research-article

Free-Form Gaze Passwords from Cameras Embedded in Smart Glasses

Authors:

Eira Friström,

Pauliina Kärkkäinen,

Tommi Mäkinen,

Rainhard Dieter FindlingAuthors Info & Claims

MoMM2019: Proceedings of the 17th International Conference on Advances in Mobile Computing & Multimedia

Pages 136 - 144

https://doi.org/10.1145/3365921.3365928

Published: 22 February 2020 Publication History

Abstract

Contemporary personal mobile devices support a variety of authentication approaches, featuring different levels of security and usability. With cameras embedded in smart glasses, seamless, hands-free mobile authentication based on gaze is possible. Gaze authentication relies on knowledge as a secret, and gaze passwords are composed from a series of gaze points or gaze gestures. This paper investigates the concept of free-form mobile gaze passwords. Instead of relying on gaze gestures or points, free-form gaze gestures exploit the trajectory of the gaze over time. We collect and investigate a set of 29 different free-form gaze passwords from 19 subjects. In addition, the practical security of the approach is investigated in a study with 6 attackers observing eye movements during password input to subsequently perform spoofing. Our investigation indicates that most free-form gaze passwords can be expressed as a set of common geometrical shapes. Further, our free-form gaze authentication yields a true positive rate of 81% and a false positive rate with other gaze passwords of 12%, while targeted observation and spoofing is successful in 17.5% of all cases. Our usability study reveals that further work on the usability of gaze input is required as subjects reported that they felt uncomfortable creating and performing free-form passwords.

References

[1]

Sadiq Almuairfi, Prakash Veeraraghavan, and Naveen Chilamkurti. 2013. A novel image-based implicit password authentication system (IPAS) for mobile and non-mobile devices. Mathematical and Computer Modelling 58, 1 (2013), 108--116.

[2]

J. Bonneau. 2012. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In IEEE Symposium on Security and Privacy (SP 2012). 538--552. https://doi.org/10.1109/SP.2012.49

Digital Library

[3]

Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2012. Increasing the security of gaze-based cued-recall graphical passwords using saliency masks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 3011--3020.

Digital Library

[4]

Andreas Bulling, Daniel Roggen, and Gerhard Tröster. 2008. It's in your eyes: towards context-awareness and mobile HCI using wearable EOG goggles. In Proceedings of the 10th international conference on Ubiquitous computing. ACM, 84--93.

Digital Library

[5]

Andreas Bulling, Daniel Roggen, and Gerhard Tröster. 2009. Wearable EOG goggles: eye-based interaction in everyday environments. ACM.

[6]

Alexander De Luca, Roman Weiss, and Heiko Drewes. 2007. Evaluation of eye-gaze interaction methods for security enhanced PIN-entry. In Proceedings of the 19th australasian conference on computer-human interaction: Entertaining user interfaces. ACM, 199--202.

[7]

Murtaza Dhuliawala, Juyoung Lee, Junichi Shimizu, Andreas Bulling, Kai Kunze, Thad Starner, and Woontack Woo. 2016. Smooth eye movement interaction using EOG glasses. In Proceedings of the 18th ACM International Conference on Multimodal Interaction. ACM, 307--311.

Digital Library

[8]

Rainhard Dieter Findling, Michael Hölzl, and René Mayrhofer. 2018. Mobile Match-on-Card Authentication Using Offline-Simplified Models with Gait and Face Biometrics. IEEE Transactions on Mobile Computing (TMC) 14, 11 (Nov. 2018), 2578--2590. https://doi.org/10.1109/TMC.2018.2812883

[9]

Rainhard Dieter Findling, Muhammad Muaaz, Daniel Hintze, and René Mayrhofer. 2017. ShakeUnlock: Securely Transfer Authentication States Between Mobile Devices. IEEE Transactions on Mobile Computing (TMC) 16, 4 (April 2017), 1163--1175. https://doi.org/10.1109/TMC.2016.2582489

[10]

Rainhard Dieter Findling, Le Ngu Nguyen, and Stephan Sigg. 2019. Closed-Eye Gaze Gestures: Detection and Recognition of Closed-Eye Movements with Cameras in Smart Glasses. In 15th International Work-Conference on Artificial Neural Networks (IWANN 2019) (LNCS). Springer.

[11]

Alain Forget, Sonia Chiasson, and Robert Biddle. 2010. Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 1107--1110.

Digital Library

[12]

José Luis Guiñón, Emma Ortega, José García-Antón, and Valentín Pérez-Herranz. 2007. Moving average and Savitzki-Golay smoothing filters using Mathcad. Papers ICEE 2007 (2007).

[13]

Michael Haslgrübler, Peter Fritz, Benedikt Gollan, and Alois Ferscha. 2017. Getting through: modality selection in a multi-sensor-actuator industrial IoT environment. In Proceedings of the Seventh International Conference on the Internet of Things. ACM, 21.

Digital Library

[14]

Henna Heikkilä and Kari-Jouko Räihä. 2009. Speed and accuracy of gaze gestures. Journal of Eye Movement Research 3, 2 (2009), 1.

[15]

Daniel Hintze, Philipp Hintze, Rainhard Dieter Findling, and René Mayrhofer. 2017. A Large-Scale, Long-Term Analysis of Mobile Device Usage Characteristics. Proc. ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 1, 2 (June 2017). https://doi.org/10.1145/3090078

Digital Library

[16]

Daniel Hintze, Muhammad Muaaz, Rainhard Dieter Findling, S. Scholz, E. Koch, and René Mayrhofer. 2015. Confidence and Risk Estimation Plugins for Multi-Modal Authentication on Mobile Devices using CORMORANT. In 13th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2015). ACM, Brussels, Belgium, 384--388. https://doi.org/10.1145/2837126.2843845

Digital Library

[17]

Moritz Kassner, William Patera, and Andreas Bulling. 2014. Pupil: An Open Source Platform for Pervasive Eye Tracking and Mobile Gaze-based Interaction. In Adjunct Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp '14 Adjunct). ACM, New York, NY, USA, 1151--1160. https://doi.org/10.1145/2638728.2641695

[18]

Moritz Kassner, William Patera, and Andreas Bulling. 2014. Pupil: an open source platform for pervasive eye tracking and mobile gaze-based interaction. In Proceedings of the 2014 ACM international joint conference on pervasive and ubiquitous computing: Adjunct publication. ACM, 1151--1160.

Digital Library

[19]

Eamonn J Keogh and Michael J Pazzani. 2001. Derivative dynamic time warping. In Proceedings of the 2001 SIAM international conference on data mining. SIAM, 1--11.

[20]

Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, and Florian Alt. 2017. GazeTouchPIN: protecting sensitive data on mobile devices using secure multimodal authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction. ACM, 446--450.

Digital Library

[21]

Lydia Kraus, Robert Schmidt, Marcel Walch, Florian Schaub, and Sebastian Möller. 2017. On the Use of Emojis in Mobile Authentication. In ICT Systems Security and Privacy Protection, Sabrina De Capitani di Vimercati and Fabio Martinelli (Eds.).

[22]

Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rd symposium on Usable privacy and security. ACM, 13--19.

Digital Library

[23]

Michael F Land. 1999. Motion and vision: why animals move their eyes. Journal of Comparative Physiology A 185, 4 (1999), 341--352.

[24]

Stefan Mitrasinovic, Elvis Camacho, Nirali Trivedi, Julia Logan, Colson Campbell, Robert Zilinyi, Bryan Lieber, Eliza Bruce, Blake Taylor, David Martineau, et al. 2015. Clinical and surgical applications of smart glasses. Technology and Health Care 23, 4 (2015), 381--401.

Digital Library

[25]

Vijay Rajanna and Tracy Hammond. 2018. Gaze-Assisted User Authentication to Counter Shoulder-surfing Attacks. arXiv preprint arXiv:1803.07782 (2018).

[26]

Furkan Tari, A. Ant Ozok, and Stephen H. Holden. 2006. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In Proc. of the second symposium on Usable privacy and security (SOUPS '06). ACM, New York, NY, USA, 56--66. https://doi.org/10.1145/1143120.1143128

[27]

Julie Thorpe and Paul C van Oorschot. 2007. Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In USENIX Security Symposium, Vol. 8. 1--8.

[28]

Paul C. van Oorschot and Julie Thorpe. 2008. On Predictive Models and User-drawn Graphical Passwords. ACM Trans. Inf. Syst. Secur. 10, 4, Article 5 (Jan. 2008), 33 pages. https://doi.org/10.1145/1284680.1284685

Cited By

Hallal LRhinelander JVenkat R(2024)Recent Trends of Authentication Methods in Extended Reality: A SurveyApplied System Innovation10.3390/asi70300457:3(45)Online publication date: 28-May-2024
https://doi.org/10.3390/asi7030045
Park MChang ZUsuzaki SAburada KOkazaki N(2024)Proposal and Evaluation of a Gaze Authentication Method that Combines Image Selection and Eye Movement Trajectory Features2024 Twelfth International Symposium on Computing and Networking Workshops (CANDARW)10.1109/CANDARW64572.2024.00055(293-299)Online publication date: 26-Nov-2024
https://doi.org/10.1109/CANDARW64572.2024.00055
Düzgün RMayer PVolkamer M(2022)Shoulder-Surfing Resistant Authentication for Augmented RealityNordic Human-Computer Interaction Conference10.1145/3546155.3546663(1-13)Online publication date: 8-Oct-2022
https://dl.acm.org/doi/10.1145/3546155.3546663
Show More Cited By

Index Terms

Free-Form Gaze Passwords from Cameras Embedded in Smart Glasses
1. Human-centered computing
  1. Ubiquitous and mobile computing
    1. Ubiquitous and mobile computing theory, concepts and paradigms
      1. Mobile computing
    2. Ubiquitous and mobile devices
      1. Mobile devices
2. Security and privacy
  1. Security services
    1. Authentication
      1. Graphical / visual passwords

Recommendations

Hide my Gaze with EOG!: Towards Closed-Eye Gaze Gesture Passwords that Resist Observation-Attacks with Electrooculography in Smart Glasses
MoMM2019: Proceedings of the 17th International Conference on Advances in Mobile Computing & Multimedia

Smart glasses allow for gaze gesture passwords as a hands-free form of mobile authentication. However, pupil movements for password input are easily observed by attackers, who thereby can derive the password. In this paper we investigate closed-eye gaze ...
Haptic feedback of gaze gestures with glasses: localization accuracy and effectiveness
UbiComp/ISWC'15 Adjunct: Adjunct Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers

Wearable devices including smart eyewear require new interaction methods between the device and the user. In this paper, we describe our work on the combined use of eye tracking for input and haptic (touch) stimulation for output with eyewear. Input ...
Eye Blink Detection for Smart Glasses
ISM '13: Proceedings of the 2013 IEEE International Symposium on Multimedia

Eye blink is a quick action of closing and opening of the eyelids. Eye blink detection has a wide range of applications in human computer interaction and human vision health care research. Existing approaches to eye blink detection often cannot suit ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MoMM2019: Proceedings of the 17th International Conference on Advances in Mobile Computing & Multimedia

December 2019

266 pages

ISBN:9781450371780

DOI:10.1145/3365921

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

Johannes Kepler University, Linz, Austria
@WAS: International Organization of Information Integration and Web-based Applications and Services

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

MoMM2019

MoMM2019: The 17th International Conference on Advances in Mobile Computing & Multimedia

December 2 - 4, 2019

Munich, Germany

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
158
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hallal LRhinelander JVenkat R(2024)Recent Trends of Authentication Methods in Extended Reality: A SurveyApplied System Innovation10.3390/asi70300457:3(45)Online publication date: 28-May-2024
https://doi.org/10.3390/asi7030045
Park MChang ZUsuzaki SAburada KOkazaki N(2024)Proposal and Evaluation of a Gaze Authentication Method that Combines Image Selection and Eye Movement Trajectory Features2024 Twelfth International Symposium on Computing and Networking Workshops (CANDARW)10.1109/CANDARW64572.2024.00055(293-299)Online publication date: 26-Nov-2024
https://doi.org/10.1109/CANDARW64572.2024.00055
Düzgün RMayer PVolkamer M(2022)Shoulder-Surfing Resistant Authentication for Augmented RealityNordic Human-Computer Interaction Conference10.1145/3546155.3546663(1-13)Online publication date: 8-Oct-2022
https://dl.acm.org/doi/10.1145/3546155.3546663
Yamato YTakahashi S(2021)Gaze-Based Authentication Method Using Graphical Passwords Featuring KeypointsProceedings of the 33rd Australian Conference on Human-Computer Interaction10.1145/3520495.3520527(273-279)Online publication date: 30-Nov-2021
https://dl.acm.org/doi/10.1145/3520495.3520527
Mayrhofer RSigg S(2021)Adversary Models for Mobile Device AuthenticationACM Computing Surveys10.1145/347760154:9(1-35)Online publication date: 8-Oct-2021
https://dl.acm.org/doi/10.1145/3477601

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten