Max T. Curran, Nick Merrill, Swapan Gandhi, John Chuang
Multi-factor authentication presents a robust method to secure our private information, but typically requires multiple actions by the user resulting in a high cost to usability and limiting adoption. A usable system should also be unobtrusive and inconspicuous. We present and discuss a system with the potential to engage all three factors of authentication (inherence, knowledge, and possession) in a single step using an earpiece that implements brain-based authentication using electroencephalography (EEG). We demonstrate its potential by collecting EEG data using manufactured custom-fit earpieces with embedded electrodes and testing a variety of authentication scenarios. Across all participants’ best-performing “passthoughts”, we are able to achieve 0% false acceptance and 0.36% false rejection rates, for an overall accuracy of 99.82%, using one earpiece with three electrodes. Furthermore, we find no successful attempts simulating impersonation attacks. We also report on perspectives from our participants. Our results suggest that a relatively inexpensive system using a single electrode-laden earpiece could provide a discreet, convenient, and robust method for one-step multi-factor authentication.
This paper won the Best Student Paper Award at the 5th International Conference on Physiological Computing Systems (PhyCS) held in Seville, Spain, September 19-21, 2018.
Curran M.T., Merrill N., Gandhi S. and Chuang J. (2018). Exploring the Feasibility and Performance of One-step Three-factor Authentication with Ear-EEG. In Proceedings of the 5th International Conference on Physiological Computing Systems – Volume 1: PhyCS, ISBN 978-989-758-329-2, pages 30-41. DOI: 10.5220/0006896300300041