EyeSec: A Practical Shoulder-Surfing Resistant Gaze-Based Authentication System

  • Na Li
  • Qianhong WuEmail author
  • Jingwen Liu
  • Wei Hu
  • Bo Qin
  • Wei Wu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10701)


With ubiquitous use of electronic devices where personal information is often stored, secure authentication is greatly underscored. As conventional password entry approaches are vulnerable to shoulder-surfing, gaze-based authentication approaches have been developed, but most of them require extra eye trackers which usually rely on special hardware and are too expensive for ordinary people. Aimed at both shoulder-surfing resistance and practicality, we present EyeSec, a gaze-based authentication system which exploits state-of-art gaze tracking technology without requirement for additional hardware except for a webcam. EyeSec offers three kinds of authentications, i.e., gaze-based PIN, gaze-based pattern and gaze-based captcha. According to the results of experiment, the best-performing participants, aged between 21 and 35, achieve average \(76.2\%, \) \(90.0\%\), \(100.0\%\) success rate for passing the three kinds of authentications, respectively, which makes gaze-based authentication from theory to practice.


Gaze-based authentication Gaze tracking Shoulder-surfing Usable security Gaze-based captcha 



Qianhong Wu is the corresponding author. This paper is supported by the National High Technology Research and Development Program of China (863 Program) through project 2015AA017205, the Natural Science Foundation of China through projects 61772538, 61672083 and 61370190, and by the National Cryptography Development Fund through project MMJJ20170106. This work is supported by National Natural Science Foundation of China (61472083, 61402110, 61771140).


  1. 1.
    Baltrusaitis, T., Robinson, P., Morency, L.P.: Constrained local neural fields for robust facial landmark detection in the wild. In: Proceedings of the IEEE International Conference on Computer Vision Workshops, pp. 354–361 (2013)Google Scholar
  2. 2.
    Baltrušaitis, T., Robinson, P., Morency, L.P.: Openface: an open source facial behavior analysis toolkit. In: 2016 IEEE Winter Conference on Applications of Computer Vision (WACV), pp. 1–10. IEEE (2016)Google Scholar
  3. 3.
    Bulling, A., Alt, F., Schmidt, A.: Increasing the security of gaze-based cued-recall graphical passwords using saliency masks. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3011–3020. ACM (2012)Google Scholar
  4. 4.
    Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? A large scale evaluation. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 399–413. IEEE (2010)Google Scholar
  5. 5.
    Davin, J.T.: Baseline measurements of shoulder surfing analysis and comparability for smartphone unlock authentication. Technical report, Naval Academy Annapolis MD Annapolis (2017)Google Scholar
  6. 6.
    De Luca, A., Weiss, R., Drewes, H.: Evaluation of eye-gaze interaction methods for security enhanced pin-entry. In: Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces, pp. 199–202. ACM (2007)Google Scholar
  7. 7.
    Forget, A., Chiasson, S., Biddle, R.: Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1107–1110. ACM (2010)Google Scholar
  8. 8.
    Hansen, D.W., Ji, Q.: In the eye of the beholder: a survey of models for eyes and gaze. IEEE Trans. Pattern Anal. Mach. Intelligence 32(3), 478–500 (2010)CrossRefGoogle Scholar
  9. 9.
    Huang, X., Xiang, Y., Bertino, E., Zhou, J., Xu, L.: Robust multi-factor authentication for fragile communications. IEEE Trans. Dependable Secure Comput. 11(6), 568–581 (2014)CrossRefGoogle Scholar
  10. 10.
    Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2011)CrossRefGoogle Scholar
  11. 11.
    Jacob, R.J.: Eye tracking in advanced interface design. In: Virtual Environments and Advanced Interface Design, pp. 258–288 (1995)Google Scholar
  12. 12.
    Kassner, M., Patera, W., Bulling, A.: Pupil: an open source platform for pervasive eye tracking and mobile gaze-based interaction. In: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication, pp. 1151–1160. ACM (2014)Google Scholar
  13. 13.
    Kumar, M., Garfinkel, T., Boneh, D., Winograd, T.: Reducing shoulder-surfing by using gaze-based password entry. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 13–19. ACM (2007)Google Scholar
  14. 14.
    Lu, F., Chen, X., Sato, Y.: Appearance-based gaze estimation via uncalibrated gaze pattern recovery. IEEE Trans. Image Process. 26(4), 1543–1553 (2017)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Lu, F., Sugano, Y., Okabe, T., Sato, Y.: Inferring human gaze from appearance via adaptive linear regression. In: 2011 IEEE International Conference on Computer Vision (ICCV), pp. 153–160. IEEE (2011)Google Scholar
  16. 16.
    Papoutsaki, A., Sangkloy, P., Laskey, J., Daskalova, N., Huang, J., Hays, J.: WebGazer: scalable webcam eye tracking using user interactions. In: Proceedings of the Twenty-Fifth International Joint Conference on Artificial Intelligence (IJCAI 2016) (2016)Google Scholar
  17. 17.
    Rajanna, V., Polsley, S., Taele, P., Hammond, T.: A gaze gesture-based user authentication system to counter shoulder-surfing attacks. In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 1978–1986. ACM (2017)Google Scholar
  18. 18.
    Santini, T., Fuhl, W., Geisler, D., Kasneci, E.: EyeRecToo: open-source software for real-time pervasive head-mounted eye tracking. In: VISIGRAPP (6: VISAPP), pp. 96–101 (2017)Google Scholar
  19. 19.
    Sugano, Y., Matsushita, Y., Sato, Y.: Appearance-based gaze estimation using visual saliency. IEEE Trans. Pattern Anal. Mach. Intell. 35(2), 329–341 (2013)CrossRefGoogle Scholar
  20. 20.
    von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  21. 21.
    Weaver, J., Mock, K., Hoanca, B.: Gaze-based password authentication through automatic clustering of gaze points. In: 2011 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 2749–2754. IEEE (2011)Google Scholar
  22. 22.
    Wood, E., Bulling, A.: EyeTab: model-based gaze estimation on unmodified tablet computers. In: Proceedings of the Symposium on Eye Tracking Research and Applications, pp. 207–210. ACM (2014)Google Scholar
  23. 23.
    Wu, Q., Domingo-Ferrer, J., González-Nicolás, U.: Balanced trustworthiness, safety, and privacy in vehicle-to-vehicle communications. IEEE Trans. Veh. Technol. 59(2), 559–573 (2010)CrossRefGoogle Scholar
  24. 24.
    Zhang, X., Sugano, Y., Fritz, M., Bulling, A.: Appearance-based gaze estimation in the wild. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4511–4520 (2015)Google Scholar
  25. 25.
    Zhang, X., Sugano, Y., Fritz, M., Bulling, A.: It’s written all over your face: full-face appearance-based gaze estimation. arXiv preprint arXiv:1611.08860 (2016)

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Na Li
    • 1
  • Qianhong Wu
    • 1
    Email author
  • Jingwen Liu
    • 2
  • Wei Hu
    • 2
  • Bo Qin
    • 3
  • Wei Wu
    • 4
  1. 1.School of Electronic and Information EngineeringBeihang UniversityBeijingChina
  2. 2.Potevio Information Technology Co., Ltd.BeijingChina
  3. 3.Key Laboratory of Data Engineering and Knowledge Engineering, Ministry of Education, School of InformationRenmin University of ChinaBeijingChina
  4. 4.Fujian Provincial Key Laboratory of Network Security and Cryptology, School of Mathematics and InformaticsFujian Normal UniversityFuzhouChina

Personalised recommendations