Where Are The Dots : Hardening Face Authentication on Smartphones with Unforgeable Eye Movement Patterns

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

View graph of relations


  • Qian Wang
  • Man Zhou
  • Yi Zhao
  • Qi Li
  • Chao Shen

Related Research Unit(s)


Original languageEnglish
Pages (from-to)1295-1308
Journal / PublicationIEEE Transactions on Information Forensics and Security
Online published28 Dec 2022
Publication statusPublished - 2023


With the ubiquitous adoption, mobile face authentication systems have been facing constant security challenges, particularly the spoofing risks. Except for those using specialized hardware, existing proposals for face anti-spoofing on mainstream smartphones either leverage people’s 3D face characteristics or various facial expressions. While showing progress towards more resilient face authentication, they are still vulnerable to recent advanced attacks (e.g., 3D mask attacks, video attacks, etc.). This paper presents GazeGuard, an on-device face anti-spoofing system that leverages unpredictable and unforgeable eye movement patterns to provide strong security guarantees against all known attacks. Targeting mainstream smartphones, GazeGuard is designed to conduct eye movement-based authentication using only 2D front cameras. Specifically, by presenting a series of short-lasting random dots on the screen (named gazecode), GazeGuard simultaneously captures a user’s gaze responses and the corresponding deformed periocular features to ensure both the freshness and correctness for the anti-spoofing face authentication. We have extensively tested GazeGuard’s performance over 50 volunteers. Using a 4-digit gazecode (just four random dots), GazeGuard achieves an average 90.39% authentication accuracy and 81.57 out of 100 System Usability Scale (SUS) scores. Under the same settings, GazeGuard achieves detection accuracy of 95.72% for image attack, 95.59% for video attack, 99.73% for 3D mask attack, and 100% for physical adversarial attack.

Research Area(s)

  • anti-spoofing, Authentication, Biometrics, Estimation, face authentication, Faces, liveness detection, Performance evaluation, Security, Smart phones, Three-dimensional displays

Citation Format(s)