ABSTRACT
Secure authentication with devices or services that store sensitive and personal information is highly important. However, traditional password and pin-based authentication methods compromise between the level of security and user experience. AirAuth is a biometric authentication technique that uses in-air gesture input to authenticate users. We evaluated our technique on a predefined (simple) gesture set and our classifier achieved an average accuracy of 96.6% in an equal error rate (EER-)based study. We obtained an accuracy of 100% when exclusively using personal (complex) user gestures. In a further user study, we found that AirAuth is highly resilient to video-based shoulder surfing attacks, with a measured false acceptance rate of just 2.2%. Furthermore, a longitudinal study demonstrates AirAuth's repeatability and accuracy over time. AirAuth is relatively simple, robust and requires only a low amount of computational power and is hence deployable on embedded or mobile hardware. Unlike traditional authentication methods, our system's security is positively aligned with user-rated pleasure and excitement levels. In addition, AirAuth attained acceptability ratings in personal, office, and public spaces that are comparable to an existing stroke-based on-screen authentication technique. Based on the results presented in this paper, we believe that AirAuth shows great promise as a novel, secure, ubiquitous, and highly usable authentication method.
Supplemental Material
- Alpcan, T., Kesici, S., Bicher, D., Mihçak, M. K., Bauckhage, C., and Çamtepe, S. A. A lightweight biometric signature scheme for user authentication over networks. In Proc. 4th international conference on Security and privacy in communication netowrks, ACM (2008), 33. Google ScholarDigital Library
- Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. Smudge attacks on smartphone touch screens. In Proc. 4th USENIX conference on Offensive technologies, USENIX Association (2010), 1--7. Google ScholarDigital Library
- De Luca, A., Von Zezschwitz, E., and Hußmann, H. Vibrapass: secure authentication based on shared lies. In Proc. CHI, ACM (2009), 913--916. Google ScholarDigital Library
- De Luca, A., von Zezschwitz, E., Nguyen, N. D. H., Maurer, M.-E., Rubegni, E., Scipioni, M. P., and Langheinrich, M. Back-of-device authentication on smartphones. In Proc. CHI, ACM (2013), 2389--2398. Google ScholarDigital Library
- De Luca, A., von Zezschwitz, E., Pichler, L., and Hussmann, H. Using fake cursors to secure on-screen password entry. In Proc. CHI, ACM (2013), 2399--2402. Google ScholarDigital Library
- Desmet, P., Overbeeke, K., and Tax, S. Designing products with added emotional value: Development and appllcation of an approach for research through design. The design journal 4, 1 (2001), 32--47.Google Scholar
- Ehrenberg, R. The digital camera revolution: Instead of imitating film counterparts, new technologies work with light in creative ways. Science News 181, 2 (2012), 22--25.Google Scholar
- Farella, E., OModhrain, S., Benini, L., and Riccó, B. Gesture signature for ambient intelligence applications: a feasibility study. In Pervasive Computing. Springer, 2006, 288--304. Google ScholarDigital Library
- Jorgensen, Z., and Yu, T. On mouse dynamics as a behavioral biometric for authentication. In Proc. 6th ACM Symposium on Information, Computer and Communications Security, ACM (2011), 476--482. Google ScholarDigital Library
- Kainda, R., Flechais, I., and Roscoe, W. A. Security and usability: Analysis and evaluation. In Availability, Reliability, and Security, 2010. ARES'10 International Conference on, IEEE (2010), 275--282.Google Scholar
- Kumar, M., Garfinkel, T., Boneh, D., and Winograd, T. Reducing shoulder-surfing by using gaze-based password entry. In Proc. 3rd symposium on Usable privacy and security, ACM (2007), 13--19. Google ScholarDigital Library
- Liu, J., Zhong, L., Wickramasuriya, J., and Vasudevan, V. uwave: Accelerometer-based personalized gesture recognition and its applications. Pervasive and Mobile Computing 5, 6 (2009), 657--675. Google ScholarDigital Library
- Liu, S., and Silverman, M. A practical guide to biometric security technology. IT Professional 3, 1 (2001), 27--32. Google ScholarDigital Library
- Maeder, A., Fookes, C., and Sridharan, S. Gaze based user authentication for personal computer applications. In Proc. 2004 International Symposium on Intelligent Multimedia, Video and Speech Processing, IEEE (2004), 727--730.Google ScholarCross Ref
- Maurer, M.-E., Waxenberger, R., and Hausen, D. Broauth: evaluating different levels of visual feedback for 3d gesture-based authentication. In Proc. AVI, ACM (2012), 737--740. Google ScholarDigital Library
- Monrose, F., and Rubin, A. D. Keystroke dynamics as a biometric for authentication. Future Generation Computer Systems 16, 4 (2000), 351--359. Google ScholarDigital Library
- Patel, S. N., Pierce, J. S., and Abowd, G. D. A gesture-based authentication scheme for untrusted public terminals. In Proc. UIST, ACM (2004), 157--160. Google ScholarDigital Library
- Ramakers, R., Vanacken, D., Luyten, K., Coninx, K., and Schöning, J. Carpus: a non-intrusive user identification technique for interactive surfaces. In Proc. UIST, ACM (2012), 35--44. Google ScholarDigital Library
- Rico, J., Crossan, A., and Brewster, S. Gesture-based interfaces: Practical applications of gestures in real world mobile settings. In Whole Body Interaction. Springer, 2011, 173--186.Google Scholar
- Riley, S. Password security: What users know and what they actually do. Usability News 8, 1 (2006).Google Scholar
- Roth, V., Richter, K., and Freidinger, R. A pin-entry method resilient against shoulder surfing. In Proc. 11th ACM conference on Computer and communications security, ACM (2004), 236--245. Google ScholarDigital Library
- Sae-Bae, N., Ahmed, K., Isbister, K., and Memon, N. Biometric-rich gestures: a novel approach to authentication on multi-touch devices. In Proc. CHI, ACM (2012), 977--986. Google ScholarDigital Library
- Sahami Shirazi, A., Moghadam, P., Ketabdar, H., and Schmidt, A. Assessing the vulnerability of magnetic gestural authentication to video-based shoulder surfing attacks. In Proc. CHI, ACM (New York, NY, USA, 2012), 2045--2048. Google ScholarDigital Library
- Sakoe, H., and Chiba, S. Dynamic programming algorithm optimization for spoken word recognition. IEEE Transactions on Acoustics, Speech and Signal Processing 26, 1 (1978), 43--49.Google ScholarCross Ref
- Tari, F., Ozok, A., and Holden, S. H. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In Proc. 2nd symposium on Usable privacy and security, ACM (2006), 56--66. Google ScholarDigital Library
- Vatavu, R.-D., Anthony, L., and Wobbrock, J. O. Gestures as point clouds: a $p recognizer for user interface prototypes. In Proc. 14th ACM international conference on Multimodal interaction, ACM (2012), 273--280. Google ScholarDigital Library
- von Zezschwitz, E., De Luca, A., and Hussmann, H. Survival of the shortest: A retrospective analysis of influencing factors on password composition. In Proc. INTERACT 2013. Springer, 2013, 460--467.Google ScholarCross Ref
- von Zezschwitz, E., Koslow, A., De Luca, A., and Hussmann, H. Making graphic-based authentication secure against smudge attacks. In Proc. IUI, ACM (New York, NY, USA, 2013), 277--286. Google ScholarDigital Library
- Wiedenbeck, S., Waters, J., Sobrado, L., and Birget, J.-C. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In Proc. AVI, ACM (2006), 177--184. Google ScholarDigital Library
- Zhang, Y.-B., Li, Q., You, J., and Bhattacharya, P. Palm vein extraction and matching for personal authentication. In Advances in Visual Information Systems. Springer, 2007, 154--164. Google ScholarDigital Library
Index Terms
- AirAuth: evaluating in-air hand gestures for authentication
Recommendations
AirAuth: a biometric authentication system using in-air hand gestures
CHI EA '14: CHI '14 Extended Abstracts on Human Factors in Computing SystemsAirAuth is a biometric authentication technique that uses in-air hand gestures to authenticate users tracked through a short-range depth sensor. Our method tracks multiple distinct points on the user's hand simultaneously that act as a biometric to ...
AirAuth: towards attack-resilient biometric authentication using in-air gestures
CHI EA '14: CHI '14 Extended Abstracts on Human Factors in Computing SystemsAirAuth is a biometric, gesture-based authentication system based on in-air gesture input. We describe the operations necessary to sample enrollment gestures and to perform matching for authentication, using data from a short range depth sensor. We ...
Multi-factor biometrics for authentication: a false sense of security
MM&Sec '10: Proceedings of the 12th ACM workshop on Multimedia and securityMulti-factor biometric authentications have been proposed recently to strengthen security and/or privacy of biometric systems in addition to enhancing authentication accuracy. An important approach to multi-factor biometric authentication is to apply ...
Comments