Opportunistic Multi-Modal User Authentication for Health-Tracking IoT Wearables

TL;DR

This paper investigates using blood oxygen saturation (SpO2) and heart rate data from wearables for implicit user authentication, achieving promising accuracy improvements over single biometric methods.

Contribution

It introduces a novel approach leveraging SpO2 and heart rate data from wearables to improve implicit user authentication accuracy.

Findings

SpO2 alone can distinguish 92% of user pairs.

SpO2 achieves 0.69 accuracy and F1 score.

Adding heart rate improves accuracy by 15% and F1 by 13%.

Abstract

With the advancement of technologies, market wearables are becoming increasingly popular with a range of services, including providing access to bank accounts, accessing cars, monitoring patients remotely, among several others. However, often these wearables collect various sensitive personal information of a user with no to limited authentication, e.g., knowledge-based external authentication techniques, such as PINs. While most of these external authentication techniques suffer from multiple limitations, including recall burden, human errors, or biases, researchers have started using various physiological and behavioral data, such as gait and heart rate, collected by the wearables to authenticate a wearable user implicitly with a limited accuracy due to sensing and computing constraints of wearables. In this work, we explore the usefulness of blood oxygen saturation SpO2 values collected from the Oximeter device to distinguish a user from others. From a cohort of 25 subjects, we find that 92% of the cases SpO2 can distinguish pairs of users. From detailed modeling and performance analysis, we observe that while SpO2 alone can obtain an average accuracy of 0.69 and F1 score of 0.69, the addition of heart rate (HR) can improve the average identification accuracy by 15% and F1 score by 13%. These results show promise in using SpO2 along with other biometrics to develop implicit continuous authentications for wearables.