data protection through eeg authentication
Go back to blog
The potential of EEG-based authentication
8 Min.
Technical
The world of biometric security has been dominated by technologies such as fingerprint and voice recognition. Recent advancements made in neurotechnology, has shown promise in providing an upgrade to the current state of biometric security.

EEGs in Biometric Security

It is unlikely that you will be unlocking your phone with an EEG anytime soon since most of the research in EEG-based authentication focuses on high security applications and not average consumers. Environments such as banking, government, healthcare, and others require a level of security that traditional biometrics can not provide in the long term. This is mainly because cybercriminals have found increasingly creative methods of attacking biometrics with computer-generated voices, “deepfakes”, and other tactics. Based on the significant increase in brain-based biometric research, EEGs seem to be the solution to these issues, and it is only a matter of time before they are in use around the world. 

Identification Algorithm

Our research team at Queen’s University has spent the past year designing and testing a framework for EEG-based authentication that relies on machine learning to ensure security and accuracy. The traditional approach to security systems is centered around encryption which uses public and private keys to gain access to servers and data. We have found far more success using machine learning to authenticate users based on their brain signals. The system our research is built around starts with the PhysioNet EEG Motor Movement/Imagery dataset. This dataset is comprised of EEG recordings from 109 subjects while performing actions such as opening a fist or moving a foot. We use the recordings from each subject in the experiment to create motor movement passkeys that the system will use to differentiate the users. For example, one user might have a passkey of open right hand, open left hand, then move both feet. The EEG data of this passkey is then used to authenticate the user so that the system can be accessed with just their brain waves. 

The algorithm for authenticating users begins with Independent Component Analysis (ICA) for the preprocessing step (Comon, P., 2008). The ICA separates the large 64-channel EEG recordings into 15 independent components making it much more manageable. An example of one of the recordings after the ICA is applied is shown in Figure 1 below with each component depicted as a heatmap. With motor movement passkeys that are three actions long, there is not enough data for each user to train an accurate machine learning model. Simulating data using the SMOTE algorithm on the post-ICA data provided the boost in training data that was desperately needed to ensure the accuracy of the system (Agrawal, A., Viktor, H. L., Paquet, E., 2015). The original dataset was increased by more than five times the number of recordings to give the model far greater accuracy in authenticating the correct user.

output of the ICA algorithm on an EEG recording

 
Figure 1 displays the output of the ICA algorithm on one EEG recording. The fifteen ICA components are shown as heatmaps.
 
The processed data is fed into a binary classification neural network. The network is trained to take in a single motor movement sequence and determine if it is the correct user. A neural network is trained for each user and learns the specific brain patterns to be able to deny access to invalid users and authenticate if and only if the correct brain patterns are identified that match the motor movement passkey. After thirty epochs of training, the network achieved a training accuracy of 99% and a test accuracy of 100% with a 70/30 train to test split ratio for a given subject. The high degree of accuracy in the network proves that the system could be a viable alternative to the current state of biometric security systems. Implemented as a distributed system, the parameters of the neural network of each user can be stored locally on a device to ensure there are as few vulnerabilities as possible. This would ensure that only the correct user can access their device and make it nearly impossible for any fraudulent user to access the system remotely. The schematic for the system is displayed below in Figure 2.

system schematic from input to EEG authentication

 
Figure 2 displays the system schematic from input to authentication.

Applications

Due to the complexity and physical limitations of the system, EEG-based authentication is likely to be used in high security systems. In order to be authenticated by the system proposed in this research, the user will need to have an EEG recording device and connect it to the authentication network. The entire process from setting an EEG passkey to unlocking a device may take a significant amount of time that is only worth doing for securing hypersensitive information. Industries that work with information that requires the maximum amount of security are:

  1. Banking and Finance
  2. Government
  3. Military
  4. Law

With the increase in data breaches, it is critical that sensitive information is secured properly (Voydock, V. L., Kent, S. T., 1983). There are a small number of people in organizations with access to incredibly large amounts of sensitive data and their access to these data systems is through a simple password. The need for more robust forms of biometric security affects everyone and has the potential to prevent catastrophic events before they even happen. In the future, it will seem ridiculous that entire financial organizations can be accessed through a few passwords. As threats to the current standard of security systems increase over the next few decades there will be demand for new solutions in digital security. EEGs could be the answer to this problem for the foreseeable future since it would require some serious sci-fi technology to replicate a person’s brain waves. 

Conclusions

The experiments in this research show that machine learning techniques such as ICA and artificial neural networks work in tandem to create an authentication system based on EEG data that is both accurate and scalable. For cybersecurity applications where ease of use can be sacrificed for enhanced levels of protection, EEG-based authentication would be optimal. The results of the experiment demonstrate a high degree of perception in the artificial neural network and the ability to differentiate between the motor movements of users. The benefits of resampling and preprocessing the data proved to be invaluable in enhancing the accuracy of the network. Based on the performance of the EEG authentication algorithm and the breadth of the dataset, commercial implementation of the system could lead to vast improvements in the field of biometric encryption. We encourage anyone passionate about neurotechnology and AI to run the experiments on their own with the code in our GitHub

About the author

Judah Cooper is a neurotechnology and artificial intelligence researcher from Queen's University. After founding a neurotechnology research lab in 2019, he has spent the past few years developing tools to make brain-computer interfaces more powerful and safe for users. With a background in Biomechanical Engineering, Judah has worked in both academic and private research and development pushing the frontier of brain technology.

References

Based on the research paper: https://www.academia.edu/64386498/EEG_based_authentication_using_binary_classification_neural_networks

Agrawal, A., Viktor, H. L., & Paquet, E. (2015). SCUT: Multi-class imbalanced data classification using smote and cluster-based under sampling. Proceedings of the 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management. https://doi.org/10.5220/0005595502260234
Comon, P. (2008, December 12). Independent Component Analysis. HAL Open Science. Retrieved March 31, 2022, from https://hal.archives-ouvertes.fr/hal-00346684   
Liu, S., Yao, Y., Xing, C., & Gedeon, T. (2020, October 18). Disguising personal identity information in EEG signals. arXiv.org. Retrieved March 31, 2022, from http://arxiv.org/abs/2010.08915 
Voydock, V. L., & Kent, S. T. (1983). Security mechanisms in high-level network protocols. ACM Computing Surveys, 15(2), 135–171. https://doi.org/10.1145/356909.356913 
Cooper, J. (2021, January 1). EEG-based authentication using binary classification neural networks. Academia.edu. Retrieved March 31, 2022, from https://www.academia.edu/64386498/EEG_based_authentication_using_binary_classification_neural_networks  
Free Stock photos by Vecteezy

You might be interested in: