Privacy-Preserving ECG Based Active Authentication (PPEA2) Scheme for Iot Devices

Internet of things (IoT) devices are becoming ubiquitous in, and even essential to, many aspects of day-to-day life, from fitness trackers, pacemakers, to industrial control systems. On a larger scale, live stream of sleep patterns data recorded via fitness tracker devices was utilized to quantify the effect of a seismic activity on sleep. While the benefits of IoT are undeniable, IoT ecosystem comes with its own set of system vulnerabilities that include malicious actors manipulating the flow of information to and from the IoT devices, which can lead to the capture of sensitive data and loss of data privacy. My thesis explores a Privacy-Preserving ECG based Active Authentication (PPEA2) scheme that is deployable on power-limited wearable systems to counter these vulnerabilities. Electrocardiogram (ECG) is a record of the electrical activity of the heart, and it has been shown to be unique for every person. This work leverages that idea to design a feature extraction followed by an authentication scheme based on the extracted features. The proposed scheme preserves the privacy of the extracted features by employing a light-weight secure computation approach based on secure weighted hamming distance computation from an oblivious transfer. It computes a joint set between two participating entities without revealing the keys to either of them

Privacy-Preserving ECG based Active Authentication (PPEA2) for IoT Devices

IoT devices have become essential in our day-to-day life starting from health monitoring to industrial control systems. While the benefits of IoT are undeniable, IoT ecosystem comes with its own set of system vulnerabilities that include malicious actors manipulating the flow of information to and from the IoT devices, which can lead to the capture of sensitive data and loss of data privacy. In this paper, we propose a Privacy-Preserving ECG based Active Authentication (PPEA2) scheme that is deployable on power-limited wearable systems (e.g. fitness tracker systems, health monitoring systems for solider in the battlefield, and large-scale health monitoring infrastructure for rapid response systems). The proposed scheme is capable of supporting active authentication of users by utilizing live stream of electrocardiogram (ECG) signal to derive unique authentication parameters. In addition to providing active authentication, we incorporated a privacy-preserving feature into the design of our system. The scheme preserves the privacy of the users ECG data features by employing a light-weight secure computation approach based on secure weighted hamming distance computation from oblivious transfer to compute a joint set between two participating entities without revealing the authentication parameters to either of them. We demonstrate the feasibility of the system, its performance and resilience against various threats in a semi-honest model