In information security, it is very important to be assured that only authorized individuals are allowed to get access to a system. There are many ways of identifying or authenticating who an individual is. An acquaintance who knows how a specific person looks like can verify whether a person is who he claims to be or not, just by taking a short look at him. This is probably the most basic method. However, in a modern society, most technologies are based on computers and require high speed. Hence, there should exist algorithmic routines that can perform such authentication processes automatically. Different ways of authenticating a person are to look at something he has, e.g. a token or a smart card, something he knows, e.g. a password or a pass phrase, or something he is, e.g. by his fingerprint or iris. In this report, we will study a biometric authentication technique, i.e. something a person is. We will look at gait analysis, or more precisely, whether there is possible to learn to walk like another person in such a way that one can be authenticated as the other person. How long time does it take to learn this?
In this project, we will look at gait authentication, i.e. verifying a claimed identity based on how a person walks. A vision is that there will be possible in the future to give people access to e.g. a building or a secured room based on their gait. A hypothesis is that every individual has it’s own unique way to walk.
Our problem is that we don’t really know whether our gait is as unique as we might believe it is in the first place. Will special conditions make your gait different, e.g. your temper the specific day or your health? Is it possible to act as if you are another person, and in that way get access to a place where you are not really authorized to be? These are questions that should be answered before authentication using gait can be implemented to the same degree as e.g. fingerprint verification and iris scans have been. According to Davrondzhon Gafurov, Einar Snekkenes, and Tor Erik Buvarp's article "Robustness of biometric gait authentication against impersonation attack", when a person submits his own biometric feature in order to match against another person’s biometric in a template, this is called a non-genuine attempt. These non-genuine attempts can be subdivided into three groups which are ”passive impostor attempts”, ”active impostor attempts” and ”non-passive and non-active impostor attempts”. A passive impostor attempt is an attempt where an individual submits his own biometric feature as if he was attempting successful verification against his own template, but in fact is being compared against non-self template. An active impostor attempt is when an individual changes his biometrics in order to match a targeted person. A non-passive and non-active impostor attempt is when an active impostor trial is not compared against a targeted person, but in general another person’s template. This project is about active impostor attempts, where a person tries to learn another person’s gait, in order to be authenticated as the other person. According to Jani Mäntyjärvi, Mikko Lindholm, Elena Vildjiounaite, Satu-Marja Mäkelä, and Heikki Ailisto, deliberate imitation of other person’s walking style is difficult. However, it should be possible to learn this given enough time. If it turns out that the process of learning this takes a short time, e.g. a few weeks, then we should conclude that gait authentication is a rather weak authentication method to use, while if it takes a long time (or if it turns out to be close to impossible) to learn, then we can conclude that faking another person’s gait by impersonation is difficult.
The main reason why this problem is important, is because the answer to it will show how strong gait authentication is as an authentication method. If our conclusion is that it is difficult to learn how to walk more or less exactly like another person, then there might be a business for gait authentication. It is easier to authenticate yourself using gait, than to e.g. remember a password. People will probably also feel it more comforting to use gait as authentication rather than fingerprint or iris, because some people don’t like to have an iris scanner scanning their eyes, and some feel that it is little hygienic to press their finger on the same plate where maybe hundreds of other people have done so before them.
In order to solve this problem, there are some research questions that need to be considered:
