Cardiac Scan: A Non-contact And Continuous Heart-based User Authentication System
Abstract
Continuous authentication is of great importance to maintain the security level of a system throughout the login session. The goal of this work is to investigate a trustworthy, continuous, and non-contact user authentication approach based on a heart-related biometric that works in a daily-life environment. To this end, we present a novel, continuous authentication system, namely <i>Cardiac Scan</i>, based on geometric and non-volitional features of the cardiac motion. Cardiac motion is an automatic heart deformation caused by self-excitement of the cardiac muscle, which is unique to each user and is difficult (if not impossible) to counterfeit. <i>Cardiac Scan</i> features intrinsic liveness detection, unobtrusiveness, cost-effectiveness, and high usability. We prototype a remote, high-resolution cardiac motion sensing system based on the smart DC-coupled continuous-wave radar. Fiducial-based invariant identity descriptors of cardiac motion are extracted after the radar signal demodulation. We conduct a pilot study with 78 subjects to evaluate <i>Cardiac Scan</i> in <i>accuracy</i>, <i>authentication time</i>, <i>permanence</i>, <i>evaluation in complex conditions</i>, and <i>vulnerability</i>. Specifically, <i>Cardiac Scan</i> achieves 98.61% balanced accuracy (BAC) and 4.42% equal error rate (EER) in a real-world setup. We demonstrate that <i>Cardiac Scan</i> is a robust and usable continuous authentication system.