The research project proposes an automatic system for user recognition exploiting biometric gait acquisition and analysis. The users' data are collected by user mobile devices, e.g., currently widesperad smartphones, equipped with a built-in accelerometer sensor, which nowadays is an extremely common kind of component. The major purpose of the system is to grant the authentication of an enrolled user without any kind of the specific action usually required, e.g., providing username and password or putting their finger on a fingerprint reader sensor. This totally transparent authentication can be done by exploiting a number of useful mechanisms to carry out the acquisition protocol. In order to avoid any explicit user action, suitable signals to start and stop recording will be sent directly from beacons (configurable Bluetooth transmitters) to the user mobile device, once it reaches a close enough position. Each incoming walk signal will be sent to a server that will match them with the enrollment data, stored in advance for the authorized users, and will decide if the subject is to be accepted or refused. Open research problems that
will be tackled are investigation of the most robust and reliable gait features to extract, signal normalization and alignment, and multidevice matching. Moreover, we want to investigate the best way to combine this kind of approach with other well-known and noninvasive capture modalities, possibly based on machine vision, either exploiting the same biometrics, namely gait, or combining it with another very popular technique such as face recognition. This proposed system will be a suitable alternative to traditional user authentication, which requires one or more specific actions, and user attention, and to remember cumbersome usernames and complex passwords. At the end of the project it will be possible to ask for a patent for the overall system architecture and for the
underlying algorithms.
User authentication is a necessary and important step to prevent unauthorized access to restricted physical areas (e.g., a bank caveau) as well as remote services (e.g., home banking). The processes to authenticate a user are conventionally grouped into three classes: knowledge-based, object (or token)-based, and the most recent biometrics-based. The first kind of authentication relies on something the user has to know and, most of all, to remember, and is characterized by secrecy. An example of knowledge-based authenticators are well-known passwords and PIN codes, as those used to access a remote host or to open a strongbox. The second authentication modality relies on something one has and is characterized by possession. Physical keys to open, for example, a door, can be included in this category. However, when more security is required, this kind of approach is usually combined with the knowledge-based one. An example of this combination is a bank-card with PIN code. Differently from the others, biometric authentication is based on something a person is, represented by either physical or behavioural characteristics. In knowledge-based and object-based approaches, passwords and tokens can be forgotten, lost or stolen. There are also usability limitations associated with them. For instance, having to remember multiple usernames, passwords and PINs is not an easy task, especially if the password to remember is very complex or long, and given that using the same password for all services causes a possible security breach. According to literature, the heavy information technology user has to remember on average 21
passwords (and some of them even more than 70), 49% of the users write down or store their passwords in a file, and 67% never change their passwords.
Biometric-based approaches lack the above mentioned difficulties of knowledge-based and object-based ones. One of the most important aspects of biometric traits is that they have a more direct and explicit link with humans than passwords or tokens, since biometrics use physiological and behavioral features of human beings. Of course these features must obey a number of conditions: among the most important ones, the first are of course universality (the trait must be owned by all subjects), and permanence (the trait remains stable for a sufficient time elapse given the requested authentication setting). Moreover, traits difficult to spoof are preferred, e.g., gait. Thanks to this fact, nowadays the request for biometrics-based systems is increasing more and more. There are various types of human traits that can be used as biometrics, e.g., the popular fingerprints, the face, the iris, the hand geometry, the gait and so on.
With our work, we want to propose a complete system, ready to use, that can be exploited both for the mobile security (using gait to unlock the mobile device) and for security access to critical zones/services. First, we want to implement a transparent authentication protocol whose execution does not require explicit user actions, therefore relieving the user from the need to learn specific
authentication procedures. To this aim, we will introduce a novel implicit authentication paradigm simply based on the user preliminary enrollment in the authentication system, on the user naturally walking while approaching the protected service, and on the possession of a nowadays ubiquitous, widespread and general-purpose equipment like a smartphone. We want to further focus on multi-device issues, rarely taken into account in either the proposals in the state-of-the-art, or the present literature. The use of different devices during enrollment and normal operation can be useful and/or requested in real applications. This entails investigating and implementing new signal processing steps able to transform the gait signal in a normalized format. As a matter of fact, even the same model of device equipped with the same model of accelerometer, in the same conditions, produces a systematically different signal, making
matching much less robust and reliable. While this is due to manufacturing as well as environment factors, our goal is to avoid the use of further hardware specifically devoted to accelerometer tuning.
An approach like the one we have described can be a very good alternative to traditional knowledge-based and object-based authenticator systems. It lets the users even forget that there is a system that is working on his/her authentication and would create a more relaxed environment. This means less stress for those who, for work, would normally remember a multitude of usernames and passwords. In addition, with the type of approach proposed in this project, users will feel more comfortable than, for example, with an access system based on the use of fingerprints, which are more invasive and less accepted: they require a voluntary action, the
physical contact with a sensor, and are usually associated to criminal investigations.