Skip to main content
SpringerLink
Log in

Active Attack that Exploits Biometric Similarity Difference and Basic Countermeasures

  • Conference paper
  • First Online:
Ad Hoc Networks and Tools for IT (ADHOCNETS 2021, TridentCom 2021)

Abstract

As one of the most popular IoT (Internet of Things) devices, smartphone stores sensitive personal information. As a result, authentication on smartphones attracts widespread attention in recent years. Sensor-based authentication methods have achieved excellent results due to their feasibility and high efficiency. However, the current work lacks comprehensive security verification, undetected potential vulnerabilities are likely to be leveraged to launch attacks on these authentication approaches. We propose a novel attack to evaluate the reliability and robustness of the existing authentication methods. The basic idea behind our strategy is that the system has its authentication error; we elaborately analyze the false-negative samples to summarize its vulnerable properties and leverage such vulnerabilities to design our attack. The experiment result proves the feasibility of our attack and also demonstrates the drawbacks of the existing approaches. In addition, we propose a corresponding protect approach to defend against this attack, of which the scheme has the self-learning ability to update according to the newly detected attacks. Compared with authentications using multiple sensors, we only adopt a single accelerometer to achieve an EER of 5.3%, showing the convenience and effectiveness of our system.

Supported by the National Natural Science Foundation of China (Grant No. 62002278).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Muaaz, M., Mayrhofer, R.: Smartphone-based gait recognition: from authentication to imitation. IEEE Trans. Mobile Comput. 16(11), 3209–3221 (2017). https://doi.org/10.1109/TMC.2017.2686855, http://ieeexplore.ieee.org/document/7885511/

  2. Shrestha, B., Mohamed, M., Saxena, N.: Zemfa: zero-effort multi-factor authentication based on multi-modal gait biometrics. In: 2019 17th International Conference on Privacy, Security and Trust (PST), pp. 1–10 (2019)

    Google Scholar 

  3. Ratha, N.K., Connell, J.H., Bolle, R.M.: An analysis of minutiae matching strength. In: Bigun, J., Smeraldi, F. (eds.) AVBPA 2001. LNCS, vol. 2091, pp. 223–228. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45344-X_32

    Chapter  Google Scholar 

  4. Brüsch, A., Nguyen, N., Schürmann, D., Sigg, S., Wolf, L.: Security properties of gait for mobile device pairing. IEEE Trans. Mobile Comput. 19(3), 697–710 (2020). https://doi.org/10.1109/TMC.2019.2897933

    Article  Google Scholar 

  5. Revadigar, G., Javali, C., Xu, W., Vasilakos, A.V., Hu, W., Jha, S.: Accelerometer and fuzzy vault-based secure group key generation and sharing protocol for smart wearables. IEEE Trans. Inf. Forensics Secur. 12(10), 2467–2482 (2017). https://doi.org/10.1109/TIFS.2017.2708690

    Article  Google Scholar 

  6. Nandakumar, K., Jain, A.K., Pankanti, S.: Fingerprint-based fuzzy vault: implementation and performance. IEEE Trans. Inf. Forensics Secur. 2(4), 744–757 (2007). https://doi.org/10.1109/TIFS.2007.908165

    Article  Google Scholar 

  7. Nandakumar, K., Jain, A.K.: Multibiometric template security using fuzzy vault. In: 2008 IEEE Second International Conference on Biometrics: Theory, Applications and Systems, pp. 1–6, September 2008. https://doi.org/10.1109/BTAS.2008.4699352

  8. Zhang, Z., Wang, H., Vasilakos, A.V., Fang, H.: ECG-cryptography and authentication in body area networks. IEEE Trans. Inf. Technol. Biomed. 16(6), 1070–1078 (2012). https://doi.org/10.1109/TITB.2012.2206115

    Article  Google Scholar 

  9. Venkatasubramanian, K.K., Banerjee, A., Gupta, S.K.S.: PSKA usable and secure key agreement scheme for body area networks. IEEE Trans. Inf. Technol. Biomed. 14(1), 60–68 (2010). https://doi.org/10.1109/TITB.2009.2037617

    Article  Google Scholar 

  10. Hoang, T., Choi, D.: Secure and privacy enhanced gait authentication on smart phone. Sci. World J. 2014 (2014)

    Google Scholar 

  11. Mjaaland, B.B.: Gait mimicking: attack resistance testing of gait authentication systems. Master’s thesis, Institutt for telematikk (2009)

    Google Scholar 

  12. Liu, L.-F., Jia, W., Zhu, Y.-H.: Survey of gait recognition. In: Huang, D.-S., Jo, K.-H., Lee, H.-H., Kang, H.-J., Bevilacqua, V. (eds.) ICIC 2009. LNCS (LNAI), vol. 5755, pp. 652–659. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04020-7_70

    Chapter  Google Scholar 

  13. Dictionary.com: Gait — define gait at dictionary.com. https://www.dictionary.com/browse/gait. Accessed 1 Oct 2018

  14. Murray, M.P.: Gait as a total pattern of movement: including a bibliography on gait. Am. J. Phys. Med. Rehabil. 46(1), 290–333 (1967)

    Google Scholar 

  15. Ailisto, H.J., Lindholm, M., Mantyjarvi, J., Vildjiounaite, E., Makela, S.M.: Identifying people from gait pattern with accelerometers. In: Biometric Technology for Human Identification II. vol. 5779, pp. 7–15. International Society for Optics and Photonics (2005)

    Google Scholar 

  16. Jin, R., Shi, L., Zeng, K., Pande, A., Mohapatra, P.: Magpairing: pairing smartphones in close proximity using magnetometers. IEEE Trans. Inf. Forensics Secur. 11(6), 1306–1320 (2015)

    Article  Google Scholar 

  17. Morris, S.J.: A shoe-integrated sensor system for wireless gait analysis and real-time therapeutic feedback. Ph.D. thesis, Massachusetts Institute of Technology (2004)

    Google Scholar 

  18. Huang, B., Chen, M., Huang, P., Xu, Y.: Gait modeling for human identification. In: Proceedings 2007 IEEE International Conference on Robotics and Automation, pp. 4833–4838, April 2007. https://doi.org/10.1109/ROBOT.2007.364224

  19. Gafurov, D.: A survey of biometric gait recognition: approaches, security and challenges. In: Annual Norwegian Computer Science Conference, pp. 19–21 (2007)

    Google Scholar 

  20. Heinz, E.A., Kunze, K.S., Sulistyo, S., Junker, H., Lukowicz, P., Tröster, G.: Experimental evaluation of variations in primary features used for accelerometric context recognition. In: Aarts, E., Collier, R.W., van Loenen, E., de Ruyter, B. (eds.) EUSAI 2003. LNCS, vol. 2875, pp. 252–263. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39863-9_19

    Chapter  Google Scholar 

  21. Sprager, S., Zazula, D.: A cumulant-based method for gait identification using accelerometer data with principal component analysis and support vector machine. WSEAS Trans. Signal Process. 5(11), 369–378 (2009)

    Google Scholar 

  22. Kwapisz, J.R., Weiss, G.M., Moore, S.A.: Cell phone-based biometric identification. In: 2010 Fourth IEEE International Conference on Biometrics: Theory Applications and Systems (BTAS), pp. 1–7. IEEE (2010)

    Google Scholar 

  23. Nickel, C.: Accelerometer-based biometric gait recognition for authentication on smartphones. Ph.D. thesis, Technische Universität (2012)

    Google Scholar 

  24. Zhong, Y., Deng, Y., Meltzner, G.: Pace independent mobile gait biometrics. In: 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–8. IEEE (2015)

    Google Scholar 

  25. Stang, Ø.: Gait analysis: is it easy to learn to walk like someone else? Master’s thesis (2007)

    Google Scholar 

  26. Gafurov, D., Snekkenes, E., Bours, P.: Spoof attacks on gait authentication system. IEEE Trans. Inf. Forensics Secur. 2(3), 491–502 (2007). https://doi.org/10.1109/TIFS.2007.902030

    Article  Google Scholar 

  27. Mjaaland, B.B., Bours, P., Gligoroski, D.: Walk the walk: attacking gait biometrics by imitation. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 361–380. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_31

    Chapter  Google Scholar 

  28. Kumar, R., Phoha, V.V., Jain, A.: Treadmill attack on gait-based authentication systems. In: 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–7 (2015)

    Google Scholar 

  29. Mjaaland, B.B.: The plateau: imitation attack resistance of gait biometrics. In: IFIP Working Conference on Policies and Research in Identity Management. pp. 100–112. Springer, Berlin (2010). https://doi.org/10.1007/978-3-642-37282-7

  30. Fernandez-Lopez, P., Sanchez-Casanova, J., Liu-Jimenez, J., Morcillo-Marin, C.: Influence of walking in groups in gait recognition. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–6, October 2017. https://doi.org/10.1109/CCST.2017.8167842

  31. Fernandez-Lopez, P., Kiyokawa, K., Wu, Y., Liu-Jimenez, J.: Influence of walking speed and smartphone position on gait recognition. In: 2018 International Carnahan Conference on Security Technology (ICCST), pp. 1–5 (2018). https://doi.org/10.1109/CCST.2018.8585427

  32. Anwary, A.R., Yu, H., Vassallo, M.: Optimal foot location for placing wearable IMU sensors and automatic feature extraction for gait analysis. IEEE Sens. J. 18(6), 2555–2567 (2018). https://doi.org/10.1109/JSEN.2017.2786587

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Northwestern Polytechnical University, Xi’an, 710129, China

    Pin Lyu & Wandong Cai

  2. Xidian University, Xi’an, 710126, China

    Yao Wang

Authors
  1. Pin Lyu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wandong Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yao Wang .

Editor information

Editors and Affiliations

  1. School of Computer Science, University of Sydney, Camperdown, NSW, Australia

    Wei Bao

  2. Monash University, Clayton, VIC, Australia

    Xingliang Yuan

  3. School of Information Technology, Deakin University, Mont Albert, VIC, Australia

    Longxiang Gao

  4. School of Cyber Engineering, Xidian University, Xi'an, China

    Tom H. Luan

  5. School of Electronic Engineering, School of Computer Science and Engineering, Soongsil University, Dongjak, Seoul, Korea (Republic of)

    David Bong Jun Choi

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lyu, P., Cai, W., Wang, Y. (2022). Active Attack that Exploits Biometric Similarity Difference and Basic Countermeasures. In: Bao, W., Yuan, X., Gao, L., Luan, T.H., Choi, D.B.J. (eds) Ad Hoc Networks and Tools for IT. ADHOCNETS TridentCom 2021 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 428. Springer, Cham. https://doi.org/10.1007/978-3-030-98005-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-98005-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-98004-7

  • Online ISBN: 978-3-030-98005-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation