They are all after you

Khamis, Mohamed; Bandelow, Linda; Schick, Stina; Casadevall, Dario; Bulling, Andreas; Alt, Florian

doi:10.1145/3152832.3152851

Cited by 16 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In both the replication study and the real-world study [52] the attacks were single-person attacks through optimal views on the authentication scheme and the interaction -this depicts a best case scenario for the attacker. Using non-optimal or user-defined views, or more advanced threat models (e.g., multiple observers [48]), could result in different findings. Third, following Khamis et al 's [52] study design means facing the same limitations.…”

Section: Limitationsmentioning

confidence: 99%

RepliCueAuth: Validating the Use of a Lab-Based Virtual Reality Setup for Evaluating Authentication Systems

Mathis

Vaniea

Khamis

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

Self Cite

View full text Add to dashboard Cite

Figure 1: We evaluate and discuss the suitability of using Virtual Reality (VR) to conduct human-centred usability and security evaluations of real-world authentication systems. To this end, we replicated a recently introduced authentication scheme called CueAuth [52] (➊) into VR (➋). We then evaluate the usability and security of our replica and compare the results to the real-world evaluation of CueAuth [52].

show abstract

Section: Limitationsmentioning

confidence: 99%

RepliCueAuth: Validating the Use of a Lab-Based Virtual Reality Setup for Evaluating Authentication Systems

Mathis

Vaniea

Khamis

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Suitable threat models should be employed when evaluating the security of authentication schemes. For example, previous work evaluated multimodal authentication schemes against two observers [76] and by using video record-ings from two cameras [74]. Commonly studied threats include shoulder surfing attacks [39], video attacks [32], thermal attacks [1], and smudge attacks [11].…”

Section: Evaluation Metricsmentioning

confidence: 99%

The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions

Katsini¹,

Abdrabou

Raptis³

et al. 2020

Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems

Self Cite

108

View full text Add to dashboard Cite

For the past 20 years, researchers have investigated the use of eye tracking in security applications. We present a holistic view on gaze-based security applications. In particular, we canvassed the literature and classify the utility of gaze in security applications into a) authentication, b) privacy protection, and c) gaze monitoring during security critical tasks. This allows us to chart several research directions, most importantly 1) conducting field studies of implicit and explicit gaze-based authentication due to recent advances in eye tracking, 2) research on gaze-based privacy protection and gaze monitoring in security critical tasks which are under-investigated yet very promising areas, and 3) understanding the privacy implications of pervasive eye tracking. We discuss the most promising opportunities and most pressing challenges of eye tracking for security that will shape research in gaze-based security applications for the next decade.

show abstract

“…However, we expect that performing it against gaze input would still be challenging due to the large number of cues that the attacker would have to observe, in addition to the eye movements. Another direction for future work is to evaluate our methods against other observation-based threat models, such as the insider model [60], and the case of having multiple attackers observation the user simultaneously [31]. The latter is particularly relevant for public displays, where it is typical that a group surrounds the user during interaction [32].…”

Section: Further Threat Modelsmentioning

confidence: 99%

CueAuth

Khamis

Trotter

Mäkelä

et al. 2018

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

Self Cite

View full text Add to dashboard Cite

Secure authentication on situated displays (e.g., to access sensitive information or to make purchases) is becoming increasingly important. A promising approach to resist shoulder surfing attacks is to employ cues that users respond to while authenticating; this overwhelms observers by requiring them to observe both the cue itself as well as users' response to the cue. Although previous work proposed a variety of modalities, such as gaze and mid-air gestures, to further improve security, an understanding of how they compare with regard to usability and security is still missing as of today. In this paper, we rigorously compare modalities for cue-based authentication on situated displays. In particular, we provide the first comparison between touch, mid-air gestures, and calibration-free gaze using a state-of-the-art authentication concept. In two in-depth user studies (N=37) we found that the choice of touch or gaze presents a clear trade-off between usability and security. For example, while gaze input is more secure, it is also more demanding and requires longer authentication times. Mid-air gestures are slightly slower and more secure than touch but users hesitate to use them in public. We conclude with three significant design implications for authentication using touch, mid-air gestures, and gaze and discuss how the choice of modality creates opportunities and challenges for improved authentication in public. CCS Concepts: • Security and privacy → Authentication; • Human-centered computing → Human computer interaction (HCI); Interaction techniques; Interaction design;

show abstract

They are all after you

Cited by 16 publications

References 15 publications

RepliCueAuth: Validating the Use of a Lab-Based Virtual Reality Setup for Evaluating Authentication Systems

RepliCueAuth: Validating the Use of a Lab-Based Virtual Reality Setup for Evaluating Authentication Systems

The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions

CueAuth

Contact Info

Product

Resources

About