Yet Another New Biometric: Brainprints

New research:

In “Brainprint,” a newly published study in academic journal Neurocomputing, researchers from Binghamton University observed the brain signals of 45 volunteers as they read a list of 75 acronyms, such as FBI and DVD. They recorded the brain’s reaction to each group of letters, focusing on the part of the brain associated with reading and recognizing words, and found that participants’ brains reacted differently to each acronym, enough that a computer system was able to identify each volunteer with 94 percent accuracy. The results suggest that brainwaves could be used by security systems to verify a person’s identity.

I have no idea what the false negatives are, or how robust this biometric is over time, but the article makes the important point that unlike most biometrics this one can be updated.

“If someone’s fingerprint is stolen, that person can’t just grow a new finger to replace the compromised fingerprint—the fingerprint for that person is compromised forever. Fingerprints are ‘non-cancellable.’ Brainprints, on the other hand, are potentially cancellable. So, in the unlikely event that attackers were actually able to steal a brainprint from an authorized user, the authorized user could then ‘reset’ their brainprint,” Laszlo said.

Presumably the resetting involves a new set of acronyms.

Author’s self-archived version of the paper (pdf).

Tags: , , , ,

Posted on June 4, 2015 at 10:36 AM29 Comments

Comments

ac June 4, 2015 11:15 AM

This is probably not a good idea if you expect your door to protect you against the attacking zombie hordes.

Sterling Jones June 4, 2015 11:27 AM

If I think in Russian, I can fool this system into thinking I’m Clint Eastwood.

Emilio Mordini June 4, 2015 12:10 PM

This is a good example of theater (unfortunately in the worst sense). I know similar studies and I have also directly observed and followed various lab experiments using EEG biometrics. This new study just adds the ERP N400 component. As impressive it could seem to lay people, it does not add any new knowledge. We presume to know that the ERP N400 component is related to semantic memory but we are very far from truly understanding what is Semantic Memory. So, as it is often the case in neuroscience, we measure apples but we ignore what apples are 🙂 The reason why it is theater, however, is simpler. Actually this study cannot be of any use outside a lab: any meaningful stimulus evokes a ERP N400 component (not only reading words, but listening at words and meaningful sounds, smelling odors which mean something for the subject, looking at any image which is meaningful, remembering words and sentences, etc.). Brief, everything that makes sense and makes you think a word or a group of words will evoke a ERP N400 component in your brain. While in a lab you could isolate stimula, this is practically impossible in real world. This means that – even if it is demonstrated that the ERP N400 component is a good biometric signature (and I have a lot of doubts about this, but it would not be possible to discuss it in a brief comment) – this application is not usable in real life settings because you cannot totally isolate a subject and prevent him perceiving other stimula during the test.

Hogarth June 4, 2015 12:11 PM

In J. Neil Schulman’s science-fiction novel The Rainbow Cadenza, “brainprints” of neural signals relayed by implanted transponders are used as primary identifiers. Each person’s social status and other identifiers (e.g., name) are keyed to his/her brainprint in a central database accessed via satellite links by “scanners” which use low-power signals to interrogate nearby personal transponders. In The Rainbow Cadenza, brainprints are immutable and they can be duplicated using gimmicked transponders. Duplicating brainprints is illegal and punishable by death (the central database detects duplications by correlating scanner queries. If the same brainprint is scanned at more than one location in a short period of time possessors are arrested; all but one will have gimmicked transponders). Refusal to maintain a personal transponder is punished by complete outlawry.

The Rainbow Cadenza illustrates one way to deal with unique but immutable (“non-cancellable”) biometric identifiers: deter duplication by automated detection and severe punishment.

Daniel June 4, 2015 12:52 PM

If resetting one’s brain is as an effective security measure as resetting one’s password, the future of security…and our brains…are in big trouble.

Chris S June 4, 2015 1:15 PM

(without commenting on either utility or effectiveness…)

The way it is described, it would seem that the use of acronyms while monitoring brainwaves, and allowing for this relationship to be updated, is making this a “neurological challenge/response”.

bitmonger June 4, 2015 2:32 PM

Fingerprints are among the most problematic to revoke, but I’ve heard the same argument
about iris scans. “We can scan a different region of the eye”

With fingerprint you can at least only scan two of ten digits (duress and normal) and that gives 5 compromises (not great, but better than nothing).

The other issue is covert collection of biometrics. Fingerprints are easily collectable, I’ve heard less than convincing arguments that capacitive scans might be harder to surreptitious steal than optical prints, but it still can only be so hard to get.

IRIS scans are interesting in that: if you’ve been scanned, you wouldn’t know how much of the IRIS was scanned.

These brain prints seem like they might be surreptitious collectable as well. I imagine it will improve, but I bet there are correlations between the new-print and the old-print and some additional information like say a users email inbox or search history.

So does this have a good use? It doesn’t seem like its good in a supervised context. A biometric finger prints or the picture on the strong electronic ID seems better in that context.

If the use is for authentication without any guards watching or whatever, why wouldn’t a token based method which seems way better from a security and user safety point of view.

Johnny June 4, 2015 2:39 PM

so another feature for those brain scanning satellites to use to identify us?

G June 4, 2015 3:27 PM

Yes, I’m sure this is serious research, but … it makes me think of dickprints. A device could be created which measures the penis while the volunteer watches various scenes (slim/fat blonde/brunette asian/black etc). The responses should be different. Bonus: if an intruder is detected it could be punished on spot.

ac June 4, 2015 3:34 PM

@G: Sure, but within a week you’d have a very interesting group of people lining up around the block to fail to break into your house. Gotta think of the unintended consequences.

Clive Robinson June 4, 2015 4:17 PM

@ Miasmo,

A brain fart is also a valid brainprint

Likwise a “Brain Freeze” from an ice cream, or the killer “Iced coke” hit on a hot day, when you get a can from the ice box that’s just starting to freeze and you glug it down in one. The cold and sugar hit you like a gilded base ball bat, and you brain just floats… and you can not think let alone speak as the bubbles rise. Either way they are both better than a brain fart 😉

Nicolas George June 4, 2015 4:18 PM

I consider this whole “non-cancellable” business tu be a red herring, or more precisely a bad analysis of the problem.

If Alice steals Bob’s fingerprint, what can she do with it? She can grant Bob access, of course, but that is not really evil, is it? Can she get access to Bob’s stuff?

If she had stolen a sample of Bob’s DNA, she could grow a clone — assuming the biometric character measured is entirely determined by genetics — and have him get access, but even if that was not science fiction for now, it is really inconvenient.

The real problem is not that biometric characters are not cancellable, because you should not need to cancel them. The real problem is that the biometric scanners fail to deliver the promised features. They promise to measure fingerprints, but they also measure finger-shaped-resinprints.

Of course, the net outcome is the same: biometric scanners can not be trusted.

But if someone were to design a biometric scanner accurate enough that can not be fooled by a fake limb or organ, it could be trusted. Until someone else designs a fake organ realistic enough. And you could still trust it as long as the fake organ is more expensive than either whatever the biometric scanner is protecting or hiring thugs to kidnap your significant other.

… Which is, in fact, the same as any security system. It’s just that current biometric scanners are really bad.

Fred P June 4, 2015 4:28 PM

From the conclusion of the paper: “…we further demonstrated that some individuals could still be identified with perfect accuracy even after as long as six months”

This implies that “Brainprints” as described in this paper degrade on the scale of months on average. They do suggest that there may be a better measurement in the prior paragraph.

Matt June 4, 2015 6:20 PM

Would cleaning the ink from the brain print off of the persons gray matter be called brain washing? ducks

John Galt III June 4, 2015 6:27 PM

It’s a short step from this type of biometric to brain-scanning for responses to phrases, scenes and scenarios. It’s almost a certainty that something like this will be able to detect sociopaths and psychopaths, besides being able to detect idiots and criminals. This is close to the premise in Bladerunner that a test could detect the difference between a human and whatever the clones were called. I’ve long thought that everyone who carries a weapon for any government should be brain-scanned. I’d start with brain-scanning the president and congress, because they’ve done much more damage than any amount of weapons can cause.

Konga June 4, 2015 7:38 PM

@John Galt III

It’s a short step from this type of biometric to brain-scanning for responses to phrases, scenes and scenarios. It’s almost a certainty that something like this will be able to detect sociopaths and psychopaths, besides being able to detect idiots and criminals.

There have been some interesting MRI studies on killers, which seem to be able to pattern identify them apart from ordinary people. I do not think that study was complete, due to problems of generating really large sample sizes of ‘good’ and ‘bad’. And, likely killers who operated out of a brain tumor (there have actually been a few, including Charles Whitman) would fail the ordinary test.

Sociopath studies seem to be at a decent level, though as Ronson pointed out in his book on the Sociopath test, there are some problems with the test. Regardless, such jobs as cops and surgeons rate very high on the sociopathic ladder.

I saw a recent study that showed people can turn on and off empathy to enter a sociopathic state. This was shown to be true even with diagnosed, criminal sociopaths. The difference with the later group they surmised (if I recall) was that criminal sociopaths tend to just much more rarely turn on that empathy part of the brain.

But, cops and surgeons turn it off to do their jobs. Otherwise, the empathy would fuck them up.

This is close to the premise in Bladerunner that a test could detect the difference between a human and whatever the clones were called.

Androids. Skin jobs.

I’ve long thought that everyone who carries a weapon for any government should be brain-scanned. I’d start with brain-scanning the president and congress, because they’ve done much more damage than any amount of weapons can cause.

Unfortunately, they will rate high on written sociopathic tests. And they might be able to turn on the empathy circuits when under tests. Sociopathy is actually required, to some degree, for some of their jobs. Surgeons have to turn off emotions and empathy to do their job, and cops very often have to do this as well. While not tested, I am sure any general would. All of them put themselves in a state for their job.

Gun shootings, cops tend to have very low amount of time actually being trained in weapons. Something like 700 hours. Usually no instinctive firing training, and little judgment based training. Really no excuse, because video technology has been available for years now, and even inexpensive setups can produce high accuracy in difficult scenarios.

But I doubt there will be easy shortcuts for detection of problems, and there are a wide range of problems. Defining the problem is one of the hardest hurdles to get around. What is good behavior, what is bad behavior. But, for intel, there is counterintelligence and for law enforcement, internal affairs. Just there are flaws in these systems. And there are so many systems.

Winter June 5, 2015 3:13 AM

There are two “directions” to approach identification:
1) A person is identified against their will: Finger prints, DNA

2) A person wants to be identified

I think the brain-prints could be changed if the person wants them to be. Or be kept stable if wanted.

trebla June 5, 2015 5:39 AM

I don’t think the brain prints will be stable over time. For instance a memory is changed each time the brain accesses the memory. In a similar manner I guess the way the brain works will change every time it reads a certain word. The first time maybe looking at each character and after a couple of times seeing the whole word and not the individual characters. Etc.

trebla June 5, 2015 5:51 AM

What you associate with a certain word will also change over time. If new information comes to hand you might become more positive (or more negative) towards what a certain word represents. Take for instance the word NSA. 15 years ago I might have associated it with Menwith Hill and Echelon. Today on the other hand I might associate it with Edward Snowden. That would surely affect how the brain print looks like.

Marcos El Malo June 5, 2015 10:23 AM

@Chris S.

Yeah, that’s interesting. Instead of inputting a complicated pw via keyboard, one could think of a simpler pw to trigger the correct brain state. Extending that idea, one could perhaps have a series of visual images, perhaps a rebus.

Andrew June 5, 2015 10:35 AM

Not only it can be “reset” but also you cannot be forced to unlock something you don’t want, like in fingerprints case. I hope this thing has a future.

John Galt III June 5, 2015 11:51 AM

@Konga

Thanks for the well-thought comments. I realize that it’s a long way to utopia from here. Further, I get that sociopathy is a feature, not a bug. It’s a short step from there to the understanding that surpasses all peace. Humans are tribal animals and want leaders who are not only willing to be ruthless with “outsiders,” but quick to resort to violence. It’s not just criminals who turn on and off empathy – all normal people will do it against people that they perceive as outsiders. I still stand by the claim that weeding out from government and other positions of power the psychopaths and sociopaths who are predisposed to counterproductive violence would benefit society. Once the government is cleaned up, I’d be open-minded about brain-scanning people who want to buy guns, fly airplanes, drive trucks, etc.

For proof that it’s a feature, not a bug, see for example, how Republicans and Democrats would treat each other.

http://www.caseyresearch.com/cdd/quest-confidence

excerpt:
What We Always Knew About Politics, But Couldn’t Prove
By Paul Rosenberg
Politics makes people mean.
…[plenty more interesting reading there]

History offers plenty of examples.

The kill switch
Brain researchers and social scientists are well placed to find out what makes humans murder.
19 May 2015
http://www.nature.com/news/the-kill-switch-1.17576

Groups of humans have always slaughtered those who belong to other groups. The twentieth century was shot through with numerous examples, from the genocides of Armenians in Ottoman Turkey and of Jews in Nazi Europe to the massacres of ethnic rivals in civil wars in Rwanda and Bosnia during the 1990s. Today, the fundamentalist group ISIS is spooking the world with its willingness to butcher others who do not adhere to its extremist form of Islam.
Attempts to understand such events tend to focus on political reasons. But a conference in Paris last month dared to ask a different question: how, biologically speaking, do normally non-violent and psychologically stable people overcome the instinctive human aversion to killing when faced with circumstances of war or extremism? What drives them to participate in acts of genocide? This is arguably the biggest challenge for interdisciplinary dialogue across the fields that consider brain and behaviour.

The conference brought researchers from these disciplines together, along with historians who presented sobering data on the behaviour of soldiers in wartime. One presentation included documentation from post-Second World War interrogations of hundreds of untrained German reservists who were recruited to active service in 1942 and went on to slaughter tens of thousands of Jews in Poland. Transcripts revealed that their distraught commander had allowed anyone to opt out of killing, but only 1 in 10 did so.

StedabjoyHecs June 5, 2015 12:00 PM

The alternative methods to verify a person’s identity don’t have to be very accurate. They will be used in a combination with each other. That makes a strong identifying method.

John Galt III June 5, 2015 12:01 PM

post-script – I am cautiously optimistic that robotic policing is going to reduce the human rights abuses. First, because robots don’t have to use deadly force or protect themselves from harm. Second, because they don’t have emotions that cause them to inflict undue violence on minorities. It’s not clear to me that there are any solutions to the overall conflict of interest problems that are arbitraged by the sociopaths in Congress and the revolving- door agencies. If I were to look in any particular direction for an answer, it would be to artificial intelligence. The arguments that transparency helps probably are true up to a point.

paul June 5, 2015 1:37 PM

Sure, this is preliminary, but I just want to say that 94% is terrible accuracy in many real-world contexts. It (probably) doesn’t allow building a plot around subverting the technique, but it certainly doesn’t stand alone as a way of, say, letting people into a building.

Wesley Parish June 7, 2015 4:18 AM

Worth pointing out that the brain rewires itself to varying degrees whenever new information is learnt? And when new skills are gained?

My brain is wired to read and understand the English language. It has been rewired to a limited degree to understand various other languages: that is to say, I have rewired it on my own initiative to learn them. I have even experimented with learning to write with my non-dominant hand, and have interesting moments when the non-dominant side asserts itself.

That’s just the substrate.

One question I would think would’ve been required for any self-respecting peer-reviewed paper, would’ve been: conflicting acronyms? What is the response to them? To wit: PNG, which as the cognoscenti know, stands for Portable Network Graphics … actually Papua New Guinea … no, actually Partidul Noua Generație … well, actually Piped Natural Gas … really, of course not. It stands for Planetary Nebula (Galactic coordinates) … or could it be Persona Non Grata?

Right away you see the difficulty these brainprints face. Spoofing them wouldn’t be impossible. I’m sure other “franking” methods would face the same problems: testing responses to music, or poetry, or political identities, or attractive members of the opposite sex, or so, could be spoofed as well. If one can spoof one’s reactive biometrics in the (in)famous lie-detector test, one can spoof any other reactive biometrics. It just takes practice.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.