CardioID

Usably secure ad-hoc device pairing fosters connectivity with hardware which is difficult to access (e.g., implanted) and grants convenience for ad-hoc short-term on-off pairing patterns (e.g. shared public domain). Examples are medical devices or fitness equipment. We present CardioID, an approach to extract features from heart rate variability for secure pairing keys that change with the randomness inherited in heart operation. Our processing chain is compatible with electrocardiogram (ECG, voltage), as well as ballistocardiogram (BCG, acceleration) type signals. Dissimilarities in locally generated sequences are accounted for using fuzzy cryptography exploiting Bose–Chaudhuri–Hocquenghem (BCH) codes. We propose a quantization to derive secure keys for cross BCG-ECG device pairing from heart-rate variability and analyze the performance in (inter- and intra-subject) BCG-to-ECG pairing. A secure communication protocol for Body Area Networks (BAN) is discussed. The attack surface of the protocol is analyzed, and we conduct a video-based attack study. In addition, two case studies with 5 (laboratory) and 20 (controlled in-field) subjects were conducted.