On the vulnerability of ECG verification to online presentation attacks

Nima Karimian; Damon L. Woodard; Domenic Forte

doi:10.1109/BTAS.2017.8272692

On the vulnerability of ECG verification to online presentation attacks

Nima Karimian, Damon L. Woodard, Domenic Forte

Computer and Information Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

23 Citations (Scopus)

Abstract

Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.

Original language	English
Title of host publication	IEEE International Joint Conference on Biometrics, IJCB 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	143-151
Number of pages	9
ISBN (Electronic)	9781538611241
DOIs	https://doi.org/10.1109/BTAS.2017.8272692
Publication status	Published - Jul 1 2017
Event	2017 IEEE International Joint Conference on Biometrics, IJCB 2017 - Denver, United States Duration: Oct 1 2017 → Oct 4 2017

Publication series

Name	IEEE International Joint Conference on Biometrics, IJCB 2017
Volume	2018-January

Conference

Conference	2017 IEEE International Joint Conference on Biometrics, IJCB 2017
Country/Territory	United States
City	Denver
Period	1/10/17 → 4/10/17

Bibliographical note

Publisher Copyright:
© 2017 IEEE.

ASJC Scopus Subject Areas

Computer Networks and Communications
Instrumentation
Signal Processing
Biomedical Engineering

Access to Document

10.1109/BTAS.2017.8272692

Cite this

Karimian, N., Woodard, D. L., & Forte, D. (2017). On the vulnerability of ECG verification to online presentation attacks. In IEEE International Joint Conference on Biometrics, IJCB 2017 (pp. 143-151). (IEEE International Joint Conference on Biometrics, IJCB 2017; Vol. 2018-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BTAS.2017.8272692

@inproceedings{103d03f5204a4055932c6cebc93ef20b,

title = "On the vulnerability of ECG verification to online presentation attacks",

abstract = "Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.",

author = "Nima Karimian and Woodard, {Damon L.} and Domenic Forte",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 2017 IEEE International Joint Conference on Biometrics, IJCB 2017 ; Conference date: 01-10-2017 Through 04-10-2017",

year = "2017",

month = jul,

day = "1",

doi = "10.1109/BTAS.2017.8272692",

language = "English",

series = "IEEE International Joint Conference on Biometrics, IJCB 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "143--151",

booktitle = "IEEE International Joint Conference on Biometrics, IJCB 2017",

address = "United States",

}

Karimian, N, Woodard, DL & Forte, D 2017, On the vulnerability of ECG verification to online presentation attacks. in IEEE International Joint Conference on Biometrics, IJCB 2017. IEEE International Joint Conference on Biometrics, IJCB 2017, vol. 2018-January, Institute of Electrical and Electronics Engineers Inc., pp. 143-151, 2017 IEEE International Joint Conference on Biometrics, IJCB 2017, Denver, United States, 1/10/17. https://doi.org/10.1109/BTAS.2017.8272692

On the vulnerability of ECG verification to online presentation attacks. / Karimian, Nima; Woodard, Damon L.; Forte, Domenic.
IEEE International Joint Conference on Biometrics, IJCB 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 143-151 (IEEE International Joint Conference on Biometrics, IJCB 2017; Vol. 2018-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - On the vulnerability of ECG verification to online presentation attacks

AU - Karimian, Nima

AU - Woodard, Damon L.

AU - Forte, Domenic

PY - 2017/7/1

Y1 - 2017/7/1

N2 - Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.

AB - Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.

UR - http://www.scopus.com/inward/record.url?scp=85046298678&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85046298678&partnerID=8YFLogxK

U2 - 10.1109/BTAS.2017.8272692

DO - 10.1109/BTAS.2017.8272692

M3 - Conference contribution

AN - SCOPUS:85046298678

T3 - IEEE International Joint Conference on Biometrics, IJCB 2017

SP - 143

EP - 151

BT - IEEE International Joint Conference on Biometrics, IJCB 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2017 IEEE International Joint Conference on Biometrics, IJCB 2017

Y2 - 1 October 2017 through 4 October 2017

ER -

On the vulnerability of ECG verification to online presentation attacks

Abstract

Publication series

Conference

Bibliographical note

ASJC Scopus Subject Areas

Access to Document

Other files and links

Fingerprint

Cite this