GazeRevealer: inferring password using smartphone front camera

Yao Wang; Wandong Cai; Tao Gu; Wei Shao; Ibrahim Khalil; Xianghua Xu

doi:10.1145/3286978.3287026

GazeRevealer: inferring password using smartphone front camera

Yao Wang, Wandong Cai, Tao Gu, Wei Shao, Ibrahim Khalil, Xianghua Xu

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

5 Citations (Scopus)

Abstract

The widespread use of smartphones has brought great convenience to our daily lives, while at the same time we have been increasingly exposed to security threats. Keystroke security is an essential element in user privacy protection. In this paper,we present GazeRevealer, a novel side-channel based keystroke inference framework to infer sensitive inputs on smartphone from video recordings of victim’s eye patterns captured from smartphone front camera. We observe that eye movements typically follow the keystrokes typing on the number-only soft keyboard during password input. By exploiting eye patterns, we are able to infer the passwords being entered. We propose a novel algorithm to extract sensitive eye pattern images from video streams, and classify different eye patterns with Support Vector Classification. We also propose a novel enhanced method to boost the inference accuracy. Compared with prior keystroke detection approaches, GazeRevealer does not require any external auxiliary devices, and it relies only on smartphone front camera. We evaluate the performance of GazeRevealer with three different types of smartphones, and the result shows that GazeRevealer achieves 77.43% detection accuracy for a single key number and 83.33% inference rate for the 6-digit password in the ideal case.

Original language	English
Title of host publication	Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems
Subtitle of host publication	Computing, Networking and Services, Mobiquitous 2018
Place of Publication	New York Ny
Publisher	Association for Computing Machinery (ACM)
Pages	254-263
Number of pages	10
ISBN (Electronic)	9781450360937
DOIs	https://doi.org/10.1145/3286978.3287026
Publication status	Published - 2018
Externally published	Yes
Event	15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018 - New York, United States Duration: 5 Nov 2018 → 7 Nov 2018

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018
Country/Territory	United States
City	New York
Period	5/11/18 → 7/11/18

Keywords

Gaze estimation
Mobile security
Password inference

Access to Document

10.1145/3286978.3287026

Cite this

Wang, Y., Cai, W., Gu, T., Shao, W., Khalil, I., & Xu, X. (2018). GazeRevealer: inferring password using smartphone front camera. In Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018 (pp. 254-263). (ACM International Conference Proceeding Series). Association for Computing Machinery (ACM). https://doi.org/10.1145/3286978.3287026

Wang, Yao ; Cai, Wandong ; Gu, Tao et al. / GazeRevealer : inferring password using smartphone front camera. Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018. New York Ny : Association for Computing Machinery (ACM), 2018. pp. 254-263 (ACM International Conference Proceeding Series).

@inproceedings{6c47990741f54a6e9db1adc1e997071a,

title = "GazeRevealer: inferring password using smartphone front camera",

abstract = "The widespread use of smartphones has brought great convenience to our daily lives, while at the same time we have been increasingly exposed to security threats. Keystroke security is an essential element in user privacy protection. In this paper,we present GazeRevealer, a novel side-channel based keystroke inference framework to infer sensitive inputs on smartphone from video recordings of victim{\textquoteright}s eye patterns captured from smartphone front camera. We observe that eye movements typically follow the keystrokes typing on the number-only soft keyboard during password input. By exploiting eye patterns, we are able to infer the passwords being entered. We propose a novel algorithm to extract sensitive eye pattern images from video streams, and classify different eye patterns with Support Vector Classification. We also propose a novel enhanced method to boost the inference accuracy. Compared with prior keystroke detection approaches, GazeRevealer does not require any external auxiliary devices, and it relies only on smartphone front camera. We evaluate the performance of GazeRevealer with three different types of smartphones, and the result shows that GazeRevealer achieves 77.43% detection accuracy for a single key number and 83.33% inference rate for the 6-digit password in the ideal case.",

keywords = "Gaze estimation, Mobile security, Password inference",

author = "Yao Wang and Wandong Cai and Tao Gu and Wei Shao and Ibrahim Khalil and Xianghua Xu",

year = "2018",

doi = "10.1145/3286978.3287026",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery (ACM)",

pages = "254--263",

booktitle = "Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems",

address = "United States",

note = "15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018 ; Conference date: 05-11-2018 Through 07-11-2018",

}

Wang, Y, Cai, W, Gu, T, Shao, W, Khalil, I & Xu, X 2018, GazeRevealer: inferring password using smartphone front camera. in Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018. ACM International Conference Proceeding Series, Association for Computing Machinery (ACM), New York Ny, pp. 254-263, 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018, New York, New York, United States, 5/11/18. https://doi.org/10.1145/3286978.3287026

GazeRevealer: inferring password using smartphone front camera. / Wang, Yao; Cai, Wandong; Gu, Tao et al.
Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018. New York Ny: Association for Computing Machinery (ACM), 2018. p. 254-263 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - GazeRevealer

T2 - 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018

AU - Wang, Yao

AU - Cai, Wandong

AU - Gu, Tao

AU - Shao, Wei

AU - Khalil, Ibrahim

AU - Xu, Xianghua

PY - 2018

Y1 - 2018

N2 - The widespread use of smartphones has brought great convenience to our daily lives, while at the same time we have been increasingly exposed to security threats. Keystroke security is an essential element in user privacy protection. In this paper,we present GazeRevealer, a novel side-channel based keystroke inference framework to infer sensitive inputs on smartphone from video recordings of victim’s eye patterns captured from smartphone front camera. We observe that eye movements typically follow the keystrokes typing on the number-only soft keyboard during password input. By exploiting eye patterns, we are able to infer the passwords being entered. We propose a novel algorithm to extract sensitive eye pattern images from video streams, and classify different eye patterns with Support Vector Classification. We also propose a novel enhanced method to boost the inference accuracy. Compared with prior keystroke detection approaches, GazeRevealer does not require any external auxiliary devices, and it relies only on smartphone front camera. We evaluate the performance of GazeRevealer with three different types of smartphones, and the result shows that GazeRevealer achieves 77.43% detection accuracy for a single key number and 83.33% inference rate for the 6-digit password in the ideal case.

AB - The widespread use of smartphones has brought great convenience to our daily lives, while at the same time we have been increasingly exposed to security threats. Keystroke security is an essential element in user privacy protection. In this paper,we present GazeRevealer, a novel side-channel based keystroke inference framework to infer sensitive inputs on smartphone from video recordings of victim’s eye patterns captured from smartphone front camera. We observe that eye movements typically follow the keystrokes typing on the number-only soft keyboard during password input. By exploiting eye patterns, we are able to infer the passwords being entered. We propose a novel algorithm to extract sensitive eye pattern images from video streams, and classify different eye patterns with Support Vector Classification. We also propose a novel enhanced method to boost the inference accuracy. Compared with prior keystroke detection approaches, GazeRevealer does not require any external auxiliary devices, and it relies only on smartphone front camera. We evaluate the performance of GazeRevealer with three different types of smartphones, and the result shows that GazeRevealer achieves 77.43% detection accuracy for a single key number and 83.33% inference rate for the 6-digit password in the ideal case.

KW - Gaze estimation

KW - Mobile security

KW - Password inference

UR - http://www.scopus.com/inward/record.url?scp=85060050837&partnerID=8YFLogxK

U2 - 10.1145/3286978.3287026

DO - 10.1145/3286978.3287026

M3 - Conference proceeding contribution

T3 - ACM International Conference Proceeding Series

SP - 254

EP - 263

BT - Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems

PB - Association for Computing Machinery (ACM)

CY - New York Ny

Y2 - 5 November 2018 through 7 November 2018

ER -

Wang Y, Cai W, Gu T, Shao W, Khalil I, Xu X. GazeRevealer: inferring password using smartphone front camera. In Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, Mobiquitous 2018. New York Ny: Association for Computing Machinery (ACM). 2018. p. 254-263. (ACM International Conference Proceeding Series). doi: 10.1145/3286978.3287026

GazeRevealer: inferring password using smartphone front camera

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this