CAI Logo

GTmoPass: Two-factor Authentication on Public Displays Using GazeTouch passwords and Personal Mobile Devices

Mohamed Khamis, Regina Hasholzner, Andreas Bulling, Florian Alt

Proc. ACM International Symposium on Pervasive Displays (PerDis), pp. 1–9, 2017.




Abstract

As public displays continue to deliver increasingly private and personalized content, there is a need to ensure that only the legitimate users can access private information in sensitive contexts. While public displays can adopt similar authentication concepts like those used on public terminals (e.g., ATMs), authentication in public is subject to a number of risks. Namely, adversaries can uncover a user’s password through (1) surfing users, (2) thermal attacks, or (3) smudge attacks. To address this problem we propose GTmoPass, an authentication architecture that enables Multi-factor user authentication on public displays. The first factor is a knowledge-factor: we employ a shoulder-surfing resilient multimodal scheme that combines gaze and touch input for password entry. The second factor is a possession-factor: users utilize their personal mobile devices, on which they enter the password. Credentials are securely transmitted to a server via Bluetooth beacons. We describe the implementation of GTmoPass and report on an evaluation of its usability and security, which shows that although authentication using GTmoPass is slightly slower than traditional methods, it protects against the three aforementioned threats.

Links


BibTeX

@inproceedings{khamis17_perdis, title = {GTmoPass: Two-factor Authentication on Public Displays Using GazeTouch passwords and Personal Mobile Devices}, author = {Khamis, Mohamed and Hasholzner, Regina and Bulling, Andreas and Alt, Florian}, doi = {10.1145/3078810.3078815}, year = {2017}, pages = {1--9}, booktitle = {Proc. ACM International Symposium on Pervasive Displays (PerDis)} }