Abstract
In recent years, the rapid proliferation of Brain-Computer Interface (BCI) applications has made the issue of security increasingly important. User authentication serves as the cornerstone of any secure BCI systems, and among various methods, EEG-based authentication is particularly well-suited for BCIs. However, existing paradigms, such as visual evoked potentials and motor imagery, demand significant user efforts during both enrollment and authentication phases. To address these challenges, we introduce a novel paradigm–Keystroke Evoked Potentials (KEP) for EEG-based authentication, which is secure, user-friendly, and lightweight. Then, we design an authentication system based on our proposed KEP. The core concept involves generating a shared cryptographic session key derived from EEG data and keystroke dynamics captured during random button-pressing activities. This shared key is subsequently employed in a Diffie-Hellman Encrypted Key Exchange (DH-EKE) to facilitate device pairing and establish a secure communication channel. Based on a collected dataset, the results demonstrate that our system is secure against various attacks (e.g., mimicry attack, replay attack) and efficient in practice (e.g., taking only 0.07 s to generate 1 bit).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Barker, E.: NIST Special Publication 800–57 Part 1 Revision 5: Recommendation for Key Management. https://doi.org/10.6028/NIST.SP.800-57pt1r5
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks (1992)
Bhalerao, S., Ansari, I., Kumar, A.: Protection of BCI system via reversible watermarking of EEG signal. Electron. Lett. 56(25), 1389–1392 (2020)
Bialas, K., Kedziora, M., Chalupnik, R., Song, H.H.: Multifactor authentication system using simplified EEG brain-computer interface. IEEE Trans. Hum. Mach. Syst. 52(5), 867–876 (2022)
Buciu, I., Gacsadi, A.: Biometrics systems and technologies: a survey. Int. J. Comput. Commun. Control 11(3), 315–330 (2016)
Casanova, A., Cascone, L., Castiglione, A., Meng, W., Pero, C.: User recognition based on periocular biometrics and touch dynamics. Pattern Recognit. Lett. 148, 114–120 (2021)
Chiu, W.-Y., Meng, W., Li, W.: I can think like you! Towards reaction spoofing attack on brainwave-based authentication. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds.) SpaCCS 2020. LNCS, vol. 12382, pp. 251–265. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68851-6_18
Cornelius, C.T., Kotz, D.F.: Recognizing whether sensors are on the same body. Pervasive Mob. Comput. 8(6), 822–836 (2012)
El-Fiqi, H., Wang, M., Salimi, N., Kasmarik, K., Barlow, M., Abbass, H.: Convolution neural networks for person identification and verification using steady state visual evoked potential. In: 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 1062–1069. IEEE (2018)
Gleerup, T., Li, W., Tan, J., Wang, Y.: Zoompass: A zoom-based android unlock scheme on smart devices. In: Su, C., Sakurai, K., Liu, F. (eds.) Science of Cyber Security - 4th International Conference, SciSec 2022, Matsue, Japan, August 10–12, 2022, Revised Selected Papers. Lecture Notes in Computer Science, vol. 13580, pp. 245–259. Springer, Cham (2022)
King, B.J., Read, G.J., Salmon, P.M.: The risks associated with the use of brain-computer interfaces: a systematic review. Int. J. Hum. Comput. Interact. 1–18 (2022)
Kirovski, D., Sinclair, M., Wilson, D.: The martini synch. Microsoft Research, Cambridge, UK, Tech. Rep. MSR-TR-2007-123 (2007)
Klonovs, J., Petersen, C.K., Olesen, H., Hammershøj, A.: ID proof on the Go: Development of a mobile EEG-based biometric authentication system. IEEE Veh. Technol. Mag. 8(1), 81–89 (2013)
Li, W., Gleerup, T., Tan, J., Wang, Y.: A security enhanced android unlock scheme based on pinch-to-zoom for smart devices. IEEE Trans. Consum. Electron. 1–9 (2023)
Li, W., Meng, W., Furnell, S.: Exploring touch-based behavioral authentication on smartphone email applications in IoT-enabled smart cities. Pattern Recognit. Lett. 144, 35–41 (2021)
Li, W., Tan, J., Meng, W., Wang, Y.: A swipe-based unlocking mechanism with supervised learning on smartphones: design and evaluation. J. Netw. Comput. Appl. 165, 102687 (2020)
Li, W., Tan, J., Meng, W., Wang, Yu., Li, J.: SwipeVLock: a supervised unlocking mechanism based on swipe behavior on smartphones. In: Chen, X., Huang, X., Zhang, J. (eds.) ML4CS 2019. LNCS, vol. 11806, pp. 140–153. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30619-9_11
Li, W., Tan, J., Zhu, N.: Double-x: Towards double-cross-based unlock mechanism on smartphones. In: Meng, W., Fischer-Hübner, S., Jensen, C.D. (eds.) ICT Systems Security and Privacy Protection - 37th IFIP TC 11 International Conference, SEC 2022, Copenhagen, Denmark, June 13–15, 2022, Proceedings. IFIP Advances in Information and Communication Technology, vol. 648, pp. 412–428. Springer, Cham (2022)
Li, W., Tan, J., Zhu, N.: Design of double-cross-based smartphone unlock mechanism. Comput. Secur. 129, 103204 (2023)
Li, W., Tan, J., Zhu, N., Wang, Yu.: Designing double-click-based unlocking mechanism on smartphones. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds.) SpaCCS 2020. LNCS, vol. 12383, pp. 573–585. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68884-4_47
Li, W., Wang, Y., Li, J., Xiang, Y.: Toward supervised shape-based behavioral authentication on smartphones. J. Inf. Secur. Appl. 55, 102591 (2020)
Li, W., Wang, Y., Tan, J., Zhu, N.: DCUS: evaluating double-click-based unlocking scheme on smartphones. Mob. Networks Appl. 27(1), 382–391 (2022)
Liew, S.H., Choo, Y.H., Low, Y.F., Yusoh, Z.I.M.: Identifying visual evoked potential (VEP) electrodes setting for person authentication. Int. J. Adv. Soft Comput. Appl 7(3), 85–99 (2015)
Lin, Q., et al.: H2B: heartbeat-based secret key generation using piezo vibration sensors. In: Proceedings of the 18th International Conference on Information Processing in Sensor Networks, pp. 265–276 (2019)
Meng, W., Li, W., Jiang, L., Zhou, J.: SocialAuth: designing touch behavioral smartphone user authentication based on social networking applications. In: Dhillon, G., Karlsson, F., Hedström, K., Zúquete, A. (eds.) SEC 2019. IAICT, vol. 562, pp. 180–193. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22312-0_13
Meng, W., Li, W., Kwok, L., Choo, K.R.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)
Meng, W., Li, W., Wong, D.S.: Enhancing touch behavioral authentication via cost-based intelligent mechanism on smartphones. Multim. Tools Appl. 77(23), 30167–30185 (2018)
Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 629–647. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_34
Meng, W., Liu, Z.: TMGMap: designing touch movement-based geographical password authentication on smartphones. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 373–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_23
Meng, W., Wang, Y., Wong, D.S., Wen, S., Xiang, Y.: TouchWB: touch behavioral user authentication based on web browsing on smartphones. J. Netw. Comput. Appl. 117, 1–9 (2018)
Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutorials 17(3), 1268–1293 (2015)
Meng, W., Wong, D.S., Kwok, L.: The effect of adaptive mechanism on behavioural biometric based mobile phone authentication. Inf. Manag. Comput. Secur. 22(2), 155–166 (2014)
Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_5
Muller-Putz, G.R., Scherer, R., Neuper, C., Pfurtscheller, G.: Steady-state somatosensory evoked potentials: suitable brain signals for brain-computer interfaces? IEEE Trans. Neural Syst. Rehabil. Eng. 14(1), 30–37 (2006)
Nakamura, T., Goverdovsky, V., Mandic, D.P.: In-ear EEG biometrics for feasible and readily collectable real-world person authentication. IEEE Trans. Inf. Forensics Secur. 13(3), 648–661 (2018)
Pham, T., Ma, W., Tran, D., Nguyen, P., Phung, D.Q.: Multi-factor EEG-based user authentication. In: 2014 International Joint Conference on Neural Networks, IJCNN 2014, Beijing, China, July 6–11, 2014, pp. 4029–4034. IEEE (2014)
Rostami, M., Juels, A., Koushanfar, F.: Heart-to-heart (H2H) authentication for implanted medical devices. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1099–1112 (2013)
Rukhin, A., et al.: A statistical test suite for random and pseudorandom number generators for cryptographic applications, vol. 22. US Department of Commerce, Technology Administration, National Institute of \(\ldots \) (2001)
Schürmann, D., Brüsch, A., Sigg, S., Wolf, L.: Bandana-body area network device-to-device authentication using natural gait. In: 2017 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 190–196. IEEE (2017)
Sun, Y., Meng, W., Li, W.: Designing in-air hand gesture-based user authentication system via convex hull. In: 19th Annual International Conference on Privacy, Security & Trust, PST 2022, Fredericton, NB, Canada, August 22–24, 2022, pp. 1–5. IEEE (2022)
Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems 30 (2017)
Wolpaw, J.R., del R. Millán, J., Ramsey, N.F.: Chapter 2 - brain-computer interfaces: Definitions and principles. In: Ramsey, N.F., del R. Millán, J. (eds.) Brain-Computer Interfaces, Handbook of Clinical Neurology, vol. 168, pp. 15–23. Elsevier (2020)
Wu, B., Meng, W., Chiu, W.: Towards enhanced EEG-based authentication with motor imagery brain-computer interface. In: Annual Computer Security Applications Conference, ACSAC 2022, Austin, TX, USA, December 5–9, 2022, pp. 799–812. ACM (2022)
Wu, Y., Lin, Q., Jia, H., Hassan, M., Hu, W.: Auto-key: using autoencoder to speed up gait-based key generation in body area networks. Proc. ACM Interact. Mob. Wearable Ubiquit. Technol. 4(1), 1–23 (2020)
Xu, W., Revadigar, G., Luo, C., Bergmann, N., Hu, W.: Walkie-talkie: motion-assisted automatic key generation for secure on-body device communication. In: 2016 15th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), pp. 1–12. IEEE (2016)
Yadav, V.K., Yadav, R.K., Chaurasia, B.K., Verma, S., Venkatesan, S.: MITM attack on modification of Diffie-Hellman key exchange algorithm. In: Communication, Networks and Computing: Second International Conference, CNC 2020, Gwalior, India, pp. 144–155 (2021)
Zhang, S., Sun, L., Mao, X., Hu, C., Liu, P., et al.: Review on EEG-based authentication technology. Comput. Intell. Neurosci. 2021, 20 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wu, J., Chiu, WY., Meng, W. (2024). KEP: Keystroke Evoked Potential for EEG-Based User Authentication. In: Vaidya, J., Gabbouj, M., Li, J. (eds) Artificial Intelligence Security and Privacy. AIS&P 2023. Lecture Notes in Computer Science, vol 14509. Springer, Singapore. https://doi.org/10.1007/978-981-99-9785-5_36
Download citation
DOI: https://doi.org/10.1007/978-981-99-9785-5_36
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-9784-8
Online ISBN: 978-981-99-9785-5
eBook Packages: Computer ScienceComputer Science (R0)