The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions

For the past 20 years, researchers have investigated the use of eye tracking in security applications. We present a holistic view on gaze-based security applications. In particular, we canvassed the literature and classify the utility of gaze in security applications into a) authentication, b) privacy protection, and c) gaze monitoring during security critical tasks. This allows us to chart several research directions, most importantly 1) conducting field studies of implicit and explicit gaze-based authentication due to recent advances in eye tracking, 2) research on gaze-based privacy protection and gaze monitoring in security critical tasks which are under-investigated yet very promising areas, and 3) understanding the privacy implications of pervasive eye tracking. We discuss the most promising opportunities and most pressing challenges of eye tracking for security that will shape research in gaze-based security applications for the next decade

Continuous User Identification

The objective of this work has been to investigate the possibility of implementing a Continuous Identification system using Behavioural Biometrics, taking advantage of the high acceptability and low cost offered by this method. The Behavioural Biometrics chosen for this work is Keystroke Dynamics. Continuous Identification is proposed to be performed after a user is locked out in a Continuous Authentication system, utilizing the same keystroke dynamics. Three features were considered when extracting the keystroke dynamics: duration, latency, and relative frequency of each keystroke action. The data was also categorized with respect to software context. Two distance metrics, namely Manhattan and Euclidean, were implemented and compared both via a Mean To Mean and via a One To Mean method. Two score fusion methods were utilized: weighted average mean with fixed weights and with variable weights. The analysis also included the effect of different data chunk sizes, simulating the number of actions before a user is locked out. The best results obtained was rank-1 identification accuracy rate of 60% after 50 actions and 72% after 1000 actions, when using duration-latency combination, with no categorization, Mean To Mean comparison, and Manhattan Distance. This setting was then applied on the results from a Continuous Authentication system. To the best of our knowledge, this work is the first to address Continuous Identification based on Behavioural Biometrics