Publication
How to Dance your Passwords: A Biometric MFA-scheme for Identification and Authentication of Individuals in IIoT Environments
Christoph Lipps; Jan Herbst; Hans Dieter Schotten
In: Proceedings of the 16th International Conference on Cyber Warfare and Security. International Conference on Cyber Warfare and Security (ICCWS-2021), February 25-26, Cookeville, Tennessee, USA, ACPI, 2/2021.
Abstract
Current environments especially in the industrial sector including smart factories, the Industrial Internet of
Things (IIoT) and Cyber-Physical Production Systems (CPPSs) consists of a multitude of different communicating
“entities”. To secure these environments and to protect them against unauthorized entry, malicious access and
leakage of confidential information, it is necessary to authenticate and thus identify the various participants. For
technical components such as sensors, actuators and other machines, there are a lot of solutions such as
certificates, Trusted Platform Modules (TPMs) and Physically Unclonable Functions (PUFs).
In this work, a Multi-Factor-Authentication (MFA) scheme is presented which is based on Human-PUFs (H-
PUFs), uninfluenceable and characteristic features of humans. A combination of factors, Inherent given (gait,
weight), Knowledge-based (secret step pattern/toe movement) and Possession factors (shoes/insoles), is used
to identify and authenticate an individual person. For this purpose, an 18x6 sensor matrix of conductive lines is
proposed, which is controlled and evaluated by a Microcontroller Unit (MCU) and a specially designed circuit
board. By controlling of the MCU, a pressure profile of the foot during gait can be derived via corresponding
voltages and resistances. Through evaluation and appropriate training, a Machine Learning (ML) algorithm is
used to find features that separate humans.
The recognition and authentication of workers with the MFA scheme enables a higher level of security than
entering PIN codes or using Token cards. In order to increase security, the system can be expanded with
additional factors, further biometric and technical features as well as context information. The idea is to
integrate the H-PUF MFA into a general security framework that maps various aspects of device authentication
and access control.
Besides those industrial and security related scope, the system is also capable for further applications in the
medical sector or in sports. Wherever the individual gait can indicate a disease, it can be used for therapeutic
purposes or to measure and improve performance.