eration
Our third contribution in this thesis is a low-latency approach for generating secure ECG feature based cryptographic keys. Most existing key generation
0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 -1 0 1 2 Voltage (mV)
Raw ECG Signal
0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 Time (s) 0 0.5 1 Voltage (mV)
Filtered ECG Signal
P wave R wave S wave T wave Q Wave
Figure 3.4: An ideal raw ECG signal and the filtered ECG signal with the main fiducial points indicated [20]
approaches are not directly applicable to BANs. Current ECG-based cryp- tographic keys are mostly generated using Inter Pulse Interval IPI feature of an ECG signal [18, 69, 77, 102, 103, 104, 105]. IPI is measured from two consecutive R peak points, where the R peaks are the tallest and most con- spicuous peaks in an ECG signal. In [97], we demonstrated that existing IPI-based key generation approaches suffer from a low level of security in terms of distinctiveness, the test of randomness, and temporal variance. In the IPI-based approach, our main focus was to enhance the security of the generated cryptographic keys while realizing a clear trade-off between the security level and key generation execution time. To address this problem, we present a novel robust key generation approach employing several ECG feature, called Several ECG Feature (SEF). The SEF approach alleviates the key generation execution overhead of the existing and the previous ap- proaches while preserving the achieved high security levels. The first step to generate ECG-based cryptographic keys is raw ECG data acquisition from subjects. The collected ECG data includes information about the heart rate, morphology, and rhythm being recorded by placing a set of electrodes on body surfaces such as neck, chest, legs, and arms. Once collected, raw ECG data need to be prepared for further analysis. Analysis of the ECG signal can be split into two principal steps by functionality: ECG signal prepro-
cessing and feature extraction. The proposed approach is applied to both
normal and abnormal ECG signals. The main contribution of this work is as follows:
1. ECG Feature Selection: The SEF approach uses four main
reference-free1 features of the ECG signal along with consecutive IPI 1In this context, reference-free property indicates a dynamic technique in which no
40 60 80 100 120
The Distribution of PR Interval
0 10 20 30 Number of PQ Intervals in Similar Bin 245 250 255 260
The Distribution of PP Interval
0 20 40 60 Number of ST Intervals in Similar Bin 120 140 160 180 200 220
The Distribution of QT Interval
0 20 40 60 Number of PR Intervals in Similar Bin 110 120 130 140 150 160 170
The Distribution of ST Interval
0 10 20 30 Number of QT Intervals in Similar Bin
Figure 3.5: The normal distribution of PR, PP, QT, and ST intervals [20] sequences to generate ECG-based cryptographic keys. The utilized main features include PR, RR, PP, QT, and ST intervals. This is based on the fact that these features are highly reliable and ensure the randomness property.
2. Optimum Binary Sequence Generation: A dynamic technique is used to specify the optimum number of bits that can be extracted from each main ECG feature. The used technique ensures the randomness property as the binary sequence is produced based on the real-time variation of the measured ECG signal [79]. The utilized technique to determine the number of optimum bits (M) can be defined as:
µ(F Xi) = 1 N N X i=1 xi (3.1) SD(F Xi) = σ(F Xi) = v u u t 1 N N X i=1 (xi− µ)2 (3.2) Cv = σ(F Xi) µ(F Xi) (3.3) M = ln (σ(F Xi)) ln(2) + Cv (3.4)
where F Xi represents a set of any one of the PR, PP, QT, and ST
features from one sampled ECG dataset in the ithheartbeat, xirepre- sents each value in the dataset, µ is the mean value of the dataset, σ is
the summation, N is defined as the number of values in the dataset, σ indicates the standard deviation of a dataset, and Cv is the coefficient of variation which is defined as the ratio of the standard deviation to the mean value. As can be seen from Figure 3.5, similar to the RR interval, the distribution of PR, PP, QT, and ST intervals also fits into the normal distribution. Hence, these ECG features also fulfill the property of randomness.
3. ECG-based Cryptographic Key Generation: In the SEF key generation approach, depending on the length of the cryptographic
key n that needs to be generated, approximately n
16 consecutive ECG
heartbeat cycles need to be detected. From the detected heatbeats, all of the main ECG features from a t-second segment of a patient’s ECG data need to be computed. To achieve this goal, the following tasks must be performed: (1) for a specified period of time t, the main fiducial points or peaks of a sensed ECG signal should be extracted utilizing a generic feature extraction function; (2) from the detected fiducial points, the required x consecutive ECG features should be computed; (3) from the computed main ECG features, the amount of optimum binary values per ECG feature must be calculated; and (4) the produced mi-bit binary sequences from each ECG feature then need to be concatenated in order to form an n-bit binary sequence. The generated n-bit binary sequence is considered the main crypto- graphic key.
4. Strengthening ECG Feature-based Key generation: To rein- force and enhance the security level of the approach, we consolidate the SEF key generation approach with two different cryptographi- cally secured pseudo- random number generators: (1) SEF-PRNG: we strengthened the security level of the SEF approach by exploiting the Fibonacci-LFSR pseudo-random number generator (2) SEF-AES: the SEF approach is also strengthened by utilizing the AES algorithm in counter mode. This technique exploits our SEF key generation ap- proach as the seed generator for the AES algorithm.
The security evaluation of the generated keys was made in terms of dis- tinctiveness, a test of randomness, temporal variance, and the NIST bench- mark. The results show that the strengthened key generation approach offers a higher security level in comparison to existing approaches that rely only on singleton ECG features. The analyses also reveal that the normal ECG signals have slightly better randomness compared to the abnormal ones. Cryptographic keys that are generated from normal ECG signals using the SEF approach have an entropy of about 0.98 on average. Cryptographic keys that are produced using the strengthened SEF approach offer the en-
Figure 3.6: The architecture of a healthcare IoT system with secure end-to- end communication [96]
tropy of ∼ 1. In addition, the reinforced key generation approach also has better P-value NIST pass rates compared to state-of-the-art approaches that rely only on singleton ECG features. We also found out that our approach is approximately faster than existing IPI-based key generation approaches. Future work includes investigating and analyzing other physiological signals within a BAN. The purpose is to realize how the generated cryptographic keys can also be used by other bio-sensors to provide intra-BAN communi- cation security.