‘Brainprints’ could replace passwords

June 3, 2015

Sarah Laszlo, an assistant professor of psychology, adjusting an EEG electrode (credit: Jonathan Cohen, Binghamton University)photographer

The way your brain responds to certain words could be used to replace passwords, according to a study by researchers from Binghamton University, published in academic journal Neurocomputing.

The psychologists recorded volunteers’ EEG signals from volunteers reading a list of acronyms, focusing on the part of the brain associated with reading and recognizing words.

Participants’ “event-related potential” signals reacted differently to each acronym, enough that a computer system was able to identify each volunteer with 94 percent accuracy, using only three electrodes.

The results suggest that brainwaves could be used by security systems to verify a person’s identity.

Better than fingerprints or retinal patterns in the eye

According to Sarah Laszlo, assistant professor of psychology and linguistics at Binghamton University and co-author of the Neurocomputing paper, brain biometrics are appealing because they are cancellable (can be reset) and cannot be stolen by malicious means, such as copying a fingerprint.

“If someone’s fingerprint is stolen, that person can’t just grow a new finger to replace the compromised fingerprint — the fingerprint for that person is compromised forever. Fingerprints are ‘non-cancellable.’ Brainprints, on the other hand, are potentially cancellable.

So, in the unlikely event that attackers were actually able to steal a brainprint from an authorized user, the authorized user could then ‘reset’ their brainprint,” Laszlo said, meaning the user could simply record the EEG pattern associated with another word or phrase.

Useful in high-security environments

Sample correctly classified brainprint recording (credit: B.C. Armstrong/Neurocomputing)

Zhanpeng Jin, assistant professor at Binghamton University’s departments of Electrical and Computer Engineering, and Biomedical Engineering, doesn’t see brainprint as the kind of system that would be mass-produced for low security applications (at least in the near future*) but it could have important security applications.

“We tend to see the applications of this system as being more along the lines of high-security physical locations, like the Pentagon, where there aren’t that many users that are authorized to enter, and those users don’t need to constantly be authorizing the way that a consumer might need to authorize into their phone or computer,” Jin said.

The project is funded by the National Science Foundation and Binghamton University’s Interdisciplinary Collaborating Grants (ICG) Program.

* Widespread use of low-cost EEG devices could potentially change that.

Abstract of Brainprint: Assessing the uniqueness, collectability, and permanence of a novel method for ERP biometrics

The human brain continually generates electrical potentials representing neural communication. These potentials can be measured at the scalp, and constitute the electroencephalogram (EEG). When the EEG is time-locked to stimulation – such as the presentation of a word – and averaged over many such presentations, the Event-Related Potential (ERP) is obtained. The functional characteristics of components of the ERP are well understood, and some components represent processing that may differ uniquely from individual to individual—such as the N400 component, which represents access to the semantic network. We applied several pattern classifiers to ERPs representing the response of individuals to a stream of text designed to be idiosyncratically familiar to different individuals. Results indicate that there are robustly identifiable features of the ERP that enable labeling of ERPs as belonging to individuals with accuracy reliably above chance (in the range of 82–97%). Further, these features are stable over time, as indicated by continued accurate identification of individuals from ERPs after a lag of up to six months. Even better, the high degree of labeling accuracy achieved in all cases was achieved with the use of only 3 electrodes on the scalp—the minimal possible number that can acquire clean data.