The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions

For the past 20 years, researchers have investigated the use of eye tracking in security applications. We present a holistic view on gaze-based security applications. In particular, we canvassed the literature and classify the utility of gaze in security applications into a) authentication, b) privacy protection, and c) gaze monitoring during security critical tasks. This allows us to chart several research directions, most importantly 1) conducting field studies of implicit and explicit gaze-based authentication due to recent advances in eye tracking, 2) research on gaze-based privacy protection and gaze monitoring in security critical tasks which are under-investigated yet very promising areas, and 3) understanding the privacy implications of pervasive eye tracking. We discuss the most promising opportunities and most pressing challenges of eye tracking for security that will shape research in gaze-based security applications for the next decade

GazeLockPatterns: Comparing Authentication Using Gaze and Touch for Entering Lock Patterns

In this work, we present a comparison between Android’s lock patterns for mobile devices (TouchLockPatterns) and an implementation of lock patterns that uses gaze input (GazeLockPatterns). We report on results of a between subjects study (N=40) to show that for the same layout of authentication interface, people employ comparable strategies for pattern composition. We discuss the pros and cons of adapting lock patterns to gaze-based user interfaces. We conclude by opportunities for future work, such as using data collected during authentication for calibrating eye trackers

On the Usability of Next-Generation Authentication: A Study on Eye Movement and Brainwave-based Mechanisms

Passwords remain a widely-used authentication mechanism, despite their well-known security and usability limitations. To improve on this situation, next-generation authentication mechanisms, based on behavioral biometric factors such as eye movement and brainwave have emerged. However, their usability remains relatively under-explored. To fill this gap, we conducted an empirical user study (n=32 participants) to evaluate three brain-based and three eye-based authentication mechanisms, using both qualitative and quantitative methods. Our findings show good overall usability according to the System Usability Scale for both categories of mechanisms, with average SUS scores in the range of 78.6-79.6 and the best mechanisms rated with an "excellent" score. Participants particularly identified brainwave authentication as more secure yet more privacy-invasive and effort-intensive compared to eye movement authentication. However, the significant number of neutral responses indicates participants' need for more detailed information about the security and privacy implications of these authentication methods. Building on the collected evidence, we identify three key areas for improvement: privacy, authentication interface design, and verification time. We offer recommendations for designers and developers to improve the usability and security of next-generation authentication mechanisms

Sistema de reconocimiento facial para el control de accesos mediante Inteligencia Artificial

The main objective of this article is the development of a system that allows the facial recognition of a person for access control through Artificial Intelligence. For the development of the system, the Convolutional Neural Networks algorithm was used, which is a recognition model. Likewise, the Python programming language and the following libraries such as Numpy, Os, OpenCV and Imutils were used for its implementation. The results obtained according to the hit and using a dataset of 4500 images are approximately 88% in terms of the prediction per person, concluding that the recognition system is effective and has greater efficiency by increasing the size of datasets generated by individuals.El presente artículo tiene como objetivo principal el desarrollo de un sistema que permita el reconocimiento facial de una persona para el control de accesos mediante Inteligencia Artificial. Para el desarrollo del sistema se tuvo como algoritmo Redes Neuronales Convolucionales, el cual es un modelo de reconocimiento. Así mismo se utilizó el lenguaje de programación Python y las librerías siguientes como Numpy, Os, OpenCV e Imutils para su implementación. Los resultados obtenidos según el acierto y utilizando un dataset de 450 imágenes por individuo son de un 88% aproximadamente en cuanto la predicción por persona, concluyendo que el sistema de reconocimiento es eficaz y tiene mayor eficiencia incrementando el tamaño de datasets generados por individuos

Continuous Authentication of Users to Robotic Technologies Using Behavioural Biometrics

Collaborative robots and current human–robot interaction systems, such as exoskeletons and teleoperation, are key technologies with profiles that make them likely security targets. Without sufficient protection, these robotics technologies might become dangerous tools that are capable of causing damage to their environments, increasing defects in work pieces and harming human co-workers. As robotics is a critical component of the current automation drive in many advanced economies, there may be serious economic effects if robot security is not appropriately handled. The development of suitable security for robots, particularly in industrial contexts, is critical. Collaborative robots, exoskeletons and teleoperation are all examples of robotics technologies that might need close collaboration with humans, and these interactions must be appropriately protected. There is a need to guard against both external hackers (as with many industrial systems) and insider malfeasance. Only authorised users should be able to access robots, and they should use only those services and capabilities they are qualified to access (e.g. those for which they are appropriately cleared and trained). Authentication is therefore a crucial enabling mechanism. Robot interaction will largely be ongoing, so continuous rather than one-time authentication is required. In robot contexts, continuous biometrics can be used to provide effective and practical authentication of individuals to robots. In particular, the working behaviour of human co-workers as they interact with robots can be used as a means of biometric authentication. This thesis demonstrates how continuous biometric authentication can be used in three different environments: a direct physical manipulation application, a sensor glove application and a remote access application. We show how information acquired from the collaborative robot's internal sensors, wearable sensors (similar to those found in an exoskeleton), and teleoperated robot control and programming can be harnessed to provide appropriate authentication. Thus, all authentication uses data that are collected or generated as part of the co-worker simply going about their work. No additional action is needed. For manufacturing environments, this lack of intrusiveness is an important feature. The results presented in this thesis show that our approaches can discriminate appropriately between users. We believe that our machine learning-based approaches can provide reasonable and practical solutions for continually authenticating users to robots in many environments, particularly in manufacturing contexts

Modelo de Autentificación de Doble Factor

The main objective of this paper is the development of a model that allows the authentication of a user for access control using the Two-Factor Authentication model. For the development of such a model we present a secure two-factor authentication (TFA) scheme based on the user's possession of a password and a cryptographically capable device. The security of this model is end-to-end in the sense that whoever wants to access in a fraudulent way is going to find it difficult and thus guarantee the security of the user of the system, the algorithm used was Cryptographic Networks, which is a double authentication model. Also the programming language cakephp 4.0 was used, in addition to using the visual studio code program to perform the algorithms required for the double authentication model to work.El presente artículo tiene como objetivo principal el desarrollo de un modelo que permita la autentificación de un usuario para el control de accesos mediante el modelo de Autentificación de doble factor. Para el desarrollo de dicho modelo presentamos un esquema seguro de autentificación de dos factores(TFA) basado en la posesión por el usuario de una contraseña y un dispositivo con capacidad criptográfica. La seguridad de este modelo es de extremo a extremo en el sentido de que el que quiera acceder de una manera fraudulenta se le va a complicar y asi garantizar la seguridad del usuario de dicho sistema, se tuvo como algoritmo Redes criptográficas, el cual es un modelo de doble autentificación. Así mismo se utilizó el lenguaje de programación cakephp 4.0, además de utilizar el programa visual studio code para poder realizar los algoritmos requeridos para que funciones el modelo de doble autentificación

Integrating biometric authentication into multiple applications

The Internet has grown from its modest academic beginnings into an important, global communication medium. It has become a significant, intrinsic part of our lives, how we distribute information and how we transact. It is used for a variety of purposes, including: banking; home shopping; commercial trade - using EDI (Electronic Data Interchange); and to gather information for market research and other activities. Owing to its academic origins, the early developers of the Internet did not focus on security. However, now that it has rapidly evolved into an extensively used, global commercial transaction and distribution channel, security has become a big concern. Fortunately, the field of information security has started to evolve in response and is fast becoming an important discipline with a sound theoretical basis. The discipline views the twin processes of identification and authentication as crucial aspects of information security. An individual access attempt must be identifiable prior to access being authorised otherwise system confidentiality cannot be enforced nor integrity safeguarded. Similarly, non-denial becomes impossible to instigate since the system is unable to log an identity against specific transactions. Consequently, identification and authentication should always be viewed as the first step to successfully enforcing information security. The process of identification and authorisation is, in essence, the ability to prove or verify an identity. This is usually accomplished using either one or a combination of the following three traditional identification techniques: something you possess; something you know; or something you are. A critical consideration when designing an application is which identification method, or combination of methods, from the three described above to use. Each method offers its own pros and cons and there are many ways to compare and contrast them. The comparison made in this study identifies biometrics as the best solution in a distributed application environment. There are, however, two over-arching hindrances to its widespread adoption. The first is the environment’s complexity - with multiple applications being accessed by both the public and the private sectors - and the second is that not all biometrics are popular and no single method has universe appeal. The more significant hindrance of the two is the latter, that of acceptance and trust, because it matters little how good or efficient a system is if nobody is willing to use it. This observation suggests that the identification system needs to be made as flexible as possible. In a democratic society, it could be argued that the best way of ensuring the successful adoption of a biometric system would be to allow maximum freedom of choice and let users decide which biometric method they would like to use. Although this approach is likely to go a long way towards solving the acceptance issue, it increases the complexity of the environment significantly. This study attempts to solve this problem by reducing the environment’s complexity while simultaneously ensuring the user retains maximum biometric freedom of choice. This can be achieved by creating a number of central biometric repositories. Each repository would be responsible for maintaining a biometric template data store for a type of biometric. These repositories or “Biometric Authorities” would act as authentication facilitators for a wide variety of applications and free them from that responsibility.Dissertation (MSc (Computer Engineering))--University of Pretoria, 2005.Electrical, Electronic and Computer EngineeringMScunrestricte

Image-based Authentication

Mobile and wearable devices are popular platforms for accessing online services. However, the small form factor of such devices, makes a secure and practical experience for user authentication, challenging. Further, online fraud that includes phishing attacks, has revealed the importance of conversely providing solutions for usable authentication of remote services to online users. In this thesis, we introduce image-based solutions for mutual authentication between a user and a remote service provider. First, we propose and develop Pixie, a two-factor, object-based authentication solution for camera-equipped mobile and wearable devices. We further design ai.lock, a system that reliably extracts from images, authentication credentials similar to biometrics. Second, we introduce CEAL, a system to generate visual key fingerprint representations of arbitrary binary strings, to be used to visually authenticate online entities and their cryptographic keys. CEAL leverages deep learning to capture the target style and domain of training images, into a generator model from a large collection of sample images rather than hand curated as a collection of rules, hence provides a unique capacity for easy customizability. CEAL integrates a model of the visual discriminative ability of human perception, hence the resulting fingerprint image generator avoids mapping distinct keys to images which are not distinguishable by humans. Further, CEAL deterministically generates visually pleasing fingerprint images from an input vector where the vector components are designated to represent visual properties which are either readily perceptible to human eye, or imperceptible yet are necessary for accurately modeling the target image domain. We show that image-based authentication using Pixie is usable and fast, while ai.lock extracts authentication credentials that exceed the entropy of biometrics. Further, we show that CEAL outperforms state-of-the-art solution in terms of efficiency, usability, and resilience to powerful adversarial attacks

Privacy-aware Security Applications in the Era of Internet of Things

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties. The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods