Researchers: Professor Avi Rubin, Michael Rushanan – Johns Hopkins University

After some researchers proposed the use of electrocardiograms (ECG) as a source of biometric information for secure authentication and identification of individuals, THaW Professor Rubin and graduate student Michael Rushanan set out to test this assumption by extending work done at MIT on the post-processing of ECG data.

Their research grew out of concern with the proliferation of implantable medical devices and how to secure these devices against external network-based attacks.

Commercial companies have built their businesses upon the unique nature of ECG data. Most of the current applications have been focused on the supposed uniqueness of ECG as a biometric identifier for use in commercial transactions. Rubin and Rushanan set out to determine whether a person’s ECG really is a secure and reliable means of identification and authentication.

The ECG example below uses three different electrode placements and IPI peak identification. The purpose of this experiment was to validate if the authentication scheme under test works with slightly, but expected, noisy experiments that require physical contact.

Rushanan identified temporal granularity as their biggest research challenge and expects his first research results should be available in the coming months.