broken hearted: how to attack ecg biometricssconce.ics.uci.edu/203-w17/ecg.pdf · simon eberz...
TRANSCRIPT
![Page 1: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/1.jpg)
Broken Hearted:
How to Attack ECG Biometrics
Simon Eberz¶‚ Nicola Paoletti¶‚ Marc Roeschlin¶ ‚ Andrea Patane§,
Marta Kwiatkowska ¶, Ivan Martinovic¶
¶Department of Computer Science
University of Oxford, UK§University of Catania, Italy
![Page 2: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/2.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 2/19
Background - ECG
Recording of the heart’s electrical activity
Electric potential differences measured on a person’s skin
Most common use: Medical diagnosis
![Page 3: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/3.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 3/19
Background – ECG Biometrics
Generic waveform common to healthy individuals
Individual differences in amplitude, duration and distance
Significant body of academic work
![Page 4: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/4.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 4/19
Background – Nymi Band
![Page 5: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/5.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 5/19
Background – Nymi Band (2)
Communication with all Bluetooth/NFC devices (NEAs)
Trialled for contactless payments and online banking
![Page 6: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/6.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 6/19
Threat Model
To break the Nymi Band, the attacker needs to
Obtain access to the band itself
Obtain access to the NCA (e.g., user’s smartphone)
Circumvent ECG-based authentication Focus of this work
![Page 7: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/7.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 7/19
A Presentation Attack Against ECG
Goal: Impersonation of the legitimate user
ECG is available through a number of sources
Different measurement locations and device properties!
Cross-Device attacks
Printed ECG Signal E-health Fitness Devices
![Page 8: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/8.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 8/19
Collecting Data for the Attack
41 Participants
3 different devices
5 measurement modes
![Page 9: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/9.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 9/19
Signal Injection Methods
Hardware arbitrary waveform generator
Laptop soundcard with SW-based waveform generator
Playback of .wav-encoded ECG signal
![Page 10: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/10.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 10/19
“There is currently no known means of falsifying an
ECG waveform and presenting it to a biometric
recognition system. ”
![Page 11: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/11.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 11/19ap. 11
![Page 12: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/12.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 12/19
Initial Results
Cross-Device Attacks
![Page 13: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/13.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 13/19
Different signal morphology across devices!
The Challenge of Cross-Device Attacks
Nymi Band Waveform
ECG Monitor Waveform
Different waveform morphology between devices!
![Page 14: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/14.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 14/19
Training a Cross-Device Mapping
ECG DETECTION AND FEATURES EXTRACTION
SOURCE ECGs
TARGET ECGs
SOURCE FEATURES DISTRIBUTIONS cccc
TARGET FEATURES DISTRIBUTIONS cccc
OPTIMISATIONMAPPING
![Page 15: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/15.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 15/19
Training a Cross-Device Mapping - Results
![Page 16: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/16.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 16/19
Final Results
![Page 17: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/17.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 17/19
Countermeasures – Liveness Detection
Goal: Distinguish between real and artificial signals
Popular for fingerprint scanners
Similar approach conceivable for ECG, but…
…ultimately an arms race with doubtful outcome
![Page 18: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/18.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 18/19
Countermeasures - Secrecy
Goal: Prevent the attacker from obtaining useful data
Challenge: ubiquitous biometric data in the wild
Added bonus challenge: Time stability of biometric features!
![Page 19: Broken Hearted: How to Attack ECG Biometricssconce.ics.uci.edu/203-W17/ecg.pdf · Simon Eberz –How to Attack ECG Biometrics, NDSS 2017 18/19 Countermeasures - Secrecy Goal: Prevent](https://reader036.vdocument.in/reader036/viewer/2022063001/5f19f2bd14c3d80cd674642d/html5/thumbnails/19.jpg)
Simon Eberz – How to Attack ECG Biometrics, NDSS 2017 19/19
Conclusion – Questions?
Successful presentation attack against ECG biometric
Wide variety of data sources suitable for attacks
Remarkably low technological barriers
Future Work
Further improve cross-device mapping
Can very old data be used for the attack?
Thank you for your attention. Questions?