Car keys and house keys could be made redundant by our own heartbeats, according to a cyber-security expert from Edith Cowan University in WA.

Dr Guanglou Zheng from ECU’s Security Research Institute is investigating how electrocardiogram (ECG) signals can be used to secure medical devices, unlock phones and even protect the smart homes and smart cars of the future.

Like fingerprints, ECG signals are unique to every person and keep on changing over time, which gives enough randomness to create keys for security purposes.

ECG machines are traditionally used in hospitals to detect irregularities in a heart’s rhythm, however they’re also becoming increasingly common for health monitoring in wearable fitness devices.

ECG keys have been studied for credit card payment, medical device protection and personal electronic items security.

Relatively simple to use

Dr Zheng believes it’s only a matter of time before ECG signals are harnessed for user authentication purposes.

“We’re seeing more and more devices with built-in ECG monitors utilised to track users’ health and fitness data,” he said.

“It’s relatively simple to use these ECG signals in the same way we’re currently using other biometric security systems like fingerprints and facial recognition for authentication.

“The challenge for security researchers is how we ensure the systems and the signals themselves are secure.”

A unique binary sequence can be generated from a user’s ECG signals, which is then used as a -security key (like a very long random password) to identify the user.

Applications in medical devices

Dr Zheng and his colleagues are focussing much of their work on using ECG signals to secure medical devices implanted in our bodies.

These devices, such as pacemakers, defibrillators, insulin delivery systems and neuro stimulators, are not currently designed with security in mind.

“These devices have some disturbing vulnerabilities, primarily because the wireless communication channels between the devices and the programmer units that collect their data are not encrypted,” he said.

“Experiments have shown implantable medical devices are vulnerable to cyber attacks by an adversary with the right tools and motivations.

“This could be used to steal a patient’s personal medical information or reprogram a unit to malfunction and injure, or even kill a patient.”

In recent research published in the IEEE Sensors Journal, Dr Zheng and his colleagues evaluated security solutions for ECG signals in wearable and implantable medical devices like pacemakers.