Publication | Closed Access
GazeTouchPIN: protecting sensitive data on mobile devices using secure multimodal authentication
79
Citations
28
References
2017
Year
Unknown Venue
Mobile devices store sensitive data, yet most users rely on PINs or patterns that are vulnerable to shoulder‑surfing, though privacy‑aware users are willing to adopt stronger protection. The authors propose GazeTouchPIN, a multimodal authentication scheme that fuses gaze and touch input to enhance mobile device security. GazeTouchPIN requires users to simultaneously view the screen and look at the touch input, making shoulder‑surfing difficult, and its security and usability were assessed in two studies with 30 participants. Although entry times increased, privacy‑aware users adopted GazeTouchPIN on‑demand, and the attack success rate fell from 68 % to 10.4 %.
Although mobile devices provide access to a plethora of sensitive data, most users still only protect them with PINs or patterns, which are vulnerable to side-channel attacks (e.g., shoulder surfing). How-ever, prior research has shown that privacy-aware users are willing to take further steps to protect their private data. We propose GazeTouchPIN, a novel secure authentication scheme for mobile devices that combines gaze and touch input. Our multimodal approach complicates shoulder-surfing attacks by requiring attackers to ob-serve the screen as well as the user's eyes to and the password. We evaluate the security and usability of GazeTouchPIN in two user studies (N=30). We found that while GazeTouchPIN requires longer entry times, privacy aware users would use it on-demand when feeling observed or when accessing sensitive data. The results show that successful shoulder surfing attack rate drops from 68% to 10.4%when using GazeTouchPIN.
| Year | Citations | |
|---|---|---|
Page 1
Page 1