Dec 4, 2018

Fact or Science Fiction? Using your Thoughts to Enter a Password

School of Information researchers are making what once may have been considered a technological fiction a reality through their innovative biosensing research. Consumers may soon find “passthoughts” technology in their own arsenal of security tools.

A passthought is a particular thought or memory, recorded through brainwave measurements using electroencephalograms (EEG), that acts as a substitute for a traditional password. Researchers from the BioSENSE lab, a socio-physiological computing initiative at the I School led by Professor John Chuang, have been working on this technology through many iterations; but new advances in passthoughts research are bringing the technology one step closer to everyday use. The researchers have developed a custom-fit earpiece that that can capture brainwave signals from the ear canal, allowing the researchers to make the first-ever demonstration of one-step three-factor authentication.

Traditional authentication is a single password. Two-factor authentication involves two authentication methods and tends to include a two steps (rather than happening at once), such as texting a code to a users’ cell phone. Other systems use biometrics as an authentication factor, like a thumbprint sensor or facial recognition — either instead of or in addition to a password. Three-factor authentication would require all three of these: the knowledge factor — what you know; the possession factor — what you have; and the inherence factor— who you are, and be much more secure than traditional authentication.

This earpiece would allow for three-factor authentication all at once, eliminating the extra steps involved and time lost which is currently a major barrier in acceptance of multi-factor authentication.

“Our team set out to show that it is possible to achieve one-step three-factor authentication, and we have managed to accomplish exactly that using brainwave signals collected using custom-fit earpieces for passthoughts authentication.”
— John Chuang

“Our team set out to show that it is possible to achieve one-step three-factor authentication,” Chuang explained, “and we have managed to accomplish exactly that using brainwave signals collected using custom-fit earpieces for passthoughts authentication.”

The technology works through the combination of the passthought system with a signal-catching earpiece. The earEEG has the potential to be a usable authentication method because it can be easily integrated into devices like earbud headphones, which are already commonly worn in the ear.

The development of the technology included two teams from the BioSENSE Lab, each publishing a paper on their research, which culminated in the development of the earpiece and the technology that runs it. The first paper relates to the development of the earpiece itself used in the one-step three-factor authentication.

Winning Research

Ph.D. student Max Curran, I School alumnus and lecturer Nick Merrill, Swapan Gandhi of the Starkey Hearing Research Center, and Professor Chuang presented “Exploring the Feasibility and Performance of One-step Three-factor Authentication with Ear-EEG” on September 20, 2018, at the International Conference on Physiological Computing Systems (PhyCS 2018) in Seville, Spain. The authors received the Best Student Paper award.

“I am thrilled that the PhyCS paper received the Best Student Paper Award at the conference,” said Professor Chuang. “It is a testament to the great work done by Max and Nick throughout the entire research project.”

According to Curran, the most difficult part of the process was creating a custom earpiece for each individual, which is expensive, fairly time-consuming, and requires a professional. The team is encouraged by the response to their research and plans to continue making improvements to the earpieces.

Working on this aspect of the technology presented a significant challenge, which involved capturing the weak (electroencephalogram) signal from the ear. EEG sensors were built into custom-fit earpieces to obtain three separate channels of high-quality EEG.

Attacking the system to make it stronger

Another I School team consisting of MIMS student Tanya Piplani, Nick Merrill, and Professor Chuang used machine learning to strengthen the passthoughts system. Their paper “Faking it, Making it: Fooling and Improving Brain-Based Authentication with Generative Adversarial Networks,” demonstrates the vulnerability of a passthought authentication system to fake signals generated by Generative Adversarial Networks (GANs), and uses these same signals to make authenticators more robust.

“We used machine learning to fool passthoughts,” Merrill explained, “then used the same technique to harden it against this attack.” The team managed this by generating fake signals and then re-training the system against the synthetic data.

The team was able to achieve an accuracy rate of 99.82% with the passthoughts system they developed. Chuang hopes this level of accuracy will help reduce the resistance people may have to adopting this new technology. “By achieving this result using earpieces rather than conventional headsets or EEG caps,” said Chuang, “we are able to address the key aesthetic obstacle to consumer adoption of EEG sensing technologies, namely, people's reluctance to wear a sensing device on their head or forehead in everyday settings.”

They presented their publication at the 2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS) on Wednesday, October 24, 2018, in Los Angeles.

The future of the technology

These earpieces could potentially become the standard for authentication measures; and in Professor Chuang’s opinion, it could be much sooner than most people might think:

“All the individual pieces of the technology already exist today. It is actually not that difficult for me to imagine Apple moving from ‘ThinkID’ with their 2021 ‘passthoughts-enabled-Airpods.’”
— John Chuang

“All the individual pieces of the technology already exist today. It is actually not that difficult for me to imagine Apple moving from TouchID (launched 2013) to FaceID (launched with the 2017 iPhone X) to ‘ThinkID’ with their 2021 ‘passthoughts-enabled-Airpods.’ In practice, of course, there will need to be extensive product design, algorithm calibration, and large-scale testing in various real-life conditions, before an actual product launch.”

Curran imagines that an important next step for this line of research would be to test the system “in the wild” where people could wear the earpieces for a period of time and actually use them in authentication scenarios. “A big piece of this effort would be better prototypes for the earpieces themselves through improvements like using dry electrodes and embedding all of the electronics in the earpiece itself,” he said.

Someday soon, remembering a password may be a thing of the past, and logging into a system will be more secure than ever. Until then, researchers at the I School will continue to develop and perfect the technology.

Last updated:

December 4, 2018