Dictionary Attack on IMU-based Gait Authentication

TL;DR

This paper introduces a new adversarial attack model on IMU-based gait authentication, demonstrating that such systems can be vulnerable to dictionary attacks and imitation, challenging previous assumptions of their robustness.

Contribution

It presents the first comprehensive study of dictionary attacks on IMU gait authentication, including data collection from diverse individuals and analysis of attack effectiveness.

Findings

IMU gait patterns can be mimicked or matched using a dictionary attack.

Authentication error rates increase after attack, indicating vulnerability.

IMU gait systems are less resistant to spoofing than previously believed.

Abstract

We present a novel adversarial model for authentication systems that use gait patterns recorded by the inertial measurement unit (IMU) built into smartphones. The attack idea is inspired by and named after the concept of a dictionary attack on knowledge (PIN or password) based authentication systems. In particular, this work investigates whether it is possible to build a dictionary of IMUGait patterns and use it to launch an attack or find an imitator who can actively reproduce IMUGait patterns that match the target's IMUGait pattern. Nine physically and demographically diverse individuals walked at various levels of four predefined controllable and adaptable gait factors (speed, step length, step width, and thigh-lift), producing 178 unique IMUGait patterns. Each pattern attacked a wide variety of user authentication models. The deeper analysis of error rates (before and after the attack) challenges the belief that authentication systems based on IMUGait patterns are the most difficult to spoof; further research is needed on adversarial models and associated countermeasures.