Attacks on Heartbeat-Based Security Using Remote Photoplethysmography
Artikel i vetenskaplig tidskrift, 2018

The time interval between consecutive heartbeats (interpulse interval, IPI) has previously been suggested for securing mobile-health solutions. This time interval is known to contain a degree of randomness, permitting the generation of a time-and person-specific identifier. It is commonly assumed that only devices trusted by a person can make physical contact with him/her, and that this physical contact allows each device to generate a similar identifier based on its own cardiac recordings. Under these conditions, the identifiers generated by different trusted devices can facilitate secure authentication. Recently, a wide range of techniques have been proposed for measuring heartbeats remotely, a prominent example of which is remote photoplethysmography (rPPG). These techniques may pose a significant threat to heartbeat-based security, as an adversary may pretend to be a trusted device by generating a similar identifier without physical contact, thus bypassing one of the core security conditions. In this paper, we assess the feasibility of such remote attacks using state-of-the-art rPPG methods. Our evaluation shows that rPPG has similar accuracy as contact PPG and, thus, forms a substantial threat to heartbeat-based-security systems that permit trusted devices to obtain their identifiers from contact PPG recordings. Conversely, rPPG cannot obtain an accurate representation of an identifier generated from electrical cardiac signals, making the latter invulnerable to state-of-the-art remote attacks.

Authentication

Biometrics (access control)

side-channel attacks

Remote monitoring

Robert Seepers

Photoplethysmography

with kind regards

Författare

Robert Mark Seepers

Erasmus Universiteit Rotterdam

Wenjin Wang

Technische Universiteit Eindhoven

Gerard de Haan

Technische Universiteit Eindhoven

Ioannis Sourdis

Chalmers, Data- och informationsteknik, Datorteknik

Christos Strydis

Erasmus Universiteit Rotterdam

IEEE Journal of Biomedical and Health Informatics

2168-2194 (ISSN) 2168-2208 (eISSN)

Vol. 22 3 714-721

Ämneskategorier

Annan medicinteknik

Datorsystem

Annan elektroteknik och elektronik

DOI

10.1109/JBHI.2017.2691282

PubMed

28391214