A Privacy-Preserving ECG-Based Authentication System for Securing Wireless Body Sensor Networks

Authentication plays an essential role in securing the communication between sensor nodes within a wireless body sensor network (WBSN). The electrocardiogram (ECG) as a type of physiological data collected by sensor nodes in WBSNs can provide intrinsic liveness detection and the ECG data are continuously available. These are highly desirable properties for authentication purposes. Although ECG-based intranode authentication for WBSNs has been extensively studied, far less attention is paid for protecting the ECG data despite their sensitivity. In this article, we propose a privacy-preserving ECG-based authentication system using a noninvertible transformation scheme called manipulatable Haar transform (MHT). The proposed authentication system not only provides secure intranode authentication for WBSNs but also protects the sensitive health and identity information contained in ECG data from being exposed to adversaries. The experiment results on two public databases and a real Internet of Things device show the strong performance and efficiency of the proposed system. Moreover, security analysis demonstrates the validity of the MHT.