Enlighten Publications

In this section

User-centred multimodal authentication: securing handheld mobile devices using gaze and touch input

Khamis, M. , Marky, K., Bulling, A. and Alt, F. (2022) User-centred multimodal authentication: securing handheld mobile devices using gaze and touch input. Behaviour and Information Technology, 41(10), pp. 2061-2083. (doi: 10.1080/0144929X.2022.2069597)

Text
269613.pdf - Published Version
Available under License Creative Commons Attribution.
3MB

Abstract

Handheld mobile devices store a plethora of sensitive data, such as private emails, personal messages, photos, and location data. Authentication is essential to protect access to sensitive data. However, the majority of mobile devices are currently secured by singlemodal authentication schemes which are vulnerable to shoulder surfing, smudge attacks, and thermal attacks. While some authentication schemes protect against one of these attacks, only few schemes address all three of them. We propose multimodal authentication where touch and gaze input are combined to resist shoulder surfing, as well as smudge and thermal attacks. Based on a series of previously published works where we studied the usability of several user-centred multimodal authentication designs and their security against multiple threat models, we provide a comprehensive overview of multimodal authentication on handheld mobile devices. We further present guidelines on how to leverage multiple input modalities for enhancing the usability and security of user authentication on mobile devices.

Item Type:	Articles
Additional Information:	This work has been funded, in part, by the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which has been funded by the UK EPSRC [grant number EP/S035362/1], an EPSRC New Investigator award [EP/V008870/1], and the Royal Society of Edinburgh [award number #65040].
Status:	Published
Refereed:	Yes
Glasgow Author(s) Enlighten ID:	Marky, Dr Karola and Khamis, Dr Mohamed
Authors:	Khamis, M., Marky, K., Bulling, A., and Alt, F.
College/School:	College of Science and Engineering > School of Computing Science
Journal Name:	Behaviour and Information Technology
Publisher:	Taylor & Francis
ISSN:	0144-929X
ISSN (Online):	1362-3001
Published Online:	06 May 2022
Copyright Holders:	Copyright © 2022 The Authors
First Published:	First published in Behaviour and Information Technology 41(10): 2061-2083
Publisher Policy:	Reproduced under a Creative Commons License

University Staff: Request a correction | Enlighten Editors: Update this record

Funder and Project Information

Project Code	Project Name	Principal Investigator	Funder's Name	Funder Ref	Lead Dept
310627	TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal Imaging	Mohamed Khamis	Engineering and Physical Sciences Research Council (EPSRC)	EP/V008870/1	Computing Science
309501	RSE Enterprise	Mohamed Khamis	The Royal Society of Edinburgh (ROYSOCED)	65040	Computing Science
313490	Preventing THErmal ATtacks using AI-driven Approaches	Mohamed Khamis	Engineering and Physical Sciences Research Council (EPSRC)	5676417 -PETRAS	Computing Science

Deposit and Record Details

ID Code:	269613
Depositing User:	Miss Valerie McCutcheon
Datestamp:	25 Apr 2022 15:55
Last Modified:	13 Jul 2023 15:08
Date of acceptance:	22 March 2022
Date of first online publication:	6 May 2022
Date Deposited:	25 April 2022
Data Availability Statement:	No