Chat with us, powered by LiveChat

Electrocardiograph Could Be New Fingerprint

Everyone in the world possesses a unique electrocardiograph (ECG) which researchers believe can be used similarly to fingerprints as a form of authentication.

Electrocardiography is the process of recording the heart’s electrical activity through electrodes placed on the skin.

Researchers at New York’s Binghamton University are testing whether the concept could replace random data (entropy) or static encryption keys.

This novel concept is likely to find itself in the one place where heart activity is widely measured, hospitals. Security breaches in the healthcare industry have reached an all-time high, with 41% of all data breaches in the UK coming from the medical sector. The problem is likely to worsen as hospitals start using internet of things (Iot) devices that connect to the hospitals computer network.

IoT Devices

They lack the processing power of PCs and web servers so cannot support encryption making them weak links in a buildings network. However, an ECG-based biometrics solution simplifies implementation details. Thus making it a viable solution for smart healthcare devices.

Doctors would measure a patient’s heart activity to verify their identity. Pressing a biometrics sensor on the patient’s skin would give them immediate access to their files.

Zhanpeng Jin, assistant professor in the Department of Electrical and Computer Engineering at Binghamton University said: “The ECG signal is one of the most important and common physiological parameters collected and analysed to understand a patient’s health. While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be enhanced while minimum cost will be added.”

However, the ECG concept cannot be used in the real world until researchers can find a way round the fact that ECGs change as people age or become ill. Also, text-based passwords can be changed within seconds as soon as a data breach is discovered. If someone’s ECG footprint were to be leaked online and be reproducible, researchers would need a back-up plan for securing that persons data.

Robert Capps, VP of business development at NuData Security says: “As more business moves online, it’s gravely important for us to look for new and stronger methods to positively identify consumers, online.

“The use of bioinformatics for online human identification (such as heart rate, or body temperature, oxygen saturation, etc.) is a promising area of study that would provide a unique way of strongly identifying individuals while reducing the opportunities for online criminals to impersonate a legitimate user.”

“As with all data collected and compiled on individual consumers, there is a risk of theft and misuse. This is especially important when we are dealing with HIPAA (Health Insurance Portability and Accountability Act of 1996, a US law that set data privacy and security standards for safeguarding medical information) protected data such as health diagnostics information.

“These types of solutions are promising and along with physical biometrics will have a place in strengthening online consumer identification as part of a multi-factor response.”

Capps also believes passive behavioural biometric technologies, whereby the user’s behaviour is tracked without their knowledge, “have the benefit of having an extremely limited shelf life of usefulness – making theft and successful reuse of raw behavioural signals nearly impossible.”

The research team’s findings have been published in a report called “A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems.” And presented at the IEEE Global Communications Conference (GLOBECOM 2016) held in Washington, in December 2016.

Comments are closed.