Verifying the identity of a user, usually referred to as user authentication, before granting access to the services or objects is a very important step in many applications. People pass through some sorts of authentication process in their daily life. For example, to prove having access to the computer the user is required to know a password. Similarly, to be able to activate a mobile phone the owner has to know its PIN code, etc. Some user authentication techniques are based on human physiological or behavioral characteristics such as fingerprints, face, iris and so on. Authentication methods differ in their advantages and disadvantages, e.g. PIN codes and passwords have to be remembered, eye-glasses must be taken off for face authentication, etc. Security and usability are important aspects of user authentication. The usability aspect relates to the unobtrusiveness, convenience and user-friendliness of the authentication technique. Security is related to the robustness of the authentication method against attacks. Recent advances in electronic chip development offer new opportunities for person authentication based on his gait (walking style) using small, light and cheap sensors. One of the primary advantages of this approach is that it enables unobtrusive user authentication. Although studies on human recognition based on gait indicate encouraging performances, the security per se (i.e. robustness and/or vulnerability) of gait-based recognition systems has received little or no attention.
The overall goal of the work presented in this thesis is on performance and security analysis of gait-based user authentication. The nature of the contributions is not on developing novel algorithms, but rather on enhancing existing approaches in gait-based recognition using small and wearable sensors, and developing new knowledge on security and uniqueness of gait.
The three main research questions addressed in this thesis are: (1) What are the performances of recognition methods that are based on the motion of particular body parts during gait? (2) How robust is the gait-based user authentication? (3) What aspects do influence the uniqueness of human gait?
In respect to the first research question, the thesis identifies several locations on the body of the person, whose motion during gait can provide identity information. These body parts include hip, trouser pockets, arm and ankle. Analysis of acceleration signals indicates that movements of these body segments have some discriminative power. This might make these modalities suitable as an additional factor in multi-factor authentication. For the research question on security as far as we know, this thesis is the first extensive analysis of gait authentication security (in case of hip motion). A gait-based authentication system is studied under three attack scenarios. These attack scenarios include a minimal effort-mimicry (with restricted time and number of attempts), knowing the closest person in the database (in terms of gait similarity) and knowing the gender of the user in the database. The findings of the thesis reveal that the minimal effort mimicking does not help to improve the acceptance chances of impostors. However, impostors who know their closest person in the database or the genders of the users in the database can be a threat to gait-based authentication systems.
In the third research question, the thesis provides some insights towards understanding the uniqueness of gait in case of ankle/foot motion. In particular, it reveals the following: heavy footwear tends to diminish foot discriminativeness; a sideway motion of the foot provides the most discrimination, compared to an up-down or forward-backward direction of the motion; and different parts of the gait cycle provide different level of discrimination.
In addition, the thesis proposes taxonomy of user recognition methods based on gait.
List of papers. The 8 research papers that constitute the main research part of the thesis are:
1. Davrondzhon Gafurov, A Survey of Biometric Gait Recognition: Approaches, Security and Challenges, In Proceedings of Annual Norwegian Computer Science Conference, Tapir, pp. 119-130, 2007.
2. Davrondzhon Gafurov, Kirsi Helkala and Torkjel Søndrol, Gait Recognition Using Acceleration from MEMS, In Proceedings of IEEE International Conference on Availability, Reliability and Security (ARES), pp. 432-437, 2006.
3. Davrondzhon Gafurov, Einar Snekkenes and Patrick Bours, Gait Authentication and Identification Using Wearable Accelerometer Sensor, In Proceedings of IEEE Workshop on Automatic Identification Advanced Technologies(AutoID), pp. 220-225, 2007.
4. Davrondzhon Gafurov and Einar Snekkenes, Arm Swing as a Weak Biometric for Unobtrusive User Authentication, In Proceedings of International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Special Session on ”Biometrics - From Sensors to Standardization”, IEEE Press,2008 (accepted).
5. Davrondzhon Gafurov, Einar Snekkenes and Tor Erik Buvarp, Robustness of Biometric Gait Authentication Against Impersonation Attack, In Proceedings of International Workshop on Information Security, Springer LNCS 4277, pp. 479-488, 2006.
6. Davrondzhon Gafurov, Einar Snekkenes and Patrick Bours, Spoof Attacks on Gait Authentication System, IEEE Transactions on Information Forensics and Security, Special Issue on Human Detection and Recognition, 2(3), pp. 491-502, 2007
7. Davrondzhon Gafurov, Security Analysis of Impostor Attempts with Respect to Gender in Gait Biometrics, In Proceedings of IEEE International Conference on Biometrics: Theory, Applications and Systems (BTAS), 2007.
8. Davrondzhon Gafurov and Einar Snekkenes, Towards Understanding the Uniqueness of Gait Biometric, In Proceedings of the International Conference Automatic Face and Gesture Recognition , September 17-19, 2008, Amsterdam, The Netherlands. IEEE Press, 2008. To appear.
In addition, the thesis work has also resulted in the follwoing paper which is closely related or overlapping with papers mentioned above.
• Davrondzhon Gafurov, Kirsi Helkala and Torkjel Søndrol, Biometric Gait Authentication Using Accelerometer Sensor, Journal of Computers, 1(7), pp.51-59, 2006