Gaze-Assisted User Authentication to Counter Shoulder-surfing Attacks

A highly secure, foolproof, user authentication system is still a primary focus of research in the field of User Privacy and Security. Shoulder-surfing is an act of spying when an authorized user is logging into a system, and is promoted by a malicious intent of gaining unauthorized access. We present a gaze-assisted user authentication system as a potential solution to counter shoulder-surfing attacks. The system comprises of an eye tracker and an authentication interface with 12 pre-defined shapes (e.g., triangle, circle, etc.) that move simultaneously on the screen. A user chooses a set of three shapes as a password. To authenticate, the user follows the paths of three shapes as they move, one on each frame, over three consecutive frames. The system uses either the template matching or decision tree algorithms to match the scan-path of the user's gaze with the path traversed by the shape. The system was evaluated with seven users to test the accuracy of both the algorithms. We found that with the template matching algorithm the system achieves an accuracy of 95%, and with the decision tree algorithm an accuracy of 90.2%. We also present the advantages and disadvantages of using both the algorithms. Our study suggests that gaze-based authentication is a highly secure method against shoulder-surfing attacks as the unique pattern of eye movements for each individual makes the system hard to break into.Comment: 5 pages, 7 figures, 2 tables, ACM Richard Tapia Conference, Austin, 201