skip to main content
10.1145/3319535.3354233acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics

Published: 06 November 2019 Publication History

Abstract

In this work we address three overlooked practical challenges of continuous authentication systems based on eye movement biometrics: (i) changes in lighting conditions, (ii) task dependent features and the (iii) need for an accurate calibration phase. We collect eye movement data from 22 participants. To measure the effect of the three challenges, we collect data while varying the experimental conditions: users perform four different tasks, lighting conditions change over the course of the session and we collect data related to both accurate (user-specific) and inaccurate (generic) calibrations. To address changing lighting conditions, we identify the two main sources of light, i.e., screen brightness and ambient light, and we propose a pupil diameter correction mechanism based on these. We find that such mechanism can accurately adjust for the pupil shrinking or expanding in relation to the varying amount of light reaching the eye. To account for inaccurate calibrations, we augment the previously known feature set with new features based on binocular tracking, where the left and the right eye are tracked separately. We show that these features can be extremely distinctive even when using a generic calibration. We further apply a cross-task mapping function based on population data which systematically accounts for the dependency of features to tasks (e.g., reading a text and browsing a website lead to different eye movement dynamics). Using these enhancements, even while relaxing assumptions about the experimental conditions, we show that our system achieves significantly lower error rates compared to previous work. For intra-task authentication, without user-specific calibration and in variable screen brightness and ambient lighting, we achieve an equal error rate of 3.93% with only two minutes of training data. For the same setup but with constant screen brightness (e.g., as for a reading task) we can achieve equal error rates as low as of 1.88%.

Supplementary Material

WEBM File (p1187-eberz.webm)

References

[1]
Kevin Allix, Tegawendé F Bissyandé, Jacques Klein, and Yves Le Traon. 2015. Areyour training datasets yet relevant?. In International Symposium on Engineering Secure Software and Systems. Springer, 51--67.
[2]
Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2012. Increasing the securityof gaze-based cued-recall graphical passwords using saliency masks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM,3011--3020.
[3]
Virginio Cantoni, Chiara Galdi, Michele Nappi, Marco Porta, and Daniel Riccio. 2015. GANT: Gaze analysis technique for human identification. Pattern Recognition 48, 4 (2015), 1023--1034. https://doi.org/10.1016/j.patcog.2014.02.017
[4]
Lewis Carroll. 1930. Alice in Wonderland.
[5]
Guglielmo Cola, Marco Avvenuti, Fabio Musso, and Alessio Vecchio. 2016. Gait-based authentication using a wrist-worn device. In Proceedings of the 13th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services. ACM, 208--217.
[6]
Véronique Daneault, Gilles Vandewalle, Marc Hébert, Petteri Teikari, Ludovic S Mure, Julien Doyon, Claude Gronfier, Howard M Cooper, Marie Dumont, and Julie Carrier. 2012. Does pupil constriction under blue and green monochromatic light exposure change with age? Journal of biological rhythms 27, 3 (2012), 257--264.
[7]
George Doddington, Walter Liggett, Alvin Martin, Mark Przybocki, and Douglas A. Reynolds. 1998. Sheep, goats, lambs and wolves: A statistical analysis ofspeaker performance in the NIST 1998 speaker recognition evaluation. National Institut of Standards and Technology Gaithersburg(1998), 1--4.
[8]
Andrew T. Duchowski. 2017. Eye tracking methodology: Theory and practice: Third edition. Springer International Publishing, Cham. 1--366 pages. https://doi.org/10.1007/978--3--319--57883--5 arXiv:arXiv:1011.1669v3
[9]
Simon Eberz, Giulio Lovisotto, Andrea Patane, Marta Kwiatkowska, Vincent Lenders, and Ivan Martinovic. 2018. When your fitness tracker betrays you:Quantifying the predictability of biometric features across contexts. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 889--905.
[10]
Simon Eberz, Nicola Paoletti, Marc Roeschlin, Andrea Patani, Marta Kwiatkowska, and Ivan Martinovic. 2017. Broken Hearted: How To Attack ECG Biometrics. In Proceedings 2017 Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2017.23408
[11]
Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, and Ivan Martinovic. 2015. Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics. In Proceedings 2015 Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2015.23203
[12]
Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, and Ivan Martinovic. 2016. Looks Like Eve: Exposing Insider Threats Using Eye Movement Biometrics. ACM Transactions on Privacy and Security 19, 1 (2016). https://doi.org/10.1145/2904018
[13]
Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, and Ivan Martinovic. 2017. Evaluating Behavioral Biometrics for Continuous Authentication. In Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security -ASIA CCS '17. ACM Press, New York, New York, USA, 386--399. https://doi.org/10.1145/3052973.3053032
[14]
S. Zahra Fatemian, Foteini Agrafioti, and Dimitrios Hatzinakos. 2010. HeartID: Cardiac biometric recognition. InIEEE 4th International Conference on Biometrics: Theory, Applications and Systems, BTAS 2010. https://doi.org/10.1109/BTAS.2010.5634493
[15]
Tao Feng, Xi Zhao, and Weidong Shi. 2013. Investigating mobile device picking-upmotion as a novel biometric modality. In 2013 IEEE Sixth International Conferenceon Biometrics: Theory, Applications and Systems (BTAS). IEEE, 1--6.
[16]
Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. 2013. Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometricfor Continuous Authentication. IEEE Transactions on Information Forensics and Security 8, 1 (Jan. 2013), 136--148. https://doi.org/10.1109/TIFS.2012.2225048
[17]
Chiara Galdi, Michele Nappi, Daniel Riccio, Virginio Cantoni, and Marco Porta. 2013. A new gaze analysis based soft-biometric. In Mexican Conference on Pattern Recognition. Springer, 136--144.
[18]
Isaac Griswold-Steiner, Zakery Fyke, Mushfique Ahmed, and Abdul Serwadda. 2018. Morph-a-Dope: Using Pupil Manipulation to Spoof Eye Movement Biometrics.
[19]
Daniele Gunetti and Claudia Picardi. 2005. Keystroke analysis of free text. ACM Transactions on Information and System Security 8, 3 (2005), 312--347. https://doi.org/10.1145/1085126.1085129
[20]
Corey Holland and Oleg V Komogortsev. 2011. Biometric identification via eyemovement scanpaths in reading. In Biometrics (IJCB), 2011 International Joint Conference on. IEEE, 1--8.
[21]
Corey D Holland and Oleg V Komogortsev. 2013. Complex eye movementpattern biometrics: Analyzing fixations and saccades. InBiometrics (ICB), 2013 International Conference on. IEEE, 1--8.
[22]
Kenneth Holmqvist, Marcus Nyström, and Fiona Mulvey. 2012. Eye tracker dataquality: what it is and how to measure it. In Proceedings of the symposium on eyetracking research and applications. ACM, 45--52.
[23]
Donald R. Jasinski, Jeffrey S. Pevnick, and John D. Griffith. 1978. Human Pharmacology and Abuse Potential of the Analgesic Buprenorphine: A Potential Agent for Treating Narcotic Addiction. Archives of General Psychiatry 35, 4 (1978),501--516. https://doi.org/10.1001/archpsyc.1978.01770280111012
[24]
Andrew H Johnston and Gary M Weiss. 2015. Smartwatch-based biometric gait recognition. In Biometrics Theory, Applications and Systems (BTAS), 2015 IEEE 7th International Conference on. IEEE, 1--6.
[25]
Daniel Kahneman and Jackson Beatty. 1966. Pupil diameter and load on memory. Science 154, 3756 (1966), 1583--1585.
[26]
Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rdsymposium on Usable privacy and security - SOUPS '07. 13. https://doi.org/10.1145/1280680.1280683
[27]
Dachuan Liu, Bo Dong, Xing Gao, and Haining Wang. 2015. Exploiting eyetracking for smartphone authentication. In International Conference on Applied Cryptography and Network Security. Springer, 457--477.
[28]
Colleen MacLachlan and Howard C. Howland. 2002. Normal values and standard deviations for pupil diameter and interpupillary distance in subjects aged 1month to 19 years. Ophthalmic and Physiological Optics 22, 3 (May 2002), 175--182.https://doi.org/10.1046/j.1475--1313.2002.00023.x
[29]
Susana Martinez-Conde, Stephen L. Macknik, Xoana G. Troncoso, and Thomas A. Dyar. 2006. Microsaccades counteract visual fading during fixation. Neuron 49, 2(2006), 297--305. https://doi.org/10.1016/j.neuron.2005.11.033
[30]
Mihai Pop, Yves Payette, and Emma Santoriello. 2002. Comparison of the pupilcard and pupillometer in measuring pupil size. Journal of Cataract & Refractive Surgery 28, 2 (2002), 283--288.
[31]
Ioannis Rigas, George Economou, and Spiros Fotopoulos. 2012. Biometric identification based on the eye movements and graph matching techniques. Pattern Recognition Letters 33, 6 (2012), 786--792.
[32]
Ioannis Rigas and Oleg V Komogortsev. 2014. Biometric recognition via probabilistic spatial projection of eye movement trajectories in dynamic visual environments. IEEE Transactions on Information Forensics and Security 9, 10 (2014),1743--1754.
[33]
Brian C. Ross. 2014. Mutual information between discrete and continuous datasets. PLoS ONE 9, 2 (Feb. 2014), e87357. https://doi.org/10.1371/journal.pone.0087357
[34]
Hildur EH Schilling, Keith Rayner, and James I Chumbley. 1998. Comparingnaming, lexical decision, and eye fixation times: Word frequency effects and individual differences. Memory & Cognition 26, 6 (1998), 1270--1281.
[35]
Ivo Sluganovic, Marc Roeschlin, Kasper B. Rasmussen, and Ivan Martinovic. 2016. Using Reflexive Eye Movements for Fast Challenge-Response Authentication. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16. ACM Press, New York, New York, USA, 1056--1067. https://doi.org/10.1145/2976749.2978311
[36]
Sasitorn Taptagaporn and Susumu Saito. 1990. How display polarity and lighting conditions affect the pupil size of VDT operators. Ergonomics 33, 2 (Feb. 1990),201--208. https://doi.org/10.1080/00140139008927110
[37]
B Winn, D Whitaker, D B Elliott, and N J Phillips. 1994. Factors affecting light-adapted pupil size in normal human subjects. Investigative ophthalmology & visual science 35, 3 (1994), 1132--1137.
[38]
Nan Zheng, Aaron Paloski, and Haining Wang. 2011. An efficient user verification system via mouse movements. In Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. 139. https://doi.org/10.1145/2046707.2046725

Cited By

View all
  • (2024)MagSign: Harnessing Dynamic Magnetism for User Authentication on IoT DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2022.321685123:1(597-611)Online publication date: Jan-2024
  • (2024)Establishing a Baseline for Gaze-driven Authentication Performance in VR: A Breadth-First Investigation on a Very Large Dataset2024 IEEE International Joint Conference on Biometrics (IJCB)10.1109/IJCB62174.2024.10744483(1-10)Online publication date: 15-Sep-2024
  • (2024)A Comprehensive Review on Secure Biometric-Based Continuous Authentication and User ProfilingIEEE Access10.1109/ACCESS.2024.341178312(82996-83021)Online publication date: 2024
  • Show More Cited By

Index Terms

  1. 28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
    November 2019
    2755 pages
    ISBN:9781450367479
    DOI:10.1145/3319535
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 06 November 2019

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. authentication
    2. biometrics
    3. eye movements

    Qualifiers

    • Research-article

    Funding Sources

    • Mastercard

    Conference

    CCS '19
    Sponsor:

    Acceptance Rates

    CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;
    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)55
    • Downloads (Last 6 weeks)9
    Reflects downloads up to 14 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)MagSign: Harnessing Dynamic Magnetism for User Authentication on IoT DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2022.321685123:1(597-611)Online publication date: Jan-2024
    • (2024)Establishing a Baseline for Gaze-driven Authentication Performance in VR: A Breadth-First Investigation on a Very Large Dataset2024 IEEE International Joint Conference on Biometrics (IJCB)10.1109/IJCB62174.2024.10744483(1-10)Online publication date: 15-Sep-2024
    • (2024)A Comprehensive Review on Secure Biometric-Based Continuous Authentication and User ProfilingIEEE Access10.1109/ACCESS.2024.341178312(82996-83021)Online publication date: 2024
    • (2024)Continuous Authentication with Eye Movement BiometricsProceedings of the Eighth International Scientific Conference “Intelligent Information Technologies for Industry” (IITI’24), Volume 110.1007/978-3-031-77688-5_35(369-377)Online publication date: 20-Dec-2024
    • (2023)Continuous Authentication Using Human-Induced Electric PotentialProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627124(409-423)Online publication date: 4-Dec-2023
    • (2023)Privacy-preserving datasets of eye-tracking samples with applications in XRIEEE Transactions on Visualization and Computer Graphics10.1109/TVCG.2023.324704829:5(2774-2784)Online publication date: May-2023
    • (2023)Low-effort VR Headset User Authentication Using Head-reverberated Sounds with Replay Resistance2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179367(3450-3465)Online publication date: May-2023
    • (2023)EyeDrive: A Deep Learning Model for Continuous Driver AuthenticationIEEE Journal of Selected Topics in Signal Processing10.1109/JSTSP.2023.323530217:3(637-647)Online publication date: May-2023
    • (2023)Data-Augmentation-Enabled Continuous User Authentication via Passive Vibration ResponseIEEE Internet of Things Journal10.1109/JIOT.2023.326427410:16(14137-14151)Online publication date: 15-Aug-2023
    • (2023)Identifying Virtual Reality Users Across Domain-Specific Tasks: A Systematic Investigation of Tracked Features for Assembly2023 IEEE International Symposium on Mixed and Augmented Reality (ISMAR)10.1109/ISMAR59233.2023.00054(396-404)Online publication date: 16-Oct-2023
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media