- Email: [email protected]
A bio-signal based framework to secure mobile devices
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
Contents lists available at ScienceDirect
Journal of Network and Computer Applications journal homepage: www.elsevier.com/locate/jnca
A bio-signal based framework to secure mobile devices ⁎
Pradeep Kumara, , Rajkumar Sainia, Partha Pratim Roya, Debi Prosad Dograb a b
Department of Computer Science and Engineering, Indian Institute of Technology, Roorkee, India School of Electrical Sciences, Indian Institute of Technology, Bhubaneswar, India
A R T I C L E I N F O
A BS T RAC T
Keywords: Security of mobile devices EEG Authentication Security HMM SVM
Nowadays, mobile devices are often equipped with high-end processing units and large storage space. Mobile users usually store personal, official, and large amount of multimedia data. Security of such devices are mainly dependent on PIN (personal identification number), password, bio-metric data, or gestures/patterns. However, these mechanisms have a lot of security vulnerabilities and prone to various types of attacks such as shoulder surfing. The uniqueness of Electroencephalography (EEG) signal can be exploited to remove some of the drawbacks of the existing systems. Such signals can be recorded and transmitted through wireless medium for processing. In this paper, we propose a new framework to secure mobile devices using EEG signals along with existing pattern-based authentication. The pattern based authentication passwords are considered as identification tokens. We have investigated the use of EEG signals recorded during pattern drawing over the screen of the mobile device in the authentication phase. To accomplish this, we have collected EEG signals of 50 users while drawing different patterns. The robustness of the system has been evaluated against 2400 unauthorized attempts made by 30 unauthorized users who have tried to gain access of the device using known patterns of 20 genuine users. EEG signals are modeled using Hidden Markov Model (HMM), and using a binary classifier implemented with Support Vector Machine (SVM) to verify the authenticity of a test pattern. Verification performances are measured using three popular security matrices, namely Detection Error Tradeoff (DET), Half Total Error Rate (HTER), and Receiver Operating Characteristic (ROC) curves. Our experiments revel that, the method is promising and can be a possible alternative to develop robust authentication protocols for hand-held devices.
1. Introduction Personal authentication for the security of mobile or hand-held devices is becoming a major concern to the research community. It involves confirming the identity of a person by validating his/her identity such as textual passwords, gesture patterns, Personal Identification Numbers (PINs) or at best traditional bio-metric data including finger-print, iris recognition, etc. Current security mechanism are vulnerable to various types of attacks, namely shoulder surfing, injecting malicious codes for dictionary-based attacks on passwords or PINs, and pattern matching-based attacks. Though, bio-metric authentication systems usually help in reducing some of these vulnerabilities to some extent, however, such systems also have limitations. For example, finger-print and facial expression guided authentication systems are prone to wax molding, copying, and photography (Pham et al., 2014). Speech based authentication systems are easily targeted though mimicking. Moreover, some of these bio-metric information may get changed over time. Therefore, a robust authentication system can be quite handy if it is less prone to such vulnerabilities.
⁎
The development of Electroencephalography (EEG) sensor technology through wireless headsets and their connectivity with mobile devices has opened-up new ways of implementation of Brain Computer Interface (BCI) applications for gaming, security, or health-care. Traditionally, EEG signals are used in diagnosing diseases including coma, brain-disorders, migraine or epileptic seizure detection (Klonovs et al., 2012). Since brain signals represent the physiological and behavioral information about a person, therefore, these signals are widely used in developing biometric applications. In addition, Functional Magnetic Resonance Imaging (fMRI) (Neupane et al., 2014), Magnetoencephalography (MEG) (Henriksson et al., 2016) and Functional Near-Infrared Spectroscopy (fNIRS) (Serwadda et al., 2015) are other alternatives to measure the brain activity response towards a task. However, the associated cost, maintenance, portability issues, and technical complexities limit the use of such devices for the development of authentication system. In comparison, EEG offers high temporal resolution at low cost with fewer electrodes (i.e. 14), easy handling, wireless connectivity and lower maintenance cost. Moreover, the uniqueness, hard to intercept and un-intrusive
Corresponding author.
http://dx.doi.org/10.1016/j.jnca.2017.02.011 Received 15 September 2016; Received in revised form 20 January 2017; Accepted 18 February 2017 1084-8045/ © 2017 Elsevier Ltd. All rights reserved.
Please cite this article as: Kumar, P., Journal of Network and Computer Applications (2017), http://dx.doi.org/10.1016/j.jnca.2017.02.011
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
The development of mobile EEG-based bio-metric authentication system has been proposed in Klonovs et al. (2013) by combining the EEG signals with existing bio-metric techniques such as face detection and nearest field communication. The authors have developed mobile prototype system in which a user first swaps his/her Radio Frequency Identification (RFID) tag for identification. Next, the system proceeds for face and motion detection to validate an user. Finally, the EEG signals for 5 s are recorded against a picture shown on mobile screen for user verification purpose. However, instead of using a direct communication between mobile device and the EEG headset, the communication is done through a Internet Information Server (IIS) that is responsible for capturing and processing of EEG signals and sending back results to the mobile device. Therefore, the approach requires a user to roam around the communication range between the headset and the IIS server. In Jivanadham et al. (2013), the authors have developed an API that integrates bio-signals for user authentication in cloud computing environment using one round Zero Knowledge Protocol (ZKP). The whole system is divided into four levels where two levels are responsible for authentication and the rest two perform cartographic tasks. However, the API has several limitations such as interoperability issue, handling of multiple objects, and compatibility issues with Advanced Encryption Standard (AES) algorithm. In another similar work, Sohankar et al. (2015) have proposed a mobile device authentication system using EEG signals. The brain signals of 10 persons were recorded using a smart phone and then transferred to a server where the signals were decomposed in different frequency bands using Fast Fourier Transform (FFT). The authors have used Naive Bayes Classifier (NBC) for user authentication, where the accuracy ranges between 81–95% with varying length of EEG signals. However, no mental task was assigned to the users while recording of EEG signals. Thus, the system may not be stable and results may vary in different test trials. Authors of Hu et al. (2011) have developed a user authentication system using brain signal of 11 persons recorded using single electrode. The EEG signals were recorded in a mobile device and then transferred to a server for filtering purpose using Lowpass filer and Haar wavelets. Three different features, namely central frequency, maximum power, and total power have been computed on each of the three extracted frequency bands. The user authentication has been performed using NBC classifier with an accuracy of 83%. However, the approach is time consuming as it requires a testing EEG signal of at least 60 s long to authenticate a user. Rodrigues et al. (2016) have presented a person identification system using EEG signals. The authors have proposed a binary version of the Flower Pollination Algorithm to select the subset of channels that maximize the accuracy of the system. The identification task was performed using Optimum-Path Forest classifier with an accuracy of 87%. Similarly, the authors in Kaur et al. (2016) have proposed EEG based person identification system by analyzing music listening behavior of individuals. They have performed Discrete Wavelet Transform (DWT) analysis on the recorded signals and the identification was performed using HMM classifier. Song and Brandt-Pearce (2013) have developed a nonlinear equalizer systems that was based on a 2D discrete-time model of physical impairments in long-haul time and wavelength channel systems with periodic dispersion compensation and amplification using the thirdorder inverse Volterra theory. The equalizer was able to function on basic digital signal processing device. Wireless Sensor Networks (WSNs) have gained a large interest in many applications due to the advancement in communication technology (Wei and Qi, 2011). The global topology of the network is important to both sensor network applications and the implementation of networking functionalities (Wei et al., 2012). In Wei et al. (2014), the authors have proposed a queuing model on the basis of traffic model for Wireless Mesh Networks (WMNs). In their model, stations with boundless capacity were defined between gateway and common nodes based on the largest hop count from the gateways. However, other nodes were modeled as
properties of the EEG signals make them highly potential for biometric applications. Chuang et al. (2013) have proposed a user authentication system using EEG signals and they have tested their method on 15 participants while performing seven tasks. They have recorded Half Total Error Rate (HTER) of 1.1% when all seven tasks are considered together. Majority of the existing EEG bio-metric studies are based on recording of EEG signals while users are involved in tasks such as listening to music (Poikonen et al., 2016), performing mental task (Palaniappan, 2008), imaginary motor movements (Astigarraga et al., 2016) or Visual Evoked Potential (VEP) (Zúquete et al., 2010) within a predefined duration. However, assigning similar tasks to all users for a fixed duration does not give satisfactory results. This is because, either these tasks are not enjoyed by the participants or not performed in right-spirit that may result into noisy and distorted signals. In this paper, we propose a new authentication mechanism to secure the mobile devices using EEG signals while the users perform unlocking a mobile device through gesture patterns. While unlocking, user remembers his/her own unlocking pattern and then concentrate to draw the pattern properly on mobile device. The EEG signals recorded during this unlocking period provides a unique biometric property of the user. In this work, we process the recorded EEG signals while users perform unlocking and analyze them for authentication. This has opened-up a new way of authentication for hand-held devices. Our main contributions toward developing the system are as follows: 1. Our first contribution is the fusion of EEG signals with existing pattern matching based identification to authenticate users of mobile devices. Inclusion of EEG signal based authentication helps to avoid security attacks such as shoulder surfing, patter-matching, etc. 2. We have developed a novel system using Hidden Markov Model (HMM) to validate our proposal. The system has been compared with Support Vector Machine (SVM) to demonstrate its robustness. 3. Our final contribution is easy portability and applicability of our system to hand-held devices such as smart-phones against various types of known attacks. Rest of the paper is organized as follows: In Section 2, a summary of the EEG based biometric studies are presented. The proposed verification methodology along with feature extraction and preprocessing are explained in Section 3. Results are discussed in Section 4. Finally, we conclude in Section 5 along with discussions and future possibilities. 2. Related work Literature related to development of robust authentication systems using password, is rich in content. We discuss some of the popular authentication systems that use EEG as a feature. Thorpe et al. (2005) proposed the idea of using brain signals for user authentication. Their goal was to extract maximum entropy from a user's brain by transmitting thoughts. The authors have argued about feasibility of the system because the brain signals of an individual are unique in nature. In addition to this, researchers have used various stimuli generation for measuring specific brain patterns including mental task activity, motor imaginary movements, and VEPs. For example, Palaniappan and Mandic (2007) have examined the brain signals against visual stimulation for person identification. VEP signals of 102 users were recorded by showing black and white images of common objects. The authors have used sum and difference (SD) filter to remove noises, and power spectrum features were extracted for classification using k-Nearest Neighbor (k-NN) and Elman Neural Network (ENN) classifiers. Recently, the authors in Das et al. (2015) have investigated the use of EEG signals for person identification. Brain signals of 50 participants were recorded in two different sessions using visual stimulation and the performance was evaluated at different frequency bands. 2
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
by various researchers (Shedeed, 2011; Liao et al., 2012). It helps in breaking down an input signal into constituent sinusoidal signals of different frequencies. Before applying DFT, EEG signals are passed through a high-pass filter with a cut-off frequency of 0.16 Hz to remove the background offset. The high-pass filter typically filters out slow artifacts, such as electrogalvanic signals and movement artifacts that are occurred during signal acquisition. To ensure that the signal is band limited, a low-pass filter is also applied with a cut-off frequency equal to the highest frequency of interest (i.e. 40 Hz). Next, DFT is applied over the filtered data by applying a Hanning window (Barry et al., 2014) to eliminate the influence of the discontinuity of the data at the both ends. The computation of the Hanning window can be done using (1) with α = 0.5.
service stations with certain capacity. The adoption of cloud computing in medical education and research can bring satisfactory technical and user evaluations (Chang, 2014). Chang have utilized cloud computing platform for the study of brain segmentation into ten major regions. The system was able to highlight each brain region and can also adjust the intensity of segmentation for basic study of brain medicine. An improvement of 20% was recorded in learning satisfaction among medical students. 3. Proposed system In this section, we present the details of our proposed system to secure the access of mobile devices. In our system, the EEG signals of the users are simultaneously recorded while they perform unlocking operations through gesture patterns on their mobile phones. The system performs identification as well as verification. The unlocking pattern works as an identification token for the users who wants to access the mobile device. The pattern can be different or same among multiple users. The identification approach works well with 100% accuracy for genuine as well as impersonate users. For user verification, EEG signals are used because of their unique characteristics. Hence the verification phase helps in separating the genuine users from the forgers. The EEG signals are collected using an Emotive EPOC+ headset that consists of 14 electrodes. Internally an EEG EPOC signal is sampled at a frequency of 2048 Hz which is down-sampled to 128 Hz sampling frequency per channel. Therefore, we have recorded EEG signals from all 14 channels at a frequency of 128 samples per second by placing the electrodes at different positions over the scalp as per International 10–20 system (Badcock et al., 2013). The device is mounted over the head of a user as depicted in Fig. 1, where EEG signals are recorded simultaneously while the user draws his/her personalized identification pattern. The mobile device that has been used in our study runs Android over a Smartphone hardware. The device is connected to the EEG headset using Bluetooth technology and we capture the brain signals using EEG-Android APIs. A flow diagram of the proposed setup is depicted in Fig. 2.
⎛ 2πx ⎞ W (x ) = α − (1 − α )cos ⎜ ⎟ for 0 ≤ x ≤ N − 1 ⎝ N − 1⎠
(1)
The computation of DFT can be done using (2), N −1
Fv =
∑ fx
2π
e−j N vx (v = 0, 1 .., N − 1) (2)
x =0
where Fv is the DFT of the sequence fx and N is the length of function f i.e. the number of equally spaced samples of function f. On the basis of 2π Euler's formula, the term e−j N ux can be defined using (3). 2π
e−j N vx = cos(−
2π 2π vx ) + j sin(− vx ) N N
(3)
DFT analyzes the signals into different frequency bands, namely Theta(4–8 Hz), Alpha (9–12 Hz), Low-Beta (13–16 Hz), High-Beta (17–25 Hz) and Gamma (26–40 Hz). In Palaniappan and Mandic (2007), Yazdani et al. (2008), the variation in the gamma band waves are considered as important features. Inspired with this work, Gamma band features are considered in our work. Due to the presence of 14 electrodes in our sensor, we receive 14 EEG signals and thus, Gamma band consists of 14 dimensional feature vector Dg. An overview of all band waves after DFT analysis is presented in Fig. 3. 3.1.2. Statistical features Next, from each processed signal, we compute two statistical features, namely, mean and standard deviation. The details are as follows. 1. Mean (M): The Mean feature eliminates the presence of random errors in signals and it helps in achieving accurate results. Computation of this feature includes every time sample present in the signal and it is calculated using (4),
3.1. Feature extraction Raw EEG signals are noisy due to the presence of artifacts and electromagnetic fields originated from the body movements and surrounded devices. Therefore, the signals are preprocessed before feature extraction and further analysis. In this work, we have used DFT to process the signals. The details are as follows.
M=
3.1.1. Discrete fourier transform (DFT) DFT is a well known technique that is used to process EEG signals
1 N
N
∑ xi
(4)
i =1
where xi, N, and M represent ith sample number, total number of time samples, and Mean feature, respectively. 2. Standard Deviation (SD): This feature is used to compute the existence of variance present in EEG signals, and it is computed using (5),
⎛ 1 SD = ⎜⎜ ⎝n − 1
n
∑ i =1
1
⎞2 (xi − x )2 ⎟⎟ ⎠
(5)
where x, x , and n represent signal, mean and number of samples present. Above features are extracted for the feature vector Dg that result into a new feature vector Tg of 28 dimensions. 3.2. Classifier used for authentication analysis Fig. 1. A scenario when a user performs drawing his mobile secret and simultaneously EEG signals are recorded.
In this work we have used Hidden Markov Model (HMM) and Support Vector Machine (SVM) based classifiers to analyze the 3
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Fig. 2. A systematic overview of the proposed authentication system using brain waves.
verification approach. These classifiers are briefly explained as follows. Hidden Markov Model (HMM) classifier has been widely adopted by researchers for modeling temporal nature of EEG signals. The model can be defined as a set of finite states N with finite probability distribution at each state, and it is represented by λ = (π , A, B ), where π, A, and B represent the initial state probabilities, transition matrix, and emission probability matrix, respectively (Rabiner and Juang, 1986; Kumar et al., 2016). Baum-Welch algorithm has been applied during the training phase for optimization of probability of the observed sequence P (O|λ ). For a model λ, an observation sequence O = (O1, O2 , …On ) is modeled using Gaussian Mixture model (GMM) and is assumed to be generated using a sequence of states S = S1, S2, …SK of length K. Finally, the best likelihood corresponding to the feature vector sequence P (O|λ ), is computed using (6).
Q = argmaxP (O|λ ).
(6)
In this work, HMM classifier has been trained using Dg as mentioned previously. Support Vector Machine (SVM) is a binary classifier that can model linear as well as non-linear data by setting different kernel functions (Cortes and Vapnik, 1995). The classifier works by mapping the data into new feature space, where the separation between different classes is performed using a hyper-plane. If {xi , yi} for i = 1, …, j and yi ∈ (−1, 1) denote the training data, then it must satisfy (7) and (8),
wxi + b ≥ +1 for yi =+ 1
(7)
wxi + b ≤ −1 for yi = −1
(8)
where w and b represent the hyper-plane and offset parameters, respectively. The process of finding a decision boundary is done by maximizing the distance between two parallel hyper-planes and is done by minimizing ∥ w ∥2 . A general form of linear classification can be represented using (9), whereas non-linear classification is given in (10), where K denotes the kernel function.
f (x ) =
∑ ai yi (xi , x ) i
f (x ) =
∑ ai yi K (xi , x ) i
(9)
(10)
The SVM classifier has been used in this work to model the feature vector Tg.
Fig. 3. DFT based EEG signal decomposition into different band waves: (a) Theta band (b) Alpha band (c) Low Beta (d) High Beta (e) Gamma band.
4
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
pattern identity for the genuine user and Fig. 7(b) and (c) shows the EEG signals and pattern of unauthorized users. It can be observed from the figure that knowing the pattern identity of the genuine user the attackers will have different EEG signals. In addition to this, even after knowing the pattern the forged user could not know the genuine user's speed of sketching which results into different number of samples in EEG signals for unauthorized users. A scenario of this is shown in Fig. 8 for two genuine users marked as G, where the forged users have different EEG signal time samples. The time duration of these forged users are marked using F1, F 2, F 3, ….F 30 . There were 15 patterns selected by all genuine users that are shown in Fig. 9, 5 of the genuine users have repeated some of these patterns. A part of the dataset is made available online1 for the research community.
3.3. User authentication The authentication problem is also referred to as a verification problem that states, given a pair of identity and sample i.e. (identity, sample), the system must be able to determine the sample that provides a genuine match against the identity (Chuang et al., 2013). This is done by following a basic solution. Two samples of EEG signals of a single user have higher similarity measure than EEG signals of different users. In our system, the decision of the similarity measure is decided using a threshold (th) as given in (11), where μc, σc and C denote mean, standard deviation, and class of the genuine user, respectively. The user is considered to be a genuine, if it satisfies the condition given in (11), otherwise considered as a forger.
Xc − μc < th σc
4.2. Performance protocol
(11)
The performance of the authentication system is measured using popular security measures such as Half of Total Error Rate (HTER) and ROC curves obtained using False Reject Rate (FRR), False Accept Rate (FAR) and True Positive Rate (TPR). The details are as follows. 1. Evaluation of FRR: The assessment of the false rejection is done by considering the EEG signals of a genuine user at a time. The authentication system runs with user's genuine identity and it accepts if the (identity, sample) pair condition is satisfied. The FRR is defined as the average percentage of tests that are not successfully accepted by the verification system. 2. Evaluation of FAR: The assessment of false acceptance is done by focusing many users at a time because there is only one genuine user and multiple forgers. Hence possibility of false acceptance is more than the false rejection. In this work, the authentication system runs with a pair (identity, sample), where identity belongs to a genuine user and sample of EEG signals belongs to a forger. If the system works properly, the pair is rejected, otherwise FAR is equal to the average percentage of tests that are incorrectly accepted by the system. 3. Evaluation of TPR: The true positive rate is defined as the proportion of positive data samples that are correctly predicted by the authentication system and is given by (12),
3.3.1. Impersonation scenario Impersonation scenario occurs when an attacker attempts to access the mobile device of a user by knowing his/her identity. In this work, the identity of a user corresponds to his/her mobile's unlocking pattern. The attacker falsely access to this pattern identity using various attacks for identification. Next, the attacker tries to mimic the user's brain signal by wearing the EEG headset and try to fool the system for granting access by sending the (identity, sample) pair to authentication module. Such a scenario is depicted in Fig. 4, where a user wants to grant access by sketching target user pattern and the system perform authentication process on behalf of EEG recorded EEG signals and computed threshold (th) for granting access. 4. Results This section provides the details of the dataset collection, performance protocol and evaluation of the proposed authentication system using HTER, ROC and DET security matrices. These are discussed in following subsections. 4.1. Dataset collection
TPR =
In this work, we have collected the EEG signals of 50 users while they were drawing unlocking patterns on mobile. Out of these 50 users, 20 were considered as genuine users whereas rest were considered as forgers. The users were asked to stay in a relaxed state during recording. No fixed duration was applied during EEG signal recording since it depends on the length of the unlocking pattern. Therefore, EEG signals of varying lengths were recorded. All users belonged to the 20– 30 age group. Each genuine user repeated the experiment 10 times and corresponding EEG signals were recorded. Therefore, a total of 200 samples were collected. In this study, our main motivation was to investigate the use of EEG signals in user verification and to build a robust authentication system. Therefore, a total of 2400 (i.e. 30×4×20) forged attempts were produced by 30 forgers who knew the patterns of 20 genuine users. Each forged user has made 4 forgery attempts for each genuine user. The variation in the brain signals can be seen in Fig. 5. Here, we plot EEG signal information for two genuine users (they have different identification patterns) along with their brain activity heat-maps. The brain activity heat-map scale depicts the activeness in frontal lobe while drawing pattern when plotted between 4 and 7 Hz range. We also observed the EEG signals of two different users when they use same pattern for unlocking. Such an example of variations in two different signals is shown in Fig. 6, where both users have same mobile pattern. The dataset also contains forged attacking examples for users who knows the pattern identity of the target users. An example of forged attempt is depicted in Fig. 7, where Fig. 7(a) shows the EEG signals and
TP TP + FN
(12)
where TP and FN represent True Positive (correctly classified as positive ) and False Negative (incorrectly classified as negative), respectively. 4. Evaluation of HTER: HTER is used to measure the performance of the authentication system in various EEG signals based biometric systems (Chuang et al., 2013). The term can be defined using (13) as an average of two aforementioned error rates, namely FRR and FAR.
HTER =
FRR + FAR 2
(13)
5. Evaluation of ROC Curves: ROC curves are 2D curves in which TPR is plotted on Y-axis whereas FAR is plotted on X-axis. The graph represents the relative trade-offs between the true and false positive samples. Each classifier produces a pair of TPR and FAR values for a point in ROC space. A point in ROC curve is considered to be better than others if it has high TPR and low FAR. More details can be found in Fawcett (2006). 6. Evaluation of DET Curves: DET curves are used to measure the performance of the verification systems and are similar to ROC curves. The curve is a 2D plot between FRR and FAR along the Y and X-axis for all threshold values using a normal scale on each axis (Gafurov, 2010). The plot can be interpreted as a trade-off between 1
5
https://sites.google.com/site/iitrcsepradeep7/
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Fig. 4. A scenario of impersonation attempt for an unauthorized user who knows pattern of target user.
Fig. 5. Example of EEG signals and pattern passwords of two different users along with the brain activity heap-maps. On heat map scale ‘4’ (corresponding color) represent no activity whereas ‘7’ reflect high brain activity.
Fig. 6. Example of users having same pattern passwords but different brain signals and their brain activity maps.
4.3.1. Global threshold based authentication results The authentication performance has been evaluated using global threshold by comparing all the testing pairs of identities and EEG samples against a common threshold (th) for all target users. If the similarity measure (m) of the testing samples computed using Eq. (11) is greater than th, the authentication attempts are accepted, otherwise rejected. The performance is measured using HTER, ROC and DET curves. At best an HTER of 25% has been recoded for all forged attempts. The ROC curves between the TPR and FAR are computed using SVM and HMM classifiers as shown in Fig. 10. Note that, HMM based system performs better than SVM with TPR of 100% at 50%
FRR and FAR values. If the underlying score distribution is normal then the DET plot becomes linear which helps in better understanding of a system's performance. 4.3. Authentication results The authentication results are computed in two phases. Firstly, the results have been computed using a common threshold (th) for all users and is referred to as global threshold. Secondly, we compute the results on behalf of customized threshold (thi) for each user i and is referred as local threshold. The details are as follows. 6
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Fig. 7. Forgery example of attackers who know pattern of target user: (a) EEG signal and pattern of a genuine user (b) and (c) EEG signal and pattern of two unauthorized users.
Fig. 8. Time duration of EEG signal while drawing pattern (shown in top right corner) (a) and (b) Bar charts showing average length of recorded EEG signals for genuine and forged users.
7
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Fig. 9. Example of the patterns selected for mobile device identity by genuine users. The sequence of numbers on top of the pattern shows the path to draw the pattern.
FAR. Similarly, the DET curves between FRR and FAR are shown in Fig. 11, where 25% FRR is recorded with 10% of FAR when tested with HMM system. 4.3.2. Local threshold based authentication results Since the threshold value for each user varies, therefore, we have computed the authentication results using local threshold. This is performed by customizing thi for all genuine users ui (i = 1, 2, …, 20 ). Given a testing pair of identity and EEG sample for a target user ui, the similarity measure (m) has been computed using Eq. (11) and is compared with target's threshold measure thi. If m is greater than th of ith user, we accept the authentication attempt. If it is not, then we reject it. The performance of the authentication for all genuine users has been evaluated on a large collection of 2400 impersonation attempts. The performance in terms of HTER is shown in Table 1, where an average HTER has been recorded as 2.012% and 17.43% with HMM and SVM classifiers, respectively.
Fig. 10. Analysis of ROC curves for user authentication performance.
4.4. Statistical analysis and scalability test Student's t-test has been used to compute the results for statistical significance of the proposed framework. The test is commonly used for assessing whether the means of two groups are statistically different from each other. In this work, we have performed group comparison between authentication thresholds of genuine and forged users using Student's t-test for unpaired data. A two-tailed P value of less than 5% has been considered as significant (Chang et al., 2016). Differences between genuine and forged users have been found statistically significant with P < 0.01. In order to deal with the over-training or over-fitting problems, scalability test has been computed by varying the training data of genuine users from 2 to 8 samples of EEG signals and keeping the testing data fixed in all experiments. The results of the scalability test have been computed in terms of HTER using HMM and SVM classifiers as shown in Fig. 12. It can be seen from the Fig. 12 that HTER keeps on decreasing as the number of training samples increases. Minimum HTERs of 25% and 45% have been recorded using global threshold
Fig. 11. Analysis of DET curves for user authentication performance.
8
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Table 1 User verification performance based on the local threshold. User
FRR
FAR (HMM)
FAR (SVM)
HTER (HMM)
HTER (SVM)
User
FRR
FAR (HMM)
FAR (SVM)
HTER (HMM)
HTER (SVM)
U1 U2 U3 U4 U5 U6 U7 U8 U9 U10
0 0 0 0 0 0 0 0 0 0
0.1889 0 0.0545 0 0.0049 0.0411 0.0696 0.0370 0.0459 0
0.59 0.23 0.31 0.24 0.21 0.28 0.37 0.33 0.56 0.37
0.09445 0 0.0225 0 0.00245 0.02055 0.0348 0.0185 0.02295 0
0.295 0.115 0.155 0.12 0.105 0.14 0.185 0.165 0.28 0.185
U11 U12 U13 U14 U15 U16 U17 U18 U19 U20
0 0 0 0 0 0 0 0 0 0
0 0.0732 0.0625 0.0303 0 0.060 0.0402 0.043 0.031 0.0324
0.33 0.32 0.59 0.32 0.45 0.29 0.54 0.18 0.21 0.25
0 0.0366 0.03125 0.01515 0 0.03 0.0201 0.0215 0.0155 0.0162
0.165 0.16 0.295 0.16 0.225 0.145 0.27 0.09 0.105 0.125
5. Conclusion In this paper, we have proposed an authentication system for mobile devices using EEG signals. The key goal in this work is to investigate whether similar brain signals of a user can be produced by a forger by knowing the target user's identity pattern. For this, EEG signals of 50 users (20 genuine and 30 forgers) were recorded while they were drawing personalized unlocking patterns on mobile devices. The signals are recorded with the help of a Smartphone which was connected to the EEG headset using Bluetooth technology. The system was tested against a large number of forged patterns made by 30 forgers. The performance of the system was measured by customizing threshold using three standard bio-metric evaluation matrices, namely HTER, ROC and DET. Our work provides a plausible solution to a large range of devices that are not limited to mobile phones, but covers devices such as smart-band, smart watch or smart goggle that usually do not have conventional input systems. In addition to this, similar authentication system can be applied to laptops, desktop computers, home/office login security systems as well. In future, the work could be extended to authenticate a remote user using brain signals transmitted over the internet using secured network protocols.
Fig. 12. Scalability test for computing HTER by varying training samples of genuine users.
Table 2 Comparative analysis of proposed system with state of the art techniques. Author and year
Assigned task
Methodology
Time duration
Number of subjects
Accuracy (%)
Chuang et al. (2013) Sohankar et al. (2015) Proposed approach
Audio Tone Neutral Pattern sketching on mobile
Cosine Similarity FFT, NBC FFT, HMM and SVM
5s 5–60 s Variable (1–3 s)
15 10 50
32.2% Global HTER, 8.7% Local HTER 2–9% HTER 25% Global HTER 2.01 % Local HTER
References
based authentication on 8 training samples of each genuine users with the help of HMM and SVM classifiers, respectively.
Astigarraga, A., Arruti, A., Muguerza, Santana, J., Santana, R., Martin, J.I., Sierra, B., 2016. User adapted motor-imaginary brain-computer interface by means of eeg channel selection based on estimation of distributed algorithms, Mathematical Problems in Engineering 2016. Badcock, N.A., Mousikou, P., Mahajan, Y., de Lissa, P., Thie, J., McArthur, G., 2013. Validation of the emotiv EPOC® EEG gaming system for measuring research quality auditory ERPs, PeerJ 1 (2013) e38. Barry, R.J., de Blasio, F.M., de Pascalis, V., Karamacoska, D., 2014. Preferred EEG brain states at stimulus onset in a fixed interstimulus interval equiprobable auditory go/ nogo task: a definitive study. Int. J. Psychophysiol. 94 (1), 42–58. Chang, V., 2014. Cloud computing for brain segmentation-a perspective from the technology and evaluations. Int. J. Big Data Intell. 1 (4), 192–204. Chang, V., Walters, R.J., Wills, G.B., 2016. Organisational sustainability modellingan emerging service and analytics model for evaluating cloud computing adoption with two case studies. Int. J. Inf. Manag. 36 (1), 167–179. Chang, V., Brain segmentation-a case study of biomedical cloud computing for education and research. Chuang, J., Nguyen, H., Wang, C., Johnson, B., 2013. I think, therefore i am: Usability and security of authentication using brainwaves. In: International Conference on Financial Cryptography and Data Security, pp. 1–16. Cortes, C., Vapnik, V., 1995. Support-vector networks. Mach. Learn. 20 (3), 273–297. Das, R., Maiorana, E., La Rocca, D., Campisi, P., 2015. Eeg biometrics for user recognition using visually evoked potentials. In: International Conference of the Biometrics Special Interest Group, pp. 1–8.
4.5. Comparative analysis Here, we compare the proposed authentication system with other state of the art solutions. Though our scheme differs from them in two ways, we report them to get an idea of our performance. First, no fixed task was assigned to users while collecting EEG signals. Second, the signals were not recorded for fixed time duration. For example, in Chuang et al. (2013), all users were asked to listen an audio tone for 5 s. Since, in such systems users are not showing interest which results in more noisy signals due to involvement of participants in other activities such as rolling eyes, moving head etc. Similarly, in Sohankar et al. (2015), the users were asked to sit neutral for 2 min that seems to impossible because millions of thoughts comes in mind in every seconds. Thus, such system suffer in accuracy in different trials as user's thought process changed in successive trials. The comparison is shown in the Table 2, where the proposed approach outperforms in terms of number of users, HTER and in time duration. 9
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Poikonen, H., Alluri, V., Brattico, E., Lartillot, O., Tervaniemi, M., Huotilainen, M., 2016. Event-related brain responses while listening to entire pieces of music. Neuroscience 312, 58–73. Rabiner, L., Juang, B., 1986. An introduction to hidden markov models. IEEE Acoust., Speech, Signal Process. 3 (1), 4–16. Rodrigues, D., Silva, G.F., Papa, J.P., Marana, A.N., Yang, X.-S., 2016. Eeg-based person identification through binary flower pollination algorithm. Expert Syst. Appl. 62, 81–90. Serwadda, A., Phoha, V.V., Poudel, S., Hirshfield, L.M., Bandara, D., Bratt, S.E., Costa, M.R., 2015. fNIRS: A new modality for brain activity-based biometric authentication. In: Proceedings of the 7th International Conference on Biometrics Theory, Applications and Systems, pp. 1–7. Shedeed, H.A., 2011. A new method for person identification in a biometric security system based on brain EEG signal processing. In: World Congress on Information and Communication Technologies, pp. 1205–1210. Sohankar, J., Sadeghi, K., Banerjee, A., Gupta, S.K., 2015. E-bias: A pervasive EEG-based identification and authentication system. In: Proceedings of the 11th Symposium on QoS and Security for Wireless and Mobile Networks, pp. 165–172. Song, H., Brandt-Pearce, M., 2013. Model-centric nonlinear equalizer for coherent longhaul fiber-optic communication systems. In: 2013 IEEE Global Communications Conference (GLOBECOM), IEEE, pp. 2394–2399. Thorpe, J., van Oorschot, P.C., Somayaji, A., 2005. Pass-thoughts: authenticating with our minds. In: workshop on New security paradigms, pp. 45–56. Wei, W., Qi, Y., 2011. Information potential fields navigation in wireless ad-hoc sensor networks. Sensors 11 (5), 4794–4807. Wei, W., Yang, X.-L., Shen, P.-Y., Zhou, B., 2012. Holes detection in anisotropic sensornets: topological methods. Int. J. Distrib. Sens. Netw.. Wei, W., Xu, Q., Wang, L., Hei, X., Shen, P., Shi, W., Shan, L., 2014. Gi/geom/1 queue based on communication model for mesh networks. Int. J. Commun. Syst. 27 (11), 3013–3029. Yazdani, A., Roodaki, A., Rezatofighi, S., Misaghian, K., Setarehdan, S.K., 2008. Fisher linear discriminant based person identification using visual evoked potentials. In: Proceedings of the 9th International Conference on Signal Processing, pp. 1677– 1680. Zúquete, A., Quintela, B., da Silva Cunha, J.P., 2010. Biometric authentication using brain responses to visual stimuli. In: BIOSIGNALS, pp. 103–112.
Fawcett, T., 2006. An introduction to roc analysis. Pattern Recognit. Lett. 27 (8), 861–874. Gafurov, D., 2010. Emerging biometric modalities: Challenges and opportunities. In: Security Technology, Disaster Recovery and Business Continuity, pp. 29–38. Henriksson, L., Elander, K., Hari, R., 2016. Understanding visual scenes: a combined meg and eye-tracking study. J. Vis. 16 (12), 522. Hu, B., Mao, C., Campbell, W., Moore, P., Liu, L., Zhao, G., 2011. A pervasive EEG-based biometric system. In: International workshop on Ubiquitous affective awareness and intelligent interaction, pp. 17–24. Jivanadham, L., Islam, A.M., Katayama, Y., Komaki, S., Baharun, S., 2013. Cloud cognitive authenticator (CCA): A public cloud computing authentication mechanism. In: International Conference on Informatics, Electronics & Vision, pp. 1–6. Kaur, B., Singh, D., Roy, P.P., 2016. A novel framework of eeg-based user identification by analyzing music-listening behavior. Multimed. Tools Appl., 1–22. Klonovs, J., Petersen, C.K., Olesen, H., Hammershoj, A., 2013. ID proof on the go: development of a mobile EEG-based biometric authentication system. IEEE Veh. Technol. Mag. 8 (1), 81–89. Klonovs, J., Petersen, C.K., Olesen, H., Hammershøj, A.D., 2012. Development of a mobile eeg-based biometric authentication system. In: Wireless World Research Forum Meeting. Kumar, P., Gauba, H., Roy, P.P., Dogra, D.P., 2016. Coupled hmm-based multi-sensor data fusion for sign language recognition. Pattern Recognition Letters . Liao, L.-D., Chen, C.-Y., Wang, I.-J., Chen, S.-F., Li, S.-Y., Chen, B.-W., Chang, J.-Y., Lin, C.-T., 2012. Gaming control using a wearable and wireless EEG-based braincomputer interface device with novel dry foam-based sensors. J. Neuroeng. Rehabil. 9 (1), 1. Neupane, A., Saxena, N., Kuruvilla, K., Georgescu, M., Kana, R.K., 2014. Neural signatures of user-centered security: an fmri study of phishing, and malware warnings. In: NDSS. Palaniappan, R., 2008. Two-stage biometric authentication method using thought activity brain waves. Int. J. Neural Syst. 18 (01), 59–66. Palaniappan, R., Mandic, D.P., 2007. Biometrics from brain electrical activity: a machine learning approach. IEEE Trans. Pattern Anal. Mach. Intell. 29 (4), 738–742. Pham, T., Ma, W., Tran, D., Nguyen, P., Phung, D., 2014. Multi-factor eeg-based user authentication. In: International Joint Conference on Neural Networks, pp. 4029– 4034.
10
Contents lists available at ScienceDirect
Journal of Network and Computer Applications journal homepage: www.elsevier.com/locate/jnca
A bio-signal based framework to secure mobile devices ⁎
Pradeep Kumara, , Rajkumar Sainia, Partha Pratim Roya, Debi Prosad Dograb a b
Department of Computer Science and Engineering, Indian Institute of Technology, Roorkee, India School of Electrical Sciences, Indian Institute of Technology, Bhubaneswar, India
A R T I C L E I N F O
A BS T RAC T
Keywords: Security of mobile devices EEG Authentication Security HMM SVM
Nowadays, mobile devices are often equipped with high-end processing units and large storage space. Mobile users usually store personal, official, and large amount of multimedia data. Security of such devices are mainly dependent on PIN (personal identification number), password, bio-metric data, or gestures/patterns. However, these mechanisms have a lot of security vulnerabilities and prone to various types of attacks such as shoulder surfing. The uniqueness of Electroencephalography (EEG) signal can be exploited to remove some of the drawbacks of the existing systems. Such signals can be recorded and transmitted through wireless medium for processing. In this paper, we propose a new framework to secure mobile devices using EEG signals along with existing pattern-based authentication. The pattern based authentication passwords are considered as identification tokens. We have investigated the use of EEG signals recorded during pattern drawing over the screen of the mobile device in the authentication phase. To accomplish this, we have collected EEG signals of 50 users while drawing different patterns. The robustness of the system has been evaluated against 2400 unauthorized attempts made by 30 unauthorized users who have tried to gain access of the device using known patterns of 20 genuine users. EEG signals are modeled using Hidden Markov Model (HMM), and using a binary classifier implemented with Support Vector Machine (SVM) to verify the authenticity of a test pattern. Verification performances are measured using three popular security matrices, namely Detection Error Tradeoff (DET), Half Total Error Rate (HTER), and Receiver Operating Characteristic (ROC) curves. Our experiments revel that, the method is promising and can be a possible alternative to develop robust authentication protocols for hand-held devices.
1. Introduction Personal authentication for the security of mobile or hand-held devices is becoming a major concern to the research community. It involves confirming the identity of a person by validating his/her identity such as textual passwords, gesture patterns, Personal Identification Numbers (PINs) or at best traditional bio-metric data including finger-print, iris recognition, etc. Current security mechanism are vulnerable to various types of attacks, namely shoulder surfing, injecting malicious codes for dictionary-based attacks on passwords or PINs, and pattern matching-based attacks. Though, bio-metric authentication systems usually help in reducing some of these vulnerabilities to some extent, however, such systems also have limitations. For example, finger-print and facial expression guided authentication systems are prone to wax molding, copying, and photography (Pham et al., 2014). Speech based authentication systems are easily targeted though mimicking. Moreover, some of these bio-metric information may get changed over time. Therefore, a robust authentication system can be quite handy if it is less prone to such vulnerabilities.
⁎
The development of Electroencephalography (EEG) sensor technology through wireless headsets and their connectivity with mobile devices has opened-up new ways of implementation of Brain Computer Interface (BCI) applications for gaming, security, or health-care. Traditionally, EEG signals are used in diagnosing diseases including coma, brain-disorders, migraine or epileptic seizure detection (Klonovs et al., 2012). Since brain signals represent the physiological and behavioral information about a person, therefore, these signals are widely used in developing biometric applications. In addition, Functional Magnetic Resonance Imaging (fMRI) (Neupane et al., 2014), Magnetoencephalography (MEG) (Henriksson et al., 2016) and Functional Near-Infrared Spectroscopy (fNIRS) (Serwadda et al., 2015) are other alternatives to measure the brain activity response towards a task. However, the associated cost, maintenance, portability issues, and technical complexities limit the use of such devices for the development of authentication system. In comparison, EEG offers high temporal resolution at low cost with fewer electrodes (i.e. 14), easy handling, wireless connectivity and lower maintenance cost. Moreover, the uniqueness, hard to intercept and un-intrusive
Corresponding author.
http://dx.doi.org/10.1016/j.jnca.2017.02.011 Received 15 September 2016; Received in revised form 20 January 2017; Accepted 18 February 2017 1084-8045/ © 2017 Elsevier Ltd. All rights reserved.
Please cite this article as: Kumar, P., Journal of Network and Computer Applications (2017), http://dx.doi.org/10.1016/j.jnca.2017.02.011
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
The development of mobile EEG-based bio-metric authentication system has been proposed in Klonovs et al. (2013) by combining the EEG signals with existing bio-metric techniques such as face detection and nearest field communication. The authors have developed mobile prototype system in which a user first swaps his/her Radio Frequency Identification (RFID) tag for identification. Next, the system proceeds for face and motion detection to validate an user. Finally, the EEG signals for 5 s are recorded against a picture shown on mobile screen for user verification purpose. However, instead of using a direct communication between mobile device and the EEG headset, the communication is done through a Internet Information Server (IIS) that is responsible for capturing and processing of EEG signals and sending back results to the mobile device. Therefore, the approach requires a user to roam around the communication range between the headset and the IIS server. In Jivanadham et al. (2013), the authors have developed an API that integrates bio-signals for user authentication in cloud computing environment using one round Zero Knowledge Protocol (ZKP). The whole system is divided into four levels where two levels are responsible for authentication and the rest two perform cartographic tasks. However, the API has several limitations such as interoperability issue, handling of multiple objects, and compatibility issues with Advanced Encryption Standard (AES) algorithm. In another similar work, Sohankar et al. (2015) have proposed a mobile device authentication system using EEG signals. The brain signals of 10 persons were recorded using a smart phone and then transferred to a server where the signals were decomposed in different frequency bands using Fast Fourier Transform (FFT). The authors have used Naive Bayes Classifier (NBC) for user authentication, where the accuracy ranges between 81–95% with varying length of EEG signals. However, no mental task was assigned to the users while recording of EEG signals. Thus, the system may not be stable and results may vary in different test trials. Authors of Hu et al. (2011) have developed a user authentication system using brain signal of 11 persons recorded using single electrode. The EEG signals were recorded in a mobile device and then transferred to a server for filtering purpose using Lowpass filer and Haar wavelets. Three different features, namely central frequency, maximum power, and total power have been computed on each of the three extracted frequency bands. The user authentication has been performed using NBC classifier with an accuracy of 83%. However, the approach is time consuming as it requires a testing EEG signal of at least 60 s long to authenticate a user. Rodrigues et al. (2016) have presented a person identification system using EEG signals. The authors have proposed a binary version of the Flower Pollination Algorithm to select the subset of channels that maximize the accuracy of the system. The identification task was performed using Optimum-Path Forest classifier with an accuracy of 87%. Similarly, the authors in Kaur et al. (2016) have proposed EEG based person identification system by analyzing music listening behavior of individuals. They have performed Discrete Wavelet Transform (DWT) analysis on the recorded signals and the identification was performed using HMM classifier. Song and Brandt-Pearce (2013) have developed a nonlinear equalizer systems that was based on a 2D discrete-time model of physical impairments in long-haul time and wavelength channel systems with periodic dispersion compensation and amplification using the thirdorder inverse Volterra theory. The equalizer was able to function on basic digital signal processing device. Wireless Sensor Networks (WSNs) have gained a large interest in many applications due to the advancement in communication technology (Wei and Qi, 2011). The global topology of the network is important to both sensor network applications and the implementation of networking functionalities (Wei et al., 2012). In Wei et al. (2014), the authors have proposed a queuing model on the basis of traffic model for Wireless Mesh Networks (WMNs). In their model, stations with boundless capacity were defined between gateway and common nodes based on the largest hop count from the gateways. However, other nodes were modeled as
properties of the EEG signals make them highly potential for biometric applications. Chuang et al. (2013) have proposed a user authentication system using EEG signals and they have tested their method on 15 participants while performing seven tasks. They have recorded Half Total Error Rate (HTER) of 1.1% when all seven tasks are considered together. Majority of the existing EEG bio-metric studies are based on recording of EEG signals while users are involved in tasks such as listening to music (Poikonen et al., 2016), performing mental task (Palaniappan, 2008), imaginary motor movements (Astigarraga et al., 2016) or Visual Evoked Potential (VEP) (Zúquete et al., 2010) within a predefined duration. However, assigning similar tasks to all users for a fixed duration does not give satisfactory results. This is because, either these tasks are not enjoyed by the participants or not performed in right-spirit that may result into noisy and distorted signals. In this paper, we propose a new authentication mechanism to secure the mobile devices using EEG signals while the users perform unlocking a mobile device through gesture patterns. While unlocking, user remembers his/her own unlocking pattern and then concentrate to draw the pattern properly on mobile device. The EEG signals recorded during this unlocking period provides a unique biometric property of the user. In this work, we process the recorded EEG signals while users perform unlocking and analyze them for authentication. This has opened-up a new way of authentication for hand-held devices. Our main contributions toward developing the system are as follows: 1. Our first contribution is the fusion of EEG signals with existing pattern matching based identification to authenticate users of mobile devices. Inclusion of EEG signal based authentication helps to avoid security attacks such as shoulder surfing, patter-matching, etc. 2. We have developed a novel system using Hidden Markov Model (HMM) to validate our proposal. The system has been compared with Support Vector Machine (SVM) to demonstrate its robustness. 3. Our final contribution is easy portability and applicability of our system to hand-held devices such as smart-phones against various types of known attacks. Rest of the paper is organized as follows: In Section 2, a summary of the EEG based biometric studies are presented. The proposed verification methodology along with feature extraction and preprocessing are explained in Section 3. Results are discussed in Section 4. Finally, we conclude in Section 5 along with discussions and future possibilities. 2. Related work Literature related to development of robust authentication systems using password, is rich in content. We discuss some of the popular authentication systems that use EEG as a feature. Thorpe et al. (2005) proposed the idea of using brain signals for user authentication. Their goal was to extract maximum entropy from a user's brain by transmitting thoughts. The authors have argued about feasibility of the system because the brain signals of an individual are unique in nature. In addition to this, researchers have used various stimuli generation for measuring specific brain patterns including mental task activity, motor imaginary movements, and VEPs. For example, Palaniappan and Mandic (2007) have examined the brain signals against visual stimulation for person identification. VEP signals of 102 users were recorded by showing black and white images of common objects. The authors have used sum and difference (SD) filter to remove noises, and power spectrum features were extracted for classification using k-Nearest Neighbor (k-NN) and Elman Neural Network (ENN) classifiers. Recently, the authors in Das et al. (2015) have investigated the use of EEG signals for person identification. Brain signals of 50 participants were recorded in two different sessions using visual stimulation and the performance was evaluated at different frequency bands. 2
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
by various researchers (Shedeed, 2011; Liao et al., 2012). It helps in breaking down an input signal into constituent sinusoidal signals of different frequencies. Before applying DFT, EEG signals are passed through a high-pass filter with a cut-off frequency of 0.16 Hz to remove the background offset. The high-pass filter typically filters out slow artifacts, such as electrogalvanic signals and movement artifacts that are occurred during signal acquisition. To ensure that the signal is band limited, a low-pass filter is also applied with a cut-off frequency equal to the highest frequency of interest (i.e. 40 Hz). Next, DFT is applied over the filtered data by applying a Hanning window (Barry et al., 2014) to eliminate the influence of the discontinuity of the data at the both ends. The computation of the Hanning window can be done using (1) with α = 0.5.
service stations with certain capacity. The adoption of cloud computing in medical education and research can bring satisfactory technical and user evaluations (Chang, 2014). Chang have utilized cloud computing platform for the study of brain segmentation into ten major regions. The system was able to highlight each brain region and can also adjust the intensity of segmentation for basic study of brain medicine. An improvement of 20% was recorded in learning satisfaction among medical students. 3. Proposed system In this section, we present the details of our proposed system to secure the access of mobile devices. In our system, the EEG signals of the users are simultaneously recorded while they perform unlocking operations through gesture patterns on their mobile phones. The system performs identification as well as verification. The unlocking pattern works as an identification token for the users who wants to access the mobile device. The pattern can be different or same among multiple users. The identification approach works well with 100% accuracy for genuine as well as impersonate users. For user verification, EEG signals are used because of their unique characteristics. Hence the verification phase helps in separating the genuine users from the forgers. The EEG signals are collected using an Emotive EPOC+ headset that consists of 14 electrodes. Internally an EEG EPOC signal is sampled at a frequency of 2048 Hz which is down-sampled to 128 Hz sampling frequency per channel. Therefore, we have recorded EEG signals from all 14 channels at a frequency of 128 samples per second by placing the electrodes at different positions over the scalp as per International 10–20 system (Badcock et al., 2013). The device is mounted over the head of a user as depicted in Fig. 1, where EEG signals are recorded simultaneously while the user draws his/her personalized identification pattern. The mobile device that has been used in our study runs Android over a Smartphone hardware. The device is connected to the EEG headset using Bluetooth technology and we capture the brain signals using EEG-Android APIs. A flow diagram of the proposed setup is depicted in Fig. 2.
⎛ 2πx ⎞ W (x ) = α − (1 − α )cos ⎜ ⎟ for 0 ≤ x ≤ N − 1 ⎝ N − 1⎠
(1)
The computation of DFT can be done using (2), N −1
Fv =
∑ fx
2π
e−j N vx (v = 0, 1 .., N − 1) (2)
x =0
where Fv is the DFT of the sequence fx and N is the length of function f i.e. the number of equally spaced samples of function f. On the basis of 2π Euler's formula, the term e−j N ux can be defined using (3). 2π
e−j N vx = cos(−
2π 2π vx ) + j sin(− vx ) N N
(3)
DFT analyzes the signals into different frequency bands, namely Theta(4–8 Hz), Alpha (9–12 Hz), Low-Beta (13–16 Hz), High-Beta (17–25 Hz) and Gamma (26–40 Hz). In Palaniappan and Mandic (2007), Yazdani et al. (2008), the variation in the gamma band waves are considered as important features. Inspired with this work, Gamma band features are considered in our work. Due to the presence of 14 electrodes in our sensor, we receive 14 EEG signals and thus, Gamma band consists of 14 dimensional feature vector Dg. An overview of all band waves after DFT analysis is presented in Fig. 3. 3.1.2. Statistical features Next, from each processed signal, we compute two statistical features, namely, mean and standard deviation. The details are as follows. 1. Mean (M): The Mean feature eliminates the presence of random errors in signals and it helps in achieving accurate results. Computation of this feature includes every time sample present in the signal and it is calculated using (4),
3.1. Feature extraction Raw EEG signals are noisy due to the presence of artifacts and electromagnetic fields originated from the body movements and surrounded devices. Therefore, the signals are preprocessed before feature extraction and further analysis. In this work, we have used DFT to process the signals. The details are as follows.
M=
3.1.1. Discrete fourier transform (DFT) DFT is a well known technique that is used to process EEG signals
1 N
N
∑ xi
(4)
i =1
where xi, N, and M represent ith sample number, total number of time samples, and Mean feature, respectively. 2. Standard Deviation (SD): This feature is used to compute the existence of variance present in EEG signals, and it is computed using (5),
⎛ 1 SD = ⎜⎜ ⎝n − 1
n
∑ i =1
1
⎞2 (xi − x )2 ⎟⎟ ⎠
(5)
where x, x , and n represent signal, mean and number of samples present. Above features are extracted for the feature vector Dg that result into a new feature vector Tg of 28 dimensions. 3.2. Classifier used for authentication analysis Fig. 1. A scenario when a user performs drawing his mobile secret and simultaneously EEG signals are recorded.
In this work we have used Hidden Markov Model (HMM) and Support Vector Machine (SVM) based classifiers to analyze the 3
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Fig. 2. A systematic overview of the proposed authentication system using brain waves.
verification approach. These classifiers are briefly explained as follows. Hidden Markov Model (HMM) classifier has been widely adopted by researchers for modeling temporal nature of EEG signals. The model can be defined as a set of finite states N with finite probability distribution at each state, and it is represented by λ = (π , A, B ), where π, A, and B represent the initial state probabilities, transition matrix, and emission probability matrix, respectively (Rabiner and Juang, 1986; Kumar et al., 2016). Baum-Welch algorithm has been applied during the training phase for optimization of probability of the observed sequence P (O|λ ). For a model λ, an observation sequence O = (O1, O2 , …On ) is modeled using Gaussian Mixture model (GMM) and is assumed to be generated using a sequence of states S = S1, S2, …SK of length K. Finally, the best likelihood corresponding to the feature vector sequence P (O|λ ), is computed using (6).
Q = argmaxP (O|λ ).
(6)
In this work, HMM classifier has been trained using Dg as mentioned previously. Support Vector Machine (SVM) is a binary classifier that can model linear as well as non-linear data by setting different kernel functions (Cortes and Vapnik, 1995). The classifier works by mapping the data into new feature space, where the separation between different classes is performed using a hyper-plane. If {xi , yi} for i = 1, …, j and yi ∈ (−1, 1) denote the training data, then it must satisfy (7) and (8),
wxi + b ≥ +1 for yi =+ 1
(7)
wxi + b ≤ −1 for yi = −1
(8)
where w and b represent the hyper-plane and offset parameters, respectively. The process of finding a decision boundary is done by maximizing the distance between two parallel hyper-planes and is done by minimizing ∥ w ∥2 . A general form of linear classification can be represented using (9), whereas non-linear classification is given in (10), where K denotes the kernel function.
f (x ) =
∑ ai yi (xi , x ) i
f (x ) =
∑ ai yi K (xi , x ) i
(9)
(10)
The SVM classifier has been used in this work to model the feature vector Tg.
Fig. 3. DFT based EEG signal decomposition into different band waves: (a) Theta band (b) Alpha band (c) Low Beta (d) High Beta (e) Gamma band.
4
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
pattern identity for the genuine user and Fig. 7(b) and (c) shows the EEG signals and pattern of unauthorized users. It can be observed from the figure that knowing the pattern identity of the genuine user the attackers will have different EEG signals. In addition to this, even after knowing the pattern the forged user could not know the genuine user's speed of sketching which results into different number of samples in EEG signals for unauthorized users. A scenario of this is shown in Fig. 8 for two genuine users marked as G, where the forged users have different EEG signal time samples. The time duration of these forged users are marked using F1, F 2, F 3, ….F 30 . There were 15 patterns selected by all genuine users that are shown in Fig. 9, 5 of the genuine users have repeated some of these patterns. A part of the dataset is made available online1 for the research community.
3.3. User authentication The authentication problem is also referred to as a verification problem that states, given a pair of identity and sample i.e. (identity, sample), the system must be able to determine the sample that provides a genuine match against the identity (Chuang et al., 2013). This is done by following a basic solution. Two samples of EEG signals of a single user have higher similarity measure than EEG signals of different users. In our system, the decision of the similarity measure is decided using a threshold (th) as given in (11), where μc, σc and C denote mean, standard deviation, and class of the genuine user, respectively. The user is considered to be a genuine, if it satisfies the condition given in (11), otherwise considered as a forger.
Xc − μc < th σc
4.2. Performance protocol
(11)
The performance of the authentication system is measured using popular security measures such as Half of Total Error Rate (HTER) and ROC curves obtained using False Reject Rate (FRR), False Accept Rate (FAR) and True Positive Rate (TPR). The details are as follows. 1. Evaluation of FRR: The assessment of the false rejection is done by considering the EEG signals of a genuine user at a time. The authentication system runs with user's genuine identity and it accepts if the (identity, sample) pair condition is satisfied. The FRR is defined as the average percentage of tests that are not successfully accepted by the verification system. 2. Evaluation of FAR: The assessment of false acceptance is done by focusing many users at a time because there is only one genuine user and multiple forgers. Hence possibility of false acceptance is more than the false rejection. In this work, the authentication system runs with a pair (identity, sample), where identity belongs to a genuine user and sample of EEG signals belongs to a forger. If the system works properly, the pair is rejected, otherwise FAR is equal to the average percentage of tests that are incorrectly accepted by the system. 3. Evaluation of TPR: The true positive rate is defined as the proportion of positive data samples that are correctly predicted by the authentication system and is given by (12),
3.3.1. Impersonation scenario Impersonation scenario occurs when an attacker attempts to access the mobile device of a user by knowing his/her identity. In this work, the identity of a user corresponds to his/her mobile's unlocking pattern. The attacker falsely access to this pattern identity using various attacks for identification. Next, the attacker tries to mimic the user's brain signal by wearing the EEG headset and try to fool the system for granting access by sending the (identity, sample) pair to authentication module. Such a scenario is depicted in Fig. 4, where a user wants to grant access by sketching target user pattern and the system perform authentication process on behalf of EEG recorded EEG signals and computed threshold (th) for granting access. 4. Results This section provides the details of the dataset collection, performance protocol and evaluation of the proposed authentication system using HTER, ROC and DET security matrices. These are discussed in following subsections. 4.1. Dataset collection
TPR =
In this work, we have collected the EEG signals of 50 users while they were drawing unlocking patterns on mobile. Out of these 50 users, 20 were considered as genuine users whereas rest were considered as forgers. The users were asked to stay in a relaxed state during recording. No fixed duration was applied during EEG signal recording since it depends on the length of the unlocking pattern. Therefore, EEG signals of varying lengths were recorded. All users belonged to the 20– 30 age group. Each genuine user repeated the experiment 10 times and corresponding EEG signals were recorded. Therefore, a total of 200 samples were collected. In this study, our main motivation was to investigate the use of EEG signals in user verification and to build a robust authentication system. Therefore, a total of 2400 (i.e. 30×4×20) forged attempts were produced by 30 forgers who knew the patterns of 20 genuine users. Each forged user has made 4 forgery attempts for each genuine user. The variation in the brain signals can be seen in Fig. 5. Here, we plot EEG signal information for two genuine users (they have different identification patterns) along with their brain activity heat-maps. The brain activity heat-map scale depicts the activeness in frontal lobe while drawing pattern when plotted between 4 and 7 Hz range. We also observed the EEG signals of two different users when they use same pattern for unlocking. Such an example of variations in two different signals is shown in Fig. 6, where both users have same mobile pattern. The dataset also contains forged attacking examples for users who knows the pattern identity of the target users. An example of forged attempt is depicted in Fig. 7, where Fig. 7(a) shows the EEG signals and
TP TP + FN
(12)
where TP and FN represent True Positive (correctly classified as positive ) and False Negative (incorrectly classified as negative), respectively. 4. Evaluation of HTER: HTER is used to measure the performance of the authentication system in various EEG signals based biometric systems (Chuang et al., 2013). The term can be defined using (13) as an average of two aforementioned error rates, namely FRR and FAR.
HTER =
FRR + FAR 2
(13)
5. Evaluation of ROC Curves: ROC curves are 2D curves in which TPR is plotted on Y-axis whereas FAR is plotted on X-axis. The graph represents the relative trade-offs between the true and false positive samples. Each classifier produces a pair of TPR and FAR values for a point in ROC space. A point in ROC curve is considered to be better than others if it has high TPR and low FAR. More details can be found in Fawcett (2006). 6. Evaluation of DET Curves: DET curves are used to measure the performance of the verification systems and are similar to ROC curves. The curve is a 2D plot between FRR and FAR along the Y and X-axis for all threshold values using a normal scale on each axis (Gafurov, 2010). The plot can be interpreted as a trade-off between 1
5
https://sites.google.com/site/iitrcsepradeep7/
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Fig. 4. A scenario of impersonation attempt for an unauthorized user who knows pattern of target user.
Fig. 5. Example of EEG signals and pattern passwords of two different users along with the brain activity heap-maps. On heat map scale ‘4’ (corresponding color) represent no activity whereas ‘7’ reflect high brain activity.
Fig. 6. Example of users having same pattern passwords but different brain signals and their brain activity maps.
4.3.1. Global threshold based authentication results The authentication performance has been evaluated using global threshold by comparing all the testing pairs of identities and EEG samples against a common threshold (th) for all target users. If the similarity measure (m) of the testing samples computed using Eq. (11) is greater than th, the authentication attempts are accepted, otherwise rejected. The performance is measured using HTER, ROC and DET curves. At best an HTER of 25% has been recoded for all forged attempts. The ROC curves between the TPR and FAR are computed using SVM and HMM classifiers as shown in Fig. 10. Note that, HMM based system performs better than SVM with TPR of 100% at 50%
FRR and FAR values. If the underlying score distribution is normal then the DET plot becomes linear which helps in better understanding of a system's performance. 4.3. Authentication results The authentication results are computed in two phases. Firstly, the results have been computed using a common threshold (th) for all users and is referred to as global threshold. Secondly, we compute the results on behalf of customized threshold (thi) for each user i and is referred as local threshold. The details are as follows. 6
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Fig. 7. Forgery example of attackers who know pattern of target user: (a) EEG signal and pattern of a genuine user (b) and (c) EEG signal and pattern of two unauthorized users.
Fig. 8. Time duration of EEG signal while drawing pattern (shown in top right corner) (a) and (b) Bar charts showing average length of recorded EEG signals for genuine and forged users.
7
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Fig. 9. Example of the patterns selected for mobile device identity by genuine users. The sequence of numbers on top of the pattern shows the path to draw the pattern.
FAR. Similarly, the DET curves between FRR and FAR are shown in Fig. 11, where 25% FRR is recorded with 10% of FAR when tested with HMM system. 4.3.2. Local threshold based authentication results Since the threshold value for each user varies, therefore, we have computed the authentication results using local threshold. This is performed by customizing thi for all genuine users ui (i = 1, 2, …, 20 ). Given a testing pair of identity and EEG sample for a target user ui, the similarity measure (m) has been computed using Eq. (11) and is compared with target's threshold measure thi. If m is greater than th of ith user, we accept the authentication attempt. If it is not, then we reject it. The performance of the authentication for all genuine users has been evaluated on a large collection of 2400 impersonation attempts. The performance in terms of HTER is shown in Table 1, where an average HTER has been recorded as 2.012% and 17.43% with HMM and SVM classifiers, respectively.
Fig. 10. Analysis of ROC curves for user authentication performance.
4.4. Statistical analysis and scalability test Student's t-test has been used to compute the results for statistical significance of the proposed framework. The test is commonly used for assessing whether the means of two groups are statistically different from each other. In this work, we have performed group comparison between authentication thresholds of genuine and forged users using Student's t-test for unpaired data. A two-tailed P value of less than 5% has been considered as significant (Chang et al., 2016). Differences between genuine and forged users have been found statistically significant with P < 0.01. In order to deal with the over-training or over-fitting problems, scalability test has been computed by varying the training data of genuine users from 2 to 8 samples of EEG signals and keeping the testing data fixed in all experiments. The results of the scalability test have been computed in terms of HTER using HMM and SVM classifiers as shown in Fig. 12. It can be seen from the Fig. 12 that HTER keeps on decreasing as the number of training samples increases. Minimum HTERs of 25% and 45% have been recorded using global threshold
Fig. 11. Analysis of DET curves for user authentication performance.
8
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Table 1 User verification performance based on the local threshold. User
FRR
FAR (HMM)
FAR (SVM)
HTER (HMM)
HTER (SVM)
User
FRR
FAR (HMM)
FAR (SVM)
HTER (HMM)
HTER (SVM)
U1 U2 U3 U4 U5 U6 U7 U8 U9 U10
0 0 0 0 0 0 0 0 0 0
0.1889 0 0.0545 0 0.0049 0.0411 0.0696 0.0370 0.0459 0
0.59 0.23 0.31 0.24 0.21 0.28 0.37 0.33 0.56 0.37
0.09445 0 0.0225 0 0.00245 0.02055 0.0348 0.0185 0.02295 0
0.295 0.115 0.155 0.12 0.105 0.14 0.185 0.165 0.28 0.185
U11 U12 U13 U14 U15 U16 U17 U18 U19 U20
0 0 0 0 0 0 0 0 0 0
0 0.0732 0.0625 0.0303 0 0.060 0.0402 0.043 0.031 0.0324
0.33 0.32 0.59 0.32 0.45 0.29 0.54 0.18 0.21 0.25
0 0.0366 0.03125 0.01515 0 0.03 0.0201 0.0215 0.0155 0.0162
0.165 0.16 0.295 0.16 0.225 0.145 0.27 0.09 0.105 0.125
5. Conclusion In this paper, we have proposed an authentication system for mobile devices using EEG signals. The key goal in this work is to investigate whether similar brain signals of a user can be produced by a forger by knowing the target user's identity pattern. For this, EEG signals of 50 users (20 genuine and 30 forgers) were recorded while they were drawing personalized unlocking patterns on mobile devices. The signals are recorded with the help of a Smartphone which was connected to the EEG headset using Bluetooth technology. The system was tested against a large number of forged patterns made by 30 forgers. The performance of the system was measured by customizing threshold using three standard bio-metric evaluation matrices, namely HTER, ROC and DET. Our work provides a plausible solution to a large range of devices that are not limited to mobile phones, but covers devices such as smart-band, smart watch or smart goggle that usually do not have conventional input systems. In addition to this, similar authentication system can be applied to laptops, desktop computers, home/office login security systems as well. In future, the work could be extended to authenticate a remote user using brain signals transmitted over the internet using secured network protocols.
Fig. 12. Scalability test for computing HTER by varying training samples of genuine users.
Table 2 Comparative analysis of proposed system with state of the art techniques. Author and year
Assigned task
Methodology
Time duration
Number of subjects
Accuracy (%)
Chuang et al. (2013) Sohankar et al. (2015) Proposed approach
Audio Tone Neutral Pattern sketching on mobile
Cosine Similarity FFT, NBC FFT, HMM and SVM
5s 5–60 s Variable (1–3 s)
15 10 50
32.2% Global HTER, 8.7% Local HTER 2–9% HTER 25% Global HTER 2.01 % Local HTER
References
based authentication on 8 training samples of each genuine users with the help of HMM and SVM classifiers, respectively.
Astigarraga, A., Arruti, A., Muguerza, Santana, J., Santana, R., Martin, J.I., Sierra, B., 2016. User adapted motor-imaginary brain-computer interface by means of eeg channel selection based on estimation of distributed algorithms, Mathematical Problems in Engineering 2016. Badcock, N.A., Mousikou, P., Mahajan, Y., de Lissa, P., Thie, J., McArthur, G., 2013. Validation of the emotiv EPOC® EEG gaming system for measuring research quality auditory ERPs, PeerJ 1 (2013) e38. Barry, R.J., de Blasio, F.M., de Pascalis, V., Karamacoska, D., 2014. Preferred EEG brain states at stimulus onset in a fixed interstimulus interval equiprobable auditory go/ nogo task: a definitive study. Int. J. Psychophysiol. 94 (1), 42–58. Chang, V., 2014. Cloud computing for brain segmentation-a perspective from the technology and evaluations. Int. J. Big Data Intell. 1 (4), 192–204. Chang, V., Walters, R.J., Wills, G.B., 2016. Organisational sustainability modellingan emerging service and analytics model for evaluating cloud computing adoption with two case studies. Int. J. Inf. Manag. 36 (1), 167–179. Chang, V., Brain segmentation-a case study of biomedical cloud computing for education and research. Chuang, J., Nguyen, H., Wang, C., Johnson, B., 2013. I think, therefore i am: Usability and security of authentication using brainwaves. In: International Conference on Financial Cryptography and Data Security, pp. 1–16. Cortes, C., Vapnik, V., 1995. Support-vector networks. Mach. Learn. 20 (3), 273–297. Das, R., Maiorana, E., La Rocca, D., Campisi, P., 2015. Eeg biometrics for user recognition using visually evoked potentials. In: International Conference of the Biometrics Special Interest Group, pp. 1–8.
4.5. Comparative analysis Here, we compare the proposed authentication system with other state of the art solutions. Though our scheme differs from them in two ways, we report them to get an idea of our performance. First, no fixed task was assigned to users while collecting EEG signals. Second, the signals were not recorded for fixed time duration. For example, in Chuang et al. (2013), all users were asked to listen an audio tone for 5 s. Since, in such systems users are not showing interest which results in more noisy signals due to involvement of participants in other activities such as rolling eyes, moving head etc. Similarly, in Sohankar et al. (2015), the users were asked to sit neutral for 2 min that seems to impossible because millions of thoughts comes in mind in every seconds. Thus, such system suffer in accuracy in different trials as user's thought process changed in successive trials. The comparison is shown in the Table 2, where the proposed approach outperforms in terms of number of users, HTER and in time duration. 9
Journal of Network and Computer Applications xxx (xxxx) xxx–xxx
P. Kumar et al.
Poikonen, H., Alluri, V., Brattico, E., Lartillot, O., Tervaniemi, M., Huotilainen, M., 2016. Event-related brain responses while listening to entire pieces of music. Neuroscience 312, 58–73. Rabiner, L., Juang, B., 1986. An introduction to hidden markov models. IEEE Acoust., Speech, Signal Process. 3 (1), 4–16. Rodrigues, D., Silva, G.F., Papa, J.P., Marana, A.N., Yang, X.-S., 2016. Eeg-based person identification through binary flower pollination algorithm. Expert Syst. Appl. 62, 81–90. Serwadda, A., Phoha, V.V., Poudel, S., Hirshfield, L.M., Bandara, D., Bratt, S.E., Costa, M.R., 2015. fNIRS: A new modality for brain activity-based biometric authentication. In: Proceedings of the 7th International Conference on Biometrics Theory, Applications and Systems, pp. 1–7. Shedeed, H.A., 2011. A new method for person identification in a biometric security system based on brain EEG signal processing. In: World Congress on Information and Communication Technologies, pp. 1205–1210. Sohankar, J., Sadeghi, K., Banerjee, A., Gupta, S.K., 2015. E-bias: A pervasive EEG-based identification and authentication system. In: Proceedings of the 11th Symposium on QoS and Security for Wireless and Mobile Networks, pp. 165–172. Song, H., Brandt-Pearce, M., 2013. Model-centric nonlinear equalizer for coherent longhaul fiber-optic communication systems. In: 2013 IEEE Global Communications Conference (GLOBECOM), IEEE, pp. 2394–2399. Thorpe, J., van Oorschot, P.C., Somayaji, A., 2005. Pass-thoughts: authenticating with our minds. In: workshop on New security paradigms, pp. 45–56. Wei, W., Qi, Y., 2011. Information potential fields navigation in wireless ad-hoc sensor networks. Sensors 11 (5), 4794–4807. Wei, W., Yang, X.-L., Shen, P.-Y., Zhou, B., 2012. Holes detection in anisotropic sensornets: topological methods. Int. J. Distrib. Sens. Netw.. Wei, W., Xu, Q., Wang, L., Hei, X., Shen, P., Shi, W., Shan, L., 2014. Gi/geom/1 queue based on communication model for mesh networks. Int. J. Commun. Syst. 27 (11), 3013–3029. Yazdani, A., Roodaki, A., Rezatofighi, S., Misaghian, K., Setarehdan, S.K., 2008. Fisher linear discriminant based person identification using visual evoked potentials. In: Proceedings of the 9th International Conference on Signal Processing, pp. 1677– 1680. Zúquete, A., Quintela, B., da Silva Cunha, J.P., 2010. Biometric authentication using brain responses to visual stimuli. In: BIOSIGNALS, pp. 103–112.
Fawcett, T., 2006. An introduction to roc analysis. Pattern Recognit. Lett. 27 (8), 861–874. Gafurov, D., 2010. Emerging biometric modalities: Challenges and opportunities. In: Security Technology, Disaster Recovery and Business Continuity, pp. 29–38. Henriksson, L., Elander, K., Hari, R., 2016. Understanding visual scenes: a combined meg and eye-tracking study. J. Vis. 16 (12), 522. Hu, B., Mao, C., Campbell, W., Moore, P., Liu, L., Zhao, G., 2011. A pervasive EEG-based biometric system. In: International workshop on Ubiquitous affective awareness and intelligent interaction, pp. 17–24. Jivanadham, L., Islam, A.M., Katayama, Y., Komaki, S., Baharun, S., 2013. Cloud cognitive authenticator (CCA): A public cloud computing authentication mechanism. In: International Conference on Informatics, Electronics & Vision, pp. 1–6. Kaur, B., Singh, D., Roy, P.P., 2016. A novel framework of eeg-based user identification by analyzing music-listening behavior. Multimed. Tools Appl., 1–22. Klonovs, J., Petersen, C.K., Olesen, H., Hammershoj, A., 2013. ID proof on the go: development of a mobile EEG-based biometric authentication system. IEEE Veh. Technol. Mag. 8 (1), 81–89. Klonovs, J., Petersen, C.K., Olesen, H., Hammershøj, A.D., 2012. Development of a mobile eeg-based biometric authentication system. In: Wireless World Research Forum Meeting. Kumar, P., Gauba, H., Roy, P.P., Dogra, D.P., 2016. Coupled hmm-based multi-sensor data fusion for sign language recognition. Pattern Recognition Letters . Liao, L.-D., Chen, C.-Y., Wang, I.-J., Chen, S.-F., Li, S.-Y., Chen, B.-W., Chang, J.-Y., Lin, C.-T., 2012. Gaming control using a wearable and wireless EEG-based braincomputer interface device with novel dry foam-based sensors. J. Neuroeng. Rehabil. 9 (1), 1. Neupane, A., Saxena, N., Kuruvilla, K., Georgescu, M., Kana, R.K., 2014. Neural signatures of user-centered security: an fmri study of phishing, and malware warnings. In: NDSS. Palaniappan, R., 2008. Two-stage biometric authentication method using thought activity brain waves. Int. J. Neural Syst. 18 (01), 59–66. Palaniappan, R., Mandic, D.P., 2007. Biometrics from brain electrical activity: a machine learning approach. IEEE Trans. Pattern Anal. Mach. Intell. 29 (4), 738–742. Pham, T., Ma, W., Tran, D., Nguyen, P., Phung, D., 2014. Multi-factor eeg-based user authentication. In: International Joint Conference on Neural Networks, pp. 4029– 4034.
10