Friday, 7 October 2016

Brain Passwords

Brain Passwords
Brain waves and its link to Cyber Security  :

The technology is still evolving in terms of being able to use a person's brain waves for authentication purposes as security has become the foremost concern in today’s time. But it is a heavily researched field that has drawn the attention of several federal organizations. The National Science Foundation (NSF), funds a three-year project on which Serwadda ,some students and others from Syracuse University and the University of Alabama-Birmingham are exploring how several behavioral modalities, including EEG brain patterns, could be leveraged to augment traditional user authentication mechanisms.

There are no installations yet, but a lot of research is going on to see if EEG patterns could be incorporated into standard behavioral authentication procedures.


Assuming a system uses EEG as the modality for user authentication, typically for such a system, all variables have been optimized to maximize authentication accuracy. A selection of such variables would include:

  • The features used to build user templates.

  • The signal frequency ranges from which features are extracted.

  • The regions of the brain on which the electrodes are placed, among other variables.

As an assumption for  authentication system questions were put up as - If a malicious entity were to somehow access templates from this authentication-optimized system, would he or she be able to exploit these templates to infer non-authentication-centric information about the users with high accuracy? • In the event that such inferences are possible, which attributes of template design could reduce or increase the threat?

Turns out, they indeed found EEG authentication systems to give away non-authentication-centric information. Using an authentication system from UC-Berkeley and a variant of another from a team at Binghamton University and the University of Buffalo, students  tested their hypothesis, using alcoholism as the sensitive private information which an adversary might want to infer from EEG authentication templates.

A study was conducted as - involving 25 formally diagnosed alcoholics and 25 non-alcoholic subjects, the lowest error rate obtained when identifying alcoholics was 25 percent, meaning a classification accuracy of approximately 75 percent.

When they tweaked the system and changed several variables, they found that the ability to detect alcoholic behavior could be tremendously reduced at the cost of slightly reducing the performance of the EEG authentication system.

No comments:

Post a Comment