Real 'Mission Impossible': Thwarting hackers with individuals' biosignals
Professor Jae-sun Seo holds an ECG authentication chip in his hands. Seo hopes to use chips like this in wearable devices such as Apple watches to create biometric security measures based on electrical activity of heartbeats. Photo by Anya Magnuson/ASU Now
At a cinema in the not-too-distant future …
The deputy defense minister sprints down a street in Vienna. His smart watch contains missile blueprints.
Ethan Hunt rappels from a building, tackling the minister and slipping the watch from his wrist. Hunt inserts a contact lens printed with a high-res photo of the minister’s eye and holds the watch to his face.
No luck. It really is a mission impossible. The watch’s data is protected by authentication tied to the minister’s heartbeat. Hunt can’t fake that. He’s been thwarted by Arizona State University researcher Jae-sun Seo’s biometric security measures.
Seo, an assistant professor in the School of Electrical, Computer and Energy Engineering, was the lead on a pair of studies that developed security authentication based on electrical activity of heartbeats, or electrocardiogram readings.
While few of us have intercontinental ballistic missile blueprints on our Fitbits, they do contain medical information. Sensors pick up your electrocardiogram and other signals. That’s private medical data.
Your medical information is worth 10 times what your credit card is on the black market, according to the FBI. More data breaches happen in the medical and health-care industry now than in other sector, including financial, education and government, according to the nonprofit Identity Theft Resource Center. Health-insurance information can be used to purchase drugs or medical equipment, which are then resold illegally, or even to get medical care.
Tech companies are constantly stepping up security measures. Besides passwords, fingerprints, retinal scans and facial-recognition software are popping up in the latest gadgets.
“Still there is some vulnerability,” Seo said. “Fingerprints can be hacked. Iris, sometimes if you have a high-resolution photo it can be unlocked. ... In that sense multi-factor authentication becomes really necessary. To that extent we have been working on a different biometric modality, namely our physiological signals such as (electrocardiogram).”
The tech — a chip — developed by Seo and his colleagues stresses the individuality of electrical heartbeat signals.
“What we are proposing is that we can actually perform user authentication with our own (electrocardiogram) signals, and we can actually generate random secret keys using our own signals as well,” Seo said. “What that means is that although signals might look very similar from person to person, they are actually different. ... If you look at them visually, they don’t look that different. That’s where our technology comes in. We perform sophisticated filtering, signal processing and employ relatively simple neural networks to extract features, which are maximally different between different individuals.”
How would it work? One of Seo’s sensors on the back of the watch might touch your skin and pick up your physiological signals.
“It could continuously authenticate and make sure the owner is wearing the device instead of an adversary who stole the device and is trying to do something with it,” he said.
Another advantage is that it’s nonintrusive. No typing a password 10 digits long or rubbing your sweaty thumb on the screen or posing your face in an unnatural fashion.
Although the core technology is still in the research phase, Seo said it could be integrated into other tech, like phones or security systems.
“We have developed prototype chips and demonstrated real-time (electrocardiogram) authentication with very low power, which enables seamless integration into wearable devices,” he said. “Getting into a product will mean much more validation and verification of quality assessment. There’s still a way to go, but we verified our custom prototype chip with a fairly large database of more than 600 people.”
Shihui Yin was the student lead on both papers. The work was in collaboration with Samsung Advanced Institute of Technology in Korea.
More Science and technology
4 ASU researchers named senior members of the National Academy of Inventors
The National Academy of Inventors recently named four Arizona State University researchers as senior members to the prestigious organization.Professor Qiang Chen and associate professors Matthew…
Transforming Arizona’s highways for a smoother drive
Imagine you’re driving down a smooth stretch of road. Your tires have firm traction. There are no potholes you need to swerve to avoid. Your suspension feels responsive. You’re relaxed and focused on…
The Sun Devil who revolutionized kitty litter
If you have a cat, there’s a good chance you’re benefiting from the work of an Arizona State University alumna. In honor of Women's History Month, we're sharing her story.A pioneering chemist…