broken hearted: how to attack ecg biometricssconce.ics.uci.edu/203-w17/ecg.pdf · simon eberz...
TRANSCRIPT
Broken Hearted:
How to Attack ECG Biometrics
Simon Eberz¶‚ Nicola Paoletti¶‚ Marc Roeschlin¶ ‚ Andrea Patane§,
Marta Kwiatkowska ¶, Ivan Martinovic¶
¶Department of Computer Science
University of Oxford, UK§University of Catania, Italy
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 2/19
Background - ECG
Recording of the heart’s electrical activity
Electric potential differences measured on a person’s skin
Most common use: Medical diagnosis
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 3/19
Background – ECG Biometrics
Generic waveform common to healthy individuals
Individual differences in amplitude, duration and distance
Significant body of academic work
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 4/19
Background – Nymi Band
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 5/19
Background – Nymi Band (2)
Communication with all Bluetooth/NFC devices (NEAs)
Trialled for contactless payments and online banking
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 6/19
Threat Model
To break the Nymi Band, the attacker needs to
Obtain access to the band itself
Obtain access to the NCA (e.g., user’s smartphone)
Circumvent ECG-based authentication Focus of this work
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 7/19
A Presentation Attack Against ECG
Goal: Impersonation of the legitimate user
ECG is available through a number of sources
Different measurement locations and device properties!
Cross-Device attacks
Printed ECG Signal E-health Fitness Devices
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 8/19
Collecting Data for the Attack
41 Participants
3 different devices
5 measurement modes
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 9/19
Signal Injection Methods
Hardware arbitrary waveform generator
Laptop soundcard with SW-based waveform generator
Playback of .wav-encoded ECG signal
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 10/19
“There is currently no known means of falsifying an
ECG waveform and presenting it to a biometric
recognition system. ”
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 11/19ap. 11
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 12/19
Initial Results
Cross-Device Attacks
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 13/19
Different signal morphology across devices!
The Challenge of Cross-Device Attacks
Nymi Band Waveform
ECG Monitor Waveform
Different waveform morphology between devices!
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 14/19
Training a Cross-Device Mapping
ECG DETECTION AND FEATURES EXTRACTION
SOURCE ECGs
TARGET ECGs
SOURCE FEATURES DISTRIBUTIONS cccc
TARGET FEATURES DISTRIBUTIONS cccc
OPTIMISATIONMAPPING
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 15/19
Training a Cross-Device Mapping - Results
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 16/19
Final Results
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 17/19
Countermeasures – Liveness Detection
Goal: Distinguish between real and artificial signals
Popular for fingerprint scanners
Similar approach conceivable for ECG, but…
…ultimately an arms race with doubtful outcome
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 18/19
Countermeasures - Secrecy
Goal: Prevent the attacker from obtaining useful data
Challenge: ubiquitous biometric data in the wild
Added bonus challenge: Time stability of biometric features!
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 19/19
Conclusion – Questions?
Successful presentation attack against ECG biometric
Wide variety of data sources suitable for attacks
Remarkably low technological barriers
Future Work
Further improve cross-device mapping
Can very old data be used for the attack?
Thank you for your attention. Questions?