Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things

摘要

AbstractWearable devices enable retrieving data from their porting user, among other applications. When combining them with the Internet of Things (IoT) paradigm, a plethora of services can be devised. Thanks to IoT, several approaches have been proposed to apply user data, and particularly ElectroCardioGram (ECG) signals, for biometric authentication. One step further is achieving Continuous Authentication (CA), i.e., ensuring that the user remains the same during a certain period. The hardness of this task varies with the attacker characterization, that is, the amount of information about the attacker that is available to the authentication system. In this vein, we explore different ECG-based CA mechanisms forknown,blind-modelledandunknownattacker settings. Our results show that, under certain configuration, 99.5 % of true positive rate can be achieved for a blind-modelled attacker, 93.5 % for a known set of attackers and 91.8 % for unknown ones.Highlights•Security and privacy issues must be addressed in the Internet of Things (IoT).•We have focused on the use of ElectroCardioGram (ECG) signals for Continuous Authentication (CA).•We have explored different ECG-based CA techniques for three attacker settings.•Our results exhibit promising accuracy figures, which support the use of ECG as identifier in the IoT.