GazeTouchPIN: protecting sensitive data on mobile devices using secure multimodal authentication

Khamis, Mohamed; Hassib, Mariam; Zezschwitz, Emanuel von; Bulling, Andreas; Alt, Florian

doi:10.1145/3136755.3136809

Cited by 72 publications

(81 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While the research community introduced a plethora of authentication schemes for mobile devices (e.g., [16,18,20,25,29]) in this work we focus on text passwords. Although text passwords were long predicted that they will cease to exist [22], they are still widely used for on mobile apps as well as online websites and services accessed from mobile devices [26].…”

Section: Text Passwords On Mobile Devicesmentioning

confidence: 99%

Passquerade

Khamis

Seitz

Leonhard

et al. 2019

Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

Self Cite

View full text Add to dashboard Cite

Figure 1: We investigate how graphical filters impact the usability and security of text passwords on mobile devices compared to displaying them in plain text or asterisks. It is difficult to mentally reverse distortions, hence it is challenging for observers to know what the text passwords above are. At the same time, if a user knows that the leftmost word is Color-Halftone, they can easily map the word's letters to the distortions. This improves error correction, while maintaining observation resistance. ABSTRACTEntering text passwords on mobile devices is a significant challenge. Current systems either display passwords in plain text: making them visible to bystanders, or replace characters with asterisks shortly after they are typed: making editing them harder. This work presents a novel approach to mask text passwords by distorting them using graphical filters. Distorted passwords are difficult to observe by attackers because they cannot mentally reverse the distortions. Yet passwords remain readable by their owners because humans can recognize visually distorted versions of content they saw before. We present results of an online questionnaire and a user study where we compared Color-halftone, Crystallize, Blurring, and Mosaic filters to Plain text and Asterisks when 1) entering, 2) editing, and 3) shoulder surfing one-word passwords, random character passwords, and passphrases. Rigorous analysis shows that Color-halftone and Crystallize filters significantly improve editing speed, editing accuracy and observation resistance compared to current approaches. CCS CONCEPTS• Security and privacy → Authentication; • Human-centered computing → Human computer interaction.

show abstract

Section: Text Passwords On Mobile Devicesmentioning

confidence: 99%

Passquerade

Khamis

Seitz

Leonhard

et al. 2019

Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…For example, XSide requires attackers to observe input on a two-sided touchscreen [7]. Similarly, being multimodal schemes, GazeTouchPass [9] and GazeTouchPIN [11] require attackers to observe the user's eyes to eavesdrop the gaze input, and the phone's screen to find the touch input. Schemes such as SwiPIN [13], PhoneLock [3], SpinLock [4], TimeLock [5] and Colorlock [5] rely on users responding to visual, haptic, or auditory cues.…”

Section: Protection By Splitting the Attacker's Attentionmentioning

confidence: 99%

“…GazeTouchPass and GazeTouchPIN were introduced and evaluated in previous work [9,11]. They are both multimodal authentication schemes that combine gaze and touch for password entry.…”

Section: Gazetouchpass and Gazetouchpinmentioning

confidence: 99%

“…The videos were recorded from an optimal angle during the usability evaluations of the schemes. They are the same videos used previously to evaluate the security of GazeTouchPass and GazeTouchPIN [9,11].…”

Section: Observation Studymentioning

confidence: 99%

“…To date, schemes were always evaluated assuming a single observer performing a one-time attack (e.g., side attack [7,9,10,11]), multiple attacks (e.g., iterative [9,11,12], intersection [16] and insider attacks [15]), or video attacks [7,14]. However, in theft, pick-pocketing and burglary situations, there are often multiple adversaries.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

They are all after you

Khamis

Bandelow

Schick

et al. 2017

Proceedings of the 16th International Conference on Mobile and Ubiquitous Multimedia

Self Cite

View full text Add to dashboard Cite

Many of the authentication schemes for mobile devices that were proposed lately complicate shoulder surfing by splitting the attacker's attention into two or more entities. For example, multimodal authentication schemes such as Gaze-TouchPIN and GazeTouchPass require attackers to observe the user's gaze input and the touch input performed on the phone's screen. These schemes have always been evaluated against single observers, while multiple observers could potentially attack these schemes with greater ease, since each of them can focus exclusively on one part of the password. In this work, we study the effectiveness of a novel threat model against authentication schemes that split the attacker's attention. As a case study, we report on a security evaluation of two state of the art authentication schemes in the case of a team of two observers. Our results show that although multiple observers perform better against these schemes than single observers, multimodal schemes are significantly more secure against multiple observers compared to schemes that employ a single modality. We discuss how this threat model impacts the design of authentication schemes.

show abstract

GazeRoomLock: Using Gaze and Head-Pose to Improve the Usability and Observation Resistance of 3D Passwords in Virtual Reality

George

Buschek

Ngao

et al. 2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Authentication has become an important component of Immersive Virtual Reality (IVR) applications, such as virtual shopping stores, social networks, and games. Recent work showed that compared to traditional graphical and alphanumeric passwords, a more promising form of passwords for IVR is 3D passwords. This work evaluates four multimodal techniques for entering 3D passwords in IVR that consist of multiple virtual objects selected in succession. Namely, we compare eye gaze and head pose for pointing, and dwell time and tactile input for selection. A comparison of a) usability in terms of entry time, error rate, and memorability, and b) resistance to real world and offline observations, reveals that: multimodal authentication in IVR by pointing at targets using gaze, and selecting them using a handheld controller significantly improves usability and security compared to the other methods and to prior work. We discuss how the choice of pointing and selection methods impacts the usability and security of 3D passwords in IVR.

show abstract

GazeTouchPIN: protecting sensitive data on mobile devices using secure multimodal authentication

Cited by 72 publications

References 28 publications

Passquerade

Passquerade

They are all after you

GazeRoomLock: Using Gaze and Head-Pose to Improve the Usability and Observation Resistance of 3D Passwords in Virtual Reality

Contact Info

Product

Resources

About