I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves

  • John Chuang
  • Hamilton Nguyen
  • Charles Wang
  • Benjamin Johnson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7862)


With the embedding of EEG (electro-encephalography) sensors in wireless headsets and other consumer electronics, authenticating users based on their brainwave signals has become a realistic possibility. We undertake an experimental study of the usability and performance of user authentication using consumer-grade EEG sensor technology. By choosing custom tasks and custom acceptance thresholds for each subject, we can achieve 99% authentication accuracy using single-channel EEG signals, which is on par with previous research employing multi-channel EEG signals using clinical-grade devices. In addition to the usability improvement offered by the single-channel dry-contact EEG sensor, we also study the usability of different classes of mental tasks. We find that subjects have little difficulty recalling chosen “pass-thoughts” (e.g., their previously selected song to sing in their mind). They also have different preferences for tasks based on the perceived difficulty and enjoyability of the tasks. These results can inform the design of authentication systems that guide users in choosing tasks that are both usable and secure.


pass-thoughts EEG authentication usability 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Neurosky MindSet,
  2. 2.
  3. 3.
    Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (eeg) based authentication. In: Proceedings of 5th International IEEE EMBS Conference on Neural Engineering (April 2011)Google Scholar
  4. 4.
    Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: Learning from the first twelve years. ACM Computing Surveys 44(4) (2011)Google Scholar
  5. 5.
    Brostoff, S., Sasse, M.A.: Are passfaces more usable than passwords? A field trial investigation. In: Proceedings of HCI (2000)Google Scholar
  6. 6.
    Coventry, L.: Usable biometrics. In: Cranor, L., Garfinkel, S. (eds.) Usability and Security (2005)Google Scholar
  7. 7.
    Dhamija, R., Perrig, A.: Deja vu: a user study using images for authentication. In: Proceedings of the 9th Conference on USENIX Security Symposium (2000)Google Scholar
  8. 8.
    Donchin, E., Spencer, K., Wijesinghe, R.: The mental prosthesis: assessing the speed of a p300-based brain-computer interface. IEEE Transactions on Rehabilitation Engineering 8(2), 174–179 (2000)CrossRefGoogle Scholar
  9. 9.
    Farwell, L.A., Donchin, E.: Talking off the top of your head: A mental prosthesis utilizing event-related brain potentials. Electroencephalography and Clinical Neurophysiology 70, 510–523 (1988)CrossRefGoogle Scholar
  10. 10.
    Hinterberger, T., Kubler, A., Kaiser, J., Neumann, N., Birbaumer, N.: A brain-computer interface (bci) for the locked-in: comparison of different eeg classifications for the thought translation device. Clinical Neurophysiology 114(3), 416–425 (2003)CrossRefGoogle Scholar
  11. 11.
    Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: Proceedings of 8th USENIX Security Symposium (August 1999)Google Scholar
  12. 12.
    Marcel, S., del, J., Millan, R.: Person authentication using brainwaves (eeg) and maximum a posteriori model adaptation. IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(4) (April 2007)Google Scholar
  13. 13.
    Nijboer, F., Sellers, E., Mellinger, J., Jordan, M., Matuz, T., Furdea, A., Halder, S., Mochty, U., Krusienski, D., Vaughan, T., Wolpaw, J., Birbaumer, N., Kubler, A.: A p300-based brain-computer interface for people with amyotrophic lateral sclerosis. Clinical Neurophysiology 119(8), 1909–1916 (2008)CrossRefGoogle Scholar
  14. 14.
    Palaniappan, R.: Electroencephalogram signals from imagined activities: A novel biometric identifier for a small population. In: Corchado, E., Yin, H., Botti, V., Fyfe, C. (eds.) IDEAL 2006. LNCS, vol. 4224, pp. 604–611. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Palaniappan, R.: Two-stage biometric authentication method using thought activity brain waves. International Journal of Neural Systems 18(1), 59–66 (2008)CrossRefGoogle Scholar
  16. 16.
    Poulos, M., Rangoussi, M., Alexandris, N., Evangelou, A.: Person identification from the eeg using nonlinear signal classification. Methods of Information in Medicine (2002)Google Scholar
  17. 17.
    Thorpe, J., van Oorschot, P., Somayaji, A.: Pass-thoughts: Authenticating with our minds. In: Proceedings of the New Security Paradigms Workshop, NSPW (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • John Chuang
    • 1
  • Hamilton Nguyen
    • 2
  • Charles Wang
    • 2
  • Benjamin Johnson
    • 3
  1. 1.School of InformationUC BerkeleyUSA
  2. 2.Department of EECSUC BerkeleyUSA
  3. 3.Department of MathematicsUC BerkeleyUSA

Personalised recommendations