Award Abstract # 1718375
SaTC: CORE: Small: Collaborative: Cardiac Password: Exploring a Non-Contact and Continuous Approach to Secure User Authentication

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: THE RESEARCH FOUNDATION FOR THE STATE UNIVERSITY OF NEW YORK
Initial Amendment Date: August 15, 2017
Latest Amendment Date: May 25, 2022
Award Number: 1718375
Award Instrument: Standard Grant
Program Manager: Jeremy Epstein
CNS
 Division Of Computer and Network Systems
CSE
 Directorate for Computer and Information Science and Engineering
Start Date: September 1, 2017
End Date: August 31, 2022 (Estimated)
Total Intended Award Amount: $294,582.00
Total Awarded Amount to Date: $394,582.00
Funds Obligated to Date: FY 2017 = $294,582.00
FY 2018 = $16,000.00

FY 2019 = $16,000.00

FY 2020 = $16,000.00

FY 2021 = $36,000.00

FY 2022 = $16,000.00
History of Investigator:
  • Wenyao Xu (Principal Investigator)
    wenyaoxu@buffalo.edu
  • Shambhu Upadhyaya (Co-Principal Investigator)
Recipient Sponsored Research Office: SUNY at Buffalo
520 LEE ENTRANCE STE 211
AMHERST
NY  US  14228-2577
(716)645-2634
Sponsor Congressional District: 26
Primary Place of Performance: SUNY at Buffalo
NY  US  14260-2500
Primary Place of Performance
Congressional District:
26
Unique Entity Identifier (UEI): LMCJKRFW5R81
Parent UEI: GMZUKXFDJMA9
NSF Program(s): Special Projects - CNS,
Secure &Trustworthy Cyberspace
Primary Program Source: 01002223DB NSF RESEARCH & RELATED ACTIVIT
01001718DB NSF RESEARCH & RELATED ACTIVIT

01001819DB NSF RESEARCH & RELATED ACTIVIT

01001920DB NSF RESEARCH & RELATED ACTIVIT

01002021DB NSF RESEARCH & RELATED ACTIVIT

01002122DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 025Z, 065Z, 115E, 7218, 7434, 7923, 9178, 9251
Program Element Code(s): 171400, 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Most traditional security systems authenticate a user only at the initial log-in session. As a result, it is possible for another user, authorized or unauthorized, to access the system information, with or without the permission of the signed-on user, until the initial user logs out. This could be a critical security flaw even for high-security systems. Traditional one-time (e.g., password) or two-factor (e.g., password with fingerprint) authentication methods are no longer sufficient. Continuous authentication is a form of dynamic, risk-based authentication that changes the perspective of authentication from an event to a process, and has the potential to address the vulnerability of existing security systems by continuously verifying the user's identity during the session use. This interdisciplinary team explores a novel continuous authentication through a transformative non-contact heart-based biometrics. This project could transform the understanding of non-volatile components in cardiac motion, and convert this new knowledge and related technologies into improved security in increasingly vulnerable cyberspace. The project establishes a unique inter university research and education program on cyber security, which involves both K-12, undergraduate students, and underrepresented populations.

The Cardiac Password project investigates a holistic hardware/software solution to secure and trustworthy continuous authentication via non-contact cardiac motion sensing. The new authentication system can recognize humans in a non-contact, unobtrusive and even non-line-of-sight fashion. Towards this goal, the project has three thrusts. First, the team develops a high-fidelity non-contact cardiac motion sensing device. Second, the team investigates invariant cardiac descriptors and propose continuous authentication methodologies. Third, the team assesses the performance, usability, and vulnerability of the proposed Cardiac Password system. The outcome of this research can advance state-of-the-art heart-based biometrics in user authentication, and provide insights on developing more undeceivable, disclosure-resistant and user-friendly biometric solutions. The investigators will disseminate the results of the project through publications, talks, and demos, and integrate the research results into education curricula.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Li, Huining and Xu, Chenhan and Rathore, Aditya Singh and Li, Zhengxiong and Zhang, Hanbin and Song, Chen and Wang, Kun and Su, Lu and Lin, Feng and Ren, Kui and Xu, Wenyao "VocalPrint: exploring a resilient and secure voice authentication via mmWave biometric interrogation" Proceedings of the 18th ACM Conference on Embedded Networked Sensor Systems , 2020 https://doi.org/10.1145/3384419.3430779 Citation Details
Lin, Feng and Song, Chen and Zhuang, Yan and Xu, Wenyao and Li, Changzhi and Ren, Kui "Cardiac Scan: A Non-contact and Continuous Heart-based User Authentication System" MobiCom '17 Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking , 2017 10.1145/3117811.3117839 Citation Details
Li, Zhengxiong and Yang, Zhuolin and Song, Chen and Li, Changzhi and Peng, Zhengyu and Xu, Wenyao "E-Eye: Hidden Electronics Recognition through mmWave Nonlinear Effects" ACM Conference on Embedded Networked Sensor Systems , 2018 10.1145/3274783.3274833 Citation Details
Rathore, Aditya Singh and Li, Zhengxiong and Zhu, Weijin and Jin, Zhanpeng and Xu, Wenyao "A Survey on Heart Biometrics" ACM Computing Surveys , v.53 , 2021 https://doi.org/10.1145/3410158 Citation Details
Song, Chen and Li, Zhengxiong and Xu, Wenyao "Cardiac biometrics for continuous and non-contact mobile authentication: poster" the 12th Conference on Security and Privacy in Wireless and Mobile Networks , 2019 10.1145/3317549.3326303 Citation Details
Xu, Chenhan and Li, Huining and Li, Zhengxiong and Zhang, Hanbin and Rathore, Aditya Singh and Chen, Xingyu and Wang, Kun and Huang, Ming-chun and Xu, Wenyao "CardiacWave: A mmWave-based Scheme of Non-Contact and High-Definition Heart Activity Computing" Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies , v.5 , 2021 https://doi.org/10.1145/3478127 Citation Details
Xu, Chenhan and Li, Zhengxiong and Zhang, Hanbin and Rathore, Aditya Singh and Li, Huining and Song, Chen and Wang, Kun and Xu, Wenyao "WaveEar: Exploring a mmWave-based Noise-resistant Speech Sensing for Voice-User Interface" the 17th Annual International Conference on Mobile Systems, Applications, and Services , 2019 10.1145/3307334.3326073 Citation Details
Zhengxiong, Li and Baicheng, Chen and Huining, Li and Chenhan, Xu and Xingyu, Chen and Kun, Wang and Wenyao, Xu "FerroTag: a paper-based mmWave-scannable tagging infrastructure" ACM Conference on Embedded Networked Sensor Systems , 2019 10.1145/3356250.3360019 Citation Details

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

Most traditional security systems authenticate a user only at the initial log-in session. As a result, it is possible for another user, authorized or unauthorized, to access the system information, with or without the permission of the signed-on user, until the initial user logs out. This could be a critical security flaw even for high-security systems. Traditional one-time (e.g., password) or two-factor (e.g., password with fingerprint) authentication methods are no longer sufficient. Continuous authentication is a form of dynamic, risk-based authentication that changes the perspective of authentication from an event to a process and has the potential to address the vulnerability of existing security systems by continuously verifying the user's identity during the session use.

In this project, an interdisciplinary team has explored a novel continuous authentication based on a transformative noncontact detection of heart-based biometrics using electromagnetic waves. Radio-frequency devices operating at 5.8 GHz, 24 GHz and 120 GHz have been developed for noncontact cardiac motion sensing. The devices send out a low-power electromagnetic wave and analyze the signal scattered from human subjects, which enables the extraction of the cardiac motion information from the participant. Advanced signal pre-conditioning methods based on analog circuit design and digital signal processing have been developed to achieve high sensitivity and low distortion in the detected cardiac motion. To reliably detect the subtle changes in heart activity, a software tool, namely, CardiacWave, has been investigated to provide a full spectrum of Electrocardiogram (ECG)-like heart activities. The CardiacWave design consists of a noise-resistant sensing scheme to interrogate a cardiac activity profiling module for extracting cardiac electrical activities from the interrogation response. Experiments have shown that the CardiacWave-induced ECG measures can be correlated with the heart activity ground truth, which was measured from a medical-grade instrument.

This project could transform the understanding of non-volatile components in cardiac motion and convert new knowledge and related technologies into improved security in increasingly vulnerable cyberspace. Based on collaboration between Electrical Engineers at Texas Tech University and Computer Scientists at the University of Buffalo, the project has established a unique inter-university research and education program on cyber security, which involved both K-12 undergraduate students, and underrepresented populations.


Last Modified: 12/17/2022
Modified by: Wenyao Xu

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page