GazeRoomLock: Using Gaze and Head-Pose to Improve the Usability and Observation Resistance of 3D Passwords in Virtual Reality

Authentication has become an important component of Immersive Virtual Reality (IVR) applications, such as virtual shopping stores, social networks, and games. Recent work showed that compared to traditional graphical and alphanumeric passwords, a more promising form of passwords for IVR is 3D passwords. This work evaluates four multimodal techniques for entering 3D passwords in IVR that consist of multiple virtual objects selected in succession. Namely, we compare eye gaze and head pose for pointing, and dwell time and tactile input for selection. A comparison of a) usability in terms of entry time, error rate, and memorability, and b) resistance to real world and offline observations, reveals that: multimodal authentication in IVR by pointing at targets using gaze, and selecting them using a handheld controller significantly improves usability and security compared to the other methods and to prior work. We discuss how the choice of pointing and selection methods impacts the usability and security of 3D passwords in IVR.

[1]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[2]  Florian Alt,et al.  Behavioural Biometrics in VR: Identifying People from Body Motion and Relations in Virtual Reality , 2019, CHI.

[3]  Eakta Jain,et al.  EyeVEIL: degrading iris authentication in eye tracking headsets , 2019, ETRA.

[4]  Hans-Werner Gellersen,et al.  Orbits: Gaze Interaction for Smart Watches using Smooth Pursuit Eye Movements , 2015, UIST.

[5]  Abdulmotaleb El-Saddik,et al.  Three-Dimensional Password for More Secure Authentication , 2008, IEEE Transactions on Instrumentation and Measurement.

[6]  Andrea Bunt,et al.  Performer vs. observer: whose comfort level should we consider when examining the social acceptability of input modalities for head-worn display? , 2018, VRST.

[7]  H. Hussmann,et al.  Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality , 2017 .

[8]  Päivi Majaranta,et al.  Effects of feedback on eye typing with a short dwell time , 2004, ETRA.

[9]  Ken Perlin,et al.  Challenges Using Head-Mounted Displays in Shared and Social Spaces , 2019, CHI Extended Abstracts.

[10]  Sean Andrist,et al.  Looking Coordinated: Bidirectional Gaze Mechanisms for Collaborative Interaction with Virtual Characters , 2017, CHI.

[11]  Huirong Fu,et al.  Leveraging 3D Benefits for Authentication , 2017 .

[12]  Päivi Majaranta,et al.  Eye Tracking and Eye-Based Human–Computer Interaction , 2014 .

[13]  Florian Alt,et al.  VRpursuits: interaction in virtual reality using smooth pursuit eye movements , 2018, AVI.

[14]  Robert J. K. Jacob,et al.  Evaluation of eye gaze interaction , 2000, CHI.

[15]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[16]  Heinrich Hußmann,et al.  Investigating the Third Dimension for Authentication in Immersive Virtual Reality and in the Real World , 2019, 2019 IEEE Conference on Virtual Reality and 3D User Interfaces (VR).

[17]  Alain Forget,et al.  Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords , 2010, CHI.

[18]  Matthew Smith,et al.  Now you see me, now you don't: protecting smartphone authentication from shoulder surfers , 2014, CHI.

[19]  Alexander De Luca,et al.  Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices , 2013, MobileHCI '13.

[20]  Franca Garzotto,et al.  Jazzy: Leveraging Virtual Reality Layers for Hand-Eye Coordination in Users with Amblyopia , 2018, CHI Extended Abstracts.

[21]  Päivi Majaranta,et al.  Twenty years of eye typing: systems and design issues , 2002, ETRA.

[22]  Yvonne Rogers,et al.  Enticing People to Interact with Large Public Displays in Public Spaces , 2003, INTERACT.

[23]  Mohamed Khamis,et al.  Just gaze and wave: exploring the use of gaze and gestures for shoulder-surfing resilient authentication , 2019, ETRA.

[24]  D. Clayton,et al.  Repeated ordinal measurements: a generalised estimating equation approach , 1992 .

[25]  Florian Alt,et al.  The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions , 2020, CHI.

[26]  Jane Yung-jen Hsu,et al.  Touching the void: direct-touch interaction for intangible displays , 2010, CHI.

[27]  Florian Alt,et al.  Should I Interrupt or Not?: Understanding Interruptions in Head-Mounted Display Settings , 2019, Conference on Designing Interactive Systems.

[28]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[29]  Benjamin B. M. Shao,et al.  A Behavioral Analysis of Passphrase Design and Effectiveness , 2009, J. Assoc. Inf. Syst..

[30]  Mark Billinghurst,et al.  Pinpointing: Precise Head- and Eye-Based Target Selection for Augmented Reality , 2018, CHI.

[31]  Albrecht Schmidt,et al.  Interacting with the Computer Using Gaze Gestures , 2007, INTERACT.

[32]  Ivan Martinovic,et al.  Using Reflexive Eye Movements for Fast Challenge-Response Authentication , 2016, CCS.

[33]  Mohamed Khamis,et al.  Public HMDs: Modeling and Understanding User Behavior around Public Head-Mounted Displays , 2018, PerDis.

[34]  Hans-Werner Gellersen,et al.  Pursuits: spontaneous interaction with displays based on smooth pursuit eye movement and moving targets , 2013, UbiComp.

[35]  Florian Alt,et al.  CueAuth: Comparing Touch, Mid-Air Gestures, and Gaze for Cue-based Authentication on Situated Displays , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[36]  Wenyao Xu,et al.  EyeVeri: A secure and usable approach for smartphone user authentication , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[37]  Florian Alt,et al.  GazeTouchPIN: protecting sensitive data on mobile devices using secure multimodal authentication , 2017, ICMI.

[38]  Tomi Kinnunen,et al.  Towards task-independent person authentication using eye movement signals , 2010, ETRA.

[39]  Heinrich Hußmann,et al.  SwiPIN: Fast and Secure PIN-Entry on Smartphones , 2015, CHI.

[40]  Heinrich Hußmann,et al.  Look into my Eyes! Can you guess my Password? , 2009 .

[41]  Rafael Ballagas,et al.  VR Grabbers: Ungrounded Haptic Retargeting for Precision Grabbing Tools , 2018, UIST.

[42]  Ian Oakley,et al.  SmoothMoves: Smooth Pursuits Head Movements for Augmented Reality , 2017, UIST.

[43]  Florian Alt,et al.  GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices , 2016, CHI Extended Abstracts.