Schneier on Security
A blog covering security and security technology.
« Still More on Sony's DRM Rootkit |
| Identity Theft Over-Reported »
November 16, 2005
Can a cell phone detect if it is stolen by measuring the gait of the person carrying it?
Researchers at the VTT Technical Research Centre of Finland have developed a prototype of a cell phone that uses motion sensors to record a user's walking pattern of movement, or gait. The device then periodically checks to see that it is still in the possession of its legitimate owner, by measuring the current stride and comparing it against that stored in its memory.
Clever, as long as you realize that there are going to be a lot of false alarms. This seems okay:
If the phone suspects it has fallen into the wrong hands, it will prompt the user for a password if they attempt to make calls or access its memory.
Posted on November 16, 2005 at 6:26 AM
• 29 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Will it take into account that we have four normal strides -- on the level, climbing stairs, descending stairs, and sitting down (a rhythm rather hard to detect)? Otherwise this could be a real irritation.
Yeah, walking strides only. Run and being locked out of your phone is the least of your worries...
So why not just use the password?
Can I program it to locate the nearest osteopath if it thinks I'm limping?
And what about if your walking strides get compromised? :D
I see a lot of people wearing their phones in a holder on their belt.
How hard would it be to build a proximity token into cellphone holsters, so that if the phone wasn't reasonably close to the holster (perhaps bluetooth range) it would require a password?
Proximity might be overkill really. It would probably be cheeper to build a very simple contact-reader into the back of the phone and have the phone require a password if it was used without having been in contact with the holster in the last N minutes.
Right. There are phones with a screensaver-like locking mechanism.
Kind of like auto-key-lock.
Enter the wrong password 3 times, and you need the unlock code.
The Step-recognition would just keep the keylock from engaging. Rather counterproductive if it's in your pocket anyway.
"So why not just use the password?"
Because it's a minor inconvenience to enter the password once every few days, but a major inconvenience to enter it every time you want to make a call.
I hope it can detect when I'm injured and have a limp.
> How hard would it be to build a proximity token into cellphone holsters [...] Proximity might be overkill really. It would probably be cheeper to build a very simple contact-reader
You could also use a safe. Just take the safe with you, and open it and take out the mobile phone when you want to talk. After talking, put it back and properly lock the door. Easy, simple, efficient.
Seriously. Would it brake our backs any more than all these many, many technical security EFFORTS breaking our lives by worry, complication and need to pay for it, simply because we are unable as a society to educate people to love and respect each other? Isn't greed and lack of consideration already breaking us from the inside?
Considering I do a lot of walking, standing, running up flights of stairs, driving (jolts due to bumps in roads) while using my mobile (cell) I can't think of anything worse than to be prompted for my password every 5 minutes.
I guess they really need to permit emergency calls to be made when there's no gait match. Probably should allow you to phone home, too. And maybe, allow you to call any number that's stored in the phone.
That way, if your phone is lost, the finder can call you. Or, if you injure yourself, you can still get help from the emergency services or your nearest friend.
I personally leave the power on password on my phone. All is fine and well until they either run the battery down or turn the phone off... and then it's done. I suppose all this does somewhat depend on you changing the password away from the last 4 digits of your phone number...
Between the keystroke pattern recognition and this implementation of gait recognition, my thesis is going to be old news before I even get to write it. Boo!
I just got my cell phone out of my pocket and and am trying to navigate a sidewalk full of pedestrians while not clobbering anyone with the stroller I'm pushing. Or just see the buttons under mediocre streetlighting. Or avoid other patrons in a crowded bar. I'm sure my gait will be just like the one I've registered. And I'm sure there won't be a default password that nobody bothers to change.
One thing is for sure -- this will put paid to the families who try to undermine phone-company marketing plans by saying, "Oh, your phone's battery is dead? Borrow mine for the day."
This kind of crappy-biometric approach would actually be much more useful in automobiles, both for antitheft and for customization. (Every time I get in the family car and change the mirror settings, I think how nice the optional driver-profiling package would have been.)
Not to mention having one normal gait and another when tired.
Personally, I have multiple walking gaits. One, for example, I only use when I'm walking across (suspected) ice.
I'd prefer a password each time to this. If I always have a password, I can train myself to alwys enter it, even without looking at the keypad. If it's sometimes on, and sometimes off, I need to look at the screen, which will annoy me, as well as slowing down the process.
At least in North America's automotive based society, I don't think people actually *walk* enough for this to be of much value at all!
My cell phone spends most of the day sitting still on my desk or in my purse.
At least this would reduce late-night wrong numbers from drunks. Look on the bright side, people! :^)
I (and most women) walk differently in heels than in flats. Do you think they take variations in footware into account?
Just because you CAN do a thing does not mean that you SHOULD do a thing.
Every cell phone that I know of that has been lost has been found by someone who attempted to return it by calling someone like 'mom' in the phonelist. This would prevent return by good samaritans.
Oh wait, there was that one lady who's lost cell phone sent mom (and everyone else) picures of a penis...
When I accidently locked my cell phone and didn't clue in that the default password was the last 4 of my number, I just took the battery out to get access.
Apparently flip-flops defeat gait recognition devices, so I suspect changing shoes does have an effect on stride-based security:
I also suspect that the researchers are not taking into consideration amputees or parapalegics. Um, wheelchair?
And I'd like to know how it handles significant variations in surfaces (e.g. irregular stair patterns).
Frankly, I'd rather have a pedometer in my phone than stride-based security. Imagine a call/mile metric on your phone.
Some phones have a "this belongs to" screen when they are locked.
The phone company and user benefit from the supposed reduction in fraud this technology might provide. The company benefits directly, and the user might benefit from lower rates (since the company no longer has to eat some fraudulent charges, as they do now), and might also benefit if their phone is stolen, and this technology prevents the fraudulent use of the phone, which they would be partially responsible for.
But the costs seem borne by the user, rather than shared with the company, which is not the best deal for users of cell phones.
I guess some of the costs are unknown atm, such as how often the system would send a "false alarm" and force the legitimate user to re-enter some pass key to reactivate the phone.
A known cost would be that it would prevent the loaning of the phone to another (for an extended period) without also sharing the password. How great a cost that is depends on how the user uses the phone.
A more serious cost might be that the system disables a phone in a situation where, if the phone worked normally, a great benefit could be gained. One might speculate that the phone would disable itself during a traffic accident or other serious situation, and prevent any party from quickly using the phone, or prevent a stranger from using the phone to save its owner's life. Such a hypothetical cost would seem to negate, several times over, any potential benefits in fraud reduction. (Of course, the phone could be programmed to always allow calling of emergency numbers, etc, but there will still undoutedly be situations where this technology would get in the way of providing a great benefit to society.)
Also it is the nature of companies to reduce their costs (such a fraud) by passing hem on to their consumers, by improving their products, or by participating in industry agreements: for example, shared insurance among the industry, and with other parties, to spread the risk of phone-fraud fairly, or by devising other, industry wide methods of reducing fraud (for example, an easier way of reporting a lost phone). But passing their costs (not strictly dollar-denominated) onto consumers is often the easiest way. But the cost to the consumer may be much higher than the benefit saved by the company.
Good industries and individual companies need to think of these above ideas, particularly they should not look at only their bottom line in evaluating a cost-saving measure, but their constomers', as a group or as individuals, real cost, as well as society's costs, otherwise they are depending too much on governments or other outsiders to regulate their industry (and have little right to complain when they do) -- for they cry out for it.
When I read about dorky ideas like this one, wrapped up in a fancy faddish ribbon of security, I truly wonder about the maturity of the high-tech industry in general. Other, more traditional, industries used to behave with attitudes like this -- think of the chemical industry (who in their infancy thought not about who truly bore the costs of pollution -- and who now pay ever stiffer prices to regulate pollution), or the auto industry (who cared little about the safety of their products in crashes, until it was forced upon them by governments and consumers): both those industries now, more or less, are proactive about considering the total costs of what seem at the time, to be good, innovative, ideas.
Why doesn't the phone just detect identity, and for that matter, allow passwords, using voice?
If I have to enter my password every time I use my phone, it si slightly inconvenient, but I adapt quickly and live protected. If the security fails, I notice immediately that it isn't asking for a password, and take appropriate action to live protected.
If I expect this to work, and it registers too many false positives, I will disable it and live unprotected. If this system is not operational for whatever reason, I have no way of knowing it, and live unprotected.
Guess which method provides better security.
Thing is, this will only protect those who misplace their phones.
If I want your phone, all I have to do now is forcefully demand it and the code, "lift" the phone after covertly observing you entering the code, and I am sure many other simple techniques.
I think it could be improved if the phone called in its location "for the record" when the wrong stride results in the password prompt. That's a quick, simple and cheap additional layer of security that would greatly enhance the system.
Location often correlates strongly with identity, and being identified is a core concern for criminals.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.