Abstract
Authentication systems using gait captured from inertial sensors have been recently developed to enhance the limitation of existing mechanisms on mobile devices and achieved promising results. However, most these systems employed pattern recognition and machine learning techniques in which biometric templates are stored insecurely, which could leave critical security and user privacy issues. Specifically, a compromise of original gait templates could result in everlasting forfeiture. In this paper, two main results will be presented. Firstly, we propose a novel gait authentication system on mobile devices in which the security and privacy are preserved by employing a fuzzy commitment scheme. Instead of storing original gait templates for user verification like in conventional approaches, we verify the user via a stored key which is biometrically encrypted by gait templates collected from a mobile accelerometer. Secondly, the discriminability of sensor-based gait templates are investigated to determine appropriate parameter values to construct an effective gait-based biometric cryptosystem. The performance of our proposed system is evaluated on the dataset including gait signals of 34 volunteers. We achieved the zeroFAR and the False Rejection Rate of approximately 16.18 % corresponding to the key length, as well as the system security level of 139 bits. The results from our experiment show that accelerometer-based gait could be further investigated to construct a biometric cryptosystem, as effective as other biometric traits such as iris, fingerprint, voice, and signature.
Similar content being viewed by others
Notes
Gait cycle is defined as the time interval between two successive occurrences of one of the repetitive events during walking, as illustrated in Fig. 2b
References
Jain, A.K., Flynn, P.J., Ross, A.A. (eds.): Handbook of Biometrics. Springer, Berlin (2008). doi:10.1007/978-0-387-71041-9
Galbally, J., Cappelli, R., Lumini, A., Gonzalez-de-Rivera, G., Maltoni, D., Fierrez, J., Ortega-Garcia, J., Maio, D.: An evaluation of direct attacks using fake fingers generated from ISO templates. Pattern Recognit. Lett. 31(8), 725–732 (2010). doi:10.1016/j.patrec.2009.09.032
Ngo, T.T., Makihara, Y., Nagahara, H., Mukaigawa, Y., Yagi, Y.: The largest inertial sensor-based gait database and performance evaluation of gait-based personal authentication. Pattern Recognit. 47(1), 228–237 (2014). doi:10.1016/j.patcog.2013.06.028
Yun, J.: User identification using gait patterns on UbiFloorII. Sensors 11(3), 2611–2639 (2011). doi:10.1007/11596448_141
Tam, L., Glassman, M., Vandenwauver, M.: The psychology of password management: a tradeoff between security and convenience. Behav. Inf. Technol. 29(3), 233–244 (2010). doi:10.1080/01449290903121386
Frank, J., Mannor, S., Precup, D.: Activity and gait recognition with time-delay embeddings. In: AAAI, pp 1581–1586 (2010)
Hoang, T., Choi, D., Vo, V., Nguyen, A., Nguyen, T.: A lightweight gait authentication on mobile phone regardless of installation error. In: Security and Privacy Protection in Information Processing Systems, pp. 83–101. Springer, Berlin (2013). doi:10.1007/978-3-642-39218-4_7
Lu, H., Huang, J., Saha, T., Nachman, L.: Unobtrusive gait verification for mobile phones. In: Proceedings of the 2014 ACM International Symposium on Wearable Computers, pp. 91–98. ACM (2014). doi:10.1145/2634317.2642868
Derawi, M., Bours, P.: Gait and activity recognition using commercial phones. Comput. Secur. 39, 137–144 (2013). doi:10.1016/j.cose.2013.07.004
Mjaaland, B. B., Bours, P., Gligoroski, D.: Walk the walk: attacking gait biometrics by imitation. In: Information Security (pp. 361–380). Springer, Berlin, Heidelberg (2011). doi:10.1007/978-3-642-18178-8_31
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 28–36. ACM (1999). doi:10.1145/319709.319714
Van Der Veen, M., Kevenaar, T., Schrijen, G. J., Akkermans, T. H., Zuo, F.: Face biometrics with renewable templates. In: Proceedings of SPIE (vol. 6072, No. 1, p. 60720J) (2006). doi:10.1117/12.643176
Morelos-Zaragoza, R.H.: The Art of Error Correcting Coding. Wiley, New York (2006)
Feng, Y.C., Yuen, P.C.: Binary discriminant analysis for generating binary face template. IEEE Trans. Inf. Forensics Secur. 7(2), 613–624 (2012). doi:10.1109/TIFS.2011.2170422
Li, P., Yang, X., Qiao, H., Cao, K., Liu, E., Tian, J.: An effective biometric cryptosystem combining fingerprints with error correction codes. Expert Syst. Appl. 39(7), 6562–6574 (2012). doi:10.1016/j.eswa.2011.12.048
lvarez Mario, R., Hernndez lvarez, F., Hernndez Encinas, L.: A crypto-biometric scheme based on iris-templates with fuzzy extractors. Inf. Sci. 195, 91–102 (2012). doi:10.1016/j.ins.2012.01.042
Hao, F., Anderson, R., Daugman, J.: Combining crypto with biometrics effectively. IEEE Trans. Comput. 55(9), 1081–1088 (2006). doi:10.1109/TC.2006.138
Maiorana, E.: Biometric cryptosystem using function based on-line signature recognition. Expert Syst. Appl. 37(4), 3454–3461 (2010). doi:10.1016/j.eswa.2009.10.043
Carrara, B., Adams, C.: You are the key: generating cryptographic keys from voice biometrics. In: 2010 Eighth Annual International Conference on Privacy Security and Trust (PST) (pp. 213–222). IEEE (2010). doi:10.1109/PST.2010.5593251
Inthavisas, K., Lopresti, D.: Secure speech biometric templates for user authentication. IET Biom. 1(1), 46–54 (2012). doi:10.1049/iet-bmt.2011.0008
Argyropoulos, S., Tzovaras, D., Ioannidis, D., Strintzis, M.G.: A channel coding approach for human authentication from gait sequences. IEEE Trans. Inf. Forensics Secur. 4(3), 428–440 (2009). doi:10.1109/TIFS.2009.2025858
Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Washington (2010)
Rathgeb, C., Uhl, A.: A survey on biometric cryptosystems and cancelable biometrics. EURASIP J. Inf. Secur. 2011(1), 1–25 (2011). doi:10.1186/1687-417X-2011-3
Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Crypt. 38(2), 237–257 (2006). doi:10.1007/s10623-005-6343-z
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Advances in Cryptology-Eurocrypt 2004, pp. 523–540. Springer, Berlin, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_31
Li, Q., Sutcu, Y., Memon, N.: Secure sketch for biometric templates. In: Advances in CryptologyASIACRYPT 2006, pp. 99–113. Springer, Berlin, Heidelberg (2006). doi:10.1007/11935230_7
Chin, Y.J., Ong, T.S., Teoh, A.B.J., Goh, K.O.M.: Integrated biometrics template protection technique based on fingerprint and palmprint feature-level fusion. Inf. Fusion 18, 161–174 (2014). doi:10.1016/j.inffus.2013.09.001
Nagar, A., Nandakumar, K., Jain, A.K.: Multibiometric cryptosystems based on feature-level fusion. IEEE Trans. Inf. Forensics Secur. 7(1), 255–268 (2012). doi:10.1109/TIFS.2011.2166545
Acknowledgments
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2012R1A1A2007014). This research was also supported by 2012-18-02TD VNU-HCMC Project.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hoang, T., Choi, D. & Nguyen, T. Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme. Int. J. Inf. Secur. 14, 549–560 (2015). https://doi.org/10.1007/s10207-015-0273-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-015-0273-1