More Web Proxy on the site http://driver.im/

research-article

Is the Future of Authenticity All In Our Heads?: Moving Passthoughts From the Lab to the World

Authors:

John ChuangAuthors Info & Claims

NSPW '17: Proceedings of the 2017 New Security Paradigms Workshop

Pages 70 - 79

https://doi.org/10.1145/3171533.3171537

Published: 01 October 2017 Publication History

Abstract

Passthoughts, in which a user thinks a secret thought to log in to services or devices, provides two factors of authentication (knowledge and inherence) in a single step. Since its proposal in 2005, passthoughts enjoyed a number of successful empirical studies. In this paper, we renew the promise of passthoughts authentication, outlining the main challenges that passthoughts must overcome in order to move from the lab to the real world. We propose two studies, which seek different angles at the fundamental questions we pose. Further, we propose it as a fruitful case study for thinking about what authentication can, and should, be expected to do, as it pushes up against questions of what sorts of "selves" authentication systems must be tasked with recognizing. Through this discussion, we raise novel possibilities for authentication broadly, such as "organic passwords" that change naturally over time, or systems that reject users who are not acting quite "like themselves."

References

[1]

Fadel Adib, Hongzi Mao, Zachary Kabelac, Dina Katabi, and Robert C Miller. 2015. Smart Homes that Monitor Breathing and Heart Rate. Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems - CHI '15 (2015), 837--846.

Digital Library

[2]

Sabrina S Ali, Michael Lifshitz, and Amir Raz. 2014. Empirical neuroenchantment: from reading minds to thinking critically. Frontiers in human neuroscience 8, May (may 2014), 357.

[3]

B Allison. 2009. The I of BCIs: Next Generation Interfaces for Brain---Computer Interface Systems That Adapt to Individual Users. In Proceedings of HCII'09, Julie A. Jacko (Ed.). Vol. 5611. Springer Berlin Heidelberg, Berlin, Heidelberg, 558--568. papers3://publication/uuid/443373BE-AE9B-40FB-B2BA-CF67CD92FCFE

Digital Library

[4]

Corey Ashby, Amit Bhatia, Francesco Tenore, and Jacob Vogelstein. 2011. Low-cost electroencephalogram (EEG) based authentication. In 2011 5th International IEEE/EMBS Conference on Neural Engineering, NER 2011. 442--445.

[5]

Tara Siegel Bernard. 2015. Giving Out Private Data for Discount in Insurance. (2015). http://www.nytimes.com/2015/04/08/your-money/giving-out-private-data-for-discount-in-insurance.html?

[6]

Hristo Bojinov, Daniel Sanchez, Paul Reber, Dan Boneh, and Patrick Lincoln. 2012. Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks. Proceedings of the 21st USENIX conference on Security symposium (2012), 1--13.

Digital Library

[7]

Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, and Frank Stajano. 2012. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings - IEEE Symposium on Security and Privacy. 553--567.

Digital Library

[8]

Tega Brain and Surya Mattu. 2015. Unfit Bits. (2015). http://www.unfitbits.com/ http://www.unfitbits.com/index.html

[9]

Luca Canzian and Mirco Musolesi. 2015. Trajectories of depression. Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing - UbiComp '15 (2015), 1293--1304.

Digital Library

[10]

Francesco Carrino, Joel Dumoulin, Elena Mugellini, Omar Abou Khaled, and Rolf Ingold. 2012. A self-paced BCI system to control an electric wheelchair: Evaluation of a commercial, low-cost EEG device. In 2012 ISSNIP Biosignals and Biorobotics Conference: Biosignals and Robotics for Better and Safer Living, BRC 2012. 1--6.

[11]

John Chuang. 2014. One-Step Two-Factor Authentication with Wearable Bio-Sensors. In Symposium on Usable Privacy and Security - SOUPS '14. https://cups.cs.cmu.edu/soups/2014/workshops/papers/biosensors

[12]

John Chuang, Hamilton Nguyen, Charles Wang, and Benjamin Johnson. 2013. I think, therefore I am: Usability and security of authentication using brainwaves. In International Conference on Financial Cryptography and Data Security. 1--16.

[13]

Kate Crawford. 2014. When Fitbit Is the Expert Witness. The Atlantic (nov 2014). http://www.theatlantic.com/technology/archive/2014/11/when-fitbit-is-the-expert-witness/382936/

[14]

Max T Curran, Jong-kai Yang, Nick Merrill, and John Chuang. {n. d.}. Passthoughts Authentication with Low Cost EarEEG. EMBC 2017 ({n. d.}).

[15]

Bryan Dosono, Jordan Hayes, and Yang Wang. 2015. "I'm Stuck !": A Contextual Inquiry of People with Visual Impairments in Authentication. Proceedings of the eleventh Symposium On Usable Privacy and Security (2015), 151--168.

[16]

Tony Doyle. 2011. Helen Nissenbaum, Privacy in Context: Technology, Policy, and the Integrity of Social Life. The Journal of Value Inquiry 45, 1 (2011), 97--102.

[17]

Cynthia Dwork and Aaron Roth. 2014. The Algorithmic Foundations of Differential Privacy. Foundations and Trends in Theoretical Computer Science 9, 2013 (2014), 211--407.

Digital Library

[18]

Deborah Estrin and Ida Sim. 2010. Health care delivery. Open mHealth architecture: an engine for health care innovation. PLoS Medicine 10, 2 (2010), e10011395.

[19]

Mick Grierson and Chris Kiefer. 2011. Better brain interfacing for the masses. In Proceedings of the 2011 annual conference extended abstracts on Human factors in computing systems - CHI EA '11 (CHI EA '11). ACM Press, New York, NY, USA, 1681.

Digital Library

[20]

Hilary Hutchinson, Benjamin B Bederson, Allison Druin, Catherine Plaisant, Wendy E. Mackay, Helen Evans, Heiko Hansen, Stéphane Conversy, Michel Beaudouin-Lafon, Nicolas Roussel, Loïc Lacomme, Björn Eiderbäck, Sinna Lindquist, Yngve Sundblad, Bosse Westerlund, Benjamin B Bederson, Allison Druin, Catherine Plaisant, Michel Beaudouin-Lafon, Stéphane Conversy, Helen Evans, Heiko Hansen, Nicolas Roussel, and Björn Eiderbäck. 2003. Technology probes: inspiring design for and with families. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '03) 5 (2003), 17--24.

Digital Library

[21]

Benjamin Johnson, Thomas Maillart, and John Chuang. 2014. My thoughts are not your thoughts. Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing Adjunct Publication - UbiComp '14 Adjunct (2014), 1329--1338.

Digital Library

[22]

P. Kidmose, D. Looney, L. Jochumsen, and D. P. Mandic. 2013. Ear-EEG from generic earpieces: a feasibility study. Conference proceedings: ... Annual International Conference of the IEEE Engineering in Medicine and Biology Society. IEEE Engineering in Medicine and Biology Society. Annual Conference 2013 (2013), 543--546.

[23]

Preben Kidmose, David Looney, Michael Ungstrup, Mike Lind Rank, and Danilo P. Mandic. 2013. A study of evoked potentials from ear-EEG. IEEE Transactions on Biomedical Engineering 60, 10 (2013), 2824--2830.

[24]

Antti Latvala, Ralf Kuja-Halkola, Catarina Almqvist, Henrik Larsson, and Paul Lichtenstein. 2015. A Longitudinal Study of Resting Heart Rate and Violent Criminality in More Than 700000 Men. JAMA Psychiatry 72, 10 (oct 2015), 917--8.

[25]

David Looney, Preben Kidmose, Cheolsoo Park, Michael Ungstrup, Mike Rank, Karin Rosenkranz, and Danilo Mandic. 2012. The in-the-ear recording concept: User-centered and wearable brain monitoring. IEEE Pulse 3, 6 (2012), 32--42.

[26]

D. Looney, C. Park, P. Kidmose, M. L. Rank, M. Ungstrup, K. Rosenkranz, and D. P. Mandic. 2011. An in-the-ear platform for recording electroencephalogram. In Proceedings of the Annual International Conference of the IEEE Engineering in Medicine and Biology Society, EMBS. 6882--6885.

[27]

Sébatien Marcel and José del R Millan. 2007. Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Transactions on Pattern Analysis and Machine Intelligence 29, 4 (2007), 743--748.

Digital Library

[28]

Vojkan Mihajlovic, Bernard Grundlehner, Ruud Vullers, and Julien Penders. 2015. Wearable, wireless EEG solutions in daily life applications: What are we missing? IEEE Journal of Biomedical and Health Informatics 19, 1 (2015), 6--21.

[29]

F. Monrose and a. Rubin. 1997. Authentication via keystroke dynamics. Proc. of the 4th ACM Conf. on Computer and Communications Security (1997), 48--56.

Digital Library

[30]

Florian Mormann, Christian E Elger, and Klaus Lehnertz. 2006. Seizure anticipation: from algorithms to clinical practice. Current opinion in neurology 19, 2 (2006), 187--193.

[31]

Dawn Nafus (Ed.). 2016. Quantified: Biosensing Technologies in Everyday Life. Vol.9. The MIT Press, Cambridge, MA. 116--131 pages.

Digital Library

[32]

Jaime Nafus, Dawn; Sherman. 2014. This One Does Not Go Up to 11: The Quantified Self Movement as an Alternative Big Data Practice. International Journal of Communication 8 (2014), 1--11.

[33]

Nymi. {n. d.}. Nymi Band - Always-On Authentication. ({n. d.}). https://nymi.com

[34]

Ramaswamy Palaniappan. 2008. Two-stage biometric authentication method using thought activity brain waves. International journal of neural systems 18, 1 (2008), 59--66.

[35]

M Poulos, M Rangoussi, N Alexandris, and a Evangelou. 2002. Person identification from the EEG using nonlinear signal classification. Methods of information in medicine 41, 1 (2002), 64--75.

[36]

Olivia Solon. 2015. Wearable Technology Creeps Into The Workplace. Bloomberg (aug 2015). http://www.bloomberg.com/news/articles/2015-08-07/wearable-technology-creeps-into-the-workplace

[37]

James Stables. 2016. The best biometric and heart rate monitoring headphones. (2016). http://www.wareable.com/headphones/best-sports-headphones

[38]

Robert T. Thibault, Michael Lifshitz, and Amir Raz. 2016. Body position alters human resting-state: Insights from multi-postural magnetoencephalography. Brain Imaging and Behavior 10, 3 (2016), 772--780.

[39]

Kalee Thompson. 2011. The Santa Cruz Experiment: Can a City's Crime Be Predicted and Prevented? Popular Science (oct 2011), 1--18. http://www.popsci.com/science/article/2011-10/santa-cruz-experiment?nopaging=1

[40]

Julie Thorpe, P C Van Oorschot, and Anil Somayaji. 2005. Pass-thoughts: authenticating with our minds. Proceedings of the 2005 workshop on New security paradigms (2005), 45--56.

Digital Library

[41]

Nigel Thrift. 2014. The 'sentient' city and what it may portend. Big Data and Society 1, June (apr 2014), 1--21.

[42]

Stephen Tu, M. Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich. 2013. Processing analytical queries over encrypted data. Proceedings of the VLDB Endowment 6, 5 (2013), 289--300.

Digital Library

[43]

UnifyID. 2017. UnifyID, a service that can authenticate you based on unique factors like the way you walk, type and sit. (2017). https://unify.id

[44]

L J P Van Der Maaten and G E Hinton. 2008. Visualizing high-dimensional data using t-sne. Journal of Machine Learning Research 9 (2008), 2579--2605.

[45]

C. Vidaurre, A. Schl??ogl, R. Cabeza, R. Scherer, and G. Pfurtscheller. 2006. A fully on-line adaptive BCI. IEEE Transactions on Biomedical Engineering 53, 6 (jun 2006), 1214--1219.

[46]

Brian Welsh. 2011. Black Mirror: The Entire History of You. (2011).

[47]

Gary Wolf. 2010. The Data-Driven Life. (apr 2010). http://www.nytimes.com/2010/05/02/magazine/02self-measurement-t.htmlhttp://www.nytimes.com/2010/05/02/magazine/02self-measurement-t.html?

Cited By

Arias-Cabarcos PFallahi MHabrich TSchulze KBecker CStrufe T(2023)Performance and Usability Evaluation of Brainwave Authentication Techniques with Consumer DevicesACM Transactions on Privacy and Security10.1145/357935626:3(1-36)Online publication date: 13-Mar-2023
https://dl.acm.org/doi/10.1145/3579356
Kablo EArias-Cabarcos PMeng WJensen CCremers CKirda E(2023)Privacy in the Age of Neurotechnology: Investigating Public Attitudes towards Brain Data Collection and UseProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623164(225-238)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623164
Sempreboni DViganò L(2020)Privacy, Security and Trust in the Internet of NeuronsSocio-Technical Aspects in Security and Trust10.1007/978-3-030-79318-0_11(191-205)Online publication date: 14-Sep-2020
https://dl.acm.org/doi/10.1007/978-3-030-79318-0_11
Show More Cited By

Index Terms

Is the Future of Authenticity All In Our Heads?: Moving Passthoughts From the Lab to the World
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy
  2. Security services
    1. Authentication
      1. Multi-factor authentication

Recommendations

A non-interactive deniable authentication scheme based on designated verifier proofs

A deniable authentication protocol enables a receiver to identify the source of the given messages but unable to prove to a third party the identity of the sender. In recent years, several non-interactive deniable authentication schemes have been ...
A new signature scheme without random oracles

Digital signature is commonly used for authentication of a user or data. In order to ensure the security of a signature scheme, it is important to design a signature scheme with a security proof. In 1999, Gennaro et al. and Cramer et al. respectively ...
Short designated verifier proxy signature from pairings
EUC'05: Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing

In a designated verifier proxy signature scheme, the original signer delegates her/his signing capability to the proxy signer in such a way that the latter can sign messages on behalf of the former, but only the designated verifier can believe the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

NSPW '17: Proceedings of the 2017 New Security Paradigms Workshop

October 2017

138 pages

ISBN:9781450363846

DOI:10.1145/3171533

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

NSF: National Science Foundation
ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

William and Flora Hewlitt Foundation
UC Berkeley Center for Long-Term Cybersecurity

Conference

NSPW '17

NSPW '17: 2017 New Security Paradigms Workshop

October 1 - 4, 2017

CA, Santa Cruz, USA

Acceptance Rates

Overall Acceptance Rate 98 of 265 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
134
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Arias-Cabarcos PFallahi MHabrich TSchulze KBecker CStrufe T(2023)Performance and Usability Evaluation of Brainwave Authentication Techniques with Consumer DevicesACM Transactions on Privacy and Security10.1145/357935626:3(1-36)Online publication date: 13-Mar-2023
https://dl.acm.org/doi/10.1145/3579356
Kablo EArias-Cabarcos PMeng WJensen CCremers CKirda E(2023)Privacy in the Age of Neurotechnology: Investigating Public Attitudes towards Brain Data Collection and UseProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623164(225-238)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623164
Sempreboni DViganò L(2020)Privacy, Security and Trust in the Internet of NeuronsSocio-Technical Aspects in Security and Trust10.1007/978-3-030-79318-0_11(191-205)Online publication date: 14-Sep-2020
https://dl.acm.org/doi/10.1007/978-3-030-79318-0_11
Merrill NChuang JMandryk RHancock MPerry MCox A(2018)From Scanning Brains to Reading MindsProceedings of the 2018 CHI Conference on Human Factors in Computing Systems10.1145/3173574.3173897(1-11)Online publication date: 21-Apr-2018
https://dl.acm.org/doi/10.1145/3173574.3173897
Alomari RVargas Martin M(2018)Classification of EEG Signals Using Neural Networks to Predict Password Memorability2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA)10.1109/ICMLA.2018.00126(791-796)Online publication date: Dec-2018
https://doi.org/10.1109/ICMLA.2018.00126
Piplani TMerill NChuang J(2018)Faking it, Making it: Fooling and Improving Brain-Based Authentication with Generative Adversarial Networks2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS)10.1109/BTAS.2018.8698606(1-7)Online publication date: 22-Oct-2018
https://dl.acm.org/doi/10.1109/BTAS.2018.8698606

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents