Zhang, Bonan, Li, Lin, Chen, Chao, Lee, Ickjai, Lee, Kyungmi, Zhu, Tianqing, and Ong, Kok Leong (2025) A novel dictionary attack on ECG authentication system using adversarial optimization and clustering. Knowledge Based Systems, 316. 113326.

Preview

PDF (Published Version) - Published Version Available under License Creative Commons Attribution. Download (1MB) | Preview

Abstract

Electrocardiogram(ECG)-based biometric authentication has become a promising method to improve security in wearable devices due to its inherent uniqueness and difficulty to replicate. However, no studies currently demonstrate that ECG authentication can resist modern attack techniques employed against biometric authentication. In this paper, we present a novel dictionary attack against ECG authentication systems, which poses a significant threat. In contrast to conventional targeted attacks, this approach utilizes random pairing to breach a vast number of users, without requiring specific information about their biometric data. Our approach leverages adversarial optimization and clustering to generate synthetic ECG waveforms capable of bypassing authentication mechanisms of various systems, revealing critical vulnerabilities in the current implementation of ECG-based biometrics. We comprehensively evaluate the effectiveness of this attack across different ECG authentication models, demonstrating that despite the intrinsic uniqueness of ECG signals, a substantial number of users are vulnerable. Our attack method can bypass the authentication system of an average of 20% of users even at the most stringent false acceptance rate of 1%. With up to five attack attempts allowed, our method can bypass up to 62% of users’ ECG authentication models.

Actions (Repository Staff Only)

Item Control Page