Moves like Jagger: Exploiting variations in instantaneous gait for spontaneous device pairing

Abstract Seamless device pairing conditioned on the context of use fosters novel application domains and ease of use. Examples are automatic device pairings with objects interacted with, such as instrumented shopping baskets, electronic tourist guides (e.g. tablets), fitness trackers or other fitness equipment. We propose a cryptographically secure spontaneous authentication scheme, BANDANA, that exploits correlation in acceleration sequences from devices worn or carried together by the same person to extract always-fresh secure secrets. On two real world datasets with 15 and 482 subjects, BANDANA generated fingerprints achieved intra- (50%) and inter-body ( > 75 % ) similarity sufficient for secure key generation via fuzzy cryptography. Using BCH codes, best results are achieved with 48 bit fingerprints from 12 gait cycles generating 16 bit long keys. Statistical bias of the generated fingerprints has been evaluated as well as vulnerabilities towards relevant attack scenarios.

[1]  Danilo Gligoroski,et al.  Walk the Walk: Attacking Gait Biometrics by Imitation , 2010, ISC.

[2]  Rong Jin,et al.  MagPairing: Pairing Smartphones in Close Proximity Using Magnetometers , 2016, IEEE Transactions on Information Forensics and Security.

[3]  René Mayrhofer,et al.  An Analysis of Different Approaches to Gait Recognition Using Cell Phone Based Accelerometers , 2013, MoMM '13.

[4]  Blake Hannaford,et al.  "Are You with Me?" - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person , 2004, Pervasive.

[5]  Adrian Perrig,et al.  SafeSlinger: easy-to-use and secure public-key exchange , 2013, MobiCom.

[6]  Timo Sztyler,et al.  On-body localization of wearable devices: An investigation of position-aware activity recognition , 2016, 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[7]  David Kotz,et al.  Recognizing whether sensors are on the same body , 2011, Pervasive Mob. Comput..

[8]  Ahmad-Reza Sadeghi,et al.  Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices , 2014, CCS.

[9]  Yasushi Makihara,et al.  The largest inertial sensor-based gait database and performance evaluation of gait-based personal authentication , 2014, Pattern Recognit..

[10]  Yu Liu,et al.  Overlapped-shaking: A local authentication method for mobile applications , 2014, 2014 IEEE Computers, Communications and IT Applications Conference.

[11]  Serge Vaudenay,et al.  Secure Communications over Insecure Channels Based on Short Authenticated Strings , 2005, CRYPTO.

[12]  Jon Callas,et al.  ZRTP: Media Path Key Agreement for Unicast Secure RTP , 2011, RFC.

[13]  René Mayrhofer,et al.  Smartphone-Based Gait Recognition: From Authentication to Imitation , 2017, IEEE Transactions on Mobile Computing.

[14]  Rajesh Kumar,et al.  Treadmill attack on gait-based authentication systems , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[15]  Thuc Dinh Nguyen,et al.  A Lightweight Gait Authentication on Mobile Phone Regardless of Installation Error , 2013, SEC.

[16]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[17]  Thuc Dinh Nguyen,et al.  Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme , 2015, International Journal of Information Security.

[18]  Eyal de Lara,et al.  Amigo: Proximity-Based Authentication of Mobile Devices , 2007, UbiComp.

[19]  René Mayrhofer,et al.  ShakeUnlock: Securely Unlock Mobile Devices by Shaking them Together , 2014, MoMM.

[20]  N. Asokan,et al.  Security Associations in Personal Networks: A Comparative Analysis , 2007, ESAS.

[21]  Michael W. Whittle Chapter 2 – Normal gait , 2007 .

[22]  Paul Lukowicz,et al.  Experimental Evaluation of Variations in Primary Features Used for Accelerometric Context Recognition , 2003, EUSAI.

[23]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[24]  Helmut Hlavacs,et al.  Optimal derotation of shared acceleration time series by determining relative spatial alignment , 2015, Int. J. Pervasive Comput. Commun..

[25]  M. Granat,et al.  Step accumulation per minute epoch is not the same as cadence for free-living adults. , 2013, Medicine and science in sports and exercise.

[26]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[27]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[28]  Stephan Sigg,et al.  Secure Communication Based on Ambient Audio , 2013, IEEE Transactions on Mobile Computing.

[29]  Øyvind Stang Gait analysis: Is it easy to learn to walk like someone else? , 2007 .

[30]  René Mayrhofer,et al.  SAPHE: simple accelerometer based wireless pairing with heuristic trees , 2012, MoMM '12.

[31]  Sebastian Madgwick,et al.  Estimation of IMU and MARG orientation using a gradient descent algorithm , 2011, 2011 IEEE International Conference on Rehabilitation Robotics.

[32]  René Mayrhofer,et al.  The Candidate Key Protocol for Generating Secret Shared Keys from Similar Sensor Data Streams , 2007, ESAS.

[33]  Kai Kunze,et al.  Compensating for On-Body Placement Effects in Activity Recognition , 2012 .

[34]  Stephan Sigg,et al.  BANDANA — Body area network device-to-device authentication using natural gAit , 2016, 2017 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[35]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[36]  Neil W. Bergmann,et al.  Walkie-Talkie: Motion-Assisted Automatic Key Generation for Secure On-Body Device Communication , 2016, 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN).

[37]  Wouter Joosen,et al.  Accelerometer-Based Device Fingerprinting for Multi-factor Mobile Authentication , 2016, ESSoS.

[38]  René Mayrhofer,et al.  Cross Pocket Gait Authentication Using Mobile Phone Based Accelerometer Sensor , 2015, EUROCAST.

[39]  Jörn-Marc Schmidt,et al.  Requirements for Password-Authenticated Key Agreement (PAKE) Schemes , 2017, RFC.

[40]  René Mayrhofer,et al.  Orientation Independent Cell Phone Based Gait Authentication , 2014, MoMM.

[41]  Mario Huemer,et al.  Key Generation Based on Acceleration Data of Shaking Processes , 2007, UbiComp.

[42]  Einar Snekkenes,et al.  Spoof Attacks on Gait Authentication System , 2007, IEEE Transactions on Information Forensics and Security.

[43]  Raphael C.-W. Phan,et al.  Analyzing the Secure Simple Pairing in Bluetooth v4.0 , 2012, Wirel. Pers. Commun..

[44]  Mary Baker,et al.  Step-by-step Detection of Personally Collocated Mobile Devices , 2015, HotMobile.

[45]  Thomas Kunz,et al.  Wireless Fingerprints Inside a Wireless Sensor Network , 2015, ACM Trans. Sens. Networks.