627 research outputs found

    Ecg biometrics using deep learning and relative score threshold classification

    Get PDF
    PD/BDE/130216/2017The field of biometrics is a pattern recognition problem, where the individual traits are coded, registered, and compared with other database records. Due to the difficulties in reproducing Electrocardiograms (ECG), their usage has been emerging in the biometric field for more secure applications. Inspired by the high performance shown by Deep Neural Networks (DNN) and to mitigate the intra-variability challenges displayed by the ECG of each individual, this work proposes two architectures to improve current results in both identification (finding the registered person from a sample) and authentication (prove that the person is whom it claims) processes: Temporal Convolutional Neural Network (TCNN) and Recurrent Neural Network (RNN). Each architecture produces a similarity score, based on the prediction error of the former and the logits given by the last, and fed to the same classifier, the Relative Score Threshold Classifier (RSTC).The robustness and applicability of these architectures were trained and tested on public databases used by literature in this context: Fantasia, MIT-BIH, and CYBHi databases. Results show that overall the TCNN outperforms the RNN achieving almost 100%, 96%, and 90% accuracy, respectively, for identification and 0.0%, 0.1%, and 2.2% equal error rate (EER) for authentication processes. When comparing to previous work, both architectures reached results beyond the state-of-the-art. Nevertheless, the improvement of these techniques, such as enriching training with extra varied data and transfer learning, may provide more robust systems with a reduced time required for validation.publishersversionpublishe

    Cybersecurity in implantable medical devices

    Get PDF
    Mención Internacional en el título de doctorImplantable Medical Devices (IMDs) are electronic devices implanted within the body to treat a medical condition, monitor the state or improve the functioning of some body part, or just to provide the patient with a capability that he did not possess before [86]. Current examples of IMDs include pacemakers and defibrillators to monitor and treat cardiac conditions; neurostimulators for deep brain stimulation in cases such as epilepsy or Parkinson; drug delivery systems in the form of infusion pumps; and a variety of biosensors to acquire and process different biosignals. Some of the newest IMDs have started to incorporate numerous communication and networking functions—usually known as “telemetry”—, as well as increasingly more sophisticated computing capabilities. This has provided implants with more intelligence and patients with more autonomy, as medical personnel can access data and reconfigure the implant remotely (i.e., without the patient being physically present in medical facilities). Apart from a significant cost reduction, telemetry and computing capabilities also allow healthcare providers to constantly monitor the patient’s condition and to develop new diagnostic techniques based on an Intra Body Network (IBN) of medical devices [25, 26, 201]. Evolving from a mere electromechanical IMD to one with more advanced computing and communication capabilities has many benefits but also entails numerous security and privacy risks for the patient. The majority of such risks are relatively well known in classical computing scenarios, though in many respects their repercussions are far more critical in the case of implants. Attacks against an IMD can put at risk the safety of the patient who carries it, with fatal consequences in certain cases. Causing an intentional malfunction of an implant can lead to death and, as recognized by the U.S. Food and Drug Administration (FDA), such deliberate attacks could be far more difficult to detect than accidental ones [61]. Furthermore, these devices store and transmit very sensitive medical information that requires protection, as dictated by European (e.g., Directive 95/46/ECC) and U.S. (e.g., CFR 164.312) Directives [94, 204]. The wireless communication capabilities present in many modern IMDs are a major source of security risks, particularly while the patient is in open (i.e., non-medical) environments. To begin with, the implant becomes no longer “invisible”, as its presence could be remotely detected [48]. Furthermore, it facilitates the access to transmitted data by eavesdroppers who simply listen to the (insecure) channel [83]. This could result in a major privacy breach, as IMDs store sensitive information such as vital signals, diagnosed conditions, therapies, and a variety of personal data (e.g., birth date, name, and other medically relevant identifiers). A vulnerable communication channel also makes it easier to attack the implant in ways similar to those used against more common computing devices [118, 129, 156], i.e., by forging, altering, or replying previously captured messages [82]. This could potentially allow an adversary to monitor and modify the implant without necessarily being close to the victim [164]. In this regard, the concerns of former U.S. vice-president Dick Cheney constitute an excellent example: he had his Implantable Cardioverter Defibrillator (ICD) replaced by another without WiFi capability [219]. While there are still no known real-world incidents, several attacks on IMDs have been successfully demonstrated in the lab [83, 133, 143]. These attacks have shown how an adversary can disable or reprogram therapies on an ICD with wireless connectivity, and even inducing a shock state to the patient [65]. Other attacks deplete the battery and render the device inoperative [91], which often implies that the patient must undergo a surgical procedure to have the IMD replaced. Moreover, in the case of cardiac implants, they have a switch that can be turned off merely by applying a magnetic field [149]. The existence of this mechanism is motivated by the need to shield ICDs to electromagnetic fields, for instance when the patient undergoes cardiac surgery using electrocautery devices [47]. However, this could be easily exploited by an attacker, since activating such a primitive mechanism does not require any kind of authentication. In order to prevent attacks, it is imperative that the new generation of IMDs will be equipped with strong mechanisms guaranteeing basic security properties such as confidentiality, integrity, and availability. For example, mutual authentication between the IMD and medical personnel is essential, as both parties must be confident that the other end is who claims to be. In the case of the IMD, only commands coming from authenticated parties should be considered, while medical personnel should not trust any message claiming to come from the IMD unless sufficient guarantees are given. Preserving the confidentiality of the information stored in and transmitted by the IMD is another mandatory aspect. The device must implement appropriate security policies that restrict what entities can reconfigure the IMD or get access to the information stored in it, ensuring that only authorized operations are executed. Similarly, security mechanisms have to be implemented to protect the content of messages exchanged through an insecure wireless channel. Integrity protection is equally important to ensure that information has not been modified in transit. For example, if the information sent by the implant to the Programmer is altered, the doctor might make a wrong decision. Conversely, if a command sent to the implant is forged, modified, or simply contains errors, its execution could result in a compromise of the patient’s physical integrity. Technical security mechanisms should be incorporated in the design phase and complemented with appropriate legal and administrative measures. Current legislation is rather permissive in this regard, allowing the use of implants like ICDs that do not incorporate any security mechanisms. Regulatory authorities like the FDA in the U.S or the EMA (European Medicines Agency) in Europe should promote metrics and frameworks for assessing the security of IMDs. These assessments should be mandatory by law, requiring an adequate security level for an implant before approving its use. Moreover, both the security measures supported on each IMD and the security assessment results should be made public. Prudent engineering practices well known in the safety and security domains should be followed in the design of IMDs. If hardware errors are detected, it often entails a replacement of the implant, with the associated risks linked to a surgery. One of the main sources of failure when treating or monitoring a patient is precisely malfunctions of the device itself. These failures are known as “recalls” or “advisories”, and it is estimated that they affect around 2.6% of patients carrying an implant. Furthermore, the software running on the device should strictly support the functionalities required to perform the medical and operational tasks for what it was designed, and no more [66, 134, 213]. In Chapter 1, we present a survey of security and privacy issues in IMDs, discuss the most relevant mechanisms proposed to address these challenges, and analyze their suitability, advantages, and main drawbacks. In Chapter 2, we show how the use of highly compressed electrocardiogram (ECG) signals (only 24 coefficients of Hadamard Transform) is enough to unequivocally identify individuals with a high performance (classification accuracy of 97% and with identification system errors in the order of 10−2). In Chapter 3 we introduce a new Continuous Authentication scheme that, contrarily to previous works in this area, considers ECG signals as continuous data streams. The proposed ECG-based CA system is intended for real-time applications and is able to offer an accuracy up to 96%, with an almost perfect system performance (kappa statistic > 80%). In Chapter 4, we propose a distance bounding protocol to manage access control of IMDs: ACIMD. ACIMD combines two features namely identity verification (authentication) and proximity verification (distance checking). The authentication mechanism we developed conforms to the ISO/IEC 9798-2 standard and is performed using the whole ECG signal of a device holder, which is hardly replicable by a distant attacker. We evaluate the performance of ACIMD using ECG signals of 199 individuals over 24 hours, considering three adversary strategies. Results show that an accuracy of 87.07% in authentication can be achieved. Finally, in Chapter 5 we extract some conclusions and summarize the published works (i.e., scientific journals with high impact factor and prestigious international conferences).Los Dispositivos Médicos Implantables (DMIs) son dispositivos electrónicos implantados dentro del cuerpo para tratar una enfermedad, controlar el estado o mejorar el funcionamiento de alguna parte del cuerpo, o simplemente para proporcionar al paciente una capacidad que no poseía antes [86]. Ejemplos actuales de DMI incluyen marcapasos y desfibriladores para monitorear y tratar afecciones cardíacas; neuroestimuladores para la estimulación cerebral profunda en casos como la epilepsia o el Parkinson; sistemas de administración de fármacos en forma de bombas de infusión; y una variedad de biosensores para adquirir y procesar diferentes bioseñales. Los DMIs más modernos han comenzado a incorporar numerosas funciones de comunicación y redes (generalmente conocidas como telemetría) así como capacidades de computación cada vez más sofisticadas. Esto ha propiciado implantes con mayor inteligencia y pacientes con más autonomía, ya que el personal médico puede acceder a los datos y reconfigurar el implante de forma remota (es decir, sin que el paciente esté físicamente presente en las instalaciones médicas). Aparte de una importante reducción de costos, las capacidades de telemetría y cómputo también permiten a los profesionales de la atención médica monitorear constantemente la condición del paciente y desarrollar nuevas técnicas de diagnóstico basadas en una Intra Body Network (IBN) de dispositivos médicos [25, 26, 201]. Evolucionar desde un DMI electromecánico a uno con capacidades de cómputo y de comunicación más avanzadas tiene muchos beneficios pero también conlleva numerosos riesgos de seguridad y privacidad para el paciente. La mayoría de estos riesgos son relativamente bien conocidos en los escenarios clásicos de comunicaciones entre dispositivos, aunque en muchos aspectos sus repercusiones son mucho más críticas en el caso de los implantes. Los ataques contra un DMI pueden poner en riesgo la seguridad del paciente que lo porta, con consecuencias fatales en ciertos casos. Causar un mal funcionamiento intencionado en un implante puede causar la muerte y, tal como lo reconoce la Food and Drug Administration (FDA) de EE.UU, tales ataques deliberados podrían ser mucho más difíciles de detectar que los ataques accidentales [61]. Además, estos dispositivos almacenan y transmiten información médica muy delicada que requiere se protegida, según lo dictado por las directivas europeas (por ejemplo, la Directiva 95/46/ECC) y estadunidenses (por ejemplo, la Directiva CFR 164.312) [94, 204]. Si bien todavía no se conocen incidentes reales, se han demostrado con éxito varios ataques contra DMIs en el laboratorio [83, 133, 143]. Estos ataques han demostrado cómo un adversario puede desactivar o reprogramar terapias en un marcapasos con conectividad inalámbrica e incluso inducir un estado de shock al paciente [65]. Otros ataques agotan la batería y dejan al dispositivo inoperativo [91], lo que a menudo implica que el paciente deba someterse a un procedimiento quirúrgico para reemplazar la batería del DMI. Además, en el caso de los implantes cardíacos, tienen un interruptor cuya posición de desconexión se consigue simplemente aplicando un campo magnético intenso [149]. La existencia de este mecanismo está motivada por la necesidad de proteger a los DMIs frete a posibles campos electromagnéticos, por ejemplo, cuando el paciente se somete a una cirugía cardíaca usando dispositivos de electrocauterización [47]. Sin embargo, esto podría ser explotado fácilmente por un atacante, ya que la activación de dicho mecanismo primitivo no requiere ningún tipo de autenticación. Garantizar la confidencialidad de la información almacenada y transmitida por el DMI es otro aspecto obligatorio. El dispositivo debe implementar políticas de seguridad apropiadas que restrinjan qué entidades pueden reconfigurar el DMI o acceder a la información almacenada en él, asegurando que sólo se ejecuten las operaciones autorizadas. De la misma manera, mecanismos de seguridad deben ser implementados para proteger el contenido de los mensajes intercambiados a través de un canal inalámbrico no seguro. La protección de la integridad es igualmente importante para garantizar que la información no se haya modificado durante el tránsito. Por ejemplo, si la información enviada por el implante al programador se altera, el médico podría tomar una decisión equivocada. Por el contrario, si un comando enviado al implante se falsifica, modifica o simplemente contiene errores, su ejecución podría comprometer la integridad física del paciente. Los mecanismos de seguridad deberían incorporarse en la fase de diseño y complementarse con medidas legales y administrativas apropiadas. La legislación actual es bastante permisiva a este respecto, lo que permite el uso de implantes como marcapasos que no incorporen ningún mecanismo de seguridad. Las autoridades reguladoras como la FDA en los Estados Unidos o la EMA (Agencia Europea de Medicamentos) en Europa deberían promover métricas y marcos para evaluar la seguridad de los DMIs. Estas evaluaciones deberían ser obligatorias por ley, requiriendo un nivel de seguridad adecuado para un implante antes de aprobar su uso. Además, tanto las medidas de seguridad implementadas en cada DMI como los resultados de la evaluación de su seguridad deberían hacerse públicos. Buenas prácticas de ingeniería en los dominios de la protección y la seguridad deberían seguirse en el diseño de los DMIs. Si se detectan errores de hardware, a menudo esto implica un reemplazo del implante, con los riesgos asociados y vinculados a una cirugía. Una de las principales fuentes de fallo al tratar o monitorear a un paciente es precisamente el mal funcionamiento del dispositivo. Estos fallos se conocen como “retiradas”, y se estima que afectan a aproximadamente el 2,6 % de los pacientes que llevan un implante. Además, el software que se ejecuta en el dispositivo debe soportar estrictamente las funcionalidades requeridas para realizar las tareas médicas y operativas para las que fue diseñado, y no más [66, 134, 213]. En el Capítulo 1, presentamos un estado de la cuestión sobre cuestiones de seguridad y privacidad en DMIs, discutimos los mecanismos más relevantes propuestos para abordar estos desafíos y analizamos su idoneidad, ventajas y principales inconvenientes. En el Capítulo 2, mostramos cómo el uso de señales electrocardiográficas (ECGs) altamente comprimidas (sólo 24 coeficientes de la Transformada Hadamard) es suficiente para identificar inequívocamente individuos con un alto rendimiento (precisión de clasificación del 97% y errores del sistema de identificación del orden de 10−2). En el Capítulo 3 presentamos un nuevo esquema de Autenticación Continua (AC) que, contrariamente a los trabajos previos en esta área, considera las señales ECG como flujos de datos continuos. El sistema propuesto de AC basado en señales cardíacas está diseñado para aplicaciones en tiempo real y puede ofrecer una precisión de hasta el 96%, con un rendimiento del sistema casi perfecto (estadístico kappa > 80 %). En el Capítulo 4, proponemos un protocolo de verificación de la distancia para gestionar el control de acceso al DMI: ACIMD. ACIMD combina dos características, verificación de identidad (autenticación) y verificación de la proximidad (comprobación de la distancia). El mecanismo de autenticación es compatible con el estándar ISO/IEC 9798-2 y se realiza utilizando la señal ECG con todas sus ondas, lo cual es difícilmente replicable por un atacante que se encuentre distante. Hemos evaluado el rendimiento de ACIMD usando señales ECG de 199 individuos durante 24 horas, y hemos considerando tres estrategias posibles para el adversario. Los resultados muestran que se puede lograr una precisión del 87.07% en la au tenticación. Finalmente, en el Capítulo 5 extraemos algunas conclusiones y resumimos los trabajos publicados (es decir, revistas científicas con alto factor de impacto y conferencias internacionales prestigiosas).Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alís.- Vocal: Jesús García López de Lacall

    DWT Domain On-Line Signature Verification

    Get PDF

    An intelligent multimodal biometric authentication model for personalised healthcare services

    Get PDF
    With the advent of modern technologies, the healthcare industry is moving towards a more personalised smart care model. The enablers of such care models are the Internet of Things (IoT) and Artificial Intelligence (AI). These technologies collect and analyse data from persons in care to alert relevant parties if any anomaly is detected in a patient’s regular pattern. However, such reliance on IoT devices to capture continuous data extends the attack surfaces and demands high-security measures. Both patients and devices need to be authenticated to mitigate a large number of attack vectors. The biometric authentication method has been seen as a promising technique in these scenarios. To this end, this paper proposes an AI-based multimodal biometric authentication model for single and group-based users’ device-level authentication that increases protection against the traditional single modal approach. To test the efficacy of the proposed model, a series of AI models are trained and tested using physiological biometric features such as ECG (Electrocardiogram) and PPG (Photoplethysmography) signals from five public datasets available in Physionet and Mendeley data repositories. The multimodal fusion authentication model shows promising results with 99.8% accuracy and an Equal Error Rate (EER) of 0.16

    Augmenting Authentication with Context-Specific Behavioral Biometrics

    Get PDF
    Behavioral biometrics, being non-intrusive and cost-efficient, have the potential to assist user identification and authentication. However, user behaviors can vary significantly for different hardware, software, and applications. Research of behavioral biometrics is needed in the context of a specific application. Moreover, it is hard to collect user data in real world settings to assess how well behavioral biometrics can discriminate users. This work aims to improving authentication by behavioral biometrics obtained for user groups. User data of a webmail application are collected in a large-scale user experiment conducted on Amazon Mechanical Turk. Used in a continuous authentication scheme based on user groups, off-line identity attribution and online authentication analytic schemes are proposed to study the applicability of application-specific behavioral biometrics. Our results suggest that the useful user group identity can be effectively inferred from users’ operational interaction with the email application

    Learning Biosignals with Deep Learning

    Get PDF
    The healthcare system, which is ubiquitously recognized as one of the most influential system in society, is facing new challenges since the start of the decade.The myriad of physiological data generated by individuals, namely in the healthcare system, is generating a burden on physicians, losing effectiveness on the collection of patient data. Information systems and, in particular, novel deep learning (DL) algorithms have been prompting a way to take this problem. This thesis has the aim to have an impact in biosignal research and industry by presenting DL solutions that could empower this field. For this purpose an extensive study of how to incorporate and implement Convolutional Neural Networks (CNN), Recursive Neural Networks (RNN) and Fully Connected Networks in biosignal studies is discussed. Different architecture configurations were explored for signal processing and decision making and were implemented in three different scenarios: (1) Biosignal learning and synthesis; (2) Electrocardiogram (ECG) biometric systems, and; (3) Electrocardiogram (ECG) anomaly detection systems. In (1) a RNN-based architecture was able to replicate autonomously three types of biosignals with a high degree of confidence. As for (2) three CNN-based architectures, and a RNN-based architecture (same used in (1)) were used for both biometric identification, reaching values above 90% for electrode-base datasets (Fantasia, ECG-ID and MIT-BIH) and 75% for off-person dataset (CYBHi), and biometric authentication, achieving Equal Error Rates (EER) of near 0% for Fantasia and MIT-BIH and bellow 4% for CYBHi. As for (3) the abstraction of healthy clean the ECG signal and detection of its deviation was made and tested in two different scenarios: presence of noise using autoencoder and fully-connected network (reaching 99% accuracy for binary classification and 71% for multi-class), and; arrhythmia events by including a RNN to the previous architecture (57% accuracy and 61% sensitivity). In sum, these systems are shown to be capable of producing novel results. The incorporation of several AI systems into one could provide to be the next generation of preventive medicine, as the machines have access to different physiological and anatomical states, it could produce more informed solutions for the issues that one may face in the future increasing the performance of autonomous preventing systems that could be used in every-day life in remote places where the access to medicine is limited. These systems will also help the study of the signal behaviour and how they are made in real life context as explainable AI could trigger this perception and link the inner states of a network with the biological traits.O sistema de saúde, que é ubiquamente reconhecido como um dos sistemas mais influentes da sociedade, enfrenta novos desafios desde o ínicio da década. A miríade de dados fisiológicos gerados por indíviduos, nomeadamente no sistema de saúde, está a gerar um fardo para os médicos, perdendo a eficiência no conjunto dos dados do paciente. Os sistemas de informação e, mais espcificamente, da inovação de algoritmos de aprendizagem profunda (DL) têm sido usados na procura de uma solução para este problema. Esta tese tem o objetivo de ter um impacto na pesquisa e na indústria de biosinais, apresentando soluções de DL que poderiam melhorar esta área de investigação. Para esse fim, é discutido um extenso estudo de como incorporar e implementar redes neurais convolucionais (CNN), redes neurais recursivas (RNN) e redes totalmente conectadas para o estudo de biosinais. Diferentes arquiteturas foram exploradas para processamento e tomada de decisão de sinais e foram implementadas em três cenários diferentes: (1) Aprendizagem e síntese de biosinais; (2) sistemas biométricos com o uso de eletrocardiograma (ECG), e; (3) Sistema de detecção de anomalias no ECG. Em (1) uma arquitetura baseada na RNN foi capaz de replicar autonomamente três tipos de sinais biológicos com um alto grau de confiança. Quanto a (2) três arquiteturas baseadas em CNN e uma arquitetura baseada em RNN (a mesma usada em (1)) foram usadas para ambas as identificações, atingindo valores acima de 90 % para conjuntos de dados à base de eletrodos (Fantasia, ECG-ID e MIT -BIH) e 75 % para o conjunto de dados fora da pessoa (CYBHi) e autenticação, atingindo taxas de erro iguais (EER) de quase 0 % para Fantasia e MIT-BIH e abaixo de 4 % para CYBHi. Quanto a (3) a abstração de sinais limpos e assimptomáticos de ECG e a detecção do seu desvio foram feitas e testadas em dois cenários diferentes: na presença de ruído usando um autocodificador e uma rede totalmente conectada (atingindo 99 % de precisão na classificação binária e 71 % na multi-classe), e; eventos de arritmia incluindo um RNN na arquitetura anterior (57 % de precisão e 61 % de sensibilidade). Em suma, esses sistemas são mais uma vez demonstrados como capazes de produzir resultados inovadores. A incorporação de vários sistemas de inteligência artificial em um unico sistema pederá desencadear a próxima geração de medicina preventiva. Os algoritmos ao terem acesso a diferentes estados fisiológicos e anatómicos, podem produzir soluções mais informadas para os problemas que se possam enfrentar no futuro, aumentando o desempenho de sistemas autónomos de prevenção que poderiam ser usados na vida quotidiana, nomeadamente em locais remotos onde o acesso à medicinas é limitado. Estes sistemas também ajudarão o estudo do comportamento do sinal e como eles são feitos no contexto da vida real, pois a IA explicável pode desencadear essa percepção e vincular os estados internos de uma rede às características biológicas

    Keystroke dynamics as a biometric

    No full text
    Modern computer systems rely heavily on methods of authentication and identity verification to protect sensitive data. One of the most robust protective techniques involves adding a layer of biometric analysis to other security mechanisms, as a means of establishing the identity of an individual beyond reasonable doubt. In the search for a biometric technique which is both low-cost and transparent to the end user, researchers have considered analysing the typing patterns of keyboard users to determine their characteristic timing signatures.Previous research into keystroke analysis has either required fixed performance of known keyboard input or relied on artificial tests involving the improvisation of a block of text for analysis. I is proposed that this is insufficient to determine the nature of unconstrained typing in a live computing environment. In an attempt to assess the utility of typing analysis for improving intrusion detection on computer systems, we present the notion of ‘genuinely free text’ (GFT). Through the course of this thesis, we discuss the nature of GFT and attempt to address whether it is feasible to produce a lightweight software platform for monitoring GFT keystroke biometrics, while protecting the privacy of users.The thesis documents in depth the design, development and deployment of the multigraph-based BAKER software platform, a system for collecting statistical GFT data from live environments. This software platform has enabled the collection of an extensive set of keystroke biometric data for a group of participating computer users, the analysis of which we also present here. Several supervised learning techniques were used to demonstrate that the richness of keystroke information gathered from BAKER is indeed sufficient to recommend multigraph keystroke analysis, as a means of augmenting computer security. In addition, we present a discussion of the feasibility of applying data obtained from GFT profiles in circumventing traditional static and free text analysis biometrics
    corecore