Increasing the Security of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks
Andreas Bulling, Florian Alt, Albrecht Schmidt
Proc. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), pp. 3011-3020, 2012.
Abstract
With computers being used ever more ubiquitously in situations where privacy is important, secure user authentication is a central requirement. Gaze-based graphical passwords are a particularly promising means for shoulder-surfing-resistant authentication, but selecting secure passwords remains challenging. In this paper, we present a novel gaze-based authentication scheme that makes use of cued-recall graphical pass- words on a single image. In order to increase password security, our approach uses a computational model of visual attention to mask those areas of the image that are most likely to attract visual attention. We create a realistic threat model for attacks that may occur in public settings, such as filming the user’s interaction while drawing money from an ATM. Based on a 12-participant user study, we show that our approach is significantly more secure than a standard image-based authentication and gaze-based 4-digit PIN entry.Links
Paper: bulling12_chi.pdf
BibTeX
@inproceedings{bulling12_chi,
author = {Bulling, Andreas and Alt, Florian and Schmidt, Albrecht},
keywords = {Cued-recall graphical passwords, Eye Tracking, Gaze-based, Saliency masks, user authentication},
title = {Increasing the Security of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks},
booktitle = {Proc. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI)},
year = {2012},
pages = {3011-3020},
doi = {10.1145/2207676.2208712}
}
