A Survey of PPG's Application in Authentication

Biometric authentication prospered because of its convenient use and security. Early generations of biometric mechanisms suffer from spoofing attacks. Recently, unobservable physiological signals (e.g., Electroencephalogram, Photoplethysmogram, Electrocardiogram) as biometrics offer a potential remedy to this problem. In particular, Photoplethysmogram (PPG) measures the change in blood flow of the human body by an optical method. Clinically, researchers commonly use PPG signals to obtain patients' blood oxygen saturation, heart rate, and other information to assist in diagnosing heart-related diseases. Since PPG signals contain a wealth of individual cardiac information, researchers have begun to explore their potential in cyber security applications. The unique advantages (simple acquisition, difficult to steal, and live detection) of the PPG signal allow it to improve the security and usability of the authentication in various aspects. However, the research on PPG-based authentication is still in its infancy. The lack of systematization hinders new research in this field. We conduct a comprehensive study of PPG-based authentication and discuss these applications' limitations before pointing out future research directions.


Introduction
Authentication ensures the legitimacy of access to data (Wang et al., 2020a) and the identity of individuals.Authentication is useful in many areas of our lives, including commercial applications, healthcare, access control, and many more.There are three categories of authenticationknowledge-based authentication like passwords, object-based authentication, like ID cards, and biometric-based authentication, like face recognition (Jain et al., 2006).Biometricbased authentication uses physiological or behavioral characteristics extracted from a person as a source of idiosyncratic information (Huang and Wang, 2022).It does not suffer from being forgotten compared with knowledge-and object-based methods.Since each human has many idiosyncratically physical or behavioral characteristics, a wealth of individual information can be leveraged to strengthen biometric-based authentication against fabrication.The traditional features used for biometrics include fingerprint, face, iris, voice, palmprint, and many more (Jia et al., 2021).In the 2010s, biometric authentication thrived, for example, using face recognition to unlock a smartphone and fingerprint recognition to unlock a door.Nevertheless, these early versions of biometric authentication are often vulnerable to presentation attacks (Wang et al., 2020c;Kolberg et al., 2021).A presentation attack means that an attacker impersonates a legitimate user to present biometrics to an authentication system.A common scenario is using a 3D mask representing the victim's face to fool the face recognition system.ORCID(s): 0000-0001-7497-9002 (L.Li) Physiological signals are considered as biometrics because they are not readily observable.Such signals include Electroencephalogram, Electrocardiogram, and Photoplethysmogram (PPG) (Wang et al., 2020b;Huang et al., 2021;Hwang et al., 2021c).Specifically, a Pentagon's product uses infrared lasers to detect people's unique heart features to authenticate individuals (Hambling, 2019); a Canadian company Nymi has developed an authentication system using wrist-worn pulse sensors as an alternative to fingerprint recognition (Eberz et al., 2017).Different from traditional biological features, physiological signal-based features are invisible on the human body's skin surface, making it challenging to be collected and analyzed by attackers from remote locations.
Among the physiological signals, PPG is a non-invasive optical method for measuring the volume of light absorbed or reflected by microvascular in biological tissues (Natarajan et al., 2021).Furthermore, PPG has a wide range of research prospects in authentication due to its unique advantages: Simple acquisition-An oximeter or a camera alone can capture PPG signals from a human body.Furthermore, PPG sensors embedded in wearable devices simplify and reduce the cost of PPG signal acquisition.Difficult to steal-Traditional biometrics are subject to many easy attacks.Fingerprints and palmprints can be extracted from touchscreen surfaces left by a user (Vachon, 2020), while facial images can be taken at a distance.In contrast, contact-based PPG signals are not directly exposed to the attacker, making them difficult to spoof.Live detection-The liveliness of the users involved in the system is ensured by the natural liveness detection system because the PPG signal responds to the information of the human heartbeat.Firstly, the PPG signal of the user can be captured using different devices.Then, the raw PPG signal is processed by signal conditioning to obtain a high-quality signal.In the third layer, features are extracted from the processed signal.Finally, each of these features is applied to different tasks according to their properties.
The PPG signals differed between individuals.The signal can be affected by genetic and non-genetic factors, according to many PPG signal studies (Tegegne et al., 2020;Wang et al., 2021;Panahi et al., 2021).Differences in PPG signals are observed between individuals, empowering the upgrade from pre-set passwords to PPG signals for user authentication.PPG signals were first applied in biometrics in 2003 (Gu et al., 2003).Subsequently, the derivatives of the PPG signal were used for biometric authentication (Yao et al., 2007).The approach to individual feature matching has shifted from the initial calculation of the distance between features to deep learning classifiers (Reşit Kavsaoğlu et al., 2014).
We attempt to comprehensively investigate PPG signals in authentication applications.PPG signals used in authentication systems can effectively capture users' cardiac dynamic behaviors Gil et al. (2008), which is not possible for traditional methods like fingerprints, iris, and many alike.We found the articles from Google Scholar, IEEEXplore, ACM Digital Library, ScienceDirect, and DBLP using various search terms -"PPG", "photoplethysmogram", "security", "authentication", "biometrics", and "attack".We assessed the relevance of the articles to our investigation by examining their titles, abstracts, and keywords, ranging from the first PPG-based biometrics in 2003 to recently published articles in 2023.We kept the papers directly related to the intersection of PPG signals and cybersecurity applications.
We prioritized articles with a substantial number of citations, indicating their influence and recognition within the research community.We focused on the articles published in top conferences and journals known for their rigorous review processes and wide readerships, such as the IEEE Symposium on Security and Privacy, the ACM Conference on Computer and Communications Security, Computers & Security, IEEE Transactions on Information Forensics and Security and several others.We paid attention to the paper authored by recognized experts or research groups in the field of cybersecurity.While we aimed to include recent research, we also considered foundational papers published in earlier years.
A survey of heart biometrics was presented in (Rathore et al., 2020) for user authentication with heart signals, but it suffers from a primitive coverage in PPG signals with merely six papers.A review on wearable biometric systems was presented in (Sundararajan et al., 2019) with only a few acquisition methods for PPG signals.This paper aims to present a comprehensive review of the authentication method based on PPG signals.The main contributions are summarized as follows: • We systematically present PPG-based authentication associated with security threats.We propose a novel taxonomy to organize various systems from the technical and application perspectives to provide a comprehensive insight into PPG signals.
• We survey the most recent research on PPG-based authentication from 2003 to 2023 and summarize the view to enable future researchers to apply the PPG signals technologies.
• We discuss the challenges of PPG-based authentication to highlight open issues for immediate attention and suggest possible countermeasures for future research.
The rest of this paper is organized as follows: We propose a four-layered view of PPG-based authentication in Section 2. In Sections 3, 4 and 5, the literature review is presented on PPG-based authentication.We review the usage of PPG signals in other authentication models in Section 6. Section 7 discusses the challenges faced by PPG-based authentication and proposes the corresponding future directions.Section 8 concludes this paper.

A Novel Four-Layered View on PPG-based Authentication
In this section, we present a novel view of PPG-based authentication.Fig. 1 presents our four-layered framework generalized from the literature.The bottom layer is the signal acquisition layer for collecting PPG signals.The second layer denoises the signal with the enhancement of its signalto-noise ratio.The third layer, called the PPG representation layer, extracts the signal's features through feature transformation and selection.The security application layer uses the extracted features for authentication.Our framework was developed through meticulous information aggregation and generalization from diverse literature sources.We aim to capture and categorize the essential facets, factors, and dimensions prevalent in the existing body of knowledge.To provide further clarity, we emphasize that our taxonomy is not merely a subjective framework based on individual expertise.Instead, it is rooted in a systematic literature analysis, ensuring its relevance and coverage of the key elements within the field.By presenting this taxonomy, we contribute a structured and organized approach to the study of PPG signals in the context of cybersecurity, enabling researchers to navigate the complexities of this domain effectively.

Signal Acquisition Layer
The signal acquisition layer includes the actions for capturing the user's PPG signal.It extracts PPG signals from the skin and converts them into electrical signals for transmission to the next layer.This layer consists of four main components -light source, skin, sensor, and storage.The blood flow in the skin is the source of the signal.The light source exposes the signal to the sensor.The sensor converts the received signal into an electrical signal to feed subsequent layers for processing.The mainstream sensors are photodetectors that convert the received light intensity into a voltage signal.A camera is regarded as a sensor for capturing rich information of light.Storage determines the carrier of the signal, including electrical and video signals.
Eventually, all signals are transformed into PPG waveforms and passed to the noise reduction layer.
Depending on the sensor and acquisition types, many methods are available to capture PPG signals.We classify them as contact and remote captures.The contact type captures the signal using photodetectors, and the device remains contacting with the skin.The remote type usually acquires the PPG signal by analyzing the video obtained by the camera, which allows the signal to be acquired at a certain distance.Within these two types, there are also subtle differences in the different acquisition devices.We have compared four most common devices, including oximetry (contact), wearable devices (contact), smartphone cameras (remote), and HD cameras (remote).The oximeter and wearable devices capture reflected or projected light intensity changes primarily through light-sensitive sensors (Fong et al., 2021;Singh et al., 2021).Smartphone cameras and HD cameras capture the change of RGB value among video frames to detect the change of blood flow in human skin tissue (Aziz et al., 2021;Liu et al., 2021).Although the captured PPG signals all respond to a wealth of individual biometric information, the signal morphology acquired by various methods differs because tissues of different body parts emit different PPG signals.
For a comprehensive comparison, we summarized five evaluation dimensions of signal acquisition from the existing literature.
• Security refers to the level of data protection and privacy provided during signal acquisition.It encompasses aspects such as encryption, authentication mechanisms, secure transmission protocols, and protection against unauthorized access.
• Signal Quality focuses on the acquired signals' accuracy, reliability, and fidelity.It involves evaluating factors such as noise levels, signal-to-noise ratio, resolution, dynamic range, frequency response, and any distortions or artifacts introduced during acquisition.
• Cost evaluation involves assessing the financial implications of different signal acquisition methods.It includes considerations such as the initial investment required for equipment, ongoing maintenance costs, licensing fees for software or algorithms, and any additional expenses associated with the acquisition process.
• Range examines the ability of a signal acquisition method to capture signals from a distance.It evaluates the acquisition system's range and effectiveness in scenarios where physical proximity to the signal source may be limited.
• Mobility refers to the portability, flexibility, and ease of use of a signal acquisition system.It considers factors such as device size, weight, power requirements, and the ability to deploy or move the system in various settings.
Fig. 2 compares four acquisition methods in these five dimensions.The pulse oximeter obtains high-quality signals partly because it isolates the interference from external ambient light.However, a pulse oximeter needs to be clipped to a human finger, which interferes with any tasks that require finger involvement during continuous authentication.Due to the limited computational capability, oximeters transmit the captured signals to the endpoint for processing, increasing the risk of compromise.Wearable devices provide a new mode of interaction without affecting individuals' everyday lives, enabling continuous unnoticed authentication.A builtin physiological signal sensor allows wearable devices to capture PPG signals.Unlike the traditional acquisition of PPG signals via photodetector, a phone camera acquires PPG signals by using the flashlight as the light source and shooting the fingertip on the camera (Lovisotto et al., 2020b;Ortiz et al., 2022).The HD camera method analyzes the face video for non-contact physiological measurements (Patil et al., 2018), while the illumination usually comes from ambient light.However, the PPG signals acquired using the camera are often low quality and noisy, especially for people with dark skin tones and quick motion artifacts due to body movement.In addition, the surrounding light conditions can significantly affect the signal quality.With the popularity of smartphones, HD cameras have been built into various devices, so this acquisition method incurs no extra cost.For security reasons, the HD camera approach allows remote

Signal Conditioning Layer
Noise is always present during any biomedical signal acquisition, no matter how well the devices are used (Mishra and Nirala, 2020).Signal conditioning has become an important task for ensuring highly accurate authentication.The signal conditioning layer receives the raw PPG signal as the input and produces a high-quality PPG signal as the output.Reducing or even eliminating noises in the signal is a primary concern when the types of noise need to be identified.The PPG signal contains rich heart-related information.Human bodies are usually assessed through statistical indicators (e.g., heartbeat interval, systolic peak) or physiological values (e.g., heartbeat rate, heart rate variability).Hence, it is challenging to pinpoint the noise.
There are four primary types of noises: low-frequency noise, high-frequency noise, cardiac arrhythmia noise, and low-amplitude PPG signals.High-frequency and low-frequency noises are more commonly present in PPG signals than the other two.Specifically, motion artifacts (MA) are the most common low-frequency noise commonly found in wearable devices.Both tissue deformation and sensor displacement may cause the appearance of motion artifacts (Nabavi and Bhadra, 2020).Another type of low-frequency noise is baseline wander noise.Under normal circumstances, the centerline of the pulse wave signal is relatively smooth, indicating that the signal's non-pulsatile component is stable.However, the acquired signal has a constantly changing amplitude value of the overall waveform due to baseline wander caused by multiple factors, such as temperature variations, the bias of the instrumentation amplifier, and breathing motion (Mishra and Nirala, 2020).High-frequency noise is normally caused by power line interference, which refers to the ambient electromagnetic signal of the instrument amplifier and the power supply obstruction of the PPG recording probe.We can filter all the high-frequency and low-frequency signals directly by using the low-pass/highpass filter at the cost of a significant loss of the original signal.Advanced filters like adaptive filter (Arunkumar and Bhaskar, 2020) help retain the maximum information of the original signal.

PPG Representation Layer
The representation layer receives the cleansed signal as the input before yielding feature vectors that apply to authentication systems.Its primary objective is to extract features from the signal that are resilient to time and environmental changes while preserving the uniqueness of individual features.The PPG representation layer comprises feature transformation and feature selection.Fiducial points or statistical information can be directly extracted from the signal as feature vectors, like systolic peak, diastolic peak, and heart rate variability.The dicrotic notch is related to blood pressure (Mousavi et al., 2019), and the systolic peak is associated with cardiovascular aging (Chiarelli et al., 2019).Although these features can be acquired quickly from the raw signal, they are susceptible to changes in the surrounding environment and the physical state of the subject.
Feature transformation and feature selection are suitable for different tasks.Feature transformation converts the current feature space to a different space to acquire robust features for authentication, like from time-domain to frequencydomain.Feature selection helps remove redundant or irrelevant information.While removing the interference of useless information, feature selection also reduces features' dimensionality and computational cost.

Security Application Layer
The security application layer implements the authentication applications using features extracted from the PPG representation layer.PPG signals represent an individual's unique hemodynamic and cardiovascular system.Hence, PPG signals identify their owners during authentication.
The user authentication process comprises the enrollment phase and the authentication phase.During the enrollment phase, the biometric system learns the feature vectors extracted from the individual.The enrollment phase can be regarded as the training phase from the machine learning perspective.The learned templates are stored on a local device or in the cloud as individual identifiers.The authentication phase is further divided into two scenarios -verification and identification.Verification determines whether the user is consistent with the declared identity.Identification attempts to find the best matching enrollment template in the system that corresponds to the user.A biometric system can be regarded as a matching or classification problem.
At present, several methods distinguish the PPG signals of different individuals.A straightforward method uses the similarity between features to distinguish the PPG signals between individuals.A predefined threshold value determines the degree of similarity.If the similarity between features exceeds a preset threshold, the signals are considered to belong to the same individual.Distance and correlation are common approaches to measure similarity (Salanke et al., 2013;Akhter et al., 2015;Yao et al., 2007).
User authentication is typically translated into a classification problem in machine learning as the paradigm where user profiles are associated with different classes.Features manually extracted through traditional machine learning do not guarantee an adequate representation of the uniqueness of individual PPG signals.On the contrary, deep learning approaches are usually end-to-end solutions.Deep learning methods feed the training data and corresponding labels into the model before learning useful features and inferring the testing set results.Deep learning methods are often preferred over manual feature extraction when we lack profound domain knowledge to understand the feature domain.

Acquisition and Conditioning
PPG signals consist of pulse signals as repetitive waveforms and motion artifacts as bursty signals.Statistical differences (e.g., kurtosis, skewness, and standard deviation) can be applied to PPG signals for motion artifact detection (Zhao et al., 2018).According to the recoverability of cardiac signals, motion artifact is divided into two categories -distal and proximal wrist (Zhao et al., 2020).Distal wrist activity is a primary arm movement without involving the tendons and muscles of the wrist region.On the other hand, proximal wrist activities are horizontal and wrist-level movements that directly affect blood volume changes in the wrist region.Hence, proximal wrist activities may significantly impact PPG measurements from wearable devices.
Though distal wrist activity has a minor and recoverable effect on PPG signals, proximal wrist activity can have a long-lasting, intense, and non-recoverable effect on PPG measurements.Continuous near-wrist activity and accidental disease may cause sharp changes in heart conditions and affect the system's performance, resulting in a temporary reversion to a conventional authentication method like passwords.When motion artifact is scattered or present in only a few contiguous segments, it is associated with distal wrist activity so that we can reconstruct the associated pulse waveform.When motion artifact is detected in consecutive PPG signals, the motion artifact occurrence is attributed to proximal wrist activity.Therefore, motion artifact removal helps eliminate the affected PPG segments.
Mobile phone cameras have become an easy choice to acquire PPG signals because mobile devices are widely popular (Lovisotto et al., 2020b;Ortiz et al., 2022).However, poor light conditions and frequent vibrations often affect the quality of PPG signals collected by mobile phone cameras.Reliable cardiac motion patterns could only be obtained with the proper camera configuration and sufficient light entering the camera.Excessive (too low or too high) flashlight illumination reduces pixel sensitivity when capturing cardiac motion patterns from the camera.Thus, the camera configuration (i.e., flash intensity, ISO settings) needs adjustment to offset the variation of ambient light (Liu et al., 2019).Dynamically selecting the pixels in the video captured by the camera, such as only a subset of the most sensitive pixels to heart motion or removing invalid pixel points, can improve the signal-to-noise ratio of heart measurements.
Since PPG sensors consist of LED and photodetector with specific spectral sensitivity and emission wavelengths, subtle differences in such devices are common.These signals collected from different devices can be considered data from different domains.This problem can be handled by applying cross-domain adaptation methods (Lee et al., 2020), like DRANet (Lee et al., 2021) and PCS (Yue et al., 2021).They are usually applied to vision-related tasks.It is possible to eliminate the non-pulsatile component of the signal by adding an amplifier bias adjustment circuit, obtaining a high signal-to-noise ratio pulsatile component from the original PPG signal (Wan et al., 2007).Improvements from a hardware perspective result in better signal quality and make identification data processing easier.
Additional factors affecting PPG signal quality are human body posture and emotions.If data were obtained while the participant was sitting steadily, the effects of physical exercises on PPG signals were often ignored.Significant differences in the PPG signals were observed among participants in the exercise state (Salanke et al., 2013).Besides exercises, the PPG signal reflects the influence of the autonomic nervous system on cardiac activity, which can easily be altered by changes in heart rate caused by mood fluctuations.Using a Gaussian function to represent the PPG signal features approximately has excellent robustness for emotions (Sarkar et al., 2016).The classification of emotions in the datasets is based on participants' subjective perceptions.
As an authentication feature, feasibility is critical in long-term situations.The correlation coefficients of the PPG waveforms recorded during the month compared in (Patil et al., 2018) remain constant.Because of the frequent acquisition during continuous authentication, the effect of time on the signal is not considered in (Bonissi et al., 2013).Empirically, the performance of the authentication model in the cross-session case declines over time (Sancho et al., 2017;Hwang et al., 2021c,a,b).Feature selection helps identify features resilient to time (Yadav et al., 2018).Model fusion and generative adversarial networks improve the stability of the model over time (Hwang et al., 2021a,b;Liu et al., 2023;Hwang et al., 2022).

Representation Construction
Features representing PPG signals can be constructed in several different ways.Individual template vectors are built by extracting the number of peaks, time intervals, up slopes, and down slopes as features from a single-cycle PPG signal (Gu et al., 2003).In addition to these features, morphological features like the waveform area and the waveform angle were introduced in (Lee and Kim, 2015).The features are obtained directly from the original waveform, implying potential interference of external factors like baseline wander and motion artifact.This method of approximating the signal ignores the information of higher-order derivatives contained in the pulse.Because the information contained in the PPG signals cannot be fully utilized to improve recognition accuracy and reliability, Yao et al. (Yao et al., 2007) proposed to consider both first-and second-order derivatives of the PPG signals.The features obtained through higherorder derivatives are discriminative and sensitive to noise in the recognition task.In contrast, features from lower-order derivatives are more robust and less sensitive than those from their higher-order counterparts.
The feature transformation can obtain robust individual template vectors.Frequency-domain signals are generally more robust to time variations than time-domain signals.
The Fourier transform converts the signal from the time domain to the frequency domain (Hwang et al., 2021b).However, the Fourier transform has an inherent flaw when dealing with non-smooth signals.It only obtains information about which frequency components a segment of the signal contains instead of the exact moments when each component appears.Thus, two signals with different time domains may have the same spectrogram.In this case, the short-time Fourier transform can decompose the entire time domain of the signal into an infinite number of small processes of equal length (Donida Labati et al., 2021).By setting the window length, we can obtain the frequency at a particular point in time.Nevertheless, it cannot meet the demand of the changing frequency of non-stationary signals, such as PPG signals.The components of various signals in nature at different frequencies have different time-varying characteristics.Generally, the spectral features of the lower frequency components change more slowly over time, while the higher frequency features change more rapidly.To obtain suitable frequency resolution and time resolution in different timefrequency regions, Patil et al. (Patil et al., 2018) used the Wavelet transform to decompose the signal across different time and frequency bands.Mel-Frequency Cepstral Coefficients work on specific frequency components according to the nonlinear Mel scale (Siam et al., 2021).
To construct individual template vectors, feature selection improves the discriminability and robustness of the features.Principal component analysis was used in (Lovisotto et al., 2020b) to remove correlations between variables in a biometric system, retaining key features that effectively distinguish PPG signals from different individuals.However, principal component analysis can only perform linear transformations on the data, resulting in weak outcomes for linearly inseparable data.Hence, kernel principal component analysis is used in (Zhang et al., 2018) to map data that cannot be linearly classified in the low-dimensional space to the high-dimensional space for principal component analysis.In addition, various algorithms are used for feature selection in biometric systems, including linear discriminant analysis (Yadav et al., 2018) and genetic algorithm (Karimian et al., 2017).
For instance, the waveform in a heartbeat cycle can be approximated by simple functions.We can use some morphological modeling approaches to describe the PPG signals for biometrics quantitatively (Cheng et al., 2019).Data need to be pre-processed before being manually extracted for features.Conversely, deep learning automates the feature selection process that helps develop a fully data-driven endto-end biometric system with PPG signals (Luque et al., 2018;Everson et al., 2018).

PPG-based Authentication Model
It is challenging to optimize, develop, or transform the training data structure to improve classification performance.Among the similarity-based methods for identifying individual templates, the most common measure uses the Euclidean distance (Akhter et al., 2015;Gu et al., 2003).Euclidean distance represents the straight line distance between two feature points in a Euclidean space.However, the Euclidean distance is susceptible to different feature scales in the vector.The Mahalanobis distance eliminates some limitations of the Euclidean metric, such as automatically considering the scaling of the axes, correcting for correlations between different features, and providing curved and linear decision boundaries (Salanke et al., 2013).The Mahalanobis distance calculates the covariance distance between two data points.Pearson correlation is widely used to measure the degree of linear correlation between two variables (Yao et al., 2007).Among the above methods, a few outlier data in the training set can significantly affect the classification results because any similarity-based approach only needs to store a small number of training samples.
Convolutional neural networks (CNNs) are popular for their wide range of applications in computer vision-related tasks.Recently, PPG-based user authentication has applied a CNN model (Luque et al., 2018).A typical CNN architecture consists of a convolutional layer, a pooling layer, and a fully connected layer.The target's low-level (points in the signal) and high-level features (overall trend of the signal) can be extracted by stacking the convolutional layers.Pooling layers are sampled to reduce the feature space while retaining the important features.The primary role of the fully connected layer is to classify the signal based on the features previously extracted from the convolutional and pooling layers.In a CNN, the signal from each neural network layer propagates up one layer, and the samples are processed independently each time.
However, the PPG signals are time-series data, and the information on the time dimension is valuable.LSTM adds a gate mechanism and a memory unit to Recurrent Neural Network (RNN) to capture the long-term dependence of the input sequence by recording information from different periods.Therefore, the LSTM component captures long-time contextual information (Everson et al., 2018;Hwang and Hatzinakos, 2019;Biswas et al., 2019;Hwang et al., 2021c;Ye et al., 2021).It also solves the gradient disappearance and gradient explosion problems in RNN.Many solutions like the transformer model (Vaswani et al., 2017) learn from sequence data.The current research on deep learning models in PPG-based authentication is limited and requires further exploration.
Biometric systems based on a single PPG signal are vulnerable since the acquisition equipment, and recording environment has a significant impact on the performance of the system.A PPG signal collected with a precise sensor in a controlled environment is reliable.However, if the PPG signal is unstable, an additional biometric signal can improve the result (Spachos et al., 2011).ECG can be recorded simultaneously with PPG and provide a multifact biometric system.The sensor can acquire the ECG and PPG signals simultaneously, thus synchronizing the ECG and PPG values.The systolic peak of PPG and the R-peak of ECG can be used to obtain the Pulse Transit Time and Pulse Arrival Time to match the user template, detecting any spoofing signal (Karimian et al., 2020).To bypass the anti-spoofing system, attackers need to measure the victim's ECG and PPG at the same time.Even if the attacker is able to generate the victim's ECG and PPG, matching them from the same time domain would be challenging.ECG signals require the user to use additional measurement equipment, increasing the system's complexity.Ultra-wideband radar can measure the user's breathing pattern and synchronize with PPG signals so that it can be used to detect unknown presentation attacks (Forouzanfar et al., 2021).Moreover, fusion-ID authenticates users by fusing PPG signals with information from motion sensors (Kumar et al., 2022).
Table 1 summarizes the concept of the user authenticationrelated articles we reviewed.Most studies use a single heartbeat cycle of the PPG signal as a unique identifier, as it is easier to extract individually relevant information.Permanence pertains to the ability of an authentication system to accurately identify and authenticate individuals over time, despite variations that may occur due to the passage of time or changes in an individual's mood.It implies that the system can effectively recognize and verify an individual's identity consistently, regardless of time gaps between authentication attempts or fluctuations in their Table 1 Outline of reviewed papers attributes on user authentication."✓": Will work." ": High level." ": Medium level." ": Low level.Permanence: The robustness of the authentication to temporal changes, including long time intervals and mood changes.Time gaps within one day are evaluated as low level, while gaps ranging from one to seven days or mood changes are considered medium level.Gaps exceeding seven days are classified as high level.Privacy: The potential exposure level of biometric signals.
For data acquisition methods, video analytics-based data collection is low level, photoelectric sensor-based methods are medium level, and integrating photoelectric sensors with authentication systems in the same device is high level.Cancelability: Whether the authentication template can be revoked/replaced.The papers that incorporated cancellable techniques have been marked.Wearability: The papers that have been marked signify the utilization of wearable devices.Transparency: If the user can perceive the authentication process.They often require wearable devices or video-based analytics.Accessibility: Whether it is suitable for all populations, especially for people with physical disabilities.S: Single pulse.C: Continuous waveform."-": Not considered emotional state.In Permanence, the evaluation of time gaps within one day is considered low level, and between one and seven days are considered medium level, longer than seven days are considered high level.Privacy concerns arise in PPG-based user authentication methods due to collecting and storing sensitive biometric data, specifically pulse or blood flow patterns.Privacy concerns also involve evaluating the potential risks of unauthorized access or data breaches associated with the methods.For example, video analytic-based data collection methods pose a higher risk of data leakage than traditional photoelectric sensor-based data collection methods.
We also found that there is no standard to evaluate PPG-based authentication.Table .1 summarizes five evaluation metrics (Cancelability, Wearability, Continuity, Transparency, and Accessibility).To improve the practicality of PPG-based user authentication, further research is needed in these five aspects.
Cancelability: Biometric systems usually require biometrics to be permanent.However, once the biometric template is exposed, the threat to the identification system is permanent.Cancelability means that the template can be replaced in biometric template exposure.The raw biometric data undergo a non-invertible transformation creating a new biometric template.This transformation could be unique for each application, providing protection across systems.If a system is compromised and the biometric templates are stolen, these templates cannot be used, and a new transformation can be applied to generate new templates, essentially canceling the old ones.The most straightforward revocable authentication is to encrypt the biometrics in the device.In PPG-based user authentication, feature transformations are used to map features into different vector spaces to cancel templates.Cancelability can be quantified by two main aspects -revocability and unlinkability Bedari et al. (2021).Revocability ensures that the newly generated one will not reduce the authentication performance when a biometric template is compromised.Unlinkability refers to the inability to establish a link between the original biometric features and the newly generated ones.If such a link is identifiable, it might be possible to recreate the original biometric data from the new features, defeating the revocation purpose.As listed in Table 1, the papers that incorporated cancellable techniques have been marked.We can find that most of the papers ignore the assessment of cancelability.
Wearability: Wearability refers to the suitability and practicality of incorporating biometric sensors or devices into wearable technology or accessories.This concept emphasizes the ability of these devices to comfortably and unobtrusively collect and analyze biometric data from individuals in their everyday activities.The goal is to provide seamless and continuous biometric authentication or monitoring while ensuring user comfort, convenience.With the miniaturization of physiological signal sensors, most wearable devices have these sensors built-in for healthcare.For wearable authentication, PPG signals are primarily collected by wristband devices.These wristband devices are easily accessible and usually inexpensive.In Table 1, the papers that have been marked signify the utilization of wearable devices (e.g., smartwatches and wristbands) for signal acquisition.
Continuity: Authentication is usually performed only on the first access in most authentication scenarios.The user identity is maintained by the credentials obtained through authentication.It may lead to security risks for subsequent operations.For example, if a legitimate user leaves the device unattended, a malicious user accessing the device will potentially access other services.Continuous authentication enables continuous verification of the user's identity for the entire duration of the session.While traditional continuous authentication methods typically rely on transient events, PPG signals are continuous waveforms that can easily provide non-intrusive continuous authentication.We have marked the papers that reported the continuous authentication performance of their methods in Table 1.
Transparency: Transparent authentication refers to an authentication process that is seamless, unobtrusive, and user-friendly.It aims to provide a frictionless user experience by minimizing user intervention or explicit authentication actions.In transparent authentication, the user's identity is verified in the background or implicitly through various methods or factors without requiring explicit input.Wearable device-based PPG user authentication offers the possibility of transparent user authentication.It reduces the probability of a spoofing attack since the user does not know when the authentication occurred.In Table 1, the Transparency column excludes methods that necessitate active user participation.
Accessibility: It refers to the authentication methods and practices designed to accommodate individuals with disabilities or impairments.It aims to ensure that individuals with diverse abilities can access and utilize digital systems securely and conveniently.In the context of accessibility authentication, traditional authentication methods may present barriers for individuals with disabilities.For example, individuals with visual impairments may encounter difficulties in entering complex passwords or reading visual authentication cues, while those with motor impairments may struggle with physical interactions like typing or using traditional input devices.PPG signals can be collected in multiple body parts like ears, forehead, fingers, and toes, implying high accessibility.From Table 1, it can be observed that all methods listed are considered accessible, except for those that necessitate gestural involvement.

Miscellaneous Authentication Models with PPG Signals
Though face recognition is the most widely used biometric feature, current face recognition systems are vulnerable to spoofing attacks.Face recognition systems may fail in front of highly realistic 3D masks because they capture local facial details to distinguish real faces from fake ones.Because PPG signals are present only in natural living tissue and absent in surface materials of any mask or printed material, facial liveness can be detected by finding PPG signals in facial videos (Chen et al., 2017).Remote photoplethysmogram (rPPG) signals are present in an organic face, resulting in the color value of facial areas in the video varying with the heart pulse.Hence, the peak amplitude of the rPPG spectrum could reflect the heartbeat intensity.The observed amplitude is susceptible to environmental noises due to illumination and camera settings.Moreover, the noise may dominate the observed signal.Cross-correlation operations of local rPPG signals at different face regions to amplify the shared heartbeat frequency can suppress the interference of nonperiodic noise (Liu et al., 2018).
DeepFake (Li et al., 2020) uses a generative adversarial network to forge a face to replace the original face in the video clip.DeepFake poses a real threat to the accuracy of the multimedia information available, especially since falsifying a politician's speech may lead to harmful results.Live detection for face recognition mainly relies on detecting heart rate, while heart rate may be present in a DeepFake video clip with a slightly different pattern of PPG signals.Videos generated by DeepFake can be identified by how consistent the regular heart rate in the facial area is (Qi et al., 2020).
Handwritten signature authentication prevents fraud in financial, judicial, and administrative settings.Traditional handwritten signature authentication requires historical samples because it only compares static handwriting with the user's previous handwriting to determine the signature's authenticity.Several methods have been used to automatically generate models for spoofing handwritten signature images (Rahman et al., 2022;Li et al., 2021).PPGSign (Hafemann et al., 2019) uses the PPG signal collected from a wristworn wearable device to verify a user's handwritten signature.Unlike traditional PPG-based authentication, PPGSign studies the dynamic component of the PPG signals caused by hand movements.Moreover, gestures can be used to assist in authentication by changing the signal shape Zhou et al. (2023).

Research Gaps and Future Work
Many studies propose to use PPG signals for authentication because PPG signals have unparalleled advantages over traditional biometric features.However, research on PPG-based authentication is in its infancy, especially when interacting with artificial intelligent models.To help future research, we discuss the current challenges and future research directions.

Challenges in User Authentication
The first challenge for PPG-based user authentication is signal quality.As PPG is a physiological signal, PPG signals' quality is subject to persistent changes under various factors.The variation may exaggerate potential vulnerabilities of the authentication application.The signal quality may be affected in the following two aspects: The influence of intrinsic factors: PPG changes over time, implying the necessity to consider single or multiple authentication sessions.Most existing studies investigate the single session when continuous signals are measured simultaneously.However, in practical applications, many scenarios are cross-session when the enrollment and authentication phases occur across different sessions (Hwang and Hatzinakos, 2019;Lovisotto et al., 2020b;Sancho et al., 2017).
The performance of cross-sessions in authentication results is worse than that of single session (Hwang et al., 2021c,b).It indicates that the current approach is not robust to the change of PPG signals as time varies.Furthermore, human emotional changes significantly impact the PPG signals.The influence of emotions in certain situations can help resist unauthorized certifications like enforcing a convict to authenticate.When the user is anxious to authenticate, the influence of emotions is counter-productive.In studies of the effect of emotion on PPG signals, watching a video or playing a game is investigated to stimulate participants' emotions.However, watching videos and playing games introduce many uncontrollable parameters, resulting in unreproducible results and conclusions.We cannot objectively determine their true emotions through the participants' descriptions, so significant misinformation may be present in the collected data.
The influence of external factors: External factors that affect PPG signals include light conditions, physical movement, skin temperature, and skin tones.PPG signals are collected by following the optical principle, implying that the external lighting conditions affect the signal quality.Wearable devices are a popular choice for capturing PPG signals, but the collected PPG signals are often affected by motion artifact noises caused by the physical movement of the wearer.Moreover, skin temperature and skin tone affect the quality of the PPG signal.
The second challenge is the availability of high-quality dataset.Table 2 compares the publicly available datasets, focusing on the common features.These metrics were chosen according to their widespread use in the literature, their relevance to our research objectives, and their ability to provide a holistic understanding of the dataset characteristics.The information presented in the table is derived solely from the dataset descriptions.The most extensive dataset with different states has merely 170 participants' signals.It is challenging to collect an extensive data set in different states (movement status and emotions) as a physiological signal.Moreover, the interval between their measurements was only 18 days.Most existing datasets consider PPG signals collected in the resting state.The controlled environment in the experiment is different from our daily life, indicating that the signal noise in the data is significantly less than that in the real-world application.
The third challenge is the overhead of the device, especially in continuous authentication.Continuous authentication requires sensors to continuously monitor the user's physiological signals, implying the need for additional computational resources and energy overhead.These overheads are significant issues for resource-limited wearable devices and smartphones.
Moreover, data leakage is another challenge.Though PPG signals are not easily leaked, the leaked PPG signals will threaten the security of the authentication system once the leak occurs.Furthermore, the development of radar and remote PPG to collect heart rate information makes it impossible to ignore the potentially severe consequences of data leakage.Current research about cancelability focuses on the cancelable template.When a user template is compromised, it is replaced by redeploying a new one.However, it does not consider when the raw signal is leaked.In addition, the wearability and transparency of authentication require the support of wearable devices.All the authentication system components will be exposed to the adversary for stolen wearable devices.
Most existing work investigates medical-grade devices.With the popularity of wearable devices and the development of video technology, we believe that PPG signalbased security technology will be further developed in the future.Other physiological signals also receive increasing

Attack Threats
Although it is challenging to steal unobservable PPG signals, PPG-based authentication faces potential threats.Two main types of attack threats are stealing user templates through leaked signals and attacks against user authentication AI models.Stealing user templates: With the development of biomedicine, many studies show that contactless methods can be used to detect heartbeat signals (Dasari et al., 2021).HD cameras-collected rPPG signal is a severe threat to the PPG-based security system because of its easy-to-acquire and long-distance-use characteristics.The rPPG signal can acquire 70% of the IPI information obtained by the contact sensor (Calleja et al., 2015).When using rPPG to estimate IPI, darker skin has a higher average bit error rate, and it is more challenging to detect IPI accurately.This is due to the higher melanin content in darker skin than in lighter skin, reducing the diffuse reflection containing pulsation information, thus reducing signal quality.The head rotation also affects the accuracy of rPPG because it changes the light reflected from the skin.In addition, compression of the video causes signal artifacts that can lead to false detection of heartbeats, but it does not significantly affect the detection of IPI.Although rPPG has been successfully applied to detect 3D mask presentation attacks and DeepFake videos, it is susceptible to environmental noise due to the particularly weak signal.rPPG is often used to obtain simple time-and frequency-domain features such as HRV and IPI to attack the corresponding security systems.The camera is susceptible to the user's background environment as the victim's environment changes in real-world scenarios.
Another non-contact method of detecting heartbeat signals is based on ultra-wideband radar.It measures the heartbeat by the variation in the amplitude and the arrival time of the reflected pulses.PPG is an optical signal that cannot be detected directly by radar.This setup allows radar-based methods to detect only heart rate information such as HRV and IPI of the heartbeat.Therefore, it is used in the same way as the HD camera approach, mainly for attacking systems based on simple features such as HRV and IPI.It does not mean that the HD camera-and radar-based approach is not a threat.There is already research to obtain highquality rPPG signals using generative models (Lu et al., 2021).Furthermore, radar information for reconstructing the ground truth PPG signal is also a possible threat.(Yamamoto et al., 2020) hypothesized the potential to reconstruct the ECG signal using the information collected by the doppler sensor.However, there is no research evidence using the doppler sensor to reconstruct PPG signals.
Once the PPG signal is compromised, it can be simulated using dynamic models.Gaussian functions can be applied to construct the mapping function that converts the attacker's PPG signals into dynamic model parameters similar to those of the victim to deceive the biometric system.We refer to this attack method as a gray-box evasion attack.The graybox evasion attack only attracts limited attention due to its strong assumption of obtaining the victim's PPG signal in advance.Attacking user authentication AI models: Currently, there are many attack methods against machine learning that have tremendous potential (Chen et al., 2021a;Lovisotto et al., 2020a).For instance, (Chen et al., 2021a) spoofs speaker recognition systems by generating adversarial examples.Adversarial examples refer to the addition of imperceptible perturbations to the original input to mislead the model and produce incorrect outputs.To the best of our knowledge, there are no defenses against PPG-based authentication adversarial examples.Traditional adversarial defenses are usually divided into two categories, detecting adversarial examples and improving the robustness of the classifier to adversarial examples (e.g., adversarial retraining and distillation).However, even with the state-of-the-art defense approach, there are still effective attacks (Rosenberg et al., 2021).Poisoning attacks on the model were performed in (Lovisotto et al., 2020a) through the update process of unsupervised templates.Since biometric systems usually adopt a self-renewal strategy, they are prone to poisoning attacks.Another attack that targets user authentication AI models is the backdoor attack.Inserting backdoors into the model makes the model trigger different results when faced with a specific symbol (Wang et al., 2019).Unlike poisoning attacks, backdoor attacks can be hidden until the input activates them.Although the backdoor attacks can be mitigated by pruning neurons (Shokri et al., 2020), the mitigation is limited, and further exploration of possible measures remains future work.Each of these approaches is a potential threat to machine learning-based biometric systems.

Conclusion
Traditional biometric authentication is susceptible to the threat of presentation attacks.Physiological signal-based authentication has recently received much attention, especially PPG signals.PPG-based authentication becomes popular because of its non-intrusiveness, capability of continuous monitoring, spoof defection, and wide availability.This paper surveys PPG-based authentication in three aspects -signal extraction, signal conditioning, and feature conversion and selection.The existing research review identifies the challenges, and future directions are proposed to match the various limitations.In addition, the attack threats against PPGbased authentication are summarized.Thus, this survey can help researchers understand PPG signal-based applications' current development in security and future research trends.Most studies in this review were conducted within the last few years, indicating a fast-growing interest in applying PPG signals among researchers in the security community.This paper shows the broad potential of using PPG signals for authentication.

Figure 1 :
Figure1: Four-layered PPG-based authentication framework.Firstly, the PPG signal of the user can be captured using different devices.Then, the raw PPG signal is processed by signal conditioning to obtain a high-quality signal.In the third layer, features are extracted from the processed signal.Finally, each of these features is applied to different tasks according to their properties.
Characteristics of different acquisition methods.We compared the four most representative devices using the two acquisition methods on five dimensions.Regarding security, smartphones, and wearable devices performed the best.Regarding signal quality, the oximeter scored the highest.Phone cameras cost the least.HD cameras can capture PPG signals at a distance.Phone cameras and wearable devices have excellent mobility.

Table 2
Comparison of publicly available PPG datasets in different dimensions.Subjects: Number of participants in the dataset.Location: Which body part the signal was collected.F: Face.FT: Fingertip.W: Wrist.E: Ear.FH: Forehead." ": Cross-session." ": Single-session.Patient: The participant is under medical supervision.Relax: Participants remain as stationary as possible during signal acquisition.Exercise: Including Running, Cycling, Walking, and Climbing.Emotion: Use games or videos to stimulate participants' emotions."-": The health status of the participants was not considered."": There were health problems among the participants."✓": All participants are healthy.