An Electrocardiogram-Based Authentication Protocol In Wireless Body Area Network

In the past few years, the applications of Wireless Body Area Network (WBAN) have improved the ability of healthcare providers to deliver appropriate treatments to the patients either in hospitals or at homes. Precisely, biomedical sensors in a WBAN collect physiological signal from human’s body to enable remote, continuous and real-time network services. As the signal contains highly sensitive medical information about the patient and communicates through an open wireless environment, securing the information from unauthorized access and tampering are critically needed. One of the most crucial components to support security architecture in WBAN is its key management as it serves as the fundamental of authentication and encryption, but the overheads are enormous in dealing with key generation, exchange, storage and replacement. In response to such issue, the most promising solution for key management is the use of biometrics so that the involved parties can agree on a key to provide the authenticity of medical data in WBAN. However, the existing models are inappropriate to achieve optimal security performance and the required lightweight manners due to the sensor’s resource constraints in terms of power consumption and memory space. Therefore, this thesis presents a new authentication protocol model that utilizes Electrocardiogram (ECG) signal as biometric as well as cryptographic key to ensure that the transmitted data are originated from the required WBAN. The proposed model is developed and simulated on Matlab based on an improved fuzzy vault scheme with a lightweight error correction algorithm to reduce the computational complexity when compared to previous work. To validate the proposed ECG-based authentication protocol model, the FAR and FRR analysis is done and then followed by the complexity analysis. The result of FAR and FRR analysis demonstrates that choosing a definite degree and tolerance level can achieve optimal security performance required in WBAN communications. In complexity analysis, based on t-test, the result shows that there is a significant difference with 5% significant level in the computational complexity between the proposed authentication model and the previous protocol called ECG-IJS scheme and the proposed model requires fewer overheads in terms storage and communication overheads. To enhance the overall performance, this thesis also evaluates the uniqueness and the stability of ECG signal using Independent Component Analysis (ICA) and fast Fourier Transform (FFT) algorithm respectively as the signal is applied as inputs of the proposed ECG-based authentication protocol model. The experimental result of ICA algorithm exhibits that each ECG signal is unique to each other as each signal is composed strongly from each different independent component and approximately zero relative to other independent components. While the result of FFT algorithm summarizes that the number of the common FFT peak location index for sensors on the same subject is significantly higher compared to the number of common feature for sensors on different subjects

Mobiles and wearables: owner biometrics and authentication

We discuss the design and development of HCI models for authentication based on gait and gesture that can be supported by mobile and wearable equipment. The paper proposes to use such biometric behavioral traits for partially transparent and continuous authentication by means of behavioral patterns. © 2016 Copyright held by the owner/author(s)

Secure Data Collection and Analysis in Smart Health Monitoring

Smart health monitoring uses real-time monitored data to support diagnosis, treatment, and health decision-making in modern smart healthcare systems and benefit our daily life. The accurate health monitoring and prompt transmission of health data are facilitated by the ever-evolving on-body sensors, wireless communication technologies, and wireless sensing techniques. Although the users have witnessed the convenience of smart health monitoring, severe privacy and security concerns on the valuable and sensitive collected data come along with the merit. The data collection, transmission, and analysis are vulnerable to various attacks, e.g., eavesdropping, due to the open nature of wireless media, the resource constraints of sensing devices, and the lack of security protocols. These deficiencies not only make conventional cryptographic methods not applicable in smart health monitoring but also put many obstacles in the path of designing privacy protection mechanisms. In this dissertation, we design dedicated schemes to achieve secure data collection and analysis in smart health monitoring. The first two works propose two robust and secure authentication schemes based on Electrocardiogram (ECG), which outperform traditional user identity authentication schemes in health monitoring, to restrict the access to collected data to legitimate users. To improve the practicality of ECG-based authentication, we address the nonuniformity and sensitivity of ECG signals, as well as the noise contamination issue. The next work investigates an extended authentication goal, denoted as wearable-user pair authentication. It simultaneously authenticates the user identity and device identity to provide further protection. We exploit the uniqueness of the interference between different wireless protocols, which is common in health monitoring due to devices\u27 varying sensing and transmission demands, and design a wearable-user pair authentication scheme based on the interference. However, the harm of this interference is also outstanding. Thus, in the fourth work, we use wireless human activity recognition in health monitoring as an example and analyze how this interference may jeopardize it. We identify a new attack that can produce false recognition result and discuss potential countermeasures against this attack. In the end, we move to a broader scenario and protect the statistics of distributed data reported in mobile crowd sensing, a common practice used in public health monitoring for data collection. We deploy differential privacy to enable the indistinguishability of workers\u27 locations and sensing data without the help of a trusted entity while meeting the accuracy demands of crowd sensing tasks

Multifactor authentication using smartphone as token

Biometrics are a field of study with relevant developments in the last decade. Specifically, electrocardiogram (ECG) based biometrics are now deemed a reliable source of identification. One of the major advances in this technology was the improvements in off-the-person authentication, by requiring nothing more than dry electrodes or conductive fabrics to acquire an ECG signal in a non-intrusive way through the user’s hands. However, identification still has a relatively poor performance when using large user databases. In this dissertation we suggest using ECG authentication associated with a smartphone security token in order to improve performance and decrease the time required for the recognition. We develop this technique in a user authentication scenario for a Windows login. We developed our solution using both normal Bluetooth (BT) and Bluetooth Low Energy (BLE) technologies to preserve phone battery; also, we develop apps for Windows Phone and Android, due to limitations detected. Additionally, we took advantage of the Intel Edison’s mobility features to create a more versatile environment. Results proved our solution to be possible. We executed a series of tests, through which we observed an improvement in authentication times when compared to a simple ECG identification scenario. Also, ECG performance in terms of false-negatives and false-positives is also increased.A biometria é uma área de estudo que observou desenvolvimentos relevantes na última década. Em específico, a biometria baseada no eletrocardiograma (ECG) é atualmente considerada uma fonte de identificação confiável. Um dos maiores avanços nesta tecnologia consiste na evolução da autenticação off-the-person, que permite realizar a aquisição de sinal de forma não intrusiva usando as mãos do utilizador. Contudo, a identificação através deste método ainda apresenta uma performance relativamente baixa quando usada uma base de dados de dimensão acima das dezenas. Nesta dissertação sugerimos usar a autenticação ECG associada a um telemóvel a funcionar como security token com o objectivo de melhorar a performance e diminuir o tempo necessário para o reconhecimento. Para isso, desenvolvemos a nossa solução usando a tecnologia Bluetooth (BL) clássico, mas também Bluetooth Low Energy (BLE) para preservar a bateria do telemóvel; além disto, desenvolvemos as aplicações em Windows Phone e também Android, dadas as limitações que encontrámos. Para criar um ambiente mais versátil e móvel, usámos a recente plataforma Intel Edison. Os resultados obtidos provam que a nossa solução é viável. Executámos uma série de testes, nos quais observámos uma melhoria nos tempos associados à autenticação quando comparados com o cenário clássico de identificação por ECG. Adicionalmente, a performance do ECG no que diz respeito ao número de falsos-negativos e falsos-positivos apresentou também melhoria

A Wearable Wrist Band-Type System for Multimodal Biometrics Integrated with Multispectral Skin Photomatrix and Electrocardiogram Sensors

Multimodal biometrics are promising for providing a strong security level for personal authentication, yet the implementation of a multimodal biometric system for practical usage need to meet such criteria that multimodal biometric signals should be easy to acquire but not easily compromised. We developed a wearable wrist band integrated with multispectral skin photomatrix (MSP) and electrocardiogram (ECG) sensors to improve the issues of collectability, performance and circumvention of multimodal biometric authentication. The band was designed to ensure collectability by sensing both MSP and ECG easily and to achieve high authentication performance with low computation, efficient memory usage, and relatively fast response. Acquisition of MSP and ECG using contact-based sensors could also prevent remote access to personal data. Personal authentication with multimodal biometrics using the integrated wearable wrist band was evaluated in 150 subjects and resulted in 0.2% equal error rate ( EER ) and 100% detection probability at 1% FAR (false acceptance rate) ( PD.1 ), which is comparable to other state-of-the-art multimodal biometrics. An additional investigation with a separate MSP sensor, which enhanced contact with the skin, along with ECG reached 0.1% EER and 100% PD.1 , showing a great potential of our in-house wearable band for practical applications. The results of this study demonstrate that our newly developed wearable wrist band may provide a reliable and easy-to-use multimodal biometric solution for personal authentication

Remote patient monitoring using safe and secure WBAN technology

In the recent years, we have witnessed a tremendous growth and development in the field of wireless communication technology and sensors. Resulting into opening new dimensions in various research fields. The integration of Nano scale devices with low power consumption circuits brought a new evolution in wireless networks. This blend of technologies led to the formation of a new field in WSN (Wireless Sensor Networks) known as WBAN (Wireless Body Area Network). WBAN is based on small sensors designed to operate and function mainly on the human body. As we are dealing with human lives, security and privacy are major concerns as patients’ data is at the stakes. Authentication is an important factor in securing information from unauthorized usage. Now-a-days a lot of research has been done in order to improve the overall authentication mechanisms in WBAN. In this poster, we are surveying the security challenges in WBAN with a focus on the authentication phase. A list of several methods along with their schemes has been studied and recapitulated. ECG is one the most popular schemes used in WBAN, benefiting from its uniqueness. However, it comes with challenges as creating an extract trait could get complicated. ECG could be aided by the help of combining fingerprint which will result in a non-destructive method of biometric authentication compared with single ECG trait