93 research outputs found
CardioCam: Leveraging Camera on Mobile Devices to Verify Users While Their Heart is Pumping
With the increasing prevalence of mobile and IoT devices (e.g., smartphones, tablets, smart-home appliances), massive private and sensitive information are stored on these devices. To prevent unauthorized access on these devices, existing user verification solutions either rely on the complexity of user-defined secrets (e.g., password) or resort to specialized biometric sensors (e.g., fingerprint reader), but the users may still suffer from various attacks, such as password theft, shoulder surfing, smudge, and forged biometrics attacks. In this paper, we propose, CardioCam, a low-cost, general, hard-to-forge user verification system leveraging the unique cardiac biometrics extracted from the readily available built-in cameras in mobile and IoT devices. We demonstrate that the unique cardiac features can be extracted from the cardiac motion patterns in fingertips, by pressing on the built-in camera. To mitigate the impacts of various ambient lighting conditions and human movements under practical scenarios, CardioCam develops a gradient-based technique to optimize the camera configuration, and dynamically selects the most sensitive pixels in a camera frame to extract reliable cardiac motion patterns. Furthermore, the morphological characteristic analysis is deployed to derive user-specific cardiac features, and a feature transformation scheme grounded on Principle Component Analysis (PCA) is developed to enhance the robustness of cardiac biometrics for effective user verification. With the prototyped system, extensive experiments involving 25 subjects are conducted to demonstrate that CardioCam can achieve effective and reliable user verification with over 99% average true positive rate (TPR) while maintaining the false positive rate (FPR) as low as 4%
Seeing Red: PPG Biometrics Using Smartphone Cameras
In this paper, we propose a system that enables photoplethysmogram
(PPG)-based authentication by using a smartphone camera. PPG signals are
obtained by recording a video from the camera as users are resting their finger
on top of the camera lens. The signals can be extracted based on subtle changes
in the video that are due to changes in the light reflection properties of the
skin as the blood flows through the finger. We collect a dataset of PPG
measurements from a set of 15 users over the course of 6-11 sessions per user
using an iPhone X for the measurements. We design an authentication pipeline
that leverages the uniqueness of each individual's cardiovascular system,
identifying a set of distinctive features from each heartbeat. We conduct a set
of experiments to evaluate the recognition performance of the PPG biometric
trait, including cross-session scenarios which have been disregarded in
previous work. We found that when aggregating sufficient samples for the
decision we achieve an EER as low as 8%, but that the performance greatly
decreases in the cross-session scenario, with an average EER of 20%.Comment: 8 pages, 15th IEEE Computer Society Workshop on Biometrics 202
Influencing brain waves by evoked potentials as biometric approach: taking stock of the last six years of research
The scientific advances of recent years have made available to anyone affordable hardware devices capable of doing something unthinkable until a few years ago, the reading of brain waves. It means that through small wearable devices it is possible to perform an electroencephalography (EEG), albeit with less potential than those offered by high-cost professional devices. Such devices make it possible for researchers a huge number of experiments that were once impossible in many areas due to the high costs of the necessary hardware. Many studies in the literature explore the use of EEG data as a biometric approach for people identification, but, unfortunately, it presents problems mainly related to the difficulty of extracting unique and stable patterns from users, despite the adoption of sophisticated techniques. An approach to face this problem is based on the evoked potentials (EPs), external stimuli applied during the EEG reading, a noninvasive technique used for many years in clinical routine, in combination with other diagnostic tests, to evaluate the electrical activity related to some areas of the brain and spinal cord to diagnose neurological disorders. In consideration of the growing number of works in the literature that combine the EEG and EP approaches for biometric purposes, this work aims to evaluate the practical feasibility of such approaches as reliable biometric instruments for user identification by surveying the state of the art of the last 6 years, also providing an overview of the elements and concepts related to this research area
Biopotential signals and their applicability to cibersecurity problems
Biometric systems are an uprising technique of identification in today’s
world. Many different biometric systems have been used in everyone’s
daily life in the past years, such as fingerprint, face scan, ECG, and others.
More than 20 years evince that the Elektrokardiogramm (EKG) or Electrocardiogram
(ECG) is a feasible method to perform user identification as each
person has their unique and inherent Elektrokardiogramm (EKG). A biometric
system is based on something that every human being is and cannot lose
or possess as it is an eye, the DNA, palm print, vein patterns, iris, retina,
etc. For this reason, during the last decade, biometric identification or authentication
has gained ground between the classic authentication systems as
it was a PIN or a physical key. All biometric systems, to be accepted, must
fulfill a set of requirements including universality, uniqueness, permanence,
and collectability. The EKG is a biometric trait that not only fulfills those
requirements but also has some advantages over other biometric traits. To
use an EKG as the biometric trait for identification is motivated by four key
points: 1) the collection of an EKG is a non-invasive technique so may contribute
to the acceptability among the population; 2) a human being can only
be identified if they are alive as their heart must be beating; 3) all living
beings have their EKG so it is inclusive; 4) an EKG not only provides identification
but also provides a medical and even emotional diagnose.
There exist many works regarding user identification with EKGs in the
current state-of-the-art. Biometric identification with EKGs has been deployed
using many different techniques. Some works use the fiducial points
of the EKG signal (T-peak, R-peak, P-onset, QRS-offset, ...) to perform the
user identification and others use feature extraction performed by a Neural
Network as the classification or identification method. As the EKG is a signal
which is expressed in time and frequency, many different Neural Network
models can exploit the dissimilarity between each EKG signal from each user
to perform user identification such as Recurrent Neural Networks, Convolutional
Neural Networks, Long-Short Term Memory, Principal Component
Analysis, among others offering very competitive results.
Focusing on user identification, depending on the user condition in each
case, as has been commented before, the EKG not only contributes as an
identification method but also offers a diagnosis as it is a person’s condition
from a medical point of view or a person’s status regarding their emotional
state. Some research has studied certain conditions such as anxiety over EKG
identification showing that higher heart rates might be more complex to identify individuals.
Nevertheless, there are some drawbacks in the current state-of-the-art regarding
identification with EKG. Many systems use very complexly Deep
Learning architectures or, as commented, extract the features by a fiducial
analysis making the biometric system too complex and computationally costly.
One important flaw, not only in biometric systems but in science, is the lack
of publicly available datasets and the use of private ones to perform different
studies. Using a private database for any research makes the experiments and
results irreproducible and it could be considered a drawback in any science
field. Furthermore, many of these works use the EKG signal in a sense that
it can be recovered from the identification system so there is no privacy protection
for the user as anyone could retrieve their EKG signal.
Owing to the many drawbacks of a biometric system based on ECG signals,
ELEKTRA is presented in this thesis as a new identification system whose
aim is to overcome all the inconveniences of the current proposals. ELEKTRA
is a biometric system that performs user identification by using EKGs
converted into a heatmap of a set of aligned R-peaks (heartbeats), forming a
matrix called an Elektrokardiomatrix (EKM).
ELEKTRA is based on past work where the EKM was already created
for medical purposes. As far as the literature covers up to this date, all the
existing research regarding the use of the EKM is focused on the diagnosis
of different Cardiovascular Disease (CVD) such as Congestive Heart Failure,
Atrial Fibrillation, and Heart Rate Variability, among others. Therefore, the
work presented in this thesis, presumably, is the first one to use the EKM as
a valid identification method.
In aim to offer reproducible results, four different public databases are
taken to show the model feasibility and adaptability: i) the Normal Sinus
Rhythm Database (NSRDB), ii) the MIT-BIH Arrhythmia Database (MITBIHDB),
iii) the Physikalisch-Technische Bundesanstalt (PTBDB), and iv)
the Glasgow University Database (GUDB). The first three of them (i, ii and
iii) are taken from Physionet a freely-available repository with medical research
data, managed by the MIT Laboratory. However, the fourth database
(iv ) is also freely available by petition to Glasgow University.
Furthermore, to test ELEKTRA’s adaptability and feasibility of the biometric
system presented, four different datasets are built from the databases
where the EKG signals are segmented into windows to create several Elektrokardiomatrix
(EKM)s. The number of EKMs built for each dataset will
depend on the length of the records. For example, for the Normal Sinus
Rhythm Database (NSRDB) as the EKG records are very extensive, 3000
EKMs or images per user will be obtained. However, for the three other databases, the highest possible number of EKM images is obtained until the
signal is lost. It is important to take into account that depending on the number
of heartbeats taken to be represented in each EKM, a different number
of EKMs is obtained for the three databases in which EKG recordings are
shorter. As higher the number of heartbeats o R-peaks taken (i.e., 7bpf), the
fewer images will be obtained.
Once the datasets of EKMs are constructed, a simple yet effective Convolutional
Neural Network (CNN) is built by one 2D Convolution with ReLU
activation, a max-pooling operation followed by a dropout to include regularisation
and, and finally, a layer with flattened and dense operations with
a softmax or sigmoid function depending if the classification task is categorical
o binary to achieve the final classification. With this simple CNN, the
feasibility and adaptability of ELEKTRA are demonstrated during all the
experiments.
The four databases are tested during chapters 3, 4, and 5 where the experimentation
takes place. In Chapter 3, the NSRDB is studied as the baseline
of identification with control users. Different experiments are conducted with
aim of studying ELEKTRA’s behavior. In the first experiments, how many
heartbeats are needed to identify a user and the costs of convergence of the
model depending on the time computing and the number of heartbeats taken
to be represented in the EKM are studied. In this case, similar results are
achieved in all the experiments as results close to 100% of accuracy are obtained.
In the classification of a non-seen user a user, from a different database
that has not been seen in any other experiment, is processed and tested against
the network. The result obtained is that a non-seen user or an impersonator
would only bypass the system one in ten times which can be considered a
low ratio when many systems are blocked after three to five attempts. The
classification of a user is tested to have a closer situation in which a low-cost
sensor is used. For this experiment, an EKG signal is modified by adding
Gaussian noise and then processed as any other signal. As a demonstration
of our robust system, an accuracy of 99% is obtained indicating that a noisy
signal can be processed too. The last experiment over the NSRDB is where
this database is used to test the feasibility of ELEKTRA by testing how many
images or EKM are enough to identify a user. Even though there is a decrease
in accuracy when the number of images used to train the network is decreased
too, a 97% of accuracy is obtained when training the network with only 300
EKMs per user. This chapter concludes that, as shown in all the experiments,
ELEKTRA is a valid and feasible identification method for control users.
The MIT-BIH Arrhythmia Database (MIT-BIHDB) is a database comprising
patients with Arrhythmia and random users, and the Physikalisch-
Technische Bundesanstalt (PTBDB) comprises patients with different CVD
together with healthy users. Hence, the main goal in Chapter 4 is to study the identification system proposed over users with CVD showing ELEKTRA’s
adaptability. First of all, the MIT-BIHDB is tested achieving outperforming
results and showing how ELEKTRokardiomatrix Application to biometric
identification with Convolutional Neural Networks (ELEKTRA) is capable
to identify a pool of users with and without arrhythmia with just a slight
decrease of the network’s accuracy as a 97% of accuracy is obtained. Secondly,
the whole PTBDB is taken to test the biometric system. The result
obtained in this experiment is lower than in the other ones (a 93% of accuracy)
as the number of images used to train the network has suffered a great
decrease compared to the other experiments and 232 users are being studied.
Lastly, ELEKTRA has tested over 162 users from the PTBDB with specific
CVD which, namely, are Bundle branch block, Cardiomyopathy, Dysrhythmia,
Myocardial infarction, Myocarditis, and Valvular heart disease. Through
this experiment, the aim is to see ELEKTRA’s behaviour when only users
with CVD are included. Better results are obtained compared to the last
experiment. It can be owed that the number of users has decreased and that
a CVD makes more unique each EKG as many researchers use the EKM for
diagnosis purposes. The conclusion extracted from all the experiments from
this chapter is that ELEKTRA is capable to identify users with and without
CVD approaching a real-life scenario.
In Chapter 5 the Glasgow University Database (GUDB) is tested to evaluate
the performance of user identification when the users are performing
different activities. The GUDB comprises 25 users performing five different
activities with different levels of cardiovascular effort: sitting, walking on a
treadmill, doing a maths exam, using a handbike, and running on a treadmill.
The proposed biometric system is tested with each of these activities for 3
and 5 bpf achieving different results in each case. For the experiments performed
where an activity requiring lower cardiovascular effort such as sitting
or walking, the accuracy obtained is close to 100% as it is 99.19% for sitting
and 98.59% for walking. Then for the scenarios where higher heartbeat rates
are supposed the experiment results in lower accuracies as it is jogging with
an 82.63% and biking with a 95.51%. For the maths scenario, its outcome
is different; the heartbeat rate for each user could be different depending on
how nervous each user is. Hence, a 94.0% is obtained with this activity. The
conclusion extracted from these first experiments is that it is more complex
to identify users when they are performing an activity that requires a higher
cardiovascular effort and, consequently have a higher heart rate. For the following
experiment, all scenarios have been merged to study the behaviour of
a system that has been trained with users performing different activities. In
this case, the results obtained seemed to be close to the mean of the results obtained
before as the general accuracy for all the scenarios with 3bpf is 91.32%.
For the subsequent experiments, some of the scenarios have been merged into
two different categories. On the one hand, the more calmed activities (sitting
and walking) have been merged in the so-called Low Cardiovascular Activity (LCA) scenario. The accuracy obtained by training and testing with these
two activities together is 97.74% and an EER of 1.01%. On the other hand,
the High Cardiovascular Activity (HCA) scenario is composed by activities
that require a higher cardiovascular effort (jogging and biking). In this case,
the results obtained have decreased compared to the last ones as the accuracy
is 85.71%. It can be noticed that what has suffered a considerable increase is
the False Rejection Rate (FRR) which is 14.17% without implying an increase
in the False Acceptance Rate (FAR) which is still very low as it is 0.6%. The
last experiments have been called fight of scenarios as there is a confrontation
between scenarios by merging some of them and training with some activities
or scenarios and predicting with different ones. The first experiments that can
be found in this section are training with the LCA group and testing with
the HCA group and vice versa. The results here show a great decrease in the
performance as accuracies are 37.24% and 46.42%, respectively. This fact implies
that it is more complex to identify users that have been registered with
a different heartbeat rate. Last but not least, there are a set of experiments
where the activities have been confronted such as training the network with
the sitting scenario and testing with the jogging scenario. These experiments
confirm the hypothesis for higher heart rates, are more complex to identify
users, and even more when the network has been trained over calmed users.
Even though, one of the main advantages of the presented model is that, even
for low accuracies, the False Acceptance Rate has not increased compared to
the other experiments meaning that an impostor could not achieve bypassing
the system.
Lastly, in Chapter 6 conclusions and discussions are offered. A comparison
between ELEKTRA and other biometric systems based on EKGs from
the current state-of-the-art is offered. These researches from the literature
are examined to show how ELEKTRA outperforms all of them in regards to
some of the aspects such as efficiency, complexity, accuracy, error rates, and
reproducibility among others. It is important to remark that, compared to the
other works, in all experiments performed in this doctoral thesis, really high
performances with high accuracies and low error rates are achieved. In fact,
what is remarkable is that this performance is obtained using a very simple
CNN conformed by just one convolutional layer. By achieving outstanding
results with a simple neural network, the solidity of ELEKTRA is proven.
By this, ELEKTRA contributes to the state-of-the-art by providing a new
method for user identification with EKGs with many benefits. Outstanding
results in terms of high accuracy and low error rates in the experiments assure
the efficiency of ELEKTRA. The fact that the databases used to perform
the experimentation in this doctoral thesis are publicly available, makes this
work reproducible in contrast to many other works in the literature. In fact,
as the databases used are different depending on the users’ nature conforming
to each database, it is established that the identification method proposed is inclusive as all living beings have their own EKG and high accuracies are also
obtained when testing the model over users with different CVD. Moreover, as
it has been proven that users with CVD can also be identified without having
major drawbacks, ELEKTRA offers an identification system that can also
offer a diagnosis of the user who is being identified in terms of their medical
health. In addition, thanks to the GUDB, ELEKTRA can determine for the
first time, as far as the literature reaches, that performing user identification
with EKGs over users performing activities requiring a higher cardiovascular
effort and consequently having higher heartbeat rates, is more complex.
In conclusion, by the studies and experiments performed in this doctoral
thesis, it can be assumed that ELEKTRA is a feasible and efficient identification
method for biometrics with EKG and outperforms the current stateof-
the-art proposals in user identification with EKG.Los sistemas biométricos son una técnica de identificación en auge en la
actualidad. En los últimos años se han utilizado muchos sistemas diferentes
en la vida cotidiana, como la huella dactilar, el escáner facial, o el ECG,
entre otros. De hecho, son más de 20 años los que avalan que el Elektrokardiogramm
(EKG) o el Electrocardiogram (ECG) es un método fiable para
realizar identificación de usuarios. En esta tesis se propone un nuevo método
de identificación biométrica denominado ELEKTRA. Por otro lado, existen
algunos inconvenientes en el estado del arte actual respecto a la identificación
con EKG. Muchos sistemas utilizan arquitecturas muy complejas de Deep
Learning o extraen las características importantes mediante un análisis fiduciario,
haciendo que el sistema biométrico sea demasiado complejo o costoso.
Un fallo importante, no solo en los sistemas biométricos, es la falta de bases
de datos públicas y el uso de bases de datos privadas para la investigación. El
uso de bases de datos privadas en cualquier estudio hace que los experimentos
y los resultados sean irreproducibles y son un inconveniente en cualquier
campo de la ciencia.
En esta tesis doctoral se ha desarrollado ELEKTRA, un sistema de identificación
biométrica, mediante el uso de imagénes llamadas Elektrokardiomatrix
(EKM). Estas imágenes se construyen a partir de realizar un mapa de
calor de un conjunto de picos R (latidos) alineados, formando una matriz.
Con el fin de ofrecer resultados reproducibles, se usan cuatro diferentes bases
de datos públicas para demostrar la viabilidad y adaptabilidad del modelo:
la Normal Sinus Rhythm Database (NSRDB), la MIT-BIH Arrhythmia
Database (MIT-BIHDB), la Physikalisch-Technische Bundesanstalt (PTBDB)
y la Glasgow University Database (GUDB). Se han creado nuevas sub-bases
de datos de EKMs a partir de cada una de las bases de datos mencionadas.
Además, para testear la adaptabilidad y viabilidad de ELEKTRA como sistema
biométrico se construye una CNN sencilla, pero eficaz, con una sola capa
Convolucional.
Las cuatro bases de datos anteriormente mencionadas se han testeado en
los Capítulos 3, 4 y 5. En el Capítulo 3 se estudia la NSRDB como prueba
de concepto de identificación en usuarios control. Se realizan diferentes experimentos
con el objetivo de estudiar el comportamiento de ELEKTRA. Las
características estudiadas con esta base de datos son: cuántos latidos son
necesarios para identificar a un usuario; los costes de convergencia del modelo
presentado; la clasificación de un usuario jamás visto proveniente de una base
de datos diferente; la clasificación de un usuario cuya señal EKG ha sido modificada añadiendo ruido Gaussiano; y la viabilidad de ELEKTRA probando
cuántas imágenes o EKM son suficientes para identificar a un usuario.
En cuanto a las bases de datos que contienen usuarios con CVD, la MITBIHDB
contiene pacientes con Arritmia y usuarios sanos, y la PTBDB contiene
pacientes con diferentes CVD junto a usuarios sanos. Estas dos bases
de datos se estudian en el Capítulo 4, donde se estudia la adaptabilidad de
ELEKTRA a distintas CVDs. En primer lugar, se testea la MIT-BIHDB logrando
resultados prometedores y mostrando cómo ELEKTRA es capaz de
identificar usuarios con y sin arritmia en el mismo grupo. En segundo lugar,
se toma la PTBDB completa obteniendo porcentajes altos de acierto y bajos
en cuanto a tasas de error concierne. Y por último, se prueba ELEKTRA
sobre algunos usuarios con CVD específicos de la PTBDB para ver su comportamiento
cuando sólo se incluyen usuarios con CVD. El resultado de estos
experimentos muestra cómo ELEKTRA es capaz de identificar a los usuarios
con y sin CVD acercándose a un escenario real.
Por último, en el capítulo 5 se prueba ELEKTRA sobre la GUDB para
evaluar el rendimiento de la identificación de usuarios cuando éstos realizan
diferentes actividades cardiovasculares. La GUDB consta de 25 usuarios que
realizan cinco actividades diferentes con distintos niveles de esfuerzo cardiovascular
(sentarse, caminar, hacer un examen de matemáticas, usar una bicicleta
de mano y correr en una cinta). El sistema biométrico propuesto
se prueba con cada una de estas actividades para mostrar que es más complejo
identificar a los usuarios cuando realizan una actividad que requiere un
mayor esfuerzo cardiovascular y, en consecuencia, tienen una mayor frecuencia
cardíaca. Los experimentos realizados consisten en fusionar diferentes actividades
para estudiar las diferencias entre las frecuencias cardíacas y cómo la
identificación del usuario está relacionada la misma. El experimento más representativo
se realiza entrenando el modelo con el escenario en el que el usuario
está sentado y realizando la clasificación ciega de usuarios del escenario en el
cual están corriendo. En este experimento, se obtiene una precisión realmente
baja demostrando que para frecuencias de latidos más altas es más complejo
identificar a un usuario. De hecho, una de las principales ventajas del modelo
presentado es que, incluso con una precisión baja, la Tasa de Falsa Aceptación
no ha aumentado en comparación con los otros experimentos, lo que significa
que un impostor no podría conseguir eludir el sistema. Sin embargo, si la
base de datos se lanza sobre todas las actividades fusionadas, se muestran
resultados precisos que ofrecen un modelo inclusivo para entrenar y probar
sobre usuarios que realizan diferentes actividades.
De este modo, ELEKTRA contribuye al estado del arte proporcionando
un nuevo método de identificac
새로운 심탄도 계측 시스템의 응용 -연속혈압 추정과 생체인식
학위논문 (박사)-- 서울대학교 대학원 : 협동과정 바이오엔지니어링전공, 2014. 8. 김희찬.심탄도 (Ballistocardiogram)는 심박에 동기되어 발생하는 우리 몸의 미세한 진동을 측정한 신호이다. 비침습적으로 심혈관계의 활동을 관찰할 수 있다는 장점 때문에, 20세기 초반에 심탄도의 해석에 대한 많은 연구가 이루어졌다. 그러나 초음파 기기 등 심혈관계 관련 질병들을 진단할 수 있는 새로운 기술들이 개발되면서 상대적으로 실용적이지 못한 특성을 가진 심탄도에 대한 관심은 1970년대 이후에 급격히 줄어들었다.
새로운 센서들의 등장과 마이크로프로세서, 신호처리 기술들의 발전에 힘입어 심탄도 연구는 다시 활기를 띠고 있다. 그러나 이러한 발전들에도 불구하고 심탄도는 의자나 침대 등 상당한 부피를 차지하는 사물을 이용하여 계측되고, 분석을 위해서는 동기화 된 심전도가 동시에 측정되어야 하는 등 측정상의 번거로움이 있다. 또한, 심탄도는 개인 간에는 물론 한 개인에게서도 파형에 많은 변이를 보여 신호의 일관된 해석에 어려움이 있다.
본 학위논문에서는, 이러한 측정 측면과 신호처리 측면에서 현 심탄도 응용의 한계점을 극복할 수 있는 방안을 마련하여, 심탄도의 실질적인 활용 범위를 더욱 확장할 수 있는 방안에 대해 연구하였다.
우선, 심탄도를 심전도와 동시에 무구속적으로 잴 수 있는 필름기반의 패치타입 센서를 개발하였다. 압전소자의 양면에 복수개의 전극을 패터닝하고 각각의 전극에 독립된 기능을 부여해 회로에 연결함으로써 필름 한 장으로 물리적인 신호 (심탄도)와 전기적인 신호(심전도)의 동시 측정이 가능하게 하였다. 센서를 가슴에 부착하였을 때 심전도의 특징적인 R 피크과 심탄도의 특징적인 J 피크를 확인하여 기능을 확인할 수 있었으며, 추가적으로 R-J 간격이 수축기 혈압과 음의 상관관계를 가짐을 이용하여 개발된 센서로 혈압을 추정할 수 있었다. 센서를 통해 예측한 수축기 혈압 오차의 평균값과 표준편차는 각각 -0.16 mmHg와 4.12mmHg으로, 미국과 영국의 혈압계 가이드라인을 모두 만족시킬 수 있었다.
다음으로, 심탄도의 변이적 특성을 새로운 생체인식 기법으로 발전시키는 방안에 대한 연구를 진행하였다. 이를 위하여 심탄도 한 파형 내의 특이점들을 기반으로 특징 벡터를 추출하고 기계학습을 통해 특징들의 변이를 개인들 간의 변이와 한 개인 내에서의 변이로 구분 하였다. 추출된 특징들을 이용하여 35명의 피험자들에게 실험해 본 결과, 단일 심박신호로는 90.20%의 확률로 개개인을 구분할 수 있었으며 7개의 연속된 심박신호로는 98%이상의 성능을 낼 수 있었다. 또한 약 일주일 간격을 두고 반복하여 측정한 데이터와 운동을 통해 심박수가 변화된 데이터의 적용을 통해서 심탄도를 이용한 생체인식 방법의 재현성을 확인할 수 있었다.Ballistocardiogram (BCG) is a recording of body movement, which is generated in synchronous with the heartbeats. Studies on BCG were a field of intense research in the past decades, since it could provide a non-invasive means to monitor cardiovascular activities. However, such interests have slowly diminished after 1970s due to its impractical characteristics compared to the new technologies (i.e. echocardiography) that diagnose cardiovascular system.
Studies on BCG are now on its resurgence era, with advent of new sensors, microprocessor, and the signal processing techniques. Notable differences of todays BCG researches, compared to the past ones, are on the emergence of non-diagnostic applications of BCG. Sleep analysis, heartbeat detection and the estimation of pre-ejection time are the few examples of BCG applications that were previously non-existent.
Despite these advancements, however, practical usage of BCG has yet to become reality. One reason for this is in its difficulties in instrumentation. In a number of researches, BCGs are often recorded with a sensor attached to bulky objects, for example bed or chair. Also, a synchronously measured electrocardiogram (ECG) is required for the accurate analysis of BCG, therefore, increases the system complexity.
Morphological variability of BCG is another limiting factor. Waveforms of BCG are reported to vary among subjects and even in a same person. Such characteristics of BCG impose difficulties in its consistent interpretation and in drawing meaningful information.
In this dissertation, we first propose a sensor, namely BE-patch, which can record both the BCG and ECG using a ferro-electret film. As the sensor is thin and flexible and features reduced complexity, it suits for wearable applications in terms both of user compliance and power consumption.
The fabrication method of BE-patch and its application in blood pressure estimation is reported in Chapter 2. Using the time delay of R-peak of ECG and J-peak of BCG (so-called, R-J interval), which showed the negative relationship with changes in blood pressure, the beat-by-beat systolic blood pressure (SBP) is estimated. The mean error of the estimated SBP and its standard deviation were ?0.16 and 4.12 mm Hg, respectively and their performance met both the Association for the Advancement of Medical Instrumentation and the British Hypertension Society guidelines.
In Chapter 3, the variable aspect of BCG is re-analyzed to develop a biometric application. Waveforms of BCG were described using features and their variability was separated to the inter-individual and the intra-individual variations by applying supervised learning algorithms. The result showed the potential utility of BCG as biometric signal, by achieving identification accuracy of 90.20% using only a cycle of BCG. Then identification increased to 98% when multiple beats were used, and reproducible with time and changes in heart-rates.
In Chapter 4, the thesis work is summarized, and future directions to further develop the proposed sensor and applications are discussed.Abstract i
List of Tables v
List of Figures vi
1. Introduction 1
1.1. History of BCG Research 1
1.2. Recent Advances 7
1.3. Goal of Thesis Work 9
2. Blood Pressure Estimation 13
2.1. Introduction 13
2.2. Principles of BP Estimation 16
2.3. Methods 21
2.4. Results and Discussions 26
2.5. Conclusion 28
3. Biometric Application 29
3.1. Introduction 29
3.2. Methods 39
3.3. Results and Discussions 48
3.4. Conclusion 56
4. Conclusions and Discussions 57
Bibliography 65
국문초록 71Docto
Sensing with Earables: A Systematic Literature Review and Taxonomy of Phenomena
Earables have emerged as a unique platform for ubiquitous computing by augmenting ear-worn devices with state-of-the-art sensing. This new platform has spurred a wealth of new research exploring what can be detected on a wearable, small form factor. As a sensing platform, the ears are less susceptible to motion artifacts and are located in close proximity to a number of important anatomical structures including the brain, blood vessels, and facial muscles which reveal a wealth of information. They can be easily reached by the hands and the ear canal itself is affected by mouth, face, and head movements. We have conducted a systematic literature review of 271 earable publications from the ACM and IEEE libraries. These were synthesized into an open-ended taxonomy of 47 different phenomena that can be sensed in, on, or around the ear. Through analysis, we identify 13 fundamental phenomena from which all other phenomena can be derived, and discuss the different sensors and sensing principles used to detect them. We comprehensively review the phenomena in four main areas of (i) physiological monitoring and health, (ii) movement and activity, (iii) interaction, and (iv) authentication and identification. This breadth highlights the potential that earables have to offer as a ubiquitous, general-purpose platform
Cybersecurity in implantable medical devices
Mención Internacional en el título de doctorImplantable Medical Devices (IMDs) are electronic devices implanted within
the body to treat a medical condition, monitor the state or improve the
functioning of some body part, or just to provide the patient with a capability
that he did not possess before [86]. Current examples of IMDs
include pacemakers and defibrillators to monitor and treat cardiac conditions;
neurostimulators for deep brain stimulation in cases such as epilepsy
or Parkinson; drug delivery systems in the form of infusion pumps; and a
variety of biosensors to acquire and process different biosignals.
Some of the newest IMDs have started to incorporate numerous communication
and networking functions—usually known as “telemetry”—,
as well as increasingly more sophisticated computing capabilities. This
has provided implants with more intelligence and patients with more autonomy,
as medical personnel can access data and reconfigure the implant
remotely (i.e., without the patient being physically present in medical facilities).
Apart from a significant cost reduction, telemetry and computing
capabilities also allow healthcare providers to constantly monitor the patient’s
condition and to develop new diagnostic techniques based on an
Intra Body Network (IBN) of medical devices [25, 26, 201].
Evolving from a mere electromechanical IMD to one with more advanced
computing and communication capabilities has many benefits but
also entails numerous security and privacy risks for the patient. The majority
of such risks are relatively well known in classical computing scenarios,
though in many respects their repercussions are far more critical in the case
of implants. Attacks against an IMD can put at risk the safety of the patient
who carries it, with fatal consequences in certain cases. Causing an intentional
malfunction of an implant can lead to death and, as recognized by the
U.S. Food and Drug Administration (FDA), such deliberate attacks could
be far more difficult to detect than accidental ones [61]. Furthermore, these
devices store and transmit very sensitive medical information that requires
protection, as dictated by European (e.g., Directive 95/46/ECC) and U.S.
(e.g., CFR 164.312) Directives [94, 204].
The wireless communication capabilities present in many modern IMDs
are a major source of security risks, particularly while the patient is in open
(i.e., non-medical) environments. To begin with, the implant becomes no
longer “invisible”, as its presence could be remotely detected [48]. Furthermore,
it facilitates the access to transmitted data by eavesdroppers who
simply listen to the (insecure) channel [83]. This could result in a major privacy breach, as IMDs store sensitive information such as vital signals,
diagnosed conditions, therapies, and a variety of personal data (e.g., birth
date, name, and other medically relevant identifiers). A vulnerable communication
channel also makes it easier to attack the implant in ways similar
to those used against more common computing devices [118, 129, 156],
i.e., by forging, altering, or replying previously captured messages [82].
This could potentially allow an adversary to monitor and modify the implant
without necessarily being close to the victim [164]. In this regard,
the concerns of former U.S. vice-president Dick Cheney constitute an excellent
example: he had his Implantable Cardioverter Defibrillator (ICD)
replaced by another without WiFi capability [219].
While there are still no known real-world incidents, several attacks on
IMDs have been successfully demonstrated in the lab [83, 133, 143]. These
attacks have shown how an adversary can disable or reprogram therapies
on an ICD with wireless connectivity, and even inducing a shock state to
the patient [65]. Other attacks deplete the battery and render the device
inoperative [91], which often implies that the patient must undergo a surgical
procedure to have the IMD replaced. Moreover, in the case of cardiac
implants, they have a switch that can be turned off merely by applying a
magnetic field [149]. The existence of this mechanism is motivated by the
need to shield ICDs to electromagnetic fields, for instance when the patient
undergoes cardiac surgery using electrocautery devices [47]. However, this
could be easily exploited by an attacker, since activating such a primitive
mechanism does not require any kind of authentication.
In order to prevent attacks, it is imperative that the new generation of
IMDs will be equipped with strong mechanisms guaranteeing basic security
properties such as confidentiality, integrity, and availability. For example,
mutual authentication between the IMD and medical personnel is
essential, as both parties must be confident that the other end is who claims
to be. In the case of the IMD, only commands coming from authenticated
parties should be considered, while medical personnel should not trust any
message claiming to come from the IMD unless sufficient guarantees are
given.
Preserving the confidentiality of the information stored in and transmitted
by the IMD is another mandatory aspect. The device must implement
appropriate security policies that restrict what entities can reconfigure the
IMD or get access to the information stored in it, ensuring that only authorized
operations are executed. Similarly, security mechanisms have to
be implemented to protect the content of messages exchanged through an insecure wireless channel.
Integrity protection is equally important to ensure that information has
not been modified in transit. For example, if the information sent by the
implant to the Programmer is altered, the doctor might make a wrong decision.
Conversely, if a command sent to the implant is forged, modified,
or simply contains errors, its execution could result in a compromise of the
patient’s physical integrity.
Technical security mechanisms should be incorporated in the design
phase and complemented with appropriate legal and administrative measures.
Current legislation is rather permissive in this regard, allowing the
use of implants like ICDs that do not incorporate any security mechanisms.
Regulatory authorities like the FDA in the U.S or the EMA (European
Medicines Agency) in Europe should promote metrics and frameworks for
assessing the security of IMDs. These assessments should be mandatory
by law, requiring an adequate security level for an implant before approving
its use. Moreover, both the security measures supported on each IMD
and the security assessment results should be made public.
Prudent engineering practices well known in the safety and security domains
should be followed in the design of IMDs. If hardware errors are
detected, it often entails a replacement of the implant, with the associated
risks linked to a surgery. One of the main sources of failure when treating
or monitoring a patient is precisely malfunctions of the device itself.
These failures are known as “recalls” or “advisories”, and it is estimated
that they affect around 2.6% of patients carrying an implant. Furthermore,
the software running on the device should strictly support the functionalities
required to perform the medical and operational tasks for what it was
designed, and no more [66, 134, 213].
In Chapter 1, we present a survey of security and privacy issues in
IMDs, discuss the most relevant mechanisms proposed to address these
challenges, and analyze their suitability, advantages, and main drawbacks.
In Chapter 2, we show how the use of highly compressed electrocardiogram
(ECG) signals (only 24 coefficients of Hadamard Transform) is enough
to unequivocally identify individuals with a high performance (classification
accuracy of 97% and with identification system errors in the order of
10−2). In Chapter 3 we introduce a new Continuous Authentication scheme
that, contrarily to previous works in this area, considers ECG signals as
continuous data streams. The proposed ECG-based CA system is intended
for real-time applications and is able to offer an accuracy up to 96%, with
an almost perfect system performance (kappa statistic > 80%). In Chapter 4, we propose a distance bounding protocol to manage access control of
IMDs: ACIMD. ACIMD combines two features namely identity verification
(authentication) and proximity verification (distance checking). The
authentication mechanism we developed conforms to the ISO/IEC 9798-2
standard and is performed using the whole ECG signal of a device holder,
which is hardly replicable by a distant attacker. We evaluate the performance
of ACIMD using ECG signals of 199 individuals over 24 hours,
considering three adversary strategies. Results show that an accuracy of
87.07% in authentication can be achieved. Finally, in Chapter 5 we extract
some conclusions and summarize the published works (i.e., scientific
journals with high impact factor and prestigious international conferences).Los Dispositivos Médicos Implantables (DMIs) son dispositivos electrónicos
implantados dentro del cuerpo para tratar una enfermedad, controlar
el estado o mejorar el funcionamiento de alguna parte del cuerpo, o simplemente
para proporcionar al paciente una capacidad que no poseía antes
[86]. Ejemplos actuales de DMI incluyen marcapasos y desfibriladores
para monitorear y tratar afecciones cardíacas; neuroestimuladores para la
estimulación cerebral profunda en casos como la epilepsia o el Parkinson;
sistemas de administración de fármacos en forma de bombas de infusión; y
una variedad de biosensores para adquirir y procesar diferentes bioseñales.
Los DMIs más modernos han comenzado a incorporar numerosas funciones
de comunicación y redes (generalmente conocidas como telemetría)
así como capacidades de computación cada vez más sofisticadas. Esto
ha propiciado implantes con mayor inteligencia y pacientes con más autonomía,
ya que el personal médico puede acceder a los datos y reconfigurar
el implante de forma remota (es decir, sin que el paciente esté
físicamente presente en las instalaciones médicas). Aparte de una importante
reducción de costos, las capacidades de telemetría y cómputo también
permiten a los profesionales de la atención médica monitorear constantemente
la condición del paciente y desarrollar nuevas técnicas de diagnóstico
basadas en una Intra Body Network (IBN) de dispositivos médicos
[25, 26, 201].
Evolucionar desde un DMI electromecánico a uno con capacidades de
cómputo y de comunicación más avanzadas tiene muchos beneficios pero
también conlleva numerosos riesgos de seguridad y privacidad para el paciente.
La mayoría de estos riesgos son relativamente bien conocidos en los
escenarios clásicos de comunicaciones entre dispositivos, aunque en muchos
aspectos sus repercusiones son mucho más críticas en el caso de los
implantes. Los ataques contra un DMI pueden poner en riesgo la seguridad
del paciente que lo porta, con consecuencias fatales en ciertos casos.
Causar un mal funcionamiento intencionado en un implante puede causar
la muerte y, tal como lo reconoce la Food and Drug Administration (FDA)
de EE.UU, tales ataques deliberados podrían ser mucho más difíciles de
detectar que los ataques accidentales [61]. Además, estos dispositivos almacenan
y transmiten información médica muy delicada que requiere se
protegida, según lo dictado por las directivas europeas (por ejemplo, la Directiva 95/46/ECC) y estadunidenses (por ejemplo, la Directiva CFR
164.312) [94, 204].
Si bien todavía no se conocen incidentes reales, se han demostrado con
éxito varios ataques contra DMIs en el laboratorio [83, 133, 143]. Estos
ataques han demostrado cómo un adversario puede desactivar o reprogramar
terapias en un marcapasos con conectividad inalámbrica e incluso
inducir un estado de shock al paciente [65]. Otros ataques agotan
la batería y dejan al dispositivo inoperativo [91], lo que a menudo implica
que el paciente deba someterse a un procedimiento quirúrgico para reemplazar
la batería del DMI. Además, en el caso de los implantes cardíacos,
tienen un interruptor cuya posición de desconexión se consigue simplemente
aplicando un campo magnético intenso [149]. La existencia de este
mecanismo está motivada por la necesidad de proteger a los DMIs frete
a posibles campos electromagnéticos, por ejemplo, cuando el paciente se
somete a una cirugía cardíaca usando dispositivos de electrocauterización
[47]. Sin embargo, esto podría ser explotado fácilmente por un atacante,
ya que la activación de dicho mecanismo primitivo no requiere ningún tipo
de autenticación.
Garantizar la confidencialidad de la información almacenada y transmitida
por el DMI es otro aspecto obligatorio. El dispositivo debe implementar
políticas de seguridad apropiadas que restrinjan qué entidades
pueden reconfigurar el DMI o acceder a la información almacenada en él,
asegurando que sólo se ejecuten las operaciones autorizadas. De la misma
manera, mecanismos de seguridad deben ser implementados para proteger
el contenido de los mensajes intercambiados a través de un canal inalámbrico
no seguro.
La protección de la integridad es igualmente importante para garantizar
que la información no se haya modificado durante el tránsito. Por ejemplo,
si la información enviada por el implante al programador se altera, el
médico podría tomar una decisión equivocada. Por el contrario, si un comando
enviado al implante se falsifica, modifica o simplemente contiene
errores, su ejecución podría comprometer la integridad física del paciente.
Los mecanismos de seguridad deberían incorporarse en la fase de diseño
y complementarse con medidas legales y administrativas apropiadas.
La legislación actual es bastante permisiva a este respecto, lo que permite
el uso de implantes como marcapasos que no incorporen ningún mecanismo
de seguridad. Las autoridades reguladoras como la FDA en los Estados
Unidos o la EMA (Agencia Europea de Medicamentos) en Europa deberían
promover métricas y marcos para evaluar la seguridad de los DMIs.
Estas evaluaciones deberían ser obligatorias por ley, requiriendo un nivel
de seguridad adecuado para un implante antes de aprobar su uso. Además,
tanto las medidas de seguridad implementadas en cada DMI como los resultados
de la evaluación de su seguridad deberían hacerse públicos.
Buenas prácticas de ingeniería en los dominios de la protección y la
seguridad deberían seguirse en el diseño de los DMIs. Si se detectan errores
de hardware, a menudo esto implica un reemplazo del implante, con
los riesgos asociados y vinculados a una cirugía. Una de las principales
fuentes de fallo al tratar o monitorear a un paciente es precisamente el
mal funcionamiento del dispositivo. Estos fallos se conocen como “retiradas”,
y se estima que afectan a aproximadamente el 2,6 % de los pacientes
que llevan un implante. Además, el software que se ejecuta en el
dispositivo debe soportar estrictamente las funcionalidades requeridas para
realizar las tareas médicas y operativas para las que fue diseñado, y no más
[66, 134, 213].
En el Capítulo 1, presentamos un estado de la cuestión sobre cuestiones
de seguridad y privacidad en DMIs, discutimos los mecanismos más relevantes
propuestos para abordar estos desafíos y analizamos su idoneidad,
ventajas y principales inconvenientes. En el Capítulo 2, mostramos
cómo el uso de señales electrocardiográficas (ECGs) altamente comprimidas
(sólo 24 coeficientes de la Transformada Hadamard) es suficiente para
identificar inequívocamente individuos con un alto rendimiento (precisión
de clasificación del 97% y errores del sistema de identificación del orden
de 10−2). En el Capítulo 3 presentamos un nuevo esquema de Autenticación
Continua (AC) que, contrariamente a los trabajos previos en esta
área, considera las señales ECG como flujos de datos continuos. El sistema
propuesto de AC basado en señales cardíacas está diseñado para aplicaciones
en tiempo real y puede ofrecer una precisión de hasta el 96%,
con un rendimiento del sistema casi perfecto (estadístico kappa > 80 %).
En el Capítulo 4, proponemos un protocolo de verificación de la distancia
para gestionar el control de acceso al DMI: ACIMD. ACIMD combina
dos características, verificación de identidad (autenticación) y verificación
de la proximidad (comprobación de la distancia). El mecanismo de autenticación
es compatible con el estándar ISO/IEC 9798-2 y se realiza utilizando
la señal ECG con todas sus ondas, lo cual es difícilmente replicable
por un atacante que se encuentre distante. Hemos evaluado el rendimiento
de ACIMD usando señales ECG de 199 individuos durante 24 horas, y
hemos considerando tres estrategias posibles para el adversario. Los resultados
muestran que se puede lograr una precisión del 87.07% en la au tenticación. Finalmente, en el Capítulo 5 extraemos algunas conclusiones
y resumimos los trabajos publicados (es decir, revistas científicas con alto
factor de impacto y conferencias internacionales prestigiosas).Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alís.- Vocal: Jesús García López de Lacall
Sensing with Earables: A Systematic Literature Review and Taxonomy of Phenomena
Earables have emerged as a unique platform for ubiquitous computing by augmenting ear-worn devices with state-of-the-art sensing. This new platform has spurred a wealth of new research exploring what can be detected on a wearable, small form factor. As a sensing platform, the ears are less susceptible to motion artifacts and are located in close proximity to a number of important anatomical structures including the brain, blood vessels, and facial muscles which reveal a wealth of information. They can be easily reached by the hands and the ear canal itself is affected by mouth, face, and head movements. We have conducted a systematic literature review of 271 earable publications from the ACM and IEEE libraries. These were synthesized into an open-ended taxonomy of 47 different phenomena that can be sensed in, on, or around the ear. Through analysis, we identify 13 fundamental phenomena from which all other phenomena can be derived, and discuss the different sensors and sensing principles used to detect them. We comprehensively review the phenomena in four main areas of (i) physiological monitoring and health, (ii) movement and activity, (iii) interaction, and (iv) authentication and identification. This breadth highlights the potential that earables have to offer as a ubiquitous, general-purpose platform
- …