Abstract
With ubiquitous use of electronic devices where personal information is often stored, secure authentication is greatly underscored. As conventional password entry approaches are vulnerable to shoulder-surfing, gaze-based authentication approaches have been developed, but most of them require extra eye trackers which usually rely on special hardware and are too expensive for ordinary people. Aimed at both shoulder-surfing resistance and practicality, we present EyeSec, a gaze-based authentication system which exploits state-of-art gaze tracking technology without requirement for additional hardware except for a webcam. EyeSec offers three kinds of authentications, i.e., gaze-based PIN, gaze-based pattern and gaze-based captcha. According to the results of experiment, the best-performing participants, aged between 21 and 35, achieve average \(76.2\%, \) \(90.0\%\), \(100.0\%\) success rate for passing the three kinds of authentications, respectively, which makes gaze-based authentication from theory to practice.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baltrusaitis, T., Robinson, P., Morency, L.P.: Constrained local neural fields for robust facial landmark detection in the wild. In: Proceedings of the IEEE International Conference on Computer Vision Workshops, pp. 354–361 (2013)
Baltrušaitis, T., Robinson, P., Morency, L.P.: Openface: an open source facial behavior analysis toolkit. In: 2016 IEEE Winter Conference on Applications of Computer Vision (WACV), pp. 1–10. IEEE (2016)
Bulling, A., Alt, F., Schmidt, A.: Increasing the security of gaze-based cued-recall graphical passwords using saliency masks. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3011–3020. ACM (2012)
Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? A large scale evaluation. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 399–413. IEEE (2010)
Davin, J.T.: Baseline measurements of shoulder surfing analysis and comparability for smartphone unlock authentication. Technical report, Naval Academy Annapolis MD Annapolis (2017)
De Luca, A., Weiss, R., Drewes, H.: Evaluation of eye-gaze interaction methods for security enhanced pin-entry. In: Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces, pp. 199–202. ACM (2007)
Forget, A., Chiasson, S., Biddle, R.: Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1107–1110. ACM (2010)
Hansen, D.W., Ji, Q.: In the eye of the beholder: a survey of models for eyes and gaze. IEEE Trans. Pattern Anal. Mach. Intelligence 32(3), 478–500 (2010)
Huang, X., Xiang, Y., Bertino, E., Zhou, J., Xu, L.: Robust multi-factor authentication for fragile communications. IEEE Trans. Dependable Secure Comput. 11(6), 568–581 (2014)
Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2011)
Jacob, R.J.: Eye tracking in advanced interface design. In: Virtual Environments and Advanced Interface Design, pp. 258–288 (1995)
Kassner, M., Patera, W., Bulling, A.: Pupil: an open source platform for pervasive eye tracking and mobile gaze-based interaction. In: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication, pp. 1151–1160. ACM (2014)
Kumar, M., Garfinkel, T., Boneh, D., Winograd, T.: Reducing shoulder-surfing by using gaze-based password entry. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 13–19. ACM (2007)
Lu, F., Chen, X., Sato, Y.: Appearance-based gaze estimation via uncalibrated gaze pattern recovery. IEEE Trans. Image Process. 26(4), 1543–1553 (2017)
Lu, F., Sugano, Y., Okabe, T., Sato, Y.: Inferring human gaze from appearance via adaptive linear regression. In: 2011 IEEE International Conference on Computer Vision (ICCV), pp. 153–160. IEEE (2011)
Papoutsaki, A., Sangkloy, P., Laskey, J., Daskalova, N., Huang, J., Hays, J.: WebGazer: scalable webcam eye tracking using user interactions. In: Proceedings of the Twenty-Fifth International Joint Conference on Artificial Intelligence (IJCAI 2016) (2016)
Rajanna, V., Polsley, S., Taele, P., Hammond, T.: A gaze gesture-based user authentication system to counter shoulder-surfing attacks. In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 1978–1986. ACM (2017)
Santini, T., Fuhl, W., Geisler, D., Kasneci, E.: EyeRecToo: open-source software for real-time pervasive head-mounted eye tracking. In: VISIGRAPP (6: VISAPP), pp. 96–101 (2017)
Sugano, Y., Matsushita, Y., Sato, Y.: Appearance-based gaze estimation using visual saliency. IEEE Trans. Pattern Anal. Mach. Intell. 35(2), 329–341 (2013)
von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_18
Weaver, J., Mock, K., Hoanca, B.: Gaze-based password authentication through automatic clustering of gaze points. In: 2011 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 2749–2754. IEEE (2011)
Wood, E., Bulling, A.: EyeTab: model-based gaze estimation on unmodified tablet computers. In: Proceedings of the Symposium on Eye Tracking Research and Applications, pp. 207–210. ACM (2014)
Wu, Q., Domingo-Ferrer, J., González-Nicolás, U.: Balanced trustworthiness, safety, and privacy in vehicle-to-vehicle communications. IEEE Trans. Veh. Technol. 59(2), 559–573 (2010)
Zhang, X., Sugano, Y., Fritz, M., Bulling, A.: Appearance-based gaze estimation in the wild. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4511–4520 (2015)
Zhang, X., Sugano, Y., Fritz, M., Bulling, A.: It’s written all over your face: full-face appearance-based gaze estimation. arXiv preprint arXiv:1611.08860 (2016)
Acknowledgements
Qianhong Wu is the corresponding author. This paper is supported by the National High Technology Research and Development Program of China (863 Program) through project 2015AA017205, the Natural Science Foundation of China through projects 61772538, 61672083 and 61370190, and by the National Cryptography Development Fund through project MMJJ20170106. This work is supported by National Natural Science Foundation of China (61472083, 61402110, 61771140).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Li, N., Wu, Q., Liu, J., Hu, W., Qin, B., Wu, W. (2017). EyeSec: A Practical Shoulder-Surfing Resistant Gaze-Based Authentication System. In: Liu, J., Samarati, P. (eds) Information Security Practice and Experience. ISPEC 2017. Lecture Notes in Computer Science(), vol 10701. Springer, Cham. https://doi.org/10.1007/978-3-319-72359-4_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-72359-4_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72358-7
Online ISBN: 978-3-319-72359-4
eBook Packages: Computer ScienceComputer Science (R0)