For identification of users suggested to use
For identification of users suggested to use "brain passwords"
American researchers have figured out how to use evoked potential as passwords — waves that are emitted by different areas of the brain in response to images shown to humans. According to a press release from the University of New York at Buffalo, on the one hand, these passwords remain biometric, and on the other, unlike fingerprints or irises, they can be quickly changed by changing the incentive. The authors will present the results of the study at the 16th International Conference on Mobile Systems MobiSys 2018, which will be held from June 10 to 15 in Munich.
In recent years, biometric data (fingerprints, iris, face or voice recognition) is widely used instead of passwords. On the one hand, they are unique, on the other - sometimes it’s easy to fake them. So, in the work of two years ago, engineers were able to unlock the smartphone of a deceased person using a photograph of his fingerprints. And the iris scanner can be fooled by having a good photo and contact lenses. "Putting on" a stranger’s face is no longer a problem either - computer experts have developed a technology that allows you to transfer the emotions of a real person to his avatar, and another group of researchers created an algorithm that allows you to exchange facial expressions in video chat.
Researchers from the University of New York at Buffalo, led by Wenyao Xu, decided to use biometric data as passwords that, on the one hand, would be unique to each person, and on the other hand, it would be easy to replace them. Scientists decided to use evoked potential (VP) - the waves that the brain emits in response to images or text. This characteristic is unique for each person, since all people have different experiences. For example, a person who has been bitten by a dog will react to images of dogs differently from those whom the dogs did not bite. Since the reaction is unconscious and does not depend on the will of a person, it is impossible to fake it. At the same time, if the database with pictures is stolen, they are easy to change and, accordingly, the reaction of the brain will change.
An electroencephalograph is used to measure brain activity, the authors adapted a headset for measurements, from which most of the electrodes were removed, leaving six to three to measure the activity of different areas of the brain, two as ground and one as a reference. Using a headset, the activity of three regions of the brain was measured: the inter-dark furrow, which is associated with explicit memory (memory for events); inferior parietal lobe associated with facial recognition and temporoparietal node, which plays a role in understanding the text.
To test the technology, researchers invited 179 volunteers. 93 of them were men, 86 - women; the average age of participants is 30 years. They put on a headset for volunteers and showed them photographs of animals (declarative memory began to work), photographs of celebrities (face recognition) and short phrases (understanding of the text). Each picture was shown for 200 milliseconds, with a 200-millisecond gap between them. A single cycle took 1.2 seconds. It was repeated four times and received a “brain password”, which was uploaded to the database. The whole procedure took less than five seconds and was repeated 20 times for each participant. Researchers also tested the robustness of data against hacking. Each participant was shown several sets of pictures, and accordingly, received several new “brain passwords”. Then one of them was used as a worker, and the participant tried to log into the system using other sets of pictures.
In two other series of experiments, the authors checked the durability of passwords. They were attended by 78 people out of 179. The second time they were invited five days later, the third - five months after the first series of experiments. This time, the researchers showed the participants the same pictures as during the first experiment, and checked whether the participants' brain activity coincided with the reference one. The accuracy of the method turned out to be higher than 95 percent in all three series of experiments, only when checking after five months the effectiveness of passwords fell by one percent.
The authors note that many users do not like to wear a headset to create a password or enter the system. However, if it looks, for example, like Google Glass, the attitude towards it may change. In addition, it is possible that companies that care about security will begin to use the technology first, and will train their employees to it, and then the rest will catch up.
Creating brain passwords is not the first attempt to ensure security, but at the same time, the interchangeability of biometric data. Last year, Chinese scientists introduced a technology that analyzes the movement of the lips of a person who pronounces a password.