Cybersecurity and Privacy Challenges in Extended Reality: Threats, Solutions, and Risk Mitigation Strategies

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This study highlights the critical need for advanced security and privacy solutions tailored to the unique requirements of XR (Extended Reality) environments. The results suggest that while XR technologies hold transformative potential, their widespread adoption depends on the implementation of robust security measures that safeguard user data without compromising the immersive experience. Below are several suggestions to improve the quality of the article:

1. The abstract is too lengthy and should be condensed. The introduction lacks sufficient innovation and would benefit from being presented in a clearer, more structured format, possibly as a list. As a review article, the discussion of related work is not comprehensive enough, and as a technical article, it lacks sufficient depth and advancement in its analysis.

2. The section on related work provides a somewhat one-sided perspective of the current research landscape. Since risk mitigation is closely tied to resource scheduling, the authors should consider incorporating recent studies on “joint service deployment and task scheduling” and “collective edge intelligence sharing” to provide a more balanced view.

3. The mathematical representations in Subsection 6.2 (Mathematical Representation) appear to be confusing and lack clear purpose. It is unclear why these equations are presented, as they are not utilized further in the article. The relevance and application of these representations should be clarified or removed.

4. The section on Cryptographic Techniques, Authentication Mechanisms, and similar topics only lists technologies without providing sufficient detail. It is recommended that the author explain the processes in greater depth so that readers can gain a clearer and more comprehensive understanding of each technique.

5. The experimental evaluation is insufficient. The proposed solution needs to be compared both horizontally and vertically to validate its effectiveness and feasibility. Horizontally, the solution should be tested across different parameter settings and experimental scales to demonstrate its robustness. Vertically, it should be compared with various advanced solutions to assess its effectiveness. The current experimental results do not provide enough evidence to support the claims made in the article.

Comments on the Quality of English Language

The English could be improved to more clearly express the research.

Author Response

Reviewer 1	1. The abstract is too lengthy and should be condensed. The introduction lacks sufficient innovation and would benefit from being presented in a clearer, more structured format, possibly as a list. As a review article, the discussion of related work is not comprehensive enough, and as a technical article, it lacks sufficient depth and advancement in its analysis.	Thank you for your valuable feedback regarding the abstract. We have revised it as follows: Length Reduction: The abstract has been condensed by removing redundant details and focusing on the core aspects of the study. This ensures a concise and clear presentation of the paper's key contributions. We appreciate your constructive suggestions, which have improved the readability and comprehensiveness of the abstract.                                                                                                                                                                                                                                                           ----Thank you for your thoughtful feedback on the introduction. We have carefully revised this section to address your concerns while maintaining the integrity and flow of a scientific paper. Specifically: We refined the introduction to emphasize the novelty of the paper, particularly its focus on cybersecurity and privacy in XR environments, which is an emerging and underexplored field. We also highlighted the integration of related emerging technologies, which amplifies XR’s potential and unique challenges. Structured Presentation: While we avoided a list format for the main content, as it may disrupt the narrative flow of a scientific introduction, we did structure the objective at the end as a list to align with your suggestion. This ensures clarity and draws attention to the core goals of the paper. We believe this approach strikes a balance between clarity, depth, and the conventions of academic writing.                                                                                                                                                                                                                                           The discussion of related work has been substantially expanded to include a broader range of applications and challenges, incorporating recent studies and references to provide a more comprehensive overview. We have also added detailed technical discussions on advanced security techniques, such as AI-driven anomaly detection and blockchain systems, addressing the need for technical depth. Research gaps and open challenges have been elaborated to include issues like latency and quantum-resistant cryptography. We believe these revisions address the reviewer's concerns and enhance the article's quality. Thank you for your valuable feedback.
	The section on related work provides a somewhat one-sided perspective of the current research landscape. Since risk mitigation is closely tied to resource scheduling, the authors should consider incorporating recent studies on “joint service deployment and task scheduling” and “collective edge intelligence sharing” to provide a more balanced view.	We appreciate the reviewer's insightful suggestion to provide a more balanced view of the research landscape by including recent studies on “joint service deployment and task scheduling” and “collective edge intelligence sharing.” In response to this valuable feedback, we have extended the \textit{Related Work} section to incorporate relevant research that ties risk mitigation strategies to resource scheduling in the context of XR technologies. Specifically, we have added a discussion on joint service deployment and task scheduling as a critical area for ensuring the efficient allocation of resources in XR environments, especially when dealing with the high computational demands and network requirements of such systems. Several studies have explored the optimization of service deployment and task scheduling to minimize latency, improve resource utilization, and enhance user experience in real-time XR applications. Notable works in this area include \cite{zhao2023joint} and \cite{liu2024task}, which propose novel methods for dynamic scheduling based on the current resource availability and network conditions. Additionally, we have incorporated the concept of collective edge intelligence sharing, which is increasingly recognized as essential for managing the computational load in XR systems. Recent research, such as \cite{liu2024edge} and \cite{wang2023collective}, highlights how edge nodes can share computational tasks and intelligently coordinate to improve the efficiency and performance of XR applications. This collaborative approach not only helps in balancing resource loads but also mitigates the risk of performance degradation, particularly in large-scale deployments where individual edge nodes may be constrained by resources. These additions provide a more comprehensive view of the current research landscape and how risk mitigation is intertwined with efficient resource scheduling in XR systems. We believe this addresses the reviewer's concern and improves the overall balance of the related work section.
	The mathematical representations in Subsection 6.2 (Mathematical Representation) appear to be confusing and lack clear purpose. It is unclear why these equations are presented, as they are not utilized further in the article. The relevance and application of these representations should be clarified or removed.	Thank you for your valuable feedback regarding Subsection 6.2 (Mathematical Representation). We appreciate your insights and understand your concerns about the clarity and purpose of the mathematical representations. In response to your comment, we have revised the subsection to provide a clearer explanation of the relevance of the mathematical equations. Each equation is now accompanied by a detailed explanation that explicitly connects it to the corresponding attack vector. We have clarified how these mathematical models are used to demonstrate specific vulnerabilities in the XR security system, thus justifying their inclusion in the article. For example, we have outlined how the eavesdropping attack highlights the risks of unencrypted message transmission, how the packet injection attack compromises data integrity, and how replay and spoofing attacks exploit time discrepancies or biometric vulnerabilities. These explanations aim to show the practical application of the mathematical representations in understanding the security challenges faced by XR systems. We hope that these revisions address your concerns and enhance the clarity and purpose of the section. Thank you once again for your helpful comments.
	The section on Cryptographic Techniques, Authentication Mechanisms, and similar topics only lists technologies without providing sufficient detail. It is recommended that the author explain the processes in greater depth so that readers can gain a clearer and more comprehensive understanding of each technique.	Thank you for your insightful feedback on the cryptographic techniques section. We have carefully considered your suggestions and made several improvements to ensure the content is comprehensive and aligned with the specific needs of XR environments. To address your comment, we expanded the discussion of encryption protocols, such as AES \cite{qayyum2024secure}, RSA \cite{qayyum2024secure}, and ECC \cite{rafique2024internet}, highlighting their respective strengths and applications in XR systems. We have also provided clearer explanations of the encryption processes, making sure to emphasize how these techniques contribute to securing data transmission and user authentication in immersive environments. Additionally, we introduced a section on blockchain technology, exploring its role in enhancing transaction integrity and traceability in XR applications \cite{rafique2024internet}. This was complemented by a discussion on AI-driven threat detection mechanisms \cite{qayyum2024secure}, which are increasingly vital in monitoring and mitigating security risks
	The experimental evaluation is insufficient. The proposed solution needs to be compared both horizontally and vertically to validate its effectiveness and feasibility. Horizontally, the solution should be tested across different parameter settings and experimental scales to demonstrate its robustness. Vertically, it should be compared with various advanced solutions to assess its effectiveness. The current experimental results do not provide enough evidence to support the claims made in the article.	We sincerely thank the reviewer for their insightful feedback regarding the need for more extensive experimental validation, both horizontally and vertically. In response, we have significantly enhanced the experimental evaluation to ensure a more robust and comprehensive analysis of the proposed solution. Horizontal Comparisons: We expanded the evaluation to include diverse parameter settings and experimental scales. Specifically, we tested the system using multiple encryption protocols (AES-256, RSA-2048, and ECC), authentication mechanisms (biometric and non-biometric), and network conditions (low, medium, and high bandwidth). These experiments demonstrated the robustness of the solution across varying scenarios, highlighting its adaptability and reliability. Vertical Comparisons: The proposed solution was benchmarked against two advanced frameworks—Framework A, which represents a traditional symmetric encryption-based approach, and Framework B, an AI-enhanced security system. These comparisons showcased the proposed solution's superior detection accuracy, faster response times, and higher resource efficiency, confirming its feasibility and effectiveness in real-time XR environments. These additional analyses and comparisons are now fully integrated into Sections 2.3 and 2.4, providing a thorough validation of the claims made in the article. We believe these enhancements address the reviewer’s concerns and further substantiate the practical viability of the proposed solution. Once again, we are grateful for the reviewer’s constructive comments, which have helped improve the quality and rigor of our work.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

This paper presented a survey-like work on cybersecurity and privacy issues on extended reality (XR) and their possible solutions. This work is of great significance and I have several quesions about it:

1. Concerning the length of the paper and the contents, the paper writing is more like a combiniation of a comprehensive review and a reseach paper. I would suggest shorten a portion of the text in the review part.

2. In the XR domain, various sensitive data are collected, could you please enumrate some real cases for the serious consequences of such information leak, in the review part.

3. Are the recommended guidelines for policymakers in Sec 5.4 proposed by the authors or justing quoting from elsewhere?

4. Insufficient discussions on the results: For example, in Sec 7.8, the latency for AI-driven anomaly detection and end-to-end encryption are not shown. Commonly, the XR devices only take responsiblily for XR tasks, and cybersecurity and privacy issues will be addressed by the host machine. I would like to know the latency issues even if we upgrate the host.

5. Would you please add corresponding citations in Table 3?

Some other issues:

The characters in most tables are too small.

Fig 4 and Fig 6 are identical.

Author Response

Reviewer 2	Concerning the length of the paper and the contents, the paper writing is more like a combiniation of a comprehensive review and a reseach paper. I would suggest shorten a portion of the text in the review part.	We sincerely appreciate the reviewer’s feedback and suggestion to shorten the review section. The initial part of the paper indeed incorporates a comprehensive review of the literature, as its primary purpose is to highlight the current state of research and identify gaps that form the foundation for our proposed framework. This structured approach allows us to: Establish Context: Provide readers with a clear understanding of the challenges and opportunities in the domain. Highlight Gaps: Demonstrate the necessity for the proposed framework by identifying unresolved issues in existing studies. While we acknowledge the importance of maintaining a concise presentation, the detailed review is integral to justify the relevance and novelty of our contributions. That said, we have carefully revisited the review section and ensured that the discussion is focused, avoiding redundancy, and presenting only the most critical points to support the research narrative. We hope this approach aligns with the reviewer’s expectations and enhances the clarity and rigor of the manuscript.
	In the XR domain, various sensitive data are collected, could you please enumrate some real cases for the serious consequences of such information leak, in the review part.	We appreciate the reviewer’s observation regarding the enumeration of real cases for serious consequences of sensitive data leaks in the XR domain. In response, we would like to highlight that this aspect is explicitly addressed in Section 3, where we delve into various types of sensitive data collected in XR environments and their potential misuse. Specifically, we discuss the severe consequences, such as identity theft, behavioral manipulation, and physical security threats, which could arise from breaches involving biometric data, motion tracking data, and other personal identifiers. Additionally, to further enhance the review section, we have included a dedicated subsection (Subsection 2.2) that enumerates and elaborates on real-world cases and scenarios where such data breaches have resulted in significant impacts. This ensures a clearer and more comprehensive narrative that emphasizes the critical need for robust security in XR systems. We hope these revisions sufficiently address the reviewer’s concern and contribute to a more detailed and impactful discussion in the manuscript.
	Are the recommended guidelines for policymakers in Sec 5.4 proposed by the authors or justing quoting from elsewhere?	We appreciate the reviewer’s query regarding the recommended guidelines for policymakers in Section 5.4. To clarify, the guidelines presented in this section are a combination of the authors' own insights, informed by the findings of this study, as well as relevant recommendations drawn from existing literature. To ensure proper attribution and transparency, we have added explicit references in this section to clearly distinguish between original contributions and quoted recommendations from other sources. We trust this clarification and the added references address the reviewer’s concern.
	Insufficient discussions on the results: For example, in Sec 7.8, the latency for AI-driven anomaly detection and end-to-end encryption are not shown. Commonly, the XR devices only take responsiblily for XR tasks, and cybersecurity and privacy issues will be addressed by the host machine. I would like to know the latency issues even if we upgrate the host.	We thank the reviewer for pointing out this important aspect. In response, we have expanded the discussion in Section :key_findings to explicitly address latency considerations. Specifically, we now include: Latency Analysis: We report the average processing latency for AI-driven anomaly detection (18ms) and lightweight encryption protocols (20ms), with a combined impact of approximately 38ms. These values remain well below the XR system threshold of 50ms for real-time performance. Host Machine Role: We discuss the role of the host machine in managing cybersecurity tasks and highlight how upgrading host hardware can further reduce latency, such as lowering anomaly detection latency to 10ms with improved GPUs or CPUs. These additions provide a comprehensive evaluation of latency in the context of XR security, ensuring the results address the reviewer’s concerns while maintaining a focus on system performance and user immersion.
	Would you please add corresponding citations in Table 3? Some other issues: The characters in most tables are too small. Fig 4 and Fig 6 are identical.	We sincerely thank the reviewer for these valuable observations. For Table 3, we would like to clarify that the corresponding citations are already included in the caption of the table to ensure proper attribution and clarity and we dded them inside the table. Regarding the character size in the tables, we have adjusted the formatting to ensure improved readability while maintaining consistency throughout the manuscript. Concerning Fig. 4 and Fig. 6, we appreciate the careful observation. We have removed one of the duplicate figures to avoid redundancy. We hope these revisions address the reviewer’s concerns effectively and enhance the quality of the manuscript.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

The article highlights the fact that the augmented reality (XR) environment, including augmented reality (AR), virtual reality (VR) and mixed reality (MR), requires cybersecurity and privacy protection. A model indicating the sources of threats and directions of possible attacks were presented. The study included a quantitative analysis of security incidents (impersonation and identity theft, in various XR applications) and a qualitative analysis of the risk of privacy breaches (focused on the leakage of personal and behavioral data), which may result in unauthorized profiling, psychological manipulation or dedicated advertising. We also analyzed technical solutions designed to increase security in XR environments, such as: AES, RSA and elliptic curve cryptography (ECC) for secure data transmission, multi-factor and biometric authentication mechanisms tailored to specific XR use cases, data anonymization methods, secure channels AI-based communication and anomaly detection for real-time monitoring. Comparing these solutions in terms of strengths, limitations and suitability for XR applications allows you to select the appropriate security configuration. According to the author, it should be based on a holistic approach. The prepared text has the correct structure, is methodically well developed, and has both cognitive and utilitarian values. In an editorial sense, the readability of tables 3, 4 and 5 should be improved.  

 

Comments for author File: Comments.pdf

Author Response

Reviewer 3

The article highlights the fact that the augmented reality (XR) environment, including augmented reality (AR), virtual reality (VR) and mixed reality (MR), requires cybersecurity and privacy protection. A model indicating the sources of threats and directions of possible attacks were presented. The study included a quantitative analysis of security incidents (impersonation and identity theft, in various XR applications) and a qualitative analysis of the risk of privacy breaches (focused on the leakage of personal and behavioral data), which may result in unauthorized profiling, psychological manipulation or dedicated advertising. We also analyzed technical solutions designed to increase security in XR environments, such as: AES, RSA and elliptic curve cryptography (ECC) for secure data transmission, multi-factor and biometric authentication mechanisms tailored to specific XR use cases, data anonymization methods, secure channels AI-based communication and anomaly detection for real-time monitoring. Comparing these solutions in terms of strengths, limitations and suitability for XR applications allows you to select the appropriate security configuration. According to the author, it should be based on a holistic approach. The prepared text has the correct structure, is methodically well developed, and has both cognitive and utilitarian values. In an editorial sense, the readability of tables 3, 4 and 5 should be improved.

We sincerely thank the reviewer for these valuable observations. Regarding the character size in the tables, we have adjusted the formatting to ensure improved readability while maintaining consistency throughout the manuscript. We hope these revisions address the reviewer’s concerns effectively and enhance the quality of the manuscript.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

The author has addressed all my concerns about this paper. Thank you.