January 19, 2017 -
Researchers have found that while brainwave authentication can be used as an alternative to passwords, being inebriated could make it more difficult for an individual to successfully login to a system, according to a report by New Scientist.
An individual’s unique electroencephalogram (EEG) readings could be measured to authenticate their identity, as in the case of a computer that shows a series of words on the screen and measure the person’s response via an EEG headset.
Research shows that EEG readings can authenticate a person’s identity with up to a 94 percent accuracy rate, however, several factors including the person’s alcohol level content could have a negative effect on the accuracy.
Tommy Chin, a security researcher at cybersecurity consultancy firm Grimm, and Peter Muller, a graduate student at the Rochester Institute of Technology, tested this theory by analyzing the brainwaves of several subjects before and after drinking shots of whisky.
“Brainwaves can be easily manipulated by external influences such as drugs [like] opioids, caffeine, and alcohol,” Chin said. “This manipulation makes it a significant challenge to verify the authenticity of the user because they drank an immense amount of alcohol or caffeinated drink.”
The researchers recently unveiled their research findings at security conference ShmooCon in Washington DC.
The initial results of a small number of tests showed that brainwave authentication accuracy could decline 33 percent in those individuals who were under the influence. The researchers also recruited more participants at the conference to collect more data.
Last year, John Chuang at the University of California, Berkeley published research illustrating how exercise can negatively impact EEG authentication. Chuang’s research showed how the accuracy of a person’s ECG readings degrade immediately after a workout, but soon recovers after a few minutes.
His research also hinted that other factors such as hunger, stress or fatigue could also decrease reliability.
“Depending on the application, it may be a wonderful feature that a drunk person cannot authenticate into a system after they have had too many drinks,” Chuang said.
If accuracy under different conditions were required, it could be feasible to collect the multiple brainwave “templates” for a user by individually measuring their EEG readings when they are inebriated, tired and so on.
Chin and Muller also discovered that they could use machine learning to improve the EEG data analysis results of inebriated test subjects.
Chuang says that in order for brainwave authentication to be applied to the real world, systematic research must be conducted on how all the different factors, “such as physical exercise, mental fatigue, stress, distraction, changes in affect or mood, or the effects of caffeine, sugar, or medication”, could impact its reliability.