User-centred multimodal authentication: securing handheld mobile devices using gaze and touch input

Khamis, M. , Marky, K., Bulling, A. and Alt, F. (2022) User-centred multimodal authentication: securing handheld mobile devices using gaze and touch input. Behaviour and Information Technology, 41(10), pp. 2061-2083. (doi: 10.1080/0144929X.2022.2069597)

[img] Text
269613.pdf - Published Version
Available under License Creative Commons Attribution.



Handheld mobile devices store a plethora of sensitive data, such as private emails, personal messages, photos, and location data. Authentication is essential to protect access to sensitive data. However, the majority of mobile devices are currently secured by singlemodal authentication schemes which are vulnerable to shoulder surfing, smudge attacks, and thermal attacks. While some authentication schemes protect against one of these attacks, only few schemes address all three of them. We propose multimodal authentication where touch and gaze input are combined to resist shoulder surfing, as well as smudge and thermal attacks. Based on a series of previously published works where we studied the usability of several user-centred multimodal authentication designs and their security against multiple threat models, we provide a comprehensive overview of multimodal authentication on handheld mobile devices. We further present guidelines on how to leverage multiple input modalities for enhancing the usability and security of user authentication on mobile devices.

Item Type:Articles
Additional Information:This work has been funded, in part, by the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which has been funded by the UK EPSRC [grant number EP/S035362/1], an EPSRC New Investigator award [EP/V008870/1], and the Royal Society of Edinburgh [award number #65040].
Glasgow Author(s) Enlighten ID:Marky, Dr Karola and Khamis, Dr Mohamed
Authors: Khamis, M., Marky, K., Bulling, A., and Alt, F.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:Behaviour and Information Technology
Publisher:Taylor & Francis
ISSN (Online):1362-3001
Published Online:06 May 2022
Copyright Holders:Copyright © 2022 The Authors
First Published:First published in Behaviour and Information Technology 41(10): 2061-2083
Publisher Policy:Reproduced under a Creative Commons License

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
310627TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal ImagingMohamed KhamisEngineering and Physical Sciences Research Council (EPSRC)EP/V008870/1Computing Science
309501RSE EnterpriseMohamed KhamisThe Royal Society of Edinburgh (ROYSOCED)65040Computing Science