abstract

GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices

Authors:

Mohamed Khamis,

Emanuel von Zezschwitz,

Regina Hasholzner,

Andreas BullingAuthors Info & Claims

CHI EA '16: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems

Pages 2156 - 2164

https://doi.org/10.1145/2851581.2892314

Published: 07 May 2016 Publication History

Abstract

We propose a multimodal scheme, GazeTouchPass, that combines gaze and touch for shoulder-surfing resistant user authentication on mobile devices. GazeTouchPass allows passwords with multiple switches between input modalities during authentication. This requires attackers to simultaneously observe the device screen and the user's eyes to find the password. We evaluate the security and usability of GazeTouchPass in two user studies. Our findings show that GazeTouchPass is usable and significantly more secure than single-modal authentication against basic and even advanced shoulder-surfing attacks.

References

[1]

Andrea Bianchi, Ian Oakley, Vassilis Kostakos, and Dong Soo Kwon. 2011. The Phone Lock: Audio and Haptic Shoulder-surfing Resistant PIN Entry Methods for Mobile Devices. In Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction (TEI '11). ACM, New York, NY, USA, 197-200.

Digital Library

[2]

Andrea Bianchi, Ian Oakley, and DongSoo Kwon. 2011. Spinlock: A Single-Cue Haptic and Audio PIN Input Technique for Authentication. In Haptic and Audio Interaction Design, EricW. Cooper, VictorV. Kryssanov, Hitoshi Ogawa, and Stephen Brewster (Eds.). Lecture Notes in Computer Science, Vol. 6851. Springer Berlin Heidelberg, 81-90.

[3]

Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2012. Counting clicks and beeps: Exploring numerosity based haptic and audio PIN entry. Interacting with Computers 24, 5 (2012), 409 - 422.

Digital Library

[4]

Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2012. Increasing the Security of Gaze-based Cuedrecall Graphical Passwords Using Saliency Masks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '12). ACM, New York, NY, USA, 3011-3020. 1145/2207676.2208712

Digital Library

[5]

Dietlind Helene Cymek, Antje Christine Venjakob, Stefan Ruff, Otto Hans-Martin Lutz, Simon Hofmann, and Matthias Roetting. 2014. Entering PIN codes by smooth pursuit eye movements. Journal of Eye Movement Research 7(4):1 (2014), 1-11.

[6]

Alexander De Luca, Martin Denzel, and Heinrich Hussmann. 2009. Look into My Eyes!: Can You Guess My Password?. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09). ACM, New York, NY, USA, Article 7, 12 pages.

Digital Library

[7]

Alexander De Luca, Marian Harbach, Emanuel von Zezschwitz, Max-Emanuel Maurer, Bernhard Ewald Slawik, Heinrich Hussmann, and Matthew Smith. 2014. Now You See Me, Now You Don't: Protecting Smartphone Authentication from Shoulder Surfers. In Proceedings of the 32Nd Annual ACM Conference on Human Factors in Computing Systems (CHI '14). ACM, New York, NY, USA, 2937-2946.

Digital Library

[8]

Alexander De Luca, Roman Weiss, and Heiko Drewes. 2007. Evaluation of Eye-gaze Interaction Methods for Security Enhanced PIN-entry. In Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces (OZCHI '07). ACM, New York, NY, USA, 199-202.

Digital Library

[9]

Augusto Esteves, Eduardo Velloso, Andreas Bulling, and Hans Gellersen. 2015. Orbits: Gaze Interaction for Smart Watches Using Smooth Pursuit Eye Movements. In Proceedings of the 28th Annual ACM Symposium on User Interface Software & Technology (UIST '15). ACM, New York, NY, USA, 457-466.

Digital Library

[10]

Alain Forget, Sonia Chiasson, and Robert Biddle. 2010. Shoulder-surfing Resistance with Eye-gaze Entry in Cued-recall Graphical Passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 1107-1110. 1753326.1753491

Digital Library

[11]

Jan Gugenheimer, Alexander De Luca, Hayato Hess, Stefan Karg, Dennis Wolf, and Enrico Rukzio. 2015. ColorSnakes: Using Colored Decoys to Secure Authentication in Sensitive Contexts. In Proceedings of the 17th International Conference on HumanComputer Interaction with Mobile Devices and Services (MobileHCI '15). ACM, New York, NY, USA, 274--283.

Digital Library

[12]

Oliver Hohlfeld, André Pomp, Jó Ágila Bitsch Link, and Dennis Guse. 2015. On the Applicability of Computer Vision Based Gaze Tracking in Mobile Scenarios. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI '15). ACM, New York, NY, USA, 427-434.

Digital Library

[13]

Corey Holland, Atenas Garza, Elena Kurtova, Jose Cruz, and Oleg Komogortsev. 2013. Usability Evaluation of Eye Tracking on an Unmodified Common Tablet. In CHI '13 Extended Abstracts on Human Factors in Computing Systems (CHI EA '13). ACM, New York, NY, USA, 295-300. 2468356.2468409

Digital Library

[14]

Corey Holland and Oleg Komogortsev. 2012. Eye Tracking on Unmodified Common Tablets: Challenges and Solutions. In Proceedings of the Symposium on Eye Tracking Research and Applications (ETRA '12). ACM, New York, NY, USA, 277-280.

Digital Library

[15]

Mohamed Khamis, Florian Alt, and Andreas Bulling. 2015. A Field Study on Spontaneous Gaze-based Interaction with a Public Display Using Pursuits. In Adjunct Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers (UbiComp/ISWC'15 Adjunct). ACM, New York, NY, USA, 863-872.

Digital Library

[16]

Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing Shoulder-surfing by Using Gaze-based Password Entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS '07). ACM, New York, NY, USA, 13-19.

Digital Library

[17]

Dachuan Liu, Bo Dong, Xing Gao, and Haining Wang. 2015. Exploiting Eye Tracking for Smartphone Authentication. In Proceedings of the 13th International Conference on Applied Cryptography and Network Security (ACNS '15). 20.

[18]

Päivi Majaranta and Andreas Bulling. 2014. Eye Tracking and Eye-Based Human-Computer Interaction. Springer London, 39-65. 978--1--4471--6392--3_3

[19]

Stefan Schneegass, Frank Steimle, Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2014. SmudgeSafe: Geometric Image Transformations for Smudgeresistant User Authentication. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp '14). ACM, New York, NY, USA, 775-786.

Digital Library

[20]

Furkan Tari, A. Ant Ozok, and Stephen H. Holden. 2006. A Comparison of Perceived and Real Shouldersurfing Risks Between Alphanumeric and Graphical Passwords. In Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS '06). ACM, New York, NY, USA, 56-66.

Digital Library

[21]

Vytautas Vaitukaitis and Andreas Bulling. 2012. Eye Gesture Recognition on Portable Devices. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp '12). ACM, New York, NY, USA, 711- 714.

Digital Library

[22]

Mélodie Vidal, Andreas Bulling, and Hans Gellersen. 2013. Pursuits: Spontaneous Interaction with Displays Based on Smooth Pursuit Eye Movement and Moving Targets. In Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp '13). ACM, New York, NY, USA, 439--448.

Digital Library

[23]

Mélodie Vidal, Andreas Bulling, and Hans Gellersen. 2015. Pursuits: Spontaneous Eye-Based Interaction for Dynamic Interfaces. GetMobile: Mobile Comp. and Comm. 18, 4 (Jan. 2015), 8-10. 10.1145/2721914.2721917

Digital Library

[24]

Paul Viola and Michael J. Jones. 2004. Robust Real-Time Face Detection. International Journal of Computer Vision 57, 2 (2004), 137-154.

Digital Library

[25]

Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, and Heinrich Hussmann. 2015. SwiPIN: Fast and Secure PIN-Entry on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, New York, NY, USA, 1403-1406.

Digital Library

[26]

Emanuel von Zezschwitz, Paul Dunphy, and Alexander De Luca. 2013. Patterns in the Wild: A Field Study of the Usability of Pattern and Pin-based Authentication on Mobile Devices. In Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services (MobileHCI '13). ACM, New York, NY, USA, 261-270.

Digital Library

[27]

Erroll Wood and Andreas Bulling. 2014. EyeTab: Model-based Gaze Estimation on Unmodified Tablet Computers. In Proceedings of the Symposium on Eye Tracking Research and Applications (ETRA '14). ACM, New York, NY, USA, 207-210.

Digital Library

[28]

Yanxia Zhang, Andreas Bulling, and Hans Gellersen. 2014. Pupil-canthi-ratio: a calibration-free method for tracking horizontal gaze direction. In Proc. of the 2014 International Working Conference on Advanced Visual Interfaces (AVI 14). ACM, New York, NY, USA, 129- 132. http://dx.doi.org/10.1145/2598153.2598186

Digital Library

Cited By

M. K. AAithal P(2024)Implementation of Voice Biometric System in the Banking SectorInternational Journal of Applied Engineering and Management Letters10.47992/IJAEML.2581.7000.0217(120-127)Online publication date: 14-Mar-2024
https://doi.org/10.47992/IJAEML.2581.7000.0217
Corbett MDavid-John BShang JJi B(2024)ShouldAR: Detecting Shoulder Surfing Attacks Using Multimodal Eye Tracking and Augmented RealityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785738:3(1-23)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678573
Jiao ADuan DXu W(2024)Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality InteractionsProceedings of the ACM on Human-Computer Interaction10.1145/36765158:MHCI(1-21)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676515
Show More Cited By

Index Terms

GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices

Recommendations

Just gaze and wave: exploring the use of gaze and gestures for shoulder-surfing resilient authentication
ETRA '19: Proceedings of the 11th ACM Symposium on Eye Tracking Research & Applications

Eye-gaze and mid-air gestures are promising for resisting various types of side-channel attacks during authentication. However, to date, a comparison of the different authentication modalities is missing. We investigate multiple authentication ...
GazeTouchPIN: protecting sensitive data on mobile devices using secure multimodal authentication
ICMI '17: Proceedings of the 19th ACM International Conference on Multimodal Interaction

Although mobile devices provide access to a plethora of sensitive data, most users still only protect them with PINs or patterns, which are vulnerable to side-channel attacks (e.g., shoulder surfing). How-ever, prior research has shown that privacy-...
Hide my Gaze with EOG!: Towards Closed-Eye Gaze Gesture Passwords that Resist Observation-Attacks with Electrooculography in Smart Glasses
MoMM2019: Proceedings of the 17th International Conference on Advances in Mobile Computing & Multimedia

Smart glasses allow for gaze gesture passwords as a hands-free form of mobile authentication. However, pupil movements for password input are easily observed by attackers, who thereby can derive the password. In this paper we investigate closed-eye gaze ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI EA '16: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems

May 2016

3954 pages

ISBN:9781450340823

DOI:10.1145/2851581

General Chairs:
Jofish Kaye
Yahoo
,
Allison Druin
University of Maryland / National Park Service
,
Program Chairs:
Cliff Lampe
University of Michigan
,
Dan Morris
Microsoft
,
Juan Pablo Hourcade
University of Iowa

Copyright © 2016 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2016

Check for updates

Author Tags

Qualifiers

Abstract

Conference

CHI'16

Sponsor:

SIGCHI

CHI'16: CHI Conference on Human Factors in Computing Systems

May 7 - 12, 2016

California, San Jose, USA

Acceptance Rates

CHI EA '16 Paper Acceptance Rate 1,000 of 5,000 submissions, 20%;

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

84
Total Citations
View Citations
834
Total Downloads

Downloads (Last 12 months)42
Downloads (Last 6 weeks)4

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

M. K. AAithal P(2024)Implementation of Voice Biometric System in the Banking SectorInternational Journal of Applied Engineering and Management Letters10.47992/IJAEML.2581.7000.0217(120-127)Online publication date: 14-Mar-2024
https://doi.org/10.47992/IJAEML.2581.7000.0217
Corbett MDavid-John BShang JJi B(2024)ShouldAR: Detecting Shoulder Surfing Attacks Using Multimodal Eye Tracking and Augmented RealityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785738:3(1-23)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678573
Jiao ADuan DXu W(2024)Medusa3D: The Watchful Eye Freezing Illegitimate Users in Virtual Reality InteractionsProceedings of the ACM on Human-Computer Interaction10.1145/36765158:MHCI(1-21)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676515
Corbett MShang JJi B(2024)GazePair: Efficient Pairing of Augmented Reality Devices Using Gaze TrackingIEEE Transactions on Mobile Computing10.1109/TMC.2023.325584123:3(2407-2421)Online publication date: Mar-2024
https://doi.org/10.1109/TMC.2023.3255841
Ahmad IRodriguez FKumar TSuomalainen JJagatheesaperumal SWalter SAsghar MLi GPapakonstantinou NYlianttila MHuusko JSauter THarjula E(2024)Communications Security in Industry X: A SurveyIEEE Open Journal of the Communications Society10.1109/OJCOMS.2024.33560765(982-1025)Online publication date: 2024
https://doi.org/10.1109/OJCOMS.2024.3356076
Kuang LZeng FJiang HLiu DLi JZheng HZhang QMin G(2024)DEyeAuth: A Secure Smartphone User Authentication System Integrating Eyelid Patterns With Eye GesturesIEEE Internet of Things Journal10.1109/JIOT.2024.340778011:18(30069-30083)Online publication date: 15-Sep-2024
https://doi.org/10.1109/JIOT.2024.3407780
Farzand HAbraham MBrewster SKhamis MMarky K(2024)A Systematic Deconstruction of Human-Centric Privacy & Security Threats on Mobile PhonesInternational Journal of Human–Computer Interaction10.1080/10447318.2024.2361519(1-24)Online publication date: 12-Jun-2024
https://doi.org/10.1080/10447318.2024.2361519
Riyadh HBhardwaj DDabrowski AKrombholz K(2024)Usable Authentication in Virtual Reality: Exploring the Usability of PINs and GesturesApplied Cryptography and Network Security10.1007/978-3-031-54776-8_16(412-431)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-3-031-54776-8_16
Namnakani OAbdrabou YGrizou JEsteves AKhamis M(2023)Comparing Dwell time, Pursuits and Gaze Gestures for Gaze Interaction on Handheld Mobile DevicesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580871(1-17)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3580871
Shi HWang YFan YLi T(2023)NELI-AUTH: Authentication System Based on Non-equal-length Input for Virtual Environment2023 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW)10.1109/VRW58643.2023.00321(957-958)Online publication date: Mar-2023
https://doi.org/10.1109/VRW58643.2023.00321
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents