Hands-Free one-Time and continuous authentication using glass wearable devices

Dimitrios Damopoulos, Georgios Kambourakis

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

This paper investigates whether glass wearable devices can be used to authenticate end-users, both to grant access (one-time) and to maintain access (continuous), in a hands-free way. We do so by designing and implementing Gauth, a system that enables users to authenticate with a service simply by issuing a voice command, while facing the computer terminal they are going to use to access the service. To achieve this goal, we create a physical communication channel from the terminal to the glass device using machine readable visual codes, say, QR codes, and utilize the device's network adapter to communicate directly with a service. More importantly, we continuously authenticate the user accessing the terminal, exploiting the fact that a user operating a terminal is most likely facing it most of the time. We periodically issue authentication challenges, which are displayed as a QR code on the terminal. This causes the glass device to re-authenticate the user with an appropriate response. We thoroughly evaluate Gauth to determine the technical limits of our approach. We show that even with the relatively low-resolution camera of the Google Glass prototype, QR codes can be consistently processed correctly with an average accuracy of ≈ 88%, and continuous authentication, while strenuous to the battery, is feasible. Finally, we perform a small-scale user study involving students to demonstrate the benefits of our approach. We found that authentication using Gauth takes on average 1.63 s, while using username/password credentials takes 3.85 s and varies greatly depending on the computer-literacy level of the user.

Original languageEnglish (US)
Pages (from-to)138-150
Number of pages13
JournalJournal of Information Security and Applications
Volume46
DOIs
StatePublished - Jun 1 2019

Fingerprint

Authentication
Glass
Computer terminals
Cameras
Students

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

Damopoulos, Dimitrios ; Kambourakis, Georgios. / Hands-Free one-Time and continuous authentication using glass wearable devices. In: Journal of Information Security and Applications. 2019 ; Vol. 46. pp. 138-150.
@article{b42dc2df9ccd4b85b39054bfe8aae7e2,
title = "Hands-Free one-Time and continuous authentication using glass wearable devices",
abstract = "This paper investigates whether glass wearable devices can be used to authenticate end-users, both to grant access (one-time) and to maintain access (continuous), in a hands-free way. We do so by designing and implementing Gauth, a system that enables users to authenticate with a service simply by issuing a voice command, while facing the computer terminal they are going to use to access the service. To achieve this goal, we create a physical communication channel from the terminal to the glass device using machine readable visual codes, say, QR codes, and utilize the device's network adapter to communicate directly with a service. More importantly, we continuously authenticate the user accessing the terminal, exploiting the fact that a user operating a terminal is most likely facing it most of the time. We periodically issue authentication challenges, which are displayed as a QR code on the terminal. This causes the glass device to re-authenticate the user with an appropriate response. We thoroughly evaluate Gauth to determine the technical limits of our approach. We show that even with the relatively low-resolution camera of the Google Glass prototype, QR codes can be consistently processed correctly with an average accuracy of ≈ 88{\%}, and continuous authentication, while strenuous to the battery, is feasible. Finally, we perform a small-scale user study involving students to demonstrate the benefits of our approach. We found that authentication using Gauth takes on average 1.63 s, while using username/password credentials takes 3.85 s and varies greatly depending on the computer-literacy level of the user.",
author = "Dimitrios Damopoulos and Georgios Kambourakis",
year = "2019",
month = "6",
day = "1",
doi = "https://doi.org/10.1016/j.jisa.2019.02.002",
language = "English (US)",
volume = "46",
pages = "138--150",
journal = "Journal of Information Security and Applications",
issn = "2214-2134",
publisher = "Elsevier Limited",

}

Hands-Free one-Time and continuous authentication using glass wearable devices. / Damopoulos, Dimitrios; Kambourakis, Georgios.

In: Journal of Information Security and Applications, Vol. 46, 01.06.2019, p. 138-150.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Hands-Free one-Time and continuous authentication using glass wearable devices

AU - Damopoulos, Dimitrios

AU - Kambourakis, Georgios

PY - 2019/6/1

Y1 - 2019/6/1

N2 - This paper investigates whether glass wearable devices can be used to authenticate end-users, both to grant access (one-time) and to maintain access (continuous), in a hands-free way. We do so by designing and implementing Gauth, a system that enables users to authenticate with a service simply by issuing a voice command, while facing the computer terminal they are going to use to access the service. To achieve this goal, we create a physical communication channel from the terminal to the glass device using machine readable visual codes, say, QR codes, and utilize the device's network adapter to communicate directly with a service. More importantly, we continuously authenticate the user accessing the terminal, exploiting the fact that a user operating a terminal is most likely facing it most of the time. We periodically issue authentication challenges, which are displayed as a QR code on the terminal. This causes the glass device to re-authenticate the user with an appropriate response. We thoroughly evaluate Gauth to determine the technical limits of our approach. We show that even with the relatively low-resolution camera of the Google Glass prototype, QR codes can be consistently processed correctly with an average accuracy of ≈ 88%, and continuous authentication, while strenuous to the battery, is feasible. Finally, we perform a small-scale user study involving students to demonstrate the benefits of our approach. We found that authentication using Gauth takes on average 1.63 s, while using username/password credentials takes 3.85 s and varies greatly depending on the computer-literacy level of the user.

AB - This paper investigates whether glass wearable devices can be used to authenticate end-users, both to grant access (one-time) and to maintain access (continuous), in a hands-free way. We do so by designing and implementing Gauth, a system that enables users to authenticate with a service simply by issuing a voice command, while facing the computer terminal they are going to use to access the service. To achieve this goal, we create a physical communication channel from the terminal to the glass device using machine readable visual codes, say, QR codes, and utilize the device's network adapter to communicate directly with a service. More importantly, we continuously authenticate the user accessing the terminal, exploiting the fact that a user operating a terminal is most likely facing it most of the time. We periodically issue authentication challenges, which are displayed as a QR code on the terminal. This causes the glass device to re-authenticate the user with an appropriate response. We thoroughly evaluate Gauth to determine the technical limits of our approach. We show that even with the relatively low-resolution camera of the Google Glass prototype, QR codes can be consistently processed correctly with an average accuracy of ≈ 88%, and continuous authentication, while strenuous to the battery, is feasible. Finally, we perform a small-scale user study involving students to demonstrate the benefits of our approach. We found that authentication using Gauth takes on average 1.63 s, while using username/password credentials takes 3.85 s and varies greatly depending on the computer-literacy level of the user.

UR - http://www.scopus.com/inward/record.url?scp=85062974810&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85062974810&partnerID=8YFLogxK

U2 - https://doi.org/10.1016/j.jisa.2019.02.002

DO - https://doi.org/10.1016/j.jisa.2019.02.002

M3 - Article

VL - 46

SP - 138

EP - 150

JO - Journal of Information Security and Applications

JF - Journal of Information Security and Applications

SN - 2214-2134

ER -