EyeSec: A Practical Shoulder-Surfing Resistant Gaze-Based Authentication System

With ubiquitous use of electronic devices where personal information is often stored, secure authentication is greatly underscored. As conventional password entry approaches are vulnerable to shoulder-surfing, gaze-based authentication approaches have been developed, but most of them require extra eye trackers which usually rely on special hardware and are too expensive for ordinary people. Aimed at both shoulder-surfing resistance and practicality, we present EyeSec, a gaze-based authentication system which exploits state-of-art gaze tracking technology without requirement for additional hardware except for a webcam. EyeSec offers three kinds of authentications, i.e., gaze-based PIN, gaze-based pattern and gaze-based captcha. According to the results of experiment, the best-performing participants, aged between 21 and 35, achieve average \(76.2\%, \) \(90.0\%\), \(100.0\%\) success rate for passing the three kinds of authentications, respectively, which makes gaze-based authentication from theory to practice.

[1]  Peter Robinson,et al.  Constrained Local Neural Fields for Robust Facial Landmark Detection in the Wild , 2013, 2013 IEEE International Conference on Computer Vision Workshops.

[2]  Mario Fritz,et al.  Appearance-based gaze estimation in the wild , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[3]  Yoichi Sato,et al.  Appearance-Based Gaze Estimation Using Visual Saliency , 2013, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[4]  Bogdan Hoanca,et al.  Gaze-based password authentication through automatic clustering of gaze points , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[5]  Alexander De Luca,et al.  Evaluation of eye-gaze interaction methods for security enhanced PIN-entry , 2007, OZCHI '07.

[6]  Mario Fritz,et al.  It’s Written All Over Your Face: Full-Face Appearance-Based Gaze Estimation , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[7]  Josep Domingo-Ferrer,et al.  Balanced Trustworthiness, Safety, and Privacy in Vehicle-to-Vehicle Communications , 2010, IEEE Transactions on Vehicular Technology.

[8]  James Hays,et al.  WebGazer: Scalable Webcam Eye Tracking Using User Interactions , 2016, IJCAI.

[9]  Elisa Bertino,et al.  Robust Multi-Factor Authentication for Fragile Communications , 2014, IEEE Transactions on Dependable and Secure Computing.

[10]  Adam J. Aviv,et al.  Baseline Measurements of Shoulder Surfing Analysis and Comparability for Smartphone Unlock Authentication , 2017, CHI Extended Abstracts.

[11]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[12]  Takahiro Okabe,et al.  Inferring human gaze from appearance via adaptive linear regression , 2011, 2011 International Conference on Computer Vision.

[13]  Vijay Rajanna,et al.  A Gaze Gesture-Based User Authentication System to Counter Shoulder-Surfing Attacks , 2017, CHI Extended Abstracts.

[14]  Alain Forget,et al.  Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords , 2010, CHI.

[15]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[16]  Robert J. K. Jacob,et al.  Eye tracking in advanced interface design , 1995 .

[17]  Andreas Bulling,et al.  Pupil: an open source platform for pervasive eye tracking and mobile gaze-based interaction , 2014, UbiComp Adjunct.

[18]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.

[19]  Andreas Bulling,et al.  EyeTab: model-based gaze estimation on unmodified tablet computers , 2014, ETRA.

[20]  Albrecht Schmidt,et al.  Increasing the security of gaze-based cued-recall graphical passwords using saliency masks , 2012, CHI.

[21]  Qiang Ji,et al.  In the Eye of the Beholder: A Survey of Models for Eyes and Gaze , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[22]  Yoichi Sato,et al.  Appearance-Based Gaze Estimation via Uncalibrated Gaze Pattern Recovery , 2017, IEEE Transactions on Image Processing.

[23]  Peter Robinson,et al.  OpenFace: An open source facial behavior analysis toolkit , 2016, 2016 IEEE Winter Conference on Applications of Computer Vision (WACV).

[24]  Thiago Santini,et al.  EyeRecToo: Open-source Software for Real-time Pervasive Head-mounted Eye Tracking , 2017, VISIGRAPP.

[25]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.