Thursday, January 23, 2025
HomeInfosec- ResourcesYour Heart Beat As a Password -Smart or Stupid ?

Your Heart Beat As a Password -Smart or Stupid ?

Published on

SIEM as a Service

Follow Us on Google News

Scientists from the Binghamton University in New York have explored with using a person’s heartbeat as a password for encrypting and then decrypting personal data.

Researchers say that each person possesses a unique electrocardiograph (ECG), which just like fingerprints and iris, can be used for authentication.

Binghamton researchers say that systems can be created that use these generally stable ECG measurements as keys for encrypting data and storing data.

Basically, scientists are proposing to replace random data (entropy) or static encryption keys with ECGs and use these unique parameters to secure a person’s data.

What is ECG? 

Electrocardiography (ECG or EKG*) is the process of recording the electrical activity of the heart over a period of time using electrodes placed on the skin. These electrodes detect the tiny electrical changes on the skin that arise from the heart muscle’s electrophysiologic pattern of depolarizing during each heartbeat.

Computing power Will be required very less:

While most home computers and web servers can handle these operations, IoT and smart devices don’t have the processing power to deal with these calculations. Hence, most of them can’t support encryption and end up exposing data. Researchers cite the high computational costs of supporting proper entropy and encryption using classic techniques.

Using an ECG-based biometrics solution simplifies the implementation details, making this a viable solution for smart healthcare devices.

Scientists say that a patient’s data and personal files could be immediately encrypted and managed via a central healthcare data storage server as soon as the patient’s heartbeat is acquired. This should, in theory, safeguard the data from any intruder who can’t reproduce the user’s unique ECG.

A doctor could just press a biometrics sensor against a patient’s skin for a few seconds and immediately access patient files.

The ECG signal is one of the most important and common physiological parameters collected and analyzed to understand a patient’s’ health,” said Zhanpeng Jin, assistant professor in the Department of Electrical and Computer Engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University.

“While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption,” Jin added. “Through this strategy, the security and privacy can be enhanced while minimum cost will be added.”

What are the Remaining Causes?

  1. if ECGs aren’t rolled out as passwords for all sorts of online services and only used to safely store medical records, what happens to the encrypted data (medical records) after the patient dies?
  2. ECGs change due to age, illness, or injury, a problem which researchers still haven’t found a way to solve.
  3. Regular text-based passwords can be changed withing seconds when exposed in a data breach. What happens when a person’s ECG footprint leaks online, and anyone can reproduce it? How does a person protect all the information he encrypted using his heartbeat?

This Research Paper have been presented at IEEE Global Communications Conference (GLOBECOM 2016) held in Washington, in December 2016 with Title of “A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems”

Source : PCworld

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Is this Website Safe: How to Check Website Safety – 2025

is this website safe? In this digital world, Check a website is safe is...

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome...

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

GBHackers come across a new ChatGPT-powered Penetration testing Tool called "PentestGPT" that helps penetration...