Gait recognition is a relatively new biometrics and no effort has yet been devoted to studying spoofing attacks against video-based gait recognition systems. Spoofing occurs when a person tries to imitate the clothing and/or walking style of someone else in order to gain illegitimate access and advantages. To gain insight into the performance of current gait biometric systems when confronted to spoofing attacks, we provide in this paper the first investigation in the research literature on how clothing can be used to spoof a target and evaluate the performance of two state-of-the-art recognition methods on a novel gait spoofing database recorded at the University of Southampton. The experiments point out very interesting findings that can be used as a reference for future investigations by the research community

Bustard, John

Hadid, Abdenour

Nixon, Mark S.

English

Southampton (e-Prints Soton)

Can Gait Biometrics be Spoofed?A. Hadid, M. Ghahramani, V. Kellokumpu, M. Pietik¨ ainenCenter for Machine Vision Research, University of Oulu, FinlandJ. Bustard & M. NixonSchool of Electronics and Computer Science, University of Southampton, United KingdomAbstractGait recognition is a relatively new biometrics andno effort has yet been devoted to studying spooﬁngattacks against video-based gait recognition systems.Spooﬁngoccurswhenapersontriestoimitatethecloth-ing and/or walking style of someone else in order togainillegitimateaccessandadvantages. Togaininsightinto the performance of current gait biometric systemswhen confronted to spooﬁng attacks, we provide in thispaper the ﬁrst investigation in the research literatureon how clothing can be used to spoof a target and eval-uate the performance of two state-of-the-art recognitionmethods on a novel gait spooﬁng database recorded atthe University of Southampton. The experiments pointout very interesting ﬁndings that can be used as a ref-erence for future investigations by the research commu-nity.1. IntroductionGait biometrics aims to recognise people from theirway of walking. It is a relatively new biometric modal-ity and has a precious advantage over other modalities,such as iris and voice, in that it can be easily capturedfrom a distance. This makes it an attractive option invideo surveillance applications. Gait also works in anon-contact and non-invasive manner. It has recentlybecome a topic of great interest in biometric research.Furthermore, it is widely believed that gait is difﬁcult tohide or replicate.Using gait information, people can be recognized bysilhouette or model based approaches [3]. There havebeen more approaches which use the human silhouette,and of these, approaches which use the averaged silhou-ette have proved most popular [4]. Much of the earlierwork was conducted on data acquired using controlledThis work is done within the EU FP7 project TABULA RASAconditions but more recent work reported recognitionusing data derived outdoors, though with slightly lowerperformance.There are many databases for evaluating progress ingait recognition research such as HiD (NIST, US) [5],Soton (Southampton UK) [7], and CASIA (CAS,China) [9] databases. The earliest databases containeddata from only tens of subjects, sometimes wearingspeciﬁed clothing. More recent databases include manymore people, outdoor as well as indoor data (thuswith uncontrolled illumination) and variation in cameraviewpoints.There has been no or little investigation into gaitspooﬁng attacks where a person tries to imitate theclothing or walking style of someone else e.g. in orderto gain illegitimate access and advantages (see Figure 1for an imitation illustration). The only prior work ongait spooﬁng [1] uses wearable sensors but not video-based analysis: the spooﬁng attacks were performedagainst an accelerometer based gait recognition systemwhere users needed to have devices attached to theirlegs in order to obtain a gait signature. The main con-clusion is that gait is potentially difﬁcult to spoof as itis behavioural and encompasses the whole body. How-ever, tothebestofourknowledge, thereisnopriorworkon gait spooﬁng from visual data. Perhaps, the most ap-pealing approach to use computer vision techniques toanalyse the spooﬁng attacks against gait biometric sys-tems is to replicate the silhouette of the target e.g. bywearing clothing that makes an attacker’s body shapeappear the same as the target. This is probably the moststraightforward and unobtrusive method for perform-ing the attacks especially against silhouette based gaitrecognition systems which have been the focus of muchof the existing research and on which the ﬁrst commer-cial gait recognition system is currently being based.To gain insight into the factors that may have a sig-niﬁcant effect on spooﬁng silhouette based gait biomet-ric systems, we provide in this paper the ﬁrst inves-tigation on how clothing can be used to spoof a tar-Figure 1. How well one can mimic the clothing/walking styles of another person? For instance,thousands of Beatles’ fans imitate the famous walking across Abbey Road, London, every year.get and evaluate the performance of two state-of-the-artrecognition methods on a novel gait spooﬁng databaserecorded at the University of Southampton. As thisis the ﬁrst clothing-based spooﬁng attack in the re-search literature, our investigation focuses on the sim-plest form of attack, which is to replicate the clothing ofthe target. This is an important potential vulnerabilityas such an attack is relatively straightforward. It is alsolikely that such an approach will already be used by anattacker to unobtrusively enter a secure area where uni-forms or formalised styles of dress are common. Thisis a similar approach to that of wearing a 3D mask inorder to spoof a facial recognition system. As with facerecognition, gait recognition can also be performed in2D or 3D. For comprehensiveness, we study both ap-proaches as they may have different vulnerabilities tospooﬁng.2. Baseline Gait Biometric SystemsWe considered two state-of-the-art systems devel-oped at the universities of Southampton (USOU) andOulu (UOULU). The USOU recognition system is a 3Dgait approach and the UOULU system uses 2D data.3Dgaitrecognitionsystemshavetheadvantageofusingmultiple synchronised and calibrated cameras, makingvideo based replay attacks impractical. 3D approachesalso address the difﬁculty of recognising subjects fromdifferent viewpoints therefore requiring that any spoof-ing strategy is effective when viewed from any direc-tion. 2D approaches, using only one camera, are usu-ally more practical as they are simpler to implement andto deploy in real-world applications. When efﬁcientlycombining the shape and motion cues, the performanceof 2D approaches may easily reach that of 3D counter-parts.USOU Gait Recognition System: 3D volumetric datais used to synthesise silhouettes from a ﬁxed view-point relative to the subject. The 3D volume is syn-thesised from eight synchronised camera views usingshape from silhouette applied to the results of standardbackground subtraction approaches. The resulting sil-houettes are then passed to a standard gait analysis tech-nique using the average 3D silhouette [8]. The derivedaverage silhouette is scale normalised so that it is 50pixels high, whilst preserving the aspect ratio. The av-erage silhouette is treated as the feature vector and usedfor veriﬁcation via the Euclidean distance metric be-tween samples.UOULU Gait Recognition System: The dynamic tex-ture based gait recognition system [2] of the Universityof Oulu (Finland) uses 2D dynamic texture descriptors,namely Local Binary Patterns from Three OrthogonalPlanes (LBP-TOP), to describe human gait in a spatio-temporal way. A video sequence of a person’s walkingis thought as spatio-temporal volume. The LBP-TOPdescription is formed by calculating the LBP featuresfrom XY, XT and YT planes of volumes and concate-nating the histograms to catch the transition informationin spatio-temporal domain. Gentle AdaBoost is used toperform feature selection and to build a strong classiﬁer.3. Gait Spooﬁng DatasetsTheSouthamptongaitdatabase[6], oneofthelargestgait databases, is considered for the experimental eval-uation. It contains multiple views and detailed cam-era calibration information. The database consists ofrecordings of subjects walking through the Southamp-tonGaitTunnelatleast9times. Eachrecordingconsistsof 8 synchronised video sequences of approximately140 frames. 113 subjects were randomly selected forcomputing the baseline performance of the systems i.e.the performance when the systems are not confrontedto spooﬁng attacks. Nine recordings of each of the 113subjects were used, one for enrolment and eight for test-ing. This leads to one enrolment video for each user and8113 test client (positive sample) videos for each user.20.0010.0020.0050.010.020.050.10.20.512510204060809095989999.599.899.999.9599.9899.9999.99599.998False Rejection Rate [in %]0.0010.0020.0050.010.020.050.10.20.512510204060809095989999.599.899.999.9599.9899.9999.99599.998False Acceptance Rate [in %]Gait Spoofingbaselineclothingtargetedtargeted+clothing(a) UOULU0.0010.0020.0050.010.020.050.10.20.512510204060809095989999.599.899.999.9599.9899.9999.99599.998False Rejection Rate [in %]0.0010.0020.0050.010.020.050.10.20.512510204060809095989999.599.899.999.9599.9899.9999.99599.998False Acceptance Rate [in %]Gait Spoofingbaselineclothingtargetedtargeted+clothing(b) USOUFigure 2. Gait biometric performance under different kinds of spooﬁng attacks.Whenproducingimpostorscoresalltheotherclientsareused, yielding in 8112113 impostor attacks.To analyze the performance under spooﬁng at-tacks, new data (referred to as USOU Gait SpooﬁngDatabase) has recently been recorded at the Univer-sity of Southampton. This consists of 22 subjects (14male and 8 female), between 20-55 years old. The sub-jects were recorded walking through the same tunnelin both their normal clothes and whilst wearing a com-mon uniform. By having every subject wear the sameclothes, the degree to which one subject could imper-sonate another by mimicking their clothes can be inves-tigated. The uniform clothing appearance was achievedby having subjects wear white overalls over their nor-malclothes. Eachrecordingofnormaloruniformcloth-ing was repeated between 10 and 35 times depending onsubject availability.4. Experimental InvestigationsWe investigated different spooﬁng scenarios includ-ing (i) clothing impersonation, (ii) deliberate selectionof a target that has a similar build to the attacker and(iii) combination of clothing and target selection. Thisyielded in 4 protocols for studying gait under spooﬁngattacks:a) Baseline performance in which the originalSouthampton gait database without spooﬁng attackswas considered by computing only client and impos-tor scores. This provides the performance under normalsettings.b) Clothing attacks are calculated by comparing eachof the uniform recordings of each subject against theuniform recordings of all of the other subjects. Thisprovides insights into how clothing affects the perfor-mance.c) Targeted attacks are measured by comparing eachof the normal clothes recordings of each subject againsteach of the normal clothes recordings of the subjectwith most similar build. This provides insights into howselection of the target affects the performance.d) Targeted clothing attacks are the same as targetedattacks except that instead of using the normal cloth-ingrecordingstheuniformclothingrecordingsareused.This is equivalent to each subject selecting the per-son with the most similar build and impersonating theirclothing.The results of our experiments are shown in Fig-ure 2 in terms of detection error trade-off (DET) proﬁleswhich illustrate the dynamic behaviour of the two gaitveriﬁcation systems (UOULU and USOU) as the deci-sion thresholds are changed. The DET curves showshow the false acceptance rate varies according to thefalse rejection rate. The percentage of successful at-tacks is equivalent to the false accept rate of the sys-tems when attacked. The lowest proﬁles (curves la-belled baseline in Figure 2) are that of the baseline per-formance when the systems are not confronted to at-3(a) baseline (b) targeted+clothingFigure 3. Score distributions showing the overlap between the true claimants and the attacks.tacks. They are important to gain insight into the effectof the spooﬁng as our focus is on the degradation in per-formance caused by spooﬁng attacks relative to thesebaselines.The curves labelled clothing shows the average falseaccept rate when attackers replicate the clothing of theirtarget but are unable to select which person they are at-tacking. This curve shows that clothing impersonationdoes convey a small advantage, increasing the Equal Er-ror Rate (EER) from 6% to 12% for the USOU 3D gaitsystem and from 4% to 28% for the UOULU 2D gaitsystem.The curves labelled targeted show how effectivespooﬁng attempts are when an attacker selects a targetthat is most similar to them without also impersonatingtheir clothing. In terms of equal error rate these kinds ofattacksseemtobelesseffectivethanclothingimperson-ation. Finally, the curves that combine target selectionand clothing impersonation show signiﬁcant raise in theequal error rates compared to the baseline performance,thus indicating serious vulnerabilities to such combinedattacks. This can also be seen in the score distributionsin Figure 3 showing a clear overlap between the scoredistributions of the true claimants and the attacks on the2D gait system.5. ConclusionWe analysed for the ﬁrst time the effects of spooﬁngattacks on silhouette based gait biometric systems. Ourthorough investigations showed that it is indeed possi-ble to spoof such systems especially when selecting theperson with the most similar build and impersonatingtheir clothing. The answer to the question in the titleof this paper is then gait biometrics may be spoofed butperhaps not as easily as spooﬁng face biometrics whichcan easily be done using a simple photograph of the en-rolled person’s face whereas gait spooﬁng may requiremuch more efforts e.g. to impersonate the clothing andwalking style, and to select a target with a similar buildto the attacker.References[1] D. Gafurov, E. Snekkenes, and P. Bours. Spoof attacks ongait authentication system. IEEE Trans. on InformationForensice and Security, 2(2007):491–502, 2007.[2] V. Kellokumpu, G. Zhao, S. Z. Li, and M. Pietik¨ ainen.Dynamic texture based gait recognition. In IAPR/IEEEICB 2009, pages 1000–1009, 2009.[3] M. S. Nixon and J. N. Carter. Automatic recognition bygait. Proc. of the IEEE, 94(11):2013–2024, 2006.[4] M. S. Nixon, T. Tan, and R. Chellappa. Human ID Basedon Gait. Springer-Verlag New York, 2006.[5] S. Sarkar, P. J. Phillips, Z. Liu, I. R. Vega, P. Grother,and K. W. Bowyer. The humanid gait challenge prob-lem: Data sets, performance and analysis. IEEE TPAMI,27(2):162–177, 2005.[6] R. D. Seely, S. Samangooei, L. Middleton, J. Carter,and M. Nixon. The university of southampton multi-biometric tunnel and introducing a novel 3d gait dataset.In BTAS. IEEE, September 2008.[7] J. D. Shutler, M. G. Grant, M. S. Nixon, and J. N. Carter.On a large sequence-based human gait database. In Conf.Recent Advances in Soft Computing, pages 66–72, 2002.[8] G. Veres, L. Gordon, J. Carter, and M. Nixon. Whatimage information is important in silhouette-based gaitrecognition. In CVPR, 2004.[9] S. Yu, T. Tan, and K. Huang. A study on gait-based gen-der classiﬁcation. IEEE TIP, 18(8):1905–1910, 2009.4

A study on gait-based gender classiﬁcation.

Automatic recognition by gait.

Dynamic texture based gait recognition.

Human ID Based on Gait.

On a large sequence-based human gait database.

Spoof attacks on gait authentication system.

The humanid gait challenge problem: Data sets, performance and analysis.

The university of southampton multibiometric tunnel and introducing a novel 3d gait dataset.

What image information is important in silhouette-based gait recognition.

Can gait biometrics be spoofed?

Can gait biometrics be spoofed?

Abstract

Similar works

Full text

Available Versions

Southampton (e-Prints Soton)