I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves
With the embedding of EEG (electro-encephalography) sensors in wireless headsets and other consumer electronics, authenticating users based on their brainwave signals has become a realistic possibility. We undertake an experimental study of the usability and performance of user authentication using consumer-grade EEG sensor technology. By choosing custom tasks and custom acceptance thresholds for each subject, we can achieve 99% authentication accuracy using single-channel EEG signals, which is on par with previous research employing multi-channel EEG signals using clinical-grade devices. In addition to the usability improvement offered by the single-channel dry-contact EEG sensor, we also study the usability of different classes of mental tasks. We find that subjects have little difficulty recalling chosen “pass-thoughts” (e.g., their previously selected song to sing in their mind). They also have different preferences for tasks based on the perceived difficulty and enjoyability of the tasks. These results can inform the design of authentication systems that guide users in choosing tasks that are both usable and secure.
Keywordspass-thoughts EEG authentication usability
Unable to display preview. Download preview PDF.
- 1.Neurosky MindSet, http://www.neurosky.com/
- 2.Passfaces, http://www.passfaces.com/
- 3.Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (eeg) based authentication. In: Proceedings of 5th International IEEE EMBS Conference on Neural Engineering (April 2011)Google Scholar
- 4.Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: Learning from the first twelve years. ACM Computing Surveys 44(4) (2011)Google Scholar
- 5.Brostoff, S., Sasse, M.A.: Are passfaces more usable than passwords? A field trial investigation. In: Proceedings of HCI (2000)Google Scholar
- 6.Coventry, L.: Usable biometrics. In: Cranor, L., Garfinkel, S. (eds.) Usability and Security (2005)Google Scholar
- 7.Dhamija, R., Perrig, A.: Deja vu: a user study using images for authentication. In: Proceedings of the 9th Conference on USENIX Security Symposium (2000)Google Scholar
- 11.Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: Proceedings of 8th USENIX Security Symposium (August 1999)Google Scholar
- 12.Marcel, S., del, J., Millan, R.: Person authentication using brainwaves (eeg) and maximum a posteriori model adaptation. IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(4) (April 2007)Google Scholar
- 13.Nijboer, F., Sellers, E., Mellinger, J., Jordan, M., Matuz, T., Furdea, A., Halder, S., Mochty, U., Krusienski, D., Vaughan, T., Wolpaw, J., Birbaumer, N., Kubler, A.: A p300-based brain-computer interface for people with amyotrophic lateral sclerosis. Clinical Neurophysiology 119(8), 1909–1916 (2008)CrossRefGoogle Scholar
- 16.Poulos, M., Rangoussi, M., Alexandris, N., Evangelou, A.: Person identification from the eeg using nonlinear signal classification. Methods of Information in Medicine (2002)Google Scholar
- 17.Thorpe, J., van Oorschot, P., Somayaji, A.: Pass-thoughts: Authenticating with our minds. In: Proceedings of the New Security Paradigms Workshop, NSPW (2005)Google Scholar