Conference Paper

I Can Think Like You! Towards Reaction Spoofing Attack on Brainwave-Based Authentication

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In the coming period of Internet of Things (IoT), user authentication is one important and essential security mechanism to protect assets from unauthorized access. Textual passwords are the most widely adopted authentication method, but have well-known limitations in the aspects of both security and usability. As an alternative, biometric authentication has attracted much attention, which can verify users based on their biometric features. With the fast development of EEG (electro-encephalography) sensors in current headsets and personal devices, user authentication based on brainwaves becomes feasible. Due to its potential adoption, there is an increasing need to secure such emerging authentication method. In this work, we focus on a brainwave-based computer-screen unlock mechanism, which can validate users based on their brainwave signals when seeing different images. Then, we analyze the security of such brainwave-based scheme and identify a kind of reaction spoofing attack where an attacker can try to imitate the mental reaction (either familiar or unfamiliar) of a legitimate user. In the user study, we show the feasibility and viability of such attack.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... In cryptography protocols, authentication is a process to prove or disprove a claimed identity while identification aims to determine who the user is. Plenty of studies adopted EEG biometric to construct identification systems, trying to classify signals to all subjects in the system [11]. However, most studies on identification ability of EEG biometric confined the subject number under 50 and this is insufficient to claim the uniqueness of EEG. ...
... Visual stimuli can meet the permanency requirements of biometric but it requires the support of external equipment and synchronization. Also, individual's familiarity for visual stimulation is easy to be confused [11]. ...
... Zeng et al. [56] utilized the P300 ERP triggered by Rapid Serial Visual Presentation (RSVP). The familiarity of different individuals with different pictures was also used to generate EEG signals containing discriminative information [11]. There is also a class of protocols that contain mental tasks. ...
... erefore, the feature code can be used as a unique key for identity authentication. However, the experiments conducted by Chiu et al. [91] show that attackers can perform impersonation attacks by imitating the tasks of legitimate users [91]. ...
... erefore, the feature code can be used as a unique key for identity authentication. However, the experiments conducted by Chiu et al. [91] show that attackers can perform impersonation attacks by imitating the tasks of legitimate users [91]. ...
Article
Full-text available
With the rapid development of brain-computer interface technology, as a new biometric feature, EEG signal has been widely concerned in recent years. The safety of brain-computer interface and the long-term insecurity of biometric authentication have a new solution. This review analyzes the biometrics of EEG signals, and the latest research is involved in the authentication process. This review mainly introduced the method of EEG-based authentication and systematically introduced EEG-based biometric cryptosystems for authentication for the first time. In cryptography, the key is the core basis of authentication in the cryptographic system, and cryptographic technology can effectively improve the security of biometric authentication and protect biometrics. The revocability of EEG-based biometric cryptosystems is an advantage that traditional biometric authentication does not have. Finally, the existing problems and future development directions of identity authentication technology based on EEG signals are proposed, providing a reference for the related studies.
Conference Paper
In recent years, the rapid proliferation of Brain-Computer Interface (BCI) applications has made the issue of security increasingly important. User authentication serves as the cornerstone of any secure BCI systems, and among various methods, EEG-based authentication is particularly well-suited for BCIs. However, existing paradigms, such as visual evoked potentials and motor imagery, demand significant user efforts during both enrollment and authentication phases. To address these challenges, we introduce a novel paradigm–Keystroke Evoked Potentials (KEP) for EEG-based authentication, which is secure, user-friendly, and lightweight. Then, we design an authentication system based on our proposed KEP. The core concept involves generating a shared cryptographic session key derived from EEG data and keystroke dynamics captured during random button-pressing activities. This shared key is subsequently employed in a Diffie-Hellman Encrypted Key Exchange (DH-EKE) to facilitate device pairing and establish a secure communication channel. Based on a collected dataset, the results demonstrate that our system is secure against various attacks (e.g., mimicry attack, replay attack) and efficient in practice (e.g., taking only 0.07 s to generate 1 bit).
Article
Driven by an increasing number of connected medical devices, Internet of Medical Things (IoMT), as an application of Internet of Things (IoT) in healthcare, is developed to help collect, analyze and transmit medical data. During the outbreak of pandemic like COVID-19, IoMT can be useful to monitor the status of patients and detect main symptoms remotely, by using various smart sensors. However, due to the lack of emotional care in current IoMT, it is still a challenge to reach an efficient medical process. Especially under COVID-19, there is a need to monitor emotion status among particular people like elderly. In this work, we propose an emotion-aware healthcare monitoring system in IoMT, based on brainwaves. With the fast development of EEG (electroencephalography) sensors in current headsets and some devices, brainwave-based emotion detection becomes feasible. The IoMT devices are used to capture the brainwaves of a patient in a scenario of smart home. Also, our system involves the analysis of touch behavior as the second layer to enhance the brainwave-based emotion recognition. In the user study with 60 participants, the results indicate the viability and effectiveness of our approach in detecting emotion like comfortable and uncomfortable, which can complement existing emotion-aware healthcare applications and mechanisms.
Conference Paper
Full-text available
Current problems related to high-level security access are increasing, leaving organizations and persons unsafe. A recent good candidate to create a robust identity authentication system is based on brain signals recorded with electroencephalograms (EEG). In this paper, EEG-based brain signals of 56 channels, from event-related potentials (ERPs), are used for Subject identification. The ERPs are from positive or negative feedback-related responses of a P300-speller system. The feature extraction part was done with empirical mode decomposition (EMD) extracting 2 intrinsic mode functions (IMFs) per channel, that were selected based on the Minkowski distance. After that, 4 features are computed per IMF; 2 energy features (instantaneous and teager energy) and 2 fractal features (Higuchi and Petrosian fractal dimension). Support vector machine (SVM) was used for the classification stage with an accuracy index computed using 10-folds cross-validation for evaluating the classifier's performance. Since high-density EEG information was available, the well-known backward-elimination and forward-addition greedy algorithms were used to reduce or increase the number of channels, step by step. Using the proposed method for subject identification from a positive or negative feedback-related response and then identify the subject will add a layer to improve the security system. The results obtained show that subject identification is feasible even using a low number of channels: E.g., 0.89 of accuracy using 5 channels with a mixed population and 0.93 with a male-only population.
Article
Full-text available
With the continuous increment of security risks and the limitations of traditional modes, it is necessary to design a universal and trustworthy identity authentication system for intelligent Internet of Things (IoT) applications such as an intelligent entrance guard. The characteristics of EEG (electroencephalography) have gained the confidence of researchers due to its uniqueness, stability, and universality. However, the limited usability of the experimental paradigm and the unsatisfactory classification accuracy have so far prevented the identity authentication system based on EEG to become commonplace in IoT scenarios. To address these problems, an audiovisual presentation paradigm is proposed to record the EEG signals of subjects. In the pre-processing stage, the reference electrode, ensemble averaging, and independent component analysis methods are used to remove artifacts. In the feature extraction stage, adaptive feature selection and bagging ensemble learning algorithms establish the optimal classification model. The experimental result shows that our proposal achieves the best classification accuracy when compared with other paradigms and typical EEG-based authentication methods, and the test evaluation on a login scenario is designed to further demonstrate that the proposed system is feasible, effective, and reliable.
Article
Full-text available
Cryptographic frameworks depend on key sharing for ensuring security of data. While the keys in cryptographic frameworks must be correctly reproducible and not unequivocally connected to the identity of a user, in biometric frameworks this is different. Joining cryptography techniques with biometrics can solve these issues. We present a biometric authentication method based on the discrete logarithm problem and Bose-Chaudhuri-Hocquenghem (BCH) codes, perform its security analysis, and demonstrate its security characteristics. We evaluate a biometric cryptosystem using our own dataset of electroencephalography (EEG) data collected from 42 subjects. The experimental results show that the described biometric user authentication system is effective, achieving an Equal Error Rate (ERR) of 0.024.
Article
Full-text available
Objective. Most current electroencephalography (EEG)-based brain–computer interfaces (BCIs) are based on machine learning algorithms. There is a large diversity of classifier types that are used in this field, as described in our 2007 review paper. Now, approximately ten years after this review publication, many new algorithms have been developed and tested to classify EEG signals in BCIs. The time is therefore ripe for an updated review of EEG classification algorithms for BCIs. Approach. We surveyed the BCI and machine learning literature from 2007 to 2017 to identify the new classification approaches that have been investigated to design BCIs. We synthesize these studies in order to present such algorithms, to report how they were used for BCIs, what were the outcomes, and to identify their pros and cons. Main results. We found that the recently designed classification algorithms for EEG-based BCIs can be divided into four main categories: adaptive classifiers, matrix and tensor classifiers, transfer learning and deep learning, plus a few other miscellaneous classifiers. Among these, adaptive classifiers were demonstrated to be generally superior to static ones, even with unsupervised adaptation. Transfer learning can also prove useful although the benefits of transfer learning remain unpredictable. Riemannian geometry-based methods have reached state-of-the-art performances on multiple BCI problems and deserve to be explored more thoroughly, along with tensor-based methods. Shrinkage linear discriminant analysis and random forests also appear particularly useful for small training samples settings. On the other hand, deep learning methods have not yet shown convincing improvement over state-of-the-art BCI methods. Significance. This paper provides a comprehensive overview of the modern classification algorithms used in EEG-based BCIs, presents the principles of these methods and guidelines on when and how to use them. It also identifies a number of challenges to further advance EEG classification in BCI.
Conference Paper
Full-text available
In this paper, we propose a screen unlocking system using an accelerometer and pressure sensor arrays mounted on a mobile phone as casual identification. The proposed system focuses on the user's behavioral characteristics when taking their mobile phone from their pocket and the pressure distribution when gripping the mobile phone during this motion. In the evaluation experiment, 12 out of 30 taking-out actions succeed to unlock the mobile phone screen, and our system achieved 0.43 FAR after 18 templates had been trained.
Conference Paper
Full-text available
This paper proposes an incremental learning approach to classify EEG signals for person authentication modelling. Biometric application receives only limited personal training data samples in practice. The knowledge granules that represent individual's biometric characteristics need to be updated from time to time, to ensure the authentication performance. This is even crucial when the initial personal data samples are not in good quality, i.e. contain noise. Hence, incremental update method in the proposed authentication model aims to reform the knowledge granules incrementally via model tuning. The proposed Incremental Fuzzy-Rough Nearest Neighbour (IncFRNN) algorithm is embedded with a heuristic update method which is able to reshape and reform the personalized knowledge granules through insertion and deletion of a test object. The proposed incremental update function updates separately on the personalized knowledge granules, based on similarity measures and predefined window size upon undesired performance. The proposed IncFRNN model was compared against its predecessor, the conventional FRNN model, to evaluate its performance for person authentication modelling using EEG signals. The results show that our proposed IncFRNN model has successfully yielded better results in terms of AUC.
Conference Paper
Full-text available
In this paper, we present the findings on the EEG channel selection and its impact on the robustness for EEG based person authentication. We test the effect of the enhancement threshold value (TeT_e), EEG frequency rhythms, mental task and the person identity on the selected EEG channels. Experimental validation of the work with publicly available EEG dataset, showed that the idle mental task provides the highest accuracy rates compared to other considered mental tasks. Moreover, we noticed that imaginary movement tasks provide better accuracy than actual movement tasks. Also for the frequency rhythm effect, the combined frequency rhythms increase the authentication accuracy better than using a single rhythm, so no single rhythm contains all the related identity information. Also for the TeT_e value, we found that the less TeT_e we consider, the more EEG channels to be included. Further, for the final part of this work, we tested if the selected channel are person specific. As a result, we found that EEG channel set, if selected for each person differently does enhance the authentication accuracy.
Article
Full-text available
Designing reliable user authentication on mobile phones is becoming an increasingly important task to protect users' private information and data. Since biometric approaches can provide many advantages over the traditional authentication methods, they have become a significant topic for both academia and industry. The major goal of biometric user authentication is to authenticate legitimate users and identify impostors based on physiological and behavioral characteristics. In this paper, we survey the development of existing biometric authentication techniques on mobile phones, particularly on touch-enabled devices, with reference to 11 biometric approaches (five physiological and six behavioral). We present a taxonomy of existing efforts regarding biometric authentication on mobile phones and analyze their feasibility of deployment on touch-enabled mobile phones. In addition, we systematically characterize a generic biometric authentication system with eight potential attack points and survey practical attacks and potential countermeasures on mobile phones. Moreover, we propose a framework for establishing a reliable authentication mechanism through implementing a multimodal biometric user authentication in an appropriate way. Experimental results are presented to validate this framework using touch dynamics, and the results show that multimodal biometrics can be deployed on touch-enabled phones to significantly reduce the false rates of a single biometric system. Finally, we identify challenges and open problems in this area and suggest that touch dynamics will become a mainstream aspect in designing future user authentication on mobile phones.
Article
Full-text available
Due to the frequency with which smartphone owners use their devices, effortful authentication methods such as passwords and PINs are not an effective choice for smartphone authentication. Past research has offered solutions such as graphical passwords, biometrics and password hardening techniques. However, these solutions still require the user to authenticate frequently, which may become increasingly frustrating over time. Transparent authentication has been suggested as an alternative to such effortful solutions. It utilizes readily available behavioral biometrics to provide a method that runs in the background without requiring explicit user interaction. In this manner, transparent authentication delivers a less effortful solution with which the owner does not need to engage as frequently. We expand the current research into transparent authentication by surveying the user, an important stakeholder, regarding their opinions towards transparent authentication on a smartphone. We asked 30 participants to complete a series of tasks on a smartphone that was ostensibly protected with varying degrees of transparent authentication. We then surveyed participants regarding their opinions of transparent authentication, their opinions of the sensitivity of tasks and data on smartphones, and their perception of the level of protection provided to the data and apps on the device. We found that 90% of those surveyed would consider using transparent authentication on their mobile device should it become available. Furthermore, participants had widely varying opinions of the sensitivity of the experiment’s tasks, showing that a more granular method of smartphone security is justified. Interestingly, we found that the complete removal of security barriers, which is commonly cited as a goal in authentication research, does not align with the opinions of our participants. Instead, we found that having a few barriers to device and data access aided the user in building a mental model of the on-device security provided by transparent authentication. These results provide a valuable understanding to inform development of transparent authentication on smartphones since they provide a glimpse into the needs and wants of the end user.
Conference Paper
Full-text available
Electroencephalograms (EEG) signals are unique but highly uncertain and difficult to process. Thus, identifying the appropriate feature vector and prediction model is essential to implement this modality for person authentication purposes. In this paper, we investigate the use of Fuzzy-Rough Nearest Neighbour (FRNN) classifier for person authentication modelling. Feature extraction is not the attention in this study. Thus, feature vectors like mean, cross-correlation and coherence were selected based on the literature review. They are used to extract visual evoked potentials (VEPs) brainwaves data from the lateral and midline electrodes to elicit training and testing datasets. The experiment simulations were performed in Weka environment to authenticate client from impostor based on a series of visual stimuli. The classification results of FRNN using implicator and t-norm were promising in terms of AUC measurement which has achieved a high sensitivity and low specificity prediction due to its ability in handling uncertainty situation. Nevertheless, feature selection is suggested in the future work to minimize the feature vectors especially in high features analysis in order to achieve a better generalized feature space in the authentication framework.
Article
Full-text available
More than ever before the Internet is changing computing as we know it. Global access to information and resources is becoming an integral part of nearly every aspect of our lives. Unfortunately, with this global network access comes increased chances of malicious attack and intrusion. In an effort to confront the new threats unveiled by the networking revolution of the past few years reliable, rapid, and unintrusive means for automatically recognizing the identity of individuals are now being sought. In this paper we examine an emerging non-static biometric technique that aims to identify users based on analyzing habitual rhythm patterns in the way they type.
Article
Full-text available
In this paper, we investigate the use of brain activity for person authentication. It has been shown in previous studies that the brain-wave pattern of every individual is unique and that the electroencephalogram (EEG) can be used for biometric identification. EEG-based biometry is an emerging research topic and we believe that it may open new research directions and applications in the future. However, very little work has been done in this area and was focusing mainly on person identification but not on person authentication. Person authentication aims to accept or to reject a person claiming an identity, i.e., comparing a biometric data to one template, while the goal of person identification is to match the biometric data against all the records in a database. We propose the use of a statistical framework based on Gaussian Mixture Models and Maximum A Posteriori model adaptation, successfully applied to speaker and face authentication, which can deal with only one training session. We perform intensive experimental simulations using several strict train/test protocols to show the potential of our method. We also show that there are some mental tasks that are more appropriate for person authentication than others.
Article
With the rapid development of mobile devices, smartphones have become common in people's daily lives, i.e., retrieving community happenings and connecting with peers. Due to the convenience, users often store a large amount of private information on their phones (e.g., photos) and use the phone to process sensitive operations (e.g., financial transactions). Thus, there is a great need to protect the devices from unauthorized access in order to avoid privacy leakage and financial loss. Passwords are the most widely used authentication method, but attackers can take over the phone after it is unlocked. Instead, behavioral authentication can verify current users in a continuous way, which can complement the existing authentication mechanisms like passwords. With the increasing capability of smartphone sensors, users can perform various touch actions to interact with their devices. Motivated by this, in this work, we focus on swipe behavior and develop SwipeVlock, a supervised unlocking mechanism on smartphones, which can authenticate users based on their way of swiping the phone screen with a background image. In the evaluation, we measure several typical supervised learning algorithms and conduct two user studies with over 150 participants. As compared with similar schemes, it is found that participants could perform well with SwipeVLock, i.e., with a success rate of 98% during login and retention.
Article
EEG is the recording of electrical activities of the brain, usually along the scalp surface, which are the results of synaptic activations of the brain’s neurons. In recent years, it has been shown that EEG is an appropriate signal for the biometric authentication and has important features such as resistance to spoofing attacks and impossibility to use under pressure and coercion states. In this paper, the state-of-the-art methods in EEG based authentication are reviewed. This review includes a number of aspects such as the various tasks that the user required to perform during the authentication, devices and available datasets, the preprocessing procedures and the classification methods used in the EEG biometric authentication. Both shallow and deep classification methods are reviewed in this paper. The study shows that the deep learning approaches which are used in the past few years, although still require further research, have shown great results. Moreover, the paper summarizes the works to address the open challenges of this area. The EEG authentication challenges have been discussed from a variety of points of view, including privacy, user-friendliness, attacks, and authentication requirements such as universality, permanency, uniqueness, and collectability. This paper can be used as a preliminary plan and a roadmap for researchers interested in EEG biometric.
Conference Paper
In the quest to devise new alternatives to password-based authentication, behavioral biometrics have become more and more appealing due to the improved usability that comes with their unobtrusiveness. One such type of biometric are brainwaves, which can be nowadays easily measured and used to prove a person's identity. Given the potential for this technology to be adopted in the near future, it is paramount to analyze its security implications. Furthermore, recent advances in brain computer interfaces make feasible the usage of brainwaves to prove users' identity. This work presents a comprehensive framework for assessing the vulnerabilities of brainwave authentication systems, incorporating new attack vectors that target specific features of brain biometrics. Resting on this theoretical groundwork, we analyze the existing literature on attacks and countermeasures, identifying gaps and providing a foundation for future research. Furthermore, we evaluated a subset of attacks identified through the framework and report our preliminary results.
Chapter
Support Vector Machine (SVM) has been widely used in EEG-based person authentication. Current EEG datasets are often imbalanced due to the frequency of genuine clients and impostors, and this issue heavily impacts on the performance of EEG-based person authentication using SVM. In this paper, we propose a new bias method for SVM binary classification to improve the performance of the minority class in imbalanced datasets. Our experiments on EEG datasets and UCI datasets with the proposed method show promising results.
Article
Modern mobile devices especially smartphones have rapidly evolved and are widely adopted by people of different ages. Smartphones can assist users in a variety of activities, i.e., from social networking to online shopping, but also have become an attractive target for cyber-criminals due to the stored personal data and sensitive information. The traditional authentication mechanisms like PIN suffer from well-known limitations and drawbacks in the security community; thus, touch behavioral authentication has recently received much attention. Intuitively, authentication based on free touches would be hard to build a stand-alone system. In this work, we advocate that such authentication can consider users’ actions under certain phone applications like web browser, and then propose a touch gesture-based authentication scheme, called TouchWB, with 21 features that can be extracted from web browsing gestures. For evaluation, we implemented the scheme on Android phones and conducted a user study involving 48 participants. Experimental results demonstrated that our approach could reduce the touch behavioral deviation by nearly half and achieve an average error rate of about 2.4% by using a combined classifier of PSO-RBFN.
Article
The Internet-of-Things (IoT) is an evolutionary paradigm seamlessly integrating an enormous number of smart objects within the Internet. Recently, with the rapid growth and universality of wearable technology, novel security threats are emerging at the system level as well as at edge nodes in IoT-based networks. In this study, we envision a future IoT scenario in which end-users are with smart wearable objects related to human brainwave retrieval. A novel transparent authentication system using brainwaves as bio-features for IoT-based networks is proposed. In brief, this study firstly provides a comprehensive review of transparent authentication in recent years and presents the state of the art of this important research field. Secondly, we investigate the feasibility of extracting long-term memory ability from users' brainwaves. Thirdly, we conduct the bio-features identified in the brainwaves of users as authentication tokens in the proposed authentication system which transparently performs continuous (or real-time) entity verification in the background without the need for direct input from the user. Experiment results demonstrate the efficacy of the proposed authentication system in achieving high verification accuracy. IEEE
Conference Paper
Today’s computer users have to remember several passwords for each of their accounts. It is easily noticed that people may have difficulty in remembering multiple passwords, which result in a weak password selection. Previous studies have shown that recall success rates are not statistically dissimilar between textual passwords and graphical passwords. With the advent of map-based graphical passwords, this paper focuses on multiple password interference and presents a pilot study consisting of 60 participants to study the recall of multiple passwords between text passwords and map-based passwords under various account scenarios. Each participant has to create six distinct passwords for different account scenarios. It is found that participants in the map-based graphical password scheme could perform better than the textual password scheme in both short-term (one-hour session) and long term (after two weeks) password memorability tests (i.e., they made higher success rates). Our effort attempts to complement existing studies and stimulate more research on this issue.
Article
The use of EEG as a biometrics modality has been investigated for about a decade, however its feasibility in real world applications is not yet conclusively established, due to the problems with collectability and reproducibility. To this end, we propose a readily deployable EEG biometrics system based on 'one-fits-all' viscoelastic generic in-ear EEG sensor, which does not require skilled assistance or cumbersome preparation. Unlike most existing studies, we consider data recorded over multiple recording days and for multiple subjects while, for rigour, the training and test segments are not taken from the same recording days. A robust approach is considered based on the resting state with eyes closed paradigm, the use of both parametric (autoregressive model) and non-parametric (spectral) features, and supported by simple and fast cosine distance and support vector machine classifiers. Both the verification and identification forensics scenarios are considered and the achieved results are on par with the studies based on impractical on-scalp recordings. Comprehensive analysis over a number of subjects, setups, and analysis features demonstrates the feasibility of the proposed ear-EEG biometrics, and its potential in resolving the critical collectability, robustness, and reproducibility issues associated with current EEG biometrics.
Article
Purpose This paper aims to evaluate the effect of multi-touch behaviours on creating Android unlock patterns (AUPs) by realising that users can perform more actions in touch-enabled mobile phones. Design/methodology/approach The author conducted two user studies with a total of 45 participates and performed two major experiments in the main user study. Findings The user study indicates that the multi-touch behaviours can have a positive impact on creating patterns; however, there are only nine touchable points for the original AUPs, which may reduce the usability when performing a multi-touch movement. Research limitations/implications An even larger user study could be conducted to further analyse the patterns generated by users, that is, to analyse the specific password space by integrating the behaviours of multi-touch and to involve more types of multi-touch behaviours in creating an AUP. Practical implications This work explores the effect of multi-touch movement on creating AUPs. The results should be of interest for software developers and security researchers for exploring the effect of multi-touch behaviours on the creation of graphical passwords on mobile phones. Originality/value The author conducts two user studies with a total of 45 participants to investigate the impact of multi-touch behaviours on creating AUPs. In addition, to address the issue of usability, the author proposes two ways: increasing the number of touchable points and improve the rules of pattern creation.
Conference Paper
Secure user authentication is a big challenge for smartphone security. To overcome the drawbacks of knowledge-based method, various graphical passwords have been proposed to enhance user authentication on smartphones. Android unlock patterns are one of the Android OS features aiming to authenticate users based on graphical patterns. However, recent studies have shown that attackers can easily compromise this unlock mechanism (i.e., by means of smudge attacks). We advocate that some additional mechanisms should be added to improve the security of unlock patterns. In this paper, we first show that users would perform a touch movement differently when interacting with the touchscreen and that users would perform somewhat stably for the same pattern after several trials. We then develop a touch movement-based security mechanism, called TMGuard, to enhance the authentication security of Android unlock patterns by verifying users’ touch movement during pattern input. In the evaluation, our user study with 75 participants demonstrate that TMGuard can positively improve the security of Android unlock patterns without compromising its usability.
Book
In the last fifteen years, a recognizable surge in the field of Brain Computer Interface (BCI) research and development has emerged. This emergence has sprung from a variety of factors. For one, inexpensive computer hardware and software is now available and can support the complex high-speed analyses of brain activity that is essential is BCI. Another factor is the greater understanding of the central nervous system, including the abundance of new information on the nature and functional correlates of brain signals and improved methods for recording these signals in both the short-term and long-term. And the third, and perhaps most significant factor, is the new recognition of the needs and abilities of people disabled by disorders such as cerebral palsy, spinal cord injury, stroke, amyotrophic lateral sclerosis (ALS), multiple sclerosis, and muscular dystrophies. The severely disabled are now able to live for many years and even those with severely limited voluntary muscle control can now be given the most basic means of communication and control because of the recent advances in the technology, research, and applications of BCI.
Conference Paper
With the embedding of EEG (electro-encephalography) sensors in wireless headsets and other consumer electronics, authenticating users based on their brainwave signals has become a realistic possibility. We undertake an experimental study of the usability and performance of user authentication using consumer-grade EEG sensor technology. By choosing custom tasks and custom acceptance thresholds for each subject, we can achieve 99% authentication accuracy using single-channel EEG signals, which is on par with previous research employing multi-channel EEG signals using clinical-grade devices. In addition to the usability improvement offered by the single-channel dry-contact EEG sensor, we also study the usability of different classes of mental tasks. We find that subjects have little difficulty recalling chosen “pass-thoughts” (e.g., their previously selected song to sing in their mind). They also have different preferences for tasks based on the perceived difficulty and enjoyability of the tasks. These results can inform the design of authentication systems that guide users in choosing tasks that are both usable and secure.
Conference Paper
Electroencephalography (EEG) signal has been used widely in health and medical fields. It is also used in brain-computer interface (BCI) systems for humans to continuously control mobile robots and wheelchairs. Recently, the research communities successfully explore the potential of using EEG as a new type of biometrics in user authentication. EEG-based user authentication systems have the combined advantages of both password-based and biometric-based authentication systems, yet without their drawbacks. In this paper, we propose to take the advantage of rich information, such as age and gender, carried by EEG signals for user authentication in multi-level security systems. Our experiments showed very promising results for the proposed multi-factor EEG-based authentication method.
Conference Paper
User authentication plays an important role in security systems. In general, there are three types of authentications: password based, token based, and biometrics based. Each of them has its own merits and drawbacks. Recently, the research communities successfully explore the possibility that electroencephalography (EEG) being as a new type of biometrics in person recognition, and hence the prospect of using EEG in user authentication is promising. An EEG-based user authentication system has the combined advantages of both password based and biometric based authentication systems, yet without their drawbacks. In this paper we propose to use EEG to authenticate users in multilevel security systems where users are asked to provide EEG signal for authentication by performing motor imagery tasks. These tasks can be single or combined, depending on the level of security required. The analysis and processing of EEG signals of motor imagery will be presented through our experimental results.
Article
Abstract This letter proposes a new multi-level approach for human biometric authentication using Electro-Encephalo-Gram (EEG) signals (brain waves) and eye blinking Electro-Oculo-Gram (EOG) signals. The main objective of this letter is to improve the performance of the EEG based biometric authentication using eye blinking EOG signals which are considered as source of artifacts for EEG. Feature and score level fusion approaches are tested for the proposed multi-level system. Density based and canonical correlation analysis strategies are applied for the score and feature level fusions, respectively. Autoregressive modeling of EEG signals (during relaxation or visual stimulation) and time delineation of the eye blinking waveform are adopted for the feature extraction stage. Finally, the classification stage is performed using linear discriminxant analysis. For evaluation, a database of 31 subjects performing three different tasks of relaxation, visual stimulation, and eye blinking was collected using Neursky Mindwave headset. Using eye blinking features, a significant improvement is achieved, in terms of correct recognition and equal error rates, for the proposed multi-level EEG biometric system over single level system using EEG only.
Conference Paper
In order to enhance security and protection capability, the integration of different biometric features to set up multimodal biometric authentication system is an effective way. It can provide complementary information to enhance recognition rate, and it can further enhance the reliability and stability of the identity authentication system. However, although the use of multimodal biometric feature has the advantage to maintain the maximal entropy, yet it will also affect at the same time the training result and operation performance of the classifier at the back end. In this study, we have associated face feature and iris feature to set up multimodal biometric feature vector with high identification rate, meanwhile, PSO is used to perform the optimization design of WPNN classifier architecture so as to realize high performance classifier applicable to multimodal biometric authentication. From the experimental results, it can be proved that the multimodal biometric authentication system as mentioned in this paper, in addition to possessing the feature of reliability and correctness, has also excellent characteristics such as simplified feature vector and fast operation, in other words, it has pretty high practical value.
Conference Paper
A moving kNN query continuously reports the k nearest neighbors of a moving query point. In addition to the query result, a service provider that evaluates moving queries often returns mobile clients a safe region that bounds the validity of query results to minimize the communication cost between the two parties. However, when a service provider is not trustworthy, it may send inaccurate query results or incorrect safe regions to clients. In this paper, we present a framework and algorithms to authenticate results and safe regions of moving kNN queries. Extensive experiments on both real and synthetic datasets show that our methods are efficient in terms of both computation time and communication costs.
Article
Experiments conducted to investigate the trade-off in a population of password users and their results are discussed. Various advices provided by experts to the users for memorizing passwords which are easy to remember and difficult to crack are presented. It is recommended that organizations should provide instruction and training on how to construct usable and secure passwords. It is suggested to use the output from a random password generator and to select a random string that can be pronounced and is easy to remember. The results confirm that users have difficulty remembring random passwords and that passwords based on mnemonic phrases are harder to guess.
Seeing is believing: authenticating users with what they see and remember
  • W Chiu
  • K.-H Yeh
  • A Nakamura
Current research on Internet of Things (IoT) security: a survey
  • MBM Noor
  • WH Hassan