Pistis: Replay Attack and Liveness Detection for Gait-Based User Authentication System on Wearable Devices Using Vibration

Wearable devices-based biometrics has become mainstream in the biometric domain, especially in mobile computing, due to its convenience, flexibility, and potentially high user acceptance. Among various modalities, wearable devices-based gait recognition has been recognized as an effective user authentication method and employed in various applications, such as automated entry systems for home, school, work, vehicles, and automated ticket payment/validation for public transport. However, how secure wearable gait remains an open research question. In this study, we conduct a comprehensive security analysis of the wearable gait. Then, we demonstrate that gait itself is not robust against some attacking methods, such as spoofing or forgery. Therefore, we argue that an anti-spoofing mechanism is important for enhancing the security of wearable gait biometric systems. To this end, we proposed a novel authentication protocol called $Pistis$ that embedded gait biometrics and a liveness detection mechanism that is aiming to detect various attacks of gait authentication systems. Our extensive experiments based on 50 subjects demonstrate that $Pistis$ is effective in liveness detection and authentication performance enhancement, providing 100% accuracy for human and nonhuman detection, and 99.53% accuracy for user authentication. Pistis can be used as a liveness detection method for wearable devices-based biometrics, significantly for wearable gait.