GazeLockPatterns: Comparing Authentication Using Gaze and Touch for Entering Lock Patterns

In this work, we present a comparison between Android’s lock patterns for mobile devices (TouchLockPatterns) and an implementation of lock patterns that uses gaze input (GazeLockPatterns). We report on results of a between subjects study (N=40) to show that for the same layout of authentication interface, people employ comparable strategies for pattern composition. We discuss the pros and cons of adapting lock patterns to gaze-based user interfaces. We conclude by opportunities for future work, such as using data collected during authentication for calibrating eye trackers.

[1]  Vijay Rajanna,et al.  DyGazePass: A gaze gesture-based dynamic authentication system to counter shoulder surfing and video analysis attacks , 2018, 2018 IEEE 4th International Conference on Identity, Security, and Behavior Analysis (ISBA).

[2]  David A. Wagner,et al.  Are You Ready to Lock? , 2014, CCS.

[3]  Jyrki Rasku,et al.  Biometric verification of a subject through eye movements , 2013, Comput. Biol. Medicine.

[4]  Andrew T. Duchowski,et al.  A rotary dial for gaze-based PIN entry , 2016, ETRA.

[5]  Mohamed Khamis,et al.  Just gaze and wave: exploring the use of gaze and gestures for shoulder-surfing resilient authentication , 2019, ETRA.

[6]  Serge Egelman,et al.  The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens , 2016, CHI.

[7]  Heinrich Hußmann,et al.  Eyepass - eye-stroke authentication for public terminals , 2008, CHI Extended Abstracts.

[8]  Florian Alt,et al.  The past, present, and future of gaze-enabled handheld mobile devices: survey and lessons learned , 2018, MobileHCI.

[9]  Florian Alt,et al.  CueAuth: Comparing Touch, Mid-Air Gestures, and Gaze for Cue-based Authentication on Situated Displays , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[10]  Steffen Staab,et al.  TouchGazePath: Multimodal Interaction with Touch and Gaze Path for Secure Yet Efficient PIN Entry , 2019, ICMI.

[11]  Vijay Rajanna,et al.  A Gaze Gesture-Based User Authentication System to Counter Shoulder-Surfing Attacks , 2017, CHI Extended Abstracts.

[12]  Florian Alt,et al.  The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions , 2020, CHI.

[13]  Florian Alt,et al.  Behavioural Biometrics in VR: Identifying People from Body Motion and Relations in Virtual Reality , 2019, CHI.

[14]  Markus Dürmuth,et al.  Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[15]  Marios Belk,et al.  Eye Gaze-driven Prediction of Cognitive Differences during Graphical Password Composition , 2018, IUI.

[16]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[17]  Martti Juhola,et al.  Biometric verification of a subject with eye movements, with special reference to temporal variability in saccades between a subject's measurements , 2014, Int. J. Biom..

[18]  Albrecht Schmidt,et al.  Increasing the security of gaze-based cued-recall graphical passwords using saliency masks , 2012, CHI.

[19]  Peyman Bayat,et al.  Eye gesture blink password: a new authentication system with high memorable and maximum password length , 2018, Multimedia Tools and Applications.

[20]  Heinrich Hußmann,et al.  Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)lock Patterns , 2015, CHI.

[21]  Oleg V. Komogortsev,et al.  Biometric verification via complex eye movements: The effects of environment and stimulus , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[22]  Oleg V. Komogortsev,et al.  Person verification via eye movement-driven text reading model , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[23]  Marios Belk,et al.  A Human-Cognitive Perspective of Users’ Password Choices in Recognition-Based Graphical Authentication , 2019, Int. J. Hum. Comput. Interact..

[24]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[25]  Virginio Cantoni,et al.  A Study on Gaze-Controlled PIN Input with Biometric Data Analysis , 2018, CompSysTech.

[26]  Hans-Werner Gellersen,et al.  Pursuit calibration: making gaze calibration less tedious and more flexible , 2013, UIST.

[27]  Alexander De Luca,et al.  Evaluation of eye-gaze interaction methods for security enhanced PIN-entry , 2007, OZCHI '07.

[28]  Theodore Tryfonas,et al.  Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method , 2014, HCI.

[29]  Florian Alt,et al.  VRpursuits: interaction in virtual reality using smooth pursuit eye movements , 2018, AVI.

[30]  Alexander De Luca,et al.  PassShapes: utilizing stroke based authentication to increase password memorability , 2008, NordiCHI.

[31]  Florian Alt,et al.  Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication , 2017, CHI.

[32]  Marte Loge,et al.  On User Choice for Android Unlock Patterns , 2016 .

[33]  Ivan Martinovic,et al.  Analysis of Reflexive Eye Movements for Fast Replay-Resistant Biometric Authentication , 2019, ACM Trans. Priv. Secur..

[34]  Heinrich Hußmann,et al.  Look into my Eyes! Can you guess my Password? , 2009 .

[35]  Nikolaos M. Avouris,et al.  Towards gaze-based quantification of the security of graphical authentication schemes , 2018, ETRA.

[36]  Xiaojiang Chen,et al.  Cracking Android Pattern Lock in Five Attempts , 2017, NDSS.

[37]  Emanuel von Zezschwitz Risks and potentials of graphical and gesture-based authentication for touchscreen mobile devices: balancing usability and security through user-centered analysis and design , 2016 .

[38]  Marios Belk,et al.  Influences of Human Cognition and Visual Behavior on Password Strength during Picture Password Composition , 2018, CHI.