In the not too distant future, hands could become obsolete. Well, at least for surfing the Web. You’ll just put on your Google Glass and log in by thinking your password.
“When wearable computing becomes mainstream, new forms of authentication will become more natural and preferable to traditional ones,” he stated. The technology also combats what Chuang called the “shoulder-surfing attack,” when someone looks over your shoulder to watch you type in a password or PIN.
The idea of biometrics, or identifying people based on their personal characteristics, is nothing new. In the 1980’s scientists proposed using fingerprints, retina scans, and facial recognition systems instead of passwords, although such technology never caught on outside of movies.
Recently, security researchers have proposed using electroencephalograms (EEGs), or brainwave measurements, to replace passwords with “pass-thoughts.” But this method proved to be expensive and cumbersome, until Chuang and his team showed that measuring brainwaves could be done cheaply, accurately, and non-invasively.
For their study the team used the Neurosky Mindset, a $100 consumer-grade Bluetooth headset. The headset includes a single-channel EEG sensor that rests on the forehead, and lets users play brain games or watch how their brain reacts to different stimuli.
Study participants performed seven different tasks to test what kinds of pass-thoughts were easy to do, easy to replicate, and most enjoyable. In three of the tasks participants all performed the same task, in the other four users chose a secret, personalized task.
The researchers found that people preferred tasks like focusing on their breathing, counting objects of a certain color, and imagining singing a song of their choice. The participants also had no trouble recalling their pass-thoughts, and their brainwaves were distinguishable even when performing mental tasks that did not involve personal secrets, such as the breathing exercise.
Next up, Chuang plans to study impersonation attacks on the system. For example, how robust would the authentication be against a friend who knows your favorite song and how you sing it?
When asked what he would choose as his own pass-thought, Chuang said, “the Star Wars anthem,” although he may have to change that now.