Prof. Kasper Rasmussen, Oxford University
From 12.00 until 13.30
At ETH Zurich, CNB/F/110
Universitätstrasse 6, 8092 Zurich
Abstract
Eye tracking devices are becoming increasingly popular as an interface between people and consumer-grade electronic devices. Due to the fact that human eye movements are fast, responsive, and carry information unique to an individual, analyzing a person's gaze is particularly attractive for effortless biometric authentication. We demonstrate that the distinguishing power of eye movement biometrics can be used to to gauge a users' familiarity with certain tasks in order to address insider threats, as well as function as a general low-effort continuous authentication mechanism. We investigate different approaches in which an attacker can attempt to use insider knowledge to mimic a legitimate user. Our results show that while this advance knowledge is measurable in some contexts, it does not increase the likelihood of successful impersonation. Nor does it have any meaningful impact on authentication systems that rely on reflexive eye movements.