Biometrics – technology that can recognise individuals based on physical and behavioural traits such as their faces, voices or fingerprints – are becoming increasingly important to combat financial fraud and security threats.
This is because traditional approaches, such as those based on PIN numbers or passwords, are proving too easily compromised.
For example, Barclays has introduced TouchID, whereby customers can log onto internet banking using fingerprint scanners on mobile phones.
Scroll down for video
A researcher from Kent University has suggested that ‘brainprints’ could make for the ultimate password. Brainprints are readings of how the brain reacts to certain words or tasks – and they are unique to an individual, as each person’s brains are wired differently
HOW YOUR BRAIN COULD BE THE ULTIMATE PASSWORD
A researcher from Kent University has suggested that ‘brainprints’ could make for the ultimate password.
Brainprints are readings of how the brain reacts to certain words or tasks.
The brain can be used to identify someone from a pool of 102 users with more than 98% accuracy at the moment.
A study using fMRI data from the Human Connectome Project was able to recognise individuals with up to 99% accuracy.
But fMRI is a difficult process and costly.
The next solution is looking at electroencephalography (EEG).
Experts are developing a pair of earphones that are fitted with electrodes on the part that sits in the ear, which could be used to capture brainprints.
However, this is not foolproof either – it is possible to forge such biometrics.
Fingers can after all be chopped off and placed by impostors to gain fraudulent access.
It has also been shown that prints lifted from glass using cellophane tape can be used with gelatine to create fake prints.
So there is a real need to come up with more advanced biometrics that are difficult or impossible to forge.
And a promising alternative is the brain.
Emerging biometric technology based on the electrical activity of the brain have indeed shown potential to be fraud resistant.
Over the years, a number of research studies have found that ‘brainprints’ (readings of how the brain reacts to certain words or tasks) are unique to individuals as each person’s brain is wired to think differently.
In fact, the brain can be used to identify someone from a pool of 102 users with more than 98% accuracy at the moment, which is very close to that of fingerprints (99.8% accuracy).
More recently, this has been confirmed by functional magnetic resonance imaging (fMRI), which measures brain activity by tracking changes in blood flow.
A study using fMRI data from the Human Connectome Project was able to recognise individuals with up to 99% accuracy when performing certain mental tasks such as relaxing, listening to a story, computing maths, looking at emotional faces or imagining moving parts of their body.
However, the cost and difficulty of using fMRI (you have to lie very still in the scanner for a fairly long time) means it is clearly not practical for everyday biometric authentication.
The brain can be used to identify someone from a pool of 102 users with more than 98% accuracy. More recently, this has been confirmed by functional magnetic resonance imaging (fMRI), which measures brain activity by tracking changes in blood flow
For that reason, researchers have instead looked at electroencephalography (EEG), which uses electrodes to track and record brain-wave patterns.
But this is also cumbersome – who would be willing to wear a cap of gel-based electrodes just to log in to their computer?
Hence, the technology has remained in the realm of science fiction for some time.
Recently, technological advances in recording EEG from the ear using electrodes placed on the surface of standard earphones have provided a solution – no gel needed.
It is not easy though – EEG is very ‘noisy’ since the brain is always actively processing different information.
SOON YOU COULD ACCESS DEVICES WITH YOUR BRAIN
It may sound far-fetched, but scientists have already created a prototype system that is able to do this with 94 per cent accuracy.
The technology could someday replace passwords altogether and make accessing gadgets safer and faster, according to its creators.
The system was envisioned up by Blair Armstrong of the Basque Center on Cognition, Brain, and Language in Spain. In a recent study, he recorded the brain signals of 45 volunteers as they read a list of 75 acronyms, including ones like FBI and DVD.
Electrical activity was recorded using a pair of electrodes attached to participants’ scalps.
The human brain is made up of billions of active neurons that have around 105,600 miles (170,000 km) of combined length.
Every time you have a thought, your brain produces weak but distinct electrical signals corresponding to it.
The electrical impulse is generated by the chemical reaction between neurons, which can be measured with electrodes.
After measuring these reactions, Armstrong used computer programs to find an individuals ‘brainprint’, according to a report in New Scientist.
While 94 per cent accuracy is still not as good as technologies such as Apple’s Touch ID, Armstrong says it’s a good start.
But advanced signal-processing approaches have recently been able to reduce the noisy components, albeit this typically requires powerful computing.
This is, however, becoming less of a problem now that mobile-phone processing power is growing rapidly – it should in theory be possible to perform all the required processing on a smart phone.
So why aren’t brainprints everywhere already?
One downside is that it can’t be used by twins – they have near-identical EEG patterns. But the main problem is the lack of stability of brainprints over time.
It seems that it is not enough to just have an EEG done once – occasional re-enrollment (say, monthly) is necessary.
A study using fMRI data was able to recognise individuals with up to 99% accuracy when performing certain mental tasks such as relaxing, listening to a story, computing maths, looking at emotional faces or imagining moving parts of their body
BYPASSING SECURITY WITH A PRINTED FINGERPRINT
All you need are three AgIC sliver conductive ink cartridges, a regular black ink cartridge, glossy AgIC paper and a standard inkjet printer.
First lift the fingerprint you use to unlock your phone and scan it into your computer.
Scan the fingerprint image at 300 dpi or high resolution, but be sure to reverse the image horizontally so it will be a replica of the real thing.
Next install the AgIC ink cartridges and the regular black on into the printer, as well as the glossy paper.
Once you have completely the steps, just print the image out the same size as your real fingerprint, cut one out and roll it over the sensor, which should instantly unlock the device.
This is because the brain connections exhibit plastic behaviour (they change with experience) and thought processes in the brain change over time.
However, in ongoing work at the University of Kent, we have shown that specific tones (which can be played using earphones) can be used to minimise these changes.
It is not yet clear exactly how these tones affect the brain but we speculate that they may allow the brain to calm down, allowing more focused activity.
EEG, which uses electrodes to track and record brain-wave patterns, could be used to capture brainprints. Recently, technological advances in recording EEG from the ear using electrodes placed on the surface of standard earphones (stock) have provided a solution
Two-factor authentication is now a norm for many banking transactions, for example using a password and an additional code sent to the phone.
Soon, banks in New York may have to comply with multi-factor authentication protocol proposed by the New York State Department of Financial Services, whereby at least three authentication mechanisms are used for enhanced security by personnel accessing internal systems with privileged access or to support functions including remote access.
While fingerprints and voice recognition are possibilities, thought-based biometric technology is more apt to be used as an add-on to meet this new cybersecurity regulation.
The brain biometric template could even be updated for a different mental activity should there be a security breach on the stored template (unlike a fingerprint biometric which remains for life and cannot be replaced once compromised).
Brainprints can also be used to generate passwords that can replace conventional alphanumeric passwords or PINs in ATM machines to withdraw cash.
For example, rather than keying in the PIN, one would connect earphones and be shown a series of PIN numbers on the ATM screen.
CAN PLAY-DOH HACK AN IPHONE?
First, the phone owner presses his or her finger into a small glob of dental mold for five minutes.
Then, once the mold is set, Play-Doh is pressed into it to replicate the impression.
Once the impression has been obtained, anyone can use the Play-Doh version to bypass a locked iPhone’s fingerprint sensor.
Chaikin demonstrates how this can quickly unlock an iPhone.
While it may not work on the first try, Chaikin is able to get into the phone with minimal attempts.
But, the hack requires a bit of cooperation from the victim, so it’s unlikely such a trick would translate easily into a real-life setting.
Similar hacks in the past have raised little concerns from security experts, who say it provides as much security as a good passcode for the average person.
Brain patterns would change when the correct PIN number showed up – activating the transaction.
By doing so, one does not have to worry about others looking over the shoulder to steal the PIN.
Moreover, under coerced situations, brainprints will not work due to the stress – making them even more fraud resistant.
Given that it is difficult to copy another person’s exact thought process, the technology is certainly advantageous.
Considering the advancement in the technology, we will likely see uptake of biometric applications based on brainprints soon – especially as part of multi-factor system for enhanced authentication.
So don’t be surprised to see EEG earphones appearing in your post from the bank shortly.