Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
158 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

On the Usability of Next-Generation Authentication: A Study on Eye Movement and Brainwave-based Mechanisms (2402.15388v1)

Published 23 Feb 2024 in cs.CR and cs.HC

Abstract: Passwords remain a widely-used authentication mechanism, despite their well-known security and usability limitations. To improve on this situation, next-generation authentication mechanisms, based on behavioral biometric factors such as eye movement and brainwave have emerged. However, their usability remains relatively under-explored. To fill this gap, we conducted an empirical user study (n=32 participants) to evaluate three brain-based and three eye-based authentication mechanisms, using both qualitative and quantitative methods. Our findings show good overall usability according to the System Usability Scale for both categories of mechanisms, with average SUS scores in the range of 78.6-79.6 and the best mechanisms rated with an "excellent" score. Participants particularly identified brainwave authentication as more secure yet more privacy-invasive and effort-intensive compared to eye movement authentication. However, the significant number of neutral responses indicates participants' need for more detailed information about the security and privacy implications of these authentication methods. Building on the collected evidence, we identify three key areas for improvement: privacy, authentication interface design, and verification time. We offer recommendations for designers and developers to improve the usability and security of next-generation authentication mechanisms.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (52)
  1. Overhead of using secure wireless communications in mobile computing. IEEE Transactions on Consumer Electronics, 59(2):335–342, 2013.
  2. Performance and usability evaluation of brainwave authentication techniques with consumer devices. ACM Transactions on Privacy and Security, 2023.
  3. Inexpensive brainwave authentication: new techniques and insights on user acceptance. In Proceedings of the 30th {normal-{\{{USENIX}normal-}\}} Security Symposium ({normal-{\{{USENIX}normal-}\}} Security 21), pages 55–72, 2021.
  4. A survey on adaptive authentication. ACM Computing Surveys (CSUR), 52(4):1–30, 2019.
  5. Design and fabrication of 3d fingerprint targets. IEEE Transactions on Information Forensics and Security, 11(10):2284–2297, 2016.
  6. Forgery quality and its implications for behavioral biometric security. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 37(5):1107–1118, 2007.
  7. Determining what individual SUS scores mean: Adding an adjective rating scale. Journal of usability studies, 4(3):114–123, 2009.
  8. John Brooke et al. Sus-a quick and dirty usability scale. Usability evaluation in industry, 189(194):4–7, 1996.
  9. Perceptions of interfaces for eye movement biometrics. In 2013 International Conference on Biometrics (ICB), pages 1–8. IEEE, 2013.
  10. Dialerauth: A motion-assisted touch-based smartphone user authentication scheme. In Proceedings of the eighth ACM conference on data and application security and privacy, pages 267–276, 2018.
  11. I think, therefore i am: Usability and security of authentication using brainwaves. In Financial Cryptography and Data Security: FC 2013 Workshops, USEC and WAHC 2013, Okinawa, Japan, April 1, 2013, Revised Selected Papers 17, pages 1–16. Springer, 2013.
  12. Jacob Cohen. A coefficient of agreement for nominal scales. Educational and psychological measurement, 20(1):37–46, 1960.
  13. I feel like i’m taking selfies all day! towards understanding biometric authentication on smartphones. In Proceedings of the 33rd annual ACM conference on human factors in computing systems, pages 1411–1414, 2015.
  14. 28 blinks later: Tackling practical challenges of eye movement biometrics. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 1187–1199, 2019.
  15. Poster: Towards practical brainwave-based user authentication. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pages 3627–3629, 2023.
  16. Brainnet: Improving brainwave-based biometric recognition with siamese networks. In 2023 IEEE International Conference on Pervasive Computing and Communications (PerCom), pages 53–60. IEEE, 2023.
  17. Public awareness and perceptions of biometrics. Computer Fraud & Security, 2007(1):8–13, 2007.
  18. Privacy-protecting techniques for behavioral data: A survey. arXiv preprint arXiv:2109.04120, 2021.
  19. Giles Hogben. Enisa briefing: Behavioural biometrics. Computational Intelligence, 2010.
  20. Emotiv Inc. Emotiv epoc x. https://www.emotiv.com/epoc-x/, 2019. Accessed: April 28, 2023.
  21. Ponemon Institute. The 2019 state of password and authentication security behaviors report. https://resources.yubico.com/53ZDUYE6/at/q3tmql-974v8g-73e8p5/YubicoPonemon_2019_State_of_Password_and_Authentication_Security_Behaviors_Report.pdf?format=pdf, 2019.
  22. Towards understanding user perceptions of authentication technologies. In Proceedings of the 2007 ACM workshop on Privacy in electronic society, pages 91–98, 2007.
  23. Privacy in the age of neurotechnology: Investigating public attitudes towards brain data collection and use. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pages 225–238, 2023.
  24. Usability and security perceptions of implicit authentication: convenient, secure, sometimes annoying. In Eleventh Symposium on Usable Privacy and Security (SOUPS 2015), pages 225–239, 2015.
  25. Xmodal-id: Using wifi for through-wall person identification from candidate video footage, 2019.
  26. A comparative study on face spoofing attacks. In 2017 International Conference on Computing, Communication and Automation (ICCCA), pages 1104–1108. IEEE, 2017.
  27. Reading senseless sentences: Brain potentials reflect semantic incongruity. Science, 207(4427):203–205, 1980.
  28. Crossbehaauth: Cross-scenario behavioral biometrics authentication using keystroke dynamics. IEEE Transactions on Dependable and Secure Computing, 2022.
  29. Brain password: A secure and truly cancelable brain biometrics for smart headwear, 2018.
  30. Exploiting eye tracking for smartphone authentication. In Applied Cryptography and Network Security: 13th International Conference, ACNS 2015, New York, NY, USA, June 2-5, 2015, Revised Selected Papers 13, pages 457–477. Springer, 2015.
  31. Eye know you too: Toward viable end-to-end eye movement biometrics for user authentication. IEEE Transactions on Information Forensics and Security, 17:3151–3164, 2022.
  32. The effect of experience on system usability scale ratings. Journal of usability studies, 7(2):56–67, 2012.
  33. Qualitative data analysis: An expanded sourcebook. sage, 1994.
  34. Cristian Morosan. Voluntary steps toward air travel security: An examination of travelers’ attitudes and intentions to use biometric systems. Journal of Travel Research, 51(4):436–450, 2012.
  35. Observation study on usability challenges for fingerprint authentication using webauthn-enabled android smartphones. Age, 20:29, 2020.
  36. Culture & biometrics: regional differences in the perception of biometric authentication technologies. AI & society, 24:295–306, 2009.
  37. Overcoming theory: Designing brainwave authentication for the real world. In Proceedings of the 2023 European Symposium on Usable Security, pages 175–191, 2023.
  38. Authentication Melee: A Usability Analysis of Seven Web Authentication Systems. In Proceedings of the 24th International Conference on World Wide Web, pages 916–926, Florence Italy, May 2015. International World Wide Web Conferences Steering Committee.
  39. A review on performance, security and various biometric template protection schemes for biometric authentication systems. Multimedia Tools and Applications, 79:27721–27776, 2020.
  40. Jeff Sauro. Are both positive and negative items necessary in questionnaires? online publication, April 2011. Url: https://measuringu.com/positive-negative/, Accessed: 07.08.2018.
  41. Rachel Schomp. Behavioral biometric security: Brainwave authentication methods. 2018.
  42. Analysis of reflexive eye movements for fast replay-resistant biometric authentication. ACM Transactions on Privacy and Security (TOPS), 22(1):1–30, 2018.
  43. Eyeveri: A secure and usable approach for smartphone user authentication. In IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications, pages 1–9. IEEE, 2016.
  44. Musicid: A brainwave-based user authentication system for internet of things. IEEE Internet of Things Journal, 8(10):8304–8313, 2020.
  45. Two varieties of long-latency positive waves evoked by unpredictable auditory stimuli in man. Electroencephalography and clinical neurophysiology, 38(4):387–401, 1975.
  46. Mobile behavioral biometrics for passive authentication. Pattern Recognition Letters, 157:35–41, 2022.
  47. Biometric authentication on a mobile device: a study of user effort, error and task disruption. In Proceedings of the 28th Annual Computer Security Applications Conference, pages 159–168, 2012.
  48. Verizon. 2020 data breach investigations report. https://www.verizon.com/business/resources/reports/2020-data-breach-investigations-report.pdf, 2020.
  49. Face recognition at a distance system for surveillance applications. In 2010 Fourth IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS), pages 1–8. IEEE, 2010.
  50. Gait-watch: A gait-based context-aware authentication system for smart watch via sparse coding. Ad Hoc Networks, 107:102218, 2020.
  51. Webcam-based online eye-tracking for behavioral research. Judgment and Decision Making, 16(6):1485–1505, 2021.
  52. The password is dead, long live the password–a laboratory study on user perceptions of authentication schemes. International Journal of Human-Computer Studies, 133:26–44, 2020.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now