Cardiovascular Biometrics to Secure the Internet of Things

IoT wearables and mobile devices have the potential to dramatically lower healthcare costs through remote health monitoring but come with risks of fraud due to the lack of physical presence at the time of collection. Many of the problems are related to access control and can be at least partially alleviated by incorporating biometric authentication. Biometrics have several benefits. First, they are more convenient than passwords, thereby preserving the spirit of IoT. Second, if appropriately selected, they could have low probability of circumvention. Third, the incorporation of biometrics into IoT brings concerns of cost and implementing a “user-friendly” design. While biometrics have their advantages, biometric key generation may suffer from environmental noise, intra-user variability. Furthermore, keys generated from biometrics should be uniformly random in order to remain resistant to attack. In order to overcome these detriments, we have developed a statistical approach called interval optimized mapping bit allocation (IOMBA) to mitigate the intra-subject variance while preserving privacy and generating long-keys. IOMBA tunes the biometric key generation process to each user rather than relying on a generic approach for all users. We build upon our approach called NA-IOMBA to select and quantize biometric features only for the most robust features that are selected for each user, thus avoiding unnecessary post-processing costs. Noise models are used to predict the impact of noise and further reduce error correction costs and enrollment time. We propose a new paradigm called “Biometric Locking by Obfuscation, Physically Unclonable Keys, and Reconfigurability” (BLOcKeR) which aims to provide low-cost template protection and attack resistance in match-on-card/ device applications. We introduce the first-ever biometric system implementation that utilizes hardware reconfigurability, bitstream obfuscation, and strong PUFs. We develop a first-ever novel presentation attack where a short template of a victim\u27s ECG is captured by an attacker and used to map an attacker\u27s ECG into a victim\u27s, which can then be provided to a sensor. We are the first group working on PPG-based human authentication and recognition using non-fiducial features. Our simulations have shown significant improvements for both supervised and unsupervised machine learning classification