research-article

Public Access

CardioCam: Leveraging Camera on Mobile Devices to Verify Users While Their Heart is Pumping

Authors:

Marco GruteserAuthors Info & Claims

MobiSys '19: Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services

Pages 249 - 261

https://doi.org/10.1145/3307334.3326093

Published: 12 June 2019 Publication History

Abstract

With the increasing prevalence of mobile and IoT devices (e.g., smartphones, tablets, smart-home appliances), massive private and sensitive information are stored on these devices. To prevent unauthorized access on these devices, existing user verification solutions either rely on the complexity of user-defined secrets (e.g., password) or resort to specialized biometric sensors (e.g., fingerprint reader), but the users may still suffer from various attacks, such as password theft, shoulder surfing, smudge, and forged biometrics attacks. In this paper, we propose, CardioCam, a low-cost, general, hard-to-forge user verification system leveraging the unique cardiac biometrics extracted from the readily available built-in cameras in mobile and IoT devices. We demonstrate that the unique cardiac features can be extracted from the cardiac motion patterns in fingertips, by pressing on the built-in camera. To mitigate the impacts of various ambient lighting conditions and human movements under practical scenarios, CardioCam develops a gradient-based technique to optimize the camera configuration, and dynamically selects the most sensitive pixels in a camera frame to extract reliable cardiac motion patterns. Furthermore, the morphological characteristic analysis is deployed to derive user-specific cardiac features, and a feature transformation scheme grounded on Principle Component Analysis (PCA) is developed to enhance the robustness of cardiac biometrics for effective user verification. With the prototyped system, extensive experiments involving $25$ subjects are conducted to demonstrate that CardioCam can achieve effective and reliable user verification with over $99%$ average true positive rate (TPR) while maintaining the false positive rate (FPR) as low as $4%$.

References

[1]

Foteini Agrafioti, Jiexin Gao, and Dimitrios Hatzinakos. 2011. Heart biometrics: Theory, methods and applications. In Biometrics . InTech.

[2]

John Allen. 2007. Photoplethysmography and its application in clinical physiological measurement. Physiological measurement, Vol. 28, 3 (2007), R1.

[3]

Amazon. 2018. Echo Look, Hands-Free Camera and Style Assistant with Alexa. https://www.amazon.com/Amazon-Echo-Look-Camera-Style-Assistant/dp/B0186JAEWK.

[4]

Amazon.com. 2018. Amazon Dash Button, Official Site. https://www.amazon.com/Amazon-JK29LP-Tide-Dash-Button/dp/B0187TMRYM.

[5]

Anatomy and Physiology. 2019. Cardiac Cycle. http://library.open.oregonstate.edu/aandp/chapter/19--3-cardiac-cycle/.

[6]

Apple. 2017. Face ID Security. https://www.apple.com/ca/business-docs/FaceID_Security_Guide.pdf.

[7]

Arathi Arakala, Jason Jeffers, and Kathy J Horadam. 2007. Fuzzy extractors for minutiae-based fingerprint authentication. In International Conference on Biometrics (Springer). 760--769.

Digital Library

[8]

Juan Sebastian Arteaga-Falconi, Hussein Al Osman, and Abdulmotaleb El Saddik. 2016. ECG authentication for mobile devices. IEEE Transactions on Instrumentation and Measurement, Vol. 65, 3 (2016), 591--600.

[9]

Adam J Aviv, Katherine L Gibson, Evan Mossop, Matt Blaze, and Jonathan M Smith. 2010. Smudge Attacks on Smartphone Touch Screens. Woot (2010).

Digital Library

[10]

Zhongjie Ba, Sixu Piao, Xinwen Fu, Dimitrios Koutsonikolas, Aziz Mohaisen, and Kui Ren. {n. d.}. ABC: Enabling Smartphone Authentication with Built-in Camera. ({n. d.}).

[11]

Lena Biel, Ola Pettersson, Lennart Philipson, and Peter Wide. 2001. ECG analysis: a new approach in human identification. IEEE Transactions on Instrumentation and Measurement, Vol. 50, 3 (2001), 808--812.

[12]

Angelo Bonissi, Ruggero Donida Labati, Luca Perico, Roberto Sassi, Fabio Scotti, and Luca Sparagino. 2013. A preliminary study on continuous authentication methods for photoplethysmographic biometrics. In Workshop on Biometric Measurements and Systems for Security and Medical Applications (IEEE BIOMS) .

[13]

Nam Bui, Anh Nguyen, Phuc Nguyen, Hoang Truong, Ashwin Ashok, Thang Dinh, Robin Deterding, and Tam Vu. 2017. Photometry based Blood Oxygen Estimation through Smartphone Cameras. In Proceedings of the 9th ACM Workshop on Wireless of the Students, by the Students, and for the Students (ACM S3). 29--31.

Digital Library

[14]

tokyo Cara McGoogan Danielle Demetriou. 2017. Peace sign selfies could let hackers copy your fingerprints. http://www.telegraph.co.uk/technology/2017/01/12/peace-sign-selfies-could-let-hackers-copy-fingerprints/.

[15]

Shaxun Chen, Amit Pande, and Prasant Mohapatra. 2014. Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (ACM MobiSys) . 109--122.

Digital Library

[16]

Mohamed Elgendi. 2012. On the analysis of fingertip photoplethysmogram signals. Current cardiology reviews, Vol. 8, 1 (2012), 14--25.

[17]

Nesli Erdogmus and Sebastien Marcel. 2014. Spoofing face recognition with 3D masks. IEEE transactions on information forensics and security (2014).

[18]

Priyanshu Gupta, Shipra Behera, Mayank Vatsa, and Richa Singh. 2014. On iris spoofing using print attack. In 2014 22nd international conference on Pattern recognition (ICPR). IEEE, 1681--1686.

Digital Library

[19]

Apple Inc. 2017. About Face ID advanced technology. https://support.apple.com/en-us/HT208108.

[20]

Steven A Israel, John M Irvine, Andrew Cheng, Mark D Wiederhold, and Brenda K Wiederhold. 2005. ECG to identify individuals. Pattern recognition, Vol. 38, 1 (2005), 133--142.

[21]

Anil K Jain, Lin Hong, Sharath Pankanti, and Ruud Bolle. 1997. An identity-authentication system using fingerprints. Proc. IEEE, Vol. 85, 9 (1997), 1365--1388.

[22]

Tsai-Yang Jea and Venu Govindaraju. 2005. A minutia-based partial fingerprint recognition system. Pattern Recognition, Vol. 38, 10 (2005), 1672--1684.

Digital Library

[23]

Ian T Jolliffe. 1986. Principal component analysis and factor analysis. In Principal component analysis . Springer, 115--128.

[24]

Nima Karimian, Mark Tehranipoor, and Domenic Forte. 2017. Non-fiducial ppg-based authentication for healthcare application. In Biomedical & Health Informatics (BHI), 2017 IEEE EMBS International Conference on. IEEE, 429--432.

[25]

A Recs it Kavsaoug lu, Kemal Polat, and M Recep Bozkurt. 2014. A novel feature ranking algorithm for biometric recognition with PPG signals. Computers in biology and medicine (Elsevier), Vol. 49 (2014), 1--14.

[26]

Miyuki Kono, Hironori Ueki, and Shin-ichiro Umemura. 2002. Near-infrared finger vein patterns for personal identification. Applied Optics (2002).

[27]

Ajay Kumar and Arun Passi. 2010. Comparison and combination of iris matchers for reliable personal authentication. Pattern recognition (Elsevier) (2010).

Digital Library

[28]

Yuriy Kurylyak, Francesco Lamonaca, Domenico Grimaldi, and FJ Duro. 2012. Smartphone based photoplethysmogram measurement. Digital image and signal processing for measurement systems (2012), 135--164.

[29]

Leslie Lamport. 1981. Password authentication with insecure communication. Commun. ACM, Vol. 24, 11 (1981), 770--772.

Digital Library

[30]

Feng Lin, Chen Song, Yan Zhuang, Wenyao Xu, Changzhi Li, and Kui Ren. 2017. Cardiac Scan: A Non-contact and Continuous Heart-based User Authentication System. In Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking (ACM MobiCom) . 315--328.

Digital Library

[31]

Davide Maltoni, Dario Maio, Anil K Jain, and Salil Prabhakar. 2009. Handbook of fingerprint recognition .Springer Science & Business Media.

Digital Library

[32]

Kenta Matsumura and Takehiro Yamakoshi. 2013. iPhysioMeter: a new approach for measuring heart rate and normalized pulse volume using only a smartphone. Behavior research methods (Springer), Vol. 45, 4 (2013), 1272--1278.

[33]

SC Millasseau, RP Kelly, JM Ritter, and PJ Chowienczyk. 2002. Determination of age-related increases in large artery stiffness by digital pulse contour analysis. Clinical science, Vol. 103, 4 (2002), 371--377.

[34]

Naoto Miura, Akio Nagasaka, and Takafumi Miyatake. 2004. Feature extraction of finger-vein patterns based on repeated line tracking and its application to personal identification. Machine vision and applications, Vol. 15, 4 (2004), 194--203.

Digital Library

[35]

Yunyoung Nam, Jinseok Lee, and Ki H Chon. 2014. Respiratory rate estimation from the built-in cameras of smartphones and tablets. Annals of biomedical engineering (Springer), Vol. 42, 4 (2014), 885--898.

[36]

PaymentsSource. 2018. Slideshow Data: India's mobile payments market is ready to boom. https://www.paymentssource.com/slideshow/data-indias-mobile-payments-market-is-ready-to-boom.

[37]

The Student Physiologist. 2016. The Cardiac Cycle And Cardiac Output. https://thephysiologist.org/study-materials/the-cardiac-cycle-and-cardiac-output/.

[38]

Carmen CY Poon, Yuan-Ting Zhang, and Shu-Di Bao. 2006. A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. IEEE Communications Magazine, Vol. 44, 4 (2006), 73--81.

Digital Library

[39]

Lawrence R Rabiner, Bernard Gold, and CK Yuen. 1978. Theory and application of digital signal processing. IEEE Transactions on Systems, Man, and Cybernetics, Vol. 8, 2 (1978), 146--146.

[40]

Ring. 2018. Video Doorbells. https://shop.ring.com/collections/video-doorbells.

[41]

Aditi Roy, Nasir Memon, and Arun Ross. 2017. MasterPrint: exploring the vulnerability of partial fingerprint-based authentication systems. IEEE Transactions on Information Forensics and Security, Vol. 12, 9 (2017), 2013--2025.

Digital Library

[42]

Sairul I Safie, John J Soraghan, and Lykourgos Petropoulakis. 2011. Electrocardiogram (ECG) biometric authentication using pulse active ratio (PAR). IEEE Transactions on Information Forensics and Security, Vol. 6, 4 (2011), 1315--1322.

Digital Library

[43]

SAMSUNG. 2018. Family Hub Refrigerator. https://www.samsung.com/us/explore/family-hub-refrigerator/overview/.

[44]

Roger Schneider. 2011. Survey of peaks/valleys identification in time series. Department of Informatics, University of Zurich, Switzerland (2011).

[45]

Tsu-Wang Shen, WJ Tompkins, and YH Hu. 2002. One-lead ECG for identity verification. In 24th annual conference and the annual fall meeting of the biomedical engineering society (IEEE EMBS), Vol. 1. 62--63.

[46]

Women Love Tech. 2017. Bridging the Gap Smartphones in Third World Countries. https://womenlovetech.com/bridging-the-gap-smartphones-in-third-world-countries/.

[47]

Kamlesh Tiwari, C Jinshong Hwang, and Phalguni Gupta. 2016. A palmprint based recognition system for smartphone. In Future Technologies Conference (IEEE FTC). 577--586.

[48]

Ton Van der Putte and Jeroen Keuning. 2000. Biometrical fingerprint recognition: don't get your fingers burned. In Smart Card Research and Advanced Applications (Springer). 289--303.

Digital Library

[49]

Shreyas Venugopalan and Marios Savvides. 2011. How to generate spoofed irises from an iris code template. IEEE Transactions on Information Forensics and Security, Vol. 6, 2 (2011), 385--395.

Digital Library

[50]

Edward J Wang, William Li, Junyi Zhu, Rajneil Rana, and Shwetak N Patel. 2017. Noninvasive hemoglobin measurement using unmodified smartphone camera and white flash. In Engineering in Medicine and Biology Society (EMBC), 2017 39th Annual International Conference of the IEEE. IEEE, 2333--2336.

[51]

Edward Jay Wang, Junyi Zhu, Mohit Jain, Tien-Jui Lee, Elliot Saba, Lama Nachman, and Shwetak N Patel. 2018. Seismo: Blood Pressure Monitoring using Built-in Smartphone Accelerometer and Camera. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. ACM, 425.

Digital Library

[52]

Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. 2005. Authentication using graphical passwords: Effects of tolerance and image choice. In Proceedings of the 2005 symposium on Usable privacy and security (ACM SOUPS) . 1--12.

Digital Library

[53]

Tzong-Sun Wu, Ming-Lun Lee, Han-Yu Lin, and Chao-Yuan Wang. 2014. Shoulder-surfing-proof graphical password authentication scheme. International journal of information security, Vol. 13, 3 (2014), 245--254.

Digital Library

[54]

William J Youden. 1950. Index for rating diagnostic tests. Cancer (1950).

[55]

Zhaomin Zhang and Daming Wei. 2006. A new ECG identification method using bayes' teorem. In 2006 ieee region 10 conference Tencon. IEEE, 1--4.

Cited By

Yin YXie LJiang ZXiao FCao JLu S(2024)A Systematic Review of Human Activity Recognition Based on Mobile Devices: Overview, Progress and TrendsIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335759126:2(890-929)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2024.3357591
Park SSeo CWang XLee YSeo S(2024)Exclusively in-store: Acoustic location authentication for stationary business devicesJournal of Network and Computer Applications10.1016/j.jnca.2024.104028(104028)Online publication date: Sep-2024
https://doi.org/10.1016/j.jnca.2024.104028
Wang WWang QZuniga M(2023)Taming Irregular Cardiac Signals for Biometric IdentificationACM Transactions on Sensor Networks10.1145/3624570Online publication date: 15-Sep-2023
https://doi.org/10.1145/3624570
Show More Cited By

Index Terms

CardioCam: Leveraging Camera on Mobile Devices to Verify Users While Their Heart is Pumping
1. Security and privacy
  1. Security services
    1. Authentication
      1. Biometrics

Recommendations

Authenticating mobile phone users using keystroke analysis

Mobile handsets have found an important place in modern society, with hundreds of millions currently in use. The majority of these devices use inherently weak authentication mechanisms, based upon passwords and PINs. This paper presents a feasibility ...
Usability and Security of Text Passwords on Mobile Devices
CHI '16: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems

Recent research has improved our understanding of how to create strong, memorable text passwords. However, this research has generally been in the context of desktops and laptops, while users are increasingly creating and entering passwords on mobile ...
Multi-factor biometrics for authentication: a false sense of security
MM&Sec '10: Proceedings of the 12th ACM workshop on Multimedia and security

Multi-factor biometric authentications have been proposed recently to strengthen security and/or privacy of biometric systems in addition to enhancing authentication accuracy. An important approach to multi-factor biometric authentication is to apply ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '19: Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services

June 2019

736 pages

ISBN:9781450366618

DOI:10.1145/3307334

General Chairs:
Junehwa Song
KAIST, South Korea
,
Minkyong Kim
Samsung Electronics
,
Program Chairs:
Nicholas D. Lane
University of Oxford & Samsung AI
,
Rajesh K. Balan
Singapore Management University

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

MobiSys '19

Sponsor:

SIGMOBILE

MobiSys '19: The 17th Annual International Conference on Mobile Systems, Applications, and Services

June 17 - 21, 2019

Seoul, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
1,301
Total Downloads

Downloads (Last 12 months)174
Downloads (Last 6 weeks)29

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yin YXie LJiang ZXiao FCao JLu S(2024)A Systematic Review of Human Activity Recognition Based on Mobile Devices: Overview, Progress and TrendsIEEE Communications Surveys & Tutorials10.1109/COMST.2024.335759126:2(890-929)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2024.3357591
Park SSeo CWang XLee YSeo S(2024)Exclusively in-store: Acoustic location authentication for stationary business devicesJournal of Network and Computer Applications10.1016/j.jnca.2024.104028(104028)Online publication date: Sep-2024
https://doi.org/10.1016/j.jnca.2024.104028
Wang WWang QZuniga M(2023)Taming Irregular Cardiac Signals for Biometric IdentificationACM Transactions on Sensor Networks10.1145/3624570Online publication date: 15-Sep-2023
https://doi.org/10.1145/3624570
Huang YQiu MChen LPeng ZZhang QWu K(2023)NF-HeartProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35808517:1(1-24)Online publication date: 28-Mar-2023
https://dl.acm.org/doi/10.1145/3580851
Cao YLi FZhang QYang SWang Y(2023)Towards Nonintrusive and Secure Mobile Two-Factor Authentication on WearablesIEEE Transactions on Mobile Computing10.1109/TMC.2021.313327522:5(3046-3061)Online publication date: 1-May-2023
https://doi.org/10.1109/TMC.2021.3133275
Ning JXie LWang CBu YXu FZhou DLu SYe B(2023)RF-Badge: Vital Sign-Based Authentication via RFID Tag Array on BadgesIEEE Transactions on Mobile Computing10.1109/TMC.2021.309791222:2(1170-1184)Online publication date: 1-Feb-2023
https://doi.org/10.1109/TMC.2021.3097912
Zhou XPan JZhang ZJi XChen H(2023)Gesture-Related Two-Factor Authentication for Wearable Devices via PPG SensorsIEEE Sensors Journal10.1109/JSEN.2023.326944023:12(13114-13126)Online publication date: 15-Jun-2023
https://doi.org/10.1109/JSEN.2023.3269440
Pan JZhou XZhang ZJi XChen H(2023)G-PPG: A Gesture-related PPG-based Two-Factor Authentication for Wearable Devices2022 IEEE 28th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS56603.2022.00039(242-249)Online publication date: Jan-2023
https://doi.org/10.1109/ICPADS56603.2022.00039
Li LChen CPan LYu Zhang LWang ZZhang JXiang Y(2023)A Survey of PPG's Application in AuthenticationComputers & Security10.1016/j.cose.2023.103488(103488)Online publication date: Sep-2023
https://doi.org/10.1016/j.cose.2023.103488
Wang WVette MWang QYang JZuniga M(2022)CamPressID: Optimizing Camera Configuration and Finger Pressure for Biometric Authentication2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS)10.1109/MASS56207.2022.00037(229-235)Online publication date: Oct-2022
https://doi.org/10.1109/MASS56207.2022.00037
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents