Received February 21, 2019, accepted March 8, 2019, date of publication March 22, 2019, date of current version

April 5, 2019.
Digital Object Identifier 10.1109/ACCESS.2019.2906663

You Walk, We Authenticate: Lightweight

Seamless Authentication Based on Gait
in Wearable IoT Systems
PRATIK MUSALE 1,2 , DUIN BAEK1,2 , NUWAN WERELLAGAMA1,2 , SIMON S. WOO 3,

AND BONG JUN CHOI 4 , (Member, IEEE)

1 Department of Computer Science, Stony Brook University, Stony Brook, NY 11794, USA
2 Department of Computer Science, The State University of New York (SUNY) Korea, Incheon 21985, South Korea
3 Department of Applied Data Science, SKKU Institute for Convergence, Sungkyunkwan University, Suwon 16419, South Korea
4 School of Computer Science and Engineering and School of Electronic Engineering, Soongsil University, Seoul 06978, South Korea

Corresponding author: Bong Jun Choi ([email protected])

This research was funded by the Ministry of Science and ICT(MSIT), Korea, under the ‘‘Information and Communication Technology
(ICT) Consilience Creative Program’’ (IITP-2019-2011-1-00783) supervised by the Institute for Information & Communications
Technology Promotion (IITP), by the Korea Evaluation Institute of Industrial Technology (KEIT), Korea, under the ‘‘Global Advanced
Technology Center’’ (10053204), and by the National Research Foundation of Korea (NRF), Korea, under the ‘‘Basic Science Research
Program’’ (NRF-2015R1C1A1A01053788). The authors are highly grateful for the volunteers who participated in this study.

ABSTRACT With a plethora of wearable IoT devices available today, we can easily monitor human
activities, many of which are unconscious or subconscious. Interestingly, some of these activities exhibit
distinct patterns for each individual, which can provide an opportunity to extract useful features for user
authentication. Among those activities, walking is one of the most rudimentary and mundane activity.
Considering each individual’s unique walking pattern, gait, which is the pattern of limb movements during
locomotion, can be utilized as a biometric feature for user authentication. In this paper, we propose a
lightweight seamless authentication framework based on gait (LiSA-G) that can authenticate and identify
users on the widely available commercial smartwatches. Unlike the existing works, our proposed framework
extracts not only the statistical features but also the human-action-related features from the collected sensor
data in order to more accurately and efficiently reveal distinct patterns. Our experimental results show that
our framework achieves a higher authentication accuracy (i.e., an average equal error rate (EER) of 8.2%) in
comparison with the existing works while requiring fewer features and less amount of sensor data. This makes
our framework more practical and rapidly deployable in the wearable IoT systems with limited computing
power and energy capacity.

INDEX TERMS User authentication, gait, wearable device, Internet of Things, machine learning.
I. INTRODUCTION such as WiFi and a variety of sensors. However, such multiple
The emergence of the Internet of Things (IoT) has revolu- connectives on wearable devices can expose a variety of
tionized numerous systems and the way we interact with the personal information and further increase the risk of security
computing and communication systems. On top of the pre- breaches [2] which necessitates robust security measures.
dominant smartphones, there is a rapid increase in the number However, the attention to security aspects of wearable
of wearable IoT devices such as smartwatches, smartglasses, IoT devices has not kept pace with that to the quantitative
and so on. According to Gartner Inc., we will reach the growth. Compared to the precedent IoT devices, such as
world-wide sales volume of 225 million wearable IoT devices smartphones, wearable IoT devices are more prone to var-
in 2019 [1]. ious security attacks due to the lack of security measures
Although initial wearable devices were equipped with (e.g., insufficient user authentication) and limited resources
limited connectivity such as Bluetooth, the latest wearable (e.g., computing power and energy capacity). For example,
devices are equipped with various communication modules in 2013, hackers were able to remotely infiltrate Google
Glass systems to watch and hear everything wearers did [3].
The associate editor coordinating the review of this manuscript and In 2015, a study conducted by HP demonstrated that all
approving it for publication was Jiafeng Xie. smartwatches can be vulnerable to security attacks [4].
2169-3536
2019 IEEE. Translations and content mining are permitted for academic research only.
VOLUME 7, 2019 Personal use is also permitted, but republication/redistribution requires IEEE permission. 37883
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
 P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

Thus, to address the vulnerability of current wearable IoT wearable devices: smartwatch, smartring, smartanklet,
security system, we consider user authentication which is smartshoes, and smartbands. Among those various devices,
one of the most principal security measures. In user authen- we select a smartwatch as a wearable IoT device to record gait
tication, one of the most commonly used methods is using data since smartwatches are showing an exponential growth
passwords due to its simplicity. However, to procure a certain and expected to control nearly the half of the world market in
level of strong user authentication, users should maintain wearable devices by 2022 [13].
at least 19 different passwords on average for their various In the literature, various research works [8], [14]–[19]
devices and services [5]. Thus, people often have difficulty have been proposed to authenticate wearable or hand-held
in remembering a correct password. According to the survey device users, using subconscious activities. However, most of
conducted by Centrify at Infosecurity Europe 2015, 33% of the prior research conducted their experiments on their own
participants in the study suffered from password rage [6]. custom-made devices, where the sensors were elaborately
Recently, Hanamsagar et al. [7] showed there is and manually calibrated to meet their own convenience [14],
significant password re-use over multiple different online [15]. In practice, however, such calibration is infeasible for
accounts. Besides, the PIN/Pattern-based authentication on most wearable IoT device users.
smartwatches can be also prone to shoulder surfing and Even though there are some research projects conducted on
social engineering attacks [8]. Though regarded as more commercial devices, they involve a long period of the authen-
robust authentication system than passwords, conventional tication process mostly incurred by their walking detection
biometric-based authentication is also vulnerable to security algorithm (e.g., a user needs to walk more than 15 seconds
breaches. Fingerprint-based authentication can be deceived on average for authentication) [16], [17], [19]. Consequently,
by high quality fingerprint images or counterfeit fingers they require a relatively large volume of data, which can be
created using a 3D printer [9]. Even commercial iris-based burdensome to wearable IoT devices with limited computing
authentication systems were breached by high-quality iris resources and energy capacity.
images [10]. Therefore, to bridge the gaps in the existing works, we pro-
To tackle the aforementioned security limitations in wear- pose a lightweight seamless authentication framework based
able IoT devices, we propose an authentication framework on gait (LiSA-G) that securely authenticates users on com-
that addresses the following questions: mercial smartwatch in a light manner. Unlike the existing
• How can we design an authentication framework that is works that extract only the statistical features from sensor
both reliable and user-friendly so that users do not need data, LiSA-G additionally considers mechanical traits that
to remember their passwords? are bound by the physical attribute of individuals. In addi-
• How can we design an authentication framework that is tion, LiSA-G requires only one sampling period of sensor
laborious for attackers to hack or reproduce? data which is much less than those of the existing works
• How can we design an authentication framework that is (i.e., 8-20 sampling periods) [14], [16], [17]. The experimen-
easily deployable? tal results show that our work achieves an Equal Error Rate
To address those questions, we utilize subconscious activi- (EER) of 8.2% on 51 participants, while using less number of
ties to authenticate wearable IoT device users. In interactions features extracted from much shorter periods of sensor data.
with users, wearable IoT devices generate various sensor data Our contributions are summarized as follows:
such as accelerometer or gyroscope data. And the pattern in • Increased the authentication accuracy by using human-
such sensor data can be distinct as each user performs sub- action-related features as well as statistical ones.
conscious activities in their own way, which is not required • Reduced the number of features used for authentication.
to remember as well as difficult to hack or copy. • Reduced the time required for gait authentication by
Among various subconscious activities, we consider gait, eliminating the gait cycle detection.
which is the pattern of limb movements during locomotion as The rest of this paper is organized as follows. In Section II,
it satisfies the goal of our authentication framework to pro- we review related works. In Section III, we propose a
vide a reliable and user-friendly authentication. Specifically, lightweight seamless authentication framework based on gait
gait is shown to provide unique patterns even between people (LiSA-G). In Section IV, we compare our experimental
having similar physical attributes [11], and walking is one of results to the existing techniques. Additionally, we present
the most rudimentary and mundane activities that requiring the potential application scenario of our work in Section V,
significant effort to copy or mimic. followed by some discussion and limitations in Section VI.
In the literature, gait-based authentication frameworks can We finally conclude our paper in Section VII.
be classified into two categories based on the type of data
used: 1) vision-based authentication, and 2) sensor-based II. RELATED WORK
authentication. The former can be spoofed by impersonating A. GAIT AND GESTURE BASED AUTHENTICATION USING
a person with a similar appearance and/or clothes [12]. SMARTPHONES
Therefore, we focus on gait authentication utilizing sensors Muaaz and Mayrhofer [17] presented a gait-based authen-
in commercial wearable devices which are easily deployable. tication method on a smartphone, where a user keeps
To record the human gait sensor data, we can use various his/her phone in his/her pocket. They developed an Android

37884 VOLUME 7, 2019

P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

application to measure the accelerometer data from the smart- auto-correlation. Reduction of noise in the acceleration data
phone. A pedometer sensor on a smartphone is used to detect along the 3 axes was done by using a Butterworth filter.
if the person is walking or not. If the condition was true, then For authentication, semi-supervised anomaly detection was
the accelerometer data would be recorded for 15 seconds. used. For this, the Euclidean distance and the nearest neighbor
Both sensors were operated at 200 Hz. The collected data analysis were used to determine the anomaly score, and the
was further processed using linear interpolation and Savitzky- authentication accuracy achieved was 7.8% of EER.
Golay filter. Gait cycles were detected using local maxima Zhao et al. [8] presented a touch-based authentication
and DTW (Dynamic Time Wrapping). To check the actual scheme on a smartwatch. A user can design his/her own user
performance of the system, impersonation attacks were per- interface on the screen, and hence the user can interact and
formed. They achieved an EER of 13% with 35 volunteers. enter his/her own PIN pattern. They measured authentica-
Shahzad et al. [18] presented a gesture-based authentica- tion accuracy, authentication speed, and security level. The
tion. Here, users input their own user-specific gestures on authentication was measured by the average accuracy rate
the mobile touchscreen. They extracted some unique user of the input password/pattern. The authentication speed was
features from the way passwords were inputted to devices. measured by the average completion of the input, and the
To record the data, they developed an Android application security level was estimated by the rate of correctly replicated
and Windows platform. They recorded the data of each touch passwords/patterns by shoulder surfing. They concluded that
point on the screen, accelerometer, and time-stamps. They the Square PIN was most secure.
found that various gestures result in different average clas- Terada et al. [15] used Hitachi wireless-T (ankle wearable
sification accuracies. For classification, they used Support sensor) to record the accelerometer data and angular velocity
Vector Distribution Estimation (SVDE) with Radial Basis data at 100 Hz. To evaluate the data, they used a scoring
Function (RBF) kernel and achieved a false positive rate for system that uses the sum of differences between registered
each gesture under 5%. data and input data for the rolling angular velocity in the
Mahfouz et al. [19] presented a behavior based authenti- swing phase. The score and threshold decided the legitimacy
cation for smartphones. They developed an Android appli- of the user. An EER of 20% was obtained by using this
cation that can authenticate users based on the authentica- method. Slightly different from the aforementioned studies
tion scores which were calculated using gesture modality where the smartphone was kept in the waist pocket, this work
extracted from certain features. They recorded events related involved more movements from the legs than arms, which can
to unlocking touchscreen from 52 volunteers. For each touch, give more details of gait.
they recorded the time-stamp, coordinates, pressure, size, and
action code. For evaluation purpose, they used a classification C. ALTERNATIVE AUTHENTICATION USING WEARABLES
model which was trained on data from both a legitimate Yoon et al. [22] utilized the ambient light sensor for users to
user and impostors and anomaly detection model which was type PIN code in user authentication. Based on the ambient
trained on data from the legitimate user only. light value measured, they defined two states of the sensor:
1) Non-Zero Lux (NZL), and 2) Zero Lux (ZL). By combin-
B. GAIT AND GESTURE BASED AUTHENTICATION USING ing the states, this work identified the user actions such as
WEARABLES DEVICES single click (NZL → ZL), double click (NZL → ZL → NZL
Johnston and Weiss [16] developed an Android application → ZL), and hold (ZL → ZL), and utilized such actions as
to collect the time-stamped accelerometer and gyroscope PIN code for user authentication. However, the experiment
data from a commercial smartwatch. The data was recorded was conducted in the indoor environment where lighting con-
at 20 Hz, the process of authentication required minimum ditions are constant. Thus, in the outdoor environment where
10 seconds of data (i.e., 200 samples). They extracted the fol- light changes drastically, the light-sensor based authentica-
lowing features from the data set: average, standard deviation, tion may not work.
average absolute difference, the time between peaks, binned Vhaduri and Poellabauer [23] designed a continuous user
distribution, and average resultant acceleration. WEKA [21] authentication using commercially available smartbands,
data mining suite is used for classification, and the highest and smartwatches. Using their own developed Android and
identification and authentication EER achieved was 8.1%. iOS applications, they collected physical activity data such
Cola et al. [14] presented a gait based authentication sys- as step counts and physiological activity data such as heart
tem that has only one user’s gait pattern but no knowledge rate, calorie burn. In the experiment, they recruited 500 vol-
to patterns of other users, just like the commercial smart- unteers for 2 years. From the collected data, they extracted
phone that stores only the fingerprints of its owner. For 45 features for user classification. Using the Support Vector
their manual implementation of the smartwatch, they used Machine (SVM), they achieved the maximum user authenti-
a Shimmer 3, an embedded TI MSP430 micro-controller cation accuracy of 93%. However, one of the major bottle-
(up to 24 MHz clock, 16 kB RAM, 256 kB flash), and an necks in this work is to continuously authenticate uses in the
ST Micro LSM303DLHC accelerometer operating at 50 Hz. wearable devices that have limited computation power and
Walking detection was done by using a peak detection, battery. Moreover, only statistical features were considered
and irregular patterns in the data were reduced by using in user authentication.

VOLUME 7, 2019 37885

 P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

TABLE 1. Summary of limitations of existing gait and gesture based authentication models.

Enamamu et al. [24] utilized heart rate as a biometric A. SYSTEM OVERVIEW

measure for user authentication. To record the heart rate data In the conventional authentication system, a user needs to
from MioFuse, Fitbit and Microsoft band, they developed authenticate himself/herself by typing a password or provid-
an Android application. To decompose the heart rate signals ing biometric measures. In other words, the existing authen-
into sub-bands, discrete wavelet transform (DWT) was used. tication system requires direct user interaction, which may
From 4 sub-bands, they extracted 10 features from each sub- hinder seamless authentication. However, when enabled to
band in the feature extraction process. Using the feed forward automatically analyze users’ sensor data collected in real-
neural network, they achieved the maximum EER of 11%. time via wearable IoT devices, we can authenticate users
However, despite the advantage of usability, the heart rate is without requiring their direct or active interaction.
directly dependent on mental and physical state, which can Aiming such seamless authentication, we propose a gait-
incur false alarms. based authentication framework for wearable IoT devices
Voit and Schneegass [25] proposed FabricID, a user that automatically authenticates users by analyzing their
authentication system based on smart textile embedded in the sensor data. As shown in Figure 1, the workflow of our
sleeve. They developed their own fabric that can differentiate framework mainly consists of three steps: 1) data collection,
users’ hand-prints by measuring the pressure distribution, and 2) data preprocessing, and 3) authentication. In the data
authenticated users using the identified hand-prints. From the collection step, implemented in the smartwatch, a client-
1024 pressure sensor values, they extracted 71 features, and side LiSA-G collects and transmits the sensor data stream
fed them into a lightweight 5NN classifier, which achieved to the server. Then, a server-side LiSA-G runs the data
an identification accuracy of 82.5%. Even though FabricID preprocessing that removes undesirable glitches and noises
increases the physical space for user interaction with the in the received data stream as well as getting a consistent
system, a hand can be easily duplicated with the advance- data sampling rate by applying linear interpolation. In the
ment of 3D print. Moreover, the placement of the hand authentication step, the server-side LiSA-G extracts not only
on the fabric might differ each time, which can raise false statistical features (e.g., mean, standard deviation) but also
alarms. physical or mechanical features of arm movement (e.g., pitch,
yaw, roll) from the data. Then, based on the extracted features,
D. LIMITATIONS OF EXISTING WORKS the server-side LiSA-G authenticates users via machine learn-
The research works in [14], [16], and [17] require walking ing techniques.
detection algorithm that incurs a long period of authenti-
cation process. Besides, the studies in [14] and [15] did B. DATA COLLECTION
not use any commercial devices as commercial devices are To collect the behavioral data from users, we developed
not precisely calibrated and the sampling frequency typi- two Android applications that operate on smartwatches and
cally differs. The studies presented in [8], [18], and [19] smartphones, respectively. As the smartwatches used in our
are still vulnerable to shoulder surfing attack. The work experiment are only equipped with Bluetooth connectivity,
presented by [8] is also prone to social engineering attack. we pair a smartphone and a smartwatch with each other so
Moreover, the existing works extracts only statistical fea- that the smartphone acts as a access point to relay sensor data
tures from the sensor data, missing the distinct behavioral stream collected in the smartwatch to the remote server.
attributes among individuals. The device type, authentication For registration of users, users are asked to submit the
model, and limitations of the existing works are summarized following basic information using the developed smart-
in Table 1. phone application: 1) name, 2) date of birth, 3) height, and
4) weight. After the submission, the smartwatch application
III. LiSA-G shows a button to start recording the sensor data. On touching
In this section, we present a light-weight seamless authen- the button, the smartwatch starts recording data from two
tication framework based on gait (LiSA-G) for wearable types of sensors available on the smartwatch: 1) accelerom-
IoT devices. eter, and 2) gyroscope, both of which operate at 100 Hz.

37886 VOLUME 7, 2019

P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

FIGURE 1. System overview.

FIGURE 3. Sensor data collected from an user.

cleaned and refined in the data preprocessing step. Before

FIGURE 2. Android applications for data collection. (a) Smartwatch
application. (b) Smartphone application.
running the preprocessing, we first visualize the raw sen-
sor data to gain an insight to analyze the data. As shown
in Figure 3, we observed that the data patterns repeat in
Note that our system does not conduct any additional cal-
approximately 100 samples which can be interpreted as an
ibration beforehand to reflect the practical situation where
arm swing. However, some of the data sequences show abnor-
users do not manually calibrate their smartphone or smart-
mal values. Thus, we removed or mitigated such fallacious
watches. For data recording, each user walks approximately
values as presented below.
500 meters in his/her normal gait. The sensor data is stored in
the smartwatch in comma separated values (CSV) files and
forwarded to its paired smartphone using Bluetooth. Then, 1) SPIKE REMOVAL
the data is transported from the smartphone to the authen- As we kept the sensors uncalibrated, there were some unex-
tication server. Figure 2 shows the graphical user interfaces pected values skyrocketing in the raw sensor data as shown
(GUI) of the Android application used for data collection. in Figure 4a. We call these values spikes which could degrade
the authentication performance. Note that the spike values
C. DATA PREPROCESSING in the figure range from −25km/s2 to 5km/s2 which are
Since raw (uncalibrated) sensor data collected from smart- unrealistic. Thus, to eliminate such undesirable spikes, we use
watches may contain undesired noise, the raw sensor data is a spike removal algorithm that runs as follow.

VOLUME 7, 2019 37887

 P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

FIGURE 4. Effect of spike removal. (a) Before spike removal. (b) After
spike removal.

1) Detect all the peaks in a given data sequence. FIGURE 5. Accelerometer data after noise removal.
2) Compute the average of the peaks and remove the peaks
that are λ times higher than the average. TABLE 2. Notations and symbols.

Though the idea of this algorithm is quite simple, it detects

and removes unusual spikes well. As shown in Figure 4b,
spikes are effectively removed when λ = 5. Depending on
the rigidity of the spike removal process, λ can be adjusted.

2) INTERPOLATION
As mentioned in the data collection process, the sensors in
the smartwatch operate at 100 Hz. However, the Android
API does not output sensor values at fixed time intervals.
This is due to the mechanism of OnSensorChanged method
in Android systems that outputs a sensor value only when
the value differs from its previous value [26]. As a result,
even at 100 Hz sampling rate, the sensor may not gener-
ate 100 samples in one second. That is, the data from the concentrated their gaze on the smartwatch while walking in
sensor may not be at equidistant time-intervals. In order to the beginning. After some brief moment, they started walking
remedy such inconsistency, we apply linear interpolation to normally. Similarly, they consciously gazed on the smart-
approximate the correlation between a time sequence and its watch at the end of their walk. When analyzing the sensor
corresponding sensor values as data sequences, we observed that most of such noises are
distributed at both ends of the data sequence. Hence, we apply
(A1 − A0 )(t 0 − t0 )
A0 = A0 + , (1) a band-pass filter to the data in order to remove the noises
(t1 − t0 ) at both ends. Figure 5 shows the refined data after the noise
where A0 and A1 denote previous and current sensor data removal process.
values, respectively. t0 and t1 are the time values for A0 and
A1 , respectively. t 0 denotes the time value or series between D. USER AUTHENTICATION
t0 and t1 . In the user authentication process, LiSA-G first extracts a
set of features from the preprocessed data. In the existing
3) NOISE REMOVAL research, various statistical features have been considered in
In addition to spikes, sensor noises are inevitably generated the feature extraction process. Cola et al. [14] considered
during the recording of sensor data. The main sources of interquartile range (IQR), kurtosis, max, min, mean, mean
noise is the electronic noise generated from the circuitry that crossing rate (MCR), median, median absolute deviation
converts the motion into an electric signal and the mechanical (MAD), peak to peak amplitude, root mean square (RMS),
noise from the sensor itself. Thus, to remove such random skewness, and standard deviation. On the other hand, John-
noises, we apply the Savitzky-Golay smoothing filter (also ston and Weiss [16] used average absolute difference (AAD),
known as the least square smoothing filter) [27]. Specifically, binned distribution, and average resultant acceleration (ARA)
it applies the least square fit to a high degree polynomial on top of mean, standard deviation, peak to peak amplitude
with an odd size window while the data point is at the center. as features.
We choose the least square smoothing filter as it preserves However, with an increase in the number of participants,
the original features of a waveform (e.g., relative maxima, the accuracy of user authentication can degrade when only the
minima, and width), while effectively reducing the noise. statistical features are taken into account. Therefore, we addi-
Moreover, we remove the noise incurred from the human tionally consider physical or mechanical features which can
factor. During our experiments, some volunteers consciously better represent each user’s unique attributes in physical

37888 VOLUME 7, 2019

P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

movement. Concurrently aiming to authenticate users in a 5) CORRELATION (ρ(a,b) )

lightweight manner, we empirically select the following fea- As mentioned earlier, we use two kinds of sensors to analyze
tures that well represent characteristics of each user’s walking users’ gait: 1) accelerometer, and 2) gyroscope. As both sen-
motion: mean, standard deviation, skewness, kurtosis, corre- sors are coupled in terms of the sensor dynamics, we calculate
lation, pitch, roll, yaw, and force. To extract the aforemen- the correlation between both sensors. Concretely, there can
tioned features, we divide each user’s whole data sequence be correlations between the sensors about their x, y, and
into smaller data sequences with equal sample window size. z axes. Hence, we extract 9 correlation features in total. The
We quantify one smaller data sequence as a period of the correlation between two data sequences, namely a and b,
whole data sequence. As shown in Figure 3, we can observe is calculated as follows:
the data sequence periodically repeats approximately every 6(ai − ā)(bi − b̄)
100 data samples. In the following, we present each feature ρ(a, b) = p q , (4)
2
and briefly explain each definition and interpretation. 6(ai − ā) 6(bi − b̄)
2

where a ∈ {Accx , Accy , Accz } and b ∈ {Gx , Gy , Gz }.

1) MEAN (x̄)
We calculate mean values for both accelerometer and gyro- 6) PITCH, ROLL, AND YAW
¯ x and G¯x . Those
scope on each axis (x, y, and z), e.g., Acc In mathematics, the Euler angles describe the orientation of
mean values represent each user’s general arm swing accel- a rigid body in 3D space using 3 elemental rotation axes:
eration and wrist rotation. 1) yaw (vertical), 2) pitch (transverse), and 3) roll (longi-
tudinal). To understand the mechanism of the Euler angles,
2) STANDARD DEVIATION (σx ) imagine an aircraft in flight. The yaw rotation is the rotational
We calculate standard deviation values for both accelerometer movement of the aircraft nose to left or right about the yaw
and gyroscope on each axis (x, y, and z), e.g., σAccx and σGx . axis running up and down. The pitch rotation is the rotational
The standard deviation represents the consistency in arm movement of the aircraft nose to up or down about the pitch
swing. For instance, a smaller σx can be interpreted as a more axis running from a wing to the other wing. The roll rotation
constant arm swing pattern. is the rotational movement about the roll axis running from
nose to tail. Similarly, we can consider a smartwatch worn
3) SKEWNESS (γx ) on each user’s wrist as an aircraft controlled by the arm
In mathematics, skewness measures the asymmetry of data swinging motion and the wrist rotation. By including the
distribution about its mean. With a negative skewness, Euler angles, we can better capture each user’s behavioral
the mass of the data distribution is concentrated on the right characteristics. We calculated each user’s pitch, roll, and yaw
side of the data distribution. On the other hand, a positive values as follows:
skewness means that the mass of the data distribution is 180 Accz
concentrated on the left of the data distribution. In our system, yaw = × arctan( p ), (5)
π (Accx )2 + (Accz )2
it indicates when the main acceleration and rotation occur
180 Accy
in each period of the data (one arm swing) between early pitch = × arctan( p ), (6)
phase and latter phase. For instance, one period of data with π (Accx )2 + (Accz )2
a negative skewness indicates that its main activity happens 180 Accx
roll = × arctan( q ), (7)
in the early stage. The skewness is calculated as follows: π (Acc )2 + (Acc )2
y z
3(x̄ − x̃)
γx = , (2) where Accx , Accy , and Accz represent the accelerometer data
σx
along x, y, z axis, respectively.
where x̃ is median of the data sequence.
7) FORCE (N)
4) KURTOSIS (Kx ) As shown in the GUI of our smartphone application, we col-
In mathematics, kurtosis measures the sharpness of the peak lected each user’s basic information including weight during
in data distribution. In other words, it measures how densely the data collection. Depending on each user’s mass, the force
data is concentrated on the center of the data distribution. applied in arm swing while walking can differ. The force is
In general, data distribution with a higher kurtosis shows a calculated as follows:
sharper and taller peak. In our system, kurtosis indicates the q
intensity and swiftness of each user’s arm swing (accelera- Force(N ) = Acc2x + Acc2y + Acc2z × m, (8)
tion or rotation): the higher kurtosis, the more intense and where m is the mass of a user. Note that we assume that each
swift an arm swing is. We calculate kurtosis as follows: user’s arm weight (mass) would be positively correlated with
Pn
1 (xi −x̄)
4 his/her overall body weight.
Kx = n
, (3) As a result of the feature extraction process, we have
σx 4 24 statistical features by calculating mean, standard devia-
where n is the number of data samples. tion, skewness, and kurtosis on x, y, z-axis respectively from

VOLUME 7, 2019 37889

 P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

FIGURE 6. Features extracted from the data. (a) Mean (Accx ). (b) Standard Deviation (σAccx ). (c) Skew (γAccx ).
(d) Kurtosis (KAccx ). (e) Correlation (ρ(Accx ,Gx ) ). (f) Roll. (g) Pitch. (h) Yaw. (i) Force.

the accelerometer and the gyroscope. Additionally, we have algorithm to minimize the classification error. Once the train-
13 behavioral features: 9 correlations, yaw, pitch, roll, and ing is completed, we can predict the class of test feature
force. In total, we extract 37 features from one period of data matrix.
sequence for each user. Consequently, a feature matrix with
37 columns is constructed. Here, the number of rows in the IV. EXPERIMENT
feature matrix varies depending on the number of periods in In this section, we provide the experiment results and evaluate
each user’s data sequence. Accordingly, a class label vector is the performance of LiSA-G.
constructed whose size is the same as the number of rows in
the feature matrix. In the vector, all the elements indicate an id A. EXPERIMENT SETTING
of the user corresponding to the feature matrix. The distribu- In the experiment, we used Motorola 360 Sport 2nd Gen
tions of features are shown in Figure 6. Note that we show the (smartwatch) and Motorola G4 plus (smartphone) to collect
distribution of 9 selected features for the first 10 users (i.e., the sensor data from 51 volunteers. Considering the number
U1-U10) due to the readability: 1) mean, standard deviation, of volunteers, the number of classes for classification is 51.
skewness, kurtosis of accelerometer on x-axis, 2) roll, pitch, Since the choice of classifier influences the classification
yaw, force, and 3) correlation between accelerometer and result, we first tested three well-known machine learning
gyroscope on x-axis. In the figure, the difference among users classifiers: 1) random forest classifier, 2) K-nearest neighbors
are evidently shown. classifier, 3) and multi-layer perceptron. Based on our empir-
After the feature extraction process, LiSA-G authenticates ical study where the random forest classifier worked best
users by applying supervised machine learning algorithm for our dataset, we chose to use the random forest classifier.
to the extracted feature dataset. Note that the authentica- In addition, our empirical study showed that the classifier
tion system in LiSA-G is not a simple binary classification showed higher weights to correlation, yaw, pitch, roll features
(i.e., whether a user is one of the legitimate users or not), which characterize the actual physical traits of each user,
but a multi-class classification (i.e., whether a user is the as well as standard deviation.
corresponding user or not). Given the feature matrix and Our experiment consists of two phases: 1) training phase
the label vector, we train the supervised machine learning and 2) testing phase. Before creating two separate phases,

37890 VOLUME 7, 2019

P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

TABLE 3. Confusion matrix. TABLE 4. Performance comparison on own dataset.

TABLE 5. Performance comparison on our dataset.

we first combine all the feature matrices from 51 volunteers

into a feature matrix by concatenating them along the row axis TABLE 6. Effect of period size on EER.

maintaining the number of columns as 37. Then, the feature

matrix is divided into a training feature matrix (by randomly
shuffling and slicing 70% of the entire feature matrix) and
a test feature matrix (by selecting the remaining 30% of the
entire feature matrix), while dividing the class label vector
into a training label vector and a test label vector accordingly.
In the training phase, LiSA-G trains the classifier with the
training feature matrix and the training label vector. In the
testing phase, LiSA-G predicts the classes of the test feature
matrix using the trained classifier.

B. PERFORMANCE EVALUATION
With the test label vector and the prediction result, a confu-
sion matrix of order (m, n) is created, where m = n and m is
the number of classes. For better readability, the confusion
matrix shown in Table 3 contains only the first 10 users.
Using the confusion matrix, we can calculate the values
for True Positive (TPi ), True Negative (TNi ), False Positive
(FPi ), and False Negative (FNi ) for user i. In the confusion
matrix, TPi is where both row and column index are i in the
diagonal elements marked in boldface. TNi can be calculated FIGURE 7. Effect of number of estimators using random forest classifier.
by summing all the diagonal elements in bold font except TP
for user i. FPi can be calculated by adding all the elements in
i-th column except for the diagonal element in the column. number of participants in the experiment, our work achieves
FNi is calculated by adding all the elements for i-th row superior authentication accuracy to [16]. Moreover, our work
except for the diagonal element in the row. Based on these shows a comparable performance to [14] notwithstanding
values, the authentication accuracy for user i is calculated its larger scale of system (more than three times), while
as using less number of features. For an unbiased comparison,
TPi + TNi we additionally implemented the other methods and tested
accuracyi = . (9) their performance on our dataset. Table 5 shows that our
TPi + TNi + FPi + FNi
method can achieve the lowest EER using the least number
For example, TP6 , TN6 , FP6 , and FN6 in Table 3 can be of features. Furthermore, LiSA-G requires only one period of
calculated as follows: TP6 = 41, TN6 = 61 + 39 + 29 + data (i.e. it requires only one period of sensor data, 100 data
54 + 42 + 50 + 35 + 50 + 48 = 408, FP6 = 1, FN6 = 2. samples in our case) from each user for authentication and
As a result, the authentication accuracy for user 6 in Table 3 identification in the system, whereas 8-20 periods are needed
is calculated to be 99.34%. in other works. Consequently, it reduces the volume of data
Considering all the participants in the experiment, an EER and the time required for authentication.
of 8.2% is achieved on average. In Table 4, we compare In addition, we varied the period size to analyze its effect
our work to the existing works [14], [16] in terms of the on the authentication performance of our approach. As shown
average EER, the number of features used, and the number of in Table 6, the authentication performance generally degrades
participants in the experiment. Note that in this comparison, as the period size increases. We can trace the source of such
each work is evaluated on its own dataset. Considering the performance degradation to 2 main changes: 1) reduction of

VOLUME 7, 2019 37891

 P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

FIGURE 8. Failure cases. (a) Inconsistency in Accy and Accy . (b) Inconsistency in Accx , Accy , Gyrox , Gyroy , and Gyroz .

feature matrix, and 2) increased generality in each feature. C. AUTHENTICATION FAILURE CASE ANALYSIS
Interestingly, this result shows that setting the period size to As mentioned in the performance evaluation, LiSA-G
the data size sampled in 1 second (100 Hz in smartwatches) achieves an EER of 8.2%. Although LiSA-G shows high
achieves the best authentication accuracy. accuracy of authentication, there exist some authentication
To test the feasibility of LiSA-G in practical deploy- failure cases. Here, we present a few failure cases in Figure 8
ment, we show the computation time for LiSA-G when and discuss the underlying causes of them. To compare the
implemented using Python 3.5 in Ubuntu 16.04 LTS 64 bit failure cases to the success (accurate authentication) cases,
equipped with Intel Xeon(R) CPU E5-1650 v4 @ 3.60GHz we visualize the failure cases located at the center of the
x 12, NVIDIA TITAN Xp, and 32GB RAM. In the test, figure, i.e., the data sequence between 200 and 300.
we range the number of estimators in the random forest classi- In LiSA-G, the essence of authentication process is to
fier from 10 to 3000 in an increment of 10 since the number of learn and utilize the distinct and consistent pattern in the
estimators affects the computation time. In Figure 7, we show data sequences from each user, concurrently considering all
the training time, prediction time, and accuracy of LiSA-G. the 6 types of data sequences: Accx,y,z and Gx,y,z . However,
Specifically, the training time represents the computation in terms of the consistency in data patterns, failure cases show
time required to train the classifier given all the training data the most inconsistent data patterns over all. In Figure 8a,
sequences, while the prediction time represents the computa- accelerometer data on both x and y axes (i.e Accx and Accy )
tion time required to predict or authenticate a user given a data in the failure case shows different patterns from those in the
period. Despite the linear increase in both training and predic- accurate authentication cases. Figure 8b shows more incon-
tion time in proportion to the number of estimators, LiSA-G sistent data patterns across gyroscope and accelerometer data
completes its training process in significantly short period of on x and y axes.
time regardless of the number of estimators. Moreover, LiSA- The underlying causes of such failure cases can
G predicts or authenticates a user almost in real time (less than be attributed to: 1) sensor fault, and 2) temporarily
a second). abrupt or inconsistent physical movement. Considering the
While the computation time shows the linearity, the accu- imperfection of sensor hardware, there can exist sensor fault
racy of LiSA-G shows drastic increase at the certain number values incurred from various processes while recording sen-
of estimators (approximately 400), and remains almost con- sor values. Even though we conducted the data preprocessing
stant. Considering the relatively static accuracy after the dras- to remove the undesired fault or noise values, there can still
tic increase, we can estimate the minimum computation time exist fault values. On top of the sensor fault, users’ temporar-
for LiSA-G to achieve reliable user authentication results. ily inconsistent physical movement in the data collection pro-
In our test, LiSA-G achieved 91.8% of accuracy with 400 esti- cess can incur the failure cases. Since we requested each user
mators, which required approximately 3 seconds of train- to walk in the realistic environment where some people but
ing time. Overall, such prompt responsiveness of LiSA-G, him/her were present concurrently, some interaction between
while achieving reliable authentication accuracy, can enable the users and the others could happen, which could incur
to authenticate users in real time, incurring no authentica- temporarily inconsistent physical movement.
tion delay. Moreover, considering the specification of the
machine in our test (only one desktop or even Raspberry-pi), V. APPLICATION SCENARIO
LiSA-G can be deployed in cost-effective way, without To better illustrate the potential of our framework, we suppose
requiring additional devices. two application scenarios where a user wearing a smartwatch

37892 VOLUME 7, 2019

P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

to identify how gait authentication is affected under

different walking conditions.
3) When to initiate gait authentication: As IoT devices
have limited battery, continuous authentication is not
desirable. One of the plausible solutions is to use loca-
tion information (GPS or IP and MAC addresses of
the authenticating entity) to trigger the authentication
process. For example, when a person is walking to
smart home, the authentication system in the home will
send the data packet that contains its MAC address to
trigger the authentication process only when the person
and the smart home are in proximity.
FIGURE 9. Application scenario of LiSA-G. 4) How to support a much larger number of users: Cur-
is approaching: 1) a smart home system, and 2) a smart vehi- rently, we can support 51 users in the system. However,
cle system as shown in Figure 9. In the first scenario, when- when the number of users in the system increases,
ever the user approaches the smart home system equipped the accuracy can decrease. To enable the authentica-
with our framework within a certain range, the smartwatch tion system in larger scale and satisfactory accuracy,
automatically collects and transmits the stream of sensor data we consider incorporating adaptable feature selections
to the system. Once the stream of sensor data is received according to the number of users in the system, and
at the smart home system, the framework authenticates the applying deep neural network to utilize hidden features
user by analyzing and comparing the pattern in the received in the authentication process.
data to the stored pattern for the authentic user. Based on VII. CONCLUSION
the authentication result, our framework can automatically Walking pattern, e.g., arm swings in a walk can be utilized
grant each user’s access to the system. Similarly, whenever to effectively authenticate users. In this work, we proposed
the user approaches the smart vehicle within a certain range, a new gait based authentication framework, LiSA-G, that is
the smartwatch transmits the stream of sensor data to the reliable, user-friendly, and easily deployable. Our framework
smart vehicle equipped with our framework. Then, the frame- can classify users with a higher accuracy (91.8% success rate)
work automatically authenticates the user, and decides his/her than other existing works while using less number of features
access to the vehicle. Moreover, LiSA-G can be effective by extracting a new combination of features that are related to
authentication framework for people with senile demen- the human behavioral traits. The proposed framework is user-
tia or disability to memorize or type password, especially in friendly as it capitalizes on users’ mundane activities, and
the indoor environment settings like hospitals, special care easily deployable as commercially available smartwatches
homes. are used. Considering its application to the IoT ecosystem
VI. DISCUSSION AND LIMITATION with limited resources, the proposed framework is designed
Although our authentication framework shows promising lightweight by eliminating the gait cycle detection process
results, there are still limitations and some technical hurdles and using much less amount of data. We expect that the pro-
to overcome in order to make our work fully operational in posed framework can help to provide seamless authentication
the real world. In this section, we discuss some issues. and can be readily integrated with other systems to provide
1) Attacker Model: LiSA-G has not considered any attack multi-factor authentication.
models for gait authentication. To deploy our work in ACKNOWLEDGMENT
real work, We first need to prove how robust it is to (Pratik Musale and Duin Baek contributed equally to this
impersonation attack where an attacker tries to deceive work.)
the authentication system by mimicking a legitimate
user’s gait.
REFERENCES
2) Walking condition: At present, LiSA-G only considers [1] S. Draper. (Dec. 2018). Wearable Device Sales Will Grow 26
a normal walking pattern. However, walking patterns Percent Worldwide in 2019, Says Research Company Gartner.
Accessed: Feb. 1, 2019. [Online]. Available: https://www.wearable-
can vary depending on environment, body condition, technologies.com/2018/12/wearable-device-sales-will-grow-26-percent-
emotion, etc. Specifically, the arm swing while walking worldwide-in-2019-says-research-company-gartner/
is used to maintain the center of gravity and angu- [2] T. Micro. (Mar. 2018). Are your Wearables Fit to Secure You?
lar momentum. Under various circumstances such as Researchers Outline 3 Attack Surfaces. [Online]. Available: https://www.
trendmicro.com/vinfo/ph/security/news/internet-of-things/are-your-
carrying heavy weights or having an injury, the arm wearables-fit/-to-secure-you-researchers-outline-3-attack-surfaces
swing can be hindered [20], which can affect the current [3] M. Prigg. (May 2013). Google Glass Hacked to Transmit Everything
gait authentication performance. Thus, multiple walk- You See and Hear: Experts Warn ’the Only Thing it Doesn’t Know
are Your Thoughts. [Online]. Available: http://www.dailymail.
ing profiles for each user are required to authenticate co.uk/sciencetech/article-2318217/Google-Glass-HACKED-transmit-
each user in varying walking conditions. Also, we need hear–experts-warn-thing-doesnt-know-thoughts.html

VOLUME 7, 2019 37893

 P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

[4] K. Rawlinson. (Jul. 2015). Hp Study Reveals Smartwatches Vulnerable [22] H. Yoon, S.-H. Park, and K.-T. Lee, ‘‘Exploiting ambient light sen-
to Attack. [Online]. Available: http://www8.hp.com/us/en/hp-news/press- sor for authentication on wearable devices,’’ in Proc. 4th Int. Conf.
release.html?id=2037386 Cyber Secur., Cyber Warfare, Digit. Forensic (CyberSec), Oct. 2015,
[5] S. Faris. (Jul. 2016). Do You Suffer From Password Rage?. [Online]. pp. 95–100.
Available: http://theweek.com/articles/637588/suffer-from-password-rage [23] S. Vhaduri and C. Poellabauer, ‘‘Wearable device user authentication
using physiological and behavioral metrics,’’ in Proc. IEEE 28th Annu.
[6] J. Chatzky. (May 2017). Password Rage, it’s a Thing. [Online]. Available: Int. Symp. Pers., Indoor, Mobile Radio Commun. (PIMRC), Oct. 2017,
https://lifelockunlocked.com/tips/password-rage-thing/ pp. 1–6.
[7] A. Hanamsagar, S. S. Woo, C. Kanich, and J. Mirkovic, ‘‘Leverag- [24] T. S. Enamamu, N. Clarke, P. Haskell-Dowland, and F. Li, ‘‘Transpar-
ing semantic transformation to investigate password habits and their ent authentication: Utilising heart rate for user authentication,’’ in Proc.
causes,’’ in Proc. CHI Conf. Hum. Factors Comput. Syst., 2018, 12th Int. Conf. Internet Technol. Secured Trans. (ICITST), Dec. 2017,
p. 570. pp. 283–289.
[25] A. Voit and S. Schneegass, ‘‘FabricID: Using smart textiles to access
[8] Y. Zhao, Z. Qiu, Y. Yang, W. Li, and M. Fan, ‘‘An empirical study
wearable devices,’’ in Proc. 16th Int. Conf. Mobile Ubiquitous Multimedia
of touch-based authentication methods on smartwatches,’’ in Proc.
(MUM) New York, NY, USA, 2017, pp. 379–385. [Online]. Available:
ACM Int. Symp. Wearable Comput. (ISWC), New York, NY, USA,
http://doi.acm.org/10.1145/3152832.3156622
2017, pp. 122–125. [Online]. Available: http://doi.acm.org.proxy.library.
[26] A. Developer. (Jun. 2018). Sensoreventlistener. Accessed: Jun. 6, 2018.
stonybrook.edu/10.1145/3123021.3123049
[Online]. Available: https://developer.android.com/reference/android/
[9] J. Myerson. (Mar. 2017). How to Fool a Fingerprint Sensor. [Online]. hardware/SensorEventListener
Available: https://www.electronicproducts.com/Mobile/Devices/How_ [27] A. Savitzky and M. J. E. Golay, ‘‘Smoothing and differentiation of data
to_fool_a_fingerprint_sensor.aspx by simplified least squares procedures,’’ Anal. Chem., vol. 36, no. 8,
[10] S. Khandelwal. (Mar. 2015). Hacker Finds a Simple Way pp. 1627–1639, 1964.
to Fool Iris Biometric Security Systems. [Online]. Available:
https://thehackernews.com/2015/03/iris-biometric-security-bypass.html
[11] D. Gafurov, E. Snekkenes, and P. Bours, ‘‘Spoof attacks on gait authen-
tication system,’’ IEEE Trans. Inf. Forensics Security, vol. 2, no. 3,
pp. 491–502, Sep. 2007.
[12] A. Hadid, M. Ghahramani, V. Kellokumpu, M. Pietikäinen,
J. Bustard, and M. Nixon, ‘‘Can gait biometrics be spoofed?’’ PRATIK MUSALE received the B.E. degree in
in Proc. 21st Int. Conf. Pattern Recognit. (ICPR), Nov. 2012, electronics and telecommunication from Savitribai
pp. 3280–3283. Phule Pune University, Pune, India, and the M.S.
degree from the Department of Computer Science,
[13] (Sep. 2018). It’s the Era of the Smartwatch: Idc Says Device to Rule Nearly
Half of Wearables by 2022. Accessed: Mar. 1, 2018. [Online]. Available: Stony Brook University, South Korea. He was with
https://economictimes.indiatimes.com/magazines/panache/its-the-era- Nokia Networks as an Operation and Maintenance
of-the-smartwatch-idc-says-device-to-rule-nearly-half-of-wearables-by- of Radio Engineer. He was also a member of the
2022/articleshow/65810524.cms Smart Energy Laboratory, The State University
of New York Korea, from 2016 to 2018. He is
[14] G. Cola, M. Avvenuti, F. Musso, and A. Vecchio, ‘‘Gait-based authentica-
currently with Navigate Consulting as a Security
tion using a wrist-worn device,’’ in Proc. 13th Int. Conf. Mobile Ubiquitous
Syst., Comput., Netw. Services (MOBIQUITOUS), New York, NY, USA, Researcher.
Nov. 2016, pp. 208–217.
[15] S. Terada, Y. Enomoto, D. Hanawa, and K. Oguchi, ‘‘Performance
of gait authentication using an acceleration sensor,’’ in Proc.
34th Int. Conf. Telecommun. Signal Process. (TSP), Aug. 2011,
pp. 34–36.
[16] A. H. Johnston and G. M. Weiss, ‘‘Smartwatch-based biometric gait recog- DUIN BAEK received the B.Sc. degree in electri-
nition,’’ in Proc. IEEE 7th Int. Conf. Biometrics Theory, Appl. Syst. (BTAS), cal and electronics engineering from Yonsei Uni-
Sep. 2015, pp. 1–6.
versity, Seoul. He is currently pursuing the Ph.D.
[17] M. Muaaz and R. Mayrhofer, ‘‘Smartphone-based gait recognition: From degree with the Department of Computer Sci-
authentication to imitation,’’ IEEE Trans. Mobile Comput., vol. 16, no. 11, ence, The State University of New York Korea,
pp. 3209–3221, Nov. 2017. and Stony Brook University. His current research
[18] M. Shahzad, A. X. Liu, and A. Samuel, ‘‘Secure unlocking of mobile interests include designing mechanisms for crowd-
touch screen devices by simple gestures: You can see it but you can sourcing service, distributed computing via the IoT
not do it,’’ in Proc. 19th Annu. Int. Conf. Mobile Comput. Netw. systems, and computer vision for VR/AR.
(MobiCom), New York, NY, USA, 2013, pp. 39–50. [Online]. Available:
http://doi.acm.org.proxy.library.stonybrook.edu/10.1145/2500423.
2500434
[19] A. Mahfouz, T. M. Mahmoud, and A. S. Eldin, ‘‘Poster:
A behavioral biometric authentication framework on smartphones,’’
in Proc. ACM Asia Conf. Comput. Commun. Secur. (ASIA CCS),
New York, NY, USA, Apr. 2017, pp. 923–925. [Online]. Available:
http://doi.acm.org.proxy.library.stonybrook.edu/10.1145/3052973. NUWAN WERELLAGAMA is currently pursu-
3055160 ing the bachelor’s degree from the Department
[20] S. M. Bruijn, O. G. Meijer, P. J. Beek, and J. H. van Dieën, of Computer Science, The State University of
‘‘The effects of arm swing on human gait stability,’’ J. Exp. Biol., vol. 213, New York Korea. He has also been a Software
no. 23, pp. 3945–3952, 2010. [Online]. Available: http://jeb.biologists. Developer Intern at a Singaporean fin-tech startup.
org/content/213/23/3945
[21] M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and
I. H. Witten, ‘‘The WEKA data mining software: An update,’’ ACM
SIGKDD Explorations Newslett., vol. 11, no. 1, pp. 10–18, Nov. 2009.
[Online]. Available: http://doi.acm.org/10.1145/1656274.1656278

37894 VOLUME 7, 2019

P. Musale et al.: You Walk, We Authenticate: Lightweight Seamless Authentication Based on Gait

SIMON S. WOO received the B.S. degree in elec- BONG JUN CHOI received the B.Sc. and M.Sc.
trical engineering from the University of Washing- degrees in electrical and electronics engineering
ton (UW), Seattle, the M.S. degree in electrical from Yonsei University, South Korea, and the
and computer engineering from the University of Ph.D. degree in electrical and computer engineer-
California at San Diego (UCSD), and the M.S. ing from the University of Waterloo, Canada. He
and Ph.D. degrees in computer science from the was an Assistant Professor with the Department
University of Southern California (USC), Los of Computer Science, The State University of
Angeles. He was a Member of Technical Staff New York Korea, South Korea, and concurrently a
(technologist) with the NASA’s Jet Propulsion Research Assistant Professor with the Department
Laboratory (JPL), Pasadena, CA, USA, for nine of Computer Science, Stony Brook University,
years, conducting research in satellite communications, networking, and USA. He is currently an Assistant Professor with the School of Computer
cybersecurity areas. He was also with Intel Corporation and the Verisign Science and Engineering and jointly with the School of Electronic Engineer-
Research Laboratory. Since 2017, he has been a tenured-track Assistant ing, Soongsil University, Seoul, South Korea. His current research interests
Professor with The State University of New York Korea, South Korea, and a include energy-efficient networks, distributed mobile wireless networks,
Research Assistant Professor with Stony Brook University. He is currently a smart grid communications, and network security. He is a member of the
tenured-track Assistant Professor with the SKKU Institute for Convergence IEEE and the ACM.
and the Department of Software, Sungkyunkwan University, Suwon, South
Korea.

VOLUME 7, 2019 37895