Continuous Biometric Authentication using Electrocardiographic (ECG) Data

In the past decades, usage behavior and digital life style rapidly changed with emerging technologies such as smartphones, highspeed mobile telecommunication standards, social media, etc. While we are using countless digital services and devices on a regular basis, our main way of authentication remained unchanged: session-based authentication with tokens or secrets can be considered as de facto standard. Continuous authentication might be a suitable concept to cope with those new conditions. While it would be impractical to continuously enter a password on a mobile phone, authentication just by touching the device seems tempting. Electrocardiographic (ECG) data can be continuously captured and verified. It is recorded by mere skin contact to ECG sensors. In this thesis we design, build and evaluate a continuous ECG authentication system. Therefore, we record the FH Hagenberg Research ECG Database (FRED). We employ machine learning models for classification and finally evaluate system performance for identification and authentication use cases. Results indicate that continuous ECG authentication can achieve an equal error rate of about 7%. Unobtrusive data recording allows continuous ECG authentication to extend mobile device security, without necessarily reducing usability.