know whether an Type-IlI attacker,can fool the authentication and voice command and suffers from several drawbacks which system.We start by taking a short video of a victim while she limits its usability.GlassGesture provides a new gesture-based is performing gesture-based authentication,and then present user interface with gesture recognition and authentication, this video to attackers.We give attackers enough time to which enable users to use head gesture as input and protect learn,practise,and mimic the victim.And we only start the Glass from unauthorized attackers. authentication process whenever each attacker feels she is ready.We give 5 attackers 10 chances for each gesture and ACKNOWLEDGMENT unlimited access to the reference video.In all of our tests (100 The authors would like to thank all the reviewers for their trials).attackers are never able to fool the system and (falsely) helpful comments.This project was supported in part by US identified as authorized users.From the experiment,we find National Science Foundation grant CNS-1320453. that an imitator fails in mimicking the head gesture because 1) REFERENCES it is not easy to recover every details of head gestures recorded by sensitive motion sensors through vision observation;2)it [1]Google Glass Help,"Screen lock."https://goo.gl/Knf7pl. [2]N.Ravi,N.Dandekar,P.Mysore,and M.L.Littman,"Activity recog- is not easy to control the head movement precisely and make nition from accelerometer data,"in AAA/'05,vol.5. it like a natural movement during mimicking.The different [3]H.Lu,J.Yang et al,"The jigsaw continuous sensing engine for mobile muscle distributions of head and neck in human individuals phone applications,"in Sensys 10. [4]S.Rallapalli.A.Ganesan.K.Chintalapudi er al,"Enabling physical will add different features to the sensor recordings. analytics in retail stores using smart glasses,"in MobiCom '14. [5]J.O.Wobbrock et al.,"Gestures without libraries,toolkits or training: C.System Performance a $1 recognizer for user interface prototypes,"in UIST '07 We report the running time of several important functions: [6]A.Colago et al."Mime:Compact,low power 3d gesture sensing for interaction with head mounted displays,"in UIST13. DTW time cost in gesture recognition,training time cost [7]Q.Pu,S.Gupta,S.Gollakota,and S.Patel,"Whole-home gesture (offline on a remote machine),and classification time cost recognition using wireless signals,"in MobiCom '13. [8]J.Liu,L.Zhong,J.Wickramasuriya,and V.Vasudevan,"uwave: in authentication.The time cost of gesture recognition grows Accelerometer-based personalized gesture recognition and its applica- linearly with the number of templates,while the time of tions,"Pervasive and Mobile Computing,vol.5.2009. running one instance of DTW is rather small as 30.2 ms.The [9]L.-P.Morency and T.Darrell,"Head gesture recognition in intelligent interfaces:the role of context in improving recognition,"in /UI '06. training is offloaded to a remote machine and cost average [10]Google Glass Help,"Head wake up/nudge,"https://goo.gl/6lfFWg. 42.8 seconds per user,which is affordable since the request of [11]T.Horikawa,"Head gesture detector,"https://goo.gl/uRgVnu. training and retraining is relatively rare after the initial setup. [12]M.Frank,R.Biedert,E.-D.Ma,I.Martinovic,and D.Song,"Touchalyt- ics:On the applicability of touchscreen input as a behavioral biometric Classification runs on the Glass,of which the cost(28.6 ms) for continuous authentication,"T/FS '/3,vol.8. of single instance is almost unnoticeable by users. [13]M.Shahzad,A.X.Liu,and A.Samuel,"Secure unlocking of mobile touch screen devices by simple gestures:you can see it but you can not D.Other considerations doit,”in MobiCom'I3. [14]C.Bo.L.Zhang.X.-Y.Li et al.,"Silentsense:silent user identification Due to space limit,we briefly discuss other practical con- via touch and movement behavioral biometrics,"in MobiCom '13. siderations.1)Authentication Frequency:The frequency is [15]L.Li,X.Zhao,and G.Xue,"Unobservable re-authentication for smartphones."in NDSS '13. depend on the usage pattern of user.The default setting is [16]J.Sun,R.Zhang,J.Zhang,and Y.Zhang."Touchin:Sightless two-factor to authenticate user after booting or being taken-off,which authentication on multi-touch mobile devices,"in CNS '/4. is a rather infrequent.2)Biometric Invariance:We have been [17]Y.Chen.J.Sun et al.,"Your song your way:Rhythm-based two-factor authentication for multi-touch mobile devices,"in Infocom '15. keeping collecting gesture samples from several users during [18]J.Chauhan et al.,"Gesture-based continuous authentication for wearable a week.We have not noticed much difference in recogni- devices:the google glass case,"arXiv preprint,2014. tion/authentication accuracy.However,we do add template [19]G.Peng,D.T.Nguyen et al.,"Poster:A continuous and noninvasive user authentication system for google glass."in Mobisys15. adaptation [8]and classifier retraining to our system in case of [20]Google Glass,"Locations and sensors,"https://goo.gl/Oj6Mgg any performance deterioration.And we have fail-safe authenti- [21]A.Akl,C.Feng,and S.Valaee,"A novel accelerometer-based gesture cation for consecutive failures.We are still lack of enough data recognition system,"IEEE Transactions on Signal Processing,2011. to claim that human head gesture is invariant in a long term. [22]A.Akl and S.Valaee."Accelerometer-based gesture recognition via dynamic-time warping,affinity propagation,compressive sensing," We leave those work in the future.3)Power Consumption: in ICASSP 10. Based on the energy consumption reported in [4]and [28], [23]B.-K.Yi,H.Jagadish,and C.Faloutsos,"Efficient retrieval of similar time sequences under time warping,"in /CDE '98. the battery life of constantly sampling sensors is 265 mins(300 [24]R.Perdisci,G.Gu et al.,"Using an ensemble of one-class svm classifiers mins daily in normal usage).We are expecting a much longer to harden payload-based anomaly detection systems,"in /CDM '06. lifetime since our implementation is not always-on.The device (25]I.Guyon et al.,"Gene selection for cancer classification using support vector machines,"Machine learning,2002. will enter a low-power mode after a short period of inactive.It 126]S.Salvador and P.Chan,"Fastdtw:Toward accurate dynamic time responses to wake-up events [10]and then the gesture interface warping in linear time and space,"in KDD '04. will be enabled accordingly. [27]C.-C.Chang and C.-J.Lin,"Libsvm:a library for support vector machines.”TlST"Il. [28]R.LiKam Wa,Z.Wang,A.Carroll et al.,"Draining our glass:An energy V.CONCLUSION and heat characterization of google glass,"in APSys '14. In this paper we propose GlassGesture to improve the us- ability of Google Glass.Currently,Glass relies on touch inputknow whether an Type-III attacker, can fool the authentication system. We start by taking a short video of a victim while she is performing gesture-based authentication, and then present this video to attackers. We give attackers enough time to learn, practise, and mimic the victim. And we only start the authentication process whenever each attacker feels she is ready. We give 5 attackers 10 chances for each gesture and unlimited access to the reference video. In all of our tests (100 trials), attackers are never able to fool the system and (falsely) identified as authorized users. From the experiment, we find that an imitator fails in mimicking the head gesture because 1) it is not easy to recover every details of head gestures recorded by sensitive motion sensors through vision observation; 2) it is not easy to control the head movement precisely and make it like a natural movement during mimicking. The different muscle distributions of head and neck in human individuals will add different features to the sensor recordings. C. System Performance We report the running time of several important functions: DTW time cost in gesture recognition, training time cost (offline on a remote machine), and classification time cost in authentication. The time cost of gesture recognition grows linearly with the number of templates, while the time of running one instance of DTW is rather small as 30.2 ms. The training is offloaded to a remote machine and cost average 42.8 seconds per user, which is affordable since the request of training and retraining is relatively rare after the initial setup. Classification runs on the Glass, of which the cost (28.6 ms) of single instance is almost unnoticeable by users. D. Other considerations Due to space limit, we briefly discuss other practical con￾siderations. 1) Authentication Frequency: The frequency is depend on the usage pattern of user. The default setting is to authenticate user after booting or being taken-off, which is a rather infrequent. 2) Biometric Invariance: We have been keeping collecting gesture samples from several users during a week. We have not noticed much difference in recogni￾tion/authentication accuracy. However, we do add template adaptation [8] and classifier retraining to our system in case of any performance deterioration. And we have fail-safe authenti￾cation for consecutive failures. We are still lack of enough data to claim that human head gesture is invariant in a long term. We leave those work in the future. 3) Power Consumption: Based on the energy consumption reported in [4] and [28], the battery life of constantly sampling sensors is 265 mins(300 mins daily in normal usage). We are expecting a much longer lifetime since our implementation is not always-on. The device will enter a low-power mode after a short period of inactive. It responses to wake-up events [10] and then the gesture interface will be enabled accordingly. V. CONCLUSION In this paper we propose GlassGesture to improve the us￾ability of Google Glass. Currently, Glass relies on touch input and voice command and suffers from several drawbacks which limits its usability. GlassGesture provides a new gesture-based user interface with gesture recognition and authentication, which enable users to use head gesture as input and protect Glass from unauthorized attackers. ACKNOWLEDGMENT The authors would like to thank all the reviewers for their helpful comments. This project was supported in part by US National Science Foundation grant CNS-1320453. REFERENCES [1] Google Glass Help, “Screen lock,” https://goo.gl/Knf7pl. [2] N. Ravi, N. Dandekar, P. Mysore, and M. L. Littman, “Activity recog￾nition from accelerometer data,” in AAAI ’05, vol. 5. [3] H. Lu, J. Yang et al., “The jigsaw continuous sensing engine for mobile phone applications,” in Sensys ’10. [4] S. Rallapalli, A. Ganesan, K. Chintalapudi et al., “Enabling physical analytics in retail stores using smart glasses,” in MobiCom ’14. [5] J. O. Wobbrock et al., “Gestures without libraries, toolkits or training: a $1 recognizer for user interface prototypes,” in UIST ’07. [6] A. Colac¸o et al., “Mime: Compact, low power 3d gesture sensing for interaction with head mounted displays,” in UIST ’13. [7] Q. Pu, S. Gupta, S. Gollakota, and S. Patel, “Whole-home gesture recognition using wireless signals,” in MobiCom ’13. [8] J. Liu, L. Zhong, J. Wickramasuriya, and V. Vasudevan, “uwave: Accelerometer-based personalized gesture recognition and its applica￾tions,” Pervasive and Mobile Computing, vol. 5, 2009. [9] L.-P. Morency and T. Darrell, “Head gesture recognition in intelligent interfaces: the role of context in improving recognition,” in IUI ’06. [10] Google Glass Help, “Head wake up/nudge,” https://goo.gl/6lfFWg. [11] T. Horikawa, “Head gesture detector,” https://goo.gl/uRgVnu. [12] M. Frank, R. Biedert, E.-D. Ma, I. Martinovic, and D. Song, “Touchalyt￾ics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication,” TIFS ’13, vol. 8. [13] M. Shahzad, A. X. Liu, and A. Samuel, “Secure unlocking of mobile touch screen devices by simple gestures: you can see it but you can not do it,” in MobiCom ’13. [14] C. Bo, L. Zhang, X.-Y. Li et al., “Silentsense: silent user identification via touch and movement behavioral biometrics,” in MobiCom ’13. [15] L. Li, X. Zhao, and G. Xue, “Unobservable re-authentication for smartphones.” in NDSS ’13. [16] J. Sun, R. Zhang, J. Zhang, and Y. Zhang, “Touchin: Sightless two-factor authentication on multi-touch mobile devices,” in CNS ’14. [17] Y. Chen, J. Sun et al., “Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices,” in Infocom ’15. [18] J. Chauhan et al., “Gesture-based continuous authentication for wearable devices: the google glass case,” arXiv preprint, 2014. [19] G. Peng, D. T. Nguyen et al., “Poster: A continuous and noninvasive user authentication system for google glass,” in Mobisys ’15. [20] Google Glass, “Locations and sensors,” https://goo.gl/Oj6Mqg. [21] A. Akl, C. Feng, and S. Valaee, “A novel accelerometer-based gesture recognition system,” IEEE Transactions on Signal Processing, 2011. [22] A. Akl and S. Valaee, “Accelerometer-based gesture recognition via dynamic-time warping, affinity propagation, & compressive sensing,” in ICASSP ’10. [23] B.-K. Yi, H. Jagadish, and C. Faloutsos, “Efficient retrieval of similar time sequences under time warping,” in ICDE ’98. [24] R. Perdisci, G. Gu et al., “Using an ensemble of one-class svm classifiers to harden payload-based anomaly detection systems,” in ICDM ’06. [25] I. Guyon et al., “Gene selection for cancer classification using support vector machines,” Machine learning, 2002. [26] S. Salvador and P. Chan, “Fastdtw: Toward accurate dynamic time warping in linear time and space,” in KDD ’04. [27] C.-C. Chang and C.-J. Lin, “Libsvm: a library for support vector machines,” TIST ’11. [28] R. LiKamWa, Z. Wang, A. Carroll et al., “Draining our glass: An energy and heat characterization of google glass,” in APSys ’14