A step forward to a Brain ID
Passwords and PINs are ever harder to remember and can be easy to hack. Especially when we tend to use easy combinations. But we know, we have too many passwords and PINs to memorize, and we often use the same password for different accounts. Biometrics are taking their place with fingerprints, facial recognition, and retina scanning even for daily use devices such as computers and smartphones.
They’re more secure because they’re harder to fake, but biometrics have a crucial vulnerability: A person only has one face, two retinas, and 10 fingerprints. They represent passwords that can’t be reset if they’re compromised.
In 2015, for example, the database containing the fingerprints of 5.6 million U.S. federal employees was breached. And it’s the same for every biometric data: it’s harder to violate but when it’s done it’s worse than with a classic password.
The brain password
When a person looks at a photograph or hears a piece of music, the brain responds in ways that researchers or medical professionals can measure with electrical sensors placed on the scalp. Every person’s brain responds differently to an external stimulus, so even if 2 people look at the same photograph, their brain activity will be different.
This process is automatic and unconscious, therefore a person can’t control such a brain response. And every time a person sees a specific photo, their brain reacts the same way, though differently from everyone else’s.
Therefore, this presents an opportunity for a unique combination that can serve as what they call a “brain password”. It’s a combination of the person’s unique biological brain structure and involuntary memory that determines how they respond to a particular stimulus.
A person’s brain password is a digital reading of their brain activity while the person is looking at a series of images. Just as passwords are more secure if they include different kinds of characters, letters, numbers, and punctuation; a brain password is more secure if it includes brain wave readings of a person looking at a collection of different kinds of pictures. Your brain becomes a sort of private key.
The first authentication to set the password is done by using a passport, or other identifying paperwork, and having their fingerprints or face checked against existing records. Then the person would put on a soft comfortable hat or padded helmet with electrical sensors inside. A monitor would display, for example, 2 pictures and a text.
Then the sensors would record the person’s brain waves. Multiple readings would be needed to collect a complete initial record. The research confirmed that a combination of pictures like this would evoke brain wave readings that are unique to a particular person, and consistent from one login attempt to another. It reminds the movie Johnny Mnemonic.
Later, to log in, the person would put on the hat and watch the sequence of images. A computer system would compare their brain waves at that moment to what had been stored initially, and either grant access or deny it, depending on the results. It would take about 5 seconds, less than typing a password or a PIN.
When a biometric-hack occurs
If a hacker breaks into the system storing the biometric templates or tries to counterfeit a person’s brain signals, that information is no longer useful for security. However, unlike biometric data, the brain password can be changed.
To authenticate a person’s identity again, they need to set a new password by looking at 2 new images, and a new text. Because they’re different images from the initial password, the brainwave patterns would be different too. The research found that the new brain password would be very hard for attackers to figure out, even if they tried to use the old brainwave readings as an aid.
Brain passwords are endlessly resettable because there are so many possible photos and a vast array of combinations that can be made from those images. There’s no way to run out of these biometric-enhanced security measures.
However, it could be creepy to use authentication that reads people’s brain activity. Part of the research involved figuring out how to take only the minimum amount of readings to ensure reliable results, and proper security, without needing so many measurements that a person might feel violated or concerned that a computer was trying to read their mind, even if this cannot be excluded.
This sensor device is so small that it can fit invisibly inside a hat or a virtual reality headset. That opens the door for many potential uses. A person wearing smart headwear, for example, could easily unlock doors or computers with brain passwords. This method could also make cars harder to steal before starting up, the driver would have to put on a hat and look at a few images displayed on a dashboard screen.
Anyway, this solution still looks uncomfortable, especially to use with a smartphone. Our mobile phones are getting larger and larger that we don’t know which pocket to use to put them in. Imagine if you should bring a helmet for each login. Moreover, what would it happen to those who have a brain disease? We should always remember that a too-restrictive password system may exclude us from any access in case of problems. Therefore, we should find a compromise between acceptable privacy and the impossibility to be completely excluded if something goes wrong. It’s right to work on protection but it should be better to focus on how to fix the consequences.
It’s like living in an impenetrable house where we are safe from thieves but when an accident occurs inside the people outside must be able to get inside to save us.
Source freethink.com
