H2K: A Heartbeat-Based Key Generation Framework for ECG and PPG Signals

Abstract

Wireless body area network is a key enabler for connected healthcare but recent cyberattacks have compromised its security and trustworthiness. This paper investigates heartbeat-based key generation to secure body area networks. The interpulse intervals (IPIs) between any two adjacent peaks of heartbeat signals are random and state-of-the-art literature has demonstrated that IPI is a good random source to be extracted as cryptographic keys. Heartbeat signals can be measured by electrocardiography (ECG) and photoplethysmography (PPG) sensors. A general heartbeat-based key generation framework applicable to both ECG and PPG signals is proposed. A robust peak detection algorithm is designed to capture noisy peaks and a simple yet efficient IPI alignment algorithm to align the common IPIs. A key establishment protocol is used to convert analog IPIs to digital binaries and reconcile them between legitimate devices. We evaluate the performance for both ECG signals from an online public database, MIT PhysioBank, and PPG signals collected from our testbed. The results demonstrate that our algorithm is robust and heartbeat-based key generation can be completed for both ECG and PPG signals. We finally create a PPG-based prototype and a demonstration video to show the practicality of our framework.