Seamless device pairing conditioned on the context of use fosters novel application domains and ease of use. Examples are automatic device pairings with objects interacted with, such as instrumented shopping baskets, electronic tourist guides (e.g. tablets), fitness trackers or other fitness equipment. Recently, gait has been proposed as a feature for mobile device pairing across arbitrary positions on the human body. Here, the correlation in acceleration sequences from devices worn or carried together by the same person are exploited to extract always-fresh secure secrets. Results indicate that the correlation in gait-based features across different body locations is sufficient to establish secure device pairing. However, the population size of the studies is limited and powerful attackers with e.g. capability of video recording are not considered.
In this talk, I will present a discussion of security properties of gait-based pairing schemes including a discussion of popular quantization schemes, classification and analysis of attack surfaces, analysis of statistical properties of generated sequences, an entropy analysis, as well as possible threats and security weaknesses of gait-based pairing systems. As a general limitation of gait-based authentication or pairing systems, we further demonstrated that an adversary with video support can create key sequences that are sufficiently close to on-body generated acceleration sequences to breach gait-based security mechanisms
Dominik Schürmann received his Ph.D. in 2018 from TU Braunschweig. He worked as a research fellow at the Institute of Operating Systems and Computer Networks at TU Braunschweig and is now co-founding the startup Confidential Technologies. His research interests include interaction-free security based on physical context and usable security in general.