Abstract
Authentication is the process of verifying the claimed identity of a user. Traditional authentication systems suffer from vulnerabilities that can break the security of the system. An example of such vulnerabilities is Replay Attack: An attacker can use a pre-saved password or an authentication credential to log into the system. Another issue with existing authentication systems is that the authentication process is done only at the beginning of a session: once the user is authenticated in the system, her identity is assumed to remain the same during the lifetime of the session. In real world, an attacker can masquerade as a legitimate user by physically controlling an authenticated machine. Therefore, there is a need to continuously monitor the user to determine if the user who is using the computer is the same person that logged onto the system. In this paper, we present a framework for continuous authentication of the user based on the electrocardiogram data collected from the user's heart signal. The electrocardiogram (ECG) data is used as a soft biometric to continuously authenticate the identity of the user; Experimental results demonstrate that electrocardiogram biometric trait can guarantee the safety of the system from illegal access.