Walk-Unlock: Zero-Interaction Authentication Protected with Multi-Modal Gait Biometrics
Zero-interaction authentication (ZIA) refers to a form of user-transparent login mechanism using which a terminal (e.g., a desktop computer) can be unlocked by the mere proximity of an authentication token (e.g., a smartphone). Given its appealing usability, ZIA has already been deployed in many real-world applications. However, ZIA contains one major security weakness - unauthorized physical access to the token, e.g., during lunch-time or upon theft, allows the attacker to have unfettered access to the terminal. In this paper, we address this gaping vulnerability with ZIA systems by (un)locking the authentication token with the user's walking pattern as she approaches the terminal to access it. Since a user's walking or gait pattern is believed to be unique, only that user (no imposter) would be able to unlock the token to gain access to the terminal in a ZIA session. While walking-based biometrics schemes have been studied in prior literature for other application settings, our main novelty lies in the careful use of: (1) multiple sensors available on the current breed of devices (e.g., accelerometer, gyroscope and magnetometer), and (2) multiple devices carried by the user (in particular, an "in-pocket" smartphone and a "wrist-worn" smartwatch), that all capture unique facets of user's walking pattern. Our contributions are three-fold. First, we introduce, design and implement WUZIA ("Walk-Unlock ZIA"), a multi-modal walking biometrics approach tailored to enhance the security of ZIA systems (still with zero interaction). Second, we demonstrate that WUZIA offers a high degree of detection accuracy, based on multi-sensor and multi-device fusion. Third, we show that WUZIA can resist active attacks that attempt to mimic a user's walking pattern, especially when multiple devices are used.