Privacy-Preserving ECG based Active Authentication (PPEA2) for IoT Devices

Document Type

Contribution to Book

Publication Date


Publication Title

IEEE International Performance Computing and Communication Conferences Proceedings




IoT devices have become essential in our day-to-day life starting from health monitoring to industrial control systems. While the benefits of IoT are undeniable, IoT ecosystem comes with its own set of system vulnerabilities that include malicious actors manipulating the flow of information to and from the IoT devices, which can lead to the capture of sensitive data and loss of data privacy. In this paper, we propose a Privacy-Preserving ECG based Active Authentication (PPEA2) scheme that is deployable on power-limited wearable systems (e.g. fitness tracker systems, health monitoring systems for solider in the battlefield, and large-scale health monitoring infrastructure for rapid response systems). The proposed scheme is capable of supporting active authentication of users by utilizing live stream of electrocardiogram (ECG) signal to derive unique authentication parameters. In addition to providing active authentication, we incorporated a privacy-preserving feature into the design of our system. The scheme preserves the privacy of the users ECG data features by employing a light-weight secure computation approach based on secure weighted hamming distance computation from oblivious transfer to compute a joint set between two participating entities without revealing the authentication parameters to either of them. We demonstrate the feasibility of the system, its performance and resilience against various threats in a semi-honest model.