Smart glasses allow for gaze gesture passwords as a hands-free form of mobile authentication. However, pupil movements for password input are easily observed by attackers, who thereby can derive the password. In this paper we investigate closed-eye gaze gesture passwords with EOG sensors in smart glasses. We propose an approach to detect and recognize closed-eye gaze gestures, together with a 7 and 9 character gaze gesture alphabet. Our evaluation indicates good gaze gesture detection rates. However, recognition is challenging specifically for vertical eye movements with 71.2%-86.5% accuracy and better results for opened than closed eyes. We further find that closed-eye gaze gesture passwords are difficult to attack from observations with 0% success rate in our evaluation, while attacks on open eye passwords succeed with 61%. This indicates that closed-eye gaze gesture passwords protect the authentication secret significantly better than their open eye counterparts.

  author = {Findling, Rainhard Dieter and Quddus, Tahmid and Sigg, Stephan},
  booktitle = {Proc. {MoMM} 2019: 17th International Conference on
  		  Advances in Mobile Computing and Multimedia},
  title = {Hide my Gaze with {EOG}! {T}owards Closed-Eye Gaze Gesture
  		  Passwords that Resist Observation-Attacks with
  		  Electrooculography in Smart Glasses},
  year = {2019},
  month = dec,
  number = { {In print}},
  publisher = {ACM}