Benjamin Johnson
ABSTRACT
Authenticating users of computer systems based on their brainwave signals is now a realistic possibility, made possible by the increasing availability of EEG (electroencephalography) sensors in wireless headsets and wearable devices. This possibility is especially interesting because brainwave-based authentication naturally meets the criteria for two-factor authentication. To pass an authentication test using brainwave signals, a user must have both an inherence factor (his or her brain) and a knowledge factor (a chosen passthought). In this study, we investigate the extent to which both factors are truly necessary. In particular, we address the question of whether an attacker may gain advantage from information about a given target's secret thoughts.
References
- Bionym Nymi. http://www.bionym.com/.Google Scholar
- Ashby, C., Bhatia, A., Tenore, F., and Vogelstein, J. Low-cost electroencephalogram (eeg) based authentication. In Proceedings of 5th International IEEE EMBS Conference on Neural Engineering (April 2011).Google ScholarCross Ref
- Chuang, J., Nguyen, H., Wang, C., and Johnson, B. I think, therefore i am: Usability and security of authentication using brainwaves. In Proceedings of 2013 Workshop on Usable Security (2013).Google ScholarCross Ref
- Devices, P. N. Press release: Pnd wearable environment. http://personalneuro.com/, 2014. {Online; accessed 30-May-2014}.Google Scholar
- Killourhy, K. S., and Maxion, R. A. Comparing anomaly detectors for keystroke dynamics. In Proceedings of the 39th Annual International Conference on Dependable Systems and Networks (DSN-2009), IEEE Computer Society Press (June 2009), 125--134.Google Scholar
- Marcel, S., and del R. Millan, J. Person authentication using brainwaves (eeg) and maximum a posteriori model adaptation. IEEE Transactions on Pattern Analysis and Machine Intelligence 29, 4 (April 2007). Google ScholarDigital Library
- Martinovic, I., Davies, D., Frank, M., Perito, D., Ros, T., and Song, D. On the feasibility of side-channel attacks with brain-computer interfaces. In Proceedings of 21st Usenix Security Symposium (Usenix Security) (2012). Google ScholarDigital Library
- Monrose, F., and Rubin, A. Authentication via keystroke dynamics. In Proceedings of the 4th ACM conference on Computer and communications security, ACM (1997), 48--56. Google ScholarDigital Library
- Palaniappan, R. Electroencephalogram signals from imagined activities: A novel biometric identifier for a small population. In IDEAL 2006, LNCS 4224 (2006), 604--611. Google ScholarDigital Library
- Palaniappan, R. Two-stage biometric authentication method using thought activity brain waves. International Journal of Neural Systems 18, 1 (2008), 59--66.Google ScholarCross Ref
- Poulos, M., Rangoussi, M., Alexandris, N., and Evangelou, A. Person identification from the eeg using nonlinear signal classification. Methods of Information in Medicine (2002).Google Scholar
- Thorpe, J., van Oorschot, P., and Somayaji, A. Pass-thoughts: Authenticating with our minds. In Proceedings of the New Security Paradigms Workshop (NSPW) (2005). Google ScholarDigital Library
Index Terms
My thoughts are not your thoughts
Comments