Analysis of Reflexive Eye Movements for Fast Replay−Resistant Biometric Authentication

Abstract

Eye tracking devices have recently become increasingly popular as an interface between people and consumergrade electronic devices. Due to the fact that human eyes are fast, responsive, and carry information unique to an individual, analyzing person’s gaze is particularly attractive for rapid biometric authentication. Unfortunately, previous proposals for gaze-based authentication systems either suffer from high error rates, or require long authentication times.

We build upon the fact that some eye movements can be reflexively and predictably triggered, and develop an interactive visual stimulus for elicitation of reflexive eye movements that support the extraction of reliable biometric features in a matter of seconds, without requiring any memorization or cognitive effort on the part of the user. As an important benefit, our stimulus can be made unique for every authentication attempt and thus incorporated in a challenge-response biometric authentication system. This allows us to prevent replay attacks, which are possibly the most applicable attack vectors against biometric authentication. Using a gaze tracking device, we build a prototype of our system and perform a series of systematic user experiments with 30 participants from the general public. We thoroughly analyze various system parameters and evaluate the performance and security guarantees under several different attack scenarios. The results show that our system matches or surpasses existing gaze-based authentication methods in achieved equal error rates (6.3%) while achieving significantly lower authentication times (5 seconds).