A View from Christopher Mims
Smart Phones that Know Their Users by How They Walk
Biometric security is obtrusive–unless it’s on all the time, analyzing your gait.
Your smart phone is a hideous liability that renders you increasingly vulnerable to a host of fraudulent activities–everything from identity theft to the emptying of your bank accounts–every day. Right now phones are stolen because they’re valuable, but if you think about it, the data they contain–which will only become more lucrative once we’re using them as electronic wallets–is worth far more.
The problem is that unlike your bank’s website, you use your phone throughout the day, which makes tapping in a password over and over again so impractical that few users bother to lock their phones in this way.
The solution is biometrics–imagine phones with a fingerprint scanner–and the best kind operate transparently. So-called passive biometrics know who you are based on things you’re doing all the time anyway.
For passive biometrics to work, the more measures of the “youness” of you they can gather, the better. That’s because every biometric system has a certain false positive / false negative rate, and when one fails, a secondary one can take over for verification, thus guaranteeing that you are confronted with an actual password prompt as infrequently as possible.
Gait analysis is a tried-and-true method of passive biometrics, your gait being a very individual and hard-to-imitate trait.
Old-school systems used visual analysis or pressure plates in the floor to determine your gait, both of which are good for defending diamond vaults and military facilities, if not smart phones.
Fortunately, modern smart phones have tiny, piezoresistive MEMS accelerometers built-in. These things can measure acceleration in three different axes (x,y,z) which makes them perfectly suitable for analyzing the gyrations in three dimensions of your legs as you walk down the street with your phone in your pocket.
For the first time ever, researchers were able to use the accelerometer built into a smart phone to analyze gait (pdf) and their work suggests that, with further refinement, one of the ways your phone could know it’s in the right hands would be simply by passively analyzing your walking style.
First, the bad news: they were only able to achieve a 20 percent Equal Error Rate (EER), which means that one time out of five, the phone registered either a false positive or a false negative when trying to determine the identity of the user. And that’s with the phone in a hip holster, oriented in the same way every time.
But there’s no inherent reason why this technology couldn’t be fine-tuned - and if future smartphones include accelerometers with higher sampling rates, that would help. (The accelerometer in the Android G1 smartphone used for this experiment had sampled acceleration 40-50 times per second.)
Indeed, the ultimate combination would include gait analysis, voice recognition, fingerprint activation and, only if all of those failed, password entry. Just such a system was proposed in 2007, in a paper entitled Increasing Security of Mobile Devices by Decreasing User Effort in Verification. This combined approach would constitute a “method of frequent user verification, based on a cascade of unobtrusive biometrics… in such a way that explicit effort is required only if unobtrusive verification fails.”
The estimated false positive rate for this combined approach would be 1 percent or less – exactly what we need to protect the increasingly valuable data on our smart phones without transforming the use of them into a chore.
Update: The original paper has since disappeared from the web. Here’s the citation for anyone searching for it.
Mohammad O. Derawi, Claudia Nickel, Patrick Bours and Christoph Busch. Unobtrusive User-Authentication on Mobile Phones using Biometric Gait Recognition. In 6th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, October 2010”
image cc dusk photography