SoylentNews is people
SoylentNews
The brain's reaction to certain words could be used to replace passwords, according to a study by researchers from Binghamton University in New York:
In "Brainprint," a newly published study in academic journal Neurocomputing, researchers from Binghamton University observed the brain signals of 45 volunteers as they read a list of 75 acronyms, such as FBI and DVD. They recorded the brain's reaction to each group of letters, focusing on the part of the brain associated with reading and recognizing words, and found that participants' brains reacted differently to each acronym, enough that a computer system was able to identify each volunteer with 94 percent accuracy. The results suggest that brainwaves could be used by security systems to verify a person's identity.
According to Sarah Laszlo, assistant professor of psychology and linguistics at Binghamton University and co-author of "Brainprint," brain biometrics are appealing because they are cancellable and cannot be stolen by malicious means the way a finger or retina can.
Zhanpeng Jin, assistant professor at Binghamton University's departments of Electrical and Computer Engineering, and Biomedical Engineering, doesn't see brainprint as the kind of system that would be mass-produced for low security applications (at least in the near future) but it could have important security applications.
"We tend to see the applications of this system as being more along the lines of high-security physical locations, like the Pentagon or Air Force Labs, where there aren't that many users that are authorized to enter, and those users don't need to constantly be authorizing the way that a consumer might need to authorize into their phone or computer," Jin said.
The project is funded by the National Science Foundation and Binghamton University's Interdisciplinary Collaboratino Grants (ICG) Program.
Original Submission
(Score: 3, Interesting) by Jeremiah Cornelius on Saturday June 06 2015, @09:13PM
Biometrics are one of the areas where what seems "intuitive" and "correct" are almost completely WRONG, when applied to the domain of authentication security. It seems attractive because you avoid the pitfalls of remembering something complex, and it's so clearly "you".
In actuality? The fingerprint - or iris print or "brainprint" is used as an entropy gathering source. In almost every implementation, it sucks vs. a strong password.
Strong passwords are rotated - because they theoretically fall to attack over time. You change it, before the time it is computationally reasonable to crack - but not so often as to be impossible to remember or annoy the user into various bad practices.
This isn’t very good - but it’s better than a biometrics approach that waves snake-oil in front of those with deep pockets and no domain expertise.
How do you change the “brain print”? It has less “entropy” in selected points than a good password, so it’s got theoretically shorter period in which it remans secret. How do you revoke ANY compromised biometric? RSA had their crow-jewel seed compromised by improper protection. They had to revoke EVERY 2FA token since 1995! Will the store of these be any less vulnerable?
All together? Pure bullshit.
You're betting on the pantomime horse...
(Score: 3, Interesting) by frojack on Saturday June 06 2015, @09:37PM
To that you have to add changes over time.
Iris and prints change slowly, but how you feel about the FBI may change radically overnight. Maybe after every beer, or reefer.
And the mere fact that they have to have something to compare it to suggests that there is a database ripe for stealing, and when you have those, simulating brain waves can't be far behind.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by hemocyanin on Sunday June 07 2015, @12:21AM
Aside from any practical advantages or demerits, the 5th Amendment probably wouldn't protect a brainscan using the same logic that says you can be compelled to give up your fingerprint, but not a password you remember. http://time.com/3558936/fingerprint-password-fifth-amendment/ [time.com]
There might be some crossover between remembering something and a brain scan, but it isn't like the brain scan is reading the word out of your head, it is simply recording a set repeatable physical characteristics that occur when you think about the password or whatever it is you think about to unlock the device/document/whatever. That's closer to a fingerprint -- a set of repeatable physical characteristics about your fingers. So while you can't be forced to say what you know, you can probably be forced to hand over any physical thing about you, including your brain state when attempting a certain task.
(Score: 0) by Anonymous Coward on Sunday June 07 2015, @06:29PM
Simple, when being interrogated with electrodes on your scalp, don't think about what you are supposed to to produce the "brainprint" that unlocks whatever you don't want unlocked. They can't compel you to think things you don't want to think about.
Maybe it isn't that simple, but this isn't really something the average user will be using anyway. Which makes it unlikely to be an issue in cases where 5th amendment rights come into play.