research-article

Analysis of Reflexive Eye Movements for Fast Replay-Resistant Biometric Authentication

Authors:

Ivo Sluganovic,

Marc Roeschlin,

Kasper B. Rasmussen,

Ivan MartinovicAuthors Info & Claims

ACM Transactions on Privacy and Security (TOPS), Volume 22, Issue 1

Article No.: 4, Pages 1 - 30

https://doi.org/10.1145/3281745

Published: 16 November 2018 Publication History

Abstract

Eye tracking devices have recently become increasingly popular as an interface between people and cons-umer-grade electronic devices. Due to the fact that human eyes are fast, responsive, and carry information unique to an individual, analyzing person’s gaze is particularly attractive for rapid biometric authentication. Unfortunately, previous proposals for gaze-based authentication systems either suffer from high error rates or requires long authentication times.

We build on the fact that some eye movements can be reflexively and predictably triggered and develop an interactive visual stimulus for elicitation of reflexive eye movements that support the extraction of reliable biometric features in a matter of seconds, without requiring any memorization or cognitive effort on the part of the user. As an important benefit, our stimulus can be made unique for every authentication attempt and thus incorporated in a challenge-response biometric authentication system. This allows us to prevent replay attacks, which are possibly the most applicable attack vectors against biometric authentication.

Using a gaze tracking device, we build a prototype of our system and perform a series of systematic user experiments with 30 participants from the general public. We thoroughly analyze various system parameters and evaluate the performance and security guarantees under several different attack scenarios. The results show that our system matches or surpasses existing gaze-based authentication methods in achieved equal error rates (6.3%) while achieving significantly lower authentication times (5s).

References

[1]

William W. Abbott and Aldo A. Faisal. 2012. Ultra-low-cost 3D gaze estimation: An intuitive high information throughput compliment to direct brain-machine interfaces. J. Neur. Eng. 9, 4 (2012).

[2]

Richard A. Abrams, David E. Meyer, and Sylvan Kornblum. 1989. Speed and accuracy of saccadic eye movements: Characteristics of impulse variability in the oculomotor system. J. Exp. Psychol. Hum. Percept. Perf. 15, 3 (1989).

[3]

Terry Bahill, Michael R. Clark, and Lawrence Stark. 1975. The main sequence, a tool for studying human eye movements. Math. Biosci. 24, 3--4 (1975), 191--204.

[4]

Terry Bahill and Tom Laritz. 1984. Why can’t batters keep their eyes on the ball? Am. Sci. May-June (1984).

[5]

Arman Boehm, Dongqu Chen, Mario Frank, Ling Huang, Cynthia Kuo, Tihomir Lolic, Ivan Martinovic, and Dawn Song. 2013. SAFE: Secure authentication with face and eyes. In Proceedings of the 2013 International Conference on Privacy and Security in Mobile Systems (PRISMS’13).

[6]

Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2012. Increasing the security of gaze-based cued-recall graphical passwords using saliency masks. In Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (CHI’12).

Digital Library

[7]

Virginio Cantoni, Chiara Galdi, Michele Nappi, Marco Porta, and Daniel Riccio. 2015. GANT: Gaze analysis technique for human identification. Pattern Recogn. 48, 4 (2015).

[8]

Monica S. Castelhano and John M. Henderson. 2008. Stable individual differences across images in human saccadic eye movements. Can. J. Exp. Psychol. 62, 1 (2008), 1--14.

[9]

Jennie E. S Choi, Pavan A. Vaswani, and Reza Shadmehr. 2014. Vigor of movements and the cost of time in decision making. J. Neurosci. 34, 4 (2014).

[10]

Corinna Cortes and Vladimir Vapnik. 1995. Support-vector networks. Mach. Learn. 20 (1995), 273--297.

Digital Library

[11]

Alexander De Luca, Martin Denzel, and Heinrich Hussmann. 2009. Look into my eyes&excl;: Can you guess my password?. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS’09). ACM, New York, NY, Article 7.

Digital Library

[12]

Francesco Di Russo, Sabrina Pitzalis, and Donatella Spinelli. 2003. Fixation stability and saccadic latency in elite shooters. Vis. Res. 43, 17 (2003).

[13]

Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, and Ivan Martinovic. 2015. Preventing lunchtime attacks: Fighting insider threats with eye movement biometrics. In Proceedings of the 2015 Networked and Distributed System Security Symposium.

[14]

Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, and Ivan Martinovic. 2016. Looks like eve: Exposing insider threats using eye movement biometrics. ACM Trans. Priv. Secur. 19, 1, Article 1 (Jun. 2016), 31 pages.

Digital Library

[15]

Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. 2013. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. Trans. Info. For. Sec. 8, 1 (Jan. 2013), 136--148.

Digital Library

[16]

Lee Friedman, Mark S. Nixon, and Oleg V. Komogortsev. 2017. Method to assess the temporal persistence of potential biometric features: Application to oculomotor, gait, face and brain structure databases. PloS ONE 12, 6 (2017), e0178501.

[17]

Chiara Galdi, Michele Nappi, Daniel Riccio, Virginio Cantoni, and Marco Porta. 2013. A new gaze analysis based soft-biometric. In Lecture Notes in Computer Science, Vol. 7914 (2013).

[18]

Lawrence R. Gottlob, Mark T. Fillmore, and Ben D. Abroms. 2007. Age-group differences in saccadic interference. J. Gerontol. B 62, 2 (2007), 85--89.

[19]

Katarzyna Harezlak, Pawel Kasprowski, and Mateusz Stasch. 2014. Towards accurate eye tracker calibration--methods and procedures. Proc. Comput. Sci. 35, 5 (2014), 1073--1081. https://www.sciencedirect.com/journal/procedia-computer-science/issues.

[20]

Corey D. Holland and Oleg V. Komogortsev. 2011. Biometric identification via eye movement scanpaths in reading. In Proceedings of the 2011 International Joint Conference on Biometrics (IJCB’11).

Digital Library

[21]

Corey D. Holland and Oleg V. Komogortsev. 2013. Complex eye movement pattern biometrics: Analyzing fixations and saccades. In Proceedings of the 2013 International Conference on Biometrics (ICB’13).

[22]

Kenneth Holmqvist, Marcus Nystrom, Richard Andersson, Richard Dewhurst, Jarodzka Halszka, and Joost van de Weijer. 2011. Eye Tracking: A Comprehensive Guide to Methods and Measures. Oxford University Press.

[23]

Pawel Kasprowski. 2004. Human identification using eye movements. Institute of Computer Science (2004).

[24]

Paweł Kasprowski. 2013. The impact of temporal proximity between samples on eye movement biometric identification. In Computer Information Systems and Industrial Management. Springer, 77--87.

[25]

Pawel Kasprowski. 2014. The second eye movements verification and identification competition. In Proceedings of the IEEE 8 IAPR International Joint Conference on Biometrics.

[26]

Pawel Kasprowski and Katarzyna Harezlak. 2018. Fusion of eye movement and mouse dynamics for reliable behavioral biometrics. Pattern Anal. Appl. 21, 1 (2018), 91--103.

Digital Library

[27]

Pawel Kasprowski, Oleg V. Komogortsev, and Alex Karpov. 2012. First eye movement verification and identification competition. In Proceedings of the 2012 IEEE 5th International Conference on Biometrics: Theory, Applications and Systems (BTAS’12).

[28]

Pawel Kasprowski and Jozef Ober. 2003. Eye movements in biometrics. Biometrics 3087, 200 (2003).

[29]

Katharine Byrne. 2015. MSI 8 Tobii join forces to create eye-tracking gaming laptop. Retrieved from http://www.expertreviews.co.uk/laptops/1403340/msi-tobii-join-forces-to-create-eye-tracking-gaming-laptop.

[30]

Ami Klin, Warren Jones, Robert Schultz, Fred Volkmar, and Donald Cohen. 2002. Visual fixation patterns during viewing of naturalistic social situations as predictors of social competence in individuals with autism. Arch. Gen. Psychiat. 59 (2002), 809--816.

[31]

Tomasz Kocejko and Jerzy Wtorek. 2012. In Proceedings of the 3rd International Conference on Information Technologies in Biomedicine (ITIB’12). Springer, Berlin, 589--602.

Digital Library

[32]

Olga V. Kolesnikova, Lav V. Tereshchenko, Alexander V. Latanov, and Viktor V. Shulgovskii. 2010. Effects of visual environment complexity on saccade performance in humans with different functional asymmetry profiles. Neurosci. Behav. Physiol. 40, 8 (2010), 869--876.

[33]

Oleg V. Komogortsev, Ukwatta K. S. Jayarathna, Cecilia R. Aragon, and Mahmoud Mechehoul. 2010. Biometric identification via an oculomotor plant mathematical model. In Proceedings of the Eye Tracking Research 8 Applications Symposium.

Digital Library

[34]

Oleg V. Komogortsev, Alexey Karpov, and Corey D. Holland. 2015. Attack of mechanical replicas: Liveness detection with eye movements. IEEE Trans. Inf. Forens. Secur. 10, 4 (2015).

Digital Library

[35]

Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS’07). ACM, New York, NY.

Digital Library

[36]

Michael F. Land. 2011. Oculomotor behaviour in vertebrates and invertebrates. The Oxford Handbook of Eye Movements, Vol. 1.

[37]

Emiliano Miluzzo, Tianyu Wang, and Andrew T. Campbell. 2010. EyePhone: Activating mobile phones with your eyes. In Proceedings of the Workshop on Networking, Systems, and Applications on Mobile Handhelds (MobiHeld’10).

Digital Library

[38]

Marcus Nystrom and Kenneth Holmqvist. 2010. An adaptive algorithm for fixation, saccade, and glissade detection in eyetracking data. Behav. Res. Methods 42, 1 (2010).

[39]

Tony Poitschke, Florian Laquai, Stilyan Stamboliev, and Gerhard Rigoll. Gaze-based interaction on multiple displays in an automotive environment. In Proceedings of the Annual Conference IEEE International Conference on Systems, Man and Cybernetics.

[40]

Ioannis Rigas, George Economou, and Spiros Fotopoulos. 2012. Biometric identification based on the eye movements and graph matching techniques. Pattern Recogn. Lett. 33, 6 (2012).

Digital Library

[41]

Ioannis Rigas and Oleg V. Komogortsev. 2014. Biometric recognition via probabilistic spatial projection of eye movement trajectories in dynamic visual environments. IEEE Trans. Inf. Forens. Secur. 9, 10 (2014).

Digital Library

[42]

Usman Saeed. 2016. Eye movements during scene understanding for biometric identification. Pattern Recogn. Lett. 82, P2 (Oct. 2016), 190--195.

Digital Library

[43]

SensoMotoric Instruments GmbH. 2011. SMI RED500 Technical Specification. Technical Report. SensoMotoric Instruments GmbH, Teltow, Germany.

[44]

Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael K. Reiter. 2016. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 1528--1540.

Digital Library

[45]

Ivo Sluganovic, Marc Roeschlin, Kasper B. Rasmussen, and Ivan Martinovic. 2016. Using reflexive eye movements for fast challenge-response authentication. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 1056--1067.

Digital Library

[46]

Petroc Sumner. 2011. Determinants of saccade latency. In Oxford Handbook of Eye Movements. Vol. 22. 411--424.

[47]

Robin Walker, David G. Walker, Masud Husain, and Christopher Kennard. 2000. Control of voluntary and reflexive saccades. Exp. Brain Res. 130, 4 (Feb. 2000), 540--544.

[48]

Yi Xu, True Price, Jan-Michael Frahm, and Fabian Monrose. 2016. Virtual U: Defeating face liveness detection by building virtual models from your public photos. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 497--512.

Digital Library

[49]

Yun Zhang, Zheru Chi, and Dagan Feng. 2011. An analysis of eye movement based authentication systems. In Proceedings of the International Conference on Mechanical Engineering and Technology (ICMET-London’11).

[50]

Youming Zhang, Jorma Laurikkala, and Martti Juhola. 2014. Biometric verification of a subject with eye movements. Int. J. Biometr. 6, 1 (Mar. 2014), 75--94.

Digital Library

Cited By

Kuang LZeng FJiang HLiu DLi JZheng HZhang QMin G(2024)DEyeAuth: A Secure Smartphone User Authentication System Integrating Eyelid Patterns With Eye GesturesIEEE Internet of Things Journal10.1109/JIOT.2024.340778011:18(30069-30083)Online publication date: 15-Sep-2024
https://doi.org/10.1109/JIOT.2024.3407780
Ruiu PFadda MLagorio ANixon SAnedda MGrosso ECadoni M(2024)Uniss-FGD: A Novel Dataset of Human Gazes Over Images of FacesIEEE Access10.1109/ACCESS.2024.340647812(75951-75964)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3406478
Hamadouche MKhalil ZTEBBI HGUERROUMI MZAFOUNE Y(2024)A replay attack detection scheme based on perceptual image hashingMultimedia Tools and Applications10.1007/s11042-023-15300-583:3(8999-9031)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1007/s11042-023-15300-5
Show More Cited By

Index Terms

Analysis of Reflexive Eye Movements for Fast Replay-Resistant Biometric Authentication
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Interaction devices
2. Security and privacy
  1. Security services
    1. Authentication
      1. Biometrics
  2. Systems security

Recommendations

Using Reflexive Eye Movements for Fast Challenge-Response Authentication
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Eye tracking devices have recently become increasingly popular as an interface between people and consumer-grade electronic devices. Due to the fact that human eyes are fast, responsive, and carry information unique to an individual, analyzing person's ...
Biometric Recognition via Eye Movements: Saccadic Vigor and Acceleration Cues

Previous research shows that human eye movements can serve as a valuable source of information about the structural elements of the oculomotor system and they also can open a window to the neural functions and cognitive mechanisms related to visual ...
Using Pupil Light Reflex for Fast Biometric Authentication
ACM TURC '20: Proceedings of the ACM Turing Celebration Conference - China

The prevalence of using biometric for user authentication has attracted much attention. On the other hand, mobile devices such as smart glasses and VR headsets have gained great popularity among recent years. It is desirable to integrate authentication ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security

ACM Transactions on Privacy and Security Volume 22, Issue 1

February 2019

226 pages

ISSN:2471-2566

EISSN:2471-2574

DOI:10.1145/3287762

Editor:
David Basin
ETH Zurich, Switzerland

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 November 2018

Accepted: 01 September 2018

Revised: 01 May 2018

Received: 01 September 2017

Published in TOPS Volume 22, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Engineering and Physical Sciences Research Council
University of Oxford

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
450
Total Downloads

Downloads (Last 12 months)98
Downloads (Last 6 weeks)4

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kuang LZeng FJiang HLiu DLi JZheng HZhang QMin G(2024)DEyeAuth: A Secure Smartphone User Authentication System Integrating Eyelid Patterns With Eye GesturesIEEE Internet of Things Journal10.1109/JIOT.2024.340778011:18(30069-30083)Online publication date: 15-Sep-2024
https://doi.org/10.1109/JIOT.2024.3407780
Ruiu PFadda MLagorio ANixon SAnedda MGrosso ECadoni M(2024)Uniss-FGD: A Novel Dataset of Human Gazes Over Images of FacesIEEE Access10.1109/ACCESS.2024.340647812(75951-75964)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3406478
Hamadouche MKhalil ZTEBBI HGUERROUMI MZAFOUNE Y(2024)A replay attack detection scheme based on perceptual image hashingMultimedia Tools and Applications10.1007/s11042-023-15300-583:3(8999-9031)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1007/s11042-023-15300-5
Reyes Riveros ASalinas Meza JMendoza de los Santos A(2023)Modelo de Autentificación de Doble FactorInnovación y Software10.48168/innosoft.s11.a814:1(82-95)Online publication date: 30-Mar-2023
https://doi.org/10.48168/innosoft.s11.a81
Reyes Campos JCastañeda Rodríguez CAlva Luján LMendoza de los Santos A(2023)Sistema de reconocimiento facial para el control de accesos mediante Inteligencia ArtificialInnovación y Software10.48168/innosoft.s11.a784:1(24-36)Online publication date: 30-Mar-2023
https://doi.org/10.48168/innosoft.s11.a78
Fallahi MArias-Cabarcos PStrufe TMeng WJensen CCremers CKirda E(2023)Poster: Towards Practical Brainwave-based User AuthenticationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3624399(3627-3629)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3624399
Odya PGórski FCzyżewski A(2023)User Authentication by Eye Movement Features Employing SVM and XGBoost ClassifiersIEEE Access10.1109/ACCESS.2023.330900011(93341-93353)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3309000
David-John BButler KJain E(2022)For Your Eyes Only: Privacy-preserving eye-tracking datasets2022 Symposium on Eye Tracking Research and Applications10.1145/3517031.3529618(1-6)Online publication date: 8-Jun-2022
https://dl.acm.org/doi/10.1145/3517031.3529618
Porta MDondi PZangrandi NLombardi L(2022)Gaze-Based Biometrics From Free Observation of Moving ElementsIEEE Transactions on Biometrics, Behavior, and Identity Science10.1109/TBIOM.2021.31307984:1(85-96)Online publication date: Jan-2022
https://doi.org/10.1109/TBIOM.2021.3130798
Kavusi HMaghooli KHaghipour S(2022)A novel and smarter model to authenticate and identify people intelligently for security purposesTelecommunications Systems10.1007/s11235-022-00957-482:1(27-43)Online publication date: 6-Oct-2022
https://dl.acm.org/doi/10.1007/s11235-022-00957-4
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents