Einar Snekkenes

Computer Security – ESORICS 2003

Information push is today an approach widely used for information dissemination in distributed systems. Under information push, a Web data source periodically (or whenever some relevant event arises) broadcasts data to clients, without the need of an explicit request. In order to make information push usable in a large variety of application domains, it is however important that the authenticity and privacy requirements of both the receiver subjects and information owners be satisfied. Although the problem of confidentiality has been widely investigated, no comparable amount of work has been done for authenticity. In this paper, we propose a model to specify signature policies, specifically conceived for XML data. The model allows the specification of credential-based signature policies, supporting both single and joint signatures. Additionally, we provide an architecture for supporting the generation of selectively encrypted and authenticated XML document, ensuring at the same time the satisfaction of both access control and signature policies.

Spoof Attacks on Gait Authentication System

Research in biometric gait recognition has increased. Earlier gait recognition works reported promising results, usually with a small sample size. Recent studies with a larger sample size confirm gait potential as a biometric from which individuals can be identified. Despite much research being carried out in gait recognition, the topic of vulnerability of gait to attacks has not received enough attention. In this paper, an analysis of minimal-effort impersonation attack and the closest person attack on gait biometrics are presented. Unlike most previous gait recognition approaches, where gait is captured using a (video) camera from a distance, in our approach, gait is collected by an accelerometer sensor attached to the hip of subjects. Hip acceleration in three orthogonal directions (up-down, forward-backward, and sideways) is utilized for recognition. We have collected 760 gait sequences from 100 subjects. The experiments consisted of two parts. In the first part, subjects walked in their normal walking style, and using the averaged cycle method, an EER of about 13% was obtained. In the second part, subjects were trying to walk as someone else. Analysis based on FAR errors indicates that a minimal-effort impersonation attack on gait biometric does not necessarily improve the chances of an impostor being accepted. However, attackers with knowledge of their closest person in the database can be a serious threat to the authentication system.

Gait Authentication and Identification Using Wearable Accelerometer Sensor

This paper describes gait recognition using a body worn sensor. An accelerometer sensor (placed in the trousers pocket) is used for collecting gait features. From the acceleration signal of the person, cycles have been detected and analysed for recognition. We have applied four different methods (absolute distance, correlation, histogram, and higher order moments) to evaluate performance of the system both in authentication and identification modes. Our data set consists of 300 gait sequences collected from 50 subjects. Absolute distance metric has shown the best performance in terms of EER, which is equal to 7.3% (recognition rate is 86.3%). Furthermore, we have also analysed recognition performance when subjects were carrying a backpack.

Gait recognition using wearable motion recording sensors

This paper presents an alternative approach, where gait is collected by the sensors attached to the persons body. Such wearable sensors record motion (e.g. acceleration) of the body parts during walking. The recorded motion signals are then investigated for person recognition purposes. We analyzed acceleration signals from the foot, hip, pocket and arm. Applying various methods, the best EER obtained for foot-, pocket-, arm- and hip- based user authentication were 5%, 7%, 10% and 13%, respectively. Furthermore, we present the results of our analysis on security assessment of gait. Studying gait-based user authentication (in case of hip motion) under three attack scenarios, we revealed that a minimal effort mimicking does not help to improve the acceptance chances of impostors. However, impostors who know their closest person in the database or the genders of the users can be a threat to gait-based authentication. We also provide some new insights toward the uniqueness of gait in case of foot motion. In particular, we revealed the following: a sideway motion of the foot provides the most discrimination, compared to an up-down or forward-backward directions; and different segments of the gait cycle provide different level of discrimination.

Improved Gait Recognition Performance Using Cycle Matching

This paper presents a user authentication method based on gait (walking style). Human gait (in terms of acceleration signal) is collected using a wearable accelerometer sensor attached to the ankle of the person. Ankle accelerations from three directions (up-down, forward-backward and sideways) are utilized for identity verification purposes. Applying cycle matching method on experimental data from 30 subjects, we obtained an encouraging EER (Equal Error Rate) of 1.6% using sideway acceleration signals. In addition, our analysis indicate that performance is better with light shoes than with heavy shoes; and sideways motion appear to provide higher discrimination power compared to the up-down and forward-backward motions. Application area for such gait-based user authentication approach can be in improving security and usability of user authentication in emerging applications such as pervasive environment.

Robustness of biometric gait authentication against impersonation attack

This paper presents a gait authentication based on time-normalized gait cycles Unlike most of the previous works in gait recognition, using machine vision techniques, in our approach gait patterns are obtained from a physical sensor attached to the hip Acceleration in 3 directions: up-down, forward-backward and sideways of the hip movement, which is obtained by the sensor, is used for authentication Furthermore, we also present a study on the security strength of gait biometric against imitating or mimicking attacks, which has not been addressed in biometric gait recognition so far.

User authentication based on foot motion

In nearly all current systems, user authentication mechanism is one time and static. Although such type of user authentication is sufficient for many types of applications, in some scenarios, continuous or periodic re-verification of the identity is desirable, especially in high-security application. In this paper, we study user authentication based on 3D foot motion, which can be suitable for periodic identity re-verification purposes. Three-directional (3D) motion of the foot (in terms of acceleration signals) is collected using a wearable accelerometer sensor attached to the ankle of the person. Ankle accelerations from three directions (up-down, forward-backward and sideways) are analyzed for person authentication. Applied recognition method is based on detecting individual cycles in the signal and then finding best matching cycle pair between two acceleration signals. Using experimental data from 30 subjects, obtained EERs (Equal Error Rates) were in the range of 1.6–23.7% depending on motion directions and shoe types. Furthermore, by combining acceleration signals from 2D and 3D and then applying fusing techniques, recognition accuracies could be improved even further. The achieved performance improvements (in terms of EER) were up to 68.8%.

Towards understanding the uniqueness of gait biometric

In this paper, we provide some insights towards understanding the uniqueness of gait (ankle motion) by relating the discriminativeness of gait to the shoe type, direction of the motion and gait cycle. For analysis, we use gait samples of the people when all of them walk with the same specific types of footwear, thus eliminating the randomness (noise) introduced by the shoe variability. We collect gait using an accelerometer sensor, which is attached to the ankle of the person. The accelerometer records ankle motion in three directions: up-down, forward-backward and sideway. The verification method is based on detecting and averaging gait cycles in acceleration signal. Our gait data set consists of 480 samples from 30 persons. Each person walked with the 4 different types of footwear. Our analysis reveal that heavy footwear reduces the discrimination and the sideway motion of the foot has the most discriminating power compared to the up-down or forward-backward directions of the motion. Furthermore, various gait cycle parts contribute differently to the recognition performance. In addition, our analysis confirm that recognition performance can significantly decrease when the test and template samples are obtained using different shoe types. The recognition performance in terms of EER was in the range of 5%-18.3% mainly depending on the shoe type and the direction of motion.

Face recognition issues in a border control environment

Face recognition has greatly matured since the earliest forms, but still improvements must be made before it can be applied in high security or large scale applications. We conducted an experiment in order to estimate percentage of Norwegian people having one or more look-alikes in Norwegian population. The results indicate that the face recognition technology may not be adequate for identity verification in large scale applications. To survey the additional value of a human supervisor, we conducted an experiment where we investigated whether a human guard would detect false acceptances made by a computerized system, and the role of hair in human recognition of faces. The study showed that the human guard was able to detect almost 80% of the errors made by the computerized system. More over, the study showed that the ability of human guard to recognize a human face is a function of hair: false acceptance rate was significantly higher for the images where the hair was removed compared to where it was present.

Mapping between classical risk management and game theoretical approaches

In a typical classical risk assessment approach, the probabilities are usually guessed and not much guidance is provided on how to get the probabilities right. When coming up with probabilities, people are generally not well calibrated. History may not always be a very good teacher. Hence, in this paper, we explain how game theory can be integrated into classical risk management. Game theory puts emphasis on collecting representative data on how stakeholders assess the values of the outcomes of incidents rather than collecting the likelihood or probability of incident scenarios for future events that may not be stochastic. We describe how it can be mapped and utilized for risk management by relating a game theoretically inspired risk management process to ISO/IEC 27005. This shows how all the steps of classical risk management can be mapped to steps in the game theoretical model, however, some of the game theoretical steps at best have a very limited existence in ISO/IEC 27005.