BreathLive: Liveness Detection for Heart Sound Authentication with Deep Breathing

Nowadays, considerable number of devices have been proposed to monitor cardiovascular health. To protect medical data on these devices from unauthorized access, researchers have proposed ECG-based and heart sound-based authentication methods. However, their vulnerabilities to replay attacks have recently been revealed. In this paper, we leverage liveness detection to enhance heart sound-based authentication against replay attacks. We utilize the inherent correlation between sounds and chest motion caused by deep breathing to realize a reliable liveness detection system, BreathLive. To be specific, BreathLive captures breathing sounds and chest motion simultaneously, and then eliminates signal delay caused by any imperfections of device components. Next, it extracts a set of features to characterize the correlation between sounds and motion signals, and uses them to train the classifier. We implement and evaluated BreathLive under different attacking scenarios and contexts. The results show that BreathLive achieves an equal error rate of 4.0%, 6.4% and 8.3% for random impersonation attacks, advanced impersonation attacks and advanced replay attacks respectively, which indicates its effectiveness in defending against different attacks. Also the extensive experiments prove the system can be robust to different contexts with a small training set.