportunities for misconducts and crimes. In the metaverse, risks of physical trauma may be limited, but users could be mentally scarred. For example, due to the immersive realism of metaverse, hackers can suddenly display harmful and scary content (e.g., ghost pictures) in the virtual environment in front of the avatar, which may lead to the death of fright of the corresponding user. Moreover, the lack of laws and regulations can further increase the possibility of criminal or abusive actions.

2) Threats to Infrastructure Safety. By sniffing the software or system vulnerabilities in the highly integrated metaverse, hackers may exploit the compromised devices as entry points [81] to invade critical national infrastructures (e.g., power grid systems and high-speed rail systems) via APT attacks [14] .

3) Social Effects. Although metaverse offers an exciting digital society, severe side effects can also raise in human society such as user addiction [82] , rumor prevention [83] , child pornography, biased outcomes, extortion, cyberbullying, cyberstalkers [11] , and even simulated terrorist camps [84] . For example, the immersive metaverse can provide future potentials for extremists and terrorists by making it easier to recruit and meet up, offering new ways for training and coordination, and lowering costs for finding new targets [84] . Essentially, the immersive training in digital clones of actual buildings can assist terrorists to plan attacks and escape routes. Another example is that the metaverse, in its ultimate form, is fully controlled by AI algorithms (as depicted in the film Matrix), in which the code can be the law to rule everything and severe ethical issues such as race/gender bias may arise.

In analogy to the social norms and regulations in the real world, the interactions among avatars (e.g., content creation, social activities, and virtual economy) in the metaverse should align with the digital norms and regulations to ensure compliance [85] . In the supervision and governance process of metaverse, the following threats may deteriorate system efficiency and security.

Essentially, it is difficult to decide whether a virtual crime is the same as a real one. Thereby, it is hard to directly apply the laws and regulations in real life to enforce penalization for criminal actions [48] such as abusive language, virtual harassment, virtual stalking/spying, and so on. For example, if an avatar is verbally abusive in the metaverse, it can be easily regarded as verbal abuse either in virtual or real worlds. However, if an avatar attempts to virtually stalk or harass another user's avatar in the metaverse, the definitions of these crimes may be adapted from the real ones, as well as the appropriate punishments, which should be reconsidered for metaverse lawmakers and regulators.

2) Misbehaving Regulators. Regulators may misbehave and cause system paralysis, and their authorities also need supervision. Dynamic and effective punishment/reward mechanisms should be enforced for misbehaving/honest regulators, respectively. To ensure sustainability, punishment and reward rules should be maintained by the majority of avatars in a decentralized and democratic manner [86] . Automatic regulations implemented by smart contracts without reliance on trusted intermediaries may be a promising solution. However, it also raises new issues such as information disclosure, mishandled exceptions, and susceptibility to short address attacks and reentrancy attacks [87] .

3) Threats to Collaborative Governance. To avoid the concentration of regulation rights, collaborative governance under hierarchical or flat mode is more suitable for large-scale metaverse maintenance [88] . Nevertheless, collusive regulators may undermine the metaverse system even under collaborative governance scenarios. For example, they can collude to make a certain regulator partitioned from the network via wormhole attacks [89] .

4) Threats to Digital Forensics. Digital forensics in the metaverse means the virtual reconstruction of cybercrimes by identifying, extracting, fusing, and analyzing evidences obtained from both real and virtual worlds [90] . Nevertheless, due to the high dynamics and interoperability issues of various virtual worlds, it is challenging for efficient forensics investigation including entity-behavior association, identification, and tracing among anonymous users/avatars with diverse behavior patterns in the metaverse. In addition, due to the blurred boundary between real and virtual worlds, the metaverse can make us confused to distinguish between the true and false. For example, bad actors may produce fake news, faces, audios, and videos via AI algorithms to mislead the public, just like the recent Deepfake event.

In this section, we have introduced a broad scope of security threats in the metaverse from seven aspects: identity, data, privacy, network, economy, physical/social, and governance.

• Essentially, as various emerging technologies are incorporated by the metaverse as its foundation, their intrinsic flaws and vulnerabilities may also be inherited by the metaverse. Moreover, the effects of existing threats can be amplified and become more severe in the metaverse, driven by the interweaving of various technologies. • Notably, the personal information (including user profiling and biometric data) collected and processed in the metaverse can be more granular and unprecedentedly pervasive to make fully immersive experiences, where the device for acquisition massive user-sensitive data, as well as the transmission, storage, processing, access control, and destruction process should be well-protected. • Besides, with the flourishing and expanding scale of future metaverse systems, brand new threats emerged specifically under a metaverse setting can breed, where new defenses for them need to be designed. • In addition, the threats occurring in the metaverse may also affect the physical world and threaten human society. • Driven by the above threats, it raises huge governance demands and poses huge regulation challenges to metaverse lawmakers and regulators. • Lastly, due to the intrinsic characteristics (e.g., interoperability, decentralization, scalability, and heterogeneity) of the metaverse, a series of critical challenges may arise in directly applying existing security countermeasures into the metaverse. Advanced security and privacy solutions tailored to the metaverse setting are needed.

In this section, we review existing and potential defense mechanisms for the above security and privacy threats in the metaverse.

For the metaverse, secure and efficient identity management is the basis for user/avatar interaction and service provisioning. Generally, digital identities can be classified into the following three kinds.

• Centralized identity. Centralized identity refers to the digital identity authenticated and managed by a single institution, such as the Gmail account. • Federated identity [91] . Federated identity refers to the digital identity managed by multiple institutions or federations. It can reduce the administrative cost in identity authentication for cross-platform and cross-domain operations, and alleviate the cumbersome process of typing personal information repeatedly for users. • Self-sovereign identity (SSI) [92] . SSI refers to the digital identity which is fully controlled by individual users. It allows users to autonomously share and associate different personal information (e.g., username, education information, and career information) in performing cross-domain operations to enable identity interoperability with users' consent. In the metaverse, centralized identity systems can be prone to SPoF risks and suffer potential leakage risks. Federated identity systems are semi-centralized and the management of identities is controlled by a few institutions or federations, which may also suffer potential centralization risks. The identity systems built on SSIs will be dominant in future metaverse construction [5] . According to [93] , identity management schemes in the metaverse should follow the following design principles: (i) scalability to massive users/avatars, (ii) resilience to node damage, and (iii) interoperability across various sub-metaverse during authentication. Fig. 10 compares the hardware terminals for entering the web, mobile Internet, the metaverse. As shown in Fig. 10 , in the metaverse, empowered by XR and HCI technologies, wearable devices such as HMD and BCI enable user/avatar interactions and are expected as the major terminal to enter the metaverse [6] . Besides, the metaverse usually includes various administrative domains and the sub-metaverses can be implemented on distinct blockchain platforms [16] . In the following, we first review existing works on the metaverse in terms of key management and identity authentication for wearable devices. Then, we give the literature review in cross-domain and cross-chain identity authentication in the metaverse.

1) Key Management for Wearable Devices: Wearable devices such as Oculus helmets and HoloLen headsets are anticipated to be the major terminal to enter the metaverse. Key management (including generation, negotiation, distribution, update, revocation, and recovery) is essential for wearable devices to establish secure communication, deliver sensory data, receive immersive service, etc. Conventional key management mechanisms are mainly built upon cryptographic systems such as Diffie-Hellman cryptosystem and public key infrastructure (PKI). These mechanisms usually require strict constraints on available resources (e.g., computation power, memory size, bandwidth, and transmit power) for sensor-node operations, which are not applicable for battery-powered wearable devices with compact battery size and limited computational capacity. In the literature, works [94] - [97] take the intrinsic features of distinct wearable devices (e.g., wireless channel and gait signal) into account in designing efficient key management schemes, which can be beneficial for future metaverse construction.

Aimed to bridge the contactless secret key establishment among tiny wearable devices under wireless communication environments, Li et al. [94] design an innovative key establishment approach by utilizing unique wireless channel characteristics based on the positioning of wearable devices. Particularly, the authors leverage the received signal strength (RSS) trajectories of two moving wearables to construct the secret key by moving or shaking the wearable devices. They observe that under certain conditions (e.g., short distance and time period), the path loss and RSS in the channel model are decreasing functions of distance, and use the variation trend of RSS (i.e., RSS trajectory reciprocity) for a pair of moving devices to establish the secret key. A mean-value quantization mechanism is also devised to improve the efficiency in key generation by dividing a set of samples into multiple sub-sequences for quantization (instead of the sample-level quantization). Rigorous security analysis proves the defense of eavesdropping and experimental results validate the practicability of [94] for wearables with short-range communications and frequent movements. Apart from the RSS, the channel impulse response (CIR) is another typical unique physical-layer characteristic between communication parties.

To secure communications between wearable devices integrated with accelerometers, Sun et al. [95] exploit the gait-based biometric cryptography to design a group key generation and distribution scheme for wearable devices based on signed sliding window coding and fuzzy vault. The proposed acceleration-based key generation mechanism takes advantage of the randomness of noise signals imposed on the raw acceleration signals to produce a group key. Besides, it utilizes the common characteristic of gait signals sampled from distinct parts of the human body for key distribution to other sensors on the same body. Simulations prove that it can pass both the NIST and Dieharder statistical tests with high efficiency.

To further reduce system overheads and reduce response delay for resource-limited wearable devices, Chen et al. [96] introduce a lightweight and real-time key establishment model with gait regularity hiding functions for wearables by analyzing gestures and motions through the integrated accelerometer. In their work, the shared key is established in real time based on user's motion (e.g., shaking and walking), and a lightweight bit-extraction method is devised based on the value difference of neighboring samples. Simulation results show that the generation rate of shake-to-generate key is 2.027 bit/sec and the matching rate can reach 91%.

To protect patients from fatal cyber attacks, Zheng et al. [97] propose an electrocardiogram (ECG) signal based key distribution mechanism for wearable and implantable medical devices (WIMDs). In their work, two widely used cryptographic primitives, i.e., fuzzy commitment and fuzzy vault, are compared. Experimental results show that the solution built on fuzzy vault achieves a lower acceptable false reject rate (i.e., 5%) and less energy cost of WIMDs, while the solution built on fuzzy commitment attains a higher false acceptance rate.

2) Identity Authentication for Wearable Devices: Identity authentication for wearable devices to guarantee device/user authenticity is also a promising topic in the metaverse. To adapt to wearable devices with extremely low computing/storage capacity, Srinivas et al. [98] present a cloud-based mutual authentication model with low system cost for wearable medical devices to prevent device impersonation in healthcare monitoring systems with password change and smart card revocation functions. Rigorous security analysis and formal security verification prove the security of created session key in defense against active and passive attacks. However, the one-time authentication in [98] may cause friction such as unauthorized privileges. To resolve this issue, Zhao et al. [99] propose a novel continuous authentication model to support seamless device authentication at a low cost. In [99] , unique cardiac biometrics are extracted from photoplethysmography (PPG) sensors (embedded in wristworn wearables) for user authentication. Experimental results show that their proposed system obtains a high average continuous authentication accuracy rate of 90.73%. To further protect user privacy during authentication, Liu et al. [100] design a privacy-preserving identity authentication mechanism for wearable devices with consideration of spatiotemporal contexts , by combing MinHash, bloom filter, and ciphertext-policy attributebased encryption (CP-ABE) in the edge computing environment. GNY logic-based formal security analysis proves the proposed scheme in [100] can achieve cooperative privacy preservation. Jan et al. [101] also design a privacy-aware mutual authentication mechanism for wearable devices, where a hidden Markov model (HMM) based on AI is devised to predict privacy risks of patient data leakage. Besides, the security of [101] is analyzed using Burrows-Abadi-Needham (BAN) logic.

In the metaverse, Bluetooth may play an important role in short-range communications for wearables. Aksu et al. [102] study the wearable device identification issue using the Bluetooth protocol. In their work, a smart wearable fingerprinting method tailored to Bluetooth is devised using a series of AI algorithms, and real tests on wearables validate its functionality and feasibility. By using two representatives (i.e., Google Nest Learning Thermostat and Nike+ Fuelband Fitness Tracker) as test devices, Arias et al. [103] present a real attack using a hardware with particular attack vectors to bypass software authentications and compromise the two devices. Lessons show that it is necessary to secure all update channels and disable the microcontroller's external reprogrammability and any debug interface for wearable devices.

The metaverse typically contains various administrative security domains created by distinct operators/standards. Identity authentication across distinct administrative domains (e.g., VR/AR services run by distinct VSPs) in the metaverse is critical to deliver seamless metaverse services for users/avatars. Traditional cross-domain authentication mechanisms mainly rely on a trusted intermediary and bring heavy overhead in key management. To address this issue, Shen et al. [104] employ blockchain technology to design a decentralized and transparent cross-domain authentication scheme for industrial IoT devices in different domains (e.g., factories). In their work, a consortium blockchain is employed to establish trust among distinct domains, and identity-based encryption (IBE) is used for device authentication. Besides, an anonymous authentication protocol with identity revocation capability is proposed to remedy the drawback of IBE in terms of identity revocation. In addition, real domain-specific information are moved to off-chain storage to reduce storage burdens in the blockchain system. In the PKI system, it only identifies certificates in its domain. In accessing services in other domains such as Kerberos, users' identities usually could not be recognized or it involves extremely complex operations for cross-domain authentication. By leveraging the distributed consensus of the blockchain, Chen et al. [105] propose an efficient cross-domain authentication scheme named XAuth. In their work, to improve the response speed arising from the low throughput of blockchains as well as protect user privacy, the authors design an optimized blockchain approach and privacy preservation functions in cross-domain authentication. Specifically, a lightweight verification protocol is developed based on the multiple Merkle hash tree structure to support rapid response. An anonymous authentication protocol based on zeroknowledge proof is also devised to ensure privacy protection. An implemented proof-of-concept (PoC) prototype proves its functionality and feasibility. 4) Cross-Chain Identity Authentication: By getting rid of trusted third parties, blockchain technology is fundamental to build trust-free digital identities for users in various domains in the metaverse [104] , [105] . As distinct sub-metaverses may deploy services on heterogeneous blockchains to meet qualityof-service (QoS) requirements, as shown in Fig. 11 , efficient cross-chain authentication is needed for seamless services across multiple sub-metaverses. Fromknecht et al. [106] design a decentralized authentication protocol based on blockchain to resolve identity retention concerns under PKI, where identity certificates are stored in blockchain ledgers to eliminate certificate authority (CA) centralization risks. Besides, the authors employ cryptographic accumulators to support fast verification of public keys, and use distributed hash tables to enable fast public key lookup. Current cross-chain mechanisms mainly focus on digital asset transfer, and few of them consider cross-chain identity authentication in the metaverse. The implementation, efficiency, and security of identity authentication across various domains and blockchains in the metaverse remain to be further investigated.

The metaverse is a digital world built on digital copies of the physical environment and avatars' digital creations. Analogy to the value created by human activities in the real world, digital twins and UGCs as well as avatars' behaviors (e.g., chat records and browsing records) will produce certain value in the metaverse [8] . Information security is an important prerequisite for the development and prosperity of the metaverse. In the following, we discuss the data security in metaverse in terms of data reliability, data quality, and provenance. 

In the metaverse, AI such as generative adversarial network (GAN) can help generate high-quality dynamic game scenarios and context images, but also poses security threats such as adversarial and poisoned samples which is hard to detect for humans. In the literature, by taking adversarial samples as part of training data, various efforts have been done to resist adversarial samples via virtual adversarial learning [109] , adversarial representation learning [110] , adversarial reinforcement learning [111] , adversarial transfer learning [112] , and so on, which can be beneficial to resist adversarial threats in the construction of the metaverse.

The works [71] , [108] , [113] discuss the data reliability of digital twins in the metaverse. Gehrmann et al. [113] propose a reliable state replication method for digital twin synchronization in industrial applications and identify seven key requirements in security architecture design. Besides, the authors formally define the synchronization consistency as a metric of the robustness of digital twin synchronization. A PoC implementation using programmable logic controllers (PLCs) validates its effectiveness. However, the trustworthiness of data collected from disparate data silos is not studied in [113] . To address this issue in the metaverse, as shown in Fig. 12 , Liao et al. [108] leverage permissioned blockchain technology for trusted digital twin (DT) service transactions between VSPs and service requesters in intelligent transportation systems (ITS). A DT-DPoS (delegated proof of stake) consensus protocol is devised to improve consensus efficiency by using distributed DT servers to form the validator committee. Besides, to facilitate users' customized DT services, an on-demand DT-as-a-service (DTaaS) architecture is presented for fast response to meet diverse DT requirements in ITS. Suhail et al. [71] combine the blockchain technology to build a trustworthy data dissemination and fault diagnosis platform for digital twin construction using disparate data sources.

The works [114] , [115] investigate parametric audio rendering to match and improve the visual experience in 3D virtual worlds. Zimmermann et al. [114] present an interactive audio Fig. 13 .

Illustration of (a) 3DoF and (b) 6DoF. 3DoF means an object can rotationally move around the 3D space (i.e., x, y, and z axes), while 6DoF has additional translational movement along those axes (i.e., moving forward/backward, up/down, and left/right). streaming mechanism with high scalability based on peer-to-peer (P2P) topology for immersive interaction in NVEs. Their mechanism combines two concepts: area of interest (AoI) and aural soundscape to make proximal and spatialized audio interactions. Specifically, AoI limits the distribution area of audio streams as avatars are more likely to interact with others in proximity (the distance is measured by virtual coordinates), and aural soundscape allows distributively audio rendering from different sources to match the visual landscape. Jot et al. [115] design an interactive audio engine based on 6-degree-of-freedom (6DoF) object for parametric audio scene programming (i.e., controllable acoustic orientation, size, orientation, and other properties) in audiovisual metaverse experiences. Fig. 13 illustrates the difference of 6DoF with conventional 3DoF in using VR devices. Simulation results in [114] , [115] show the feasibility of their design.

2) Data Quality of UGC and Physical Input: Low-quality data input from physical sensors and the UGCs produced by avatars can deteriorate the QoS of metaverse services and the QoE of users. Effective quality control mechanisms are important to offer efficient metaverse services and maintain sustainability of the creator economy. Dickinson et al. [116] give a user study on 68 participants in a VR environment and show that user perception of character believability is influenced positively by behavioral features while negatively by visual elements. Considering human's psychological status, Guo et al. [51] present a safety management method to ensure the availability of physical data generated from wearable devices in the metaverse.

In the literature, game theory and AI methods have been widely utilized to motivate users' high-quality data contribution or service offering, which can offer some lessons in the metaverse design. For example, Xu et al. [117] propose a dynamic Stackelberg game to model the interactions between content provider and edge caching devices (ECDs), where content provider is the game-leader which makes its payment strategy of caching service while each ECD serves as the game-follower to decide its strategy on quality of caching service. A two-tier Q-learning based mechanism is devised in [117] to dynamically derive the optimal strategies for each side. In [118] , Su et al. propose a deep RL (DRL)-based incentive mechanism to encourage users' high-quality model contribution in distributed AI paradigms with consideration of both non-IID effects and collaboration between edge/cloud servers.

The works [35] , [119] study the data availability in metaverse in terms of data synchronization and QoS, respectively. For accurate DT synchronization with its physical counterpart, Han et al. [119] propose a hierarchical game for dynamic DT synchronization in the metaverse, where end devices collectively gather the status information of physical objects and VSPs decide proper synchronization intensities. In their work, every user selects the optimal VSP in the lower-level evolutionary game, and every VSP makes the optimal synchronization strategy in the upper-level differential game based on users' strategies and value of DT. Simulation results demonstrate that the proposed mechanism attains a higher accumulated revenue for VSP. By leveraging covert communication methods, Du et al. [35] propose an optimal targeted advertising strategy for the VSP to maximize its payoff in offering high-quality access services for end-users while attaining close-to-one detection error for attackers. In their work, the Vidale-Wolfe advertising model is exploited, and a novel metric meta-immersion is introduced to measure users' feelings in metaverse experience. Simulation results show that the VSP can boost its payoff in comparison with that without advertising. For dynamic metaverse applications, the information freshness (e.g., age of information) can be further considered in data/service offering.

3) Secure Data Sharing in XR Environment: Metaverse applications are usually multi-user such as multi-player gaming and remote collaboration. Aimed for secure content sharing under multi-user AR applications, Ruth et al. [120] study an AR content sharing control mechanism and implement a prototype on HoloLens to allow AR content sharing among remote or colocated users with inbound and outbound control. By rigorously exploring user's design space on various AR apps, the authors also define various mapping manners of AR contents into the real world. In WebVR (a VR-based 3D virtual world on HTML canvases), Lee et al. [121] identify three new ad fraud threats (i.e., blind spot tracking, gaze and controller cursor-jacking, and abuse of an auxiliary display) in content sharing. User studies on 82 participants show the success rates range from 88.23% to 100%. Besides, a defense mechanism named AdCube is presented in [121] via visual confinement of 3D ad entities and sandboxing technique. Experimental results show the defense effectiveness of AdCube with a small system cost for 9 WebVR demo sites.

Data provenance can realize the traceability of historical archives of a piece of UGC, which is essential to evaluate data quality, trace data source, reproduce data generation process, and conduct audit trail to quickly identify data responsible subjects. In the metaverse, UGC provenance information such as the source, circulation, and intermediate processing information is often stored in disparate data silos (e.g., distinct blockchains), making it difficult to monitor and track in real time. Existing works on IoT data provenance can offer some lessons for UGC provenance design in the metaverse.

Satchidanandan et al. [122] design a dynamic watermarking technique which exploits indelible patterns imprinted in the medium to detect misbehaviors (e.g., signal tampering) of malicious sensors or actuators. Besides, advanced watermarking technique can be utilized for intellectual property protection and ownership authentication in the metaverse. Liang et al. [52] present a blockchain-based cloud file provenance architecture named ProvChain with three stages, i.e., collection, storage, and verification of provenance information. ProvChain ensures source tamper resistance, user privacy, and reliability of cloud storage. For multi-hop IoT, Mohsin et al. [123] design a lightweight protocol to enable data provenance in wireless communications, where the RSS indicator of the communicating IoT node is exploited to produce the unique link fingerprint.

In the metaverse, the life-cycle of UGCs involves the ternary worlds and multiple sub-metaverses, which can be more complex than that in traditional IoT. Moreover, smart contracts are anticipated to play an important role in enforcing UGC provenance across various metaverse platforms, and more research efforts on its functionality, efficiency, and security are required. Besides, the scalability, trust, and efficiency (e.g., response delay) are still challenging issues in the provenance of massive UGCs in the large-scale metaverse.

C. Privacy Enhancement 1) Privacy in Metaverse Games: AR/VR games are the current most popular metaverse application for users. AR/VR games usually contain three steps: the game platform (i) collects sensory data from users and their surroundings, (ii) identifies objects according to these contexts, and lastly (iii) performs rendering on game senses for immersiveness.

Existing works have demonstrated the security and safety concerns related to metaverse games using case studies [124] and qualitative studies [13] , [125] . Bono et al. [124] offer two case studies (i.e., Second Life and Anarchy Online) and show that a hacker can exploit the features and vulnerabilities of MMO metaverse games to fully compromise and take over players' devices (e.g., laptops). Lebeck et al. [125] carry out a qualitative lab study using Microsoft HoloLen (an AR headset), whose result shows that players can easily be immersed in AR experiences and treat virtual objects as real, as well as various security, privacy, and safety issues are uncovered. Shang et al. [13] identify a novel user location tracking attack in location-based AR games (e.g., Pokémon Go) by solely exploiting the network traffic of the player, and real-world experiments on 12 volunteers validate that the proposed attack model attains fine-grained geolocation of any player with high accuracy. Besides, three possible mitigation approaches are presented in [13] to alleviate attack effects.

To prevent potential privacy issues in metaverse games, Laakkonen et al. [126] introduce privacy-by-design principles in digital games from both qualitative and quantitative perspectives, where nineteen privacy attributes divided into three levels are accounted for privacy evaluation. In [127] , Corcoran et al. distinguish the individual privacy and group privacy in privacypreserving interactive metaverse game design. The former refers to the purchasing patterns, behavioral traits, communication, image/video data, and location/space related to an individual, while the latter refers to the privacy associated with a group of individuals (e.g., a social group, an organization, and a nation).

2) Fine-grained Access Control and Usage Audit for Wearables and UGCs: The massive personally identifiable information handled by wearables can pose a huge risk of unauthorized exposure. To address this issue, Ometov et al. [54] propose a novel delegation-of-use mode for wearable devices with privacy guarantees, where owners can lend their personal devices to others for temporary use. However, the associated attacks along with scalability and efficiency issues still need more investigations in real-world implementation.

The naive content creation (e.g., UGCs) produced by avatars is essential to maintain the creativity and sustainability of the metaverse. As UGCs inevitably contain sensitive and private user information, efficient UGC access control and usage audit schemes should be designed. The following works [128] - [130] discuss the UGC access control. Different from conventional access control schemes which enforce a single access policy for a specific content, Ma et al. [128] design a scalable access control scheme to allow multiple levels of access privileges for sharing user-generated media contents (UGMCs) in the cloud. The detailed construction based on scalable CP-ABE mechanism is also presented with formal security proof. However, the above scheme cannot support time-domain UGMC access control. To address this issue, Yang et al. [129] propose a time-domain attribute-based access control mechanism with provable security for sharing user-generated video contents (UGVCs) in the cloud. In their mechanism, the allowed time slots for access are embedded into both ciphertexts and keys in CP-ABE, thereby only authorized users in specific time slots can decrypt the UGVCs. Moreover, queries on UGVCs created in previous time slots along with efficient attribute updating and revoking are supported. Nevertheless, the above works overlook that authorized entities may become traitors to illegally redistribute UGCs to the public, i.e., illegal UGC redistribution. To address this realistic threat, Zhang et al. [130] propose a novel secure encrypted UGMC sharing scheme with traitor tracing in the cloud via the proxy re-encryption mechanism (for secure UGMC sharing) and watermarking mechanism (for traitor tracing).

The above works mainly focus on the access control of UGCs, while the usage control (i.e., shared UGCs can be only used for intended purposes) is ignored. To bridge this gap, Wang et al. [64] propose a novel data processing-as-a-service (DPaaS) mode to complement the current data sharing ecosystem and exploit blockchain technologies for fine-grained data usage policy making on the user's side, policy execution atop smart contracts, and policy audit on transparent ledgers. Yu et al. [62] combine both sensitiveness of UGMC (to be shared) and trustworthiness of user (being granted) to train a tree classifier for fine-grained privacy setting configurations. In their scheme, a deep network is utilized to extract discriminative features and identify privacysensitive object classes/events, and users are clustered into social groups for trustworthiness characterization.

3) Privacy-Preserving UGC Sharing and Processing: Existing privacy-preserving schemes for data sharing and processing mainly focus on four fields: differential privacy (DP), federated learning (FL), cryptographic approaches (e.g., secure multi-party computation (SMC), homomorphic encryption (HE), and zeroknowledge proof (ZKP)), and trusted computing. The following works [55] , [131] - [133] discuss privacy-preserving UGC sharing in the metaverse. To offer privacy-preserving trending topic recommendation services in the metaverse, Wei et al. [55] propose a graph-based local DP mechanism, where a compressive sensing indistinguishability method is devised to produce noisy social topics to prevent user-linkage association and protect keyword correlation privacy with high efficiency. To enable smart health sensing without violating users' private data in the metaverse, Zhang et al. [131] present a FL-based secure data collaboration framework where wearable sensors periodically send local model updates trained on their private sensory data to the server which synthesizes a global abnormal health detection model. To resolve class imbalance concerns of participants under FL, the authors in [131] further design a novel local update method based on RL and an adaptive global update method via online regret minimization. To enhance privacy protection in the blockchain-based metaverse, Guan et al. [132] utilize ZKP to empower current accountmodel blockchains (e.g., Ethereum) with privacy preservation functions in terms of hiding sender-recipient linkage, account balances, and transaction amounts. Xu et al. [133] identify the co-photo privacy threat in social metaverse that a shared photo may contain not only the individual privacy but also the privacy of others in photos. Besides, by utilizing SMC and SVM techniques, the authors design a personalized facial recognition method to differentiate photo co-owners without disclosing their privacy in users' private photos.

Privacy-preserving UGC processing in the metaverse has also attracted various attention. Based on Okamoto-Uchiyama HE, Li et al. [57] present a verifiable privacy-preserving method for data processing result prediction in edge-enabled CPSSs. Besides, batch verification is supported for multiple prediction results at one time to reduce communication burdens. Wang et al. [64] leverage the trusted computing technique to design a privacypreserving off-chain data processing mechanism, where private UGC datasets are processed in an off-chain trusted enclave and the exchange of processed results and payment are securely executed via the designed fair exchange smart contract.

The confidentiality of UGCs (inside the metaverse) along with physical inputs (to the metaverse) should be ensured to prevent private data leakage and sensitive data exposure. The identity management (in Sect. IV-A), access control (in Sect. IV-C2), and privacy computing technologies (in Sect. IV-C3) are enablers to maintain UGC confidentiality in the metaverse. For confidentiality of physical inputs, Raguram et al. [134] propose a novel threat named compromising reflections, which can automatically reconstruct user typing on virtual keyboards, thereby compromising data confidentiality and user privacy. Experiment results show that compromising reflections of a device's screen (e.g., sunglass reflections) are sufficient for automatic and accurate reconstruction with no limitation on the motion of handheld cameras even in challenging scenarios such as a bus and even at long distances (e.g., 12m for sunglass reflections).

In the metaverse, privacy inside avatars' digital footprints can be classified into three types [12] : (i) personal information (e.g., avatar profiling), (ii) virtual behaviors, and (iii) interactions or communications between avatars or between avatar and NPC. Avatars' digital footprints can be tracked via virtual stalking/spying attacks in the metaverse to disclose user's real identity and other private information, e.g., shopping preferences, location, and even banking details. A potential solution is avatar clone [4] , which creates multiple virtual clones of the avatar which appear identical to confuse the attackers. Nevertheless, it brings other challenging issues such Another potential solution is disguise by periodically changing avatar's appearance to confuse attackers, or mannequin by replacing the avatar with a single clone (e.g., bot) which imitates user's behavior and teleport user's true avatar to another location when being tracked. Other privacy preservation mechanisms [12] include invisibility, private enclave, lockout. Invisibility indicates the avatar is made to be temporarily invisible in case of suspected stalking. Private enclaves allow certain locations inside the metaverse to be occupied by individuals, which are unobserved by others. In private enclaves, owners have control over who can enter into the enclave by teleporting, thereby offering a maximum level of privacy. Lockout means certain areas inside the metaverse are temporarily locked out for private use. After the lock expires, the restriction is lifted and other users are allowed to enter the area.

Personalized Privacy-Preserving Metaverse: As users/avatars are featured with personalized privacy demands and service preferences, existing privacy computing technologies (in Sect. IV-C3) should also take their customized privacy/service profiles into account in designing privacy-enhanced metaverse. Existing works on personalized privacy computing mainly based on similarity [66] , randomized response [65] , personalized FL [135] , and so on. With the growth of metaverse, more research on new personalized privacy preservation methods is required to serve new applications and the new ecology in the metaverse. 7) Privacy-Enhancing Advances in Industry: In the metaverse, there have been incidents such as VR groping and VR sexual harassments in Horizon Worlds [136] . In the real world, people potentially keep an appropriate distance from others to maintain personal spaces when socializing. According to the interpersonal intimacy, psychologist Stanley Hall quantified and divided four types of personal spaces: public area (350-750 cm), social area (125-350 cm), personal area (50-125 cm), and intimate area (within 50 cm), as shown in Fig. 14 (a) . It means that for less familiar people, the more personal space we require. Similarly, each avatar also requires personal space even in the virtual world. Recently, Meta announced the private boundary function in its metaverse platforms Horizon Venues and Horizon Worlds to avoid groping and harassments, where the default personal border for every avatar is a 2-foot circle [137] . As shown in Fig. 14 (b) , avatars need to keep at least 4 feet (about 1.2 m) away from others to maintain private space.

Google has built a Privacy Sandbox on Android apps in 2022 to promote private advertising solutions by curbing the sharing of private information with third parties and removing crossapp identifiers (including advertising ID) [138] . Besides, Google debuts its open-source DP tool named PipelineDP with Python library in 2022 by creating pipelines which aggregate personal data to derive valuable insights in a differentially private manner. Apple also utilizes local DP to gather individual data from end devices running on macOS or iOS for privacy-preserving services [139] such as lookup hints, Emoji suggestions, QuickType suggestions, and Safari autoplay intent detection.

Situational awareness is an effective tool for security monitoring and threat early-warning in large-scale complex systems such as the metaverse [140] . In the metaverse, local situational awareness is essential for monitoring a single security domain and global situational awareness can assist early-warning of largescale distributed threats targeted at multiple sub-metaverses.

1) Local Situational Awareness: Situational awareness for devices and systems built on XR technology has received increasing attention in the metaverse [140] - [142] . Woodward et al. [140] review the presentation of information in AR headsets, and discuss the potential in applying AR technologies to enhance users' situational awareness in perception and understanding the surroundings. Apart from AR technology, VR technology can enhance situational awareness capacities in various applications. Ju et al. [141] carry out realistic and immersive driving simulations, whose findings validate that acoustic cues can help VR drivers remain alert in emergencies (e.g., accidents) under VR car-driving scenarios. Lv et al. [142] present a smart intrusion detection model to detect attack behaviors on 3D VR-based industrial control systems based on support vector machine (SVM). Experimental results on a simulated VR industrial scenario show that its average accuracy can keep above 90%. However, the proposed model cannot resist unknown/new attack types.

To effectively detect unknown/new threats, Vu et al. [143] design a representation learning approach for better prediction of unknown attacks, where three regularized autoencoders (AEs) are deployed to learn the latent representation. The effectiveness of their work is evaluated on nine recent IoT datasets. To be further adaptive to wearable devices with extreme size and energy constraints, Heartfield et al. [144] propose a multilayered lightweight anomaly detection method by exploiting radio-frequency wireless communications to/from them to identify potentially malicious transactions. In [145] , RL methods are employed for intrusion detection in small-scale applications such as smart homes. In practical applications, it is usually hard and costly to label massive attack samples. To deal with the challenges of few labeled data and the corresponding over-fitting issues, Zhou et al. [146] combine few-shot learning and Siamese neural network to mitigate over-fitting and intelligently detect diverse attack types in industrial systems. To summarize, existing security measures can be categorized into two groups: reactive approaches (aim to counter past known attacks) and proactive approaches (aim to mitigate future unknown attacks). In general cases, reactive defenses built on timely attack trapping, frequent retraining, and decision verification can be more convenient and effective than pure proactive defenses. Besides, proactive defenses can be classified into two paradigms [147] : security by design defenses (against white-box attacks) and security by obscurity defenses (against black-box attacks). The above defense approaches can provide some lessons to resist unknown/new threats in the metaverse.

2) Global Situational Awareness: The above works mainly focus on situational awareness in a local security domain. Global situational awareness can facilitate understanding global security statuses in defending large-scale attacks in the metaverse. Both works [149] , [150] utilize data-driven approaches for global situational awareness in large-scale distributed power grids. In [149] , Shahsavari et al. propose a multi-class SVM classifier to extract malicious events from collected raw metering data. However, their approach relies on additional expert knowledge for costly event labeling. To resolve this issue, Wu et al. [150] further model legitimate users and attackers as an evolutionary game and devise a two-phase RL algorithm to solve the game. Profiling of potential attack behaviors is another challenge in the metaverse. Krishnan et al. [151] combine digital twin and SDN to build a behavioral monitoring and profiling system where security strategies are evaluated on digital twins before being deployed in the real network.

Honeynets consisting of collaborative honeypots offer an alternative solution for building a secure metaverse to defend against large-scale distributed attacks. Zhang et al. [152] propose a honeynet-based situational awareness system where each honeypot built on the Docker environment traps attackers, monitors their attack behaviors, and exchanges these information with each other coordinated by the honeynet controller. However, the work [152] has a drawback in terms of scalability and programmability in large-scale deployment. Zarca et al. [148] further propose SDN-enabled virtual honeynet services with higher degree of scalability and flexibility, and the efficiency of the proposed approach is validated using real implementations and tests. As shown in Fig. 15 , based on specific security policies, security virtual network functions (VNFs) (e.g., virtual honeynet, IDS, IPS, and firewall) can be configured and instanced on demand reactively or proactively, coordinated by the SDN controller. Thereby, appropriate defense mechanisms (including situation monitoring, attack trapping, and security resource allocation) can be provisioned quickly and feasibly to enable self-protection, selfrepair, and self-healing. However, the trust issues and resilience of compromised domain operators in aggregating local situational awareness into the global one require further investigation.

Creator economy is an essential component of the metaverse to maintain its sustainability and promote avatars' open creativity. Besides, it should be built on a decentralized architecture to prevent centralization risks, e.g., SPoF, non-transparency, and control by a few entities.

1) Trusted UGC/Asset/Resource Trading: As shown in Fig. 8 , blockchain technologies (e.g., NFT and smart contract) provide a decentralized solution to construct the sustainable creator economy. NFT is the irreplaceable and indivisible token in the blockchain [41] and is regarded as the unique tradable digital asset associated with virtual objects (e.g., land parcel and digital drawing). For example, in the game Cryptokitties, players can buy virtual pet cats with unique genetic attributes identified by NFT and breed them. Besides, smart contracts enable the automatic transaction enforcement and financial settlement in trading virtual objects, items, and assets. The works [70] , [153] , [154] discuss the usage of blockchain technology for virtual economy design.

Rehman et al. [153] discuss several design principles in cryptocurrency ecosystems including centrality, privacy, price manipulation, insider trading, parallel and shadow economy, governance, usability, and security. Considering the cooperation of heterogeneous smart devices, Biase et al. [70] propose a swarm economy model for digital resource sharing which incorporates their spontaneous collaboration and dynamic organization in large-scale networks. A blockchain-based transaction model is also developed in [70] for transparent and immutable currency audit, thereby ensuring trading trust among distrustful devices. However, the work [70] has drawbacks in terms of non-automatic transaction settlement, high computational overhead, and nonsupervisability. To address these issues, Liu et al. [154] propose a blockchain-based automatic transaction settlement framework, in which a three-layer sharding blockchain architecture is devised for enhanced system scalability. Moreover, the authors in [154] devise an encryption scheme with keyword search to uncover criminal transactions and achieve crime traceability, where the supervision right is equally allocated among all participants. Jiang et al. [155] introduce FL-enabled digital twin (DT) edge networks, where access points (APs) serve as edge nodes to help end-user devices build DT models. In [155] , a directed acyclic graph (DAG) blockchain is employed to securely record both local model updates and global model updates in FL, as well as the resource transactions between APs and users.

Apart from the trust-free blockchain approaches, trust or reputation management offer a quantifiable solution to evaluate the trustworthiness of participants and services with less computation/energy/storage consumption. Das et al. [156] propose dynamic trust models and metrics based on user interactions including direct/indirect trust (derived from local/recommendation experience) and recent/historical trust (considering time decay effects). To achieve "trust without identify", Wang et al. [157] present an anonymous trust and reputation management system in mobile crowdsensing. However, most of the current works on trust or reputation evaluation may rely on the specific rules to determine trust scores and cannot intelligently learn from historical interaction information. To cope with this issue, Jayasinghe et al. [30] exploit AI techniques to design an intelligent trust model, which classifies various individual trust attributes (e.g., frequency, duration, and cooperativeness) and aggregates them to produce final trust values.

2) Economic Fairness for Manipulation Prevention: Collaboration is essential to the creator economy. Nevertheless, it is hard to promote collaboration among all individual users/avatars without sufficient incentives. Besides, as described in Sect. III-E, the economic fairness in metaverse markets may be violated by strategic, free-riding, and collusive users/avatars. Strategyproof incentive mechanisms, e.g., truthful auctions [158] and truthful contracts [159] , can prevent strategic users/avatars from market manipulating. However, truthful participation also violates user's privacy, e.g., the true bid in auctions may reveal user's true valuation on the items. Existing strategy-proof and privacypreserving auctions mainly depend on cryptographic mechanisms (e.g., ZKP [160] , HE [161] ), DP [75] ), which may bring large system burdens for energy-limited wearable devices or large data utility decrease in practical metaverse applications. A trade-off mechanism between privacy and utility is needed for users/avatars with diverse preferences in the metaverse.

Existing schemes to prevent free-riders (who try to enjoy benefits of the good/service without contributing to it) mainly focus on node behavior modeling [77] , cryptographic mechanism [162] , [163] , and contribution certification [164] . For example, Li et al. [77] observe that BitTorrent systems (account for 35% of the traffic on the Internet) may fail to overcome free-riders if a large number of seeds (who have all pieces of the file) exist. To bridge this gap, the authors design a fluid model for non-freeriders and free-riders in P2P file sharing systems (e.g., BitTorrent) to capture and mitigate free-riding effects by designing optimal seed bandwidth allocation strategies. Theoretical analysis shows the existence of Nash equilibrium (NE) in their strategy, and simulation results show its effectiveness in free-riding penalization and cooperation promotion.

As the economic fairness may conflict with other vital metrics (such as economic efficiency and QoE) to some extent, Shin et al. [162] introduce two principles in incentive design: (i) strict economic fairness to forbid free-riders; and (ii) adaptive but non-exploitable newcomer bootstrapping for economic efficiency. Based on symmetric key cryptography and pay-it-forward strategy, the authors in [162] design a lightweight and easy-toimplement fairness algorithm named T-Chain to prevent freeriders and enforce reciprocity under fully distributed cooperative scenarios such as BitTorrent-like file sharing. Experiments on BitTorrent validate the efficiency of T-Chain in free-riding prevention, fast newcomer bootstrapping, and low efficiency loss (e.g., only 1% additional overhead on bandwidth and storage). To mitigate free-riding attacks, Li et al. [163] utilize smart contracts and ZKP to generate proof-of-ad-receiving commitments in blockchain systems with anonymity and conditional linkability guarantees.

To avoid tragedy of the commons in P2P networks, Ma et al. [164] propose a service differentiation framework with free-rider forbidden capabilities, where differentiated services are offered to peers based on their prior contribution levels in service offering. In their work, peers' competing resource request/distribution interactions are formulated as a dynamic competition game. Theoretical analysis proves its efficiency in reaching NE, and numerical examples illustrate its functionality in service differentiation and free-rider prevention. As users/avatars in the metaverse may also exhibit free-riding behaviors, the above works can provide lessons for free-rider modeling, detection, and prevention in metaverse services.

Multi-user/avatar collusion prevention is also important for fairness in the creator economy. Existing collusion-resistant mechanisms mainly focus on AI-based collusion behavior detection [165] , [166] , cryptographic approaches [167] , [168] , game theory [76] , and optimization theory [169] , which can be beneficial for collusion defense in metaverse services. Besides, future research efforts are required in designing fair mechanisms with the combination of strategy-proofness, collusion-resistance, freerider prevention, along with privacy preservation in the metaverse.

In the literature, various works leverage game theory and learning-based methods to improve economic efficiency for metaverse services, including iterative double auction for resource pricing in DT construction [108] , [155] , DRL-based double Dutch auction for VR service trading [61] , two-tier Q-learning for secure edge caching services [117] , optimization theory for resource allocation in virtual education [170] , and hierarchical game for coded distributed computing services in metaverse [171] .

3) Ownership Traceability of Digital Assets: In the metaverse, blockchain provides a promising solution to manage the complex asset provenance and ownership tracing in the life-cycle of digital assets by recording the evidence of content/asset originality and involved operations on the public ledgers. As the recorded historical activities on blockchain ledgers are maintained by the majority of entities in the metaverse, it is ensured to be democratic, immutable, transparent, auditable, and non-repudiable. Besides, smart contracts offer an intelligent traceability solution by coding the ownership management logic into scripts which are run atop the blockchain. Existing works have utilized blockchain technologies for food supply [172] , product supply [173] , charging pile sharing [174] , and ride sharing [175] . In addition to private ownership, there can exist multiple types of ownership forms in the metaverse such as collective ownership and shared ownership [73] , which raise extra challenges in ownership management of virtual objects and metaverse assets. In current metaverse projects, there have been increasing interest in utilizing NFT for asset identification and ownership provenance [41] . Nevertheless, NFTs also face vulnerabilities such as cross-chain fraud, inflation attack, phishing, and ransomware. An example is that bad actors may concurrently mint the same NFT on multiple blockchains.

In this subsection, we review existing potential solutions to the physical safety in the metaverse from the cyber insurance and cyber-physical interaction aspects.

1) Cyber Insurance-based Solutions: Cyber insurance offers a financial instrument for risk mitigation of critical infrastructures in cyberthreats. To resolve the high premium stipulation in traditional insurance offered by insurance companies, Lau et al. [176] propose the coalitional insurance in power systems where the coalitional premium is computed by considering loss distributions, vulnerabilities, and budget compliance in an insurance coalition. However, when applying to the metaverse, the scalable and dynamic insurance coalition formation along with fair premium design under diverse cyber threats (e.g., antiforensics) require further investigation.

2) CPSS-based Solutions: Apart from the single cyber perspective, existing CPSS-based solutions afford lessons for cyberthreat defense and physical safety protection in the metaverse from the perspective of interactions between cyber and physical worlds. Vellaithurai et al. [81] introduce cyber-physical security indices for security measurement of power grid infrastructures. The cyber probes (e.g., IDS) are deployed on host systems to profile system activities, where the generated logs along with the topology information are to build stochastic Bayesian models using belief propagation algorithms. To resolve the issues (e.g., low-level abstraction) in task-based programming paradigm, Tariq et al. [177] propose a service-oriented paradigm with QoS-aware operation and resource-aware deployment for better support of disruption-free incremental system implementation and reconfiguration. Different from CPSSs, metaverse is an immersive and hyper spatiotemporal virtual space with a sustainable economy ecosystem, which adds extra challenges in migration these solutions.

In this subsection, we review existing works on society management in the metaverse from the following two perspectives.

1) Misinformation Spreading Mitigation: The extremely rapid information spreading (e.g., gossip) in the metaverse makes the so-called "butterfly effect" more challenging in social governance and public safety in the real world. As an attempt to address this issue, Zhu et al. [83] propose to minimize the misinformation influence in online social networks (OSNs) by dynamically selecting a series of nodes to be blocked from the OSN. However, it only works in traditional static OSNs and it is challenging to be applied in the fully interactive metaverse with a huge and time-varying social graph structure.

2) Human Safety and Cyber syndromes: The full immersiveness in metaverse can also raise immersion concerns, e.g., occlusion and chaperone attack, as well as cybersickness [178] . Casey et al. [79] investigate a new attack named human joystick attack in immersive VR systems such as Oculus Rift and HTC Vive. In their work, adversaries can modify VR environmental factors to deceive, disorient, and control immersed human players and move them to other physical locations without consciousness. Valluripally et al. [82] present a novel cybersickness mitigation method and several design principles in social VR learning scenarios via threat quantification and attack-fault tree model construction. However, the ethical issues and adaptations to different attack-defense strategies are not considered in their work, which is an important factor for future metaverse construction. Besides, more research efforts are required on the mitigation of other immersion risks to human body and human society.

3) Society Acceptance Advances in Industry: To enforce ageappropriate interactions within its platforms, Meta has enhanced its age certification mechanism with GDPR-compliance, where a tool named Transfer Your Information (TYI) is developed in 2021 [179] . In TYI, users are allowed to retract their personal information from Meta whenever they intend.

Almeida et al. [85] highlight three principles in the digital governance of content moderation ecosystems: (i) open, transparent, and consensus-driven, (ii) respect human rights, and (iii) publicly accountable. Here, we review existing potential solutions to digital governance in the metaverse from the following three fields.

1) AI Governance: With the pervasive fusion of perception, computing, and actuation, AI will play a leading role to allow digital self-governance of individuals and society in the metaverse in a fully automatic manner. AI approaches can be employed for detecting misbehaving entities and abnormal or Sybil accounts in the metaverse. He et al. [180] exploit a multi-factor attentionenhanced LSTM model to dynamically reveal suspicious signals of malicious accounts in online dating applications by mining the user-generated textual information and the interplay of accounts' temporal-spatial activities. Experiments performed on the realworld dataset demonstrate its effectiveness in detection accuracy.

However, as the work [180] mainly focuses on AI-based malicious account detection, the association of massive avataractivity-cluster needs further investigations. Besides, the outcomes of AI governance algorithms can be biased and unfair (e.g., race bias), thereby arising ethical concerns. Gasser et al. [181] propose a three-layer AI governance model from the sociological perspective, where the bottom technical layer allows the data governance and algorithm accountability; the middle ethical layer guides decision-making and data processing via ethical criteria and norms; and the top social and legal layer addresses the allocation of responsibilities in regulation. Zambonelli et al. [182] investigate the potential risks including interpretability, trust, autocracy, and ethic issues in delegating the governance of human activities and society to the algorithmic engines in the metaverse. Nevertheless, the concrete governance protocols and algorithms with ethic-compliance (e.g., how to define a malicious behavior/avatar) require more research efforts. To summarize, both technological and sociological insights are required to build an AI-governed future metaverse.

2) Decentralized Governance: For governance in the largescale metaverse maintenance, collaborative governance can avoid concentration of regulation rights and promote democracy for avatars. Blockchain technologies offer potential decentralized solutions for collaborative governance in the metaverse, where smart contracts offer a straightforward approach for decentralized governance in an automatic manner. Febrero et al. [86] present a blockchain-based decentralized framework in digital city governance to encourage users' active engagement and witness in all administrative processes. In their approach, a verifier group is dynamically selected from digital citizens for transaction verification in the hybrid blockchain. A private-prior peer prediction mechanism is devised for collusion prevention among verifiers, and a Stackelberg game theoretical approach is designed to motivate citizens' participation.

Based on SDN, Bai et al. [88] design a decentralized data lifecycle governance architecture, where UGC owners can implement customized governance rules for data usage to VSPs, aiming to promote an open environment to satisfy users' diverse requirements. To further defend against opportunistic attackers in market manipulation, Li et al. [183] study a Dirichlet-based probabilistic detection model to detect compromised local agents in decentralized power grid control systems by evaluating their reputation levels using historical operating observations. The implementation of AI governance under decentralized architectures is a future trend for metaverse governance. Besides, tailored blockchain solutions to metaverse governance are required including metaverse-specific consensus protocols, new on/off-chain data storage mechanisms, law-compliant regulated blockchain, etc.

3) Trusted Digital Forensics: Digital forensics is an enabler for accountability in the metaverse under disputes, which has been widely investigated in images and videos. For example, Swaminathan et al. [184] develop a general forensic mechanism for digital camera images, according to the observation that in-camera and post-camera image processing leaves a series of distinct fingerprint traces on the digital camera image. The estimated post-camera fingerprints can be employed to validate image authenticity (i.e., whether a specific digital image is from a specific scanner, camera, or computer graphics program). However, the use of anti-forensics makes trusted digital forensics challenging. To address this issue, Stamm et al. [185] propose an automatic video frame addition or deletion forensics method with anti-forensics detection, according to the observation that a modified video's motion vectors (i.e., fingerprint) can be imposed in the anti-forensics process.

An obstacle of digital forensics in the metaverse lies in trustworthiness and labor cost especially for cross-platform operations. Blockchain can offer a decentralized solution to establish trust and enhance automation in multi-party cross-platform digital forensics. For example, Li et al. [90] utilize blockchain to design a decentralized forensics method, where customized cryptography enables fine-grained forensics data access control and smart contracts enforce auditable forensics execution. In the metaverse, smart contracts can enforce automated forensics procedure among multiple entities and platforms with improved convenience and mitigated cost, which still require more research efforts.

Digital forensics can also be utilized for accountability of privacy violations. Zou et al. [186] propose a privacy leakage forensics scheme with taint analysis and RAM mirroring to obtain digital evidences without touching user's privacy data in a simulated virtual environment. More research efforts are required in terms of resilience, collaboration, QoS enhancement, and privacy preservation in the implementation of digital forensics for metaverse applications. [95] Robust key sequence generation x

Gait-based biometric group key management for wearable devices •Pass both Dieharder and NIST tests with high efficiency •Lack real-world thorough test Fuzzy vault [96] Gait predictability x

Real-time and lightweight key establishment for wearable devices •High matching rate of shake-to-generate secret keys •Lack complete and thorough evaluation (e.g., NIST tests) HCI [97] Hijack of WIMDs [55] Privacy exposure in UGC sharing z

Graph-based local DP for privacy-preserving topic recommendation •High-level privacy and high efficiency in user-linkage unassociation •Lack image indistinguishability mechanism in practical use Local DP [131] Privacy exposure in UGC sharing z Secure data collaboration with class imbalance scenarios •High accuracy in abnormal health detection •Lack Byzantine robustness in FL FL [133] Co-photo privacy z

Personalized facial recognition with privacy protection in photo sharing •High recognition ratio and efficiency in OSNs •Lack implementation and test on personal clouds (e.g., Dropbox)

Facial recognition [134] Compromising reflections z

Automatically reconstruct user typing on virtual keyboards •Effective attack execution with high robustness and accuracy •Lack effective defense design Feature extraction and matching [12] Threats to digital footprints z Privacy preservation tools for digital footprints in social metaverse •Offer complete confusion and private copy tools for avatars •Lack user experience analysis and practical deployment of such tools Avatar confusion, private copy

x: identity-related threats; y: data-related threats; z: privacy threats; {: network-related threats; |: economy-related threats; }: physical/social effects;~: governance-related threats. [161] Economic fairness, strategic users | Strategy-proof and privacy-preserving auction for heterogeneous spectrum •Privacy protection, strategy-proofness, and high social welfare •Vulnerable to collusive bidders in auction HE, auction [77] Economic fairness, free-riding attack | Mitigate free-riding effects in BitTorrent by optimizing seed bandwidth allocation •Effective free-rider penalization and cooperation promotion •Lack real-world tests on robustness and lack analysis of heterogeneous peers Fluid model [163] Economic fairness, free-riding attack | Blockchain-based fair ad delivery among connected vehicles •Enable anonymity and conditional linkability •Not support batch verification of aggregated dissemination proofs Smart contracts, ZKP [76] Economic fairness, collusion attack | Collusion-resistant auction design in cooperative communications •Truthfulness, collusion-resistance, and budget-balance •Only apply to wireless cooperative communications Game theory [81] Stochastic risk on power system } Cyber-physical security indices for security measurement of power systems •Efficient indices computing under actual attacks in real-world test-bed •Lack merging other cutting-edge technologies into this framework Graph theory [176] High premium stipulation } Coalitional insurance with budget compliance for risk control in power grids •High defense level with long-term reduced premiums •Lack dynamic insurance design and dependence analysis of cyberthreats Cyber-insurance [83] Butterfly effect in information spreading } Minimize misinformation influence via dynamic node blocking in OSNs •Low misinformation spreading value and misinformation interactions •Challenging to be applied to the dynamic and time-varying metaverse Heuristic greedy [79] Human joystick attack }

Construct human joystick attack model in immersive VR systems •Deceive and move immersed players to intended physical locations unconsciously •Lack effective defense design HCI, VR [180] Abnormal social accounts~ Dynamically reveal suspicious signals of malicious accounts in online dating •High F1-score and AUC on a real-world dataset gathered from Momo •Challenging to be applied to dating services atop the blockchain Attention-based LSTM [86] Centralized governance risks~ Decentralized digital city governance with incentives for user engagement/witness •High user utility and time efficiency in decentralized governance •Scalability and security issues in practical system deployment Blockchain, Stackelberg game [183] Opportunistic attacks for price manipulation~ Detect compromised local agents in decentralized power systems using reputation •Fast aggressive attacker detection using the PowerWorld simulator •Lack credibility analysis for historical operations in reputation evaluation

Dirichlet-based probabilistic model [184] Image authenticity~ General camera image forensic via post-camera fingerprints •High efficiency in non-intrusive digital image forensics •Absense of anti-forensics defense Image fingerprints [185] Anti-forensics attack~ Automatic video frame addition or deletion forensics with anti-forensics detection •Able to automatically detect video tampering/forgeries with high accuracy •Lack trusted whole-process video forensics Anti-forensic, game theory [186] Privacy violation~

Privacy leakage forensics to ensure accountability of privacy violations •High detection efficiency of privacy leakage paths on real malware samples •Only consider limited detection attributes and privacy leakage paths Cloud forensics

x: identity-related threats; y: data-related threats; z: privacy threats; {: network-related threats; |: economy-related threats; }: physical/social effects;~: governance-related threats.

From the macro level, the metaverse blends the ternary physical, human, and digital worlds, and blurs the border between reality and virtuality. From the micro level, the metaverse is composed of multiple interconnected virtual worlds to collectively maintain personalized services for massive users represented by avatars.

• For identity management in the metaverse, we have learned that apart from traditional cryptography system design, the fusion of sensory signals (e.g., ECG and PPG) of wearable devices and biometrics (e.g., face and gait) of users can be beneficial for efficient key generation and identity authentication in the metaverse. Besides, blockchain can build trust-free digital identities for metaverse users. Moreover, continuous-time dynamic authentication, as well as crosschain and cross-domain authentication need further investigation under the metaverse environment. • For data management in the metaverse, we have learned that the integration of various cutting-edge technologies in the metaverse results in more attack surfaces on UGC, physical inputs, and metaverse outputs. Besides, blockchain offers a potential solution to ensure data reliability in digital twin creation and mitigation. • For privacy in the metaverse, we have learned that users may suffer more privacy exposure in the digital world. In the metaverse, existing privacy threats can be amplified, and new threats related to digital footprints can emerge. • For situational awareness in the metaverse, we have learned that AR, AI, honeypot, and SDN technologies can help build situational awareness systems in the metaverse. Besides, global situational awareness can assist monitoring and earlywarning of large-scale distributed threats targeted at multiple sub-metaverses. • For creator economy in the metaverse, we have learned that blockchain technology is the key to build the decentralized virtual economy ecosystem from virtual currency creation and trusted UGC/asset/resource trading to economic fairness and ownership traceability. Moreover, the interoperability, resilience, and efficiency issues are prime concerns to construct a sustainable creator economy. • For physical safety and social effect in the metaverse, we have learned that existing cyber-insurance and CPSS based approaches can offer some insights for protecting physical devices. More related technological and sociological efforts in this field considering the characteristics of metaverse are required. • For digital governance in the metaverse, we have learned that AI-enabled governance and decentralized governance are two trends for future metaverse regulation. Besides, trusted digital forensics offers a promising tool to regulate the metaverse. More research efforts are required from both technological and sociological perspectives.

A comparison of existing/potential security countermeasures in the metaverse is presented in Tables V and VI.

In this section, we discuss several future research directions in the metaverse from the following aspects.

Existing commercial metaverse systems mainly depend on the brought-in security such as frequent security patch upgrades after the system deployment. Although security upgrades can enhance system security to an extent, the passive defense mechanisms built on security patching strategies inevitably result in the curse of being continuously broken. With the continuity of ubiquitous cyber-physical attack surfaces in the metaverse, current bringin security defenses can be fragile and costly in practical use, like the sword of Damocles hanging overhead. Endogenous security theory offers a promising solution for provisioning builtin security or called secure by design mechanisms with selfprotection, self-evolution, and autoimmunity capabilities [187] , which takes security and privacy factors into account before the system design. Thereby, the future metaverse can resist the everincreasing known/unknown security vulnerabilities and privacy threats. An example of endogenous security is the quantum key distribution [188] , which utilizes channel-based secret keys to resolve information disclosure in wireless transmissions via quantum entanglement properties.

Unlike the conventional 2D Internet, the metaverse gathers massive multi-sensory multimodal information from the real world to provide users with fully immersive 3D experiences. In the metaverse, different users/services have distinct QoE/QoS requirements, which poses huge difficulty for the metaverse network to simultaneously offer these holographic services for massive users/avatars. For instance, VR usually requires downlink transmission and caching capabilities, AR mainly focuses on uplink transmission and computing capabilities, while the tactile Internet generally requires ultra-reliable low-latency communications [20] . The orchestration of cloud-edge-end computing offers a potential solution by collaboratively and dynamically sharing computation, communication, and storage resources among various entities [28] , thereby enhancing the QoE for users/avatars and QoS for metaverse services. Besides, cloud-edge-end computing can assist edge intelligence and user privacy protection by aggregating and processing users' private data at edge devices (e.g., home gateways) via federated edge learning [118] . In addition, by analyzing the metaverse system as a whole, the cooperation among various sub-metaverses is essential to facilitate seamless security provision and privacy protection and requires further investigation. An attractive case is to dynamically allocate spatiotemporal security resources (e.g., firewall, IDS, and IPS) among heterogeneous sub-metaverses (consisting of various edge/cloud servers) in an on-demand manner. Future works to be investigated include the design of specific edge-edge, edge-cloud, and edge-end collaboration mechanisms in the metaverse.

In the metaverse, on one hand, the wearable XR devices may be resource-constrained and their communication/computation capacities can be highly heterogeneous. On the other hand, the metaverse can be always resource hungry and the computational power demanded in the metaverse will continue to rise, causing increasing environmental concerns (e.g., greenhouse gas emission). The future metaverse design should be energy-efficient and green to attain sustainability. Users/avatars' cooperation can offer a possible solution for green metaverse in terms of UGC/AIGC dissemination, cooperative networking, and cooperative computing. For example, users' social/locational cooperation can be beneficial to create and distribute high-quality UGC games via the formation of cooperative social groups. Besides, the collaboration among heterogeneous metaverse devices with temporal and spatial correlations can be leveraged to design energy-efficient consensus protocols [36] tailored to resourcelimited metaverse environments. Apart from user cooperation and new green technology design, other possible solutions include new architecture design, new green edge-cloud computing design, new energy-efficient consensus protocol design, etc., to support green networking and computing in the metaverse.

In the future metaverse, a surge of UGC is expected to be created, requested, and delivered across various sub-metaverses. Existing IP-based content transmissions can face critical challenges in securing UGC dissemination to massive heterogeneous end devices over the large-scale metaverse across virtual worlds. Content-centric networking (CCN) stands for a paradigm shift of current Internet architecture. In contrast to current IP-based and host-oriented Internet architecture, contents are addressed and routed directly by their naming information in CCN instead of IP addresses. In the CCN-based metaverse, the UGC consumer can request the desired UGC object by sending an interest message to any CCN node that hosts the matched UGC. Besides, CCN embodies a security model which explicitly ensures the security of individual content pieces instead of securing the "pipe" or the connection. Therefore, the deployment of CCN can offer a more flexible, scalable, and secure network in the metaverse. However, CCN can also bring new security concerns in the metaverse and one of them is content poisoning, in which adversaries can contaminate the cache space of metaverse nodes by injecting poisoned UGCs and further cause the delay and even failure in retrieving valid UGCs via flooding attacks. In addition, the design of metaverse should be human-centric. For example, users/avatars' personalized privacy preferences should be ensured in developing privacy-preserving approaches in metaverse environments.

Blockchain is recognized as the underlying technology to build the future virtual economy ecosystem in the metaverse. However, blockchain itself also faces interoperability concerns as different sub-metaverses can be built on heterogeneous blockchains (e.g., using different transaction formats, block structures, and consensus protocols) to satisfy diverse QoS requirements. An example is the exchange of different cryptocurrencies such as Bitcoin and Ether. Cross-chain governance is essential to ensure the security and legitimacy of digital asset-related activities (e.g., asset trading) across different sub-metaverses built on heterogeneous blockchains. Open challenges include application-specific governance rule design, programmable and scalable cross-chain governance architecture design, on-chain entity identification and risk assessment, dynamic and collaborative cross-chain supervision, etc.

In this paper, we have presented an in-depth survey of the fundamentals, security, and privacy of metaverse. Specifically, we have introduced a novel distributed metaverse architecture and discussed its key characteristics, enabling technologies, and modern prototypes. Afterward, the security and privacy threats, as well as the critical challenges in security defenses and privacy preservation, have been investigated under the distributed metaverse architecture. Furthermore, we have reviewed the existing/potential solutions in designing tailored security and privacy countermeasures for the metaverse. We expect that this survey can shed light on the security and privacy provision in metaverse applications, and inspire more pioneering research in this emerging area.

Second life: An interactive qualitative analysis

3D virtual worlds and the metaverse: Current status and future possibilities

Lifelogging in the wild: Participant experiences of using lifelogging as a research tool

A survey on metaverse: the state-of-the-art, technologies, applications, and challenges

The metaverse: Web3.0 virtual cloud economies

All one needs to know about metaverse: A complete survey on technological singularity, virtual ecosystem, and research agenda

Fusing blockchain and AI with metaverse: A survey

Metaverse for social good: A university campus prototype

Realizing the metaverse with edge intelligence: A match made in heaven

Facebook Inc. rebrands as Meta to stress 'metaverse' plan

Privacy in the metaverse: Regulating a complex social construct in a virtual world

The social metaverse: Battle for privacy

ARSpy: Breaking location-based multi-player augmented reality application for user location tracking

Dynamic defense strategy against advanced persistent threat with insiders

Virtual world, defined from a technological perspective and applied to video games, mixed reality, and the metaverse

Metachain: A novel blockchain-based framework for metaverse applications

Interfacing cyber and physical worlds: Introduction to IEEE 2888 standards

Artificial intelligence for the metaverse: A survey

A metaverse: Taxonomy, components, applications, and open challenges

A full dive into realizing the edge-enabled metaverse: Visions, enabling technologies,and challenges

Retail spatial evolution: Paving the way from traditional to metaverse retailing

Virtual world as a resource for hybrid education

When creators meet the metaverse: A survey on computational arts

ISO/IEC 23005 (MPEG-V) standards. Accessed

IEEE 2888 standards

What do avatars want now? posthuman embodiment and the technological sublime

Being an avatar "for real": a survey on virtual embodiment in augmented reality

Collaborative cloud-edge-end task offloading in mobile-edge computing networks with limited communication capability

Second life and the new generation of virtual worlds

Machine learning based trust computational model for IoT services

User-friendly home automation based on 3D virtual world

Extended reality (XR: VR/AR/MR), 3D printing, holography, AI, radiomics, and online VR Tele-medicine for precision surgery

The metaverse: A networked collection of inexpensive, self-configuring, immersive environments

Digital twin networks: A survey

Optimal targeted advertising strategy for secure wireless edge metaverse

Blockchain-empowered space-air-ground integrated networks: Opportunities, challenges, and solutions

Interactive medical VR streaming service based on software-defined network: Design and implementation

Internet of things: A survey on enabling technologies, protocols, and applications

Survey of experimental evaluation studies for wireless mesh network deployments in urban areas towards ubiquitous Internet

Enabling AI in future wireless networks: A data life cycle perspective

Non-fungible token (NFT): Overview, evaluation, opportunities and challenges

Analysis of metaverse platform as a new play culture: Focusing on Roblox and ZEPETO

User-generated content in pervasive games

NFT investors lose $1.7m in OpenSea phishing attack

Combating the insider cyber threat

BIAS: Bluetooth impersonation attacks

3D social virtual worlds: Research issues and challenges

LVBS: Lightweight vehicular blockchain for secure data sharing in disaster rescue

The 2015 Ukraine blackout: Implications for false data injection attacks

The availability of wearable-device-based physical data for the measurement of construction workers' psychological status on site: From the perspective of safety management

Provchain: A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability

The right of publicity: Likeness lawsuits against video game companies

Facilitating the delegation of use for private devices in the era of the internet of wearable things

LDP-based social content protection for trending topic recommendation

Inference of security hazards from event composition based on incomplete or uncertain information

A verifiable privacy-preserving machine learning prediction scheme for edgeenhanced HCPSs

General data protection regulation (GDPR)

Botnets and internet of things security

Metaverse breached: Second Life customer database hacked

Wireless edge-empowered metaverse: A learning-based incentive mechanism for virtual reality

Leveraging content sensitiveness and user trustworthiness to recommend fine-grained privacy settings for social image sharing

SPDS: A secure and auditable private data sharing scheme for smart grid based on blockchain

Multiple sensitive values-oriented personalized privacy preservation based on randomized response

Covering the sensitive subjects to protect personal privacy in personalized recommendation

Applications of blockchains in the internet of things: A comprehensive survey

Key infrastructure of the metaverse: status, opportunities, and challenges of NFT data storage

Sybil attacks and their defenses in the internet of things

Swarm economy: A model for transactions in a distributed and organic IoT platform

Trustworthy digital twins in the industrial internet of things with blockchain

Hackers exploited reentrancy vulnerability to attack Paraluni, making more than $1.7 million

Toward shared ownership in the cloud

DeFi scams go from zero to $129 million in a year to become top financial hack

Privacy-preserving data aggregation for mobile crowdsensing with externality: An auction approach

Collusion-resistant repeated double auctions for relay assignment in cooperative networks

Free-riding on BitTorrent-like peer-to-peer file sharing systems: Modeling analysis and improvement

Cyber-physical-social systems: A state-of-the-art survey, challenges and opportunities

Immersive virtual reality attacks and the human joystick

Metaverse rollout brings new security risks, challenges

CPIndex: Cyber-physical vulnerability assessment for power-grid infrastructures

Modeling and defense of social virtual reality attacks inducing cybersickness

Activity minimization of misinformation influence in online social networks

The metaverse offers a future full of potential -for terrorists and extremists

The ecosystem of digital content governance

Public participation consortium blockchain for smart city governance

Smart contract: Attacks and protections

Software-defined infrastructure for decentralized data lifecycle governance: Principled design and open challenges

Security of the internet of things: Vulnerabilities, attacks, and countermeasures

Towards vehicular digital forensics from decentralized trust: An accountable, privacypreserving, and secure realization

Federated identity management -we built it; why won't they come?

DT-SSIM: A decentralized trustworthy self-sovereign identity management framework

Key management for beyond 5G mobile small cells: A survey

Secret key establishment via RSS trajectory matching between wearable devices

Accelerometerbased key generation and distribution method for wearable IoT devices

LiReK: A lightweight and real-time key establishment scheme for wearable embedded devices by gestures or motions

A critical analysis of ECG-based key distribution for securing wearable and implantable medical devices

Cloud centric authentication for wearable healthcare monitoring system

Trueheart: Continuous authentication on wrist-worn wearables using PPG-based biometrics

Cooperative privacy preservation for wearable devices in hybrid computing-based smart health

Lightweight mutual authentication and privacy-preservation scheme for intelligent wearable devices in industrial-CPS

Identification of wearable devices with Bluetooth

Privacy and security in internet of things and wearable devices

Blockchain-assisted secure device authentication for cross-domain industrial IoT

XAuth: Efficient privacy-preserving cross-domain authentication

A decentralized public key infrastructure with identity retention

Testimonium: A cost-efficient blockchain relay

Digital twin consensus for blockchain-enabled intelligent transportation systems in smart cities

Virtual adversarial training: A regularization method for supervised and semi-supervised learning

Modality to modality translation: An adversarial representation learning and graph fusion network for multimodal fusion

Stealthy and efficient adversarial attacks against deep reinforcement learning

Efficient adversarial training with transferable adversarial examples

A digital twin based industrial automation and control system security architecture

Spatialized audio streaming for networked virtual environments

Rendering spatial sound for interoperable experiences in the audio metaverse

Experiencing simulated confrontations in virtual reality

Game theory and reinforcement learning based secure edge caching in mobile social networks

Secure and efficient federated learning for smart grid with edge-cloud collaboration

A dynamic hierarchical framework for iot-assisted metaverse synchronization

Secure multi-user content sharing for augmented reality applications

AdCube: WebVR ad fraud and practical confinement of Third-Party ads

Dynamic watermarking: Active defense of networked cyber-physical systems

Light-weight security and data provenance for multi-hop internet of things

Reducing the attack surface in massively multiplayer online role-playing games

Towards security and privacy for multi-user augmented reality: Foundations with end users

Incorporating privacy into digital game platform design: The what, why, and how

A privacy framework for games & interactive media

Scalable access control for privacyaware media sharing

Time-domain attribute-based access control for cloud-based video content sharing: A cryptographic approach

You can access but you cannot leak: Defending against illegal content redistribution in encrypted cloud media center

FedSens: A federated learning approach for smart health sensing with class imbalance in resource constrained edge computing

BlockMaze: An efficient privacy-preserving account-model blockchain based on zk-SNARKs

My privacy my decision: Control of photo sharing on online social networks

On the privacy risks of virtual keyboards: Automatic reconstruction of typed input from compromising reflections

Multi-task federated learning for personalised deep neural networks in edge computing

The metaverse has a groping problem already (MIT technology review

Learning with privacy at scale

Analytic review of using augmented reality for situational awareness

Acoustic cues increase situational awareness in accident situations: A VR car-driving study

Industrial security solution for virtual reality

Learning latent representation for IoT anomaly detection

MedMon: Securing medical devices through wireless monitoring and anomaly detection

Selfconfigurable cyber-physical intrusion detection for smart homes using reinforcement learning

Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems

Wild patterns: Ten years after the rise of adversarial machine learning

Virtual IoT honeynets to mitigate cyberattacks in SDN/NFV-enabled IoT networks

Situational awareness in distribution grid using micro-PMU data: A machine learning approach

Big data analysis-based security situational awareness for smart grid

MUD-based behavioral profiling security framework for software-defined IoT networks

An IoT honeynet based on multiport honeypots for capturing IoT attacks

Trust in blockchain cryptocurrency ecosystem

Norma-Chain: A blockchain-based normalized autonomous transaction settlement system for IoT-based E-commerce

Cooperative federated learning and model update verification in blockchain empowered digital twin edge networks

SecuredTrust: A dynamic trust computation model for secured communication in multiagent systems

Enabling reputation and trust in privacy-preserving mobile sensing

A strategy-proof auction mechanism for adaptive-width channel allocation in wireless networks

Federated learning with fair incentives and robust aggregation for UAV-aided crowdsensing

Decentralized privacy-preserving fair exchange scheme for V2G based on blockchain

ARMOR: A secure combinatorial auction for heterogeneous spectrum

T-Chain: A general incentive scheme for cooperative computing

Toward blockchainbased fair and anonymous ad dissemination in vehicular networks

Incentive and service differentiation in P2P networks: A game theoretic approach

A machine learning approach for collusion detection in electricity markets based on nash equilibrium theory

Enhancing collusion resilience in reputation systems

Collusion-resistant multicast key distribution based on homomorphic one-way function trees

User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption

A misreport-and collusion-proof crowdsourcing mechanism without quality verification

Unified resource allocation framework for the edge intelligence-enabled metaverse

Reliable coded distributed computing for metaverse services: Coalition formation and incentive mechanism design

Blockchain inspired RFID-based information architecture for food supply chain

A novel blockchain-based product ownership management system (POMS) for anticounterfeits in the post supply chain

Blockchain-based secure and cooperative private charging pile sharing services for vehicular networks

B-Ride: Ride sharing with privacy-preservation, trust and fair payment atop public blockchain

A coalitional cyberinsurance design considering power system reliability and cyber vulnerability

Improving the safety and security of wide-area cyber-physical systems through a resource-aware, serviceoriented development methodology

MetaSocieties in Metaverse: MetaEconomics and MetaManagement for MetaEnterprises and MetaCities

Improving user experience in our transfer your information tool

DatingSec: Detecting malicious accounts in dating apps using a content-based attention network

A layered model for AI governance

Algorithmic governance in smart cities: The conundrum and the potential of pervasive computing solutions

DDOA: A Dirichlet-based detection scheme for opportunistic attacks in smart grid cyber-physical system

Digital image forensics via intrinsic fingerprints

Temporal forensics and anti-forensics for motion compensated video

A multigranularity forensics and analysis method on privacy leakage in cloud environment

Endogenous security defense against deductive attack: When artificial intelligence meets active defense for online service

Field test of measurement-device-independent quantum key distribution