AugAuth: Shoulder-surfing resistant authentication for augmented reality

As computing system continues to play an increasing role in daily life, user authentication is now an important component. One of the most widely accepted methods for user authentication is through proof of knowledge of a piece of secret information, such as password. However, entering this non-mutable secret for authentication in public space often allows attackers to steal the secret by shoulder surfing or video recording. We observe that it is possible to block attacker's access to user input using augmented reality (AR) display, which is only available to the user. Based on this intuition, we present AugAuth, an authentication scheme in AR using commercial off-the-shelf(COTS) gesture control sensors as an input device. AugAuth can resist against shoulder surfing by presenting user input interface that is only visible to the user and is unique every time. To enable user input with finger movement using the gesture control armband, Myo, we have solved several challenges in electromyogram signal processing, such as annotating the start of signal and finger classification. The experiment results for our input system of a group of volunteers show that our finger classification function has high accuracy and AugAuth is practical for use in real life authentication scenarios.

[1]  F. Mohd-Yasin,et al.  Techniques of EMG signal analysis: detection, processing, classification and applications , 2006, Biological Procedures Online.

[2]  Johan A. K. Suykens,et al.  Least Squares Support Vector Machine Classifiers , 1999, Neural Processing Letters.

[3]  Amara Lynn Graps,et al.  An introduction to wavelets , 1995 .

[4]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  Yousef Al-Assaf,et al.  Surface Myoelectric Signal Analysis: Dynamic Approaches for Change Detection and Classification , 2006, IEEE Transactions on Biomedical Engineering.

[6]  Xiangyu Liu,et al.  When Good Becomes Evil: Keystroke Inference with Smartwatch , 2015, CCS.

[7]  N. Shoylev,et al.  Neural Networks for Online Classification of Hand and Finger Movements Using Surface EMG signals , 2006, 2006 8th Seminar on Neural Network Applications in Electrical Engineering.

[8]  F. K. Lam,et al.  Fuzzy EMG classification for prosthesis control. , 2000, IEEE transactions on rehabilitation engineering : a publication of the IEEE Engineering in Medicine and Biology Society.

[9]  Paul Lukowicz,et al.  In the blink of an eye: combining head motion and eye blink frequency for activity recognition with Google Glass , 2014, AH.

[10]  Xudong Jiang,et al.  An interactive and secure user authentication scheme for mobile devices , 2008, 2008 IEEE International Symposium on Circuits and Systems.

[11]  Horst Görtz,et al.  “ Typing ” passwords with voice recognition : How to authenticate to Google Glass , 2014 .

[12]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.

[13]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[14]  Nasir D. Memon,et al.  Design and Analysis of Shoulder Surfing Resistant PIN Based Authentication Mechanisms on Google Glass , 2015, Financial Cryptography Workshops.

[15]  高田哲司,et al.  "Exploring the Design Space of Graphical Passwords on Smartphones"の紹介 , 2013 .

[16]  Ian D. Walker,et al.  Myoelectric teleoperation of a complex robotic hand , 1996, IEEE Trans. Robotics Autom..

[17]  Zhen Ling,et al.  Blind Recognition of Touched Keys on Mobile Devices , 2014, CCS.

[18]  Yan Wang,et al.  Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN , 2016, AsiaCCS.

[19]  K. Englehart,et al.  Classification of the myoelectric signal using time-frequency based representations. , 1999, Medical engineering & physics.

[20]  Jan-Michael Frahm,et al.  Seeing double: reconstructing obscured typed input from repeated compromising reflections , 2013, CCS.