Brain Wave Based AuthenticationBrain wave based authentication is the idea of authenticating an individual based on thoughts. In place of typing a password, the person involved is simply required to think about it instead. This can be an image, a color, a feeling, text or something else that a human mind may think about.
A functional human brain will generate continuous electric signals at all times. The difficult part is how to extract these signals and how to analyze them to provide individual differences that are consistent enough to use in authentication. This thesis will explain methods to capture consistent brain waves, how to analyze them, and discuss whether this kind of authentication has a potential future or not.
Brain wave based authentication is the idea of authenticating an individual based on thoughts. In place of typing a password, the person involved is simply required to think about it instead. This can be an image, a color, a feeling, text, or another scenario that cause the human brain to activate and process information.
A functional human brain will generate continuous electric signals at all times. The difficult part is how to extract these signals and how to analyze them to
provide individual differences that are consistent enough to use in authentication. If they are not consistent, meaning that the same person will not be able to provide roughly the same brain waves more than once, it will be useless for authentication. Everyone have experienced how people react different, even in the same situation, because we interpret information differently. Several factors will determine how a person reacts. Previous experience, personal mood, social relationships, gender, and age are just some of them. This thesis will explain methods to capture consistent brain waves, how to analyze them, and discuss whether this kind of authentication has a potential future or not.
There are three basic principles used in authentication; em something-you-have, something-you-know, and something-you-are. If users are authenticated by something-they-have like a key or passport, they have to be very careful not to loose the object or get it stolen. When something-they-know like a password or PIN code is required, the secret must never be written down forgotten, or told to others. Quite a formidable task. Especially considering the amount of different secrets like passwords and codes we have to remember today. It is also possible to ''shoulder-surfe'' a secret by looking at the very keyboard or panel where someone types their secret. Something-you-are involves authentication by using a biometric feature of a person as verification of the identity, called biometric authentication. Fingerprints, voice, face recognition, gait and other features or behavior which is unique between individuals can be used. But even this has problems. Some persons are able to mimic others, falsify fingerprints or use hardware that reconstructs a feature, i.e. the recording of another persons voice. An enrollment process is done for each individual user to create one or more templates which contains all the relevant data to describe the biometric feature of the user. Templates are used in the authentication process when the measured biometric data is matched against a template. The authentication data should match the enrollment template within a certain threshold.
Biometric authentication introduces two kinds of error rates, false match rate (FMR) and false nonmatch rate (FNMR). FMR is the case where a false identity is verified as true, and FNMR is the case where a true identity is verified as false. FMR and FNMR are introduced because the instruments that measure the features or behavior of a person rarely provide exactly the same data twice, even if the same person is measured. Which is why a threshold is used. A high threshold will accept a lot of true users (low FNRM), but also a lot of false users (high FMR) and vice versa. A good biometric authentication system should try too keep both these rates as low as possible.
The requirements of a biometric feature and the system utilizing it, is divided into seven parameters:
In addition, it should be user friendly, easy to implement, and inexpensive. Brain wave based authentication is a very interesting idea with this in mind. Every human has a brain (universality). It is always present and we can not forget it or loose it like an arm or eye. People with physical handicaps to the extreme of total or partial paralysis will also be included as potential users of the system. The complexity of the brain (distinctiveness) implies that it is impossible for a person to mimic another persons brain (circumvention), ensuring that FMR rates will be very low. And unlike a password, brain wave based authentication should never require you type your secret. A feature which makes it impossible for others to ''shoulder-surfe'' your secret. Recent research provided a novel idea of using Brain-Computer Interface(BCI) technology to authenticate users by measuring electric activity in the brain. The idea is that users just think about their password to be authenticated. Either letter by letter or the whole password. It is of course possible to forget the very image or password you are supposed to think about. A minor problem indeed. Even if you write the password down or tell it to others, they can not reproduce your brain wave patterns.
Because it is a new kind of technology with little research and no implementations yet, brain wave authentication may prove to be expensive first and even somewhat
non user-friendly i.e. if it requires users to wear equipment (low acceptability). But over time, should it prove feasible to implement, every party involved in the
authentication process will benefit from this technology. The company that wishes to protect something will have high security, those who manufacture the technology will have a huge customer base, and users do not have to loose, forget or be something they are unable to achieve.
As mentioned, brain wave based authentication is a rather new idea in terms of previous research and results available. This thesis will hopefully identify problems that may be encountered when implementing such a system. Algorithms to analyze data have to be reviewed and probably improved in a feasible manner. It is very important that measured data is consistent. Viable results on how to achieve this will be significantly easier to produce if existing technology to measure brain waves can be used.
