ABSTRACT
Personal identification numbers (PINs) are one of the most common ways of electronic authentication these days and used in a wide variety of applications, especially in ATMs (cash machines). A non-marginal amount of tricks are used by criminals to spy on these numbers to gain access to the owners' valuables. Simply looking over the victims' shoulders to get in possession of their PINs is a common one. This effortless but effective trick is known as shoulder surfing. Thus, a less observable PIN entry method is desirable. In this work, we evaluate three different eye gaze interaction methods for PIN-entry, all resistant against these common attacks and thus providing enhanced security. Besides the classical eye input methods we also investigate a new approach of gaze gestures and compare it to the well known classical gaze-interactions. The evaluation considers both security and usability aspects. Finally we discuss possible enhancements for gaze gestures towards pattern based identification instead of number sequences.
- Coventry, L., De Angeli, A., and Johnson, G. Usability and biometric verification at the ATM interface. In: Proceedings of CHI '03, Fort Lauderdale, Florida, USA, April 5 -- 10, 2003. Google ScholarDigital Library
- Drewes, H., Schmidt, A. Interacting with the Computer using Gaze Gestures. In: Proceedings of Interact'07. Rio De Janeiro, Brasil. September 10 -- 14, 2007. Google ScholarDigital Library
- Drewes, H., De Luca, A., Schmidt, A. 2007. Eye-Gaze Interaction for Mobile Phones. In: Proceedings of Mobility'07. Singapore, September 10 -- 12, 2007. Google ScholarDigital Library
- http://www.eyeresponse.com, September 2007.Google Scholar
- http://www.hirschelectronics.com/Products_ScramblePads. asp, August 2007.Google Scholar
- Jacob, R. J. What you look at is what you get: eye movement-based interaction techniques. In: Proceedings of CHI '90, Seattle, Washington, USA, April 01 -- 05, 1990. Google ScholarDigital Library
- Kumar, M., Garfinkel, T., Boneh, D., Winograd, T. Reducing Shoulder-surfing by Using Gaze-based Password Entry. In: Proceedings of SOUPS '07, Pittsburgh, USA, July 18 -- 20, 2007. Google ScholarDigital Library
- Moncur, W. and Leplâtre, G. Pictures at the ATM: exploring the usability of multiple graphical passwords. In: Proceedings of CHI '07, San Jose, California, USA, April 28 -- May 03, 2007. Google ScholarDigital Library
- http://optimoz.mozdev.org/gestures/, August 2007.Google Scholar
- Rogers, J. "Please enter your 4-digit PIN". In Financial Services Technology, U.S. Edition, Issue 4, March 2007.Google Scholar
- Roth, V., Richter, K., and Freidinger, R. A PIN-entry method resilient against shoulder surfing. In: Proceedings of CCS '04, Washington DC, USA, October 25 -- 29, 2004. Google ScholarDigital Library
- Tan, D. S., Keyani, P., and Czerwinski, M. Spy-resistant keyboard: more secure password entry on public touch screen displays. In Proceedings of OZCHI '05, Canberra, Australia, November 21 -- 25, 2005. Google ScholarDigital Library
- Tullis, T. S. and Tedesco, D. P. Using personal photos as pictorial passwords. In: CHI '05 Extended Abstracts, Portland, OR, USA, April 02 -- 07, 2005. Google ScholarDigital Library
- Ware, C. and Mikaelian, H. H. An evaluation of an eye tracker as a device for computer input. In: Proceedings of CHI '87, Toronto, Ontario, Canada, April 05 -- 09, 1987. Google ScholarDigital Library
- Wobbrock, J. O., Myers, B. A., and Kembel, J. A. EdgeWrite: a stylus-based text entry method designed for high accuracy and stability of motion. In: Proceedings of UIST '03, Vancouver, Canada, November 02 -- 05, 2003. Google ScholarDigital Library
Index Terms
- Evaluation of eye-gaze interaction methods for security enhanced PIN-entry
Recommendations
Hide my Gaze with EOG!: Towards Closed-Eye Gaze Gesture Passwords that Resist Observation-Attacks with Electrooculography in Smart Glasses
MoMM2019: Proceedings of the 17th International Conference on Advances in Mobile Computing & MultimediaSmart glasses allow for gaze gesture passwords as a hands-free form of mobile authentication. However, pupil movements for password input are easily observed by attackers, who thereby can derive the password. In this paper we investigate closed-eye gaze ...
Enhanced gaze interaction using simple head gestures
UbiComp '12: Proceedings of the 2012 ACM Conference on Ubiquitous ComputingWe propose a combination of gaze pointing and head gestures for enhanced hands-free interaction. Instead of the traditional dwell-time selection method, we experimented with five simple head gestures: nodding, turning left/right, and tilting left/right. ...
Gaze gestures or dwell-based interaction?
ETRA '12: Proceedings of the Symposium on Eye Tracking Research and ApplicationsThe two cardinal problems recognized with gaze-based interaction techniques are: how to avoid unintentional commands, and how to overcome the limited accuracy of eye tracking. Gaze gestures are a relatively new technique for giving commands, which has ...
Comments