Cybersecurity“Cardiac password” project uses the wave of the heart motion for authentication

Published 5 October 2017

One of the unique features for the upcoming iPhone X is facial recognition security, where users can simply unlock their phones by holding it up to their face and allowing the phone’s security measures to identify the correct user. However, it seems just as soon as new means of authentication are developed and put into use, hackers find a way around them, from hacking passwords to faking fingerprints to fool biometric security systems. But there may be one authentication method that cannot be hacked: Cardiac password.

One of the unique features for the upcoming iPhone X is facial recognition security, where users can simply unlock their phones by holding it up to their face and allowing the phone’s security measures to identify the correct user.

It’s just the evolution of security for phones and, in general, for technology that holds sensitive or confidential material. From a passcode or password to thumbprint recognition to retina scans, experts have developed some of the most intricate means of cybersecurity authentication.

However, it seems just as soon as new means of authentication are developed and put into use, hackers find a way around them, from hacking passwords to faking fingerprints to fool biometric security systems. As soon as one wall is erected, someone else blows it up.

“Computer systems may require me to log in information every certain number of minutes or may require some kind of biometrics where I have to use my fingerprints every few minutes or, if we exaggerate, every few seconds,” said Changzhi Li, a researcher in the Department of Electrical and Computer Engineering at Texas Tech University. “But this is not convenient. So the usability is very low and also, itself, has some security threats inside. Even if it asks every minute or two minutes, someone could still come in and use the computer when the user temporarily leaves the computer.”

So is there some method of authentication that can’t be hacked, that can’t be fooled and is most convenient to the user?

TTU says that the answer may lie within the human body. Li is trying to get to the heart of the matter – quite literally. Li is working to develop a method of continuous authentication utilizing the waveform of the human heartbeat to ensure the security of sensitive information on a computer. A cardiac password, if you will.

Li’s project is backed by a $205,418 grant from the National Science Foundation (NSF) to develop high-sensitivity detectors to determine the uniqueness of a person’s heartbeat waveform and, if that is feasible, to perfect the reliability, performance, accuracy and security of this type of continuous authentication. The project is a collaborative effort between Li and Wenyao Xu in the Computer Science and Engineering Department at the University of Buffalo.