The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

PassWalk: spatial authentication leveraging lateral shift and gaze on mobile headsets

PassWalk: spatial authentication leveraging lateral shift and gaze on mobile headsets
PassWalk: spatial authentication leveraging lateral shift and gaze on mobile headsets

Secure and usable user authentication on mobile headsets is a challenging problem. The miniature-sized touchpad on such devices becomes a hurdle to user interactions that impact usability. However, the most common authentication methods, i.e., the standard QWERTY virtual keyboard or mid-air inputs to enter passwords are highly vulnerable to shoulder surfing attacks. In this paper, we present PassWalk, a keyboard-less authentication system leveraging multi-modal inputs on mobile headsets. PassWalk demonstrates the feasibility of user authentication driven by the user's gaze and lateral shifts (i.e., footsteps) simultaneously. The keyboard-less authentication interface in PassWalk enables users to accomplish highly mobile inputs of graphical passwords, containing digital overlays and physical objects. We conduct an evaluation with 22 recruited participants (15 legitimate users and 7 attackers). Our results show that PassWalk provides high security (only 1.1% observation attacks were successful) with a mean authentication time of 8.028s, which outperforms the commercial method of using the QWERTY virtual keyboard (21.5% successful attacks) and a research prototype LookUnLock (5.5% successful attacks). Additionally, PassWalk entails a significantly smaller workload on the user than the current commercial methods.

AR/VR, authentication, immersive reality, metaverse, mobile headsets
952-960
Association for Computing Machinery
Kumar, Abhishek
c9ff4293-8fa0-47d2-9c67-5941e75d3d5b
Lee, Lik Hang
fc27c5da-95d4-458a-83f1-912cacf682df
Chauhan, Jagmohan
831a12dc-6df9-40ea-8bb3-2c5da8882804
Su, Xiang
395ab917-7503-46f2-a6b2-14accdba0415
Hoque, Mohammad A.
c6b5c0bf-b6b7-41e0-b7f3-a546efaa7dd0
Pirttikangas, Susanna
39fe026d-889e-41bb-81e0-4639af883e65
Tarkoma, Sasu
028117b5-7723-4061-b6a3-ca4c5204689f
Hui, Pan
f89491e3-a0ed-4475-a0ee-a874e3514e98
Kumar, Abhishek
c9ff4293-8fa0-47d2-9c67-5941e75d3d5b
Lee, Lik Hang
fc27c5da-95d4-458a-83f1-912cacf682df
Chauhan, Jagmohan
831a12dc-6df9-40ea-8bb3-2c5da8882804
Su, Xiang
395ab917-7503-46f2-a6b2-14accdba0415
Hoque, Mohammad A.
c6b5c0bf-b6b7-41e0-b7f3-a546efaa7dd0
Pirttikangas, Susanna
39fe026d-889e-41bb-81e0-4639af883e65
Tarkoma, Sasu
028117b5-7723-4061-b6a3-ca4c5204689f
Hui, Pan
f89491e3-a0ed-4475-a0ee-a874e3514e98

Kumar, Abhishek, Lee, Lik Hang, Chauhan, Jagmohan, Su, Xiang, Hoque, Mohammad A., Pirttikangas, Susanna, Tarkoma, Sasu and Hui, Pan (2022) PassWalk: spatial authentication leveraging lateral shift and gaze on mobile headsets. In MM '22: Proceedings of the 30th ACM International Conference on Multimedia. Association for Computing Machinery. pp. 952-960 . (doi:10.1145/3503161.3548252).

Record type: Conference or Workshop Item (Paper)

Abstract

Secure and usable user authentication on mobile headsets is a challenging problem. The miniature-sized touchpad on such devices becomes a hurdle to user interactions that impact usability. However, the most common authentication methods, i.e., the standard QWERTY virtual keyboard or mid-air inputs to enter passwords are highly vulnerable to shoulder surfing attacks. In this paper, we present PassWalk, a keyboard-less authentication system leveraging multi-modal inputs on mobile headsets. PassWalk demonstrates the feasibility of user authentication driven by the user's gaze and lateral shifts (i.e., footsteps) simultaneously. The keyboard-less authentication interface in PassWalk enables users to accomplish highly mobile inputs of graphical passwords, containing digital overlays and physical objects. We conduct an evaluation with 22 recruited participants (15 legitimate users and 7 attackers). Our results show that PassWalk provides high security (only 1.1% observation attacks were successful) with a mean authentication time of 8.028s, which outperforms the commercial method of using the QWERTY virtual keyboard (21.5% successful attacks) and a research prototype LookUnLock (5.5% successful attacks). Additionally, PassWalk entails a significantly smaller workload on the user than the current commercial methods.

This record has no associated files available for download.

More information

Published date: 10 October 2022
Venue - Dates: 30th ACM International Conference on Multimedia, MM 2022, , Lisboa, Portugal, 2022-10-10 - 2022-10-14
Keywords: AR/VR, authentication, immersive reality, metaverse, mobile headsets
Learn more about Institute for Life Sciences research

Identifiers

Local EPrints ID: 491208
URI: http://eprints.soton.ac.uk/id/eprint/491208
DOI: doi:10.1145/3503161.3548252
PURE UUID: be78307b-1bd6-4253-9ca3-11f5973f8838

Catalogue record

Date deposited: 17 Jun 2024 16:49
Last modified: 16 Sep 2024 16:34

Export record

Altmetrics

Contributors

Author: Abhishek Kumar
Author: Lik Hang Lee
Author: Jagmohan Chauhan
Author: Xiang Su
Author: Mohammad A. Hoque
Author: Susanna Pirttikangas
Author: Sasu Tarkoma
Author: Pan Hui

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×