Usable Biometric Security

Project Overview: In the development of security systems, technical and security requirements usually drive decisions, but in the real world, security depends on a complex network of human and technical resources. Insufficient attention to human issues ranging from usability to organizational context can make even the most carefully engineered security system useless, or worse.

We are studying biometric security technology from a human-centered perspective. Biometrics have the potential to reduce the usability burden associated with memory-based security mechanisms, such as passwords. We have designed and built prototype user interfaces for experimental biometric authentication systems and evaluated their usability. Through early consideration of usability and acceptability of these technologies, we hope to promote greater awareness of the needs and constraints of humans and organizations in communities studying emerging biometric technologies.

About the study: Many current security technologies have serious usability problems. How often do you forget, write down, or reuse a password? How many times have you lost your keys? Biometric systems can solve some of these problems but are often still vulnerable to simple attacks. They are also sometimes seen as socially unacceptable because of privacy concerns, for example. Security systems that are secure, easy to use, and acceptable are urgently needed.

With support from the National Institute of Standards and Technology (NIST), we used an iterative, human-centered design process to create prototype interfaces for a new biometric authentication technique that identifies people based on the unique physical structure of the eye. Using an eye tracker, it is possible to recognize patterns in the motion of the eye that can be used to infer a range of anatomical characteristics about the eye globe, muscles, and tendons, collectively referred to as the Oculomotor Plant.

Based on this experimental technology, we developed conceptual, paper, then working prototype authentication systems, designed for use in an ATM. We evaluated several variations on our design in laboratory usability studies, and interviewed participants about how they perceived this unfamiliar technology. Our work suggests that biometrics such as this one might find popular acceptance, but there are some cultural and social barriers. There were also problems with using eye tracking, since it does not work well for all potential users. Our work demonstrates how getting users involved in evaluating a new biometric technology early, even before it is ready for live user testing, can provide useful insight to focus and direct research and development efforts.

Researchers

Michael Brooks, PhD student, HCDE, UW

Cecilia Aragon, Associate Professor, HCDE, UW

Oleg Komogortsev, Associate Professor, Texas State University, homepage

Publications

Papers:

Brooks, M., Aragon, C.R., and Komogortsev, O.V. Perceptions of interfaces for eye movement biometrics. IEEE/IAPR International Conference on Biometrics, Madrid (2013). doi: 10.1109/ICB.2013.6613018 PDF

Komogortsev, O.V., Karpov, A., Price, L., and Aragon, C.R. Biometric authentication via oculomotor plant characteristics. IEEE/IAPR International Conference on Biometrics, New Delhi (2012). PDF

Komogortsev, O.V., Jayarathna, S., Aragon, C.R., and Mahmoud, M. Biometric identification via an oculomotor plant mathematical model. In Proceedings of the 2010 Symposium on Eye-Tracking Research & Applications, ACM (2010), 57-60. doi: 10.1145/1743666.1743679 PDF

Posters:

Jayarathna, S. Komogortsev, O.V., Aragon, C.R., and Mahmoud, M. Oculomotor plant biometrics: Person-specific features in eye movements. Poster at Sigma Xi Annual Meeting and International Research Conference (2009).

Brooks, M., Aragon, C.R., Komogortsev, and O.V. Gaze prints: User centered design and evaluation of an eye movement-based biometric authentication system. Poster at Symposium on Usable Privacy and Security, Pittsburgh (2011). PDF

Non-peer reviewed publications:

Brooks, M., Aragon, C.R., Komogortselv, O.V. Identifying people by eye movements a potential replacement for passwords. SPIE Defense & Security (2013, Oct. 11). doi: 10.1117/2.1201310.005126 https://spie.org/x103854.xml?ArticleID=x103854

Komogortsev, O.V., Jayarathna, S., Aragon, C.R., and Mahmoud, M. Biometric identification via an oculomotor plant mathematical model: Report # TXSTATE-CS-TR-2009-17. Texas State University Technical Reports-Computer Science (2009). Report

Media Coverage

Eye-tracking technology could replace passwords — if we want it to. GeekWire, July 16, 2013.

Eye-tracking could outshine passwords if made user-friendly. UW Today, July 16, 2013.

Eye Movements Could Be Next PC Password. TechNewsDaily, October 12, 2012.