How to Dance your Passwords: A Biometric MFA-scheme for Identification and Authentication of Individuals in IIoT Environments

Christoph Lipps, Jan Herbst, Hans Dieter Schotten

In: Proceedings of the 16th International Conference on Cyber Warfare and Security. International Conference on Cyber Warfare and Security (ICCWS-2021) February 25-26 Cookeville Tennessee United States ACPI 2/2021.


Current environments especially in the industrial sector including smart factories, the Industrial Internet of Things (IIoT) and Cyber-Physical Production Systems (CPPSs) consists of a multitude of different communicating “entities”. To secure these environments and to protect them against unauthorized entry, malicious access and leakage of confidential information, it is necessary to authenticate and thus identify the various participants. For technical components such as sensors, actuators and other machines, there are a lot of solutions such as certificates, Trusted Platform Modules (TPMs) and Physically Unclonable Functions (PUFs). In this work, a Multi-Factor-Authentication (MFA) scheme is presented which is based on Human-PUFs (H- PUFs), uninfluenceable and characteristic features of humans. A combination of factors, Inherent given (gait, weight), Knowledge-based (secret step pattern/toe movement) and Possession factors (shoes/insoles), is used to identify and authenticate an individual person. For this purpose, an 18x6 sensor matrix of conductive lines is proposed, which is controlled and evaluated by a Microcontroller Unit (MCU) and a specially designed circuit board. By controlling of the MCU, a pressure profile of the foot during gait can be derived via corresponding voltages and resistances. Through evaluation and appropriate training, a Machine Learning (ML) algorithm is used to find features that separate humans. The recognition and authentication of workers with the MFA scheme enables a higher level of security than entering PIN codes or using Token cards. In order to increase security, the system can be expanded with additional factors, further biometric and technical features as well as context information. The idea is to integrate the H-PUF MFA into a general security framework that maps various aspects of device authentication and access control. Besides those industrial and security related scope, the system is also capable for further applications in the medical sector or in sports. Wherever the individual gait can indicate a disease, it can be used for therapeutic purposes or to measure and improve performance.


Deutsches Forschungszentrum für Künstliche Intelligenz
German Research Center for Artificial Intelligence