On the vulnerability of ECG verification to online presentation attacks

Nima Karimian; Damon L. Woodard; Domenic Forte

doi:10.1109/BTAS.2017.8272692

On the vulnerability of ECG verification to online presentation attacks

Nima Karimian, Damon L. Woodard, Domenic Forte

Computer and Information Science and Engineering

Producción científica: Contribución a los tipos de informe/libro › Contribución a la conferencia

23 Citas (Scopus)

Resumen

Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.

Idioma original	Inglés
Título de la publicación alojada	IEEE International Joint Conference on Biometrics, IJCB 2017
Editorial	Institute of Electrical and Electronics Engineers Inc.
Páginas	143-151
Número de páginas	9
ISBN (versión digital)	9781538611241
DOI	https://doi.org/10.1109/BTAS.2017.8272692
Estado	Publicada - jul. 1 2017
Evento	2017 IEEE International Joint Conference on Biometrics, IJCB 2017 - Denver, Estados Unidos Duración: oct. 1 2017 → oct. 4 2017

Serie de la publicación

Nombre	IEEE International Joint Conference on Biometrics, IJCB 2017
Volumen	2018-January

Conferencia

Conferencia	2017 IEEE International Joint Conference on Biometrics, IJCB 2017
País/Territorio	Estados Unidos
Ciudad	Denver
Período	1/10/17 → 4/10/17

Nota bibliográfica

Publisher Copyright:
© 2017 IEEE.

!!!ASJC Scopus Subject Areas

Redes de ordenadores y comunicaciones
Instrumental
Procesamiento de senales
Ingeniería biomédica

Acceder al documento

10.1109/BTAS.2017.8272692

Otros archivos y enlaces

Citar esto

Karimian, N., Woodard, D. L., & Forte, D. (2017). On the vulnerability of ECG verification to online presentation attacks. En IEEE International Joint Conference on Biometrics, IJCB 2017 (pp. 143-151). (IEEE International Joint Conference on Biometrics, IJCB 2017; Vol. 2018-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BTAS.2017.8272692

@inproceedings{103d03f5204a4055932c6cebc93ef20b,

title = "On the vulnerability of ECG verification to online presentation attacks",

abstract = "Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.",

author = "Nima Karimian and Woodard, {Damon L.} and Domenic Forte",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 2017 IEEE International Joint Conference on Biometrics, IJCB 2017 ; Conference date: 01-10-2017 Through 04-10-2017",

year = "2017",

month = jul,

day = "1",

doi = "10.1109/BTAS.2017.8272692",

language = "English",

series = "IEEE International Joint Conference on Biometrics, IJCB 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "143--151",

booktitle = "IEEE International Joint Conference on Biometrics, IJCB 2017",

address = "United States",

}

Karimian, N, Woodard, DL & Forte, D 2017, On the vulnerability of ECG verification to online presentation attacks. En IEEE International Joint Conference on Biometrics, IJCB 2017. IEEE International Joint Conference on Biometrics, IJCB 2017, vol. 2018-January, Institute of Electrical and Electronics Engineers Inc., pp. 143-151, 2017 IEEE International Joint Conference on Biometrics, IJCB 2017, Denver, Estados Unidos, 1/10/17. https://doi.org/10.1109/BTAS.2017.8272692

On the vulnerability of ECG verification to online presentation attacks. / Karimian, Nima; Woodard, Damon L.; Forte, Domenic.
IEEE International Joint Conference on Biometrics, IJCB 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 143-151 (IEEE International Joint Conference on Biometrics, IJCB 2017; Vol. 2018-January).

Producción científica: Contribución a los tipos de informe/libro › Contribución a la conferencia

TY - GEN

T1 - On the vulnerability of ECG verification to online presentation attacks

AU - Karimian, Nima

AU - Woodard, Damon L.

AU - Forte, Domenic

PY - 2017/7/1

Y1 - 2017/7/1

N2 - Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.

AB - Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.

UR - http://www.scopus.com/inward/record.url?scp=85046298678&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85046298678&partnerID=8YFLogxK

U2 - 10.1109/BTAS.2017.8272692

DO - 10.1109/BTAS.2017.8272692

M3 - Conference contribution

AN - SCOPUS:85046298678

T3 - IEEE International Joint Conference on Biometrics, IJCB 2017

SP - 143

EP - 151

BT - IEEE International Joint Conference on Biometrics, IJCB 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2017 IEEE International Joint Conference on Biometrics, IJCB 2017

Y2 - 1 October 2017 through 4 October 2017

ER -

On the vulnerability of ECG verification to online presentation attacks

Resumen

Serie de la publicación

Conferencia

Nota bibliográfica

!!!ASJC Scopus Subject Areas

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto