Neurokey: Towards a new paradigm of cancelable biometrics-based key generation using electroencephalograms

Abstract Background. Brain waves (electroencephalograms, EEG) can provide conscious, continuous human authentication for the proposed system. The advantage of brainwave biometry is that it is nearly impossible to forge or duplicate as the neuronal activity of people are distinctive even when they think about the same thing. Aim. We propose exploiting the brain as a biometric physical unclonable function (PUF). A user's EEG signals can be used to generate a unique and repeatable key that is resistant to cryptanalysis and eavesdropping, even against an adversary who obtains all the information regarding the system. Another objective is to implement a simplistic approach of cancelable biometrics by altering one's thoughts. Method. Features for the first step, Subject Authentication, are obtained from each task using the energy bands obtained from discrete Fourier transform and discrete wavelet transform. The second step constituting the Neurokey generation involves feature selection using normalized thresholds and segmentation window protocol. Results. We applied our methods to two datasets, the first based on five mental activities by seven subjects (325 samples) and the second based on three visually evoked tasks by 120 subjects (10,861 samples). These datasets were used to analyze the key generation process because they varied in the nature of data acquisition, environment, and activities. We determined the feasibility of our system using a smaller dataset first. We obtained a mean subject classification of 98.46% and 91.05% for Dataset I and Dataset II respectively. After an appropriate choice of features, the mean half total error rate for generating Neurokeys was 3.05% for Dataset I and 4.53% for Dataset II, averaged over the subjects, tasks, and electrodes. A unique key was established for each subject and task, and the error rates were analyzed for the Neurokey generation protocol. NIST statistical suite of randomness tests were applied on all the sequences obtained from the Neurokey generation process. Conclusions. A consistent, unique key for each subject can be obtained using EEG signals by collecting data from distinguishable cognitive activities. Moreover, the Neurokey can be changed easily by performing a different cognitive task, providing a means to change the biometrics in case of a compromise (cancelable).

[1]  Jianjun Wang,et al.  A review of the commercial brain-computer interface technology from perspective of industrial robotics , 2010, 2010 IEEE International Conference on Automation and Logistics.

[2]  Ramaswamy Palaniappan,et al.  Improving visual evoked potential feature classification for person recognition using PCA and normalization , 2006, Pattern Recognit. Lett..

[3]  Bhagavatula Vijaya Kumar,et al.  Biometric Encryption: enrollment and verification procedures , 1998, Defense + Commercial Sensing.

[4]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[5]  David Zhang,et al.  An Analysis on Accuracy of Cancelable Biometrics Based on BioHashing , 2005, KES.

[6]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[7]  Kenneth Revett,et al.  Biosignals for User Authentication - Towards Cognitive Biometrics? , 2010, 2010 International Conference on Emerging Security Technologies.

[8]  Ramaswamy Palaniappan,et al.  A new method to identify individuals using signals from the brain , 2003, Fourth International Conference on Information, Communications and Signal Processing, 2003 and the Fourth Pacific Rim Conference on Multimedia. Proceedings of the 2003 Joint.

[9]  M Poulos,et al.  Person Identification from the EEG using Nonlinear Signal Classification , 2002, Methods of Information in Medicine.

[10]  Z. Keirn,et al.  A new mode of communication between man and his surroundings , 1990, IEEE Transactions on Biomedical Engineering.

[11]  Robert Oostenveld,et al.  The five percent electrode system for high-resolution EEG and ERP measurements , 2001, Clinical Neurophysiology.

[12]  Charles Wang,et al.  I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves , 2013, Financial Cryptography Workshops.

[13]  H. Jasper,et al.  The ten-twenty electrode system of the International Federation. The International Federation of Clinical Neurophysiology. , 1999, Electroencephalography and clinical neurophysiology. Supplement.

[14]  H. Olesen,et al.  ID Proof on the Go: Development of a Mobile EEG-Based Biometric Authentication System , 2012, IEEE Vehicular Technology Magazine.

[15]  Andy Adler Cancelable Biometrics , 2015, Encyclopedia of Biometrics.

[16]  L. Benedicenti,et al.  The electroencephalogram as a biometric , 2001, Canadian Conference on Electrical and Computer Engineering 2001. Conference Proceedings (Cat. No.01TH8555).

[17]  Debin Gao,et al.  Fighting Coercion Attacks in Key Generation using Skin Conductance , 2010, USENIX Security Symposium.

[18]  F. Vogel,et al.  The genetic basis of the normal human electroencephalogram (EEG) , 1970, Humangenetik.

[19]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[20]  A. Tellegen,et al.  Genetic determination of EEG frequency spectra. , 1974, Biological psychology.

[21]  Isao Nakanishi,et al.  EEG based biometric authentication using new spectral features , 2009, 2009 International Symposium on Intelligent Signal Processing and Communication Systems (ISPACS).

[22]  José del R. Millán,et al.  Person Authentication Using Brainwaves (EEG) and Maximum A Posteriori Model Adaptation , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[23]  Arne Öhman,et al.  The role of the amygdala in human fear: Automatic detection of threat , 2005, Psychoneuroendocrinology.

[24]  Miguel A. L. Nicolelis,et al.  Brain–machine interfaces: past, present and future , 2006, Trends in Neurosciences.

[25]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[26]  Anil K. Jain,et al.  Biometric cryptosystems: issues and challenges , 2004, Proceedings of the IEEE.

[27]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[28]  J. G. Snodgrass,et al.  A standardized set of 260 pictures: Norms for name agreement, image agreement, familiarity, and visual complexity. , 1980 .

[29]  Yskandar Hamam,et al.  Towards Inexpensive BCI Control for Wheelchair Navigation in the Enabled Environment - A Hardware Survey , 2010, Brain Informatics.

[30]  O. Bai,et al.  Electroencephalography (EEG)-Based Brain–Computer Interface (BCI): A 2-D Virtual Wheelchair Control Based on Event-Related Desynchronization/Synchronization and State Control , 2012, IEEE Transactions on Neural Systems and Rehabilitation Engineering.

[31]  Nurul Nadia Ahmad,et al.  Analysis of the EEG Signal for a Practical Biometric System , 2010 .

[32]  Chen He Person authentication using EEG brainwave signals , 2009 .

[33]  Vassilios Chrissikopoulos,et al.  Person identification based on parametric processing of the EEG , 1999, ICECS'99. Proceedings of ICECS '99. 6th IEEE International Conference on Electronics, Circuits and Systems (Cat. No.99EX357).

[34]  Tsuhan Chen,et al.  Biometrics-based cryptographic key generation , 2004, 2004 IEEE International Conference on Multimedia and Expo (ICME) (IEEE Cat. No.04TH8763).

[35]  Heung-Il Suk,et al.  Person authentication from neural activity of face-specific visual self-representation , 2013, Pattern Recognit..

[36]  Nalini K. Ratha,et al.  Biometric perils and patches , 2002, Pattern Recognit..

[37]  Julie Thorpe,et al.  Pass-thoughts: authenticating with our minds , 2005, NSPW '05.

[38]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..

[39]  Michael K. Reiter,et al.  Towards practical biometric key generation with randomized biometric templates , 2008, CCS.

[40]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[41]  Kenji Hamano,et al.  The Distribution of the Spectrum for the Discrete Fourier Transform Test Included in SP800-22 , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[42]  J. G. Snodgrass,et al.  A standardized set of 260 pictures: norms for name agreement, image agreement, familiarity, and visual complexity. , 1980, Journal of experimental psychology. Human learning and memory.

[43]  Kenneth Revett,et al.  PIN Generation Using Single Channel EEG Biometric , 2011, ACC.

[44]  H. Begleiter,et al.  Event related potentials during object recognition tasks , 1995, Brain Research Bulletin.

[45]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[46]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[47]  Bin Hu,et al.  Improving Individual Identification in Security Check with an EEG Based Biometric Solution , 2010, Brain Informatics.

[48]  Christine Fischer,et al.  A genetic study of the human low-voltage electroencephalogram , 1992, Human Genetics.

[49]  Wanqing Li,et al.  Cryptographic Key Generation from Biometric Data Using Lattice Mapping , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[50]  Qi Li,et al.  Cryptographic key generation from voice , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[51]  Jeffrey S. Spence,et al.  Electrophysiological spatiotemporal dynamics during implicit visual threat processing , 2014, Brain and Cognition.

[52]  Marc Wildi,et al.  Test–retest reliability of resting EEG spectra validates a statistical signature of persons , 2007, Clinical Neurophysiology.

[53]  Anton Nijholt,et al.  BCI for Games: A 'State of the Art' Survey , 2008, ICEC.