Electrocardiogram (ECG)-based biometric authentication systems: vulnerability analysis and security enhancement methods

This article examines a current trend in biometric technology development: electrocardiogram (ECG)-based authentication systems. This method has attracted the attention of researchers due to the unique electrical activity of each person's heart and the relative resistance of this characteristic to counterfeiting compared to traditional biometric parameters (fingerprints, iris, voice). However, the practical application of ECG authentication is associated with a number of vulnerabilities. Key security threats are discussed, including the possibility of artificial signal reproduction, the influence of noise and artifacts during data collection, decreased accuracy due to changes in the user's physiological state, and the risks of compromising biometric templates during storage and transmission. Modern methods for improving the reliability of ECG authentication systems are analyzed. These include the use of adaptive filtering algorithms and multichannel signal processing, the use of machine learning methods to extract stable features, cryptographic protection of biometric templates, and integration with additional authentication factors. Special attention is given to the concept of multi-layered security, where ECG is used as one element in a comprehensive biometric system that balances ease of use and security.
Based on the analysis, it is concluded that the future of ECG authentication directly depends on the development of methods for protecting against replay attacks, improving noise immunity during signal recording, and implementing modern cryptographic protocols for protecting biometric data. Combining physiological characteristics with behavioral and traditional authentication factors is considered the most effective approach to creating reliable and practical user identification systems.

References

[1] Jain A.K., Ross A., Nandakumar K. Introduction to Biometrics. Springer, 2011.

[2] Labati R.D., Mu?oz E., Piuri V., Sassi R., Scotti F. Heartprint: ECG biometric recognition. Biometric Recognition. Springer, 2017, pp. 331–343.

[3] Khusainov F.F., Gilyazov T.F. Methods of biometric identification based on electrocardiogram signals. Bulletin of the Kazan State Technical University named after A.N. Tupolev, 2019, Vol. 23, No. 2, pp. 45–53. (In Russ.).

[4] Sivtsov S.A., Soloviev A.N. Biometric authentication based on electrocardiographic signals. Scientific and Technical Bulletin of Information Technologies, Mechanics and Optics, 2020, Vol. 20, No. 3, pp. 423–431. (In Russ.).

[5] Agrafioti F., Hatzinakos D., Anderson A.K. ECG pattern analysis for emotion detection. IEEE Transactions on Affective Computing, 2012, Vol. 3 (1), pp. 102–115.

[6] Odinaka I., Lai P.-H., Kaplan A. D., O’Sullivan J.A., Sirevaag E.J., Rohrbaugh J.W. ECG biometrics: A robust short-time frequency analysis. IEEE Transactions on Information Forensics and Security, 2012, Vol. 7 (6), pp. 1687–1698.

[7] Plataniotis K.N., Hatzinakos D. ECG biometric recognition in identity management. IEEE Signal Processing Magazine, 2015, vol. 32(6), pp. 95–102.

[8] Biel L., Pettersson O., Philipson L., Wide P. ECG analysis: A new approach in human identification. IEEE Transactions on Instrumentation and Measurement, 2001, vol. 50 (3), pp. 808–812.

[9] Martinez J.P., Almeida R., Olmos S., Rocha A.P., Laguna P. A wavelet-based ECG delineator: Evaluation on standard databases. IEEE Transactions on Biomedical Engineering, 2004, vol. 51(4), pp. 570–581.

[10] ISO/IEC 30107-1:2023. Information technology — Biometric presentation attack detectionPart 1: Framework. URL: https://www.iso.org/obp/ui/en/#iso:std:iso-iec:30107:-1:ed-2:v1:en (accessed October 15, 2025).