ECG Biometric Recognition: Unlinkability, Irreversibility, and Security

• Published in: IEEE internet of things journal Vol. 8; no. 1; pp. 487 - 500
• Main Authors: Wu, Shun-Chi, Hung, Pei-Lun, Swindlehurst, A. Lee
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 01.01.2021; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Authentication; biometric recognition; Biometrics; Biometrics (access control); Bundles; electrocardiograms (ECGs); Electrocardiography; Feature extraction; Internet of Things; Matching; Monitoring; Oversampling; Recognition; Security; subspace methods
• ISSN: 2327-4662; 2327-4662
• DOI: 10.1109/JIOT.2020.3004362

Security is a primary concern in Internet-of-Things (IoT) applications, and biometric recognition is considered to be a promising solution. In this article, we propose a novel electrocardiogram (ECG)-based biometric recognition scheme that can potentially strengthen the security of IoT-based patient monitoring systems. A biometric system is designed to operate in either verification or identification mode, and we concentrate on applying the proposed approach to the latter due to its difficulty and popularity in existing studies. Through the concept of "subspace oversampling," we are able to create distinct and irreversible templates for an enrollee to avoid the cross-matching problem and privacy invasion. With the help of "subspace matching," the identity of unknown subjects can be determined using only their beat bundles without any additional information required for template construction. Moreover, the proposed scheme includes a method for unregistered subject exclusion to avoid falsely linking an initially unidentifiable subject to someone in the database, further strengthening its security. The performance of the proposed scheme was evaluated using the ECGs of 287 subjects from the Physikalisch Technische Bundesanstalt data set. The experimental results demonstrated the linkability of the constructed templates as low as 0.0938, and beat bundles reconstructed from the templates of a given subject were more likely to be identified as those from another user. An identification rate of 99.02% was obtained even when the proposed exclusion scheme was incorporated; meanwhile, the corresponding false-positive identification error rate was 0.44% under a dictionary attack with real ECGs.