GazeTouchPass: Multimodal Authentication Using Gaze and Touch on Mobile Devices

We propose a multimodal scheme, GazeTouchPass, that combines gaze and touch for shoulder-surfing resistant user authentication on mobile devices. GazeTouchPass allows passwords with multiple switches between input modalities during authentication. This requires attackers to simultaneously observe the device screen and the user's eyes to find the password. We evaluate the security and usability of GazeTouchPass in two user studies. Our findings show that GazeTouchPass is usable and significantly more secure than single-modal authentication against basic and even advanced shoulder-surfing attacks.

[1]  Oleg V. Komogortsev,et al.  Usability evaluation of eye tracking on an unmodified common tablet , 2013, CHI Extended Abstracts.

[2]  Matthias Roetting,et al.  Entering PIN codes by smooth pursuit eye movements , 2014 .

[3]  Hans-Werner Gellersen,et al.  Pursuits: spontaneous interaction with displays based on smooth pursuit eye movement and moving targets , 2013, UbiComp.

[4]  G. Prasad EYE TRACKING AND EYE-BASED HUMAN – COMPUTER INTERACTION , 2016 .

[5]  Paul A. Viola,et al.  Robust Real-Time Face Detection , 2001, Proceedings Eighth IEEE International Conference on Computer Vision. ICCV 2001.

[6]  Andreas Bulling,et al.  Eye gesture recognition on portable devices , 2012, UbiComp '12.

[7]  Hans-Werner Gellersen,et al.  Pursuits: Spontaneous Eye-Based Interaction for Dynamic Interfaces , 2015, GETMBL.

[8]  Heinrich Hußmann,et al.  Look into my Eyes! Can you guess my Password? , 2009 .

[9]  Yanxia Zhang,et al.  Pupil-canthi-ratio: a calibration-free method for tracking horizontal gaze direction , 2014, AVI.

[10]  Ian Oakley,et al.  Counting clicks and beeps: Exploring numerosity based haptic and audio PIN entry , 2012, Interact. Comput..

[11]  Bo Dong,et al.  Exploiting Eye Tracking for Smartphone Authentication , 2015, ACNS.

[12]  Ian Oakley,et al.  Spinlock: A Single-Cue Haptic and Audio PIN Input Technique for Authentication , 2011, HAID.

[13]  Alexander De Luca,et al.  Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices , 2013, MobileHCI '13.

[14]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[15]  Florian Alt,et al.  A field study on spontaneous gaze-based interaction with a public display using pursuits , 2015, UbiComp/ISWC Adjunct.

[16]  Oleg V. Komogortsev,et al.  Eye tracking on unmodified common tablets: challenges and solutions , 2012, ETRA '12.

[17]  Oliver Hohlfeld,et al.  On the Applicability of Computer Vision based Gaze Tracking in Mobile Scenarios , 2015, MobileHCI.

[18]  Alexander De Luca,et al.  ColorSnakes: Using Colored Decoys to Secure Authentication in Sensitive Contexts , 2015, MobileHCI.

[19]  Andreas Bulling,et al.  EyeTab: model-based gaze estimation on unmodified tablet computers , 2014, ETRA.

[20]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[21]  Albrecht Schmidt,et al.  Increasing the security of gaze-based cued-recall graphical passwords using saliency masks , 2012, CHI.

[22]  Matthew Smith,et al.  Now you see me, now you don't: protecting smartphone authentication from shoulder surfers , 2014, CHI.

[23]  Alexander De Luca,et al.  Evaluation of eye-gaze interaction methods for security enhanced PIN-entry , 2007, OZCHI '07.

[24]  Hans-Werner Gellersen,et al.  Orbits: Gaze Interaction for Smart Watches using Smooth Pursuit Eye Movements , 2015, UIST.

[25]  Heinrich Hußmann,et al.  SwiPIN: Fast and Secure PIN-Entry on Smartphones , 2015, CHI.

[26]  Alain Forget,et al.  Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords , 2010, CHI.

[27]  Ian Oakley,et al.  The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices , 2011, Tangible and Embedded Interaction.

[28]  Albrecht Schmidt,et al.  SmudgeSafe: geometric image transformations for smudge-resistant user authentication , 2014, UbiComp.