Enhancing IoT Security via Cancelable HD-sEMG-Based Biometric Authentication Password, Encoded by Gesture

Enhancing information security via reliable user authentication in wireless body area network (WBAN)-based Internet-of-Things (IoT) applications has attracted increasing attention. The noncancelability of traditional biometrics (e.g., fingerprint) for user authentication increases the privacy disclosure risks once the biometric template is exposed, because users cannot volitionally create a new template. In this work, we propose a cancelable biometric modality based on high-density surface electromyogram (HD-sEMG) encoded by hand gesture password, for user authentication. HD-sEMG signals (256 channels) were acquired from the forearm muscles when users performed a prescribed gesture password, forming their biometric token. Thirty four alternative hand gestures in common daily use were studied. Moreover, to reduce the data acquisition and transmission burden in IoT devices, an automatically generated password-specific channel mask was employed to reduce the number of active channels. HD-sEMG biometrics were also robust with reduced sampling rate, further reducing power consumption. HD-sEMG biometrics achieved a low equal error rate (EER) of 0.0013 when impostors entered a wrong gesture password, as validated on 20 subjects. Even if impostors entered the correct gesture password, the HD-sEMG biometrics still achieved an EER of 0.0273. If the HD-sEMG biometric template was exposed, users could cancel it by simply changing it to a new gesture password, with an EER of 0.0013. To the best of our knowledge, this is the first study to employ HD-sEMG signals under common daily hand gestures as biometric tokens, with training and testing data acquired on different days.

Automated summary

This study proposes a cancelable biometric modality based on high-density surface electromyogram (HD-sEMG) encoded by hand gesture password for user authentication in wireless body area network-based Internet-of-Things applications. The use of automatically generated password-specific channel mask reduces data acquisition and transmission burden in IoT devices. The HD-sEMG biometrics were robust with reduced sampling rate, achieving low equal error rates for both wrong and correct gesture password entries, and providing a cancelable template option for users if needed.