1 / 13

Secure graphical password system for high traffic public areas

Secure graphical password system for high traffic public areas. Bogdan Hoanca and Kenrick Mock University of Alaska Anchorage. Outline. Shoulder surfing as security threat in information systems Eye tracking based authentication Error rates of eye tracking hardware Error-aware eye tracking

tanek
Download Presentation

Secure graphical password system for high traffic public areas

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure graphical password system for high traffic public areas Bogdan Hoanca and Kenrick Mock University of Alaska Anchorage

  2. Outline • Shoulder surfing as security threat in information systems • Eye tracking based authentication • Error rates of eye tracking hardware • Error-aware eye tracking • Systematic errors • Random errors • Conclusions Hoanca/Mock ETRA 2006

  3. Shoulder surfing • Stealing authentication information • Critical threat for mobile users or in public places • Safest bet: assume “naked” user under constant surveillance Hoanca/Mock ETRA 2006

  4. Defending against shoulder surfing • Screen filters • Challenge-response schemes • Physical key schemes • Biometric schemes Hoanca/Mock ETRA 2006

  5. Eye tracking based authentication Use the eye tracker without on-screen feedback to select on-screen objects • Ideally, transparent for the user • Secure from shoulder surfing • Slower than typing • Still vulnerable to key logger and screen capture programs Hoanca/Mock ETRA 2006

  6. Graphical Password Entry via Eye Tracking Hoanca/Mock ETRA 2006

  7. Sample authentication log Hoanca/Mock ETRA 2006 Image size 700x482

  8. Plots of actual gaze location as compared with intended target (red); black is the center of gravity Distances are in pixels and scale is -40…40 in both X and Y “High error” user Mean D = 30 pixels “Low error” user Mean D = 12 pixels High error rates due to hardware limitations Hoanca/Mock ETRA 2006

  9. Error rates of eye tracking hardware • Using the ERICA system from Eye Response Technologies • Error types • Systematic errors • Due to head tilt • Slowly varying with time • Dependent on screen geometry and location • Random errors • Highly user dependent Hoanca/Mock ETRA 2006

  10. Handling random errors • Loss of cryptographic complexity depends on how much error is acceptable Success rate (%, 0…100) vs. distance in pixels (1…1000, log scale) Hoanca/Mock ETRA 2006

  11. one user 25 sessions “low error” Red – raw data Green -- corrected Success rate (%, 0…100) vs. distance in pixels (1…1000, log scale) Handling systematic errors • Average over multiple attempts or over multiple users • Loss of cryptographic complexity – equivalent to one click less Hoanca/Mock ETRA 2006

  12. one user 25 sessions “high error” Success rate (%, 0…100) vs. distance in pixels (1…1000, log scale) Handling systematic errors (continued) • Limited usefulness for high error users Red – raw data Green -- corrected Hoanca/Mock ETRA 2006

  13. Summary • Eye tracking is a promising technology for authenticating from public places with reduced danger of shoulder surfing • Wide acceptance will require eye tracking technologies that are • More stable and accurate • Ideally, head tracking-capable and calibration-free • Much lower in price Hoanca/Mock ETRA 2006

More Related