skip to main content
10.1145/3282894.3289741acmotherconferencesArticle/Chapter ViewAbstractPublication PagesmumConference Proceedingsconference-collections
research-article

eNGAGE: Resisting Shoulder surfing using Novel Gaze Gestures Authentication

Published: 25 November 2018 Publication History

Abstract

Most of the already existing authentication schemes are subject to multiple types of side-channel attacks such as shoulder surfing, smudge attacks, and thermal attacks. Meanwhile, motion sensors and eye trackers are becoming more accurate. We propose a novel authentication technique that leverages a combination of mid-air gestures and gaze input for shoulder surfing resilient authentication. The aim is to complicate shoulder surfing attacks by dividing the attacker's attention onto 1) the user's eyes, 2) hand-gestures, and 3) the screen. We report on the concept and implementation of the approach using both random and fixed layouts.

References

[1]
Yomna Abdelrahman, Mohamed Khamis, Stefan Schneegass, and Florian Alt. 2017. Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication. In Proceedings of the 35th Annual ACM Conference on Human Factors in Computing Systems (CHI '17). ACM, New York, NY, USA.
[2]
Ilhan Aslan, Andreas Uhl, Alexander Meschtscherjakov, and Manfred Tscheligi. 2016. Design and Exploration of Mid-Air Authentication Gestures. ACM Trans. Interact. Intell. Syst. 6, 3, Article 23 (Sept. 2016), 22 pages.
[3]
Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT'10). USENIX Association, Berkeley, CA, USA, 1--7. http://dl.acm.org/citation.cfm?id=1925004.1925009
[4]
Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2012. Counting Clicks and Beeps: Exploring Numerosity Based Haptic and Audio PIN Entry. Interact. Comput. 24, 5 (Sept. 2012), 409--422.
[5]
Heiko Drewes, Alexander De Luca, and Albrecht Schmidt. 2007. Eye-gaze Interaction for Mobile Phones. In Proceedings of the 4th International Conference on Mobile Technology, Applications, and Systems and the 1st International Symposium on Computer Human Interaction in Mobile Technology (Mobility '07). ACM, New York, NY, USA, 364--371.
[6]
Malin Eiband, Mohamed Khamis, Emanuel von Zezschwitz, Heinrich Hussmann, and Florian Alt. 2017. Understanding Shoulder Surfing in the Wild: Stories from Users and Observers. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17). ACM, New York, NY, USA, 11.
[7]
Ceenu Goerge, Mohamed Khamis, Emanuel von Zezschwitz, Marinus Burger, Henri Schmidt, Florian Alt, and Heinrich Hussmann. 2017. Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality. In Proceedings of the Network and Distributed System Security Symposium (USEC '17). NDSS.
[8]
Mohamed Khamis, Regina Hasholzner, Andreas Bulling, and Florian Alt. 2017a. GTmoPass: Two-factor Authentication on Public Displays Using GazeTouch passwords and Personal Mobile Devices. In Proceedings of the 6th International Symposium on Pervasive Displays (PerDis '17). ACM, New York, NY, USA, 9.
[9]
Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, and Florian Alt. 2017b. GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction (ICMI 2017). ACM, New York, NY, USA, 446--450.
[10]
Keaton Mowery, Sarah Meiklejohn, and Stefan Savage. 2011. Heat of the Moment: Characterizing the Efficacy of Thermal Camera-based Attacks. In Proceedings of the 5th USENIX Conference on Offensive Technologies (WOOT'11). USENIX Association, Berkeley, CA, USA, 6--6. http://dl.acm.org/citation.cfm?id=2028052.2028058
[11]
Florian Schaub, Marcel Walch, Bastian Könings, and Michael Weber. 2013. Exploring the Design Space of Graphical Passwords on Smartphones. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, New York, NY, USA, Article 11, 14 pages.
[12]
Furkan Tari, A. Ant Ozok, and Stephen H. Holden. 2006. A Comparison of Perceived and Real Shoulder-surfing Risks Between Alphanumeric and Graphical Passwords. In Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS '06). ACM, New York, NY, USA, 56--66.

Cited By

View all
  • (2022)Virtual Reality Observations: Using Virtual Reality to Augment Lab-Based Shoulder Surfing Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00048(291-300)Online publication date: Mar-2022
  • (2019)Just gaze and waveProceedings of the 11th ACM Symposium on Eye Tracking Research & Applications10.1145/3314111.3319837(1-10)Online publication date: 25-Jun-2019

Index Terms

  1. eNGAGE: Resisting Shoulder surfing using Novel Gaze Gestures Authentication

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    MUM '18: Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia
    November 2018
    548 pages
    ISBN:9781450365949
    DOI:10.1145/3282894
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 25 November 2018

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Gaze
    2. Gestures
    3. Multimodal Authentication

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    MUM 2018

    Acceptance Rates

    MUM '18 Paper Acceptance Rate 37 of 82 submissions, 45%;
    Overall Acceptance Rate 190 of 465 submissions, 41%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)4
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2022)Virtual Reality Observations: Using Virtual Reality to Augment Lab-Based Shoulder Surfing Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00048(291-300)Online publication date: Mar-2022
    • (2019)Just gaze and waveProceedings of the 11th ACM Symposium on Eye Tracking Research & Applications10.1145/3314111.3319837(1-10)Online publication date: 25-Jun-2019

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media