A Breakthrough Alternative to Traditional Password ‘Security’

one month ago by Sam Holland

Passwords are often guessed, and fingerprint cloning is an infamously easy way to trick the usual biometric scanners. Now, brain and heart biometrics, used in tandem, may be the key to breakthrough authentication.

Given that passwords are often poorly-implemented to the point that the word ‘Password’ is ever even allowed—let alone a worldwide favourite—it’s fair to say that the most common example of single-factor authentication has had its day.

We are left, then, with something that is yet to be mastered, but nevertheless has plenty of potential: biometric technology (BT). But keeping in mind the said point that run-of-the-mill biometric scanners still have a lot to answer for, let’s look away from the fingerprint scanners that can be fooled by a Play-Doh replica, or the facial scanners that can be hacked by wearing certain glasses, and consider a more sophisticated product that paves the way for tomorrow’s security measures.

Brain and Heart-reading Authentication: The ‘STARFAST’ System

As discussed, consumer-level biometric security is an industry with a lot of potential, but it’s limited by its failure to pinpoint a fool-proof detail that is specific to an individual’s anatomy. Offering one solution, Spanish neuroscience (also aerospace) research institution Starlab have acted on the fact that there are no two people who could ever neurologically respond to a stimulus in quite the same way as each other.

The result is a BT system named STARFAST (the first syllable being taken from that of its manufacturer’s, and the latter syllable standing for Fast Authentication bio-Scanner Test), whose setup largely—but not completely, as we’ll discuss later—relies on Starlab’s equipment Enobio: a wireless brain signal recorder (from Starlab’s spin-off organisation Neuroelectrics).

Image courtesy of Flickr.

The Pitfalls in Traditional Brain Biometrics

Putting the above aside for now, to consider what sets apart STARFAST from other brain-focused biometrics, it is first worth considering the limitations of other, competing solutions. After all, other organisations have applied a similar ‘school of thought’: measuring brainwave frequency as an identifier and overall security precaution has also, for instance, been part of the University of Kent’s (UoK) BT research, which concluded that there is indeed a potential market for brain-focused biometrics given the uniqueness of the latter. In the UoK's study, they tested the effectiveness of the Emotiv headset, which is one of the few consumer-grade EEG headsets on the market. As an aside, another example of user-friendly brainwave-reading technology is known as 'in-ear EEG', in which an earpiece fits comfortably in the wearer’s ear and sports electrodes that can accurately recognise an individual based on their EEG reading.

​​​​Image courtesy of Wikimedia Commons.

Clearly then, such biometric advancements are set to become all the more accessible to the consumer market. That said, neither the UoK’s equipment, nor in-ear EEG technology, can achieve their function unfailingly. After all, as we think, EEG readings may feed back our neurons’ ionic current flow with considerable precision, but such intricate measurements will still not always provide foolproof input to BT systems. EEG makes for a ‘noisy’ measurement system, as it is affected by a number of artefacts. These amount to electrical interference, which in this case, are functions in the body whose electrical impulses, such as those of muscular and cardiovascular movements, that affect the desired reading.

It’s the latter artefact, the electrical activity of which can be studied through an electrocardiogram (ECG—equipment whose electrodes measure the heart’s unique electrical activity), that poses a particular interference issue. The UoK researchers have themselves encountered the difficulties in taking EEG readings due to ECG-measurable artefacts. The potentially awkward dynamic between the two sources of electric current is discussed in their research paper, which ultimately considers the potential of combining both elements as a solution: a feat that Starlabs have achieved through STARFAST.

More on Combining EEG and ECG in Biometrics

The end product of the above is a multimodal application that requires a more wide-reaching set of electrodes than competing brain-focused biometrics, by way of STARFAST being both EEG and ECG-based equipment. Accordingly (alongside an electrode on each earlobe), two electrodes are placed on the forehead for EEG recording—in keeping with the use of the Enobio headset sensor—and one is worn on the left wrist for the ECG input.

Image courtesy of Bigstock.

Having such technology to facilitate the analysis of the brain and heart in tandem, as opposed to in spite of one other, is a concept that Javier Acedo, neuroscientist for Starlab, credits as the key to a fully accurate BT system in his writing:

“The approach to tend to systems with 0% error is the use of more than one trait [emphasis added] to perform the authentication process. ... We included the signal from ECG in order to improve [STARFAST’s] robustness, so it combines the results obtained after analysing both the EEG and ECG signal using data fusion techniques.”

Indeed, the latter aspect is the final piece in the puzzle for STARFAST, because it’s the implementation of data fusion (DF) that meets the demands of having such a multimodal system accurately identify its wearer, as opposed to seeing the device falter due to the duality of EEG and ECG.

DF is well defined in this piece from Neuroelectrics as the process needed for a reverse-parking sensor to translate a car’s distance (a knowledge stream) from an obstacle into a series of timed beeps (the resultant, fused data). But in this case, DF is the bridge between the two data streams—the STARFAST wearer’s EEG and ECG readings—which leads to a more conclusive account of the user’s biometric data than a BT system that addresses only one side of the coin.

Image courtesy of Bigstock.

Looking to the Future of Cybersecurity

All in all, both EEG and ECG readings are telltale signs of an individual’s biological makeup, and when there’s a symbiosis between the two, this may well be when the wheels are set in motion for a future in which engineers can create accurate biometric authentication. Starlab’s spin-off Neuroelectrics have combined their Enobio sensor headset with an ECG electrode extension to facilitate the possibility that we may no longer face password hacks, or of course other, BT-based pitfalls in cybersecurity.

After all, with technology such as STARFAST, not only could an attacker not replicate a user’s neurological and cardiovascular impulses, they couldn’t even force an account holder to access a system on their behalf either, due to the stress levels affecting the necessary EEG and ECG readings.