Skip to main content

Collusive attack that exploits biometric similarity difference and basic countermeasures

Abstract

As one of the most popular IoT (Internet of Things) devices, smartphone stores sensitive personal information. As a result, authentication on smartphones attracts widespread attention in recent years. Sensor-based authentication methods have achieved excellent results due to their feasibility and high efficiency. However, the current work lacks comprehensive security verification, undetected potential vulnerabilities are likely to be leveraged to launch attacks on these authentication approaches. We propose a novel attack to evaluate the reliability and robustness of the existing authentication methods. The basic idea behind our strategy is that the system has its authentication error; we elaborately analyze the false-negative samples to summarize its vulnerable properties and leverage such vulnerabilities to design our attack. The experiment result proves the feasibility of our attack and also demonstrates the drawbacks of the existing approaches. In addition, we propose a corresponding protect approach to defend against this attack, of which the scheme has the self-learning ability to update according to the newly detected attacks. Compared with authentications using multiple sensors, we only adopt a single accelerometer to achieve better performance, showing the convenience and effectiveness of our system.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

References

  1. Alsellami, B. M., & Deshmukh, P. D. (2021). The recent trends in biometric traits authentication based on internet of things (IoT). In 2021 international conference on artificial intelligence and smart systems (ICAIS) (pp. 1359–1365).

  2. Abuhamad, M., Abusnaina, A., Nyang, D., & Mohaisen, D. (2020). Sensor-based continuous authentication of smartphones’users using behavioral biometrics: A contemporary survey. IEEE Internet of Things Journal, 8(1), 65–84.

    Article  Google Scholar 

  3. Muaaz, M., & Mayrhofer, R. (2017). Smartphone-based gait recognition: From authentication to imitation. IEEE Transactions on Mobile Computing, 16(11), 3209–3221. https://doi.org/10.1109/TMC.2017.2686855

    Article  Google Scholar 

  4. Shrestha, B., Mohamed, M., & Saxena, N. (2019). Zemfa: Zero-effort multi-factor authentication based on multi-modal gait biometrics. In: 2019 17th international conference on privacy, security and trust (PST) (pp. 1–10)

  5. Ratha, N. K., Connell, J. H., Bolle, R. M. (2001). An analysis of minutiae matching strength. In: International conference on audio-and video-based biometric person authentication (pp. 223–228). Springer

  6. Brüsch, A., Nguyen, N., Schürmann, D., Sigg, S., & Wolf, L. (2020). Security properties of gait for mobile device pairing. IEEE Transactions on Mobile Computing, 19(3), 697–710. https://doi.org/10.1109/TMC.2019.2897933

    Article  Google Scholar 

  7. Revadigar, G., Javali, C., Xu, W., Vasilakos, A. V., Hu, W., & Jha, S. (2017). Accelerometer and fuzzy vault-based secure group key generation and sharing protocol for smart wearables. IEEE Transactions on Information Forensics and Security, 12(10), 2467–2482. https://doi.org/10.1109/TIFS.2017.2708690

    Article  Google Scholar 

  8. Nandakumar, K., Jain, A. K., & Pankanti, S. (2007). Fingerprint-based fuzzy vault: Implementation and performance. IEEE Transactions on Information Forensics and Security, 2(4), 744–757. https://doi.org/10.1109/TIFS.2007.908165

    Article  Google Scholar 

  9. Nandakumar, K., & Jain, A. K. (2008). Multibiometric template security using fuzzy vault. In 2008 IEEE second international conference on biometrics: Theory, applications and systems (pp. 1–6)

  10. Zhang, Z., Wang, H., Vasilakos, A. V., & Fang, H. (2012). Ecg-cryptography and authentication in body area networks. IEEE Transactions on Information Technology in Biomedicine, 16(6), 1070–1078. https://doi.org/10.1109/TITB.2012.2206115

    Article  Google Scholar 

  11. Venkatasubramanian, K. K., Banerjee, A., & Gupta, S. K. S. (2010). Pska: Usable and secure key agreement scheme for body area networks. IEEE Transactions on Information Technology in Biomedicine, 14(1), 60–68. https://doi.org/10.1109/TITB.2009.2037617

    Article  Google Scholar 

  12. Hoang, T., & Choi, D. (2014). Secure and privacy enhanced gait authentication on smart phone. The Scientific World Journal

  13. Mjaaland, B. B. (2009). Gait mimicking: Attack resistance testing of gait authentication systems. Master’s Thesis, Institutt for Telematikk.

  14. Liu, L.-F., Jia, W., & Zhu, Y.-H. (2009). Survey of gait recognition. In International conference on intelligent computing (pp. 652–659). Springer

  15. Murray, M. P. (1967). Gait as a total pattern of movement: Including a bibliography on gait. American Journal of Physical Medicine & Rehabilitation, 46(1), 290–333.

    Google Scholar 

  16. Ailisto, H. J., Lindholm, M., Mantyjarvi, J., Vildjiounaite, E., & Makela, S.-M. (2005). Identifying people from gait pattern with accelerometers. In Biometric technology for human identification II (Vol. 5779, pp. 7–15). International Society for Optics and Photonics

  17. Jin, R., Shi, L., Zeng, K., Pande, A., & Mohapatra, P. (2015). Magpairing: Pairing smartphones in close proximity using magnetometers. IEEE Transactions on Information Forensics and Security, 11(6), 1306–1320.

    Article  Google Scholar 

  18. Morris, S. J. (2004). A shoe-integrated sensor system for wireless gait analysis and real-time therapeutic feedback. PhD Thesis, Massachusetts Institute of Technology

  19. Huang, B., Chen, M., Huang, P., & Xu, Y. (2007). Gait modeling for human identification. In Proceedings 2007 IEEE international conference on robotics and automation (pp. 4833–4838)

  20. Gafurov, D. (2007). A survey of biometric gait recognition: Approaches, security and challenges. In Annual Norwegian computer science conference (pp. 19–21)

  21. Heinz, E. A., Kunze, K. S., Sulistyo, S., Junker, H., Lukowicz, P., & Tröster, G. (2003). Experimental evaluation of variations in primary features used for accelerometric context recognition. In European symposium on ambient intelligence (pp. 252–263). Springer

  22. Sprager, S., & Zazula, D. (2009). A cumulant-based method for gait identification using accelerometer data with principal component analysis and support vector machine. WSEAS Transactions on Signal Processing, 5(11), 369–378.

    Google Scholar 

  23. Kwapisz, J. R., Weiss, G. M., & Moore, S. A. (2010). Cell phone-based biometric identification. In 2010 fourth IEEE international conference on biometrics: Theory applications and systems (BTAS) (pp. 1–7). IEEE

  24. Nickel, C. (2012). Accelerometer-based biometric gait recognition for authentication on smartphones. PhD thesis, Technische Universität

  25. Zhong, Y., Deng, Y., & Meltzner, G. (2015). Pace independent mobile gait biometrics. In 2015 IEEE 7th international conference on biometrics theory, applications and systems (BTAS) (pp. 1–8). IEEE

  26. Qin, Z., Huang, G., Xiong, H., Qin, Z., & Choo, K.-K.R. (2021). A fuzzy authentication system based on neural network learning and extreme value statistics. IEEE Transactions on Fuzzy Systems, 29(3), 549–559. https://doi.org/10.1109/TFUZZ.2019.2956896

    Article  Google Scholar 

  27. Stang, Ø. (2007). Gait analysis: Is it easy to learn to walk like someone else? Master’s thesis

  28. Gafurov, D., Snekkenes, E., & Bours, P. (2007). Spoof attacks on gait authentication system. IEEE Transactions on Information Forensics and Security, 2(3), 491–502. https://doi.org/10.1109/TIFS.2007.902030

    Article  Google Scholar 

  29. Mjaaland, B. B., Bours, P., Gligoroski, D. (2010). Walk the walk: Attacking gait biometrics by imitation. In International conference on information security (pp. 361–380). Springer

  30. Kumar, R., Phoha, V. V., & Jain, A. (2015). Treadmill attack on gait-based authentication systems. In 2015 IEEE 7th international conference on biometrics theory, applications and systems (BTAS) (pp. 1–7)

  31. Mohamed, M., Shrestha, B., & Saxena, N. (2017). Smashed: Sniffing and manipulating android sensor data for offensive purposes. IEEE Transactions on Information Forensics and Security, 12(4), 901–913. https://doi.org/10.1109/TIFS.2016.2620278

    Article  Google Scholar 

  32. Mjaaland, B. B. (2010). The plateau: Imitation attack resistance of gait biometrics. In IFIP working conference on policies and research in identity management (pp. 100–112). Springer

  33. Fernandez-Lopez, P., Sanchez-Casanova, J., Liu-Jimenez, J., & Morcillo-Marin, C. (2017). Influence of walking in groups in gait recognition. In 2017 international Carnahan conference on security technology (ICCST) (pp. 1–6)

  34. Fernandez-Lopez, P., Kiyokawa, K., Wu, Y., & Liu-Jimenez, J. (2018). Influence of walking speed and smartphone position on gait recognition. In 2018 international Carnahan conference on security technology (ICCST) (pp. 1–5).

  35. Anwary, A. R., Yu, H., & Vassallo, M. (2018). Optimal foot location for placing wearable imu sensors and automatic feature extraction for gait analysis. IEEE Sensors Journal, 18(6), 2555–2567. https://doi.org/10.1109/JSEN.2017.2786587

    Article  Google Scholar 

  36. Lyu, P., Cai, W., & Wang, Y. (2022). Active attack that exploits biometric similarity difference and basic countermeasures. In W. Bao, X. Yuan, L. Gao, T. H. Luan, & D. B. J. Choi (Eds.), Ad hoc networks and tools for IT (pp. 81–95). Springer.

    Chapter  Google Scholar 

Download references

Funding

Supported by the National Natural Science Foundation of China (Grant No. 62002278).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Yao Wang.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Lyu, P., Cai, W. & Wang, Y. Collusive attack that exploits biometric similarity difference and basic countermeasures. Wireless Netw (2022). https://doi.org/10.1007/s11276-022-03034-5

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11276-022-03034-5

Keywords

  • Gait authentication
  • Wearable sensors
  • Impersonation attack
  • Collusive attack