Walk the walk: Attacking gait biometrics by imitation

Abstract

Since advances in gait biometrics are rather new, the current volume of security testing on this feature is limited. We present a study on mimicking, or imitation, of the human gait. Mimicking is a very intuitive way of attacking a biometric system based on gait, and still this topic is almost nonexistent in the open literature. The bottom line question in our research is weather it is possible to learn to walk like someone else. If this turned out to be easy, it would have a severe effect of the potential of gait as an authentication mechanism in the future. We have developed a software tool that uses wearable sensors to collect and analyze gait acceleration data. The research is further based on an experiment, involving extensive training of test subjects, and using various sources of feedback like video and statistical analysis. The attack scores are analyzed by regression, and the goal is to determine whether or not the participants are increasing their mimicking skills, or simply: if they are learning. The experiment involved 50 participants enrolled into a gait authentication system. The error rates compete with state of the art gait technology, with an EER of 6.2%. The mimicking part of the experiment revealed that gait mimicking is a very difficult task, and that our physiological characteristics work against us when we try to change something as fundamental as the way we walk. The participants showed few indications of learning, and the results of most attackers even worsened over time, showing that training did nothing to help them succeed. The research identified a natural boundary to the impostors' performance, a point of resistance so significant that it was given a name; a plateau. The location or value of this plateau predetermines the outcome of an attack; for success it has to lie below the acceptance threshold corresponding to the Equal Error Rate (EER). © 2011 Springer-Verlag.