BMI Biometrics: What don’t we know?

Brain-machine interfaces are a biometric that's been untapped by leading governments and tech companies. Can we use anonymization techniques like homomorphic encryption to create computational barriers to fake-accounts?

Today’s EEG’s are commerical, having gelless electrode contacts for convenient recording outside the scalp. They are wirelessly compatible with mobile phones, cost far less than comparable biometric devices, and have established themselves as a novel consumer item. Given the unique advantages to BMIs already discussed (continuous verification, covert warnings, and inclusiveness), as well as their headcap design, EEGs could soon play a role in consumer virtual reality systems, as well as a corporate setting. Since many people could soon rely on the security of BMI biometrics, it is important that the major questions still unanswered in this underdeveloped field are brought to light.

While a large number of BMI studies involving EEGs have proven its ability to identify persons, there is a dearth in the field analyzing its potential for subverting security protocols. To date, only one study has evaluated security systems for storing EEG template data (see next section, or [16]), and only one has evaluated attacks on such a system (see [17]). This is probably because BMIs have yet to reach mainstream adoption, and there are no well-accepted protocols for BMIs in security systems. Once a standardized BMI security protocol is accepted, it will be easier to evaluate the BMI’s robustness in defense against spoofing.

Aside from the security issues, a number of basic, brain-based questions have  yet to be answered in the neuroscientific literature. The first has not been explored since the early, low-resolution studies. Can a brainwave identify differences between identical twins? This question is particularly relevant when looking at task-based biometric systems, which tend to have higher classification rates than resting-state studies (as were initially performed). Additionally, there are a multitude of effective mathematical models (Table 1) which could distinguish themselves on the basis of identifying identical twins.

Another concern on which research is sparse is that brainprints tend to change over a person’s lifetime. Initial research in this area suggests brainprints reach a mature, recognizable pattern shortly after puberty (age 19-20 years[6]), and become involuted with old age. In biometric studies, degradation of classifier performance due to this effect has been variable. Depending on the task used in the experiment, some classifiers have been found to degrade over a period of days [13] or weeks [18,19], while others have lasted up to 6 months [20]. In Marcel and Milan [13], there are indications that higher, long-lasting classification rates can be obtained when training data is collected over a period of days. A solution may be to have a short but infrequent training sessions over a week to establish a person’s identity, then update a person’s recording parameters each time they access sensitive data. Integrated with a password or “resting” EEG parameters, this may allow for effective updates to a person’s security parameters.

Two basic types of experiments exist in the BMI biometric literature: identification, and authentication. While identification experiments are more common, and may be a strong correlation for BMI’s authentication ability, they are far less practical in security settings. For BMIs, person-identification can be thought of as studies that pick out a person from a large group based on brainwave data recorded during a commontask. These experiments often involve recording resting-state brain features with no real active engagement by the user, and often have a lower classification rate. Alternatively, authentication protocols rely on a single task or series of tasks to identify a user. An authentication protocol should rely on a person using a series of “imaginations” known only to them (such as a password, mental image, or mental rotation of an object) to produce a distinct set of brainwaves. This person seems to ‘authorize’ a person based on this thought, regardless of how many members of the population make an attempt. Additionally, should a person be verbally instructed on how to make another’s “password thought”, the system should still reject this nefarious poser.

Though various types of “password thoughts” have proven effective throughout the literature (see next section), the next step to determine whether verifiable thoughts can be mimicked by nefarious individuals. One paradigm could involve a person viewing “live” brain recordings of both themselves and another, and attempting to alter their brain recordings to match that of the first person. The question of whether authenticating thoughts can be mimicked is particularly relevant in the case of identical twins. As a whole, the field of BMI biometrics must focus on developing studies that have “person-authentication” in mind, rather than person-identification.

Unfortunately, like biometrics as a whole, BMI authentication protocols may be at risk of a singular attack focused on obtaining or altering template parameters. To counter this, many biometric systems focus on key-binding architectures, which combine biometric templates with binary keys.  With properly chosen parameters, this protected setup approaches recognition rates close to those that are unprotected, and provides a quantifiable security-level of about 40 bits for this task.[14]

One long-held concern regarding the use of EEGs is the amount of time needed to train the classifier. In [31], it was noted that an increase in training time generally results in greater classifier performance. In this study, LVM classification had the highest classification rate (greater than 95%) after about 29 sessions, with each session consisting of 1-minute of recording (though interestingly, for a smaller number of training sessions, support vector mechanics was more effective). Although training sessions may be lengthy compared to other biometrics, [32] found that individual characteristics can be elucidated with an 88% classification rate based on only 0.2 second bins.

Lastly, a final concern of using BMIs as a biometric is privacy compliance. A brain recording may unveil personal health information of the recorded subject, such as a history of stroke or mental illness, epilepsy, or even alcoholism [21]. A severe trauma to the head or acute development of a neurodegenerative disease (such as a stroke) may lead to an unidentifiable brain pattern. Since BMI recordings are genetically-linked, they may one day be correlated with racial or other physical characteristics, permitting brainprints to identify an unknown individual.

Almost a decade ago, large-scale studies examining the nuances of a BMI-biometric protocol would have been too expensive to pursue. Today, there are numerous small-scale studies that approach BMI biometrics purely based on the potential of the underlying brainwave signal, and without regard to advances in encryption and decentralized machine learning. A number of replicable studies by those who recognize the potential for a one-person-one-vote internet and user-rate-limited, feeless transactions are needed before BMIs can be recommended for use in high-risk security settings.

Table 1: Person-identification in EEG biometrics and their classification. Taken from [22]

eeg1.png [23]

.. others

Citations (posts continued in other pages)


  5.       D&d – Need to find this citation still again
  6.       – Lost this citation too
  13.   S. Marcel, J. R. Millan. Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(4):743–748, April 2007.


  4.   – Need to find citation for this one as well  
  5.   Auditory potentials –!etd.send_file?accession=ucin1439300974&disposition=inline
  9.   Facial movements, eeg authentication using artifacts
  10.   Multi-level approach based on eye-blinking
  12.   DOI is good
  13.   DOI vs fMRI –


One thought on “BMI Biometrics: What don’t we know?”

Leave a Reply

Your email address will not be published. Required fields are marked *