Skip to main content Skip to main navigation


I Know You by Heart: Biometric Authentication based on Electrocardiogram (ECG) signals

Christoph Lipps; Lea Bergkemper; Jan Herbst; Hans Dieter Schotten
In: Proceeding of the International Conference on Cyber Warfare and Security. International Conference on Cyber Warfare and Security (ICCWS-2022), March 17-18, Albany, New York, USA, ACPI, 3/2022.


Trust, confidence and trustworthiness are of fundamental importance in human societies, usually established and sustained through personal relationships. But, due to the globalization and ongoing interconnection of everything up to Cyber-Physical Productions Systems (CPPS) and the Internet of Everything (IoE), physical attendance is no longer necessary. (Remote) access to systems is possible from anywhere on the globe. Accompanied with the lack of personal relationship is the challenge to trust entities –humans or machines-, and proof the identity they are claiming to be. Whether it's payment transactions with smartwatches, logging in to systems, or accessing sensitive parts of buildings, the user's identity is the basic prerequisite. For human participants, for instance, the verification can be obtained through biometrics. These are distinguishable into physiological, biological and behavioral features, each characteristic but of varying difficulty to deduce them. Although using biometric features is not a new concept -indeed they are the oldest form of authentication-, modern approaches are shifting them back into focus. Improved sensor technology enables the identification of people by their gait, or to distinguish them by their characteristic gestures. This work highlights how the availability of (medical) data, and the possibilities of Artificial Intelligence (AI) contribute to the identification and authentication of humans. Therefore, Electrocardiogram (ECG) signals are recorded using a Microcontroller Unit (MCU) and ECG electrodes to derive a three-lead ECG. Using different Machine Learning (ML) algorithms: K-Nearest Neighbor (KNN), Support Vector Machines (SVM) and Gaussian Naïve Bayes (GNB); it is analyzed whether the ECG signals are able to distinguish individuals. Thereby, the ML algorithms are compared with each other, determining which one achieves the best results. The results of the evaluation indicate that ECG signals are capable to distinguish humans based on their heartbeat in such a manner that they can be used as Human - Physically Unclonable Functions (Human-PUFs). Furthermore, the results give reason to assume that the algorithms can also be used for medical applications, for example to recognize heart diseases.