Scientists from the Binghamton University in New York have explored with using a person's heartbeat as a password for encrypting and then decrypting personal data.
Researchers say that each person possesses a unique electrocardiograph (ECG), which just like fingerprints and iris, can be used for authentication.
Electrocardiography (ECG or EKG*) is the process of recording the electrical activity of the heart over a period of time using electrodes placed on the skin. These electrodes detect the tiny electrical changes on the skin that arise from the heart muscle's electrophysiologic pattern of depolarizing during each heartbeat.
- Wikipedia
We've all seen ECG measurements, being often used in movies to show a person's pulsating heart, or signal someone's death.
Binghamton researchers say that systems can be created that use these generally stable ECG measurements as keys for encrypting data and storing data.
Basically, scientists are proposing to replace random data (entropy) or static encryption keys with ECGs and use these unique parameters to secure a person's data.
ECGs require less computing power
Researchers cite the high computational costs of supporting proper entropy and encryption using classic techniques. While most home computers and web servers can handle these operations, IoT and smart devices don't have the processing power to deal with these calculations. Hence, most of them can't support encryption and end up exposing data.
Using an ECG-based biometrics solution simplifies the implementation details, making this a viable solution for smart healthcare devices.
Scientists say that a patient's data and personal files could be immediately encrypted and managed via a central healthcare data storage server as soon as the patient's heartbeat is acquired. This should, in theory, safeguard the data from any intruder who can't reproduce the user's unique ECG.
A doctor could just press a biometrics sensor against a patient's skin for a few seconds and immediately access patient files.
"The ECG signal is one of the most important and common physiological parameters collected and analyzed to understand a patient's’ health," said Zhanpeng Jin, assistant professor in the Department of Electrical and Computer Engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University.
"While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption," Jin added. "Through this strategy, the security and privacy can be enhanced while minimum cost will be added."
Some questions remain
But as much as using ECG signals for passwords makes sense, researchers admit that there are a few problems left to iron out.
First of all, ECGs change due to age, illness, or injury, a problem which researchers still haven't found a way to solve.
Second, if ECGs aren't rolled out as passwords for all sorts of online services and only used to safely store medical records, what happens to the encrypted data (medical records) after the patient dies?
Third is the same question that has plagued all other biometrics systems. Regular text-based passwords can be changed within seconds when exposed in a data breach. What happens when a person's ECG footprint leaks online, and anyone can reproduce it? How does a person protect all the information he encrypted using his heartbeat?
Prof. Jin probably had to face this last question before, since he was previously involved in research that explored using a person's unique brainprint instead of traditional passwords for access to computers and other facilities.
The research team's findings have been presented at the IEEE Global Communications Conference (GLOBECOM 2016) held in Washington, in December 2016. Their research is titled " A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems."
Comments
TsVk! - 7 years ago
Pretty cool research. The main problem I see is that your heartbeat isn't relatively static like your iris. Come back from lunch after an espresso and can't access your data? Become unwell can't access your data? Just quite simply get older and can't access your data?
I would think that these things would blow the whole concept straight out of the water before it ever went to a team of researchers. Maybe they can be overcome though.
Andrew - 7 years ago
I've said it before, and I'll say it again: biometrics are a terrible replacement for passwords. They can be taken from you either by force or without your knowledge, and can't be changed if they are compromised.
They make great username replacements, though.
DodoIso - 7 years ago
I like this idea of username use only... but it's kind of hardware sensor overkill and not cost effective at all. Keyboard & mouse remain the simpler option. Perhaps in a time when citizen will get electronically tagged like animals?
hollowface - 7 years ago
Very cool. Could be useful as an alternative to fingerprints and retinal scans, but it would have to offer some benefits over them.
I would not want my medical records secured by it.
HolyCowz - 7 years ago
Can't see this working A people won't want medical data stored about them. B ecg is pretty unreliable from experience. What happens to someone who has an irregular heart beat and has it restarted would they then be locked out as this will change it in many ways and that's just one extreme example another fancy idea I don't think is viable, Interesting none the less.
Plus how is the doc going to access my medical data if I'm dead lol