TY - JOUR
T1 - ShouldAR
T2 - Detecting Shoulder Surfing Attacks Using Multimodal Eye Tracking and Augmented Reality
AU - Corbett, Matthew
AU - David-John, Brendan
AU - Shang, Jiacheng
AU - Bo, J. I.
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/9/9
Y1 - 2024/9/9
N2 - Shoulder surfing attacks (SSAs) are a type of observation attack designed to illicitly gather sensitive data from “over the shoulder” of victims. This attack can be directed at mobile devices, desktop screens, Personal Identification Number (PIN) pads at an Automated Teller Machine (ATM), or written text. Existing solutions are generally focused on authentication techniques (e.g., logins) and are limited to specific attack scenarios (e.g., mobile devices or PIN Pads). We present ShouldAR, a mobile and usable system to detect SSAs using multimodal eye gaze information (i.e., from both the potential attacker and victim). ShouldAR uses an augmented reality headset as a platform to incorporate user eye gaze tracking, rear-facing image collection and eye gaze analysis, and user notification of potential attacks. In a 24-participant study, we show that the prototype is capable of detecting 87.28% of SSAs against both physical and digital targets, a two-fold improvement on the baseline solution using a rear-facing mirror, a widely used solution to the SSA problem. The ShouldAR approach provides an AR-based, active SSA defense that applies to both digital and physical information entry in sensitive environments.
AB - Shoulder surfing attacks (SSAs) are a type of observation attack designed to illicitly gather sensitive data from “over the shoulder” of victims. This attack can be directed at mobile devices, desktop screens, Personal Identification Number (PIN) pads at an Automated Teller Machine (ATM), or written text. Existing solutions are generally focused on authentication techniques (e.g., logins) and are limited to specific attack scenarios (e.g., mobile devices or PIN Pads). We present ShouldAR, a mobile and usable system to detect SSAs using multimodal eye gaze information (i.e., from both the potential attacker and victim). ShouldAR uses an augmented reality headset as a platform to incorporate user eye gaze tracking, rear-facing image collection and eye gaze analysis, and user notification of potential attacks. In a 24-participant study, we show that the prototype is capable of detecting 87.28% of SSAs against both physical and digital targets, a two-fold improvement on the baseline solution using a rear-facing mirror, a widely used solution to the SSA problem. The ShouldAR approach provides an AR-based, active SSA defense that applies to both digital and physical information entry in sensitive environments.
KW - Augmented Reality
KW - Eye Gaze
KW - Privacy
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85203641776&partnerID=8YFLogxK
U2 - 10.1145/3678573
DO - 10.1145/3678573
M3 - Article
AN - SCOPUS:85203641776
SN - 2474-9567
VL - 8
JO - Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
JF - Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
IS - 3
M1 - 97
ER -