Smartphone-based Gait Recognition: From Authentication to Imitation


This work evaluates the security strength of a smartphone-based gait recognition system against zero-effort and live minimal-effort impersonation attacks under realistic scenarios. For this purpose, we developed an Android application, which uses a smartphone-based accelerometer to capture gait data continuously in the background, but only when an individual walks. Later, it analyzes the recorded gait data and establishes the identity of an individual. At first, we tested the performance of this system against zero-effort attacks by using a dataset of 35 participants. Later, live impersonation attacks were performed by five professional actors who are specialized in mimicking body movements and body language. These attackers were paired with their physiologically close victims, and they were given live audio and visual feedback about their latest impersonation attempt during the whole experiment. No false positives under impersonation attacks, indicate that mimicry does not improve chances of attackers being accepted by our gait authentication system. In 29% of total impersonation attempts, when attackers walked like their chosen victim, they lost regularity between their steps which makes impersonation even harder for attackers.

IEEE Transactions on Mobile Computing (IEEE TMC)