Security and privacy enhanced smartphone-based gait authentication with random representation learning and digital lockers

Abstract

Gait data captured by inertial sensors of smartphone have demonstrated promising results on user authentication. However, most existing models stored the enrolled gait pattern in plaintext for matching with the pattern being validated, thus, posed critical security and privacy issues. In this study, we present a gait cryptosystem that generates from gait data captured by smartphone sensors the random keys for user authentication, meanwhile, secures the gait pattern. First, we propose a revocable and random binary string extraction method using deep neural network followed by feature-wise binarization. A novel loss function for network optimization is also designed, to tackle not only the intra-user stability but also the inter-user randomness. Second, we propose a new biometric key generation scheme, namely Irreversible Error Correct and Obfuscate (IECO), improved from the Error Correct and Obfuscate (ECO) scheme, to securely generate from the binary string a random and irreversible key. The model was evaluated with two benchmark datasets as OU-ISIR and whuGAIT. The evaluation showed that our model could generate the key of 139 bits from 5-second data sequence with zero False Acceptance Rate (FAR) and False Rejection Rate (FRR) smaller than 5.441%. In addition, the security and user privacy analyses showed that our model was secure against existing attacks on biometric template protection, and fulfilled the irreversibility and unlinkability requirements.