Abstract
As one of the most popular IoT (Internet of Things) devices, smartphone stores sensitive personal information. As a result, authentication on smartphones attracts widespread attention in recent years. Sensor-based authentication methods have achieved excellent results due to their feasibility and high efficiency. However, the current work lacks comprehensive security verification, undetected potential vulnerabilities are likely to be leveraged to launch attacks on these authentication approaches. We propose a novel attack to evaluate the reliability and robustness of the existing authentication methods. The basic idea behind our strategy is that the system has its authentication error; we elaborately analyze the false-negative samples to summarize its vulnerable properties and leverage such vulnerabilities to design our attack. The experiment result proves the feasibility of our attack and also demonstrates the drawbacks of the existing approaches. In addition, we propose a corresponding protect approach to defend against this attack, of which the scheme has the self-learning ability to update according to the newly detected attacks. Compared with authentications using multiple sensors, we only adopt a single accelerometer to achieve an EER of 5.3%, showing the convenience and effectiveness of our system.
Supported by the National Natural Science Foundation of China (Grant No. 62002278).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Muaaz, M., Mayrhofer, R.: Smartphone-based gait recognition: from authentication to imitation. IEEE Trans. Mobile Comput. 16(11), 3209–3221 (2017). https://doi.org/10.1109/TMC.2017.2686855, http://ieeexplore.ieee.org/document/7885511/
Shrestha, B., Mohamed, M., Saxena, N.: Zemfa: zero-effort multi-factor authentication based on multi-modal gait biometrics. In: 2019 17th International Conference on Privacy, Security and Trust (PST), pp. 1–10 (2019)
Ratha, N.K., Connell, J.H., Bolle, R.M.: An analysis of minutiae matching strength. In: Bigun, J., Smeraldi, F. (eds.) AVBPA 2001. LNCS, vol. 2091, pp. 223–228. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45344-X_32
Brüsch, A., Nguyen, N., Schürmann, D., Sigg, S., Wolf, L.: Security properties of gait for mobile device pairing. IEEE Trans. Mobile Comput. 19(3), 697–710 (2020). https://doi.org/10.1109/TMC.2019.2897933
Revadigar, G., Javali, C., Xu, W., Vasilakos, A.V., Hu, W., Jha, S.: Accelerometer and fuzzy vault-based secure group key generation and sharing protocol for smart wearables. IEEE Trans. Inf. Forensics Secur. 12(10), 2467–2482 (2017). https://doi.org/10.1109/TIFS.2017.2708690
Nandakumar, K., Jain, A.K., Pankanti, S.: Fingerprint-based fuzzy vault: implementation and performance. IEEE Trans. Inf. Forensics Secur. 2(4), 744–757 (2007). https://doi.org/10.1109/TIFS.2007.908165
Nandakumar, K., Jain, A.K.: Multibiometric template security using fuzzy vault. In: 2008 IEEE Second International Conference on Biometrics: Theory, Applications and Systems, pp. 1–6, September 2008. https://doi.org/10.1109/BTAS.2008.4699352
Zhang, Z., Wang, H., Vasilakos, A.V., Fang, H.: ECG-cryptography and authentication in body area networks. IEEE Trans. Inf. Technol. Biomed. 16(6), 1070–1078 (2012). https://doi.org/10.1109/TITB.2012.2206115
Venkatasubramanian, K.K., Banerjee, A., Gupta, S.K.S.: PSKA usable and secure key agreement scheme for body area networks. IEEE Trans. Inf. Technol. Biomed. 14(1), 60–68 (2010). https://doi.org/10.1109/TITB.2009.2037617
Hoang, T., Choi, D.: Secure and privacy enhanced gait authentication on smart phone. Sci. World J. 2014 (2014)
Mjaaland, B.B.: Gait mimicking: attack resistance testing of gait authentication systems. Master’s thesis, Institutt for telematikk (2009)
Liu, L.-F., Jia, W., Zhu, Y.-H.: Survey of gait recognition. In: Huang, D.-S., Jo, K.-H., Lee, H.-H., Kang, H.-J., Bevilacqua, V. (eds.) ICIC 2009. LNCS (LNAI), vol. 5755, pp. 652–659. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04020-7_70
Dictionary.com: Gait — define gait at dictionary.com. https://www.dictionary.com/browse/gait. Accessed 1 Oct 2018
Murray, M.P.: Gait as a total pattern of movement: including a bibliography on gait. Am. J. Phys. Med. Rehabil. 46(1), 290–333 (1967)
Ailisto, H.J., Lindholm, M., Mantyjarvi, J., Vildjiounaite, E., Makela, S.M.: Identifying people from gait pattern with accelerometers. In: Biometric Technology for Human Identification II. vol. 5779, pp. 7–15. International Society for Optics and Photonics (2005)
Jin, R., Shi, L., Zeng, K., Pande, A., Mohapatra, P.: Magpairing: pairing smartphones in close proximity using magnetometers. IEEE Trans. Inf. Forensics Secur. 11(6), 1306–1320 (2015)
Morris, S.J.: A shoe-integrated sensor system for wireless gait analysis and real-time therapeutic feedback. Ph.D. thesis, Massachusetts Institute of Technology (2004)
Huang, B., Chen, M., Huang, P., Xu, Y.: Gait modeling for human identification. In: Proceedings 2007 IEEE International Conference on Robotics and Automation, pp. 4833–4838, April 2007. https://doi.org/10.1109/ROBOT.2007.364224
Gafurov, D.: A survey of biometric gait recognition: approaches, security and challenges. In: Annual Norwegian Computer Science Conference, pp. 19–21 (2007)
Heinz, E.A., Kunze, K.S., Sulistyo, S., Junker, H., Lukowicz, P., Tröster, G.: Experimental evaluation of variations in primary features used for accelerometric context recognition. In: Aarts, E., Collier, R.W., van Loenen, E., de Ruyter, B. (eds.) EUSAI 2003. LNCS, vol. 2875, pp. 252–263. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39863-9_19
Sprager, S., Zazula, D.: A cumulant-based method for gait identification using accelerometer data with principal component analysis and support vector machine. WSEAS Trans. Signal Process. 5(11), 369–378 (2009)
Kwapisz, J.R., Weiss, G.M., Moore, S.A.: Cell phone-based biometric identification. In: 2010 Fourth IEEE International Conference on Biometrics: Theory Applications and Systems (BTAS), pp. 1–7. IEEE (2010)
Nickel, C.: Accelerometer-based biometric gait recognition for authentication on smartphones. Ph.D. thesis, Technische Universität (2012)
Zhong, Y., Deng, Y., Meltzner, G.: Pace independent mobile gait biometrics. In: 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–8. IEEE (2015)
Stang, Ø.: Gait analysis: is it easy to learn to walk like someone else? Master’s thesis (2007)
Gafurov, D., Snekkenes, E., Bours, P.: Spoof attacks on gait authentication system. IEEE Trans. Inf. Forensics Secur. 2(3), 491–502 (2007). https://doi.org/10.1109/TIFS.2007.902030
Mjaaland, B.B., Bours, P., Gligoroski, D.: Walk the walk: attacking gait biometrics by imitation. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 361–380. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_31
Kumar, R., Phoha, V.V., Jain, A.: Treadmill attack on gait-based authentication systems. In: 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–7 (2015)
Mjaaland, B.B.: The plateau: imitation attack resistance of gait biometrics. In: IFIP Working Conference on Policies and Research in Identity Management. pp. 100–112. Springer, Berlin (2010). https://doi.org/10.1007/978-3-642-37282-7
Fernandez-Lopez, P., Sanchez-Casanova, J., Liu-Jimenez, J., Morcillo-Marin, C.: Influence of walking in groups in gait recognition. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–6, October 2017. https://doi.org/10.1109/CCST.2017.8167842
Fernandez-Lopez, P., Kiyokawa, K., Wu, Y., Liu-Jimenez, J.: Influence of walking speed and smartphone position on gait recognition. In: 2018 International Carnahan Conference on Security Technology (ICCST), pp. 1–5 (2018). https://doi.org/10.1109/CCST.2018.8585427
Anwary, A.R., Yu, H., Vassallo, M.: Optimal foot location for placing wearable IMU sensors and automatic feature extraction for gait analysis. IEEE Sens. J. 18(6), 2555–2567 (2018). https://doi.org/10.1109/JSEN.2017.2786587
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Lyu, P., Cai, W., Wang, Y. (2022). Active Attack that Exploits Biometric Similarity Difference and Basic Countermeasures. In: Bao, W., Yuan, X., Gao, L., Luan, T.H., Choi, D.B.J. (eds) Ad Hoc Networks and Tools for IT. ADHOCNETS TridentCom 2021 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 428. Springer, Cham. https://doi.org/10.1007/978-3-030-98005-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-98005-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98004-7
Online ISBN: 978-3-030-98005-4
eBook Packages: Computer ScienceComputer Science (R0)