04-02-2013, 03:08 PM
Reducing Shoulder-surfing by Using Gaze-based Password Entry
Reducing Shoulder.pptx (Size: 376.01 KB / Downloads: 33)
Abstract
Shoulder-surfing – using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and their sensitive personal information – is a problem that has been difficult to overcome.
When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user’s password credentials.
INTRODUCTION
Passwords remain the dominant means of authentication in today’s systems because of their simplicity, legacy deployment and ease of revocation.
Unfortunately, common approaches to entering passwords by way of keyboard, mouse, touch screen or any traditional input device, are frequently vulnerable to attacks such as shoulder surfing
BACKGROUND AND RELATED WORK
Shoulder-surfing is an attack on password authentication that has traditionally been hard to defeat.
It can be done remotely using binoculars and cameras, using keyboard acoustics or electromagnetic emanations from displays.
Access to the user’s password simply by observing the user while he or she is entering a password
MOTIVATION FOR EYE TRACKING
Eye tracking technology has come a long way since its origins in the early 1900’s .
Eye trackers are a specialized application of computer vision. A camera is used to monitor the user’s eyes. One or more infrared light sources illuminate the user’s face .
And produce a glint – a reflection of the light source on the cornea.
As the user looks in different directions the pupil moves but the
location of the glint on the cornea remains fixed.
Commercial eye-trackers are currently very expensive.
IMPLEMENTATION
We implemented EyePassword on Windows using a Tobii 1750 eye tracker set to a resolution of 1280x1024 pixels at 96 dpi.
To reduce false activations, we chose the size of each target to be 84 pixels square.
Furthermore, the keys are separated by a 12 pixel margin which further decreases the instances of false activations.
We also show a bright red dot at the center of each of the onscreen buttons.
Our implementation shows both the standard characters and the shifted characters on-screen and provides no visual feedback for the activation of the shift key.
CONCLUSION
Passwords possess many useful properties as well as widespread legacy deployment, consequently we can expect their use for the foreseable future.
Unfortunately, today’s standard methods for password input are subject to a variety of attacks based on observation, from casual eavesdropping (shoulder surfing), to more exotic methods.
We have presented an alternative approach to password entry, based on gaze, which deters or prevents a wide range of these attacks.