Computers That Can Identify You by Your Thoughts
The project was led by School of Information professor John Chuang, along with Hamilton Nguyen, an undergraduate student in electrical engineering and computer science; Charles Wang, a first-year I School MIMS student; and Benjamin Johnson, formerly a postdoctoral scholar at the I School. Chuang presented the team’s findings this week at the 2013 Workshop on Usable Security at the Seventeenth International Conference on Financial Cryptography and Data Security in Okinawa, Japan.
New consumer-grade EEG devices
Traditional clinical EEGs typically employ dense arrays of electrodes to record 32, 64, 128, or 256 channels of EEG data. New consumer-grade headsets, on the other hand, use just a single dry-contact sensor resting against the user’s forehead, providing a single-channel EEG signal from the brain’s left frontal lobe.The research team used the Neurosky MindSet, which connects to a computer wirelessly using Bluetooth and can be purchased for approximately $100. “Other than the EEG sensor, the headset is indistinguishable from a conventional Bluetooth headset for use with mobile phones, music players, and other computing devices,” according to the researchers.
Will it work?
But will this new technology work for computer authentication? Is it secure, accurate, and reproducible enough to replace passwords? And more importantly, would people actually be willing to use it? The research project has preliminary answers to all three of these questions: yes, yes, and (probably) yes.The team conducted a series of experiments to determine whether the single EEG channel provided high enough signal quality for accurate authentication. For authentication, the computer needs to be able to accurately and consistently distinguish your brainwave patterns from someone else’s.
By selecting customized tasks for each user and then customizing each user’s authentication thresholds, the team was able to reduce error rates to below 1%, comparable to the accuracy of more invasive multi-channel EEG signals.
But accuracy isn’t enough. If a system is a pain, people will refuse to use it, no matter how accurate it is. The new generation of brainwave readers are much more user-friendly than before, but the team also focused on finding mental tasks that are enjoyable to users.
Seven mental tasks
The researchers measured participants’ brainwaves while they performed seven different mental tasks. Users were asked to do two types of tasks: three where everyone performed the same task and four where users had individual secrets. For tasks of the first group, participants were asked to focus on their own breathing, imagine moving their finger up and down, or listen for an audio tone and then respond to the tone by focusing on a dot on a piece of paper.In tasks where participants could choose a personalized secret, they were asked to imagine performing a repetitive motion from a sport of their choice (like swinging a golf club or kicking a ball), imagine singing a song of their choice, watch a series of on-screen images and silently count the objects that match a color of their choice, or choose their own thought and focus on that thought for ten seconds.
All seven of the tasks provided enough information to successfully authenticate the users. In fact, the personalized tasks weren’t significantly more accurate than the tasks where everyone did the same thing.
The key to the success of a brainwave authenticatio
