Metaverse is a virtualized world that blends real and digital worlds, offering new venues for social interactions to users. Metaverse is capable of integrating cloud computing, IoT and AI for accomplishing tasks that normally are human dependent. Examples include comprehending speeches or analyzing images for informed decisions. The term Metaverse includes “meta” meaning beyond and “verse” representing a condensed form of cosmos. This term was first used by Neil Stephenson in his science fiction novel “Snow Crash” (1992) (Huynh-The et al., 2023) for digital avatars interacting with virtual environments. His concept was later expanded by Mark Zuckerberg when he named Facebook as Meta, a sign of progress towards Metaverse constructions. It is possible for people realize immersive experiences while interacting with Metaverse’s virtual locations. It is possible for Metaverse to revolutionize multiple domains including consumer products, healthcare, education, and finance where certain supporting technologies can contribute to the realization of this vision (Moztarzadeh et al., 2023). The overall technological ecology supporting Metaverse is shown as Figure 1.

Businesses using Metaverse can offer customers unique product experiences while Blockchains ensure security supporting themes for decentralized finance or creative economies (Gupta et al., 2022). Metaverse can also include mobile applications along with entertainment platforms (OTTs). The combination of IoT and AI can assist Metaverse in creating individualized experiences (Wang H. et al., 2023) using 5G/6G connections with low latencies as the binding force of Metaverse elements. AI can influence user interactions with Metaverse and offer more natural and intuitive interactions, adaptable interfaces, and personalized content recommendations. VR experiences can examine user preferences and behaviors in virtual worlds to draw conclusions, for example, AI in VR applications can detect user movements/gazes, enhancing naturalness and intuitiveness of their interactions. AI can also improve immersive VR experiences by simulating sound or lighting changes in response to user preferences and activities. The rendering process of 3D objects involves usages of lights/shadows, textures and colors processed by rendering engines which generate tangible realistic illusions (Ponchio and Hormann, 2008). Metaverse functions can be used to combine AR with physical environments for tangible representations of the internet. They can provide consumers with graphics, video streams, and realistic holographic experiences. Users can interact with Pokémon like characters by superimpositions even on hand phone cameras. AR applications can be labeled as marker-based or markerless. Image recognition employs marker-based AR to locate markers (items that launch AR applications). Markerless displays do not require markers and allow users to select the digital material to be presented. These apps are instances of location-based augmented reality, providing information depending on the user’s location (Carotenuto et al., 2020). Markerless AR applications use device cameras, GPS, compasses, and accelerometers to collect environmental data. Object detections are the mainstay of AR applications which enable computers to recognize and find things of interest in images or videos (Yong et al., 2021). Intelligent and responsive Metaverse applications (Reiners et al., 2021) can also be created by combining AI with XR. Examples Metaverse applications in this usage include connecting remote workspaces, virtual healthcare, and immersive entertainments. XR usages offer consumers smooth transitions between virtual and real worlds by linking these two realms. XR includes both AR and VR (Venkatesan et al., 2021). These technologies are all part of building Metaverse visual environments. Avatars and followers are expected to represent human users in Metaverse. IoT that connects networked devices for exchange of information is another technology that can be proliferated in Metaverse applications. AI and IoT have the potential to fundamentally transform Metaverse interactions into seamless and intuitive experiences. AI can be used to examine and assess integration of virtual and physical worlds utilizing devices. Application developers can provide intelligent and responsive Metaverse applications for better user experiences (Ghosh et al., 2018). Though, Metaverse offer a variety of benefits to both individuals and businesses by combining AR/VR/XR technologies with AI, but has to be safeguarded against risks such as frauds, identity thefts, and data breaches, necessitating strong privacy, identity management, and asset protection procedures. Securing digital identities, preventing unauthorized tracking, managing virtual economies, and addressing AI/IoT risks are some of the major challenges that arise as Metaverse data collection grows (biometrics, movements), and vulnerabilities emerge from integrated technologies (VR, AR, XR, AI, IoT).

AIs Metaverse implies persistent, cohesive networks of 3D virtual worlds that might be the mainstay of online experiences. The concepts, which were previously limited to science fiction and video games, are currently being researched in an effort to transform every sector of the economy, i.e., banking, healthcare, consumer products and education. Metaverse is a virtual world made up of various landscapes, NPCs, and player characters (avatars) that combine digital and real components. AI technologies can be employed to create a Metaverse environment. Scenes depict a range of virtual environments, including a campus (Duan et al., 2021) and a museum (Beer, 2015). NPCs are necessary to give the gaming world a more realistic feel despite not being within the player’s control (Warpefelt, 2015). Metaverse visual constructions embrace different technologies including AR, VR, XR, and. These systems utilize a see-through display, either optical or video to capture visual data. Mesh models can rebuild structures with intricate surface patterns, like statues and paintings. For example, metropolitan buildings were rebuilt using mesh models and segmentation algorithms. Indoor spaces were also recreated as virtual worlds using the mesh approach (Tao et al., 2019). Figure 3 depicts AI branches employed for Metaverse.

Computer vision in AI enables computers to comprehend, extract, and use pertinent data that influences decisions from visual inputs, including digital images and videos. Computer vision gives robots the ability to see and understand, while AI gives them the ability to reason. Metaverse object detections based on AI can be generic like automobiles and people or specific like detecting faces, markers, and texts. Text detection techniques in XR have been found to be easily adaptable to Metaverse applications (Stotko et al., 2019). Facial recognitions are processes of identifying human faces by enclosing them in bounding boxes for recognitions. Facial detections have been studied extensively and reliable facial recognition settings in XR applications were suggested by (Kojic et al., 2020) NLP helps chatbots and virtual assistants to better interpret and respond to human inputs, resulting in more engaging interactions. They can be used in virtual environments to process and evaluate vast amounts of textual data (such as user reviews or social media posts). NLP can be used in Metaverse (see Figure 4) for a variety of purposes. When people interact with Metaverse virtual environments, NLP can help them be more natural and intuitive. In hybrid societies, AI could be useful for learning to interact with people from different ages and backgrounds (C et al., 2022). Machine Translation applications are important when people from different nations interact amongst themselves. Any individual need not know a new as AI can automatically transform contents users’ languages, i.e., native language to a foreign language establishing proper communications when they write and speak in their native languages The knowledge acquired by training models can be used to improve machine translation performances. The work in (Hujon et al., 2023) examined transfer learning for translations of English-Khasi language pairs. Conversions of Texts-to-Images/Images-to-Texts enable creation of realistic images from textual descriptions. The initial phase entails language modelling and extractions of significant features to assist creation of visually realistic and semantically consistent target images in the second stage. One popular use of this technique is image captioning. The simplest methods involve extracting visual attributes from images or videos and feeding them into recurrent networks, which generated words one after the other. OpenAI was unveiled in (Ramesh et al., 2022) where DALLE-2, a text-to-image generative model, comprising of decoders generated conditioned images on image embeds. Meta developed models that could assess text, images, and audio (multi-modal systems) for promoting AR in Metaverse. For Example, Data2vec (Ba et al., 2022), trained on three separate modalities was used for a variety of purposes including speech recognitions in audio samples; classifying image contents, analysing emotions and proofread texts for grammar. Large language models (LLM) have greatly enhanced the potential of NLP. Large amounts of textual data, typically several terabytes in size are utilized to train these models GPT-3 (Leippold, 2023), the third iteration of OpenAI GPT language model with 175 billion ML parameters was one of the most amazing LLM. The application was modified to handle text summarization, answering question, and language translations. IoT can help users interact more physically with AR/VR virtual environments. For Example, in healthcare, a body suit including sensors or medical devices attached to the user’s body can monitor patient’s status including health issues resulting in virtual reactions (Pereira et al., 2021). The results of the study in (Deveci et al., 2023) demonstrated that, due to its wide range of applications and practical opportunities, public transportation is the best place to integrate Metaverse into traffic management for safety. E-commerce experiences can also be improved by integrating IoT to monitor user’s mobility in virtual changing rooms. IoT enable machines or individuals in far-off places to use or access physical or digital products (Promwongsa et al., 2021). IoT data can facilitate data exchanges and link the virtual and real worlds providing AR/VR contexts and situational awareness for tangible objects (Lu et al., 2021) for example, AR devices might initiate cyber-physical processes in response to events in the actual world or respond to the user’s finger motions. Digital Twins (DT) is considered a vital component of the Metaverse, serving as a portal to VR services. DT is digital depictions of real-world items that can be used to connect systems, procedures, and operational assets to the outside world. This includes activities including monitoring, displaying, assessing, and predicting. DT employs 3D models of intricate systems to create accurate, functional, and structured replicas of reality. DT can operate independently and carry out a range of duties, including commercial modification and technical instruction. DT or digital representations of actual states of specific physical objects are formed when real and virtual worlds merge due to IoT (Minerva et al., 2020). DT can provide virtual environments that are linked to physical workplaces, allowing remote maintenance. Urban planners and builders can use DT to implement development plans and identify potential urban projects in the future (Atlam and Wills, 2020). Developers and service providers can employ DT to create virtual models of operations and machinery that AI can remotely inspect (Rathore et al., 2021). 3D virtual worlds customized by avatars can give consumers authentic and engaging experiences. Virtual sceneries are created in Metaverse and presented to users for real immersive experiences through the use of computer vision, graphics, and visualization technologies (Zawish et al., 2024). Modeling tools and engines (like Unity3D or Engine) can be combined to create a virtual world. The process of creating scenes has been expedited to near-real time using animations. Scene identifications are a must for applications to connect and collaborate effectively in Metaverse. Deep learning (DL) approaches have been widely used in scene recognitions where Convolutional Neural Networks (CNNs) have been examined extensively (Wang et al., 2021). CNNs have also been used to shorten the prediction time of complicated scenes and extract low-level information. Fusion techniques which combine scene and object information with CNN recognition have also been suggested (Seong et al., 2020). SimpleNet and AlexNet were CNNs utilized in (Deng et al., 2021) to automatically recognize virtual scenes. The model was tested on virtual-world scenarios after being trained on Scene15 dataset. Avatars, are virtual representations of Metaverse users that enable communication with AI agents or other users (Davis et al., 2009). Despite their physical boundaries, Metaverse Avatars allow users to engage with others in the real world. XR devices can generate these worlds and interact with objects making virtual and augmented realities become more accurate and lifelike. Figure 4 shows the procedures for involving Avatar in Metaverse.

Facial reconstructions are essential steps in creating avatars. Traditionally, 3D Morphable Models (Booth et al., 2016) based on the Principal Component Analysis algorithm were used for this process; however, the data quality limited their ability to capture facial details. DL techniques like Generative Adversarial Network (GAN) have achieved a higher degree of realism. The work in (Shi et al., 2019) introduced an application that used facial scans instead of 2D images to create autonomous 3D avatars (Chalás et al., 2017). Microsoft introduced “Rodin”, 3D generative model that employs diffusions to create 3D digital avatars with neural radiances (Wang T. et al., 2023). VR Chat, a VR multiplayer game, enables users to create, customize, and personalize virtual worlds in which human-like avatars can impersonate people. In VR, facial detections are common, whereas word recognitions are prevalent in AR. Producing intricate and realistic 3D material based on real-world items and settings have become popular in VR and AR. One State-Of-The-Art algorithm utilized in the early stages of DL development was Faster R-CNN, a two-stage detector (Ren et al., 2017). Outstanding detection skills were shown by Yolo series and Single Shot Detector detectors in a wide range of classes and situations. These detectors have been effectively exploited by AR (Bahri et al., 2019). More sophisticated uses of AR object identifications aim to add 3D representations where users manipulate and change 3D virtual objects by attaching them to actual objects. AR item identification could improve and engage Metaverse’s 3D environment. Text detection techniques have been used in the creation of Metaverse and have been thoroughly studied in XR (Mangiarua et al., 2020). A practical client-server framework for real-time capturing of static 3D scenes and multi-user exploration was developed in (Stotko et al., 2019). The differential framework for recording freestyle content in (Ma et al., 2021) encouraged development of lifelike “virtual things”. Recent DL-based algorithms have dramatically enhanced performance in datasets pertaining to urban driving that are intended for self-driving cars (Chen et al., 2018). Reliability of recognition contexts, including XR applications, has been proved by numerous studies on facial detections (Lu et al., 2020). XR is used for object detections in Metaverse. Avatars that are able to communicate with one other are used to represent users in Metaverse. First, intelligent devices make it easier to see and interact with the Metaverse, even if more complex rendering calculations are required. For example, real-time interactions, synchronizations, and complex reconstructions and renderings make multi-player interactions more challenging. Second, in order to access a variety of Metaverse services, users need to synchronize and navigate between the digital and physical worlds in different Metaverse zones. Lastly, multi-player interaction in a complex, large-scale scenario requires adaptive design and optimization of multidimensional network resources (Huang et al., 2022). Figure 5 displays Metaverse Interaction Components.

The work in (Vernaza et al., 2012) presented an interactive approach for connecting smart wearable while (Wei et al., 2015) designed user interfaces that allowed customizations of characters in virtual worlds. The research community is becoming interested in user behavior analysis in Metaverse. Well-known clustering techniques can be utilized to comprehend the text written in a variety of virtual worlds, as well as avatar behaviors in virtual settings (Bello-Orgaz and Camacho, 2013). The study in (Barin et al., 2017) used first-person VR headsets to study accident rates in high-performance drone racing as Metaverse enables users to interact with other animated non-human objects.

Metaverse security entails protecting against new and amplified digital threats like identity thefts, data breaches, frauds, and virtual asset thefts. Digital identity thefts, frauds, and duplicate accounts result from the complexity of verifying actual people behind avatars. VR/AR systems’ continuous collection of biometrics, movements, and audio data pose serious privacy threats, raising security concerns in Metaverse. Studies focussing on Metaverse security issues raise alarms, but fail to provide probable solutions, making development of appropriate authentication techniques for metaverse an impending need. Though there are multiple options for enhancing security in Metaverse, authentications using strong techniques like ZTA are pertinent as metaverse applications involve many parties. The drawbacks of conventional security measures are the basis for the recommendation for ZTA deployments. Businesses that have been protected for decades by conventional security methods must now combat sophisticated attacks that elude both exterior and perimeter defenses (organizational internal networks). Data safety approaches are altered by ZTA’s views that all accesses are potentially harmful (data-centric security). Self-Sovereign Identity (SSI), AI anomaly detection, and granular access controls (Policy Decisions/Enforcement Points) for avatars, assets, and transactions map to metaverse components that follow the “never trust, always verify” tenets. This guarantees that all digital interactions in virtual worlds—from the movement of avatars to the execution of smart contracts—are verified and approved. Using underlying presumptions and methods, the key differences between ZTA and conventional security procedures are highlighted (see Table 1).

Thus, in ZTA designs, data encryption is essential, both in transit and at rest and protects data. Attackers cannot read encrypted data without the decryption keys, even if they manage to access it. Hence, this work suggests ZTA paradigm which encompasses features like multiple authentications, data validations, audit trails, blockchain provenance, fine-grained access controls, privilege management user/entity behavior monitoring, trust and reputation management with punitive actions against irresponsible users and entities for metaverse security. Figure 6 shows the suggested Quadra layer ZTA model.

Level 0 - Verification and Registration: The anonymity provided by social networks is one of the main obstacles to reining in inappropriate user conduct. Fake news and misleading information are also commonly disseminated by bots. Therefore, it is suggested that user/entity verification be a requirement of the ZTA paradigm for Metaverse. Only pre-verified people or businesses will be able to register for Metaverse, which will lessen the difficulties of current platforms. A few user accounts now have the “blue tick” signal added by Twitter, signifying that the individual is authentic and verified. This prevented imposters from making undue profits and guaranteed that creators of genuine content were given credit for their efforts. Therefore, there is justification for requiring all users and entities to verify their identities and antecedents before to granting them access to the public services and infrastructure of Metaverse (Nguyen et al., 2022) Twitter’s identity verification process is easily automated, despite being a human process. In many nations, identity verification services created by governments using their citizen register or other databases are available to third-party service providers for a price. Financial service providers regularly employ Aadhaar (unique ID) identity verification APIs to meet their KYC (Know-Your-Customer) obligations in India. It makes sense to assume that enabling verified individuals to register for Metaverse and authenticating user identities will stop any unfavorable situations that frequently occur on social networking sites.

Level 1 - Identity Managements and Authentications: This step handles identities through authentications and completes the preliminary authentication process prior to allowing users to access the Metaverse. Users may choose to use DT or avatars to access particular services or to publicly display their identities. Thus, identity management operations are responsible for mapping a user’s avatar or digital twin and securely preserving it. Thus, the privacy of the user is safeguarded. Having a trustworthy third party map the verified user’s true identity with her digital twin without the platform being aware of the mapping is another method for offering trustworthy identity management in the Metaverse (Chang et al., 2022). A multi-party request and consensus protocol involving the user, platform, other entities, and the trustworthy third-party identity management service can be used to decode the authentic identity if necessary.

Level 2 - Access Managements: The access management layer is in charge of guaranteeing smooth access to the Metaverse and the AR/VR/XR rendering layer. This layer contains access regulations for each entity in the Metaverse, allowing for fine-grained access control at the entity level. The privilege lists, which provide escalating permission levels based on the entity’s reputation, are linked to each entity’s access policies (Zheng et al., 1998). Raising privilege levels is meant to promote constructive Metaverse user conduct. Access control rules and privilege lists are provided to Level-3 metaverse sentinels, who use them to continuously assess user/entity behavior and respond appropriately in accordance with pre-established consent and access/privilege levels. Platform-level access control lists are updated to restrict user or entity access to particular Metaverse regions.

Level 3 - Control, Trust and Reputation Management: The rules and regulations engine, which produces a large number of policy/rules enforcer agents, stores the codified access and privilege policies, rules, and regulations. Permission to access particular sites or content, as well as to provide other users access to their private spaces, is recorded by the consent engine. Together with policy/rules enforcement agents, metaverse sentinels constantly watch over interactions and transactions between a wide range of entities, including business-to-business, consumer-to-consumer, and business-to-business, to spot any anomalies or infractions by any of the entities. Trust and reputation scores are updated based on the blockchain’s tracking of all violations. Promote the development and deployment of decentralized applications (dApps) while maintaining the security and caliber of data. Access permissions could be removed or demoted to lesser tiers if violations are committed repeatedly. Over time, reputation scores will be calculated, and entities with high scores will be granted access to a variety of more sophisticated features (Goel et al., 2022). Additionally, best-fit partners, potential violators, and other information will be found via federated machine learning. Another approach to guaranteeing data validation in this layer is the use of Decentralized Oracle Networks (DONs), which offer reliable and genuine off-chain real-world data that can be easily combined with on-chain data within Metaverse. This will guarantee data security and quality while facilitating the creation and deployment of innovative decentralized apps (dApps). Thus, the primary elements of the suggested ZTA paradigm for Metaverse are as follows:

Establish virtual identities while protecting user privacy, Metaverse makes use of reputable third-party identity management services.

Monitor user interactions using sentinels to identify and isolate malicious or undesirable behavior that violates rules and regulations.

This section discusses Metaverse elements/applications from multiple angles with probable solutions for challenges and issues. The recommendations are meant to assist academics and practitioners in their exploration of AI inside Metaverse In order to promote additional advancements and a more captivating and immersive VR. Metaverse provides users with state-of-the-art, offline and online multimodal interaction services. Real-time data flow and multi-user interaction across different Metaverse zones are the biggest challenges to guaranteeing immersive experiences. The basic threats to individual rights, autonomy, justice, and trust are at the center of contemporary technology’s consequences. Ethical implications address the broader moral obligations and societal repercussions of technology:

Biases in training data may be inadvertently reinforced and amplified by AI systems, leading to discriminatory outcomes in important domains such as jobs, loans, and the legal system;

Therefore, to make sure that new technologies enhance rather than reduce human capacities and wellbeing, a human-centric approach is crucial. Scalability (the ability to handle increasing numbers of users and data without compromising performance), Latency (data processing or reaction delays), interoperability (smooth communications between devices and systems) and real-world deployment are connected obstacles that pose practical concerns of security in technical systems (IoT, Clouds, and Web3), heterogeneity, and integration. In order to balance complexity and performance, edge computing, standardized protocols, middleware, and hybrid architectures are often used to address these issues. Data overloads, device resource constraints, and cloud/network bottlenecks are examples of scalability issues that can be resolved by incorporating distributed systems, load balancing, micro services, and edge/fog computing. Complex processing, data center distances, and network congestion are examples of latency issues that can be resolved by employing efficient network protocols (5G) and edge computers nearer to sources. The use of heterogeneous devices (IoT), vendor lock-ins, data formats, and different protocols (MQTT, CoAP, etc.) can all lead to interoperability problems, which can be resolved by utilizing middleware, APIs, protocol translations, and standardized protocols like oneM2M. Issues include heterogeneity, data integrity, device management, physical and cyber environmental concerns, and regulatory compliance arise when the metaverse moves from pilot to large-scale operations. Robust testing, adaptive procedures, hybrid architectures, and security by design (AI/Blockchain) are some of the answers. In virtual environments, user identities are essential for protecting private information and granting safe access. PINs and passwords are examples of access control mechanisms that are challenging to use in virtual reality settings and are susceptible to attacks and impersonations (EDO et al., 2022). Strong encryption, clear user consent, and technical protections like multi-factor authentication (MFA) and liveness detection are all necessary for multi-layered biometric data protection strategies. Strong security measures are essential since biometric data is permanent and cannot be altered if compromised, as explained below:

Encryption and Secure Storage: Both during transmission (in transit) and storage (at rest), biometric data—or, more often, an encrypted template of the data—must be encrypted. Secure hardware-based storage, such a device’s secure enclave, is superior to centralized cloud storage, which is a common target for extensive data breaches.

The rise of deepfakes and advanced AI raises substantial issues about avatar impersonation in virtual environments. In order to verify that actual, live people are present rather than AI-generated copies, photos, or recordings, anti-spoofing technologies and “liveness detection” are essential. Deepfake detection algorithms can identify faked footage by looking at differences in metadata, audio quality, and face gestures. Additionally, users can employ built-in precautions on platforms like VRChat to prevent or conceal potentially hazardous or overwhelming avatars and restrict who can clone their avatar. Biometric methods include head movements and biopotentials like electrocardiogram (ECG) and electroencephalogram (EEG) signals, which are physiological biometrics derived from the body’s electrical activity, offer strong security and simplicity. They are really particular to each person.

Head Motions: Recognizing head movements is one type of behavioral biometric. Even in cases when specific large-scale implementation specifics are lacking, general advantages and disadvantages can be inferred from its nature.

Concerns regarding mass surveillance and anonymity are raised by the widespread use of biometric technologies by businesses or governments in public areas. The purposes can be limited by ensuring data is used for specified, legal purposes for which they were obtained, according to laws and best practices. This limits secondary, illegal general surveillances. Strict restrictions on the use of biometric data by imposing laws like GDPR, CCPA, and BIPA, necessities greater levels of accountability and protection for businesses. If biometric data is misused, it can be prevented by establishing explicit accountability, carrying out privacy impact assessments, and putting in place independent oversights. Though these methods can increase security, they have their own disadvantages and stem apprehensions as detailed below. Table 2 displays the advantages and disadvantages of Bio-Potentials.

Facial recognitions and identification algorithms need to differentiate true from artificial faces in Metaverse as people may be represented by avatars. The challenges of occlusions, abrupt posture changes, and variations in illuminations can hamper facial detections in Metaverse. The dynamic states and events that take place in virtual territory must be considered in all DT processes. These can be challenging to control and coordinate, particularly when several people interact with virtual items simultaneously without any lag. Since latencies might deteriorate user experiences, it might be challenging to enable perfect interactions between an endless number of users in virtual environments. DT can stop changes in the real world from being reflected in the digital representations since they are situated at the nexus of the digital and physical worlds through Internet of Things connections (Chen et al., 2022). The work in (Park and Kim, 2022) implied that, enhanced hardware for Metaverse is needed tracking, audio, and vision systems which could be achieved by usage of AI. However, cutting-edge technology developments, like VR and AR devices, are necessary to fully actuate Metaverse’s promise. Even if PCs and cell phones can communicate with Metaverse, they will soon become obsolete. For instance, human avatars need to detect movements of other avatars or objects for appropriate reactions in 3D virtual surroundings. Human avatars also need to be able to comprehend the emotional and psychological traits of other people. Avatar’s facial characteristics (Wei et al., 2004) and micro-expressions (Kocur et al., 2020) may affect user perception throughout different social interactions in Metaverse. Consequently, a number of reconstruction methods have been created to produce incredibly lifelike 3D faces and bodies in order to improve realism. Avatar creations in Metaverse are far more customizable than other components, allowing for the creation of motion features and 3D models. Users frequently have a wide range of options for customizing and changing the appearance of their avatar. Because most video game designers either employ a small number of models or allow players to generate whole Avatars using only a few optional sub-models, including the mouth, eyes, nose, and so on, players’ avatars seem to be the same. Users can choose virtual clothing to mimic their real-life appearances by scanning their physical characteristics with a number of technologies. Even with significant advancements in realism, design-based avatars still seem absurd. Avatar animation is usually achieved using real-time tracking or user interaction with controllers (Genay et al., 2022) User engagement alone may not be sufficient to create animations which now require real-time tracking technologies to create convincing ownership illusions using inputs that do not accurately represent users’ hands or faces or bodies. These technologies provide users more exact control over their avatars by mapping their movements. Figure 7 shows examples of real-world avatars, such as Facebook Avatar, which allows users to personalize their social network avatars, Fortnite Memoji, which is a type of AR that allows users to interact with cartoon faces during FaceTime on Apple iOS devices, Facebook avatars and real-world images created with OpenCV are shown in Figure 7.

Various novel authentication techniques have been proposed by researchers to address these concerns. Among these are 3d key block building, head movement-based continuous authentication, multi-attribute authentication by mitigating man-in-the-room attacks (Wang and Gao, 2021) Suggested systems like VRCAuth are necessary for Metaverse as they permit safe, reliable, and acceptable virtual experience to the users together with the requirements of this upcoming technology. It is made especially for usage in VR environments, where conventional authentication techniques (such as entering passwords) are frequently unfeasible and detrimental to the user experience. VRCAuth system is a unique continuous authentication technique using head movement as a behavioral biometric for VR settings. It has a claimed processing latency of about 0.02 s (20 milliseconds), with high levels of accuracy (above 95 percemt). The system examines each user’s distinct head movement patterns to differentiate between an authorized user and an unauthorized one. The system can reach excellent accuracy (above 95%) in a very short amount of time (0.02 s), which makes it appropriate for continuous, real-time monitoring without generating motion sickness or visible delays—a crucial component of VR systems. Moreover, VRCAuth is compatible with current VR setups because it does not require further hardware or operating system changes. Iit uses a variety of machine learning algorithms, including LMT (Logistic Model Tree) and PART (Partial Decision Trees) classifiers to process head motion data and categorize the user’s identity. Table 3 displays comparisons of VRCAuth systems with other biometrics.

Despite being heralded as Web 3.0’s next big thing, the success of platform companies will be greatly impacted by addressing security, privacy, and trust challenges. Because of several problems with early iterations, the Metaverse’s future is uncertain. Any security breach, identity theft, or denial of service in the Metaverse could harm real-world commerce and reputations. Conversely, a favorable metaverse experience could benefit the company’s offline operations. Customers should understand the privacy and security protocols used by the platform provider and the property owner. End users require unambiguous guarantees that their privacy will be protected and that they will have complete control over how they use Metaverse platforms and services, as well as how other users or entities use them, in order to fully realize the ideal Metaverse vision. Such concerns could be alleviated by limiting platform registration to verified users only, giving end users fine-grained control over their Metaverse experiences, and putting in place a ZTA paradigm. In addition to data validation utilizing DONs, the proposed ZTA architecture includes identity and access management, control, trust, and reputation management, user verification, and repeated authentication. Trustworthy identity management services from third parties are utilized to generate virtual identities unique to Metaverse while maintaining the anonymity of real identities to improve user privacy and make it possible to combine reliable off-chain data with on-chain data within the Metaverse. DONs are used as an effective technique for data validation. A user may be banned from Metaverse and denied access indefinitely, depending on the seriousness of the offense. It is projected that this method will significantly increase Metaverse’s perceived value and aid in user growth.

Future models are anticipated to develop, mostly as a result of mergers, acquisitions, and corporate alliances. Technological developments should soon address issues of usability and access, but when developing Metaverse ecosystems, security issues need to be taken into consideration from even in early phases of development. Users’ confidence in embracing Metaverse will be seriously damaged by security breaches. Online bullying, fake news, hate speeches, and other issues will become common, if Metaverse follows the same user anonymity policy as contemporary social networks Hence, security need to be considered in basic design components while developing metaverse apps.