On the vulnerability of ECG verification to online presentation attacks

Electrocardiogram (ECG) has long been regarded as a biometric modality which is impractical to copy, clone, or spoof. However, it was recently shown that an ECG signal can be replayed from arbitrary waveform generators, computer sound cards, or off-the-shelf audio players. In this paper, we develop a novel presentation attack where a short template of the victim's ECG is captured by an attacker and used to map the attacker's ECG into the victim's, which can then be provided to the sensor using one of the above sources. Our approach involves exploiting ECG models, characterizing the differences between ECG signals, and developing mapping functions that transform any ECG into one that closely matches an authentic user's ECG. Our proposed approach, which can operate online or on-the-fly, is compared with a more ideal offline scenario where the attacker has more time and resources. In our experiments, the offline approach achieves average success rates of 97.43% and 94.17% for non-fiducial and fiducial based ECG authentication. In the online scenario, the performance is de-graded by 5.65% for non-fiducial based authentication, but is nearly unaffected for fiducial authentication.

[1]  Arun Ross,et al.  Automatic adaptation of fingerprint liveness detector to new spoof materials , 2014, IEEE International Joint Conference on Biometrics.

[2]  Patrizio Campisi,et al.  On the Permanence of EEG Signals for Biometric Recognition , 2016, IEEE Transactions on Information Forensics and Security.

[3]  Christian Jutten,et al.  A Nonlinear Bayesian Filtering Framework for ECG Denoising , 2007, IEEE Transactions on Biomedical Engineering.

[4]  Sébastien Marcel,et al.  Can face anti-spoofing countermeasures work in a real world scenario? , 2013, 2013 International Conference on Biometrics (ICB).

[5]  Arun Ross,et al.  MasterPrint: Exploring the Vulnerability of Partial Fingerprint-Based Authentication Systems , 2017, IEEE Transactions on Information Forensics and Security.

[6]  Nima Karimian,et al.  Noise assessment framework for optimizing ECG key generation , 2017, 2017 IEEE International Symposium on Technologies for Homeland Security (HST).

[7]  S. Haykin Kalman Filtering and Neural Networks , 2001 .

[8]  Patrick E. McSharry,et al.  A dynamical model for generating synthetic electrocardiogram signals , 2003, IEEE Transactions on Biomedical Engineering.

[9]  Sébastien Marcel,et al.  On the vulnerability of speaker verification to realistic voice spoofing , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[10]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[11]  Marios Savvides,et al.  How to Generate Spoofed Irises From an Iris Code Template , 2011, IEEE Transactions on Information Forensics and Security.

[12]  Sébastien Marcel,et al.  Counter-measures to photo attacks in face recognition: A public database and a baseline , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[13]  Richa Singh,et al.  On Iris Spoofing Using Print Attack , 2014, 2014 22nd International Conference on Pattern Recognition.

[14]  Arun Ross,et al.  From the Iriscode to the Iris: A New Vulnerability of Iris Recognition Systems , 2012 .

[15]  Qijun Zhao,et al.  Fingerprint image synthesis based on statistical feature models , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[16]  Ivan Martinovic,et al.  Broken Hearted: How To Attack ECG Biometrics , 2017, NDSS.

[17]  Wael Louis,et al.  Feature Selection for Nonstationary Data: Application to Human Recognition Using Medical Biometrics , 2018, IEEE Transactions on Cybernetics.

[18]  Dimitrios Hatzinakos,et al.  Non-negative sparse coding based scalable access control using fingertip ECG , 2014, IEEE International Joint Conference on Biometrics.

[19]  Arun Ross,et al.  Spoofing faces using makeup: An investigative study , 2017, 2017 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA).

[20]  Mark Mohammad Tehranipoor,et al.  Highly Reliable Key Generation From Electrocardiogram (ECG) , 2017, IEEE Transactions on Biomedical Engineering.

[21]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[22]  Mark Mohammad Tehranipoor,et al.  Human recognition from photoplethysmography (PPG) based on non-fiducial features , 2017, 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[23]  Se Young Chun,et al.  Single pulse ECG-based small scale user authentication using guided filtering , 2016, 2016 International Conference on Biometrics (ICB).

[24]  В. Е. Дворников,et al.  Тестирование показателей дисперсионного картирования на базе данных «The PTB diagnostic ECG database» , 2010 .

[25]  Ana L. N. Fred,et al.  Finger ECG signal for user authentication: Usability and performance , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[26]  Joseph A. O'Sullivan,et al.  ECG Biometric Recognition: A Comparative Analysis , 2012, IEEE Transactions on Information Forensics and Security.