New version page

Reducing Shoulder-surfing by Using Gaze-based Password Entry

Upgrade to remove ads

This preview shows page 1-2 out of 7 pages.

Save
View Full Document
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience

Upgrade to remove ads
Unformatted text preview:

Reducing Shoulder-surfing by Using Gaze-based Password Entry Manu Kumar, Tal Garfinkel, Dan Boneh, Terry Winograd Stanford University Gates Building 353 Serra Mall, Stanford, CA +1.650.725.3722 {sneaker, talg, dabo, winograd}@cs.stanford.edu ABSTRACT Shoulder-surfing – using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information – is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user’s password credentials. We present EyePassword, a system that mitigates the issues of shoulder surfing via a novel approach to user input. With EyePassword, a user enters sensitive input (password, PIN, etc.) by selecting from an on-screen keyboard using only the orientation of their pupils (i.e. the position of their gaze on screen), making eavesdropping by a malicious observer largely impractical. We present a number of design choices and discuss their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional methods. Categories and Subject Descriptors K.6.5 [Security and Protection]: Authentication. H.5.2 [User Interfaces]: Input devices and strategies. General Terms Security, Human Factors Keywords Shoulder surfing, password entry, eye tracking, gaze-based password entry. 1. INTRODUCTION Passwords remain the dominant means of authentication in today’s systems because of their simplicity, legacy deployment and ease of revocation. Unfortunately, common approaches to entering passwords by way of keyboard, mouse, touch screen or any traditional input device, are frequently vulnerable to attacks such as shoulder surfing and password snooping. Current approaches to reducing shoulder surfing typically also reduce the usability of the system; often requiring users to use security tokens [32], interact with systems that do not provide direct feedback [31, 40] or they require additional steps to prevent an observer from easily disambiguating the input to determine the password/PIN [5, 12, 31, 36, 39, 40]. Previous gaze-based authentication methods [16, 17, 23] do not support traditional password schemes. We present EyePassword, an alternative approach to password entry that retains the ease of use of traditional passwords, while mitigating shoulder-surfing and acoustics attacks. EyePassword utilizes gaze-based typing, a technique originally developed for disabled users (like [4]) as an alternative to normal keyboard and mouse input. Gaze tracking works by using computer vision techniques to track the orientation of the user’s pupil to calculate the position of the user’s gaze on the screen. Gaze-based password entry makes gleaning password information difficult for the unaided observer while retaining the simplicity and ease of use for the user. As expected, a number of design choices affect the security and usability of our system. We discuss these in Section 3 along with the choices we made in the design of EyePassword. We implemented EyePassword using the Tobii 1750 [38] eye tracker and conducted user studies to evaluate the speed, accuracy and user acceptance. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and users indicated that they would prefer to use the gaze-based approach when entering their password in a public place. 2. BACKGROUND AND RELATED WORK Shoulder-surfing is an attack on password authentication that has traditionally been hard to defeat. It can be done remotely using binoculars and cameras, using keyboard acoustics [9, 10, 42], or electromagnetic emanations from displays [19]. Access to the user’s password simply by observing the user while he or she is entering a password undermines all the effort put in to encrypting passwords and protocols for authenticating the user securely. To some extent, the human actions when inputting the password are the weakest link in the chain. Biometric methods, which identify individuals based on physiological or behavioral characteristics, have the advantage that they are harder to replicate and therefore are not susceptible to the risks of shoulder surfing. However, biometric techniques Copyright is held by the author/owner. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. Symposium On Usable Privacy and Security (SOUPS) 2007, July 18-20, 2007, Pittsburgh, PA, USA.suffer from the drawback that biometric characteristics are non-secret and non-revocable. While it is easy for a user to change a password, it is a considerably less convenient and presumably more painful procedure for the user to change a fingerprint or retinal scan. Physical token based approaches such as the RSA SecurID token [32] overcome shoulder-surfing, but such devices require users to carry a physical access token, which is prone to being lost or stolen. The Scramble Keypad Reader [6] uses a 7-segment LED display inside each keypad pushbutton. The location of the digits on the keypad is randomized with each trial thereby reducing the risk of shoulder surfing. This keypad also uses two pieces of metal on either side of the keypad to prevent other people from seeing the keys being pressed. In general, approaches to overcoming shoulder surfing rely on “increasing the noise” for the observer so that it becomes difficult for the observer to disambiguate the user’s actions/input. Roth et al [31] present an approach for PIN entry which uses the philosophy of increasing the noise for the observer. In their approach, the PIN digits are displayed in two distinct sets colored black and white. For each digit the user must make a series of binary choices as to which set (black or white) the PIN digit appears in. The correct PIN digit is identified by intersecting the user’s set choices. The approach requires users to make multiple binary selections in order to correctly input each digit of the PIN. Wiedenbeck et al [40] introduce a


Download Reducing Shoulder-surfing by Using Gaze-based Password Entry
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Reducing Shoulder-surfing by Using Gaze-based Password Entry and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Reducing Shoulder-surfing by Using Gaze-based Password Entry 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?