Abstract
1. Introduction
2. Background
3. ECG-based token generation procedure
4. Proposed solution
5. Related work
6. Conclusion
References
Abstract
In this paper we address the problem of how two devices that are sensing the same heart signal can generate the same cryptographic token by extracting them from the Inter-Pulse Intervals (IPIs) of each cardiac signal. Our analysis is based on the use of a run-time monitor, which is extracted from a formal model and verified against predefined properties, combined with a fuzzy extractor to improve the final result. We first show that it is impossible, in general, to correct the differences between the IPIs derived from two captured electrocardiogram (ECG) signals when using only error correction techniques, thus being impossible to corroborate previous claims on the feasibility of this approach. Then, we provide a large-scale evaluation of the proposed method (run-time monitor and fuzzy extractor) over 19 public databases from the Physionet repository containing heart signals. The results clearly show the practicality of our proposal achieving a 91% of synchronization probability for healthy individuals. Additionally, we also conduct an experiment to check how long the sensors should record the heart signal in order to generate tokens of 32, 64 and 128 bits. Contrarily to what it is usually assumed (6, 12, and 24 s for individuals with a heart rate of 80 beats-per-minute), the sensors have to wait 13, 28 and 56.5 s on median, respectively, to derive the same token from both sensors.
Introduction
Interest in biometrics has gained momentum in the last years mostly due to the massive use of daily life devices like smartwatches, smartphones and laptops [1,2]. This technology identifies and authenticates people in an automatic way based on biological and behavioral traits [3]. This interest is not temporary. According to a recently published report, global biometric market revenues will reach $34.6 billion annually in 2020, especially in mobile devices [4]. From a technical point of view, biometrics can be classified into two main groups depending on whether they use physiological or behavioral signals. Examples of physiological signals include fingerprints, iris, retina, heart and brain signals, whereas voice, signature analysis or keystroke dynamics are behavioral signals. The main reason why such signals can be easily included in authentication systems is because they exhibit a number of desirable features: they are universal, collectible, unobtrusive, permanent, unique, and difficult to circumvent [5].