skip to main content
10.1145/1753326.1753489acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
research-article

Multi-touch authentication on tabletops

Published: 10 April 2010 Publication History

Abstract

The introduction of tabletop interfaces has given rise to the need for the development of secure and usable authentication techniques that are appropriate for the co-located collaborative settings for which they have been designed. Most commonly, user authentication is based on something you know, but this is a particular problem for tabletop interfaces, as they are particularly vulnerable to shoulder surfing given their remit to foster co-located collaboration. In other words, tabletop users would typically authenticate in full view of a number of observers. In this paper, we introduce and evaluate a number of novel tabletop authentication schemes that exploit the features of multi-touch interaction in order to inhibit shoulder surfing. In our pilot work with users, and in our formal user-evaluation, one authentication scheme - Pressure-Grid - stood out, significantly enhancing shoulder surfing resistance when participants used it to enter both PINs and graphical passwords.

Supplementary Material

index.html (index.html)
Slides from the presentation
MOV File (p1093.mov)
Supplemental video file for "Multi-touch authentication on tabletops"
Audio only (1753489.mp3)
Video (1753489.mp4)

References

[1]
D. Baker. Nondisclosing password entry system. U.S. Patent 5,428,349 June 27, 1995.
[2]
E. A. Bier, M. C. Stone, K. Pier, K. Fishkin, T. Baudel, M. Conway,W. Buxton, and T. DeRose. Toolglass and magic lenses: the see-through interface. In CHI '94: Conference companion on Human factors in computing systems, pages 445--446, New York, NY, USA, 1994. ACM.
[3]
S. Brostoff and M. A. Sasse. Are passfaces more usable than passwords? a field trial investigation. In Proceedings of HCI 2000, 2000.
[4]
L.-W. Chan, T.-T. Hu, J.-Y. Lin, Y.-P. Hung, and J. Hsu. On top of tabletop: A virtual touch panel display. In Horizontal Interactive Human Computer Systems, 2008. TABLETOP 2008. 3rd IEEE International Workshop on, pages 169--176, Oct. 2008.
[5]
A. De Luca and B. Frauendienst. A privacy-respectful input method for public terminals. In NordiCHI '08: Proceedings of the 5th Nordic conference on Human-computer interaction, pages 455--458, New York, NY, USA, 2008. ACM.
[6]
A. De Luca, E. von Zezschwitz, and H. Hussmann. Vibrapass - secure authentication based on shared lies. In 27th ACM SIGCHI Conference on Human Factors in Computing Systems. ACM, Apr. 2009.
[7]
P. Dunphy, J. Nicholson, and P. Olivier. Securing passfaces for description. In SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security, pages 24--35, New York, NY, USA, 2008. ACM.
[8]
I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin. The design and analysis of graphical passwords. In SSYM'99: Proceedings of the 8th conference on USENIX Security Symposium, pages 1--1, Berkeley, CA, USA, 1999. USENIX Association.
[9]
B. Malek, M. Orozco, and A. E. Saddik. Novel shoulder-surfing resistant haptic-based graphical password. In EuroHaptics 2006, pages 179--184, jul 2006.
[10]
J. Marshall, T. Pridmore, M. Pound, S. Benford, and B. Koleva. Pressing the flesh: Sensing multiple touch and finger pressure on arbitrary surfaces. In Pervasive Computing, Lecture Notes in Computer Science, pages 38--55. Springer, May 2008.
[11]
M. J. Martino, G. L. Meissner, and R. C. J. Paulsen. Identity verification system resistant to compromise by observation of its use. U.S. Patent 5,276,314 January 4, 1994.
[12]
Microsoft Surface. http://www.surface.com.
[13]
K. D. Mitnick and W. L. Simon. The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons, Inc., New York, NY, USA, 2003.
[14]
Passfaces Corporation. http://www.passfaces.com.
[15]
T. Pering, M. Sundar, J. Light, and R. Want. Photographic authentication through untrusted terminals. IEEE Pervasive Computing, 2(1):30--36, 2003.
[16]
V. Roth, K. Richter, and R. Freidinger. A pin-entry method resilient against shoulder surfing. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 236--245, New York, NY, USA, 2004. ACM.
[17]
S. Sakurai, Y. KItamura, S. Subramanian, and F. Kishino. Visibility control using revolving polarizer. In Horizontal Interactive Human Computer Systems, 2008. TABLETOP 2008, pages 161--168. IEEE, October 2008.
[18]
H. Sasamoto, N. Christin, and E. Hayashi. Undercover: authentication usable in front of prying eyes. In CHI '08: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, pages 183--192, New York, NY, USA, 2008. ACM.
[19]
J. Schöning, P. Brandl, F. Daiber, F. Echtler, O. Hilliges, J. Hook, M. Löchtefeld, N. Motamedi, L. Muller, P. Olivier, T. Roth, and U. von Zadow. Multi-touch surfaces: A technical guide. techreport, 2008.
[20]
J. Schöning, M. Rohs, and A. Kr¨uger. Spatial authentication on large interactive multi-touch surfaces. In IEEE Tabetop 2008: Adjunct Proceedings of IEEE Tabletops and Interactie Surfaces, October 2008.
[21]
G. B. D. Shoemaker and K. M. Inkpen. Single display privacyware: augmenting public displays with private information. In CHI '01: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 522--529, New York, NY, USA, 2001. ACM.
[22]
P. Sinha, B. Balas, Y. Ostrovsky, and R. Russell. Face recognition by humans: Nineteen results all computer vision researchers should know about. Proceedings of the IEEE, 94(11):1948--1962, January 2007.
[23]
R. T. Smith and W. Piekarski. Public and private workspaces on tabletop displays. In AUIC '08: Proceedings of the ninth conference on Australasian user interface, pages 51--54, Darlinghurst, Australia, Australia, 2008. Australian Computer Society, Inc.
[24]
L. Standing, J. Conezio, and R. N. Haber. Perception and memory for pictures: Single-trial learning of 2500 visual stimuli. Psychonomic Science, (19):73--74, 1970.
[25]
X. Suo, Y. Zhu, and G. S. Owen. Graphical Passwords: A Survey. In ACSAC '05: Proceedings of the 21st Annual Computer Security Applications Conference, pages 463--472,Washington, DC, USA, 2005. IEEE Computer Society.
[26]
T. Takada, T. Onuki, and H. Koike. Awase-e: Recognition-based image authentication scheme using users' personal photographs. In Innovations in Information Technology, 2006, pages 1--5, Nov. 2006.
[27]
D. S. Tan, P. Keyani, and M. Czerwinski. Spy-resistant keyboard: more secure password entry on public touch screen displays. In OZCHI '05: Proceedings of the 17th Australia conference on Computer-Human Interaction, pages 1--10, Narrabundah, Australia, Australia, 2005. Computer-Human Interaction Special Interest Group (CHISIG) of Australia.
[28]
F. Tari, A. A. Ozok, and S. H. Holden. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In SOUPS '06: Proceedings of the second symposium on Usable privacy and security, pages 56--66, New York, NY, USA, 2006. ACM.
[29]
D. Vogel and R. Balakrishnan. Interactive public ambient displays: transitioning from implicit to explicit, public to personal, interaction with multiple users. In UIST '04: Proceedings of the 17th annual ACM symposium on User interface software and technology, pages 137--146, New York, NY, USA, 2004. ACM.
[30]
S. Wiedenbeck, J. Waters, L. Sobrado, and J.-C. Birget. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In AVI '06: Proceedings of the working conference on Advanced visual interfaces, pages 177--184, New York, NY, USA, 2006. ACM.
[31]
M. Wu and R. Balakrishnan. Multi-finger and whole hand gestural interaction techniques for multi-user tabletop displays. In UIST '03: Proceedings of the 16th annual ACM symposium on User interface software and technology, pages 193--202, New York, NY, USA, 2003. ACM.

Cited By

View all
  • (2023)Squeez’In: Private Authentication on Smartphones based on Squeezing GesturesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581419(1-15)Online publication date: 19-Apr-2023
  • (2023)A Comparison of a Touch-Gesture- and a Keystroke-Based Password Method: Toward Shoulder-Surfing Resistant Mobile User AuthenticationIEEE Transactions on Human-Machine Systems10.1109/THMS.2023.323632853:2(303-314)Online publication date: Apr-2023
  • (2022)Verification Grid and Map Slipping Based Graphical Password against Shoulder-Surfing AttacksSecurity and Communication Networks10.1155/2022/67787552022Online publication date: 1-Jan-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CHI '10: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
April 2010
2690 pages
ISBN:9781605589299
DOI:10.1145/1753326
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 April 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. graphical passwords
  2. multi-touch interaction
  3. shoulder surfing
  4. user authentication

Qualifiers

  • Research-article

Conference

CHI '10
Sponsor:

Acceptance Rates

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025
ACM CHI Conference on Human Factors in Computing Systems
April 26 - May 1, 2025
Yokohama , Japan

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)18
  • Downloads (Last 6 weeks)1
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Squeez’In: Private Authentication on Smartphones based on Squeezing GesturesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581419(1-15)Online publication date: 19-Apr-2023
  • (2023)A Comparison of a Touch-Gesture- and a Keystroke-Based Password Method: Toward Shoulder-Surfing Resistant Mobile User AuthenticationIEEE Transactions on Human-Machine Systems10.1109/THMS.2023.323632853:2(303-314)Online publication date: Apr-2023
  • (2022)Verification Grid and Map Slipping Based Graphical Password against Shoulder-Surfing AttacksSecurity and Communication Networks10.1155/2022/67787552022Online publication date: 1-Jan-2022
  • (2022)Online Binary Models are Promising for Distinguishing Temporally Consistent Computer Usage ProfilesIEEE Transactions on Biometrics, Behavior, and Identity Science10.1109/TBIOM.2022.31792064:3(412-423)Online publication date: Jul-2022
  • (2022)CipherCard: A Token-Based Approach Against Camera-Based Shoulder Surfing Attacks on Common Touchscreen DevicesHuman-Computer Interaction – INTERACT 201510.1007/978-3-319-22668-2_34(436-454)Online publication date: 10-Mar-2022
  • (2022)A Hand Gesture-Based Authentication Method that Makes Forgery DifficultHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-05563-8_18(268-279)Online publication date: 16-Jun-2022
  • (2021)A Camouflage Text-Based Password Approach for Mobile Devices against Shoulder-Surfing AttackSecurity and Communication Networks10.1155/2021/66530762021Online publication date: 20-Jan-2021
  • (2021)EyeLogin - Calibration-free Authentication Method for Public Displays Using Eye GazeACM Symposium on Eye Tracking Research and Applications10.1145/3448018.3458001(1-7)Online publication date: 25-May-2021
  • (2021)RepliCueAuth: Validating the Use of a Lab-Based Virtual Reality Setup for Evaluating Authentication SystemsProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445478(1-18)Online publication date: 6-May-2021
  • (2021)SelfiePass: A Shoulder Surfing Resistant Graphical Password Scheme2021 International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT)10.1109/RTEICT52294.2021.9573972(563-567)Online publication date: 27-Aug-2021
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media