A Privacy-Preserving ECG-Based Authentication System for Securing Wireless Body Sensor Networks

Authentication plays an essential role in securing the communication between sensor nodes within a wireless body sensor network (WBSN). The electrocardiogram (ECG) as a type of physiological data collected by sensor nodes in WBSNs can provide intrinsic liveness detection and the ECG data are continuously available. These are highly desirable properties for authentication purposes. Although ECG-based intra-node authentication for WBSNs has been extensively studied, far less attention is paid to protecting the ECG data despite their sensitivity. In this paper, we propose a privacy-preserving ECG-based authentication system using a non-invertible transformation scheme called manipulatable Haar transform (MHT). The proposed authentication system not only provides secure intra-node authentication for WBSNs, but also protects the sensitive health and identity information contained in ECG data from being exposed to adversaries. Experiment results on two public databases and a real IoT device show the strong performance and efficiency of the proposed system. Moreover, security analysis demonstrates the validity of the MHT.