Security Applications: Beyond Biometrics

A number of novel study designs have made use of the unique characteristics of BMIs to produce results that are not possible with other methods of verification.

The first example is Project Oblio. Project Oblio has an ambitious goal; to create a human-only area of the internet, beginning with a decentralized form of reCAPTCHA. If such a liveness detectable signal is also a biometric, then Project Oblio can create an anti-Sybil internet, with rate-limited cryptocurrency transactions at the user level, and ensure that everybody (even whales) have exactly one vote within Project Oblio’s government, prediction markets, and any other straw poll you might desire to post.

Another example is the bio-cyber machine gun (BCMG). This EEG-based password-validator works through a spin-off of the oddball paradigm, called the “spelling paradigm”. Letters that may be used in a password are grouped in regions, and a second set of letters are used to label these grouped regions. The region-letters (second set) are then flashed to a person wearing an EEG cap, in a random order. When a user is flashed the region-letter that corresponds to the region containing the desired letter in their password, their brain non-consciously emits a P300 brainwave, due to their underlying surprise or “peaked interest” correlated with the P300 inflection. (The P300 is commonly examined in commercial neuromarketing systems.) On the next go-round, a person is shown only the letters in their selected region, and can then choose the letter that comes next in their password. [24] Repeating this task, passwords can be strung together that have levels of entropy on a cryptographic level, as well as being tied to the biometric identity of a person’s brainwaves.

Another application involves EEGs in smart-home appliances for the disabled. In this set-up, visually-evoked potentials are able to both authenticate homeowners and reject nefarious individuals. An additional classifier based on imagined motor actions allow a disabled person to perform tasks, such as turn on and turn off lights, with moderately-high success (up to 85%). For those who may be quadriplegic, simple tasks such as turning a key in a locked door are impossible. Thus, a BMI set-up such as this provides not just security, but mobility, control, and independence, all with a single headcap. [25]

Brainwaves have also been used to generate a replicable PIN using a single-channel, commercial grade EEG [26]. Subjects underwent the oddball paradigm, viewing random presentations of digits 0-9. When the “password” digit was presented, a measurable brain wave called the P300 was produced, quite similar to the BCMG. Though the PIN was repeatedly classified with 100% accuracy initially, a latter publication by the same group indicated their classifier performance degraded each month of time following the training session (down to 78% for one subject after 3 months) [19].  This is one of the few studies looking at BMI biometric classifier degradation over time.

A protocol mentioned earlier utilizes recognition of EEG artifacts as a “covert warning” feature in the case of threat. The idea behind covert warning is that an authorized subject put at risk is capable of secretly broadcasting an alert that they are under attack, without alerting their attackers that they are calling for help. In this experiment, identified users wearing EEG caps clenched their teeth three times to produce sharp voltage spikes on the EEG trace, allowing for a signal to be detected 100% of the time. During this process, personal-identification rates dropped from 93% to 90%, a small drop-off considering the feature bonus. This is one of the only studies to expand on use cases for continuous verification. Notably, training data for this study was collected during various mental states (before and after caffeine intake, early and late in the day, etc.), which may have lead to its high classification rate. [14]

An increasingly  popular feature of security systems is the use of multi-factor authentication. Multi-factor authentication relies on a number of security measures, such as a fingerprint and a password, to authenticate an individual. Basic multi-factor authentication systems using BMIs have been reported in the literature [27]. However, BMIs are unique in that nearly any repeatable stimuli or task produces a distinguishable brain pattern. Thus, BMIs offer an endless number of “multi-task” authentication opportunities, all with a single headcap.

Quite recently, [28] proposed a multi-task learning system for BMI verification that interweaved information from finger-movement tasks to maximize learning. Subjects were asked to imagine moving either their left or right index finger. As was the case in [XX], the subject’s left side recordings were more distinguishable, but the greatest discrimination was obtained when using both the left and right side data together. These studies show that though some features are more reliable than others, integrating multi-factor authentication can produce even better security system than with one task, without the need for additional hardware.

Tasks that could be integrated into a multi-task authentication system include resting EEG state (including closed and opened eyes, see Table 1), imagined speech [10],  visually-evoked potentials for different objects (see [30], also Table 2), auditory-evoked potentials [29], solving a mathematical task [38], and imagining the rotation of an object or body part [13,38].  As implied, a user may choose which or however many of these stimuli to train their classifier on, adding a further security measure to this protocol.

Table 2: Classification accuracy of visually-evoked potentials using EEG.





  5.       D&d – Need to find this citation still again
  6.       – Lost this citation too
  13.   S. Marcel, J. R. Millan. Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(4):743–748, April 2007.


  4.   – Need to find citation for this one as well  
  5.   Auditory potentials –!etd.send_file?accession=ucin1439300974&disposition=inline
  9.   Facial movements, eeg authentication using artifacts
  10.   Multi-level approach based on eye-blinking
  12.   DOI is good
  13.   DOI vs fMRI –


Leave a Reply

Your email address will not be published. Required fields are marked *