A High-Throughput Random Binary Sequence Generator Based on ECG

A Wireless Body Area Network (WBAN) is a network that expands over the human body, which consists of multiple nodes that are connected through wireless channels. It offers many applications in the area of remote health care. Maintaining the security of health information in WBAN is an essential requirement. One aspect of ensuring WBAN security is the generation of random binary sequences (RBSs), e.g., encryption keys generation. Due to the very limited resources of WBAN sensors, traditional pseudorandom number generators cannot be used. To reduce resource consumption, some researchers suggested using biometrics in generating RBSs, specifically the electrocardiogram (ECG) signal. However, their methods suffer from low throughput, so they are not suitable for real-time healthcare applications. In this paper, we present a new random sequence generator based on the ECG signal. Our contribution is to build a random sequence generator that generates different length RBSs and has throughput tens or hundreds of times higher than previous methods. Our generator reduces resource consumption due to its very simple processing operations. To evaluate the proposed generator, RBSs of different lengths (128, 256, 512, 1024, 2048 bits) were generated from two ECG datasets, the first is for healthy people, and the second is for people who suffer from arrhythmia. The randomness and distinctiveness of the generated RBSs are measured using the National Institute of Standards and Technology (NIST) statistical tests and the Hamming distance. Thus, we have proved that the resulting RBSs are appropriate for information security applications.


I. INTRODUCTION
Wireless Body Area Network (WBAN) is a network that provides a mechanism for collecting patient health data using sensors [1][2][3]. It consists of various sensors that can be placed on, around, or in the human body to monitor various biometrics such as body temperature, blood pressure, pulse oximetry, electrocardiogram (ECG), etc. [3][4][5]. WBANs can be applied in multiple medical applications. For example, in healthcare systems, the data collected by WBAN's sensors are used to alert medical personnel when a life-threatening event occurs [4], [6]. Securing the communication between WBAN sensors is essential for preserving the privacy of health data and for ensuring the safety of healthcare delivery [1][2][3][4][5][6][7][8]. The tampered biometric data could cause serious medical accidents and even threaten the patient's life [8]. In cryptographic applications, the need for random numbers arises, e.g., common cryptosystems employ keys that must be randomly generated. Many cryptographic protocols require random input at various points [9], e.g., in [10] we developed a secret key exchange scheme for WBAN that uses random numbers to hide secret exchanged values. There are two basic types of generators that are used to generate random sequences: random number generators (RNG) and pseudorandom number generators (PRNG). RNG uses an entropy source, along with processing functions, to produce randomness. Those functions are needed to overcome any weakness in the entropy source. The entropy source typically consists of some physical quantity. Using RNGs, the production of high-quality random numbers may be too time consuming. To produce a large number of random numbers, PRNG may be preferable [9]. PRNG uses one or more inputs called seeds. These seeds themselves must be random and unpredictable. Hence, they should be obtained from the output of an RNG [9]. In general, wireless sensor networks (WSNs) use PRNGs for generating random binary sequences (RBSs) [11], [12]. However, PRNGs require heavy computations to obtain randomness, and their seeds must be carefully chosen and protected, which in turn leads to the consumption of resources [11]. In this context, one can take advantage of the fact that sensors in WBAN record biometric signals, and thus randomness can be extracted from it. Some biometric based RNGs have been developed to avoid the use of PRNGs in WBAN's sensors, to save energy and processing capacity [11], [13][14][15][16]. Some researchers have studied this topic in the context of neuronal signals [17], [18]. The main limitation of these studies is the length of the recordings used and the fact that EEG sensors have limited portability capabilities [13]. Some other researchers have focused on cardiac signals, specifically the ECG signal. There are several characteristics points in the ECG signal that can be used to generate random values [16], [19]. In this paper, we review the most important previous work on ECG-based RNG in the second section. In the third section, we provide a detailed explanation of the proposed scheme. The fourth section presents the implementation results of the proposed generator. Finally, we conclude our work in the fifth section.

II. RELATED WORKS
For securing WBAN, the time interval between two consecutive heartbeats, commonly referred to as the Inter-Pulse Interval (IPI), has gained the attention of many researchers [11], [13], [14], [20]. Each IPI value differs from the others with little deviation. Therefore, some existing approaches extract only the last four entropic bits from each IPI value to produce 128-bit RBSs [14]. The main downside of these approaches is that they are substantially time consuming. Medical sensors have to acquire an ECG signal for approximately 25-30 seconds to generate 128-bit RBSs. Each 128-bit RBS is generated from 32 IPIs that are obtained from at least 33 successive heartbeats. For an adult, the normal heart rate is 60-100 beats per minute (bpm) [11]. Zheng et al. [16] presented a method that can extract 16 random bits from each heartbeat; they used the periods RR, RQ, RS, RP, and RT to generate RBS. The limitation of their method is the large encoding time required to convert the five different heartbeat intervals into RBSs. To improve time efficiency, Pirbhulal et al. [11] concatenates only eight consecutive IPIs to produce 128-bit RBSs. A cyclic block encoding technique is applied for decreasing the measurement errors and generating random binary sequences from heartbeats. This technique can be up to four times faster than other IPI-based methods, but still suffers from poor time efficiency. From the above, it can be seen that generating RBSs based on IPI values provides very low performance. In addition to the low performance, according to some recent studies, the time interval between two heartbeats can be determined using camera and skin color analysis, making these methods less secure [21]. Consequently, Camara et al. [13] did not use IPI values in constructing their RNG, but they use the entire ECG signal. First, the ECG record should be cleaned using filters. Then it is divided into windows that contain an R-peak (one heartbeat). Secondly, the approximation coefficients of each ECG window are obtained by wavelet analysis. The signal is then subsampled by 2, and the process is repeated to increase the level of decomposition. This method is better than its previous in terms of throughput (number of random bits generated per second), but it needs to perform wavelet analysis that may lead to consuming the sensor's power. To improve time efficiency and power consumption we develop in [22] an ECG based random binary sequence generator that generate RBSs of 128 bits length. In this paper we improve the proposed generator to generate RBSs of 128, 256, 512, 1024, 2048 bits length. We chose those lengths because they are appropriate for encryption keys and other random values used to secure communication between WBAN sensors. The proposed generator uses the ECG samples' values instead of the IPI values, to profit from the rich entropy that they have. Our generator depends on very simple operations which in turn reduce the energy consumption. It has a very high throughput that outperforms previous works.

III. PROPOSED SCHEME
In the proposed random binary sequence generator scheme, we assume that any entity that is not in contact with the patient's body cannot measure its ECG signal. We rely on the fact that the values of ECG samples when they are selected non-consecutively, they have better randomness than consecutive ones. To generate random sequences, simple arithmetic operations including addition, subtraction, multiplication, and modulus are applied to some non- Five values used for selecting the five ECG samples from which RS32 will be generated.

RS23
A 32-bit random sequence generated from the proposed generator.

RS32_SET
The set of the generated RS32.
n The number of the generated RS32 (the number of RS32_SET elements).

RSL
An L bit random sequence formed by the concatenation of RS32. This article has been accepted for publication in IEEE Access. This is the author's version which has not been fully edited and content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2022.3185057 consecutively chosen ECG samples. Those samples are chosen based on the value of another selected sample. To generate 32-bit random sequences (RS32), the ECG signal is acquired and sampled for a specific duration with a minimum sampling frequency of 128 Hz, and a minimum analog to digital convergence resolution of 11 bits. For each RS32, one sample is chosen, and some calculations are applied to it to generate five values. The resulting five values are then used to calculate five samples' indexes. Next, the samples' values with the calculated indexes are used to generate RS32. Briefly, it can be said that in the proposed generator, each RS32 is generated from the values of five nonconsecutive ECG samples after some calculations. These samples are selected based on the value of another selected ECG sample. Then an RBS of the required length is created by concatenating multiple RS32. Fig. 1 shows the proposed ECG based random binary sequence generator scheme and Table I (7): This article has been accepted for publication in IEEE Access. This is the author's version which has not been fully edited and content may change prior to final publication.
where j ranges from 1 to n/l For example, RS128 can be generated by concatenating every four RS32i, where L=128 and l=L/32=4, as shown in (8): where j ranges from 1 to n/4. Using the proposed scheme, random streams longer than 128 bits can be generated by concatenating more than four RS32. For example, to generate 256-bit random sequences (RS256), every eight RS32 are concatenated as shown in (9): 256 ← 32 ×8+1 || 32 ×8+2 ||. . . || 32 ×8+8 (9) where j ranges from 1 to n/8. Similarly, 512-bit, 1024-bit, 2048-bit random streams can be generated by concatenating the adequate number of RS32. The pseudocode for the proposed generator is shown in Algorithm 1. The value of n can be chosen depending on the number of random strings to be generated and their length L. For example, if only one 128-bit random sequence has to be generated, then n can be set to 4. In general, the value of n is chosen to be less than or equal to len/2 because f1, f2, f3, f4, f5 values which determine the samples contributing to the generation of RS32, are modulus len-i as shown in (1)- (5). Assuming that n=len, when i becomes close to n, then the resulting mod(len-i) will have a very limited range of values, making the choice of ECG samples that contribute to the generation of RS32 also limited. This may reduce the randomness of the resulting strings and make it easier for an opponent to determine ecgi values from RS32. It is clear that for each RS32_SET, n/l sequences of RSL can be generated.
In the proposed generator, arithmetic operations such as addition, subtraction, multiplication, and modulus are applied to obtain the desired randomness. a, b, c, d, and e are used to protect the ECG signal from exposure. These values are integer numbers selected by the user. The greater these values are, the more secure the generator is against ECG signal exposure. The minimum length of each of the secret values should be 10 bits.

A. PROPOSED SCHEME SECURITY EVALUATION
In RNG, the entropy source must be resistant to any attack that could decrease the level of entropy [23]. In our case, the entropy source is the ECG signal. Attacks against entropy can be of two types: Active and Passive [24]. In RNGs, active attacks mean that the attacker can control the entropy source [23]. In our case, controlling the subject's heartbeats is impossible. Therefore, these types of attacks are impractical against the developed generator. Passive attacks are those in which the attacker, using an identical signal acquisition platform, tries to deduce the random sequence generated by the entropy source [23]. These types of attacks are also impractical because the ECG signal differs from one person to another and is a time-variant signal. The distinctiveness of the generated RBSs is proven in section IV.B.2 which emphasizes that the attacker cannot use data from one subject to predict the RBSs generated by another. In biometric-based RNG, supposing that the generated RBSs are public values, an opponent should not be able to retrieve the biometric values from the generated RBSs. This condition is fulfilled in our proposed scheme. Below, we demonstrate the inability of the opponent to disclose the ECG signal and the secret values a, b, c, d, and e from the resulting RBSs. Assuming that the length of each of the secret values a, b, c, d, and e is x bits and the opponent could determine the index i for each of the generated RS32i. To expose the values f1, f2, f3, f4, f5, and then the corresponding indexes of the ECG samples that contribute to the generation of RS32i, the opponent needs to accomplish (2 3 ) 3 × (2 ) 5 = 2 9+5 tries. (2 3 ) 3 represents the approximate number of tries needed to get X1, X10, and X100 values, where each of them is a digit with value ranges between 0 and 9. (2 ) 5 represents the number of tries needed to expose the five secret values of a, b, c, d, and e. After finding ecg indexes, the opponent needs to find ECG samples values. If the opponent wants to disclose the values of len samples from the ECG signal, which is the worst case, he needs to find f1, f2, f3, f4, and f5 for all of the resulting RS32i, thus, he needs to accomplish (2 9+5 ) tries. For example, if the opponent wants to determine f1, f2, f3, f4, and f5 values for all of the resulting RS32i from ECG signal acquired within one second with a sampling rate of 360 sample-per-second, and if n=len/2 and x=10, where 10 is the minimum length of each secret value, then the opponent needs to accomplish (2 59 ) 360/2 = 2 10620 tries. We used the expression "worst Algorithm 1 The proposed ECG based random binary sequence generator Input: ECG={ecg1, ecg2, …, ecglen}, len, n, L Output: RS32_SET={RS321, RS322, …, RS32n}, RSL 1: For i ← 1 to n do 2: X100 ← first digit after point.

5:
f1 RS32i ← (uint32)((ecgi+f1×10 9 + ecgi+f2×10 8 + ecgi+f3×10 6 + ecgi+f4×10 5 + ecgi+f5×10 3 )×i + i; 11: add RS32i to RS32_SET 12: end for 13: select j, where j ranges from 1 to n/l and l=L/32 14: RSLj=RS32j×l+1|| RS32j×l+2|| … ||RS32j×l+l case" because some ECG samples might be used in generating multiple RS32i, on the other hand, other samples might never be used. Therefore, the opponent may expose the same sample multiple times, and some other samples can never be exposed. Consequently, knowing all ECG samples is the worst case, and it is rare. Since the opponent cannot determine the index i of RS32i, it becomes more difficult to expose the values of the ECG samples. It is noticeable that the more len is greater than n, the greater the security against ECG exposure.

B. RANDOMNESS AND DISTINCTIVENESS EVALUATION
To ensure the capability of using the proposed generator in securing medical data, it is necessary to evaluate the randomness and distinctiveness of the resulting RBSs. It is insufficient to ensure randomness, but also distinctiveness, which indicates that different individuals create different RBSs. The distinctiveness ensures that opponents would not be able to impose security threats on WBSNs using medical information, i.e., ECG signals from other patients [11]. To analyze the randomness and distinctiveness of the proposed generator, RBSs generated from different subjects with two different cases are tested. The first case is the normal one, where the heartbeats of the subjects are regular. In this case, the randomness generated from the entropy source (ECG signal) is at its minimum. The second case is where the subjects suffer from Arrhythmia. In this case, the randomness generated from the entropy source is better than that in the first case. RBSs from the ECG signal of 50 subjects were generated. The subjects' data (ECG signals) are divided into two datasets. The first dataset consists of the ECG signal for 25 subjects in good health (healthy subjects) which is the normal case, retrieved from the MIT-BIH Normal Sinus Rhythm Database [25] (all 18 records), and from the MIT-BIH Long-Term ECG Database [26] (all 7 records), where the sampling rate is 128 samples-per-second. The second dataset consists of the ECG signal for 25 subjects with arrhythmia (arrhythmia subjects), retrieved from the MIT-BIH Arrhythmia Database [27] (the first 25 records, i.e., from record 100 to record 201), where the sampling rate is 360 sample-per-second.
Randomness and distinctiveness evaluations were performed for 128-bit, 256-bit, 512-bit, 1024-bit, and 2048-bit random sequences. The RBSs were generated for len (the number of ECG samples acquired) corresponding to a signal acquisition duration of 1, 2, or 4 seconds. The minimum acceptable signal acquisition duration is 1 second because it is preferable that the samples contain at least one heartbeat to provide more randomness. It should be noted that the signal acquisition duration has nothing to do with the length of the resulting RS. For example, if the signal is acquired for 1 second and the sampling rate is 360 sample-per-second, at most len/2=(1360)/2=180 RS32 can be generated, where len equals the acquisition time in seconds multiplied by the sampling rate. Every 4 RS32 can be concatenated together to get 45 RS128, or every 8 RS32 can be concatenated together to get 22 RS256, etc.

1) RANDOMNESS EVALUATION
We evaluated the randomness of the generated RBSs through entropy analysis and by applying the National Institute of Standards and Technology (NIST) statistical tests. In addition, we apply the health test to evaluate the behavior of the noise source (ECG signal).

a) Randomness Evaluation through Entropy Analysis
RBSs' entropy is defined as the unpredictability of the generated RBSs. Before analyzing the entropy of the resulting RBSs, the entropy source (ECG signal) was evaluated. The entropy level of the ECG signal was estimated for healthy subjects. As mentioned before, the entropy of the ECG signal of healthy subjects is less than that of Arrhythmia due to the regularity of heartbeats. The minimum entropy of the ECG samples was analyzed using the NIST 800-90B standard [28]. Entropy was estimated for the ECG signal of 25 healthy subjects according to [28]. The ECG signal is classified with a non-IID assumption. For each subject, a bitstream of 1,000,000 samples was tested using the NIST recommended software for entropy estimation. The min-entropy of the Arrhythmia subjects cannot be estimated because each record in the MIT-BIH Arrhythmia Database contains only 650,000 samples, whereas the NIST 800-90B tests require at least 1,000,000 samples as input. Furthermore, the restart test cannot be performed because the entropy source (the heart) works continuously.  This article has been accepted for publication in IEEE Access. This is the author's version which has not been fully edited and content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2022.3185057 As shown in Fig. 2, the mean of the min-entropy per bit for the ECG signal samples of the 25 health subjects is 0.32823156. It is clear that the min-entropy of the noise source in our case is not high because of some periodic aspects of the ECG signal. The min-entropy of the RBSs generated after the conditioning component is also estimated. In our generator, the conditioning component consists of all the operations applied to ECG samples that are described in Algorithm 1. From each record of the 25 healthy subject records, 1,000,000 RS32s were generated, and their min-entropy was calculated as described in 3.1.5 in NIST 800-90B for Non-vetted Conditioning Components [28]. Fig. 3 shows the min-entropy of RS32s where the mean equals 13.1291 bits. The minentropy is low due to the formula for calculating hout (the entropy of the conditioned output) shown in (10): where Output_Entropy is a function of several parameters (see 3.1.5 from [28] for more details). Its output depends on the min-entropy of the noise source, which is low in our case. Therefore, the output of Output_Entropy has a low value, which in turn makes the min-entropy hout low." RBSs' entropy can be measured using Shannon entropy, as shown in (11): where X is an information source with n mutually exclusive events, x1, x2, . . ., xn, and p(xj) is the probability of the j th event.
The entropy can have a maximum value of 1 if it fulfills a uniform distribution [11].
To test the randomness of the resulting RBSs, their entropy was measured and analyzed. The entropy was calculated for the resulting RBSs from the two datasets, the dataset of healthy subjects and the dataset of subjects with arrhythmia. Fig. 4 shows the average entropy of RBSs generated from the dataset of healthy subjects (25 subjects The entropy of RS2048 is the closest to 1. Sometimes it can also be noticeable that the entropy of RBSs generated from arrhythmia subjects is better than that for healthy subjects. It can be justified by noting that the ECG data of arrhythmia subjects are more random than that of the healthy subjects.

b) Health test
Health tests are tests that aim to catch the failures of the entropy source quickly and with a high probability [28]. Another aspect of the health testing strategy is determining the likely failure modes for the noise source [28].   Health tests are applied to the outputs of a noise source before any conditioning is done. NIST provides two health tests: the Repetition Count test, and the Adaptive Proportion test. The health tests were performed offline using ECG samples. The calculations were made to 1,000,000 samples obtained from healthy subjects. The tests were applied to healthy subjects for the same reasons mentioned in the previous section. α is set to 2 -20 , and the cutoff value C is calculated for each subject depending on its min-entropy, using the formulas declared in 4.4. from [28]. W is set to 512 because the noise source is non-  This article has been accepted for publication in IEEE Access. This is the author's version which has not been fully edited and content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2022.3185057 binary. The ECG samples passed the Adaptive Proportion tests for all records and failed very few times in the Repetition Count test, as illustrated in Fig. 6. The maximum number of failures was 5 and the mean of the failures is 1.6.

c) Randomness Evaluation Based on NIST tests
Various statistical tests can be applied to evaluate the randomness of bit sequences and compare them with truly random sequences. The most popular test suites are the NIST Statistical Test Suite (NIST) [9], ENT [29], and Dieharder [30]. The NIST Test Suite is a statistical package consisting of 15 tests that were developed to test the randomness of binary sequences [9]. These tests focus on a variety of different types of non-randomness that could exist in a sequence. We chose the NIST tests because they focus on those applications where randomness is required for cryptographic purposes. In our study, short RBSs are generated (range from 128 bits to 2048 bits), so 10 out of 15 NIST tests have been performed, which are appropriate for evaluating short random sequences. The randomness of the tested RBSs can be evaluated based on the value of α, which called the level of significance of the test. Each test results in a P-value. We assume that RBS is random if the resulting P-value is greater than α, where α= 0.01 [9], [11]. Several NIST tests were performed on the RBSs generated using the proposed generator to verify their randomness. Those tests were performed on RBSs with different lengths (RS128, RS256, RS512, RS1024, RS2048) resulting from ECG signals acquired from the prementioned two datasets (healthy and Arrhythmia subjects) for different durations (1, 2, or 4 seconds). 150 RBSs are tested from each group (6 per subject). We mean by RBSs group, the group of RBSs that have the same length and are generated from ECG signals acquired from the same dataset for a specific duration. Equation (12) gives the minimum number of tests that must be passed for each NIST test [31]: being α the level of significance of the test and k the number of RBSs tested. In our particular case, α= 0.01 and k = 150, thus the minimum pass rate was 0.9656. Therefore, 145 test or more must be passed for each NIST test. Table II shows the average P-value and the proportion of tests that pass each one of the 10 NIST tests. These results are for RBSs generated using ECG signals of 25 subjects from each dataset (6 per subject) where the ECG is acquired in one second. Thus, 125 RBSs are generated and tested for each RBS length and each dataset. Table II shows that the generated RBSs passed the 10 tests, because P-value was greater than 0.01 in 145 tests or more for each of NIST tests. Therefore, the binary sequences generated from ECG signal acquired in one second using the proposed scheme can be considered as random sequences. Table III and Table IV are similar to Table I, but for different  acquisition durations. Tables II-IV show that the generated RBSs passed the 10 NIST tests where P-value was greater than 0.01 in more than 145 tests for each NIST test. As a result, the RBSs with different lengths generated using the proposed scheme from ECG signals acquired in different acquisition  [9], the uniform distribution of P-values resulting from NIST tests indicates the randomness of the tested sequences. Thus, this is another confirmation of the randomness of the generated RBSs.
From Tables II-IV, it is observed that the normal and the arrhythmia cases do not differ much in the average P-values.
Returning to the proposed scheme, each RS32 is generated from the values of five non-consecutive ECG samples after some calculations. Due to the non-consecutive selection of the ECG samples and the different time intervals between them, the results did not differ significantly between healthy and arrhythmia subjects, noting that the ECG signal of subjects with Arrhythmias has the same waveform as the ECG signal of healthy subjects (P, QRS, T waves), but it is characterized by different time intervals between every two successive pulses.

2) DISTINCTIVENESS EVALUATION
The distinctiveness evaluation is used to measure if RBSs generated from different subjects are sufficiently distinct. If this holds, an adversary cannot use data from another subject to predict the values generated by the target [13]. The Hamming distance (HD) is applied to measure the dissimilarity between two RBSs of the same length. It is the number of places at which the corresponding bits are different. Hence, for true random binary sequences, the average HDdistribution can be nearly equal to 50% [11].  Fig. 7. Fig. 8 elaborates the normalized distribution of HDs of 128-bit RBSs. The average HDs for RBSs generated from arrhythmia subjects equals to 63.94, which is also nearly equal to 50% of the length of the RBS as revealed in Fig. 8. In the same manner, we can prove that HD has a normal distribution even if the RBSs are generated from healthy or arrhythmia subjects, whatever the RBS length is between 128 and 2048 bits, and whatever the acquisition duration is between 1 and 4 seconds.   This article has been accepted for publication in IEEE Access. This is the author's version which has not been fully edited and content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2022.3185057 including 1 second. In previous studies such as [11], where RBS is generated based on IPI values, the generation of binary sequences with good randomness requires the acquisition of ECG signal for several heartbeats (several seconds).

1) THROUGHPUT
As mentioned earlier, by using the proposed generator, a number of RS32 equals to len/2 can be generated as maximum. If the sampling rate is 128 sample-per-second, 64 RS32 per second can be generated, which is equivalent to 2048 bits-persecond. If the sampling rate is 360 sample-per-second, 180 RS32 per second can be generated, which is equivalent to 5760 bits-per-second. Table VI shows the proposed scheme throughput (number of random bits generated per second) compared with previous studies [11], [13], and [14]. It is clear that the proposed scheme throughput outperforms the previous ECG based RNG. Furthermore, the throughput of the proposed generator depends on the sampling rate, in contrast to previous studies where the throughput depends on the pulse rate. Even for low sampling rate (128 sample-per-second), the proposed generator is still having the best throughput compared to previous studies. In our generator, the ECG signal perturbations, e.g., variation in ECG signal frequency, do not affect the throughput because the throughput is only affected by the sampling rate.
Unlike other RNGs, our proposed generator generates a large number of RBSs in a limited time. RNGs often have low throughput as a result of their dependence on natural phenomena, so they usually generate short random sequences over a relatively long period of time. PRNGs are used when the generation of many random sequences within a short time is required. Although our proposed generator is an RNG, but it overcomes the low throughput of RNGs and has a high throughput as if it is a PRNG. In addition, the min-entropy rate (the min-entropy throughput) was studied based on the min-entropy for the generated RS32 which was calculated before. The min-entropy rate equals min-entropy per bit × throughput. We calculate it only for healthy subjects for the same reason as mentioned before. Fig.  9 shows the min-entropy rate calculated for the RBSs generated from the ECG signal of 25 healthy subjects. The mean of the min-entropy rate is 840.267 bit/s. Returning to Table VI and according to the resulting min-entropy rate, it can be concluded that, although the calculated min-entropy rate is the lowest throughput of our generator, nevertheless it is still better than the throughput of all the previous studies.

2) COMPLEXITY
The proposed generator has a time complexity of O(n). Returning to Algorithm 1, it appears that the proposed generator is consist of one loop with n rounds. The loop body includes functions with operations such as addition, subtraction, multiplication, and modulus. The time complexity of each round equals O(1), consequently, the time complexity of the proposed generator equals O(n), where n is the number of the generated RS32. It can be noted that the simplicity of mathematical and processing operations may lead to low resource consumption. However, despite the simplicity of the operations, the proposed generator can be used for cryptographic purposes.

V. CONCLUSION
In this paper, we proposed a new biometric-based random sequence generator that uses ECG signal samples to generate RBS. Its throughput is better than that of previous studies tens or hundreds of times. It generates RBSs of different lengths. Proceeding from the fact that the simpler the processes, the lower the resource consumption, the proposed generator is designed to be based on very simple operations like addition, subtraction, etc., rather than complex ones like wavelet transforms, and hash functions used in previous studies. Due to the distinctiveness of the generated sequences, the opponent cannot predict the random values generated from one subject using the ECG signal of another. Furthermore, research shows that IPI values can be eavesdropped from a distance using cameras. Fortunately, this approach is useless with our generator, because it is based on ECG signal samples instead of IPI, which cannot be detected from a distance. Moreover, the opponent cannot expose the ECG signal depending on the resulting RBSs.