If someone steals your smartphone, the harder it is for them to unlock it, the better. New research shows how gait analysis could provide an added layer of security, by authenticating a user’s identity based on the way they walk.

In the recent study – which was led by Britain’s University of Plymouth – 44 participants between 18 and 56 years of age were tasked with carrying a widely-available smartphone in a belt pouch for seven to 10 days. While they went about their regular routines, that phone’s gyroscope and accelerometer measured and recorded their distinctive walking movements.

Each person performed about 4,000 walking activities over the testing period, although those activities were grouped into just three main categories: normal walking, fast walking, and climbing/descending stairs.

Once a gait “signature” had been established for each test subject, the scientists set about trying to identify which person was which, based solely on those signatures. On average, they were about 85 percent accurate at doing so, although that number rose to 90 percent when the stair category wasn’t included.

More specifically, there was an error rate of 11.38 percent for normal walking, 11.32 percent for fast walking, 24.52 percent for climbing stairs, and 27.33 percent for descending stairs. And while those numbers obviously aren’t perfect, the researchers believe that they could be improved significantly once the gait authentication system is developed further. That said, the technology will likely just compliment other identification methods, not replace them.

“Gait recognition alone will not be the answer to usable and convenient authentication, however it could form a critically important tool within the cyber arsenal that could contribute towards creating a stronger awareness of a user’s identity,” says Prof. Nathan Clarke. “This study demonstrates, for the first time outside of laboratory-controlled conditions, what level of performance can be achieved realistically.”

A paper on the study was recently published in the journal Computers & Security.

Source: University of Plymouth