Enhancing Heart-Beat-Based Security for mHealth Applications

Robert M Seepers, Christos Strydis, Ioannis Sourdis, Chris I De Zeeuw

Research output: Contribution to journal/periodicalArticleScientificpeer-review


In heart-beat-based security, a security key is derived from the time difference between consecutive heart beats (the inter-pulse interval, IPI), which may, subsequently, be used to enable secure communication. While heart-beat-based security holds promise in mobile health (mHealth) applications, there currently exists no work that provides a detailed characterization of the delivered security in a real system. In this paper, we evaluate the strength of IPI-based security keys in the context of entity authentication. We investigate several aspects that should be considered in practice, including subjects with reduced heart-rate variability (HRV), different sensor-sampling frequencies, intersensor variability (i.e., how accurate each entity may measure heart beats) as well as average and worst-case-authentication time. Contrary to the current state of the art, our evaluation demonstrates that authentication using multiple, less-entropic keys may actually increase the key strength by reducing the effects of intersensor variability. Moreover, we find that the maximal key strength of a 60-bit key varies between 29.2 bits and only 5.7 bits, depending on the subject's HRV. To improve security, we introduce the inter-multi-pulse interval (ImPI), a novel method of extracting entropy from the heart by considering the time difference between nonconsecutive heart beats. Given the same authentication time, using the ImPI for key generation increases key strength by up to 3.4 × (+19.2 bits) for subjects with limited HRV, at the cost of an extended key-generation time of 4.8 × (+45 s).

Original languageEnglish
Pages (from-to)254-262
Number of pages9
JournalIEEE Journal of Biomedical and Health Informatics
Issue number1
Publication statusPublished - Jan 2017


Dive into the research topics of 'Enhancing Heart-Beat-Based Security for mHealth Applications'. Together they form a unique fingerprint.

Cite this