 | Mohamed Khamis; Mariam Hassib; Emanuel von Zezschwitz; Andreas Bulling; Florian Alt GazeTouchPIN: Protecting Sensitive Data on Mobile Devices using Secure Multimodal Authentication Inproceedings Proc. of the 19th ACM International Conference on Multimodal Interaction (ICMI), pp. 446-450, 2017. Abstract | Links | BibTeX @inproceedings{khamis17_icmi,
title = {GazeTouchPIN: Protecting Sensitive Data on Mobile Devices using Secure Multimodal Authentication},
author = {Mohamed Khamis and Mariam Hassib and Emanuel von Zezschwitz and Andreas Bulling and Florian Alt},
url = {https://perceptual.mpi-inf.mpg.de/files/2017/11/khamis17_icmi.pdf
https://www.youtube.com/watch?v=gs2YO0gP4kI},
doi = {10.1145/3136755.3136809},
year = {2017},
date = {2017-08-31},
booktitle = {Proc. of the 19th ACM International Conference on Multimodal Interaction (ICMI)},
pages = {446-450},
abstract = {Although mobile devices provide access to a plethora of sensitive data, most users still only protect them with PINs or patterns, which are vulnerable to side-channel attacks (e.g., shoulder surfing). However, prior research has shown that privacy-aware users are willing to take further steps to protect their private data. We propose GazeTouchPIN, a novel secure authentication scheme for mobile devices that combines gaze and touch input. Our multimodal approach complicates shoulder-surfing attacks by requiring attackers to observe the screen as well as the user’s eyes to find the password. We evaluate the security and usability of GazeTouchPIN in two user studies (N=30). We found that while GazeTouchPIN requires longer entry times, privacy aware users would use it on-demand when feeling observed or when accessing sensitive data. The results show that successful shoulder surfing attack rate drops from 68% to 10.4% when using GazeTouchPIN.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Although mobile devices provide access to a plethora of sensitive data, most users still only protect them with PINs or patterns, which are vulnerable to side-channel attacks (e.g., shoulder surfing). However, prior research has shown that privacy-aware users are willing to take further steps to protect their private data. We propose GazeTouchPIN, a novel secure authentication scheme for mobile devices that combines gaze and touch input. Our multimodal approach complicates shoulder-surfing attacks by requiring attackers to observe the screen as well as the user’s eyes to find the password. We evaluate the security and usability of GazeTouchPIN in two user studies (N=30). We found that while GazeTouchPIN requires longer entry times, privacy aware users would use it on-demand when feeling observed or when accessing sensitive data. The results show that successful shoulder surfing attack rate drops from 68% to 10.4% when using GazeTouchPIN. |