System authentication could one day be widely achieved through brainwaves, scientists say. Simply thinking of certain things, such as a person's face, or a rotating displayed cube would be enough to unlock a device.
Electro-encephalography (EEC) sensors are behind the technique. That’s where electrical activity in certain parts of the brain is recorded. We know it as the wavy, graphical lines on charts created from wired electrodes placed on the scalp, as seen in hospitals and TV shows. They're used in that environment to diagnose epilepsy, among other things.
+ Also on Network World: 5 things you should know about two-factor authentication +
In this case, though, one wouldn’t need to be fitted with a cumbersome apparatus—or even a headset, which is used already in some current non-muscular EEC computer controls. An earbud will collect the “mental gesture” signals and perform secure authentication.
“This research could provide hands-free interaction, authentication, and a seamless and comfortable user experience, all in the form-factor of a typical earbud,” says University of California Berkeley on its website.
EEC brain-computer interfaces (BCIs) and “Passthoughts,” as the Berkeley researchers call their idea, isn’t entirely new. Indeed “brain-reading” headsets are on the market, ranging from $100 to $400, according to one (PDF) of the two 2016 Berkeley papers. The same engineers wrote about their idea in 2013. But in this new spin, they now say it’s practical to use low-cost hearing-aid-sized earbuds rather than a larger headphone set.
That “head-worn form factor and awkward visibility” have limited development of Passthoughts, the university says. A bit like how Google Glass, the 2012 optical head-mounted display that looked like a peculiar form of eye glasses, received a mixed reception, the appearance has to be acceptable.
In this case, the device could be virtually invisible—it’s inserted into the ear canal.
Accuracy is not bad, the researchers say. “Average best-case accuracy was 85.4 percent,” the paper says.
One question is whether people will want to wear the devices. Subjects asked were divided. The scientists speculate that take-up could be enhanced with better ergonomics. In their recent testing, they used a $100 consumer device that they modified.
“In-ear EEG offers potential advantages to usability over scalp-based EEG,” the paper says. Issues to be looked at include people feelings about being monitored by EEG—it’s collecting thoughts, after all.
Bio-sensing is multi-factor authentication
However, bio-sensing, such as found in EEG does check the boxes when it comes to multi-factor authentication—and then some. Indeed, John Chuang, one of the scientists, wrote a paper in 2014 in which he suggested wearable bio-sensors used for authentication should be called a “one-step two-factor authentication” method.
Regular two-factor authentication is where “two presented authenticators must belong to two distinct factor types, for example, a knowledge factor, a possession factor, an inheritance factor,” Chuang explains in the paper (PDF). In other words a PIN number and a bank card, for example.
But two steps aren't required to perform two-factor authentication, Chuang proposes. The second factor presents a hassle and should be avoided if possible. A card is one thing, but remembering and entering a PIN is another.
Bio-authentication removes that second step of the two-factor authentication. “Keystroke dynamics” is one example of that. Bio-signals from the brain, or Passthoughts, is another example. Although, one could argue that the earbud is a second-step element.
A potential problem with Passthoughts is that users will look like dorks a la Google Glass. A discrete earbud could alleviate the gearhead doofus factor.
This article is published as part of the IDG Contributor Network. Want to Join?