Know Me by My Pulse: Toward Practical Continuous Authentication on Wearable Devices via Wrist-Worn PPG
Wei Shao
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · Network Security
Wearable devices store increasingly sensitive data -- health information, messages, and payment credentials -- yet their authentication systems only verify the user once (via PIN, fingerprint, or face unlock), leaving the device trusted indefinitely afterward. If the device is stolen, removed, or handed to someone else, access persists. This talk presents the first practical **continuous authentication system** for wearable devices using low-rate, multi-channel **Photoplethysmography (PPG)** -- the optical blood volume sensing already built into most commercial smartwatches. The key insight is that **25 Hz, 4-channel PPG** is sufficient for biometric authentication, achieving **88% average test accuracy** with an **Equal Error Rate (EER) of approximately 3%**, a **False Acceptance Rate of 0.48%**, and a **battery life of 26+ hours** with continuous authentication enabled. The system uses a **bidirectional LSTM with attention mechanism** and rejects impostors within **4 seconds** (one sliding window), demonstrated in real-time on actual wearable hardware.
AI review
A practical continuous authentication system for wearables using low-rate PPG signals. Solid biometrics engineering with real-hardware deployment, but no offensive security content and limited relevance to security research beyond the biometrics community.