تاثیر خصوصیات مهاجم در مکانیزم احراز هویت مستمر مبتنی بر ECG برای اینترنت چیزها Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things

1. Introduction Terms such as ‘‘wearable computing’’ and ‘‘body-area/bodysensor networks’’ have been much discussed since around 1995. They represent a wireless network of lightweight portable computers, sensors and actuators located in, on, and around the human body. This idea has traditionally been very well received in areas such as healthcare monitoring, where the possibility of instrumenting a patient with physiological sensors that provide information in almost real time, as well as implantable medical devices that can be remotely managed, is expected to be a significant breakthrough [1]. Internet-of-Things (IoT) devices allow the quick establishment and sharing of information through the Internet and it opens the door to new opportunities for medical devices with wireless connectivity as they facilitate data monitoring and management [2]. For this purpose, Pandey et al. have proposed a cloud-based architecture to remotely monitor and record patients data [3]. Beyond the pure medical usage, the emergence of the IoT paradigm enables using wearable devices for other purposes [4,5]. One of the fields that has received significant research attention is their application for authenticating the users — the so called biometric authentication. The term biometrics refers to the automatic identification of subjects using their physiological or behavioural patterns [6]. Accordingly, previous efforts have shown the effectiveness of body signals such as ElectroEncephaloGram (EEG) [7], ElectroCardioGram (ECG) [8] or PhotoPlethysmoGram (PPG) [9] signals for this purpose. One interesting aspect of IoT-based biometric authentication is that smart devices can provide continuous streams of subject data. These data streams can be used for security purposes by analysing them in real-time. In fact, this feature enables taking authentication to the next level — instead of identifying the user at a given point in time, it is possible to perform this verification in a continuous fashion. This security mechanism is widely referred to as Continuous Authentication (CA).