Is Your Smartband Smart Enough to Know Who You Are: Continuous Physiological Authentication in The Wild

TL;DR

This paper demonstrates that wrist-worn devices using heart rate variability can reliably perform continuous physiological authentication in real-world settings, enhancing security for cloud and IoT services.

Contribution

It introduces a novel approach for continuous authentication using HRV features from smartbands, addressing challenges like signal artifacts and low quality in real-life scenarios.

Findings

HRV features are effective for continuous authentication

Smartbands can be used reliably outside laboratory conditions

Machine learning models achieve strong performance in real-world data

Abstract

The use of cloud services that process privacy-sensitive information such as digital banking, pervasive healthcare, smart home applications requires an implicit continuous authentication solution which will make these systems less vulnerable to the spoofing attacks. Physiological signals can be used for continuous authentication due to their personal uniqueness. Ubiquitous wrist-worn wearable devices are equipped with photoplethysmogram sensors which enable to extract heart rate variability (HRV) features. In this study, we show that these devices can be used for continuous physiological authentication, for enhancing the security of the cloud, edge services, and IoT devices. A system that is suitable for the smartband framework comes with new challenges such as relatively low signal quality and artifacts due to placement which were not encountered in full lead electrocardiogram systems. After the artifact removal, cleaned physiological signals are fed to the machine learning algorithms. In order to train our machine learning models, we collected physiological data using off-the-shelf smartbands and smartwatches in a real-life event. Performance evaluation of selected machine learning algorithms shows that HRV is a strong candidate for continuous unobtrusive implicit physiological authentication.