Research in biometric gait recognition has increased. Earlier gait recognition works reported promising results, usually with a small sample size. Recent studies with a larger sample size confirm gait potential as a biometric from which individuals can be identified. Despite much research being carried out in gait recognition, the topic of vulnerability of gait to attacks has not received enough attention. In this paper, an analysis of minimal-effort impersonation attack and the closest person attack on gait biometrics are presented. Unlike most previous gait recognition approaches, where gait is captured using a (video) camera from a distance, in our approach, gait is collected by an accelerometer sensor attached to the hip of subjects. Hip acceleration in three orthogonal directions (up-down, forward-backward, and sideways) is utilized for recognition. We have collected 760 gait sequences from 100 subjects. The experiments consisted of two parts. In the first part, subjects walked in their normal walking style, and using the averaged cycle method, an EER of about 13% was obtained. In the second part, subjects were trying to walk as someone else. Analysis based on FAR errors indicates that a minimal-effort impersonation attack on gait biometric does not necessarily improve the chances of an impostor being accepted. However, attackers with knowledge of their closest person in the database can be a serious threat to the authentication system. Index Terms-Biometricsecurity, gait mimicking, gait recognition, impersonation attacks, wearable sensor. 1556-6013/$25.00 © 2007 IEEE Davrondzhon Gafurov received the M.Sc. degree in computer engineering from Technological University of Tajikistan (TUT), Khujand, Tajikistan, in 2000 and is currently pursuing the Ph.D. degree in information security at
A Location Based Service (LBS) is a service where knowledge of the location of an object or individual is used to personalise the service. Typical examples include the E911 emergency location service in the US and 'Where is the nearest xx' type of services. However, since these services often may be implemented in a way that exposes sensitive personal information, there are several privacy issues to consider. A key question is: "Who should have access to what location information under which circumstances?" It is our view that individuals should be equipped with tools to become in the position to formulate their own personal location privacy policies, subject to applicable rules and regulations.This paper identifies concepts that may be useful when formulating such policies. The key concept is that of an observation of a located object. An observation typically includes the location, the identity of the object, the time the observation was made and the speed of the object. The idea is that the individual should be able to adjust the accuracy at which these observations are released depending on parameters such as the intended use and the identity of the recipient.We provide fragments of a language for formulating personal location privacy policies and give some small examples illustrating the kind of policies that we have in mind.
In general, an information security risk assessment (ISRA) method produces risk estimates, where risk is the product of the probability of occurrence of an event and the associated consequences for the given organization. ISRA practices vary among industries and disciplines, resulting in various approaches and methods for risk assessments. There exist several methods for comparing ISRA methods, but these are scoped to compare the content of the methods to a predefined set of criteria, rather than process tasks to be carried out and the issues the method is designed to address. It is the lack of an all-inclusive and comprehensive comparison that motivates this work. This paper proposes the Core Unified Risk Framework (CURF) as an all-inclusive approach to compare different methods, all-inclusive since we grew CURF organically by adding new issues and tasks from each reviewed method. If a task or issue was present in surveyed ISRA method, but not in CURF, it was appended to the model, thus obtaining a measure of completeness for the studied methods. The scope of this work is primarily functional approaches risk assessment procedures, which are the formal ISRA methods that focus on assessments of assets, threats, vulnerabilities, and protections, often with measures of probability and consequence. The proposed approach allowed for Digital Security Section, NTNU, Teknologiveien 22, 2815 Gjøvik, Norway a detailed qualitative comparison of processes and activities in each method and provided a measure of completeness. This study does not address aspects beyond risk identification, estimation, and evaluation; considering the total of all three activities, we found the "ISO/IEC 27005 Information Security Risk Management" to be the most complete approach at present. For risk estimation only, we found the Factor Analysis of Information Risk and ISO/IEC 27005:2011 as the most complete frameworks. In addition, this study discovers and analyzes several gaps in the surveyed methods.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.