The document presents a novel user authentication method called pass-thoughts, which utilizes brain-computer interface (BCI) technology to transmit thoughts directly to a computer. It outlines the workings of BCIs, their applications, and compares them to existing authentication methods, highlighting both their advantages, such as shoulder surfing resistance, and disadvantages like the need for specialized hardware. The ultimate goal is to utilize unique brain signals for secure authentication, providing a more flexible and changeable alternative to traditional systems.

1. Authenticating With Our Minds
Designed By
-Jyothish sirigidi
AITAM Tekkali

2. A novel idea for user authentication called
pass-thoughts is presented now.
Recent advances in Brain-Computer
Interface (BCI) technology indicate that
there is potential for a new type of human-
computer interaction: a user transmitting
thoughts directly to a computer.

3. Overview of Brain Computer Interface
A brain-computer interface (BCI), sometimes
called a direct neural interface or a brain-
machine interface, is a direct communication
pathway between a human or animal brain and
an external device.
There are two types of BCIs
One Way BCIs
Two Way BCIs

4. Working of BCI
Cerebral electric activity is recorded via the
electroencephalogram (EEG): electrodes, attached to
the scalp, measure the electric signals of the brain.
The electrical activity in the brain is measured by 128
electrodes affixed to the person’s scalp, as for an
electroencephalogram (EEG).
These signals are amplified and transmitted to the
computer, which transforms them into device control
commands.
It is possible to operate devices which are connected to
the computer; such a communication can even be done
via the internet.

6. Possible applications for BCIs
Mental typewriter: that translates thoughts into
cursor movements on a computer screen, allowing
paralyzed patients to write texts.
To control a prosthetic device.
For creating a whole new class of video games.
Can be integrated in active car safety systems.

7. Video Games

8. Type Writer

9. Textual Passwords
Popularity is due to:
Low cost
User familiarity
Lack of other alternatives.
Limitations:
Passwords have low entropy in practice (making them
susceptible to dictionary attacks).
Often difficult to remember.
Vulnerable to “shoulder surfing”.
Acoustic attacks.

10. Graphical Passwords
People have a remarkable memory for pictures.
Recall-based graphical password schemes
include:
Draw-A-Secret
A user to click on parts of a presented image.
Limitations:
Graphical password schemes are vulnerable to
shoulder-surfing
Guessing attacks.

11. Biometric Systems
Authentication is done by using the unique
physical or behavioral characteristics of users
like:
 Fingerprints.
 Iris.
 Voice recognition.
 On-line (handwritten) signature verification.
 Keystroke dynamics.
Limitations:
They cannot be easily changed.
This characteristic, combined with the threat of theft
leaves biometrics unsuitable for remote authentication.

12. Smart Cards
Smart cards can be used to securely
authenticate users to remote servers, but
at the cost of per user hardware tokens.

13. Pass Thoughts: Authenticating With
Our Minds

14. There is uniqueness within our brains.
Two different thoughts by the same person to
result in distinguishable signals.
It is plausible that if two people think of the same
thing, the brain signals emitted would be
distinguishable.
A pass-thought could be the measured response
to a stimuli (e.g. pictures, music, video clips, or
the touch of raised pin patterns).

15. A pass-thought could belong to:
A language (as in textual passwords)
An image (as in graphical passwords)
A type of (imagined) movement
An abstract thought
An emotion
A memory
Pieces of music can be represented by a
thought.

16. Current Status of BCI Technology
The first research relating to BCIs appeared in the
1960’s.
It is still in its infancy for a variety of historic reasons:
 The chance of extracting a user’s intended message (i.e. a
yes/no answer to a question) from brain signals appeared to be
extremely remote.
 It is only in recent years that the cost of computers with sufficient
processing power to analyze electroencephalography (EEG)
signals in real-time has become affordable.
 There was not much resulting interest in the limited applications
that a first generation BCI was likely to offer.

17. Basic design of a BCI system

18. FESIBLE PASS THOUGHTS BASED
SYSTEM
Here pass-thoughts are considered exactly as password.
A scheme is proposed which uses evoked P300
potentials for a spelling device for the disabled.
WHAT IS P300??
P300 potential is a positive potential that is evoked
about 300ms after surprising or exciting event.
When the user sees the part of
their “pass-thought” highlighted
(see fig 3), a P300 spike is
generated for the spelling device.

19. The results of P300 potential spikes are silently recorded
and determined whether the user’s P300 firing matched
the expected template that represents the account’s
password.
This type of scheme could be used in conjunction with
either textual or graphical passwords, where a sequence
of letters, pictures, or points on a picture are highlighted
at random times.
Electrodes record the P300 spikes generated by the
user.

20. The results of BCI communication so far have low-bit
rates, thus a yes/no answer can be assumed.
 F is a set of P300 potentials.
Best algorithm to record P300 signals.
One-way hash function H is used to store the pass-
thought.
The hashed pass-thought H(R) is compared upon input
completion to stored pass-thought file hash for the user,
and login success occur if they match.

21. SECURITY ANALYSIS
A pass-thought system is unobservable and
resistant to shoulder-surfing attacks, acoustic
attacks, interception attacks.
Using such a scheme, even if a particular pass-
thought is successfully communicated, a social
engineer’s brain signal may be different than the
user upon thinking “the same thing”.
For these reasons, the size of pass-thought
space might be sufficiently large to protect
against most dictionary attacks.

22. Pass Thoughts: Authenticating With
Our Minds

23. FUTURE OF PASS THOUGHTS
The ultimate goal of pass-thought system is to extract
as much repeatable entropy as possible from a user’s
brain signals upon “entering” a thought.
A signal S is recorded from a BCI which is processed
into as many features F as possible.
From a series of repeated trials of entering pass-thought,
the largest matching number of features R will be
considered repeatable.
This R is a pass-thought,the repeatable subset of brain
signal features which is stored in the system using
“fuzzy” encryption.

24. Authentication token is provided to access device D.
To enable the device, pass-thought is used in place of
PIN number.
Candidate token may be cell phone or PDA, which
reduces risk of recording pass-thought in hardware tap.
This tapping problem is not solved by this solution, but
moves from per-system to pre-user.
Look and feel for hardware interface by providing
headphones.

25. Why Pass-Thoughts?
Primary benefits of pass-thoughts are visually
unobservable and silent.
Eye-gaze tracking.
Flexible nature of pass-thoughts. Increasing
complexity of pass-thought implies longer
thought.
Thoughts cannot be shared as they are not
describable by communication mediums.

26. MANY AREAS OF FUTURE WORK
Understanding brain phenomenon.
Acquisition of brain signals.
Extraction of features.
Algorithms to aid in repeatability of a “transmitted”
thought.
Careful in processing and extracting parts of the signal
which will decrease the amount of information provided
by pass-thought.
Low training time for user acceptance.

27. Conclusion
A user authenticates to a device by “transmitting” a
thought. This transmission would occur through a Brain
Computer Interface (BCI).
The advantages of pass-thoughts over many of the
existing authentication technologies include:
 Changeability.
 Shoulder surfing resistance.
 Protection against theft.
 User non-compliance.
Disadvantages of pass-thought authentication include
the requirement for a new hardware component
(including electrodes) to record the user’s brain signals.

28. Thank You…