Fig 2 - uploaded by Carsten Röcker
Content may be subject to copyright.
Source publication
When a user enters a personal identification number (PIN) into an automated teller machine or a point of sale terminal, there is a risk of some one watching from behind, trying to guess the PIN code. Such shoulder-surfing is a major security threat. In order to overcome this problem different PIN entry methods have been suggested. In this regard, g...
Similar publications
Usability of software is a crucial aspect of successful applications and could give one application a competitive edge over another. Eye tracking is a popular approach to usability evaluation, but is time consuming and requires expert analysis. This paper proposes a semi-automated process for identifying usability problems in applications with a ta...
Citations
... For example, Kumar et al. [93] proposed one of the first gaze-based authentication schemes where users fixated characters on an on-screen keyboard and then pressed the space button to select them. The same scheme was used on ATMs by Seetharama et al. [142]. Similar work was also done by Kasprowski et al. [63] who used gaze for pointing at PINs and confirmed selection by pressing a key. ...
For the past 20 years, researchers have investigated the use of eye tracking in security applications. We present a holistic view on gaze-based security applications. In particular, we canvassed the literature and classify the utility of gaze in security applications into a) authentication, b) privacy protection, and c) gaze monitoring during security critical tasks. This allows us to chart several research directions, most importantly 1) conducting field studies of implicit and explicit gaze-based authentication due to recent advances in eye tracking, 2) research on gaze-based privacy protection and gaze monitoring in security critical tasks which are under-investigated yet very promising areas, and 3) understanding the privacy implications of pervasive eye tracking. We discuss the most promising opportunities and most pressing challenges of eye tracking for security that will shape research in gaze-based security applications for the next decade.
... Thus, for entering a four-digit PIN, six dwells are required, making the interaction slow. Seetharama et al. [33] replaced dwell with blink activation, whereby the user closed their eyes for a second to confirm digit selection. However, blink-based selection is slow and unnatural for end users [23]. ...
We present TouchGazePath, a multimodal method for entering personal identification numbers (PINs). Using a touch-sensitive display showing a virtual keypad, the user initiates input with a touch at any location, glances with their eye gaze on the keys bearing the PIN numbers, then terminates input by lifting their finger. TouchGazePath is not susceptible to security attacks, such as shoulder surfing, thermal attacks, or smudge attacks. In a user study with 18 participants, TouchGazePath was compared with the traditional Touch-Only method and the multimodal Touch+Gaze method, the latter using eye gaze for targeting and touch for selection. The average time to enter a PIN with TouchGazePath was 3.3 s. This was not as fast as Touch-Only (as expected), but was about twice as fast the Touch+Gaze. TouchGazePath was also more accurate than Touch+Gaze. TouchGazePath had high user ratings as a secure PIN input method and was the preferred PIN input method for 11 of 18 participants.
... Seetharama et al. [38] proposed a look-and-shoot method where the user ixates on the digit and selects it by clicking on a button, however, this approach depends strongly on the accuracy of the tracking device. Moreover, no study on the target size was performed by the author for proper activation as in [16]. ...
We present PathWord (PATH passWORD), a multimodal digit entry method for ad-hoc authentication based on known digits shape and user relative eye movements. PathWord is a touch-free, gaze-based input modality, which attempts to decrease shoulder surfing attacks when unlocking a system using PINs. The system uses a modified web camera to detect the user's eye. This enables suppressing direct touch, making it difficult for passer-bys to be aware of the input digits, thus reducing shoulder surfing and smudge attacks. In addition to showing high accuracy rates (Study 1: 87.1% successful entries) and strong confidentiality through detailed evaluations with 42 participants (Study 2), we demonstrate how PathWord considerably diminishes the potential of stolen passwords (on average 2.38% stolen passwords with PathWord vs. over 90% with traditional PIN screen). We show use-cases of PathWord and discuss its advantages over traditional input modalities. We envision PathWord as a method to foster confidence while unlocking a system through gaze gestures.
The fundamental problem for designing a gaze-based human-computer interaction is related to development of an effective method for activating graphical user interface elements by means of gaze only. Such a method should be easy for the user to apply, however at the same time, it requires eye movements that are clearly different from the natural behavior of the eye. We examined three methods of button activation by gaze, looking for the most effective way of gaze "clicking". These were: 1) the most standard method based on the use of dwell-time, 2) its modification based on detection of fixation located inside the buttons area and 3) and the most novel method based on gaze gestures consisting of movement into the button area and outward movement in the approximately opposite direction. We compared these gaze control methods under homogeneous conditions, which allows for a more reliable assessment of their relative usefulness. Two layouts of buttons were used: arranged on a grid, like on a telephone pad, and on a circle with an empty center. The experimental task was to enter a set of four-digit PINs using a set of gaze buttons corresponding to ten digits. A group of novices were instructed to use all the three methods and both button layouts (six experimental conditions). The activation methods were compared in terms of system usability, objectively measured by the PIN entry speed and the number of errors, as well as using a subjective SUS questionnaire. The system based on gaze gestures was worse in both measures; however, it had its followers. The method based on fixation detection instead of dwell-time did not significantly increase the entry speed due to the greater number of errors caused by non-intentional buttons activation. The circle layout turned out to be generally more convenient than the telephone pad layout.
Due to technological progress, financial institutions have included ATMs as one of their main channels as a way to decentralize their services. However, there is a gap between user expectations and their perceptions regarding what ATM interfaces offer. As a result, several users feel dissatisfied after using ATMs and many times this dissatisfaction is related to the difficulty of use, design flaws and the fact of committing many errors when interfaces have a low degree of usability. In this sense, in this study we present a Systematic Literature Review (SLR) about usability on ATM interfaces. With this study, we want to understand the current situation of the problems mentioned before, so we seek to know the problems and challenges that have been presented lately for these electronic media, as well as the solutions that have addressed these problems, and the techniques and methods used to carry out these designs or redesigns. For this, the protocol proposed by Kitchenham was followed. Scopus, ACM Digital Library, Alicia and IEEE Digital Library were searched, and finally 51 papers were selected as relevant. With this information it was possible to identify and analyze challenges, usability issues, usability evaluations, and techniques and methods used to carry out designs or redesigns, as well as case studies of designs or redesigns in the ATM domain. We found that this topic is being developed in recent years, that there are common challenges encountered, and that designs, redesigns and usability evaluations have been carried out in this domain under different methods, techniques and frameworks. However, several of these usability issues persist today.
Although conventional PIN-entry methods are widely used in many daily authentication procedures, they are highly susceptible to shoulder-surfing attacks. A plethora of PIN-entry methods have been proposed in the literature to mitigate such attacks. Unfortunately, none of these methods is capable of replacing the conventional PIN-entry method. This study presents the results of a systematic review of PIN-entry methods resistant to shoulder- surfing attacks so that the main challenges that impede their adoption can be provided along with opportunities for future research. A systematic search was conducted on seven databases using predefined criteria. A test–retest approach was performed by a single author to extract data. A total of 55 articles were included in this review. The review results man- ifest that PIN-entry methods are classified mainly into direct and indirect inputs. The user study was the standard research method, and error rate and PIN-entry time were the most frequently adopted usability measures. The review argues that a recording-based shoulder- surfing attack is a major threat to PIN-entry methods. Error rate and PIN-entry time are widely adopted criteria for usability. The review indicates that most PIN-entry methods re- quire a high error rate and PIN-entry time than the conventional method. Moreover, the lack of a standard evaluation framework should be addressed.
Eye-tracking tools estimate the locations in a scene where a user is fixating on. They are used in various domains including human-computer interaction (HCI) and learning transfer. As an example, gaze-based text entry allows interacting with computing systems remotely without touching the interface. They are also used to comprehend the visual behaviors of a pilot searching for information in a cockpit. However, a number of barriers still exists and makes these devices less accurate and difficult to use in daily activities. One of these problems is the shift between the actual and the estimated position of the user’s point-of-regard, which systematically comes from the eye-tracking systems’ accuracy. Following recent advances, there is an increasing interest in affordable systems that have the potential to be more accurate and, researchers are continually investigating novel approaches.This thesis covers different issues of eye movement research. It proposes the use of novel approaches as a step towards overcoming these accuracy issues. More specifically, we introduce novel strategies for detecting mapping functions for gaze estimation and calibration-free gaze interaction. In addition to proposing frameworks and strategies for improving accuracy, new calibration procedures and patterns are also revealed and discussed. In this thesis, we address these issues in three different ways: calibration and mapping functions, Human-computer Interaction using the eyes, visualization and exploration. We present four main contributions. First, we present a new method for calibrating state-of-the-art eye trackers with better accuracy. Second, we present a new gaze-based authentication method which works without any prior calibration, and can be extended to any alphanumeric-based input modality. Third, we present an uncertainty visualization approach. Finally, a method of analyzing eyemovements data and aircraft trajectories using a novel brushing technique is proposed.
