skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: TrueHeart: Continuous Authentication on Wrist-worn Wearables Using PPG-based Biometrics
Traditional one-time user authentication processes might cause friction and unfavorable user experience in many widely-used applications. This is a severe problem in particular for security-sensitive facilities if an adversary could obtain unauthorized privileges after a user’s initial login. Recently, continuous user authentication (CA) has shown its great potential by enabling seamless user authentication with few active participation. We devise a low-cost system exploiting a user’s pulsatile signals from the photoplethysmography (PPG) sensor in commercial wrist-worn wearables for CA. Compared to existing approaches, our system requires zero user effort and is applicable to practical scenarios with non-clinical PPG measurements having motion artifacts (MA). We explore the uniqueness of the human cardiac system and design an MA filtering method to mitigate the impacts of daily activities. Furthermore, we identify general fiducial features and develop an adaptive classifier using the gradient boosting tree (GBT) method. As a result, our system can authenticate users continuously based on their cardiac characteristics so little training effort is required. Experiments with our wrist-worn PPG sensing platform on 20 participants under practical scenarios demonstrate that our system can achieve a high CA accuracy of over 90% and a low false detection rate of 4% in detecting random attacks.  more » « less
Award ID(s):
2000480 1909963
PAR ID:
10192361
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
IEEE Conference on Computer Communications
Page Range / eLocation ID:
30 to 39
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, Journal of Mechanics in Medicine and Biology)
    Monitoring human gait is essential to quantify gait issues associated with fall-prone individuals as well as other gait-related movement disorders. Being portable and cost-effective, ambulatory gait analysis using inertial sensors is considered a promising alternative to traditional laboratory-based approach. The current study aimed to provide a method for predicting the spatio-temporal gait parameters using the wrist-worn inertial sensors. Eight young adults were involved in a laboratory study. Optical motion analysis system and force-plates were used for the assessment of baseline gait parameters. Spatio-temporal features of an Inertial Measurement Unit (IMU) on the wrist were analyzed. Multi-variate correlation analyses were performed to develop gait parameter prediction models. The results indicated that gait stride time was strongly correlated with peak-to-peak duration of wrist gyroscope signal in the anterio-posterior direction. Meanwhile, gait stride length was successfully predicted using a combination model of peak resultant wrist acceleration and peak sagittal wrist angle. In conclusion, current study provided the evidence that the wrist-worn inertial sensors are capable of estimating spatio-temporal gait parameters. This finding paves the foundation for developing a wrist-worn gait monitor with high user compliance. 
    more » « less
  2. ; ; ; ; (, IEEE Workshop on Information Forensics and Security (WIFS), Rennes, France)
    Free-text keystroke is a form of behavioral biometrics which has great potential for addressing the security limitations of conventional one-time authentication by continuously monitoring the user's typing behaviors. This paper presents a new, enhanced continuous authentication approach by incorporating the dynamics of both keystrokes and wrist motions. Based upon two sets of features (free-text keystroke latency features and statistical wrist motion patterns extracted from the wrist-worn smartwatches), two one-vs-all Random Forest Ensemble Classifiers (RFECs) are constructed and trained respectively. A Dynamic Trust Model (DTM) is then developed to fuse the two classifiers' decisions and realize non-time-blocked real-time authentication. In the free-text typing experiments involving 25 human subjects, an imposter/intruder can be detected within no more than one sentence (average 56 keystrokes) with an FRR of 1.82% and an FAR of 1.94%. Compared with the scheme relying on only keystroke latency which has an FRR of 4.66%, an FAR of 17.92% and the required number of keystroke of 162, the proposed authentication system shows significant improvements in terms of accuracy, efficiency, and usability. 
    more » « less
  3. ; ; ; ; ; (, 2022 ACM on Asia Conference on Computer and Communications Security)
    Continuous location authentication (CLA) seeks to continuously and automatically verify the physical presence of legitimate users in a protected indoor area. CLA can play an important role in contexts where access to electrical or physical resources must be limited to physically present legitimate users. In this paper, we present WearRF-CLA, a novel CLA scheme built upon increasingly popular wrist wearables and UHF RFID systems. WearRF-CLA explores the observation that human daily routines in a protected indoor area comprise a sequence of human-states (e.g., walking and sitting) that follow predictable state transitions. Each legitimate WearRF-CLA user registers his/her RFID tag and also wrist wearable during system enrollment. After the user enters a protected area, WearRF-CLA continuously collects and processes the gyroscope data of the wrist wearable and the phase data of the RFID tag signals to verify three factors to determine the user's physical presence/absence without explicit user involvement: (1) the tag ID as in a traditional RFID authentication system, (2) the validity of the human-state chain, and (3) the continuous coexistence of the paired wrist wearable and RFID tag with the user. The user passes CLA if and only if all three factors can be validated. Extensive user experiments on commodity smartwatches and UHF RFID devices confirm the very high security and low authentication latency of WearRF-CLA. 
    more » « less
  4. ; (, 2022 Asia-Pacific Microwave Conference (APMC))
    Respiration rate and heart rate variability (HRV) due to respiratory sinus arrhythmia (RSA) are physiological measurements that can offer useful diagnostics for a variety of medical conditions. This study uses a wrist-worn wearable development platform from Maxim Integrated and Doppler radar sensor developed by Adnoviv, Inc. to non-invasively measure these physiological signals. Six datasets are recorded comprising of five different individuals in varying physical environments breathing at different respiration rates. First, respiration rates are extracted from photoplethysmography (PPG) and accelerometer data and compared to Doppler radar. The average maximum and minimum difference between Doppler radar extracted RR and PPG, HRV RSA, and accelerometer extracted RR is 0.342 b/m and 0.171 b/m, respectively. Then, waveforms for Doppler radar, PPG, and HRV RSA signals are plotted in time domain and an analysis discusses the physical phenomena associated with the phase alignment of the signals. 
    more » « less
  5. ; ; ; ; (, Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys '19))
    With the increasing prevalence of mobile and IoT devices (e.g., smartphones, tablets, smart-home appliances), massive private and sensitive information are stored on these devices. To prevent unauthorized access on these devices, existing user verification solutions either rely on the complexity of user-defined secrets (e.g., password) or resort to specialized biometric sensors (e.g., fingerprint reader), but the users may still suffer from various attacks, such as password theft, shoulder surfing, smudge, and forged biometrics attacks. In this paper, we propose, CardioCam, a low-cost, general, hard-to-forge user verification system leveraging the unique cardiac biometrics extracted from the readily available built-in cameras in mobile and IoT devices. We demonstrate that the unique cardiac features can be extracted from the cardiac motion patterns in fingertips, by pressing on the built-in camera. To mitigate the impacts of various ambient lighting conditions and human movements under practical scenarios, CardioCam develops a gradient-based technique to optimize the camera configuration, and dynamically selects the most sensitive pixels in a camera frame to extract reliable cardiac motion patterns. Furthermore, the morphological characteristic analysis is deployed to derive user-specific cardiac features, and a feature transformation scheme grounded on Principle Component Analysis (PCA) is developed to enhance the robustness of cardiac biometrics for effective user verification. With the prototyped system, extensive experiments involving 25 subjects are conducted to demonstrate that CardioCam can achieve effective and reliable user verification with over $99%$ average true positive rate (TPR) while maintaining the false positive rate (FPR) as low as 4%. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email