Hands-Free One-Time and Continuous Authentication Using Glass Wearable Devices

Users with limited use of their hands, such as people suffering from disabilities of the arm, shoulder, and hand (DASH), face challenges when authenticating with computer terminals, specially with publicly accessible terminals such as ATMs. A new glass wearable device was recently introduced by Google and it was immediately welcomed by groups of users, such as the ones described above, as Google Glass allows them to perform actions, like taking a photo, using only verbal commands. This paper investigates whether glass wearable devices can be used to authenticate users, both to grant access (one-time) and to maintain access (continuous), in similar hands-free fashion. We do so by designing and implementing Gauth, a system that enables users to authenticate with a service simply by issuing a voice command, while facing the computer terminal they are going to use to access the service. To achieve this goal, we create a physical communication channel from the terminal to the device using machine readable visual codes, like QR codes, and utilize the device's network adapter to communicate directly with a service. More importantly, we continuously authenticate the user accessing the terminal, exploiting the fact that a user operating a terminal is most likely facing it most of the time. We periodically issue authentication challenges, which are displayed as a QR code on the terminal, that cause the glass device to re-authenticate the user with an appropriate response. We evaluate our system to determine the technical limits of our approach.

READ FULL TEXT VIEW PDF

Authors

page 1

page 9

02/20/2018

Frictionless Authentication Systems: Emerging Trends, Research Challenges and Opportunities

Authentication and authorization are critical security layers to protect...
10/18/2020

DLWIoT: Deep Learning-based Watermarking for Authorized IoT Onboarding

The onboarding of IoT devices by authorized users constitutes both a cha...
02/28/2018

WACA: Wearable-Assisted Continuous Authentication

One-time login process in conventional authentication systems does not g...
05/26/2022

Machine and Deep Learning Applications to Mouse Dynamics for Continuous User Authentication

Static authentication methods, like passwords, grow increasingly weak wi...
09/27/2021

Inferring Facing Direction from Voice Signals

Consider a home or office where multiple devices are running voice assis...
01/08/2018

Behavioural Analytics: Beyond Risk-based MFA

This paper investigates how to effectively stop an attacker from using c...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

Google recently introduced a glass wearable device, named Google Glass, that received warm welcome from certain groups of users for various reasons. People suffering from disabilities that diminish their ability to use their hands welcomed it because it allowed them to perform tasks by issuing verbal commands alone [1]. It also found use from medical doctors, who used it to access critical information during an operation without having to shift their attention away from the task at hand [2]. This paper investigates whether glass wearable devices, like Google Glass, can be also used to improve the authentication process, both in terms of usability and security. We are focusing on two aspects: initially authenticating a user with a system (one-time authentication), and accurately determining when a legitimate user has stopped using a system by continuously authenticating him.

We focus on two groups of users to guide us in our research (discussed in detail in Sec. II). Briefly, we first examine the challenges faced by people with disabilities in authenticating with existing systems, and in particular, with public terminals and devices shared by multiple users, where solutions like password managers and never logging out are impractical. As expected, these users suffer both from usability and security issues, which is also confirmed by a recent study [3] that showed that they usually select simpler passwords and they are more prone to snooping [4] when entering their passwords. Second, we consider the authentication challenges in environments like hospitals, where users need to frequently switch between terminals. Users try to avoid having to repeatedly enter their passwords, or are absentminded, resulting in them leaving terminals without logging out with whatever that entails for security.

Some of the above issues can be overcome by using access tokens, like smartcards, instead of passwords. Tokens are more secure and potentially more usable, than passwords, however, the user still needs to be able to physically handle one with his hands, and they do not provide a solution to terminals being abandoned by users without logging out. They also require that custom reading sensors are installed on terminals, which can be costly and hard to maintain for services with large numbers of terminals.

The usual solution for preventing unauthorized access to abandoned terminals is to use timeouts, i.e., logging out a user from a terminal or locking it after a period of inactivity. However, timeouts frequently lead to users being accidentally logged out. For example, consider a physician studying a patient’s file without interacting with terminal, which cannot distinguish if the user is still there. Proximity sensors have been used to address this uncertainty, however, they also frequently make errors, like logging out active users and authenticating passing-by users [5].

We attempt to provide a solution to the above problems by proposing a new design that incorporates glass wearable devices to offer hands-free one-time and continuous authentication. Our approach, called Gauth [goth], transforms glass devices to authentication tokens that can authenticate the user with supporting terminals just by facing them and issuing a voice command. We exploit the front-facing camera of glass devices to form an optical communication channel between a terminal and a device. Specifically, we use a visual code, such as a QR code, to transfer information regarding the terminal being viewed to the device, and use it to authenticate directly with the service behind the terminal.

To provide continuous authentication, we exploit the observation that users operating a terminal will be most likely facing its screen. This allows us to use the same optical channel between device and terminal to continuously authenticate the user in front of it. The terminal periodically issues re-authentication challenges, by displaying a QR code, which is captured by the glass, which, in turn, re-authenticates with the service. Our approach, enables us to quickly identify when a user moves away from a terminal to lock it and eventually log him out. For example, during the evaluation of our prototype we used a period as short as five seconds. Intrinsically, Gauth will not accidentally lock a terminal when a user is just studying something on a terminal without interacting with it. Even if a user’s terminal is erroneously locked, because he has to focus his attention on something or someone else, displaying a re-authentication QR code on the locked screen ensures that he will be transparently re-admitted when he returns to the terminal.

We implemented a prototype of Gauth on Google Glass, which we evaluated by using it to authenticate with an e-mail service, which we also developed. We also performed a small user study, after obtaining IRB approval from our institution, to obtain real data from users operating our system. The study was accompanied by a short exit survey to gauge user attitude toward wearable devices and Gauth in particular.

Employing QR codes in authentication systems is not a new idea. The last four years alone various works have proposed authentication systems combining QR codes and one-time passwords. They include systems for online banking [6, 7], health systems [8], access control [9], web applications [10], personal smartphones [11, 12, 13, 14], and voting systems [15]. None of these proposals offers hands-free or continuous authentication to users. We have also seen applications using Google Glass for two-factor authentication [16] (2FA), where one-time passwords (OTP) are displayed on its small screen for the user to type in a terminal after supplying his username/password. During our user study, we evaluated this scenario and our results indicate that users find it harder to use, than using a smartphone for the same purpose. We also recently became aware of a company that is advertising 2FA for desktops and laptops that utilizes Google Glass to authenticate a user with his PC [17]. We do not have sufficient information to compare Gauth with this approach, however, it seems to differ in many aspects from our work. The most obvious being no continuous authentication support and a lack of a general protocol.

To summarize the contributions of this paper are:

  • We propose a new method that incorporates glass wearable devices to provide hands-free authentication that:

    • can authenticate users faster and more securely than passwords

    • continuously authenticates users, promptly securing unattended terminals from unauthorized access

  • We design a protocol for performing hands-free one-time and continuous authentication between glass wearable devices and services

  • We implement Gauth, a prototype of our proposal

  • We perform a thorough evaluation of our proposal through a set of benchmarks and a small user study that demonstrates the feasibility of the approach and its benefits. Our results show that Gauth authentication is faster than passwords and operates consistently even when using small QR codes

  • We evaluate the potential of using Gauth for two-factor authentication

The rest of this paper is organized as follows. Section II discusses in detail two examples that motivate and put our work in context. In Sec. III we present the model of our system, including assumptions and our threat model. An overview of the system’s operation is given in Sec. IV, while the protocol used for authentication protocol is presented in Sec. V. Implementation details are in Sec. VI. We evaluate Gauth and present the results of our user stude in Sec. VII. Related work is discussed in Sec. VIII. We discuss potential issues, limitations, and future work in Sec. IX, and conclude in Sec. X.

Ii Motivating Examples

While Gauth can be beneficial for many types of users and organizations, we present two scenarios that we believe clearly illustrate the problems our solutions aims to address.

Ii-a Authentication for Users with Disabilities

Accessing a computer terminal is a routine process for most computer-literate users today. Many of us operate a variety of different devices during a single day, ranging from personal smartphones, tablets, and laptops to specialized computer terminals used for banking, buying transportation tickets, and so on. Users with disabilities frequently face various challenges when operating such terminals. For instance, people with limited use of their hands, such as people suffering from DASH and Parkinson’s, may require bigger buttons (on screen or physical), while visually-impaired users may require high-contrast displays. Fortunately, modern terminals are frequently equipped to assist such users. Concurrently, entities like the European Union and the United States government have introduced legislature pushing for further improvements in universal accessibility [18, 19].

However, performing authentication remains challenging for many groups of users [3]. Authentication is required to identify the user and to perform access control. It is prominently performed using a password or PIN number that needs to be memorized by the user. Alternatively, machine-generated codes can be generated by specialized hardware (e.g., one-time-password generators) or sent to the user from the authenticating service via a message to his personal mobile device.

A past study [3] has shown that users with disabilities take longer to authenticate when using passwords. Besides degrading their experience, slower typing may also allow third parties to observe the password being typed, specially in public terminals [4]. At the same time, users tend to choose simpler, easier to guess passwords to facilitate their entry. For example, they do not choose characters that require using multiple keys in a conventional keyboard, like symbols, or they simply choose shorter passwords. Easy to guess passwords are vulnerable to offline attacks [20, 21, 22, 23, 24], while not constraining failed authentication attempts may also enable online attacks [25]. The problem is only exacerbated when using space-restricted keyboards, such as the ones on smartphones and tablets, as another recent study with typical users found [26].

When using personal devices to access information, password managers can alleviate such issues, as the password needs to be only typed once. On tablets and smartphones, it is also common that a password is only entered the first time an application is started and a session cookie is established and used thereafter to authenticate the user. These solutions are much harder, or even impossible, to apply when considering public terminals or terminals and devices shared between users (e.g., in a workplace).

Another approach is to distribute authentication tokens to users, such as smartcards and USB keys. These tokens can be presented to terminals for authentication. While using tokens can be safer and faster than passwords, it has the following disadvantages. First, custom readers may need to be installed on many terminals. For example, RFID readers for contactless smartcards. Second, the user still needs to be able to handle the particular token with their hands, which could be problematic for some groups of users.

Our approach aims to allow users with disabilities to authenticate without the need to use their hands. We are targeting users that can still operate a terminal, so they do have some use of their upper extremities, and their vision is sufficient. Our goal is to transform glass wearable devices to a virtual key chain that can hold keys for different services, can be easily utilized by users with disabilities, and has a low adoption threshold by services.

Ii-B Continuous Authentication for Physicians and Nurses in Hospitals

Physicians and nurses use both portable devices and fixed terminals located within hospitals. The fixed terminals can be in public spaces (e.g., spaces accessible to patients and visitors) and are usually shared by many different users (i.e., the hospital staff). Consequently, authentication is required for two reasons: first, to prevent unauthorized use of the terminals and, second, to present each user with their own personal environment and data that allows them to be more efficient when moving between terminals.

When users leave their terminal, it is important that they log out. However, they frequently neglect to do so, because they are forgetful or in a hurry. Some times, users request to log out and immediately move away from the terminal, but their request requires confirmation to complete because they have left unsaved work, which would be otherwise lost. In other cases, the decision to leave a terminal without logging out is intentional and aims to save time, as physicians frequently perceive authentication as being slow [27], and a physician returning to a logged out terminal would have to authenticate again. It is obvious that this behavior can leave terminals exposed to unauthorized users, but this is not the only problem. Past studies reported that physician accessing terminals with another user already logged in has resulted in medication errors [28], because physicians entered data in the wrong patient’s sheet.

The most common solution to the issue is to use timeouts, i.e., logging out a user from a terminal or locking it after a period of inactivity. Picking the right value is not an easy task though. Using a short timeout may lead to erroneously logging out users that are still using a terminal but do not interact with it. For instance, a physician studying a patient’s file or momentarily discussing with a patient cannot be distinguished from him walking away from the terminal entirely [27]. On the other hand, picking a long timeout means that the same problems discussed above are still possible. An alternative to timeouts is using proximity sensors. However, they frequently erroneously log out active users or authenticate passing-by users, leading to frustration and hacks like disabling them by putting a Styrofoam cup over the sensor [5].

Our approach aims to enable systems to continuously authenticate the user operating a terminal and avoiding erroneously logging him out or locking the terminal. Our system allows for checks that determine whether a user is still looking at the terminal before taking action, while even in the case where a terminal is locked, because the user has briefly moved away, it will transparently unlock it when he returns and faces the terminal to resume his task.

Iii System Model

Iii-a Assumptions and Requirements

Iii-A1 Device Requirements

Our approach requires a head-mounted device featuring a front facing camera that can take static pictures from the point-of-view of the user. While a high-definition camera is not necessary higher resolution cameras will allow us to use smaller visual codes on displays. A screen is not required, however, if present, it can be used to provide feedback to the user (e.g., the name of the service he is authenticating with) and for locking the device (see Sec. IX-A). Sensors such as a microphone and a gyroscope are also necessary for receiving voice commands and turning on the device, respectively. The device should have a CPU capable of decoding QR codes, performing simple cryptographic operations, and running simple algorithms for identifying simple voice commands. Finally, it should also include a network adapter (e.g., WiFi) that would allow it to connect to the authentication service being used and sufficient storage to store a user’s credentials for all his Gauth-enabled services.

Iii-A2 Device-User Association

A device can be associated with a single or multiple users. In the first case, the device is considered personal and identifies the user itself, while in the latter the device is associated with a particular role or set of permissions. For example, this can be the case in hospitals or military compounds where the device essentially authorizes the user to access a set of terminals and services. Alternatively, shared devices may be assigned to particular users when checked out for use (e.g., when a nurse’s shift starts). Users may also be required to supply a PIN before using a device, while biometrics can be used for the same purpose [29].

Iii-A3 Device-Service Association

A Gauth device can authenticate a user with multiple services. We assume that before it is used, it has been properly set up to identify him with a service, after authenticating using alternate means, like with a username and password. Necessary information to complete the association can be shared by scanning a QR code with the glass device, similarly to how Google’s one-time password generator (OTP) is initialized [30], or by using another available pairing method [31]. A user could also physically present the device along with identification to a service (e.g., the branch of a bank) to perform the association.

Iii-A4 Deployment Requirements for Services and Terminals

Supporting Gauth-based authentication does not require any new sensors or hardware to be installed at terminals, assuming that they include a screen that can display graphics, like a QR code. If the user interface (UI) presented on a terminal is service driven, then no software changes are required on terminals either. For example, in the case of terminals receiving HTML content from a service and thin clients [32]. In the opposite case, if the UI is terminal driven, software modifications on the terminal are required to generate and display visual codes.

Iii-B Threat Model

Iii-B1 Adversaries

The most significant threat faced by Gauth users is theft of their wearable device. An attacker obtaining the device and knowing the services and terminals it has been associated with, can use it to gain access to services, obtain personal information, perform financial transactions, etc. This is akin to a thief stealing someone’s home key. The device can be protected using a PIN or biometrics and the information on the device can be encrypted. In this case, the attacker would have to brute force the PIN or mimic the biometric used to unlock the device, before being able to use it. In the case of continuous authentication, an adversary could attempt to use a terminal, left by a user without logging out, before Gauth detects that the correct user is no longer behind the terminal. Increasing the frequency that a service requests re-authentication can reduce this window of vulnerability. In Sec. VII, we evaluate the effects of using different re-authentication frequencies and how it affects the window of opportunity for an attacker.

Finally, an adversary could launch an online brute-force attack against a Gauth service, because the authentication service needs to be accessible to glass devices, which in certain contexts implies that it needs to be accessible over the Internet. However, the probability of such an attack succeeding is extremely low, as the attacker cannot observe the user’s ID or his authentication credentials, and such an attack would be easily detected by the service. An attacker can, though, obtain the information contained in the visual codes displayed on the terminal, which are considered public, and identify the terminal and service to the device.

Iii-B2 Device Integrity

Our approach has similar security characteristics to software security tokens on smartphones (e.g., Google authenticator [30]). As such, we assume that Gauth software running on the wearable device, the operating system kernel, and hardware, have not been compromised. Since devices like Google Glass permit users to download apps from stores, we assume that the user may have installed one or more malicious apps, however, these apps cannot compromise Gauth by reading or altering its functionality and data.

Iii-B3 Users

We consider the users of the system benevolent, however, they may expend small effort to bypass the system, if it interferes with their work. For instance, they may attempt to trick the glass device, so that they remain continuously logged in, and a terminal never locks or logs them out.

Iii-B4 Man-in-The-Middle Attacks (MitM)

MitM attacks between the terminal and the service cannot be prevented by Gauth. Thus, we assume that terminals and services can mutually authenticate (e.g., using TLS, certificates, and certificate authorities). A MitM can relay information between the terminal and service to enable the user to authenticate using Gauth. However, our approach submit the user’s credentials directly to the service, so they are not exposed to the attacker. We assume that MitM attacks between the device and the service are not possible, because the device has been properly set up with the service’s certificate, certificate authorities are used properly, etc.

Iv System Overview

Gauth transforms glass devices to authentication tokens that can be used to authenticate the user with different services. This section describes our approach for performing hands-free one-time and continuous authentication.

Iv-a One-time Authentication

Fig. 1: One-time, hands-free authentication with Gauth.

Initially authenticating with a system using Gauth comprises of the steps depicted in Fig. 1. Gauth-enabled services display a visual code, such as a QR code, on unused terminals, which can either replace the previously used authentication interface or coexist with it. This visual code encodes identifiers for the service and terminal, but it can also include a random number (nonce), which is refreshed every time a new log-in dialog is presented, to produce QR codes that are different every time. Introducing randomness is necessary to ensure that a stored picture of an old QR code cannot be used to authenticate with a terminal.

Authentication is explicitly triggered by the user using a voice command, such as “OK glass, authenticate” (step \⃝raisebox{-0.2pt}{{\footnotesize1}}). Google Glass is equipped with a voice command system allowing developers to enable any application through voice. It can be programmed to accept new commands, and it does not need specific training to “understand” new voices. Its accuracy can drop, though, when the Glass is not connected to the Internet, as cloud resources are used to enhance the speech-to-text analysis. Hence, we can program specific keywords that will trigger authentication. As the device enters power-save mode when not used, the user may need to also perform a small 10° head tilt to wake up. This is enabled by the gyroscope sensor on the device.

The device, which has been previously set up to authenticate the user with the service, takes a picture of what the user is looking at, scanning for a QR code (step \⃝raisebox{-0.2pt}{{\footnotesize2}}). If the device fails for some reason to find a code, it will retry, until a configurable threshold is reached, in which case it can provide visual or auditory feedback to the user. The information extracted from the QR code is used to identify whether the device has been associated with the corresponding service. Once such a service is found, the device communicates with it (e.g., over WiFi, 3G, etc.), presenting the user’s credentials and the corresponding terminal identifier to authenticate the user (step \⃝raisebox{-0.2pt}{{\footnotesize3}}). Finally, the service verifies the credentials received and admits the user in the requested terminal (step \⃝raisebox{-0.2pt}{{\footnotesize4}}).

We see that while the user needs to initiate the process in step \⃝raisebox{-0.2pt}{{\footnotesize1}}, the rest of the process is automatic and transparent to the user. Also, the user does not need to use his hands to type a password or PIN, search for his smartcard, etc.

Iv-B Continuous Authentication

Fig. 2: Continuous authentication with Gauth.

Devices enter continuous-authentication mode automatically after being signaled, as part of the acknowledgment returned to the device, when a user successfully authenticates initially. The process is based on the same principle as with one-time authentication, but uses timeouts to trigger, in this case, re-authentication. It begins with the device receiving acknowledgment that an authentication request has succeeded. At that point, the service signals that it requires continuous authentication with a minimum period of and synchronizes clocks with the device. This means that while the terminal is being used, the service expects a re-authentication request from the device every seconds.

The body of the continuous-authentication loop that follows is shown in Fig. 2. When seconds elapse (step \⃝raisebox{-0.2pt}{{\footnotesize1}}), a new re-authentication challenge, encoded as a QR code, is displayed on the terminal (step \⃝raisebox{-0.2pt}{{\footnotesize2}}). The QR-code encodes similar information as before and can be superimposed on the content in a manner that is non-disruptive. For instance, a QR code can be placed near the edge of the terminal. Obviously, a user interface that takes into account Gauth could reserve some space for this purpose. As a rule of thumb, we try to use the smallest QR code possible to reduce interference with the user (in Sec. VII-D we evaluate different QR-code sizes).

The device periodically takes snapshots scanning for re-authentication codes. Since, essentially, the device has synced with the service, it will also automatically activate after seconds and start scanning for a QR code (step \⃝raisebox{-0.2pt}{{\footnotesize1}}). As long as the user is operating the terminal and utilizing the screen, the device will eventually identify such a code. It will process it and re-authenticate the user by re-supplying his credentials, as well as the nonce extracted from the code, to the service (step \⃝raisebox{-0.2pt}{{\footnotesize3}}). Finally, the service verifies the user’s credentials and nonce, and the code is removed from the display.

If an authentication token is not sent in a certain amount of time, after the challenge was initiated by the service, it can choose to lock the terminal or completely log out the user. Note that if the user has recently interacted with the terminal, the service could decide to be more permissive and offer more time for re-authentication. If the terminal is locked, the lock screen should display the last QR-code challenge made by the service to ensure that the user can quickly resume. This way, when the user returns his gaze to the terminal, he will be transparently re-authenticated and the terminal unlocked. Note that while the device is in continuous-authentication mode, it will only issue authentication requests for the terminal it originally authenticated the user with. So a user will not accidentally authenticate with other locked terminals.

It may be desirable that a terminal remains unlocked without the user actively interacting with it. For example, a physician may be using a terminal to show information to a patient without at the same time looking at the terminal. In this case, the user would face a similar problem as to when only employing a timeout for determining inactivity, however, the QR code challenge could serve as queue for him to face the screen or interact with the terminal to prevent locking.

Finally, while a device is in continuous-authentication mode a visual marker can be shown on its display to provide feedback. The mode can be exited directly through a user request, which will also terminate the user’s session with the associated terminal, or indirectly by the service signaling the device when the user logs out using the terminal’s user interface.

V Authentication Protocol

Device Terminal Service
Used ID ()
User OTP Key ()
Service authentication URI
Service ID ()
Service certificate ()
Nonce OTP Key ()
Terminal ID ()
TABLE I: Keys and identifiers shared between protocol parties.

V-a Preliminaries

The protocol used by Gauth relies on the transport layer security (TLS) protocol [33] and one-time passwords (OTP). TLS is used to ensure the confidentiality of communications and enables the user to authenticate the service. To securely employ TLS between the user and the service, the user has already obtained the certificate of the service during device-service association (Sec. III-A3), which also includes the service identifier () the Internet location of the service in the form of a uniform resource identifier (URI).

To authenticate the user to the service, we utilize time-based OTPs [34] (TOTP) because they allow us to authenticate by sending a single message to the service. To utilize them, a shared key is initially exchanged between the service and the user. Using and the current time, the device can generate an that can be verified by the service. This is similar to OTP passwords generated by google-authenticator [30]. Using the and an , we achieve mutual authentication of user and service.

The protocol also utilizes a , which is used to ensure that older, stale QR codes cannot be used to abuse the system. We generate it in two ways, depending on the party that drives the UI. If the terminal UI is service driven, then a random number is generated by the service. On the other hand, if the UI is terminal driven, then we use a HMAC-based OTP [35] (HOTP) generator. This is done to enable the terminal to generate a nonce that can be checked by the authenticating service without the need to interact with it. This requires a shared key to also be shared between the terminal and the service.

The service certificate (including service ID and URI), along with the user ID and the shared key for generating user OTPs compose a 3-tuple that uniquely identifies an account the user possesses with a service. A summary of the keys and other information share between the three parties of this protocol is shown in Tab. I.

While the communication channel between the terminal and the service is not the focus of this work, we assume that it is also secure and, for simplicity, that it is over TLS.

V-B Protocol Steps

Fig. 3: Gauth authentication protocol.

The protocol consists of five different steps illustrated in Fig. 3. However, only four steps are actually utilized during authentication. This is because step 

1
is only performed when the UI is service driven and step 

5
when it is terminal driven. In the first case, the service can manipulate the UI shown on the terminal to display a QR code (e.g., by adding an image in an HTML page), so the first step involves encoding the information into a QR code and displaying it on the terminal. In the second case, the software running on the terminal is the one generating the QR code.

Step \⃝raisebox{-0.2pt}{{\footnotesize2}} is performed over an optical channel formed between a terminal’s screen displaying the visual code and the camera on the wearable device. The information sent to the device through the QR code includes the , , , and a configurable number of options. The wearable device reads the QR code and decodes it to retrieve the information encoded. We rely on the intrinsic error correction in QR codes to ensure that the information is not corrupted.

Once the device decodes the QR code, it creates a secure TLS connection with the remote service using the stored URI (step \⃝raisebox{-0.2pt}{{\footnotesize3}}). Since the device holds the service’s certificate, it can verify that it is communicating with the correct party. To authenticate the user, the device generates a new OTP using and the current time, and sends it to the service along with the information shown in Fig. 3.

The remote service can use the information to verify the identify of the user in step \⃝raisebox{-0.2pt}{{\footnotesize4}}. In particular, it uses to locate the user’s and verify the received OTP. The service also verifies that the received matches what is expected for . As discussed in Sec. V-A, the nonce can be a randomly generated number or an HOTP. After, the service then responds to the device with a positive or negative acknowledgment (step \⃝raisebox{-0.2pt}{{\footnotesize4}}), which may also include additional options. For example, it can flag the glass that the terminal requires continuous authentication over Gauth and send the re-authentication period .

If the UI is terminal driven, the service notifies the terminal of the outcome of the authentication process in step \⃝raisebox{-0.2pt}{{\footnotesize5}}. If it was successful, the of the user is also sent to the terminal.

During continuous authentication the protocol is repeated, as shown in Fig. 3, until the user logs out or his session is terminated by the service or terminal. Additionally, the options in steps \⃝raisebox{-0.2pt}{{\footnotesize1}} and \⃝raisebox{-0.2pt}{{\footnotesize3}}, which are highlighted in Fig. 3, are used synchronize the clocks of the device and the service (or terminal) to ensure that re-authentication can proceed successfully. Our approach is based on Lamport’s timestamps algorithm [36], which is used to determine the order of events in a distributed computer system.

Vi Implementation

Gauth consists of primarily three components: an app residing on the glass device, an authentication layer running at the service back end, and potentially software running at the terminal. This section provides technical details about the implementation of these components and their interactions. For our prototype, we used a Google Glass device and built a Gauth-enabled e-mail server and client in Java, representing the scenario that the UI is driven by the terminal, and the service cannot directly manipulate it. To implement the protocol we used a four-digit number for service IDs, and a six-digit nonce, which is generated by the terminal as an HOTP and also serves as its ID. In the options of the protocol, we add an 11-digit timestamp to execute Lamport’s algorithm [36].

Vi-a Gauth Google Glass App

The Gauth app is Glassware software that runs on a second generation Google Glass XE (Explorer Edition) device, equipped with the Android v4.4.2 kernel and the XE 21.0 update. Gauth was developed with the Glass Development Kit (GDK), an add-on to the Android SDK. It consists of four modules, implementing the following functionality.

Vi-A1 Voice Activation

The GDK’s VoiceTrigger framework allows the creation of a voice-driven interface via three types of speech recognition: application shortcut-type voice commands that enable the user to start an application, contextual voice commands that enable users to perform particular actions within the context of a running app, and free-form speech-to-text transformation for receiving textual input from users (e.g., reciting an e-mail). To enable starting our app using a voice command, we register an intent filter using the com.google.android.glass.action.VOICE_TRIGGER action in the app’s Android manifest. In our prototype we use the phrase “OK Glass, Authenticate”. Additionally, we need to declare what resources need to be used by our app in file res/xml/Gauth_voice_trigger.xml. In our case, we require to use the camera, network, and microphone.

Vi-A2 QR Code Scanning

To detect and decode QR codes we use the ZXing engine. ZXing is an open source library able to scan and decode one and two-dimension barcodes using a smart device’s camera. Unfortunately, the library available for Android depends on a remote service to decode QR codes, so we modified it to create a library that also includes ZXing’s core image decoding library in order to quickly decode QR codes on Google Glass. This way we increase authentication speed and we avoid sharing QR codes with a third-party.

Vi-A3 One-time Password Generation

Gauth implements time-based OTPs by integrating google-authenticator [30]. After initially setting up the key shared with the server (), requesting a new OTP is straightforward.

Vi-A4 TLS Support

Gauth creates, store, and manages digital keys and certificates using the Java KeyStore framework and the OpenSSL library. By default, it stores and uses a list of trusted CA certificates, similarly to a browser or smartphone. In our case, we also include a base-64 encoded X.509 certificate for the e-mail service, which is part of our prototype. The communication with the remote service is implemented via the Java HttpsConnection framework, which connects the device to the service back end over TLS.

Vi-B Gauth Support for Service Back Ends

Services need to support Gauth either by design or through a middleware that enables third-party services to interface with Gauth devices. In our prototype, we built such a middleware to add Gauth support for an SMTP/POP3 e-mail service. We implemented it in Java and support two different network interfaces; the first one is capable of handling multiple Gauth client connections from users that authenticate using the protocol described in Sec. V, while, the second one, allows terminals, in this case e-mail clients, to be updated in real time with a user’s authentication status. Note that this interface is required for UIs that are terminal driven, while UIs that can be directly modified by the service may not need it at all. In our prototype, communications are secured using HTTPS and implemented using the Java HttpsConnection framework, however, other designs that rely on IPSec, or controlled environments like an Intranet or cloud infrastructure, can also be supported in a similar way with relatively little effort.

Vi-C Terminal

When a terminal UI cannot be directly modified by the service, but requires support from the software running on the terminal, some modifications are also required on its software. To test this scenario, we built a Java-based e-mail client to act as a thick terminal, which will generate the QR codes itself instead of the service. Encoding the protocol information in a QR code and and displaying it on the terminal is done using the ZXing library. For creating an e-mail interface, we used the JavaMail API [37] which provides support for SMTP/POP3 server. Communication with the service is performed over TLS both for communicating with the Gauth middleware, as well as for delivering the content/service users, in this case providing access to their e-mail accounts. To generate a nonce for the protocol, we use HOTPs created (again) by the google-authenticator library [30].

Vii Evaluation

Fig. 4: Testbed used during the evaluation.

​This section presents the results derived from the evaluation of our Gauth prototype implementation. During our evaluation, we used the testbed topology drawn in Fig. 4. First, we deployed the terminal, service, and client in our own institutional network in the US. Then, we experimented by deploying the service to two cloud infrastructures. An academic cloud located in Europe and Amazon’s AWS cloud in the US. Specifically, the testbed was comprised by the following elements:

  • A second generation Google Glass, equipped with an OMAP 4430 SoC dual-core CPU, 2GB RAM, 5 MP Camera and a Wi–Fi 802.11b/g as the network interface, which runs Gauth

  • One high–end laptop machine with Intel Core 2 Duo P8700 at 2.53 GHz, 8 GB of 1,066 MHz DDR3 RAM and a 6 Mbps AirPort wireless network card, serving as the terminal

  • One server with an Intel Xeon CPU at 3.2 GHz and 4 GB of RAM located in the cloud service in Europe, acting as a remote service

  • One server with two Intel Xeon Processors operating at 2.5GHz with Turbo up to 3.3GHz and 2 GB located in Amazon’s EC2 cloud infrastructure, acting as a remote service

We conduct a thorough evaluation of Gauth in terms of performance, effectiveness, and efficiency using human subjects. Our aim is to demonstrate that Gauth is faster than password-based authentication without compromising security. More precisely, we evaluated Gauth’s performance, QR-code readability, which affects the usability of our scheme, and battery consumption when doing continuous authentication. Finally, we performed a user study involving 20 students using Gauth in different scenarios.

Vii-a Authentication Time

Remote service location Mean Min Max Standard deviation
Local 329 265 421 70
AWS (Oregon) 523 451 609 134
Cloud (Europe) 703 584 2115 476
TABLE II: Authentication time in milliseconds. The results are from performing 20 authentication runs for each service location.

Authentication time refers to the overall time required for a Gauth user to be authenticated by the remote server. We calculate the mean time from the moment the user activates Gauth via voice, until a complete authentication is performed. Authentication time includes all the necessary actions Gauth requires for authentication as already described in Fig. 

3. Furthermore, to correctly evaluate Gauth’s authentication time, we collect measurements from 20 authentication runs performed for the three locations of our testbed, and we calculate the average.

Overall, the mean authentication time with Gauth is 3.8 sec. This number includes 1.8 sec required to capture a picture using the auto-focus feature of the camera, followed by the QR-code decoding process 0.2 sec. Over and above that, it requires 0.4 sec to generate a new OTP, while the network communication part over HTTPS takes an average of 0.6 sec. To activate Gauth via voice command requires an average of 1.7 sec.

This means that when doing continuous authentication with a period of 5 sec, Gauth is able to perform almost 12 incessant authentications within a minute. Of course, authentication time is affected by the network’s quality and potentially geographical distance between the user and the remote service. Table II summarizes our results, including the mean, minimum, maximum, and standard deviation of our measurements. Note that our measurements incorporate the time required to establish an HTTPS connection with the remote service and end when Gauth receives the authentication ACK, as described in Fig. 3 (i.e., messages 3 to 5).

Vii-B Overhead

Fig. 5: CPU and memory load while performing continuous authentication with a period of seconds. CPU load is higher than expected due to an open issue with the Glass’ camera framework [38].

By overhead, we refer to the computational and memory resources Gauth consumes. Wearable devices do not afford considerable CPU and memory resources, at least when compared to smartphone and tablets, so overhead can be decisive. Some pilot results on CPU and memory utilization for Gauth are presented in Fig.5. These results correspond to Gauth performing continuous authentication with a period of seconds. As observed from the figure, we monitored the application for about 70 minutes before the Glass’ battery discharged completely. The maximum and minimum CPU consumption during this time period is 98% and 80% respectively, while the memory consumption was about 18% – 20%. Overall, what we observe is that there is a significant increase in CPU usage during the authentication process. However, this happens due to an open issue with the Glass’ camera framework [38]. Additionally, we need to mention that the temperature of the device was notably higher during this experiment, and we even encountered overheating issues, receiving the error message “Glass must cool down to run smoothly”, when we tested Gauth with a smaller authentication period (T<5). ​

Vii-C Battery consumption

By default continuous authentication can be a power hungry operation, which can greatly affect battery-powered devices. In contrast to the official estimation from Google of “one day battery life”, our experiments indicate that the Glass’ battery usually drains faster.

In an effort to balance the continuous authentication period against battery consumption, we measure the battery level every minute, while Gauth performs continuous authentication. Figure 6 illustrates the battery consumption during this experiment, when using a period of 5 and 15 seconds.

With an authentication period of T=5 (sec), Gauth is taking 2% off the battery every minute, while with period of T=15 (sec) we gained 2/3 of more energy. Practically, this means that within an hour, Gauth is able to perform 720 authentications with the remote service for T=5 (sec).

In terms of completeness, we also measure 4 fundamental Glass operations for a 10 minute period. Basic operations, like stand-by, playing video or receiving and displaying GPS directions, can drain 2.5%, and 6.2% of the battery respectively, while video recording is in position to consume 31% of the battery within just 10 minutes. ​

Fig. 6: Battery consumption during continuous authentication. Gauth is configured to wake and take a picture every seconds.

Vii-D QR-code Readability

The key element of our scheme depends on the high readability level of the QR-code itself. A QR-code consists of black square dots –modules– placed in a square grid on a white background, which can be read by a camera and processed using Reed–Solomon error correction until the image can be appropriately interpreted [39]. Failing to correctly identify and decode a QR code means that the user will not be able to authenticate and would have retry. The code’s physical size, the amount of information stored in it, the distance between the code and the scanning device, the position or the viewport of the camera, lightning, and, last but not least, the camera lens are some of the reasons that affect the readability of a QR-code. Thus, stressing both Gauth and the QR-code to identify their limits was a primary task. However, in this evaluation, we do not evaluate factors like the lighting or the quality of the camera lens.

The QR-code evaluation was performed using the native 5 MP Google Glass camera using the auto–focus function, under natural light. For the experiments, a 13.3–inch display with 1280 x 800 resolution and 50% screen brightness was used.

To examine the readability of the QR-code, we used three scanning distances, corresponding to the proper ergonomic position that a user views a smartphone (“Intimate distance”), a computer (“Personal distance”) and an ATM (“Social distance”) screen. Table III provides specific information on these distances. For these three scenarios, we define three different units of data (208, 816, 1920 bits), based on the traditional Version 2 QR-code capacity that consists of 25 modules (26 characters), the Version 6 QR-code capacity used for long URL’s (like Google Maps address URL’s) (102 characters), and the Version 10 QR-code capacity that contain vCard contact information (240 characters).

To create the QR-code image, it was highly important to correctly specify its physical size, so we relied on a mathematical formula [40] to calculate the recommended minimum size based on the chosen information data and the distance for this experiment. ​

Minimum QR–code Size = (Scanning Distance / Distance Factor) * Data Density Factor

  • Distance Factor - Start off with a factor of 10 then reduce it by 1 for each of poor lighting in the scan environment. In our case we use 10 as the distance factor.

  • Data Density Factor: Counts the number of columns of dots in the QR–code image and then divides that by 25 to normalize it back to the equivalent of a Version 2 QR–code.

Table IV summarizes the QR–code readability tests’ results for the three different scanning distances, the three different information data units and the taken images under two different scanning angles ( 0 and 45). During the experiments, the display and the Google Glass were stable in the aforementioned distances. Thus we decided to perform the experiments under two different angles, replicating in this way two more realistic scenarios; i) the user is looking straight the display, or ii) she is looking under a small horizontal angle. We calculated the (“Accuracy”) of the system, based on the successful QR–code decodes, after having performed for each case study 11 scans of the same QR–code.

Taking into consideration the evaluation results, we can argue that the Gauth was able to recognize the QR–code and decode it with high accuracy most of the times. Still, in some cases, and in contrary to the results from the “minimum QR–code size” formula, Gauth failed to detect or decode the QR–code. Failing to do so with the first try, it means that the user needs to activate again Gauth in the one-time authentication mode or to wait T seconds (say, 5 (sec)) of an automated try in the continuous authentication mode. This failure happens due to either the small physical QR–code size or the low data density stored on it. Definitely, the accuracy of the system could be higher if the camera lens were better or the decode library was in position to decode the QR–code with a higher error correction level.


Intimate distance:
20 / 7.87 (cm / inch)

Personal distance
50 / 19.68 (cm / inch)

Social distance
120 / 47.2 (cm / inch)

Encoded bits
208 (28 characters)
816 (102 characters)

1920 (240 characters)



TABLE III: Notations used in QR–code experiments


Scanning angle 0
Encoded bits Distance Accuracy
208 Intimate 72.7% Personal 72.7% Social 100% 816 Intimate 100% Personal 90.9% Social 100% 1920 Intimate 54.5% Personal 100% Social 100%

Scanning angle 45
Encoded bits Distance Accuracy
208 Intimate 18.2% Personal 63.6% Social 100% 816 Intimate 72.7% Personal 81.8% Public 100% 1920 Intimate 27.3% Personal 81.8% Social 100%
TABLE IV: Stressing QR–codes
(a) 75x75 pixels.
(b) 124x124 pixels.
(c) 170x170 pixels.
(d) 188x188 pixels.
(e) 309x309 pixels.
(f) 430x430 pixels.
(g) 453x453 pixels.
(h) 744x744 pixels.
(i) 1031x1031 pixels.
Fig. 7: Scanning different QR–code sizes from different distances and no angle. Each sub–figure draws the percentage of correctly scanned QR codes (y–axis), when taking 11 pictures with Google Glass, as the number of bits encoded in a QR–code increases (x–axis). The different colors correspond to three distances between the glass and screen:   20 cm,   50 cm, and   120 cm. From sub–figure 7(a) to 7(i), we increase the physical size of the QR–code.

Before closing the QR–code readability chapter, we scan different QR–code sizes from different distances and no angle (refer to Fig. 7). Each sub–figure draws the percentage of correctly scanned QR–codes (y–axis) when taking 11 pictures with Google Glass. As the number of bits encoded in a QR–code increases (x–axissub–figure 7(a) to 7(i), we increase the physical size of the QR–code. The different colors correspond to three distances between the glass and screen:  20 cm, 50 cm, and  120 cm. From sub–figure 7(a) to 7(i), we increase the physical size of the QR–code.

In Fig.7(a), it is evident that we are able to correctly scan a QR–code only from a short distance of the screen. As the size of the code increases, we are in charge of scanning from longer distances. In Fig. 7(e), the results for 20 cm overlap with the ones for 50 cm, thus they are not visible. For QR–codes larger than 453 pixels, we are always in power to correctly process them (Figures 7(h)7(i)), even from a distance of 120 cm. ​

Vii-E User Study

Designing a new human centric authentication scheme, like Gauth, that can also be applicable by users with disabilities or user with the need to operate on multiple terminals, like the nurses, requires evaluation and feedback from real users through a pilot study. ​

A pilot study is a trial, which is conducted before the main study, and not only allows the researcher to define any problems and provide the required adjustments to the system, but also ensures whether or not the study is appropriate in terms of validity.

For the pilot study, we recruited 20 volunteers to use a custom e–mail client, running on a laptop terminal, authenticating themselves, via the 5 authentication scenarios, to an email service.

The duration of the total experiment was an hour per participant, and the precondition was that users should be computer, smartphone and e–mail users. All users had previous interaction with a smartphone, but none of them with a Google Glass. It is important to mention that none of these 20 volunteers was a multiple terminal operator or had a disability. For the experiments, proper IRB approval was granted, while users’ privacy and sensitive information were never exposed. Table V contains a summary of our participants’ demographic characteristics.​

Characteristics Total
Gender

Male
14
Female 6
Field
Computer Science (CS) 12
Non-CS 8
Age
18-26 11
26-32 6
32-62 3
TABLE V: Participant demographics

Vii-E1 Methodology

During the experimentation phase, the participants had to use a custom e–mail client, running on a laptop terminal, authenticating themselves, via the 5 authentication scenarios, to an email Gauth–enabled service. We should note that all users shared the same credentials during their single–factor authentication phase, while they had each time to activate the devices (smartphone and Glass) in order to perform the second factor authentication. ​

Due to the fact that none of the volunteers had previous experience with the Google Glass or our custom e-mail client, a pre–study tuition during the first 15 minutes of the experiment was mandatory. During that specific time, the instructor introduced the main functions of every hardware device that will be used during the experiment, including the Google Glass, and passed through them several times for every step of the experiment.

All five authentication scenarios share a common ruse in which participants were not told which authentication scheme was to be primary investigated. Each scenarios needed to be performed 3 times by all users, allowing us to micro–benchmark the authentication tasks and collect real data used during the evaluation phase.

At the end of the session, users had to complete an anonymized questionnaire survey related to their experience with the authentication scenarios. Additionally to the experimental phase and the questionnaire survey, a 5 minute conversation allowed the investigator to extract valuable information regarding the participants’ thoughts.

Vii-E2 Scenarios

During the experimentation phase, the participants had to utilize the five authentication methods in order to access an e-mail account through a laptop terminal. First, we tested single–factor authentication. Users employed Gauth and conventional username/password credentials to authenticate with the mock service. Second, we asked them to use a username/password as well as a second factor of authentication. We evaluated three scenarios: using Gauth (2FA Gauth), google–authenticator on a smartphone (2FA Smartphone), and google–authenticator on Google Glass (2FA Glass). In more details these scenarios include:

Username/Password

the traditional single–factor authentication scheme based on username and password credentials.

2FA – Smartphone

a second factor authentication scheme, where a OTP was displayed by a mobile.

2FA–Glass

a second factor authentication scheme, where a OTP was displayed by the Google Glass.

Gauth

a password–less, hands–free, one–time authentication scheme

2FA–Gauth

the traditional singlest factor authentication scheme based on username and password credentials, working in synergy with Gauth as the second authentication factor.

We should note that all users shared the same credentials during their single–factor authentication phase, while each time they had to activate the devices (smartphone and Glass) to perform the second–factor authentication.

Vii-E3 Results

The Fig. 8 illustrates the average over three repetitions of the task for all the five scenarios. The bottom two lines in the figure correspond to the single–factor authentication, while the rest three to the second factor authentication schemes. It is obvious that Gauth, due to the hand-free nature, is not only the faster method in all cases, but grants novice users with tremendous authentication issues, like 17tn and 18tn user, to successfully authenticate in less than 5 seconds.​

Fig. 8: Time required to complete entry–point authentication for all 20 users in our user study. The figure draws the average over three repetitions of the task. First, we tested single–factor authentication. Users employed Gauth and conventional username/password credentials to authenticate with a mock service (bottom two lines in the figure). Second, we asked them to use a username/password as well as a second factor of authentication. We evaluated three scenarios: using Gauth (2FA Gauth), google–authenticator on a smartphone (2FA Smartphone), and google–authenticator on Google Glass (2FA Glass).

Most of the users agreed that traditional authentication schemes need to be improved. As they comment during the oral discussion, password-less schemes like the Gauth or the very recently iPhone’s fingerprint solution permits them to remember less passwords. The 95% argued that the combination of username/password with Gauth, is the most secure authentication scheme across all the scenarios, but in their everyday life, users would choose Gauth for its password-less nature. On the contrary, only 20% feels that Gauth is secure. This can be explained due to the limited or non cyber-security knowledge of our scheme. Most users, 65%, complain that they had problem reading the OTP directly from the Glass, but claim that it is more secure than displaying the OTP on a smartphone. Last but not least, 75% of the users allege that they are interested in using Gauth on their everyday basis only if the cost of the wearable is affordable and more elegant, while a 65% assert that they will use it only under specific circumstances, such as at their office, a bank terminal or to access a room.​

Vii-F Security

Fig. 9: Window of exposure to malicious users when using Gauth for continuous authentication. is the re-authentication period used (i.e., how frequently it is requested), is the timeout (since the last expected re–authentication) after which the user is logged out, and the window of exposure.

When performing continuous authentication with period , if a user steps away from the terminal without logging out, there exists a window of vulnerability that the terminal is left exposed, until the service detects that the user is no longer there and locks the terminal and logs the user out. This is illustrated in Fig. 9, where a user steps away, missing the next re-authentication request. Since the terminal probably does not immediately lock the terminal, an amount of time lapses till the user is logged out and the terminal is safe. The figure makes it easy to deduce that . Since even with our current prototype, we are able to use a period of . Also, since the authentication time on the local network never exceeds 0.5 sec, continuous authentication could be deployed with an . Consequently, will be considerable small in most cases. However, future work is required to establish the usability effects of using such a small .

Viii Related Work

Over the last few years, various authentication methods and schemes have been introduced aiming to improving the security of computers and smartphone systems. Still passwords remain the most popular authentication scheme, although their weaknesses and limitations have been wildly explored. Users are often advised or required to choose passwords that comply with certain policies in order to strength their passwords, but in most cases they end-up with passwords easier to guess than they had previously assumed[41].

As weak-password prevention and password managers schemes try to harden the traditional password, many promising schemes have been introduced over the last few year aiming to provide secure, cheap, and efficient authentication methods based on QR-codes, NFC tags or biometric features. So, the rest of this section will be categorize into three groups, presenting the most resent authentication schemes in the literature.

Viii-a Password Evaluation Studies

Despite the fact that passwords suffer from various attacks, solutions like Telepathwords [41] try to measures the password strength by simulating password-cracking algorithms and providing to the users strong passwords  [42]. Moreover, with the increasing hardware availability and the equipped devices with touchscreens and touch-surfaces, modern password allow user to draw a shape connecting some software points on a touch sensor as their password. These authentication schemes are referred as graphical passwords and aim to combine the usability of drawing a password with high guessability and entropy. Still graphical passwords suffer from smudge and shoulder surfing attacks [43, 44]. Measuring password strength by simulating password-cracking algorithms [42].

Viii-B Password Managers

The increasing number of password users have to memorize, made passwords managers very popular over the last few years. Although the concept of managing password is not something new [45], password managers have evolved from traditional software running in the browser, to cloud-based and mobile device based managers [46, 47]. While the the usability of password managers has been proven [48], various attacks have expose their vulnerabilities [47, 49]. In spite of the fact that, the concept of password managers is very promising, it cannot work on in many cases like on public terminals or embedded devices were password managers are not offered.

Viii-C NFC-based authentication schemes

NFC gains in popularity after smartphones got powered with NFC readers, allowing them to establish two-way contactless radio communication between endpoints by touching them together. NFC as authentication token has been widely utilized by various studies throughout the literature. Recent studies have proposed mobile credit card payments [50], health systems [51], password-less authentication and identity management architectures used for securing web services [52, 53, 54] .

Viii-D Authentication based on biometric

While biometric is gaining in popularity the last few years, interesting solutions have been proposed in the resend literature trying to improve both two-factor and continuous authentication systems. The work in [55] investigates the possible to continuous authenticate users while they perform basic navigation steps on a touchscreen device. Same year, a new way to perform continuous authentication using mouse dynamics as the behavioural biometric modality was demostrated in [56]. Very recently in [57], a general approach for continuous authentication based on keystroke dynamics was introduced. The authors prove, that it is feasible to authenticate users based on keystroke dynamics for continuous authentication systems. Also in [58], a touchstroke dynamic system was introduced as a second verification factor when authenticating the user of a smartphone.

A pulse-response biometric [59] sends an electric pulse through the user’s body and measures is resistance. The expectation is that each user has a unique resistance which can be used to uniquely identify them to perform continuous authentication. However, a user’s electric resistance can change based on various factors, measurements can be affected by weather conditions, while significant investments may be required to deploy such sensors on terminals. Also, is it not applicable to generic online services, similarly to the previous system.

Viii-E Recurring authentication

Recurring authentication using wearable devices like bracelets that keep track of a user’s hand movements and correlates the movement with the keys pressed to continuously authenticate users [60]. They show 85% accuracy and 11 sec adversary detection time, or 90% and 50 sec. The error is too high and this approach only works on terminals, while it is harder to easily deploy as an additional authentication measure on generic online services offered through apps or the browser. Also, Google Glass is potentially a multipurpose tool, like the smartphone, and is more likely to be adopted by a larger number of users, while a device can be actually shared by multiple users.

Transparent re-authentication for mobile devices using behavioral biometrics and in particular how a user interacts with the smartphone through its touchscreen [61]. False positives are disruptive. Transparently authenticating users based on how they place calls [62].

Viii-F Authentication for People with Disabilities

Despite the majority of authentication schemes provided in the literature, people with disabilities have to come across once again with the limited authentication solutions provided in the literature. Authentication schemes based on multi-touch surfaces with with one or more fingers [63], signal-based methods used to delineate the ECG features and determine the dominant fiducials from each heartbeat [64], eye-gaze gestures [65] are some interesting approaches thay may help and improve peoples every day authentication.

Ix Discussion

As already mentioned, continuous authentication with wearable devices is a relatively new discipline. Combining modern devices with security systems will not only improve the security of the system, but at the same time increase the usability and productivity of some end-user categories.

Ix-a Device Theft

Overall, with the increasing risk of the theft or loss of mobile devices over the last few years, authentication solutions like Gauth may face extra issues. The person that holds the device, is also the one that can authenticate. We can argue that the security of the glass device is similar to locking your password vault. A PIN, voice recognition, or other techniques could be used to unlock the device. The device could perform a challenge-response protocol with the user [66, 67]. For example, the device could display one character on the screen and the user would respond (by voice) by adding his secret number to the displayed one. Furthermore, blending Gauth with physiological biometric schemes that rely on unique voice patterns, such as voice-based authentication systems, will allow only the legit user to control the device [68].

Ix-B Privacy Benefits

Gauth preserves end-user privacy by shielding the user from keystroke profiling. For example, the service will not be able to infer what is the disability of the person authenticating, using methods like timing errors on a keyboard or other sensor data. Furthermore, pseudonymity can be provided on a per session basis for user that share the same device under their duty, like nurses or police officer. That is, each time the device creates a new unique OTP without requiring from the user extra credentials.

X Conclusion

We presented Gauth, a system that incorporates glass wearable devices in authentication. Our design enables the hands-free authentication of users with terminals, which we argue can have a great impact on how persons with disabilities currently access public terminals and shared devices in the workplace. We believe our system has the potential to empower people to overcome some of the physical barriers they face with regards to accessing online services. Equally important, Gauth can help organizations safe guard their terminals from unauthorized access, incurred by the fact that users forget or avoid to log out from terminals they use. Gauth allows services and terminals to determine in seconds whether the correct user is operating them. We evaluated our approach by performing a short user study involving students. While the study does not include persons with disabilities, nor we evaluate continuous authentication in a real workplace, it is an important first step that has provided us with encouraging results. We plan to use these to pursue trials of Gauth with users with disabilities and larger groups.

References

  • [1] “Beyond a gadget: Google Glass is a boon to disabled,” USA TODAY, October 2013, http://www.usatoday.com/story/tech/2013/10/22/google-glass-aids-disabled/3006827/.
  • [2] A. O’Connor, “Google Glass enters the operating room,” NY Times, June 2014, http://well.blogs.nytimes.com/2014/06/01/google-glass-enters-the-operating-room/.
  • [3] K. Helkala, “Disabilities and authentication methods: Usability and security,” in Availability, Reliability and Security (ARES), 2012 Seventh International Conference on, August 2012, pp. 327–334.
  • [4] A. Greenberg, “Google Glass snoopers can steal your passcode with a glance,” WIRED.com, June 2013, http://www.wired.com/2014/06/google-glass-snoopers-can-steal-your-passcode-with-a-glance/.
  • [5] S. Sinclair, “Access control in and for the real world,” Department of Computer Science, Dartmouth College, Tech. Rep. TR2013-745, November 2013, http://www.cs.dartmouth.edu/reports/TR2013-745.pdf.
  • [6] Y. S. Lee, N. H. Kim, H. Lim, H. Jo, and H.-J. Lee, “Online banking authentication system using mobile-otp with qr-code,” in Computer Sciences and Convergence Information Technology (ICCIT), 2010 5th International Conference on, Nov 2010, pp. 644–648.
  • [7] ——, “Online banking authentication system using mobile-OTP with QR-code,” in Computer Sciences and Convergence Information Technology (ICCIT), 2010 5th International Conference on, Nov 2010, pp. 644–648.
  • [8] M. Bae, S. K. Lee, S. Yoo, and H. Kim, “Fase: Fast authentication system for e-health,” in Ubiquitous and Future Networks (ICUFN), 2013 Fifth International Conference on, July 2013, pp. 648–649.
  • [9] Y.-W. Kao, G.-H. Luo, H.-T. Lin, Y.-K. Huang, and S.-M. Yuan, “Physical access control based on qr code,” in Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2011 International Conference on, Oct 2011, pp. 285–288.
  • [10] B. Dodson, D. Sengupta, D. Boneh, and M. Lam, “Secure, consumer-friendly web authentication and payments with a phone,” in Mobile Computing, Applications, and Services, ser. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, M. Gris and G. Yang, Eds.   Springer Berlin Heidelberg, 2012, vol. 76, pp. 17–38.
  • [11] G. Starnberger, L. Froihofer, and K. Goeschka, “Qr-tan: Secure mobile transaction authentication,” in Availability, Reliability and Security, 2009. ARES ’09. International Conference on, March 2009, pp. 578–583.
  • [12] K. Choi, C. Lee, W. Jeon, K. Lee, and D. Won, “A mobile based anti-phishing authentication scheme using qr code,” in Mobile IT Convergence (ICMIC), 2011 International Conference on, Sept 2011, pp. 109–113.
  • [13] L. Roalter, S. Diewald, A. Möller, T. Stockinger, and M. Kranz, “User-friendly authentication and authorization using a smartphone proxy,” in Computer Aided Systems Theory - EUROCAST 2013, ser. Lecture Notes in Computer Science, R. Moreno-Díaz, F. Pichler, and A. Quesada-Arencibia, Eds.   Springer Berlin Heidelberg, 2013, vol. 8112, pp. 390–399.
  • [14] A. Hłobaż, K. Podlaski, and P. Milczarski, “Applications of qr codes in secure mobile data exchange,” in Computer Networks, ser. Communications in Computer and Information Science, A. Kwiecien, P. Gaj, and P. Stera, Eds.   Springer International Publishing, 2014, vol. 431, pp. 277–286.
  • [15] S. Falkner, P. Kieseberg, D. Simos, C. Traxler, and E. Weippl, “E-voting authentication with qr-codes,” in Human Aspects of Information Security, Privacy, and Trust, ser. Lecture Notes in Computer Science, T. Tryfonas and I. Askoxylakis, Eds.   Springer International Publishing, 2014, vol. 8533, pp. 149–159.
  • [16] I. Uswak, “Glassauth Google Glass APP – 2step authentication for Google Accounts,” http://glass-apps.org, May 2013, http://glass-apps.org/glassauth-google-glass-app-2step-authentication-for-google-accounts.
  • [17] SAASPASS, “Two-factor authentication with Google Glass,” https://www.saaspass.com/platforms/google-glass-two-factor-authentication-one-time-password.html.
  • [18] US Government, “Section508.gov Opening Doors to IT,” http://www.section508.gov/.
  • [19] EASPD, “European Disability Strategy 2010-2020,” http://www.easpd.eu/en/content/european-disability-strategy-2010-2020, 2010.
  • [20] “ CloudCracker :: Online Hash Cracker,” https://www.cloudcracker.com.
  • [21] “New 25 GPU Monster Devours Passwords In Seconds,” http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/.
  • [22] “IEEE data breach: 100K passwords leak in plain text,” http://www.neowin.net/news/ieee-data-breach-100k-passwords-leak-in-plain-text.
  • [23] “Twitter detects and shuts down password data hack in progress,” http://arstechnica.com/security/2013/02/twitter-detects-and-shuts-down-password- data-hack-in-progress/.
  • [24] “Sony Hacked Again, 1 Million Passwords Exposed,” http://www.informationweek.com/security/attacks/sony-hacked-again-1-million-passwords-ex/229900111.
  • [25] van Hauser, “THC-Hydra,” The Hackers Choice, 2014, https://www.thc.org/thc-hydra/.
  • [26] Y. Yang, J. Lindqvist, and A. Oulasvirta, “Text entry method affects password security,” arXiv.org, 2014, http://arxiv.org/pdf/1403.1910.pdf.
  • [27] S. W. Smith and R. Koppel, “Healthcare information technology’s relativity problems: a typology of how patients’ physical reality, clinicians’ mental models, and healthcare information technology differ,” Journal of the American Medical Informatics Association, vol. 21, no. 1, pp. 117–131, 2014.
  • [28] K. R, M. JP, C. A, and et al, “Role of computerized physician order entry systems in facilitating medication errors,” JAMA, vol. 293, no. 10, pp. 1197–1203, 2005.
  • [29] C. Cornelius, R. Peterson, J. Skinner, R. Halter, and D. Kotz, “A wearable system that knows who wears it,” in Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), June 2014, pp. 55–67.
  • [30] Google, “google-authenticator,” http://code.google.com/p/google-authenticator/.
  • [31] A. Kumar, N. Saxena, G. Tsudik, and E. Uzun, “A comparative study of secure device pairing methods,” Pervasive Mob. Comput., vol. 5, no. 6, pp. 734–749, December 2009.
  • [32] J. Jackson, “NY hospital cuts power bill with thin-client virtualization,” PCWorld, 2010, http://www.pcworld.com/article/188497/ny_hospital_virtualization.html.
  • [33] T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.2,” IETF, https://tools.ietf.org/html/rfc5246.
  • [34] D. M’Raihi, S. Machani, M. Pei, and J. Rydell, “TOTP: Time-based one-time password algorithm,” IETF, May 2011, http://tools.ietf.org/html/rfc6238.
  • [35] D. M’Raihi, M. Bellare, F. Hoornaert, D. Naccache, and O. Ranen, “HOTP: An HMAC-based one-time password algorithm,” IETF, January 2005, https://tools.ietf.org/html/rfc4226.
  • [36] L. Lamport, “Time, clocks, and the ordering of events in a distributed system,” Commun. ACM, vol. 21, no. 7, pp. 558–565, Jul. 1978.
  • [37] “OThe JavaMail API,” http://www.oracle.com/technetwork/java/javamail/index.html.
  • [38] “ High CPU load on Camera,” https://code.google.com/p/google-glass-api/issues/detail?id=563.
  • [39] “Information technology — Automatic identification and data capture techniques — Bar code symbology — QR Code,” http://raidenii.net/files/datasheets/misc/qr_code.pdf.
  • [40] “What Size Should A Printed QR Code Be?” http://www.qrstuff.com/blog/2011/01/18/what-size-should-a-qr-code-be.
  • [41] S. Komanduri, R. Shay, L. F. Cranor, C. Herley, and S. Schechter, “Telepathwords: Preventing weak passwords by reading users’ minds,” in Proceedings of the 23rd USENIX Conference on Security Symposium, 2014, pp. 591–606.
  • [42] P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Christin, L. F. Cranor, and J. Lopez, “Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms,” in Proceedings of the 33rd IEEE Symposium on Security and Privacy, 2012.
  • [43] A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, “Smudge attacks on smartphone touch screens,” in Proceedings of the 4th USENIX Conference on Offensive Technologies, ser. WOOT’10.   USENIX Association, 2010, pp. 1–7.
  • [44] T.-S. Wu, M.-L. Lee, H.-Y. Lin, and C.-Y. Wang, “Shoulder-surfing-proof graphical password authentication scheme,” International Journal of Information Security, vol. 13, no. 3, pp. 245–254, 2014.
  • [45] J. A. Halderman, B. Waters, and E. W. Felten, “A convenient method for securely managing passwords,” in Proceedings of the 14th International Conference on World Wide Web, ser. WWW ’05.   New York, NY, USA: ACM, 2005, pp. 471–479.
  • [46] A. E. Lackey, T. Pandey, M. Moshiri, N. Lalwani, C. Lall, and P. Bhargava, “Productivity, part 2: Cloud storage, remote meeting tools, screencasting, speech recognition software, password managers, and online data backup,” Journal of the American College of Radiology, vol. 11, no. 6, pp. 580 – 588, 2014.
  • [47] D. Silver, S. Jana, D. Boneh, E. Chen, and C. Jackson, “Password managers: Attacks and defenses,” in 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, Aug. 2014, pp. 449–464.
  • [48] A. Karole, N. Saxena, and N. Christin, “A comparative usability evaluation of traditional password managers,” in Proceedings of the 13th International Conference on Information Security and Cryptology, ser. ICISC’10.   Springer-Verlag, 2011, pp. 233–251.
  • [49] Z. Li, W. He, D. Akhawe, and D. Song, “The emperor’s new password manager: Security analysis of web-based password managers,” in 23rd USENIX Security Symposium (USENIX Security 14).   San Diego, CA: USENIX Association, Aug. 2014, pp. 465–479.
  • [50] O. Choi, T. Choi, J. Kim, and S. Moon, “Nfc payment authentication protocol for payment agency of service robot,” in Future Information Technology, ser. Lecture Notes in Electrical Engineering, J. J. J. H. Park, Y. Pan, C.-S. Kim, and Y. Yang, Eds.   Springer Berlin Heidelberg, 2014, vol. 309, pp. 65–70.
  • [51] T. Dehling and A. Sunyaev, “Information security and privacy of patient-centered health it services: What needs to be done?” in System Sciences (HICSS), 2014 47th Hawaii International Conference on, Jan 2014, pp. 2984–2993.
  • [52] J. Poplett, “User-friendly multifactor mobile authentication,” Feb. 4 2014, uS Patent 8,646,056. [Online]. Available: http://www.google.com/patents/US8646056
  • [53] V. Mora-Afonso and P. Caballero-Gil, “Using identity-based cryptography in mobile applications,” in International Joint Conference SOCO’13-CISIS’13-ICEUTE’13, ser. Advances in Intelligent Systems and Computing, . Herrero, B. Baruque, F. Klett, A. Abraham, V. Snášel, A. C. de Carvalho, P. G. Bringas, I. Zelinka, H. Quintián, and E. Corchado, Eds.   Springer International Publishing, 2014, vol. 239, pp. 527–536.
  • [54] P. Urien and S. Piramuthu, “Securing nfc mobile services with cloud of secure elements (cose),” in Mobile Computing, Applications, and Services, ser. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, G. Memmi and U. Blanke, Eds.   Springer International Publishing, 2014, vol. 130, pp. 322–331.
  • [55] M. Frank, R. Biedert, E. Ma, I. Martinovic, and D. Song, “Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication,” Information Forensics and Security, IEEE Transactions on, vol. 8, no. 1, pp. 136–148, Jan 2013.
  • [56] S. Mondal and P. Bours, “Continuous authentication using mouse dynamics,” in Biometrics Special Interest Group (BIOSIG), 2013 International Conference of the, Sept 2013, pp. 1–12.
  • [57] D. El Menshawy, H. Mokhtar, and O. Hegazy, “A keystroke dynamics based approach for continuous authentication,” in Beyond Databases, Architectures, and Structures, ser. Communications in Computer and Information Science, S. Kozielski, D. Mrozek, P. Kasprowski, B. Małysiak-Mrozek, and D. Kostrzewa, Eds.   Springer International Publishing, 2014, vol. 424, pp. 415–424.
  • [58] G. Kambourakis, D. Damopoulos, D. Papamartzivanos, and M. Pavlidakis, “Introducing touchstroke: Keystroke-based authentication system for smartphones,” Security and Communication Networks, 2014.
  • [59] K. B. Rasmussen, M. Roeschlin, I. Martinovic, and G. Tsudik, “Authentication using pulse-response biometrics,” in Proceedings of NDSS, February 2014.
  • [60] S. Mare, A. Molina-Markham, C. Cornelius, R. Peterson, and D. Kotz, “ZEBRA: Zero-effort bilateral recurring authentication,” in Proceedings of IEEE Symposium on Security and Privacy, May 2012.
  • [61] L. Li, X. Zhao, and G. Xue, “Unobservable re-authentication for smartphones,” in Proceedings of NDSS, February 2013.
  • [62] M. Conti, I. Zachia-Zlatea, and B. Crispo, “Mind how you answer me!: Transparently authenticating the user of a smartphone when answering or placing a call,” in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011, pp. 249–259. [Online]. Available: http://doi.acm.org/10.1145/1966913.1966945
  • [63] S. Azenkot, K. Rector, R. Ladner, and J. Wobbrock, “PassChords: Secure multi-touch authentication for blind people,” in Proceedings of the 14th International ACM SIGACCESS Conference on Computers and Accessibility, 2012, pp. 159–166.
  • [64] T.-W. Shen, “Applied ECG biometric technology for disability population personalization,” in Proceedings of the 2nd International Convention on Rehabilitation Engineering & Assistive Technology (iCREATe), 2008, pp. 103–107.
  • [65] A. De Luca, R. Weiss, and H. Drewes, “Evaluation of eye-gaze interaction methods for security enhanced PIN-entry,” in Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces (OZCHI), 2007, pp. 199–202.
  • [66] D. V. Bailey, M. Drmuth, and C. Paar, ““typing” passwords with voice recognition: How to authenticate to Google Glass,” in Proceedings of the WAY Workshop, 2014.
  • [67] S. Zhu, Y. Ma, J. Feng, and A. Sears, “Don’t listen! i am dictating my password!” in Proceedings of the 11th International ACM SIGACCESS Conference on Computers and Accessibility (ASSETS), 2009, pp. 229–230.
  • [68] S. Adibi, “A low overhead scaled equalized harmonic-based voice authentication system,” Telemat. Inf., vol. 31, no. 1, pp. 137–152, Feb. 2014.