User-centred multimodal authentication: securing handheld mobile devices using gaze and touch input
Mohamed Khamis, Karola Marky, Andreas Bulling, Florian Alt
Behaviour & Information Technology, 41(10), pp. 2061-2083, 2022.
Abstract
Handheld mobile devices store a plethora of sensitive data, such as private emails, personal messages, photos, and location data. Authentication is essential to protect access to sensitive data. However, the majority of mobile devices are currently secured by singlemodal authentication schemes which are vulnerable to shoulder surfing, smudge attacks, and thermal attacks. While some authentication schemes protect against one of these attacks, only few schemes address all three of them. We propose multimodal authentication where touch and gaze input are combined to resist shoulder surfing, as well as smudge and thermal attacks. Based on a series of previously published works where we studied the usability of several user-centred multimodal authentication designs and their security against multiple threat models, we provide a comprehensive overview of multimodal authentication on handheld mobile devices. We further present guidelines on how to leverage multiple input modalities for enhancing the usability and security of user authentication on mobile devices.Links
doi: 10.1080/0144929X.2022.2069597
Paper: khamis22_bit.pdf
BibTeX
@article{khamis22_bit,
author = {Khamis, Mohamed and Marky, Karola and Bulling, Andreas and Alt, Florian},
title = {User-centred multimodal authentication: securing handheld mobile devices using gaze and touch input},
journal = {Behaviour \& Information Technology},
volume = {41},
number = {10},
pages = {2061-2083},
year = {2022},
publisher = {Taylor & Francis},
doi = {10.1080/0144929X.2022.2069597}
}