The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions

For the past 20 years, researchers have investigated the use of eye tracking in security applications. We present a holistic view on gaze-based security applications. In particular, we canvassed the literature and classify the utility of gaze in security applications into a) authentication, b) privacy protection, and c) gaze monitoring during security critical tasks. This allows us to chart several research directions, most importantly 1) conducting field studies of implicit and explicit gaze-based authentication due to recent advances in eye tracking, 2) research on gaze-based privacy protection and gaze monitoring in security critical tasks which are under-investigated yet very promising areas, and 3) understanding the privacy implications of pervasive eye tracking. We discuss the most promising opportunities and most pressing challenges of eye tracking for security that will shape research in gaze-based security applications for the next decade

Vulnerability assessment in the use of biometrics in unsupervised environments

Mención Internacional en el título de doctorIn the last few decades, we have witnessed a large-scale deployment of biometric systems in different life applications replacing the traditional recognition methods such as passwords and tokens. We approached a time where we use biometric systems in our daily life. On a personal scale, the authentication to our electronic devices (smartphones, tablets, laptops, etc.) utilizes biometric characteristics to provide access permission. Moreover, we access our bank accounts, perform various types of payments and transactions using the biometric sensors integrated into our devices. On the other hand, different organizations, companies, and institutions use biometric-based solutions for access control. On the national scale, police authorities and border control measures use biometric recognition devices for individual identification and verification purposes. Therefore, biometric systems are relied upon to provide a secured recognition where only the genuine user can be recognized as being himself. Moreover, the biometric system should ensure that an individual cannot be identified as someone else. In the literature, there are a surprising number of experiments that show the possibility of stealing someone’s biometric characteristics and use it to create an artificial biometric trait that can be used by an attacker to claim the identity of the genuine user. There were also real cases of people who successfully fooled the biometric recognition system in airports and smartphones [1]–[3]. That urges the necessity to investigate the potential threats and propose countermeasures that ensure high levels of security and user convenience. Consequently, performing security evaluations is vital to identify: (1) the security flaws in biometric systems, (2) the possible threats that may target the defined flaws, and (3) measurements that describe the technical competence of the biometric system security. Identifying the system vulnerabilities leads to proposing adequate security solutions that assist in achieving higher integrity. This thesis aims to investigate the vulnerability of fingerprint modality to presentation attacks in unsupervised environments, then implement mechanisms to detect those attacks and avoid the misuse of the system. To achieve these objectives, the thesis is carried out in the following three phases. In the first phase, the generic biometric system scheme is studied by analyzing the vulnerable points with special attention to the vulnerability to presentation attacks. The study reviews the literature in presentation attack and the corresponding solutions, i.e. presentation attack detection mechanisms, for six biometric modalities: fingerprint, face, iris, vascular, handwritten signature, and voice. Moreover, it provides a new taxonomy for presentation attack detection mechanisms. The proposed taxonomy helps to comprehend the issue of presentation attacks and how the literature tried to address it. The taxonomy represents a starting point to initialize new investigations that propose novel presentation attack detection mechanisms. In the second phase, an evaluation methodology is developed from two sources: (1) the ISO/IEC 30107 standard, and (2) the Common Evaluation Methodology by the Common Criteria. The developed methodology characterizes two main aspects of the presentation attack detection mechanism: (1) the resistance of the mechanism to presentation attacks, and (2) the corresponding threat of the studied attack. The first part is conducted by showing the mechanism's technical capabilities and how it influences the security and ease-of-use of the biometric system. The second part is done by performing a vulnerability assessment considering all the factors that affect the attack potential. Finally, a data collection is carried out, including 7128 fingerprint videos of bona fide and attack presentation. The data is collected using two sensing technologies, two presentation scenarios, and considering seven attack species. The database is used to develop dynamic presentation attack detection mechanisms that exploit the fingerprint spatio-temporal features. In the final phase, a set of novel presentation attack detection mechanisms is developed exploiting the dynamic features caused by the natural fingerprint phenomena such as perspiration and elasticity. The evaluation results show an efficient capability to detect attacks where, in some configurations, the mechanisms are capable of eliminating some attack species and mitigating the rest of the species while keeping the user convenience at a high level.En las últimas décadas, hemos asistido a un despliegue a gran escala de los sistemas biométricos en diferentes aplicaciones de la vida cotidiana, sustituyendo a los métodos de reconocimiento tradicionales, como las contraseñas y los tokens. Actualmente los sistemas biométricos ya forman parte de nuestra vida cotidiana: es habitual emplear estos sistemas para que nos proporcionen acceso a nuestros dispositivos electrónicos (teléfonos inteligentes, tabletas, ordenadores portátiles, etc.) usando nuestras características biométricas. Además, accedemos a nuestras cuentas bancarias, realizamos diversos tipos de pagos y transacciones utilizando los sensores biométricos integrados en nuestros dispositivos. Por otra parte, diferentes organizaciones, empresas e instituciones utilizan soluciones basadas en la biometría para el control de acceso. A escala nacional, las autoridades policiales y de control fronterizo utilizan dispositivos de reconocimiento biométrico con fines de identificación y verificación individual. Por lo tanto, en todas estas aplicaciones se confía en que los sistemas biométricos proporcionen un reconocimiento seguro en el que solo el usuario genuino pueda ser reconocido como tal. Además, el sistema biométrico debe garantizar que un individuo no pueda ser identificado como otra persona. En el estado del arte, hay un número sorprendente de experimentos que muestran la posibilidad de robar las características biométricas de alguien, y utilizarlas para crear un rasgo biométrico artificial que puede ser utilizado por un atacante con el fin de reclamar la identidad del usuario genuino. También se han dado casos reales de personas que lograron engañar al sistema de reconocimiento biométrico en aeropuertos y teléfonos inteligentes [1]–[3]. Esto hace que sea necesario investigar estas posibles amenazas y proponer contramedidas que garanticen altos niveles de seguridad y comodidad para el usuario. En consecuencia, es vital la realización de evaluaciones de seguridad para identificar (1) los fallos de seguridad de los sistemas biométricos, (2) las posibles amenazas que pueden explotar estos fallos, y (3) las medidas que aumentan la seguridad del sistema biométrico reduciendo estas amenazas. La identificación de las vulnerabilidades del sistema lleva a proponer soluciones de seguridad adecuadas que ayuden a conseguir una mayor integridad. Esta tesis tiene como objetivo investigar la vulnerabilidad en los sistemas de modalidad de huella dactilar a los ataques de presentación en entornos no supervisados, para luego implementar mecanismos que permitan detectar dichos ataques y evitar el mal uso del sistema. Para lograr estos objetivos, la tesis se desarrolla en las siguientes tres fases. En la primera fase, se estudia el esquema del sistema biométrico genérico analizando sus puntos vulnerables con especial atención a los ataques de presentación. El estudio revisa la literatura sobre ataques de presentación y las soluciones correspondientes, es decir, los mecanismos de detección de ataques de presentación, para seis modalidades biométricas: huella dactilar, rostro, iris, vascular, firma manuscrita y voz. Además, se proporciona una nueva taxonomía para los mecanismos de detección de ataques de presentación. La taxonomía propuesta ayuda a comprender el problema de los ataques de presentación y la forma en que la literatura ha tratado de abordarlo. Esta taxonomía presenta un punto de partida para iniciar nuevas investigaciones que propongan novedosos mecanismos de detección de ataques de presentación. En la segunda fase, se desarrolla una metodología de evaluación a partir de dos fuentes: (1) la norma ISO/IEC 30107, y (2) Common Evaluation Methodology por el Common Criteria. La metodología desarrollada considera dos aspectos importantes del mecanismo de detección de ataques de presentación (1) la resistencia del mecanismo a los ataques de presentación, y (2) la correspondiente amenaza del ataque estudiado. Para el primer punto, se han de señalar las capacidades técnicas del mecanismo y cómo influyen en la seguridad y la facilidad de uso del sistema biométrico. Para el segundo aspecto se debe llevar a cabo una evaluación de la vulnerabilidad, teniendo en cuenta todos los factores que afectan al potencial de ataque. Por último, siguiendo esta metodología, se lleva a cabo una recogida de datos que incluye 7128 vídeos de huellas dactilares genuinas y de presentación de ataques. Los datos se recogen utilizando dos tecnologías de sensor, dos escenarios de presentación y considerando siete tipos de instrumentos de ataque. La base de datos se utiliza para desarrollar y evaluar mecanismos dinámicos de detección de ataques de presentación que explotan las características espacio-temporales de las huellas dactilares. En la fase final, se desarrolla un conjunto de mecanismos novedosos de detección de ataques de presentación que explotan las características dinámicas causadas por los fenómenos naturales de las huellas dactilares, como la transpiración y la elasticidad. Los resultados de la evaluación muestran una capacidad eficiente de detección de ataques en la que, en algunas configuraciones, los mecanismos son capaces de eliminar completamente algunos tipos de instrumentos de ataque y mitigar el resto de los tipos manteniendo la comodidad del usuario en un nivel alto.Programa de Doctorado en Ingeniería Eléctrica, Electrónica y Automática por la Universidad Carlos III de MadridPresidente: Cristina Conde Vila.- Secretario: Mariano López García.- Vocal: Farzin Derav

Life in a dark biosphere: a review of circadian physiology in "arrhythmic" environments

Most of the life with which humans interact is exposed to highly rhythmic and extremely predictable changes in illumination that occur with the daily events of sunrise and sunset. However, while the influence of the sun feels omnipotent to surface dwellers such as ourselves, life on earth is dominated, in terms of biomass, by organisms isolated from the direct effects of the sun. A limited understanding of what life is like away from the sun can be inferred from our knowledge of physiology and ecology in the light biosphere, but a full understanding can only be gained by studying animals from the dark biosphere, both in the laboratory and in their natural habitats. One of the least understood aspects of life in the dark biosphere is the rhythmicity of physiology and what it means to live in an environment of low or no rhythmicity. Here we describe methods that may be used to understand rhythmic physiology in the dark and summarise some of the studies of rhythmic physiology in “arrhythmic” environments, such as the poles, deep sea and caves. We review what can be understood about the adaptive value of rhythmic physiology on the Earth’s surface from studies of animals from arrhythmic environments and what role a circadian clock may play in the dark

The psychophysiology primer : A guide to methods and a broad review with a focus on human-computer interaction

Publisher Copyright: © 2016 B. Cowley, M. Filetti, K. Lukander.Peer reviewe

Exploring cognition in visual search and vigilance tasks with eye tracking and pupillometry

Recent findings in experimental psychology suggest that pupillometry, the measurement of pupil size, can provide insight into cognitive processes associated with effort and target detection in visual search tasks and monitoring performance in vigilance tasks. With the increasing availability, affordability and flexibility of video-based eye tracking hardware, these experimental findings point to lucrative practical applications such as real-time biobehavioural monitoring systems to assist with socially important tasks in operational settings. The aim of the current thesis was to explore this potential with further experimental work paying close attention to methodological issues which complicate cognitive interpretations of pupillary responses, such as physical stimulus confounds and eye movement-related measurement error in video-based systems. Six original experiments were designed to specifically explore the relationship between pupil size, cognition and behavioural performance in classic visual search and vigilance paradigms. Experiments 1-2 examined the pupillometric effects of effort and target detection in visual search with briefly presented stimuli. Pupil responses showed small variability with respect to manipulations of set size and target presence but were influenced substantially by the requirement for a motor response. Experiments 3-4 explored the cognitive pupil dynamics of free-viewing visual search with data-driven correction for eye movement artefacts. Group-level averages revealed small transient pupil dilations following fixations on targets but not distractors, an effect which was not contingent on a motor response or correction for gaze position artefacts. Experiments 5-6 looked at the relationship between pupil size and detection performance measures in two types of vigilance task. Changes in baseline and stimulus-evoked pupil responses loosely mirrored changes in performance, but the relationships were neither linear nor consistent. Overall, the thesis affirms the practical potential for using cognitive pupillometry in research and applied settings, but emphasises the constraints arising from methodological and theoretical limitations

Autonomic and central nervous system correlates of cognitive control training for attentional disorders

Deficits in cognitive control and attentional processing are commonly observed in people with Attention-Deficit/Hyperactivity Disorder (ADHD) and Specific Learning Difficulties (SpLDs) such as Dyslexia. Poorer performance in the pro/antisaccade task have been observed in these individuals, which suggests impaired visual attention and inhibitory control mechanisms. Atypical cognitive processing is also related to a state of autonomic hypoarousal in conditions such as ADHD. In this thesis, I examined whether the computer-based gaze-control RECOGNeyes training program using the pro/antisaccade task could improve cognitive control of visual attention by targeting the visual attention network and whether such improvements correlate with increased arousal. A group of 35 volunteers with SpLDs and/or ADHD completed the pro/antisaccade task before and after two weeks of training their visual attention using RECOGNeyes. Magnetoencephalography (MEG), pupillometry and electrocardiography were recorded, while they performed the pro/antisaccade task. Our task performance measures, reaction time (RT) and accuracy, and reading indices improved after RECOGNeyes training. Our findings demonstrate for the first time that autonomic measures of sympathetic pupil dilation and parasympathetic cardiac deceleration both correlate with faster saccadic RTs together (which was stronger for antisaccade trials than prosaccade trials) and account for separate variance in RT. Additionally, distinct MEG oscillatory profiles were uncovered in different frequency bands within regions of the visual attention network during the pro/antisaccade task. Slow-wave oscillations of delta and theta bands show anteriorising effects, suggested to mediate timing responses and bottom-up communication from the posterior to anterior network regions. Alpha-oscillations are proposed to have top-down preparatory inhibitory effects, particularly from the bilateral frontal eye field, and alpha-suppression in the right parietal eye field. Beta amplitude presents an additional “anticipatory” event-related desynchronisation (ERD) prior to target onset that is stronger on day 2 and antisaccade trials, which could relate to generalised inhibitory control mechanisms. This thesis supports the existence of complex central and autonomic processes underlying attention and arousal that are not yet fully understood and warrant further investigation. By increasing our understanding of the integrated attentional processes and inhibitory control, this could help the development of targeted treatment solutions, such as RECOGNeyes, for ADHD and SpLDs, to improve outcomes in these individuals