Heartbeats could soon replace house keys
A person’s heartbeat could soon replace the keys needed to access their home and car, according to a cybersecurity expert.
Dr Guanglou Zheng from Edith Cowan University’s Security Research Institute is investigating how electrocardiogram (ECG) signals can be used to secure medical devices, unlock phones and even protect the smart homes and smart cars of the future.
Like fingerprints, ECG signals are unique to every person and keep on changing over time, which gives enough randomness to create keys for security purposes.
ECG machines are traditionally used in hospitals to detect irregularities in a heart’s rhythm; however, they’re also becoming increasingly common for health monitoring in wearable fitness devices.
ECG keys have been studied for credit card payment, medical device protection and personal electronic items security.
Zheng believes it’s only a matter of time before ECG signals are harnessed for user authentication purposes.
“We’re seeing more and more devices with built-in ECG monitors utilised to track users’ health and fitness data,” he said.
“It’s relatively simple to use these ECG signals in the same way we’re currently using other biometric security systems like fingerprints and facial recognition for authentication.
“The challenge for security researchers is how we ensure the systems and the signals themselves are secure.”
A unique binary sequence can be generated from a user’s ECG signals, which is then used as a security key (like a very long random password) to identify the user.
Zheng and his colleagues are focusing much of their work on using ECG signals to secure medical devices implanted in our bodies.
These devices, such as pacemakers, defibrillators, insulin delivery systems and neuro stimulators, are not currently designed with security in mind.
“These devices have some disturbing vulnerabilities, primarily because the wireless communication channels between the devices and the programmer units that collect their data are not encrypted,” he said.
“Experiments have shown implantable medical devices are vulnerable to cyber attacks by an adversary with the right tools and motivations.
“This could be used to steal a patient’s personal medical information or reprogram a unit to malfunction and injure, or even kill, a patient.”
In recent research published in the IEEE Sensors Journal, Zheng and his colleagues evaluated security solutions for ECG signals in wearable and implantable medical devices like pacemakers.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
In a remarkable twist, some companies are blaming their customers for shortfalls in customer...
The Australian smartphone market contracted by a record 9% during 2018 to just 8.2 million units...
Nearly one-quarter of organisations have not changed their security policies to comply with...