User Verification Leveraging Gait Recognition for Smartphone Enabled Mobile Healthcare Systems

The rapid deployment of sensing technology in smartphones and the explosion of their usage in people's daily lives provide users with the ability to collectively sense the world. This leads to a growing trend of mobile healthcare systems utilizing sensing data collected from smartphones with/without additional external sensors to analyze and understand people's physical and mental states. However, such healthcare systems are vulnerable to user spoofing, in which an adversary distributes his registered device to other users such that data collected from these users can be claimed as his own to obtain more healthcare benefits and undermine the successful operation of mobile healthcare systems. Existing mitigation approaches either only rely on a secret PIN number (which can not deal with colluded attacks) or require an explicit user action for verification. In this paper, we propose a user verification system leveraging unique gait patterns derived from acceleration readings to detect possible user spoofing in mobile healthcare systems. Our framework exploits the readily available accelerometers embedded within smartphones for user verification. Specifically, our user spoofing mitigation framework (which consists of three components, namely Step Cycle Identification, Step Cycle Interpolation, and Similarity Comparison) is used to extract gait patterns from run-time accelerometer measurements to perform robust user verification under various walking speeds. We show that our framework can be implemented in two ways: user-centric and server-centric, and it is robust to not only random but also mimic attacks. Our extensive experiments using over 3,000 smartphone-based traces with mobile phones placed on different body positions confirm the effectiveness of the proposed framework with users walking at various speeds. This strongly indicates the feasibility of using smartphone based low grade accelerometer to conduct gait recognition and facilitate effective user verification without active user cooperation.