Abstract
As one of the most popular IoT (Internet of Things) devices, smartphone stores sensitive personal information. As a result, authentication on smartphones attracts widespread attention in recent years. Sensor-based authentication methods have achieved excellent results due to their feasibility and high efficiency. However, the current work lacks comprehensive security verification, undetected potential vulnerabilities are likely to be leveraged to launch attacks on these authentication approaches. We propose a novel attack to evaluate the reliability and robustness of the existing authentication methods. The basic idea behind our strategy is that the system has its authentication error; we elaborately analyze the false-negative samples to summarize its vulnerable properties and leverage such vulnerabilities to design our attack. The experiment result proves the feasibility of our attack and also demonstrates the drawbacks of the existing approaches. In addition, we propose a corresponding protect approach to defend against this attack, of which the scheme has the self-learning ability to update according to the newly detected attacks. Compared with authentications using multiple sensors, we only adopt a single accelerometer to achieve better performance, showing the convenience and effectiveness of our system.
Similar content being viewed by others
References
Alsellami, B. M., & Deshmukh, P. D. (2021). The recent trends in biometric traits authentication based on internet of things (IoT). In 2021 international conference on artificial intelligence and smart systems (ICAIS) (pp. 1359–1365).
Abuhamad, M., Abusnaina, A., Nyang, D., & Mohaisen, D. (2020). Sensor-based continuous authentication of smartphones’users using behavioral biometrics: A contemporary survey. IEEE Internet of Things Journal, 8(1), 65–84.
Muaaz, M., & Mayrhofer, R. (2017). Smartphone-based gait recognition: From authentication to imitation. IEEE Transactions on Mobile Computing, 16(11), 3209–3221. https://doi.org/10.1109/TMC.2017.2686855
Shrestha, B., Mohamed, M., & Saxena, N. (2019). Zemfa: Zero-effort multi-factor authentication based on multi-modal gait biometrics. In: 2019 17th international conference on privacy, security and trust (PST) (pp. 1–10)
Ratha, N. K., Connell, J. H., Bolle, R. M. (2001). An analysis of minutiae matching strength. In: International conference on audio-and video-based biometric person authentication (pp. 223–228). Springer
Brüsch, A., Nguyen, N., Schürmann, D., Sigg, S., & Wolf, L. (2020). Security properties of gait for mobile device pairing. IEEE Transactions on Mobile Computing, 19(3), 697–710. https://doi.org/10.1109/TMC.2019.2897933
Revadigar, G., Javali, C., Xu, W., Vasilakos, A. V., Hu, W., & Jha, S. (2017). Accelerometer and fuzzy vault-based secure group key generation and sharing protocol for smart wearables. IEEE Transactions on Information Forensics and Security, 12(10), 2467–2482. https://doi.org/10.1109/TIFS.2017.2708690
Nandakumar, K., Jain, A. K., & Pankanti, S. (2007). Fingerprint-based fuzzy vault: Implementation and performance. IEEE Transactions on Information Forensics and Security, 2(4), 744–757. https://doi.org/10.1109/TIFS.2007.908165
Nandakumar, K., & Jain, A. K. (2008). Multibiometric template security using fuzzy vault. In 2008 IEEE second international conference on biometrics: Theory, applications and systems (pp. 1–6)
Zhang, Z., Wang, H., Vasilakos, A. V., & Fang, H. (2012). Ecg-cryptography and authentication in body area networks. IEEE Transactions on Information Technology in Biomedicine, 16(6), 1070–1078. https://doi.org/10.1109/TITB.2012.2206115
Venkatasubramanian, K. K., Banerjee, A., & Gupta, S. K. S. (2010). Pska: Usable and secure key agreement scheme for body area networks. IEEE Transactions on Information Technology in Biomedicine, 14(1), 60–68. https://doi.org/10.1109/TITB.2009.2037617
Hoang, T., & Choi, D. (2014). Secure and privacy enhanced gait authentication on smart phone. The Scientific World Journal
Mjaaland, B. B. (2009). Gait mimicking: Attack resistance testing of gait authentication systems. Master’s Thesis, Institutt for Telematikk.
Liu, L.-F., Jia, W., & Zhu, Y.-H. (2009). Survey of gait recognition. In International conference on intelligent computing (pp. 652–659). Springer
Murray, M. P. (1967). Gait as a total pattern of movement: Including a bibliography on gait. American Journal of Physical Medicine & Rehabilitation, 46(1), 290–333.
Ailisto, H. J., Lindholm, M., Mantyjarvi, J., Vildjiounaite, E., & Makela, S.-M. (2005). Identifying people from gait pattern with accelerometers. In Biometric technology for human identification II (Vol. 5779, pp. 7–15). International Society for Optics and Photonics
Jin, R., Shi, L., Zeng, K., Pande, A., & Mohapatra, P. (2015). Magpairing: Pairing smartphones in close proximity using magnetometers. IEEE Transactions on Information Forensics and Security, 11(6), 1306–1320.
Morris, S. J. (2004). A shoe-integrated sensor system for wireless gait analysis and real-time therapeutic feedback. PhD Thesis, Massachusetts Institute of Technology
Huang, B., Chen, M., Huang, P., & Xu, Y. (2007). Gait modeling for human identification. In Proceedings 2007 IEEE international conference on robotics and automation (pp. 4833–4838)
Gafurov, D. (2007). A survey of biometric gait recognition: Approaches, security and challenges. In Annual Norwegian computer science conference (pp. 19–21)
Heinz, E. A., Kunze, K. S., Sulistyo, S., Junker, H., Lukowicz, P., & Tröster, G. (2003). Experimental evaluation of variations in primary features used for accelerometric context recognition. In European symposium on ambient intelligence (pp. 252–263). Springer
Sprager, S., & Zazula, D. (2009). A cumulant-based method for gait identification using accelerometer data with principal component analysis and support vector machine. WSEAS Transactions on Signal Processing, 5(11), 369–378.
Kwapisz, J. R., Weiss, G. M., & Moore, S. A. (2010). Cell phone-based biometric identification. In 2010 fourth IEEE international conference on biometrics: Theory applications and systems (BTAS) (pp. 1–7). IEEE
Nickel, C. (2012). Accelerometer-based biometric gait recognition for authentication on smartphones. PhD thesis, Technische Universität
Zhong, Y., Deng, Y., & Meltzner, G. (2015). Pace independent mobile gait biometrics. In 2015 IEEE 7th international conference on biometrics theory, applications and systems (BTAS) (pp. 1–8). IEEE
Qin, Z., Huang, G., Xiong, H., Qin, Z., & Choo, K.-K.R. (2021). A fuzzy authentication system based on neural network learning and extreme value statistics. IEEE Transactions on Fuzzy Systems, 29(3), 549–559. https://doi.org/10.1109/TFUZZ.2019.2956896
Stang, Ø. (2007). Gait analysis: Is it easy to learn to walk like someone else? Master’s thesis
Gafurov, D., Snekkenes, E., & Bours, P. (2007). Spoof attacks on gait authentication system. IEEE Transactions on Information Forensics and Security, 2(3), 491–502. https://doi.org/10.1109/TIFS.2007.902030
Mjaaland, B. B., Bours, P., Gligoroski, D. (2010). Walk the walk: Attacking gait biometrics by imitation. In International conference on information security (pp. 361–380). Springer
Kumar, R., Phoha, V. V., & Jain, A. (2015). Treadmill attack on gait-based authentication systems. In 2015 IEEE 7th international conference on biometrics theory, applications and systems (BTAS) (pp. 1–7)
Mohamed, M., Shrestha, B., & Saxena, N. (2017). Smashed: Sniffing and manipulating android sensor data for offensive purposes. IEEE Transactions on Information Forensics and Security, 12(4), 901–913. https://doi.org/10.1109/TIFS.2016.2620278
Mjaaland, B. B. (2010). The plateau: Imitation attack resistance of gait biometrics. In IFIP working conference on policies and research in identity management (pp. 100–112). Springer
Fernandez-Lopez, P., Sanchez-Casanova, J., Liu-Jimenez, J., & Morcillo-Marin, C. (2017). Influence of walking in groups in gait recognition. In 2017 international Carnahan conference on security technology (ICCST) (pp. 1–6)
Fernandez-Lopez, P., Kiyokawa, K., Wu, Y., & Liu-Jimenez, J. (2018). Influence of walking speed and smartphone position on gait recognition. In 2018 international Carnahan conference on security technology (ICCST) (pp. 1–5).
Anwary, A. R., Yu, H., & Vassallo, M. (2018). Optimal foot location for placing wearable imu sensors and automatic feature extraction for gait analysis. IEEE Sensors Journal, 18(6), 2555–2567. https://doi.org/10.1109/JSEN.2017.2786587
Lyu, P., Cai, W., & Wang, Y. (2022). Active attack that exploits biometric similarity difference and basic countermeasures. In W. Bao, X. Yuan, L. Gao, T. H. Luan, & D. B. J. Choi (Eds.), Ad hoc networks and tools for IT (pp. 81–95). Springer.
Funding
Supported by the National Natural Science Foundation of China (Grant No. 62002278).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Lyu, P., Cai, W. & Wang, Y. Collusive attack that exploits biometric similarity difference and basic countermeasures. Wireless Netw (2022). https://doi.org/10.1007/s11276-022-03034-5
Accepted:
Published:
DOI: https://doi.org/10.1007/s11276-022-03034-5