Abstract
Since advances in gait biometrics are rather new, the current volume of security testing on this feature is limited. We present a study on mimicking, or imitation, of the human gait. Mimicking is a very intuitive way of attacking a biometric system based on gait, and still this topic is almost nonexistent in the open literature. The bottom line question in our research is weather it is possible to learn to walk like someone else. If this turned out to be easy, it would have a severe effect of the potential of gait as an authentication mechanism in the future.
We have developed a software tool that uses wearable sensors to collect and analyze gait acceleration data. The research is further based on an experiment, involving extensive training of test subjects, and using various sources of feedback like video and statistical analysis. The attack scores are analyzed by regression, and the goal is to determine whether or not the participants are increasing their mimicking skills, or simply: if they are learning.
The experiment involved 50 participants enrolled into a gait authentication system. The error rates compete with state of the art gait technology, with an EER of 6.2%. The mimicking part of the experiment revealed that gait mimicking is a very difficult task, and that our physiological characteristics work against us when we try to change something as fundamental as the way we walk. The participants showed few indications of learning, and the results of most attackers even worsened over time, showing that training did nothing to help them succeed.
The research identified a natural boundary to the impostors’ performance, a point of resistance so significant that it was given a name; a plateau. The location or value of this plateau predetermines the outcome of an attack; for success it has to lie below the acceptance threshold corresponding to the Equal Error Rate (EER).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ailisto, H.J., Lindholm, M., Mantyjarvi, J., Vildjiounaite, E., Makela, S.-M.: Identifying people from gait pattern with accelerometers. In: Biometric Technology for Human Identification II. Presented at the Society of Photo-Optical Instrumentation Engineers (SPIE) Conference (2005)
Ailisto, H.J., Lindholm, M., Mantyjarvi, J., Vildjiounaite, E., Makela, S.-M.: Identifying users of portable devices from gait pattern with accelerometers. In: Proceedings of SPIE, vol. 5779 (2005)
Buvarp, T.E.: Hip movement based authentication - how will imitation affect the results? Master’s thesis, Gjøvik University College - Department of Computer Science and Media Technology (2006)
Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones a survey of attitudes and practices. Computers & Security (2005)
Clarke, N.L., Furnell, S.M.: Mobile phone theft, plastic card and identity fraud: Findings from the 2005/06 british crime survey, http://www.homeoffice.gov.uk/rds/pdfs07/hosb1007.pdf (last visit: 15.04.2008)
Clarke, R.: Biometrics in airports how to, and how not to, stop mahommed atta and friends (2003), http://www.anu.edu.au/people/Roger.Clarke/DV/BioAirports.html
Oxford Dictionaries. Compact Oxford English Dictionary of Current English. 3rd edn. (2005)
Dukic, B., Katic, M.: m-order - payment model via sms within the m-banking. In: 27th International Conference on Information Technology Interfaces (2005)
Gafurov, D.: Performance and Security Analysis of Gait-based User Authentication. PhD thesis, University of Oslo (2008)
Gafurov, D., Snekkenes, E., Bours, P.: Spoof attacks on gait authentication system. Special Issue on Human Detection and Recognition (2007)
Harmel, K., Spadanuta, L.: Disney world scans fingerprint details of park visitors. The Boston Globe, September 3 (2006)
Holien, K.: Gait recognition under non-standard circumstances. Master’s thesis, Gjøvik University College - Department of Computer Science and Media Technology (2008)
Jain, A.K., Flynn, P., Ross, A.A.: Handbook of Biometrics, vol. 556. Springer, US (2008)
Keogh, E.J., Pazzani, M.J.: Derivative dynamic timewarping. In: First SIAM International Conference on Data Mining, Chicago, IL (2001)
Morris, S.J.: A shoe-integrated sensor system for wireless gait analysis and real-time therapeutic feedback. PhD Thesis, Harvard University - MIT Division of Health Sciences and Technology (2004)
SØndrol, T.: Using the human gait for authentication. Master’s thesis, Gjøvik University College - Department of Computer Science and Media Technology (2005)
Nixon, S.A., Adelson, E.H.: Analylzing gait with spatiotemporal surfaces. In: Proceedings of IEEE Workshop on Non-Rigid Motion (1994)
U.S. Department of State. Safety and security of u.s. borders/biometrics. State official online information (2008)
Pousttchi, K., Schurig, M.: Assessment of today’s mobile banking applications from the view of customer requirements. In: 37th Annual Hawaii International Conference on System Sciences, HICSS 2004 (2004)
Ratha, N.K., Connell, J.H., Bolle, R.M.: An analysis of minutiae matching strength. IBM Thomas J. Watson Research Center (2001)
Smithson, M.: Confidence Intervals. In the Series of Quantitative Applications in the Social Sciences. SAGE Publications Ltd., Thousand Oaks (2003)
Stang, Ø.: Gait analysis: Is it easy to learn to walk like someone else? Master’s thesis, Gjøvik University College - Department of Computer Science and Media Technology (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mjaaland, B.B., Bours, P., Gligoroski, D. (2011). Walk the Walk: Attacking Gait Biometrics by Imitation. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds) Information Security. ISC 2010. Lecture Notes in Computer Science, vol 6531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18178-8_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-18178-8_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-18177-1
Online ISBN: 978-3-642-18178-8
eBook Packages: Computer ScienceComputer Science (R0)