Multi-touch authentication on tabletops

The introduction of tabletop interfaces has given rise to the need for the development of secure and usable authentication techniques that are appropriate for the co-located collaborative settings for which they have been designed. Most commonly, user authentication is based on something you know, but this is a particular problem for tabletop interfaces, as they are particularly vulnerable to shoulder surfing given their remit to foster co-located collaboration. In other words, tabletop users would typically authenticate in full view of a number of observers. In this paper, we introduce and evaluate a number of novel tabletop authentication schemes that exploit the features of multi-touch interaction in order to inhibit shoulder surfing. In our pilot work with users, and in our formal user-evaluation, one authentication scheme - Pressure-Grid - stood out, significantly enhancing shoulder surfing resistance when participants used it to enter both PINs and graphical passwords.

[1]  R. Haber,et al.  Perception and memory for pictures: Single-trial learning of 2500 visual stimuli , 1970 .

[2]  Tony DeRose,et al.  Toolglass and magic lenses: the see-through interface , 1993, SIGGRAPH.

[3]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[4]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[5]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[6]  Kori Inkpen Quinn,et al.  Single display privacyware: augmenting public displays with private information , 2001, CHI.

[7]  Mike Wu,et al.  Multi-finger and whole hand gestural interaction techniques for multi-user tabletop displays , 2003, UIST '03.

[8]  Roy Want,et al.  Photographic Authentication through Untrusted Terminals , 2003, IEEE Pervasive Comput..

[9]  Daniel Vogel,et al.  Interactive public ambient displays: transitioning from implicit to explicit, public to personal, interaction with multiple users , 2004, UIST '04.

[10]  Volker Roth,et al.  A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[11]  Desney S. Tan,et al.  Spy-resistant keyboard: more secure password entry on public touch screen displays , 2005, OZCHI.

[12]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[13]  T. Takada,et al.  Awase-E: Recognition-based Image Authentication Scheme Using Users' Personal Photographs , 2006, 2006 Innovations in Information Technology.

[14]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[15]  Pawan Sinha,et al.  Face Recognition by Humans: Nineteen Results All Computer Vision Researchers Should Know About , 2006, Proceedings of the IEEE.

[16]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[17]  Novel Shoulder-Surfing Resistant Haptic-based Graphical Password , 2006 .

[18]  Johannes Schöning,et al.  Multi-Touch Surfaces: A Technical Guide , 2008 .

[19]  Yoshifumi Kitamura,et al.  Visibility control using revolving polarizer , 2008, 2008 3rd IEEE International Workshop on Horizontal Interactive Human Computer Systems.

[20]  Tony P. Pridmore,et al.  Pressing the Flesh: Sensing Multiple Touch and Finger Pressure on Arbitrary Surfaces , 2009, Pervasive.

[21]  Ross T. Smith,et al.  Public and Private Workspaces on Tabletop Displays , 2008, AUIC.

[22]  Antonio Krüger,et al.  Spatial Authentication on Large Interactive Multi-Touch Surfaces , 2008 .

[23]  Jane Yung-jen Hsu,et al.  On top of tabletop: A virtual touch panel display , 2008, 2008 3rd IEEE International Workshop on Horizontal Interactive Human Computer Systems.

[24]  Patrick Olivier,et al.  Securing passfaces for description , 2008, SOUPS '08.

[25]  Alexander De Luca,et al.  A privacy-respectful input method for public terminals , 2008, NordiCHI.

[26]  Nicolas Christin,et al.  Undercover: authentication usable in front of prying eyes , 2008, CHI.

[27]  Heinrich Hußmann,et al.  Vibrapass: secure authentication based on shared lies , 2009, CHI.