A user authentication apparatus includes an electrocardiogram (ECG) waveform acquirer configured to acquire an authentication ECG waveform of a user to authenticate the user; a filter configured to filter the authentication ECG waveform using a Kalman filter by applying a reference model parameter extracted from a reference ECG waveform to the Kalman filter; and an authenticator configured to compare the filtered ECG waveform and the reference ECG waveform, and determine whether the filtered authentication ECG waveform corresponds to the reference ECG waveform based on a result of the comparing.
