Reflexive Memory Authenticator: A Proposal for Effortless Renewable Biometrics

  • Nikola K. BlanchardEmail author
  • Siargey Kachanovich
  • Ted Selker
  • Florentin Waligorski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11967)


Today’s biometric authentication systems are still struggling with replay attacks and irrevocable stolen credentials. This paper introduces a biometric protocol that addresses such vulnerabilities. The approach prevents identity theft by being based on memory creation biometrics. It takes inspiration from two different authentication methods, eye biometrics and challenge systems, as well as a novel biometric feature: the pupil memory effect. The approach can be adjusted for arbitrary levels of security, and credentials can be revoked at any point with no loss to the user. The paper includes an analysis of its security and performance, and shows how it could be deployed and improved.


Eye biometrics Authentication Adaptive systems 



We’d like to thank Leila Gabasova for their help with the figures. This work was supported partly by the french PIA project “Lorraine Université d’Excellence”, reference ANR-15-IDEX-04-LUE.


  1. 1.
    Asghar, H.J., Li, S., Pieprzyk, J., Wang, H.: Cryptanalysis of the convex hull click human identification protocol. Int. J. Inf. Secur. 12(2), 83–96 (2013)zbMATHCrossRefGoogle Scholar
  2. 2.
    Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (EEG) based authentication. In: 5th International IEEE/EMBS Conference on Neural Engineering - NER, pp. 442–445. IEEE (2011)Google Scholar
  3. 3.
    Bednarik, R., Kinnunen, T., Mihaila, A., Fränti, P.: Eye-movements as a biometric. In: Kalviainen, H., Parkkinen, J., Kaarna, A. (eds.) SCIA 2005. LNCS, vol. 3540, pp. 780–789. Springer, Heidelberg (2005). Scholar
  4. 4.
    Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: IEEE Symposium on Security and Privacy, pp. 538–552 (5 2012).
  5. 5.
    Bowyer, K.W., Hollingsworth, K., Flynn, P.J.: Image understanding for iris biometrics: a survey. Comput. Vis. Image Underst. 110(2), 281–307 (2008)CrossRefGoogle Scholar
  6. 6.
    Bradley, M.M., Lang, P.J.: Memory, emotion, and pupil diameter: repetition of natural scenes. Psychophysiology 52(9), 1186–1193 (2015)CrossRefGoogle Scholar
  7. 7.
    Brostoff, S., Sasse, M.A.: Are passfaces more usable than passwords? A field trial investigation. In: McDonald, S., Waern, Y., Cockton, G. (eds.) People and Computers XIV – Usability or Else!: Proceedings of HCI, pp. 405–424. Springer, London (2000). Scholar
  8. 8.
    Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 1–12. ACM, New York (2007)Google Scholar
  9. 9.
    Choudhury, B., Then, P., Issac, B., Raman, V., Haldar, M.: A survey on biometrics and cancelable biometrics systems. Int. J. Image Graph. 18, 1850006 (2018)CrossRefGoogle Scholar
  10. 10.
    Cody, S.: Do Only The Eyes Have It? Predicting subsequent memory with simultaneous neural and pupillometry data. Master’s thesis, The Ohio State University (2015)Google Scholar
  11. 11.
    Curran, M.T., Yang, J., Merrill, N., Chuang, J.: Passthoughts authentication with low cost EarEEG. In: IEEE 38th Annual International Conference of the Engineering in Medicine and Biology Society - EMBC, pp. 1979–1982. IEEE (2016)Google Scholar
  12. 12.
    Das, R., Maiorana, E., Campisi, P.: EEG biometrics using visual stimuli: a longitudinal study. IEEE Signal Process. Lett. 23(3), 341–345 (2016) CrossRefGoogle Scholar
  13. 13.
    Deravi, F., Guness, S.P.: Gaze trajectory as a biometric modality. In: Biosignals, pp. 335–341 (2011)Google Scholar
  14. 14.
    Einhäuser, W.: The pupil as marker of cognitive processes. In: Zhao, Q. (ed.) Computational and Cognitive Neuroscience of Vision. CST, pp. 141–169. Springer, Singapore (2017). Scholar
  15. 15.
    Ferrante, M., Saltalamacchia, M.: The coupon collector’s problem. Materials Matemàtics 0001–35 (2014)Google Scholar
  16. 16.
    Galdi, C., Nappi, M., Riccio, D., Cantoni, V., Porta, M.: A new gaze analysis based soft-biometric. In: Carrasco-Ochoa, J.A., Martínez-Trinidad, J.F., Rodríguez, J.S., di Baja, G.S. (eds.) MCPR 2013. LNCS, vol. 7914, pp. 136–144. Springer, Heidelberg (2013). Scholar
  17. 17.
    Galdi, C., Nappi, M., Riccio, D., Wechsler, H.: Eye movement analysis for human authentication: a critical survey. Pattern Recogn. Lett. 84, 272–283 (2016)CrossRefGoogle Scholar
  18. 18.
    German, R.L., Barber, K.S.: Consumer attitudes about biometric authentication. Technical report, University of Texas at Austin Center for Identity (2018)Google Scholar
  19. 19.
    Golla, M., Schnitzler, T., Dürmuth, M.: Will any password do? Exploring rate-limiting on the web. In: Who Are You ?! Adventures in Authentication (2016)Google Scholar
  20. 20.
    Gomes, C.A., Montaldi, D., Mayes, A.: The pupil as an indicator of unconscious memory: introducing the pupil priming effect. Psychophysiology 52(6), 754–769 (2015)CrossRefGoogle Scholar
  21. 21.
    Jensen, W., Gavrila, S., Korolev, V., et al.: Picture password: a visual login technique for mobile devices. Technical report, National Institute of Standards and Technology (2003)Google Scholar
  22. 22.
    Just, M., Aspinall, D.: Personal choice and challenge questions: a security and usability assessment. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 8. ACM (2009)Google Scholar
  23. 23.
    Just, M., Aspinall, D.: Challenging challenge questions: an experimental analysis of authentication technologies and user behaviour. Policy Internet 2(1), 99–115 (2010)CrossRefGoogle Scholar
  24. 24.
    Kafkas, A., Montaldi, D.: Recognition memory strength is predicted by pupillary responses at encoding while fixation patterns distinguish recollection from familiarity. Q. J. Exp. Psychol. 64(10), 1971–1989 (2011)CrossRefGoogle Scholar
  25. 25.
    Karthika, S., Devaki, P.: An efficient user authentication using captcha and graphical passwords - a survey. Int. J. Sci. Res. 3(11), 123 (2014)Google Scholar
  26. 26.
    Kasprowski, P., Komogortsev, O.V., Karpov, A.: First eye movement verification and identification competition at BTAS 2012. In: IEEE 5th International Conference on Biometrics: Theory, Applications and Systems - BTAS, pp. 195–202. IEEE (2012)Google Scholar
  27. 27.
    Klamkin, M.S., Newman, D.J.: Extensions of the birthday surprise. J. Comb. Theory 3(3), 279–282 (1967)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Kollreider, K., Fronthaler, H., Bigun, J.: Evaluating liveness by face images and the structure tensor. In: IEEE 4th Workshop on Automatic Identification Advanced Technologies - AutoID, pp. 75–80, October 2005Google Scholar
  29. 29.
    Lashkari, A.H., Farmand, S., Zakaria, O.B., Saleh, R.: Shoulder surfing attack in graphical password authentication. Int. J. Comput. Sci. Inf. Secur. - IJCSIS 6(2) (2009).
  30. 30.
    Lee, C., Kim, J.: Cancelable fingerprint templates using minutiae-based bit-strings. J. Netw. Comput. Appl. 33(3), 236–246 (2010)CrossRefGoogle Scholar
  31. 31.
    de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier, Amsterdam (2007)Google Scholar
  32. 32.
    Loftus, G.R.: Eye fixations and recognition memory for pictures. Cogn. Psychol. 3(4), 525–551 (1972)CrossRefGoogle Scholar
  33. 33.
    Marcel, S., Millán, J.R.: Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 743–752 (2007)CrossRefGoogle Scholar
  34. 34.
    McCulley, S., Roussev, V.: Latent typing biometrics in online collaboration services. In: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, pp. 66–76. ACM, New York (2018).
  35. 35.
    Moon, D., Yoo, J.H., Lee, M.K.: Improved cancelable fingerprint templates using minutiae-based functional transform. Secur. Commun. Netw. 7(10), 1543–1551 (2014). Scholar
  36. 36.
    Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6, 156–163 (1967). Scholar
  37. 37.
    Naber, M., Frässle, S., Rutishauser, U., Einhäuser, W.: Pupil size signals novelty and predicts later retrieval success for declarative memories of natural scenes. J. Vis. 13(2), 11–11 (2013)CrossRefGoogle Scholar
  38. 38.
    Noton, D., Stark, L.: Scanpaths in saccadic eye movements while viewing and recognizing patterns. Vis. Res. 11(9), 929–942 (1971)CrossRefGoogle Scholar
  39. 39.
    Phetmak, N., Liwlompaisan, W., Boonma, P.: Travel password: a secure and memorable password scheme. In: Nguyen, N.T., Attachoo, B., Trawiński, B., Somboonviwat, K. (eds.) ACIIDS 2014. LNCS (LNAI), vol. 8397, pp. 402–411. Springer, Cham (2014). Scholar
  40. 40.
    Rajan, R., Selker, T., Lane, I.: Task load estimation and mediation using psycho-physiological measures. In: Proceedings of the 21st International Conference on Intelligent User Interfaces, pp. 48–59. ACM (2016)Google Scholar
  41. 41.
    Rayner, K.: Eye movement latencies for parafoveally presented words. Bull. Psychon. Soc. 11(1), 13–16 (1978)CrossRefGoogle Scholar
  42. 42.
    Reddy, P.V., Kumar, A., Rahman, S., Mundra, T.S.: A new antispoofing approach for biometric devices. IEEE Trans. Biomed. Circ. Syst. 2(4), 328–37 (2008)CrossRefGoogle Scholar
  43. 43.
    Rigas, I., Abdulin, E., Komogortsev, O.: Towards a multi-source fusion approach for eye movement-driven recognition. Inf. Fusion 32, 13–25 (2016)CrossRefGoogle Scholar
  44. 44.
    Roberts, C.: Biometric attack vectors and defences. Comput. Secur. 26(1), 14–25 (2007)MathSciNetCrossRefGoogle Scholar
  45. 45.
    Schechter, S., Brush, A.J.B., Egelman, S.: It’s no secret. Measuring the security and reliability of authentication via “secret” questions. In: 30th IEEE Symposium on Security and Privacy, pp. 375–390. IEEE (2009)Google Scholar
  46. 46.
    Segreti, S.M., et al.: Diversify to survive: making passwords stronger with adaptive policies. In: 13th Symposium on Usable Privacy and Security - SOUPS, pp. 1–12. USENIX Association, Santa Clara, CA (2017)Google Scholar
  47. 47.
    Selker, T.: Understanding considerate systems - UCS (pronounced: You see us). In: 2010 International Symposium on Collaborative Technologies and Systems, pp. 1–12, May 2010.
  48. 48.
    Shape: 2018 credential spill report. Technical report, Shape Security (2018)Google Scholar
  49. 49.
    Shin, S.W., Lee, M.K., Moon, D., Moon, K.: Dictionary attack on functional transform-based cancelable fingerprint templates. ETRI J. 31(5), 628–630 (2009)CrossRefGoogle Scholar
  50. 50.
    Singh, S., Agarwal, G.: Integration of sound signature in graphical password authentication system. Int. J. Comput. Appl. 12(9), 11–13 (2011)Google Scholar
  51. 51.
    Sluganovic, I., Roeschlin, M., Rasmussen, K.B., Martinovic, I.: Using reflexive eye movements for fast challenge-response authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1056–1067. ACM, New York (2016)Google Scholar
  52. 52.
    Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum Comput Stud. 63(1–2), 102–127 (2005)CrossRefGoogle Scholar
  53. 53.
    Zviran, M., Haga, W.J.: Cognitive passwords: the key to easy access control. Comput. Secur. 9(8), 723–736 (1990)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Nikola K. Blanchard
    • 1
    Email author
  • Siargey Kachanovich
    • 2
  • Ted Selker
    • 3
  • Florentin Waligorski
    • 4
  1. 1.Digitrust, LoriaUniversité de LorraineNancyFrance
  2. 2.Université Côte d’Azur, Inria Sophia-AntipolisNiceFrance
  3. 3.University of Maryland, Baltimore CountyPalo AltoUSA
  4. 4.Observatoire de ParisParisFrance

Personalised recommendations