ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Reducing shoulder-surfing by using gaze-based password entry
Full text PdfPdf (241 KB)
Source
ACM International Conference Proceeding Series; Vol. 229 archive
Proceedings of the 3rd symposium on Usable privacy and security table of contents
Pittsburgh, Pennsylvania
SESSION: Passwords table of contents
Pages: 13 - 19  
Year of Publication: 2007
ISBN:978-1-59593-801-5
Authors
Manu Kumar  Stanford University, Stanford, CA
Tal Garfinkel  Stanford University, Stanford, CA
Dan Boneh  Stanford University, Stanford, CA
Terry Winograd  Stanford University, Stanford, CA
Sponsor
: CyLab
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 15,   Downloads (12 Months): 154,   Citation Count: 7
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1280680.1280683
What is a DOI?

ABSTRACT

Shoulder-surfing -- using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information -- is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user's password credentials. We present EyePassword, a system that mitigates the issues of shoulder surfing via a novel approach to user input.

With EyePassword, a user enters sensitive input (password, PIN, etc.) by selecting from an on-screen keyboard using only the orientation of their pupils (i.e. the position of their gaze on screen), making eavesdropping by a malicious observer largely impractical. We present a number of design choices and discuss their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional methods.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Apple MacBook iSight camera. Apple Computer: Cupertino, California, USA. http://www.apple.com/macbook/isight.html
 
2
The EyeGaze Communication System, 2007. LC Technologies, Inc.: McLean, Virginia. http://www.eyegaze.com/2Products/Disability/Disabilitymain.htm
 
3
IPRIZE: a $1,000,000 Grand Challenge designed to spark advances in eye-tracking technology through competition, 2006. http://hcvl.hci.iastate.edu/IPRIZE/
 
4
MyTobii Communication Software, 2006. Tobii Technology AB. http://www.tobii.com/default.asp?sid=555
 
5
PassFaces: patented technology that uses the brain's natural power to recognize familiar faces. PassFaces Corporation. http://www.passfaces.com/products/passfaces.htm
 
6
Schlage Scramble Keypad Reader (SERIII-W). Schlage (Ingersoll Rand Security Technologies). http://securitymanagementsystem.schlage.com/documents/readers_SERIII-W.pdf
 
7
Amir, A., M. Flickner, and D. Koons, Theory for Calibration Free Eye Gaze Tracking. 2002, IBM Almaden Research.
 
8
Arnon Amir , Lior Zimet , Alberto Sangiovanni-Vincentelli , Sean Kao, An embedded system for an eye-detection sensor, Computer Vision and Image Understanding, v.98 n.1, p.104-123, April 2005  [doi>10.1016/j.cviu.2004.07.009]
 
9
Asonov, D. and R. Agrawal. Keyboard Acoustic Emanations. In Proceedings of IEEE Symposium on Security and Privacy. Oakland, California, USA: IEEE. pp. 3--11, 2004.
10
Yigael Berger , Avishai Wool , Arie Yeredor, Dictionary attacks using keyboard acoustic emanations, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180436]
 
11
Andrew T. Duchowski, Eye Tracking Methodology: Theory and Practice, Springer-Verlag New York, Inc., Secaucus, NJ, 2003
 
12
Golle, P. and D. Wagner, Cryptanalysis of a Cognitive Authentication Scheme, International Association for Cryptologic Research, July 31 2006.
13
Dan Witzner Hansen , David J. C. MacKay , John Paulin Hansen , Mads Nielsen, Eye tracking off the shelf, Proceedings of the 2004 symposium on Eye tracking research & applications, p.58-58, March 22-24, 2004, San Antonio, Texas  [doi>10.1145/968363.968375]
14
John Paulin Hansen , Kristian Tørning , Anders Sewerin Johansen , Kenji Itoh , Hirotaka Aoki, Gaze typing compared with input by head and hand, Proceedings of the 2004 symposium on Eye tracking research & applications, p.131-138, March 22-24, 2004, San Antonio, Texas  [doi>10.1145/968363.968389]
15
Craig Hennessey , Borna Noureddin , Peter Lawrence, A single camera eye-gaze tracking system with free head motion, Proceedings of the 2006 symposium on Eye tracking research & applications, March 27-29, 2006, San Diego, California  [doi>10.1145/1117309.1117349]
 
16
Hoanca, B. and K. Mock. Screen Oriented Technique for Reducing the Incidence of Shoulder Surfing. In Proceedings of International Conference on Security and Management (SAM). Las Vegas, Nevada, USA, 2005.
17
Bogdan Hoanca , Kenrick Mock, Secure graphical password system for high traffic public areas, Proceedings of the 2006 symposium on Eye tracking research & applications, March 27-29, 2006, San Diego, California  [doi>10.1145/1117309.1117319]
 
18
Jacob, R. J. K. and K. S. Karn, Eye Tracking in Human-Computer Interaction and Usability Research: Ready to Deliver the Promises, in The Mind's eye: Cognitive and Applied Aspects of Eye Movement Research, J. Hyona, R. Radach, and H. Deubel, Editors. Elsevier Science: Amsterdam. pp. 573--605, 2003.
 
19
Kuhn, M. G., Electromagnetic Eavesdropping Risks of Flat-Panel Displays, in 4th Workshop on Privacy Enhancing Technologies, LNCS. Springer-Verlag: Berlin / Heidelberg. pp. 23--25, 2004.
 
20
Kumar, M., GUIDe Saccade Detection and Smoothing Algorithm. Technical Report CSTR 2007-03, Stanford University, Stanford 2007. http://hci.stanford.edu/cstr/reports/2007-03.pdf
 
21
Kumar, M., Reducing the Cost of Eye Tracking Systems. Technical Report CSTR 2006-08, Stanford University, Stanford, April 2006. http://hci.stanford.edu/cstr/reports/2006-08.pdf
22
Manu Kumar , Andreas Paepcke , Terry Winograd, EyePoint: practical pointing and selection using gaze and keyboard, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA  [doi>10.1145/1240624.1240692]
 
23
Maeder, A., C. Fookes, and S. Sridharan. Gaze Based User Authentication for Personal Computer Applications. In Proceedings of International Symposium on Intelligent Multimedia, Video and Speech Processing. Hong Kong: IEEE. pp. 727--30, 2004.
24
Päivi Majaranta , Anne Aula , Kari-Jouko Räihä, Effects of feedback on eye typing with a short dwell time, Proceedings of the 2004 symposium on Eye tracking research & applications, p.139-146, March 22-24, 2004, San Antonio, Texas  [doi>10.1145/968363.968390]
25
Päivi Majaranta , I. Scott MacKenzie , Anne Aula , Kari-Jouko Räihä, Auditory and visual feedback during eye typing, CHI '03 extended abstracts on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA  [doi>10.1145/765891.765979]
26
Päivi Majaranta , Kari-Jouko Räihä, Twenty years of eye typing: systems and design issues, Proceedings of the 2002 symposium on Eye tracking research & applications, March 25-27, 2002, New Orleans, Louisiana  [doi>10.1145/507072.507076]
 
27
Monrose, F., M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. International Journal of Information Security 1(2). pp. 69--83, 2002.
 
28
Morimoto, C., D. Koons, A. Amir, and M. Flickner. Pupil Detection and Tracking Using Multiple Light Sources. Image and Vision Computing 18(4). pp. 331--36, 2000.
29
Carlos H. Morimoto , Arnon Amir , Myron Flickner, Free head motion eye gaze tracking without calibration, CHI '02 extended abstracts on Human factors in computing systems, April 20-25, 2002, Minneapolis, Minnesota, USA  [doi>10.1145/506443.506496]
30
Takehiko Ohno , Naoki Mukawa, A free-head, simple calibration, gaze tracking system that enables gaze-based interaction, Proceedings of the 2004 symposium on Eye tracking research & applications, p.115-122, March 22-24, 2004, San Antonio, Texas  [doi>10.1145/968363.968387]
31
Volker Roth , Kai Richter , Rene Freidinger, A PIN-entry method resilient against shoulder surfing, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030116]
 
32
RSA Security, I., RSA SecurID Authentication. http://www.rsasecurity.com/node.asp?id=1156
 
33
Simonite, T. Tactile passwords could stop ATM 'shoulder-surfing', New Scientist, October 6, 2006.
 
34
Dawn Xiaodong Song , David Wagner , Xuqing Tian, Timing analysis of keystrokes and timing attacks on SSH, Proceedings of the 10th conference on USENIX Security Symposium, p.25-25, August 13-17, 2001, Washington, D.C.
 
35
Xiaoyuan Suo , Ying Zhu , G. Scott. Owen, Graphical Passwords: A Survey, Proceedings of the 21st Annual Computer Security Applications Conference, p.463-472, December 05-09, 2005  [doi>10.1109/CSAC.2005.27]
 
36
Desney S. Tan , Pedram Keyani , Mary Czerwinski, Spy-resistant keyboard: more secure password entry on public touch screen displays, Proceedings of the 19th conference of the computer-human interaction special interest group (CHISIG) of Australia on Computer-human interaction: citizens online: considerations for today and the future, November 21-25, 2005, Canberra, Australia
37
Julie Thorpe , P. C. van Oorschot , Anil Somayaji, Pass-thoughts: authenticating with our minds, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California  [doi>10.1145/1146269.1146282]
 
38
Tobii Technology, AB, Tobii 1750 Eye Tracker, 2006. Sweden. http://www.tobii.com
 
39
Daphna Weinshall, Cognitive Authentication Schemes Safe Against Spyware (Short Paper), Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.295-300, May 21-24, 2006  [doi>10.1109/SP.2006.10]
40
Susan Wiedenbeck , Jim Waters , Leonardo Sobrado , Jean-Camille Birget, Design and evaluation of a shoulder-surfing resistant graphical password scheme, Proceedings of the working conference on Advanced visual interfaces, May 23-26, 2006, Venezia, Italy  [doi>10.1145/1133265.1133303]
41
Zhiwei Zhu , Kikuo Fujimura , Qiang Ji, Real-time eye detection and tracking under various light conditions, Proceedings of the 2002 symposium on Eye tracking research & applications, March 25-27, 2002, New Orleans, Louisiana  [doi>10.1145/507072.507100]
42
Li Zhuang , Feng Zhou , J. D. Tygar, Keyboard acoustic emanations revisited, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102169]

CITED BY  7
Alexander De Luca , Roman Weiss , Heiko Drewes, Evaluation of eye-gaze interaction methods for security enhanced PIN-entry, Proceedings of the 2007 conference of the computer-human interaction special interest group (CHISIG) of Australia on Computer-human interaction: design: activities, artifacts and environments, November 28-30, 2007, Adelaide, Australia
Alexander De Luca , Roman Weiss , Heinrich Hussmann, PassShape: stroke based shape passwords, Proceedings of the 2007 conference of the computer-human interaction special interest group (CHISIG) of Australia on Computer-human interaction: design: activities, artifacts and environments, November 28-30, 2007, Adelaide, Australia
Alexander De Luca , Roman Weiss , Heinrich Hußmann , Xueli An, Eyepass - eye-stroke authentication for public terminals, CHI '08 extended abstracts on Human factors in computing systems, April 05-10, 2008, Florence, Italy
Hirokazu Sasamoto , Nicolas Christin , Eiji Hayashi, Undercover: authentication usable in front of prying eyes, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy
Alexander De Luca , Bernhard Frauendienst, A privacy-respectful input method for public terminals, Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges, October 20-22, 2008, Lund, Sweden
Alexander De Luca , Martin Denzel , Heinrich Hussmann, Look into my eyes!: can you guess my password?, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California
Alexander De Luca , Emanuel von Zezschwitz , Heinrich Hußmann, Vibrapass: secure authentication based on shared lies, Proceedings of the 27th international conference on Human factors in computing systems, April 04-09, 2009, Boston, MA, USA

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)


General Terms:
Human Factors, Security


Keywords:
eye tracking, gaze-based password entry, password entry, shoulder surfing

Collaborative Colleagues:
Manu Kumar: colleagues
Tal Garfinkel: colleagues
Dan Boneh: colleagues
Terry Winograd: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player