Through the Eyes: A Survey on Gaze-Based Biometric Authentication Systems

Nadir İBRAHİMOĞU; Furkan Yıldız; Mustafa Kahraman

doi:10.5281/zenodo.17191813

Authors

Nadir İBRAHİMOĞU MSDC Department, Huawei R&D Center, Ankara, Turkey
Furkan Yıldız Papilon Savunma https://orcid.org/0009-0003-1334-1613
Mustafa Kahraman MSDC Department, Huawei R&D Center, Ankara, Turkey https://orcid.org/0000-0002-7218-9311

DOI:

https://doi.org/10.5281/zenodo.17191813

Keywords:

gaze-based biometrics, eye movement authentication, behavioral gaze dynamics, hybrid fusion, security evaluation

Abstract

Gaze-based biometrics leverages individual eye movement patterns for authentication and continuous verification processes. This review integrates insights from more than 240 peer-reviewed papers and suggests a three-dimensional taxonomy involving (i) authentication techniques (physiological, behavioral, hybrid), (ii) system architectures (hardware/software/cloud/edge/embedded), and (iii) verification and protection axes (accuracy metrics, resistance to spoofing, usability concerns). In contrast to conventional human-computer interaction (HCI) surveys, this discussion utilizes an adversarial-informed security framework and applies the taxonomy through comparative tests based on practitioner evaluations: detailed methodology assessments, security evaluation frameworks, and contextual deployment studies, including distribution analyses of datasets. We relate design concerns to a wide variety of deployment contexts, ranging from desktop infrared point tracking systems to extended reality head-mounted display technologies, while evaluating performance using well-known datasets (e.g., GazeBase, GazeBaseVR, Gaze360, LPW). Key findings and implications are threefold. First, physiological cues associated with oculomotor and autonomic characteristics offer greater temporal stability and intrinsic resistance to conscious manipulation; behavioral cues enable adaptable, calibration‑tolerant behavior on commodity sensors; hybrid methods are strongest but incur integration complexity and compute overhead. Second, robustness relies heavily on liveness/PAD and challenge–response; multi‑modal fusion (e.g., periocular/face) and template protection are crucial against presentation, synthetic/generative, mechanical, and adversarial ML attacks. Third, vendor‑neutral cloud/edge architectures address latency, privacy, and reliability issues through on‑device inference, privacy‑preserving learning, and centralized policy updates. We integrate opportunities and gaps across enterprise desktop, XR, automotive, mobile/IoT, and smart‑environment use cases, and finish with actionable recommendations and a research agenda with top priorities: standardization of protocols and reporting, privacy‑preserving approaches (federated learning, differential privacy, homomorphic encryption), multi‑modal fusion under resource constraints, and longitudinal, cross‑cultural validation to guarantee fairness and real‑world robustness.