Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, we argue that the most secure cryptographic credentials are ones of which the users aren't even aware. On the basis of this argument, the objective of this research is to investigate a new psychophysiological approach for secure and trustworthy user authentication via non-volitional components of the electroencephalogram (EEG) brainwave responses. Specifically, the research examines how consistent these responses are over time and also formally assesses how unique they are to individuals. By identifying reproducible, unique features of the EEG, we are developing a method to accurately recognize and authenticate people by extracting time-invariant and context-invariant "brain passwords."
This research holds the potential to transform existing authentication systems into more secure, disclosure-resistant solutions; critical for high-security applications. The cross-disciplinary content of the work also, importantly, will allow us to strengthen our understanding of individual brain responses and apply this new knowledge into increasingly vulnerable cyberspace. This may lead to a far-reaching breakthrough in the possibility of "brain fingerprinting." Moreover, the investigators are taking active roles in nourishing the scholarship of underrepresented minorities and female students and making substantial efforts to integrate diversity in both educational and research activities.