TY - JOUR
T1 - Security Properties of Gait for Mobile Device Pairing
AU - Brusch, Arne
AU - Nguyen, Le
AU - Schürmann, Dominik
AU - Sigg, Stephan
AU - Wolf, Lars
PY - 2020/3/1
Y1 - 2020/3/1
N2 - Gait has been proposed as a feature for mobile device pairing across arbitrary positions on the human body. Results indicate that the correlation in gait-based features across different body locations is sufficient to establish secure device pairing. However, the population size of the studies is limited and powerful attackers with e.g. capability of video recording are not considered. We present a concise discussion of security properties of gait-based pairing schemes including a discussion of popular quantization schemes, classification and analysis of attack surfaces, discussion of statistical properties of generated sequences, an entropy analysis, as well as possible threats and security weaknesses of gait-based pairing systems. For one of the schemes considered, we present modifications to fix an identified security flaw. As a general limitation of gait-based authentication or pairing systems, we further demonstrate that an adversary with video support can create key sequences that are sufficiently close to on-body generated acceleration sequences to breach gait-based security mechanisms.
AB - Gait has been proposed as a feature for mobile device pairing across arbitrary positions on the human body. Results indicate that the correlation in gait-based features across different body locations is sufficient to establish secure device pairing. However, the population size of the studies is limited and powerful attackers with e.g. capability of video recording are not considered. We present a concise discussion of security properties of gait-based pairing schemes including a discussion of popular quantization schemes, classification and analysis of attack surfaces, discussion of statistical properties of generated sequences, an entropy analysis, as well as possible threats and security weaknesses of gait-based pairing systems. For one of the schemes considered, we present modifications to fix an identified security flaw. As a general limitation of gait-based authentication or pairing systems, we further demonstrate that an adversary with video support can create key sequences that are sufficiently close to on-body generated acceleration sequences to breach gait-based security mechanisms.
KW - fuzzy cryptography
KW - Gait pairing
KW - security analysis
KW - usable security
UR - http://www.scopus.com/inward/record.url?scp=85079678684&partnerID=8YFLogxK
U2 - 10.1109/TMC.2019.2897933
DO - 10.1109/TMC.2019.2897933
M3 - Article
SN - 1536-1233
VL - 19
SP - 697
EP - 710
JO - IEEE Transactions on Mobile Computing
JF - IEEE Transactions on Mobile Computing
IS - 3
M1 - 8636972
ER -