Enhancing Heart-Beat-Based Security for mHealth Applications

Abstract-In heart-beat-based security, a security key is derived from the time difference between two consecutive heart beats (the Inter-Pulse-Interval, IPI) which may, subsequently, be used to enable secure communication. While heart-beatbased security holds promise in mobile health (mHealth) applications, there currently exists no work that provides a detailed characterization of the delivered security in a real system. In this paper, we evaluate the strength of IPI-based security keys in the context of entity authentication. We investigate several
aspects which should be considered in practice, including subjects with reduced heart-rate variability, different sensor-sampling frequencies, inter-sensor variability (i.e., how accurate each entity may measure heart beats) as well as average and worst-caseauthentication time. Contrary to the current state of the art, our evaluation demonstrates that authentication using multiple, lessentropic keys may actually increase the key strength by reducing the effects of inter-sensor variability. Moreover, find that the maximal key strength of a 60-bit key varies between 29.2 bits and only 5.7 bits, depending on the subject’s heart-rate variability.