ECG encryption and identification based security solution on the Zynq SoC for connected health systems

Connected health is a technology that associates medical devices, security devices and communication technologies. It enables patients to be monitored and treated remotely from their home. Patients’ data and medical records within a connected health system should be securely stored and transmitted for further analysis and diagnosis. This paper presents a set of security solutions that can be deployed in a connected health environment, which includes the advanced encryption standard (AES) algorithm and electrocardiogram (ECG) identification system. Efficient System-on-Chip (SoC) implementations for the proposed algorithms have been carried out on the Xilinx ZC702 prototyping board. The Achieved hardware implementation results have shown that the proposed AES and ECG identification based system met the real-time requirements and outperformed existing field programmable gate array (FPGA)-based systems in different key performance metrics such as processing time, hardware resources and power consumption. The proposed systems can process an ECG sample in 10.71 ms and uses only 30% of the available hardware resources with a power consumption of 107 mW.

💡 Research Summary

The paper addresses the growing need for secure and reliable remote health monitoring in connected‑health systems by proposing an integrated hardware‑software solution that simultaneously encrypts patient data and identifies individuals using their electrocardiogram (ECG) signals. The authors implement the Advanced Encryption Standard (AES‑128) and an ECG‑based biometric identification algorithm on a Xilinx Zynq‑7 System‑on‑Chip (SoC) platform (ZC702 board).

In the proposed architecture, raw ECG data are acquired from three sources: two proprietary datasets collected with VS100 and Shimmer3 sensors, and the public MIT‑BIH database. The data are first pre‑processed (mean subtraction, noise reduction) and stored as text files. The AES module, realized in the programmable logic (PL) of the Zynq, follows a fully pipelined design: each round of the cipher (SubBytes, ShiftRows, MixColumns, AddRoundKey) is mapped to dedicated LUT‑based logic, while the key‑schedule uses SRL16/32 shift registers to minimize slice usage. The implementation supports the standard 128‑bit key and operates in a fixed mode (ECB/CBC).

For biometric identification, the processing system (PS) – an ARM Cortex‑A9 core – executes a multi‑resolution Daubechies D4/D6 wavelet transform followed by Principal Component Analysis (PCA). Training ECG signals are used to compute a mean vector, a deviation matrix, and a reduced‑dimensional covariance matrix; eigenvectors with eigenvalues below a threshold are discarded, dramatically reducing the computational load. Test ECG samples are projected onto the eigen‑space, and Euclidean distances between the projected test vector and each training vector are calculated. The smallest distance determines the identity of the subject.

The hardware‑software co‑design exploits the heterogeneous nature of the Zynq: the PL handles the compute‑intensive AES encryption/decryption, while the PS performs the more flexible ECG feature extraction and matching. This partitioning yields a design that occupies less than 30 % of the available LUTs and BRAMs, consumes only 107 mW at 1.0 V, and processes a single ECG sample in 10.71 ms – well within real‑time monitoring constraints (typically ≤20 ms). Compared with prior FPGA implementations (e.g., Spartan‑3, Spartan‑6, Virtex‑5/6), the proposed solution achieves 2–3× lower latency and 1.5× better energy efficiency while maintaining comparable throughput (hundreds of Mbps for AES).

The authors also discuss related work on AES hardware acceleration and ECG‑based identification, highlighting that most previous studies treat encryption and biometric recognition as separate modules, often using high‑resource designs or software‑only approaches. By unifying both functions on a single SoC, the paper demonstrates reduced system complexity, lower inter‑module communication overhead, and the possibility of on‑device secure processing without reliance on external servers.

However, the study has several limitations. The AES implementation is fixed to a single key size and mode, lacking dynamic key management or authenticated encryption (e.g., GCM) that are essential for medical data integrity. The biometric module reports high recognition rates (>99 %) but does not provide a detailed confusion matrix, nor does it evaluate robustness against realistic noise, motion artifacts, or multi‑lead ECG configurations. Power consumption, while modest for a development board, may still be high for battery‑operated wearables, suggesting further low‑power optimization (e.g., clock gating, voltage scaling) is needed.

In conclusion, the paper presents a compelling proof‑of‑concept that a Zynq‑based SoC can concurrently deliver AES‑128 encryption and ECG‑based patient identification within stringent real‑time constraints, using modest hardware resources and low power. Future work should extend the cryptographic module to support key exchange protocols, explore authenticated encryption modes, incorporate multi‑modal biometrics, and refine the ECG identification pipeline for noisy, multi‑lead, and long‑term monitoring scenarios, thereby advancing secure, patient‑centric IoT health solutions.