Visible to the public ZEMFA: Zero-Effort Multi-Factor Authentication based on Multi-Modal Gait Biometrics

TitleZEMFA: Zero-Effort Multi-Factor Authentication based on Multi-Modal Gait Biometrics
Publication TypeConference Paper
Year of Publication2019
AuthorsShrestha, Babins, Mohamed, Manar, Saxena, Nitesh
Conference Name2019 17th International Conference on Privacy, Security and Trust (PST)
Date Publishedaug
Keywordsauthentication, authentication token, authorisation, biometrics, biometrics (access control), Context, gait analysis, human factors, mobile computing, multidevice fusion, multimodal gait biometrics, multisensor fusion, Phone, pubcrawl, Sensors, single authentication factor, smart phones, Two factor Authentication, Walking-pattern, wearables, ZEMFA, zero-effort authentication, zero-effort multifactor authentication system
AbstractIn this paper, we consider the problem of transparently authenticating a user to a local terminal (e.g., a desktop computer) as she approaches towards the terminal. Given its appealing usability, such zero-effort authentication has already been deployed in the real-world where a computer terminal or a vehicle can be unlocked by the mere proximity of an authentication token (e.g., a smartphone). However, existing systems based on a single authentication factor contains one major security weakness - unauthorized physical access to the token, e.g., during lunch-time or upon theft, allows the attacker to have unfettered access to the terminal. We introduce ZEMFA, a zero-effort multi-factor authentication system based on multiple authentication tokens and multi-modal behavioral biometrics. Specifically, ZEMFA utilizes two types of authentication tokens, a smartphone and a smartwatch (or a bracelet) and two types of gait patterns captured by these tokens, mid/lower body movements measured by the phone and wrist/arm movements captured by the watch. Since a user's walking or gait pattern is believed to be unique, only that user (no impostor) would be able to gain access to the terminal even when the impostor is given access to both of the authentication tokens. We present the design and implementation of ZEMFA. We demonstrate that ZEMFA offers a high degree of detection accuracy, based on multi-sensor and multi-device fusion. We also show that ZEMFA can resist active attacks that attempt to mimic a user's walking pattern, especially when multiple devices are used.
Citation Keyshrestha_zemfa_2019