PursuitPass: A Visual Pursuit Based User Authentication System
As our lives get more deeply submerged in digital format, ubiquitous access to sensitive data requires more secure and efficient user authentication procedures. Methods that solely relied on password entry were lately enhanced with the use of biometrics. Yet, these techniques can still be tricked by, for example, recordings of the face, voice, and fingerprint cloning. In this paper we introduce PursuitPass, a compact, robust, and efficient visual pursuit-based authentication system. PursuitPass is a user calibration-free method that requires the user to enter a password by visually pursuing moving targets on a small screen, such as a public ATM or a personal mobile phone. Because eye movements are used as input, passwords are better protected against shoulder surfing. Also, since targets can potentially move in unpredictable ways, it naturally imposes a liveness feature that cannot be counterfeited by recordings of the eyes. We investigated four pattern-matching algorithms to match visual pursuit user data with the movement of the targets. Two experiments were conducted. The first experiment aimed to define the best performing matching algorithm and configuration for PursuitPass. The second experiment aimed to evaluate the performance of our prototype. PursuitPass achieved a 96.82% accuracy with an average time of 10.42s on a series of 4-digit PIN entry trials.
M. Kumar T. Garfinkel D. Boneh T. Winograd "Reducing shoulder-surfing by using gaze-based password entry" Proceedings of the 3rd Symposium on Usable Privacy and Security ser. SOUPS '07 pp. 13-19 2007.
C. Morimoto M. Mimica "Eye gaze tracking techniques for interactive applications" Computer Vision and Image Understanding vol. 98 no. 1 pp. 4-24 2005.
J. Weaver K. Mock B. Hoanca "Gaze-based password authentication through automatic clustering of gaze points" 2011 IEEE International Conference on Systems Man and Cybernetics pp. 2749-2Oct 2011.
V. Rajanna S. Polsley P. Taele T. Hammond "A gaze gesture-based user authentication system to counter shoulder-surfing attacks" Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems ser. CHI EA '17 pp. 1978-1986 2017.
A. de Luca M. Denzel H. Hussmann "Look into my eyes!: Can you guess my password?" Proceedings of the 5th Symposium on Usable Privacy and Security ser. SOUPS '09 pp. 1-12 2009.
D. Cymek A. Venjakob S. Ruff O. Lutz S. Hofmann M. Roetting "Entering pin codes by smooth pursuit eye movements" Journal of Eye Movement Research vol. 7 pp. 1-11 2014.
D. Liu B. Dong X. Gao H. Wang T. Malkin V. Kolesnikov A. B. Lewko M. Polychronakis "Exploiting eye tracking for smartphone authentication" in Applied Cryptography and Network Security Cham:Springer International Publishing pp. 457-2015.
M. Vidal A. Bulling H. Gellersen "Pursuits: Spontaneous interaction with displays based on smooth pursuit eye movement and moving targets" Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing ser. UbiComp '13 pp. 439-2013.
A. Esteves E. Velloso A. Bulling H. Gellersen "Orbits: Gaze interaction for smart watches using smooth pursuit eye movements" Proceedings of the 28th Annual ACM Symposium on User Interface Software & Technology pp. 457-2015.
M. Carter E. Velloso J. Downs A. Sellen K. O'Hara F. Vetere "Pathsync: Multi-user gestural interaction with touchless rhythmic path mimicry" Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems ser. CHI '16 pp. 3415-32016.
E. Velloso M. Carter J. Newn A. Esteves C. Clarke H. Gellersen "Motion correlation: Selecting objects by matching their movement" ACM Trans. Comput.-Hum. Interact. vol. 24 no. 3 pp. 22:1-22:35 Apr. 2017.
E. Velloso F. L. Coutinho A. Kurauchi C. H. Morimoto "Circular orbits detection for gaze interaction using 2d correlation and profile matching algorithms" Proceedings of the 2018 ACM Symposium on Eye Tracking Research & Applications pp. 25 2018.
A. de Luca R. Weiss H. Drewes "Evaluation of eye-gaze interaction methods for security enhanced pin-entry" Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces ser. OZCHI '07 pp. 199-2007.