Scenario Test of Accelerometer-Based Biometric Gait Recognition Claudia Nickel * , Mohammad O. Derawi † , Patrick Bours † and Christoph Busch † * Center for Advanced Security Research Darmstadt, Hochschule Darmstadt, Germany * Email: c.nickel@fbi.h-da.de † Norwegian Information Security Lab., Gjøvik University College, Norway † Email: {mohammad.derawi, patrick.bours, christoph.busch}@hig.no Abstract—The goal of our research is to develop methods for accelerometer-based gait recognition, which are robust, stable and fast enough to be used for authentication on mobile devices. To show how far we are in reaching this goal we developed a new cycle extraction method, implemented an application for android phones and conducted a scenario test. We evaluated two different methods, which apply the same cycle extraction technique but use different comparison methods. 48 subjects took part in the scenario test. After enrolment they were walking for about 15 minutes on a predefined route. To get a realistic scenario this route included climbing of stairs, opening doors, walking around corners etc. About every 30 seconds the subject stopped and the authentication was started. This paper introduces the new cycle extraction method and shows the Detection Error Trade-Off-curves, error rates separated by route-section and subject as well as the computation times for enrolment and authentication on a Motorola milestone phone. Keywords-biometrics; gait recognition; scenario test; mobile device; accelerometer I. I NTRODUCTION The development of mobile devices is progressing rapidly and constantly new features are added to the properties of the devices. These include high-quality cameras, UMTS- antennas, calendars etc. which increases the number of applications that can be run on the device and at the same time increases the amount of stored sensitive data. When smartphones are used in a business scenario, often confidential data like business contacts, emails, information about projects are contained in the devices. But also in a private environment the amount of sensitive data is high. Therefore, the protection of data stored on mobile devices is becoming more and more important. While offering a large amount of applications, most mobile devices only offer one kind of authentication method which is knowledge-based (e.g. PIN or password). As studies have shown, these methods are not well accepted by the users [1]. Mainly out of convenience 87% of the users do not require PIN-authentication after a stand-by phase. As a result of this, all data stored on the device is freely available to any person gaining physical access to the device, which is clearly a security problem. A solution to this problem is to offer alternative authen- tication methods which have a higher user acceptance. As many people who choose this low security setting do this because entering a PIN is too much effort, an alternative method should minimize the user interaction. We propose accelerometer-based gait recognition for authentication on mobile devices. As most smartphones already contain ac- celerometers (e.g. for games or adjusting the orientation of the screen), these can be directly used for recording of the gait data. No extra hardware is necessary, which is a great advantage over e.g. fingerprint recognition which can only be run on a few mobile phones containing fingerprint readers. However, the main advantage of gait recognition is its unobtrusiveness. While a subject is walking with his phone, the accelerometer data can be recorded. When the subject wants to use his phone after it was locked, the probe can be extracted and compared with the reference data stored on the phone. When there is no match the phone remains locked, otherwise the user can directly use it without having to enter any PIN or the like. In this case the user would notice no difference to an unsecured phone which shows the high usability of this method. To avoid false non-matches because of short irregularities in the gait (e.g. because of steps or irregular ground), the authentication decision should be based on data collected during a longer time period (e.g. 30 seconds). Clearly this method can not stand alone but has to be combined with some kind of active authentication like PIN, to allow an authentication in case the user is not walking. Accelerometer-based gait recognition was first proposed by Ailisto et al. in 2005 [2] and further developed by Ga- furov [3]. They used high-quality dedicated accelerometers which were placed on the hip, arm or ankle to record the acceleration while the subjects were walking. Only recently researchers started to use mobile devices to record the accelerometer data [4], [5], [6], [7]. Nevertheless, so far the feature extraction and comparison have always been executed on a PC and not on the device as done for this paper. When introducing a new biometric authentication tech- nique it is also important to consider the fraud resistance. The gait of a subject is visible to potential attackers who might analyze it to get access to the phone via mimicking. This was considered in a study by Mjaaland [8]. Despite having obtained feedback in the form of videos and sta- tistical analysis, the participants did not show a significant