With the development of sensor and communication technologies, the Internet of Things (IoT) subsystem is gradually becoming a crucial part in vehicles. It can effectively enhance functionalities of vehicles. However, new attack types are also emerging. For example, a driver with the smart key in their pocket can push the start button to start a car. At the same time, security issues in the push-to-start scenario are pervasive, such as smart key forgery. In this study, we propose a vehicle Passive Entry Passive Start (PEPS) system that adopts deep learning algorithms to recognize the driver using the electrocardiogram (ECG) signals measured on the driver’s smart watch. ECG signals are used for personal identification. Smart watches, serving as new smart keys of the PEPS system, can improve convenience and security. In the experiment, we consider commercial smart watches capable of sensing ECG signals. The sample rate and precision are typically lower than those of a 12-lead ECG used in hospitals. The experimental results show that Long Short-Term Memory (LSTM) models achieve the best accuracy score for identity recognition (91%) when a single ECG cycle is used. However, it takes at least 30 min for training. The training of a personalized Auto Encoder model takes only 5 min for each subject. When 15 continuous ECG cycles are sensed and used, this can achieve 100% identity accuracy. As the personalized Auto Encoder model is an unsupervised learning one-class recognizer, it can be trained using only the driver’s ECG signal. This will simplify the management of ECG recordings extremely, as well as the integration of the proposed technology into PEPS vehicles. A FIDO (Fast Identify Online)-like environment for the proposed PEPS system is discussed. Public key cryptography is adopted for communication between the smart watch and the PEPS car. The driver is first verified on the smart watch via local ECG biometric authentication, and then identified by the PEPS car. Phishing attacks, MITM (man in the middle) attacks, and replay attacks can be effectively prevented.
Read full abstract