1. Introduction

As the Internet of things (IoT) becomes more popular in consumer, business, and military settings, one can expect the demand for biometric technologies to grow. IoT devices are supposed to outnumber the world's population this year [1] and their number should continue to dramatically increase for many years to come. Managing so many devices with passwords alone is ripe with challenges. In addition, the sensitive data gathered and stored by IoT could pose significant privacy concerns. Compared with conventional authentication techniques, such as digital passwords, personal identification numbers, and smart-cards/tokens, biometrics provide a more robust method for identifying a person, i.e., based on their distinctive physical characteristics. Biometrics can also be consid- ered more seamless and convenient, especially for continuous authentication [15]. That being said, it has already been demonstrated that many of the most popular biometric modalities (iris, face, fingerprint, and speech) can be spoofed and are, therefore, vulnerable to presentation attacks [27,12,13,9,3,6,28,25,24,11]. Over the past decade, alternative modalities based on biological signals have been explored and their resistance to presentation attacks is often highlighted as a major attribute. Notable examples include electrocardiogram (ECG) [8], photoplethys-mogram (PPG) [16], and electroencephalogram (EEG) [19], which possess high distinctiveness, are difficult to replicate, and provide intrinsic liveness detection. Among them, ECG has received the most attention and is beginning to gain larger acceptance from the biometrics community. For instance, ECG-based authentication systems, such as the Nymi wristband [2], are already coming to the market. ECG is a recording of the electric potential, generated by the electric activity of the heart, on the surface of the thorax that represents the extra cellular electric behavior of the cardiac muscle tissue. A typical, healthy ECG signal with different beats is shown in Figure 1. Generally speaking, ECG authentication systems can be categorized based on the feature extraction method (fiducial point vs. non-fiducial point) as well as the type of template matching used for classification. Fiducial point feature extraction relies on an accurate detection of ECG fiducial characteristic points such as P, Q, R, S, and T waves as shown in Figure 1, in order to obtain their relative amplitude, temporal intervals and morphological features. Non-fiducial point feature extraction analyzes an ECG in a holistic manner, typically by applying time or frequency analysis to obtain other statistical features. Despite the interest in ECG-based authentication, it's worth noting that ECG suffers from various noise sources such as motion, electromyography (EMG), and exercise, which can impact authentication accuracy [17]. In the literature, accuracy lies in the range of 94.3% to 100% [21]. Figure 1.

Waterfall plot of ECG beats collected from the same subject and localization of fiducial points.