PassWalk: Spatial Authentication Leveraging Lateral Shift and Gaze on Mobile Headsets

Abhishek Kumar; Lik Hang Lee; Jagmohan Chauhan; Xiang Su; Mohammad A. Hoque; Susanna Pirttikangas; Sasu Tarkoma; Pan Hui

doi:10.1145/3503161.3548252

PassWalk: Spatial Authentication Leveraging Lateral Shift and Gaze on Mobile Headsets

Abhishek Kumar, Lik Hang Lee^*, Jagmohan Chauhan, Xiang Su, Mohammad A. Hoque, Susanna Pirttikangas, Sasu Tarkoma, Pan Hui

^*Corresponding author for this work

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

10 Citations (Scopus)

Abstract

Secure and usable user authentication on mobile headsets is a challenging problem. The miniature-sized touchpad on such devices becomes a hurdle to user interactions that impact usability. However, the most common authentication methods, i.e., the standard QWERTY virtual keyboard or mid-air inputs to enter passwords are highly vulnerable to shoulder surfing attacks. In this paper, we present PassWalk, a keyboard-less authentication system leveraging multi-modal inputs on mobile headsets. PassWalk demonstrates the feasibility of user authentication driven by the user's gaze and lateral shifts (i.e., footsteps) simultaneously. The keyboard-less authentication interface in PassWalk enables users to accomplish highly mobile inputs of graphical passwords, containing digital overlays and physical objects. We conduct an evaluation with 22 recruited participants (15 legitimate users and 7 attackers). Our results show that PassWalk provides high security (only 1.1% observation attacks were successful) with a mean authentication time of 8.028s, which outperforms the commercial method of using the QWERTY virtual keyboard (21.5% successful attacks) and a research prototype LookUnLock (5.5% successful attacks). Additionally, PassWalk entails a significantly smaller workload on the user than the current commercial methods.

Original language	English
Title of host publication	MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia
Publisher	Association for Computing Machinery, Inc
Pages	952-960
Number of pages	9
ISBN (Electronic)	9781450392037
DOIs	https://doi.org/10.1145/3503161.3548252
Publication status	Published - 10 Oct 2022
Externally published	Yes
Event	30th ACM International Conference on Multimedia, MM 2022 - Lisboa, Portugal Duration: 10 Oct 2022 → 14 Oct 2022

Publication series

Name	MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia

Conference

Conference	30th ACM International Conference on Multimedia, MM 2022
Country/Territory	Portugal
City	Lisboa
Period	10/10/22 → 14/10/22

Bibliographical note

Publisher Copyright:
© 2022 ACM.

Keywords

AR/VR
authentication
immersive reality
metaverse
mobile headsets

Access to Document

10.1145/3503161.3548252

Cite this

Kumar, A., Lee, L. H., Chauhan, J., Su, X., Hoque, M. A., Pirttikangas, S., Tarkoma, S., & Hui, P. (2022). PassWalk: Spatial Authentication Leveraging Lateral Shift and Gaze on Mobile Headsets. In MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia (pp. 952-960). (MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia). Association for Computing Machinery, Inc. https://doi.org/10.1145/3503161.3548252

@inproceedings{9d2c66e392b847678eb41fcc6c6d3d69,

title = "PassWalk: Spatial Authentication Leveraging Lateral Shift and Gaze on Mobile Headsets",

abstract = "Secure and usable user authentication on mobile headsets is a challenging problem. The miniature-sized touchpad on such devices becomes a hurdle to user interactions that impact usability. However, the most common authentication methods, i.e., the standard QWERTY virtual keyboard or mid-air inputs to enter passwords are highly vulnerable to shoulder surfing attacks. In this paper, we present PassWalk, a keyboard-less authentication system leveraging multi-modal inputs on mobile headsets. PassWalk demonstrates the feasibility of user authentication driven by the user's gaze and lateral shifts (i.e., footsteps) simultaneously. The keyboard-less authentication interface in PassWalk enables users to accomplish highly mobile inputs of graphical passwords, containing digital overlays and physical objects. We conduct an evaluation with 22 recruited participants (15 legitimate users and 7 attackers). Our results show that PassWalk provides high security (only 1.1\% observation attacks were successful) with a mean authentication time of 8.028s, which outperforms the commercial method of using the QWERTY virtual keyboard (21.5\% successful attacks) and a research prototype LookUnLock (5.5\% successful attacks). Additionally, PassWalk entails a significantly smaller workload on the user than the current commercial methods.",

keywords = "AR/VR, authentication, immersive reality, metaverse, mobile headsets",

author = "Abhishek Kumar and Lee, \{Lik Hang\} and Jagmohan Chauhan and Xiang Su and Hoque, \{Mohammad A.\} and Susanna Pirttikangas and Sasu Tarkoma and Pan Hui",

note = "Publisher Copyright: {\textcopyright} 2022 ACM.; 30th ACM International Conference on Multimedia, MM 2022 ; Conference date: 10-10-2022 Through 14-10-2022",

year = "2022",

month = oct,

day = "10",

doi = "10.1145/3503161.3548252",

language = "English",

series = "MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia",

publisher = "Association for Computing Machinery, Inc",

pages = "952--960",

booktitle = "MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia",

}

Kumar, A, Lee, LH, Chauhan, J, Su, X, Hoque, MA, Pirttikangas, S, Tarkoma, S & Hui, P 2022, PassWalk: Spatial Authentication Leveraging Lateral Shift and Gaze on Mobile Headsets. in MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia. MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia, Association for Computing Machinery, Inc, pp. 952-960, 30th ACM International Conference on Multimedia, MM 2022, Lisboa, Portugal, 10/10/22. https://doi.org/10.1145/3503161.3548252

PassWalk: Spatial Authentication Leveraging Lateral Shift and Gaze on Mobile Headsets. / Kumar, Abhishek; Lee, Lik Hang; Chauhan, Jagmohan et al.
MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia. Association for Computing Machinery, Inc, 2022. p. 952-960 (MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia).

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

TY - GEN

T1 - PassWalk

T2 - 30th ACM International Conference on Multimedia, MM 2022

AU - Kumar, Abhishek

AU - Lee, Lik Hang

AU - Chauhan, Jagmohan

AU - Su, Xiang

AU - Hoque, Mohammad A.

AU - Pirttikangas, Susanna

AU - Tarkoma, Sasu

AU - Hui, Pan

PY - 2022/10/10

Y1 - 2022/10/10

N2 - Secure and usable user authentication on mobile headsets is a challenging problem. The miniature-sized touchpad on such devices becomes a hurdle to user interactions that impact usability. However, the most common authentication methods, i.e., the standard QWERTY virtual keyboard or mid-air inputs to enter passwords are highly vulnerable to shoulder surfing attacks. In this paper, we present PassWalk, a keyboard-less authentication system leveraging multi-modal inputs on mobile headsets. PassWalk demonstrates the feasibility of user authentication driven by the user's gaze and lateral shifts (i.e., footsteps) simultaneously. The keyboard-less authentication interface in PassWalk enables users to accomplish highly mobile inputs of graphical passwords, containing digital overlays and physical objects. We conduct an evaluation with 22 recruited participants (15 legitimate users and 7 attackers). Our results show that PassWalk provides high security (only 1.1% observation attacks were successful) with a mean authentication time of 8.028s, which outperforms the commercial method of using the QWERTY virtual keyboard (21.5% successful attacks) and a research prototype LookUnLock (5.5% successful attacks). Additionally, PassWalk entails a significantly smaller workload on the user than the current commercial methods.

AB - Secure and usable user authentication on mobile headsets is a challenging problem. The miniature-sized touchpad on such devices becomes a hurdle to user interactions that impact usability. However, the most common authentication methods, i.e., the standard QWERTY virtual keyboard or mid-air inputs to enter passwords are highly vulnerable to shoulder surfing attacks. In this paper, we present PassWalk, a keyboard-less authentication system leveraging multi-modal inputs on mobile headsets. PassWalk demonstrates the feasibility of user authentication driven by the user's gaze and lateral shifts (i.e., footsteps) simultaneously. The keyboard-less authentication interface in PassWalk enables users to accomplish highly mobile inputs of graphical passwords, containing digital overlays and physical objects. We conduct an evaluation with 22 recruited participants (15 legitimate users and 7 attackers). Our results show that PassWalk provides high security (only 1.1% observation attacks were successful) with a mean authentication time of 8.028s, which outperforms the commercial method of using the QWERTY virtual keyboard (21.5% successful attacks) and a research prototype LookUnLock (5.5% successful attacks). Additionally, PassWalk entails a significantly smaller workload on the user than the current commercial methods.

KW - AR/VR

KW - authentication

KW - immersive reality

KW - metaverse

KW - mobile headsets

UR - https://www.scopus.com/pages/publications/85150973152

U2 - 10.1145/3503161.3548252

DO - 10.1145/3503161.3548252

M3 - Conference Paper published in a book

AN - SCOPUS:85150973152

T3 - MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia

SP - 952

EP - 960

BT - MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia

PB - Association for Computing Machinery, Inc

Y2 - 10 October 2022 through 14 October 2022

ER -

Kumar A, Lee LH, Chauhan J, Su X, Hoque MA, Pirttikangas S et al. PassWalk: Spatial Authentication Leveraging Lateral Shift and Gaze on Mobile Headsets. In MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia. Association for Computing Machinery, Inc. 2022. p. 952-960. (MM 2022 - Proceedings of the 30th ACM International Conference on Multimedia). doi: 10.1145/3503161.3548252

PassWalk: Spatial Authentication Leveraging Lateral Shift and Gaze on Mobile Headsets

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this