Abstract
The election of strong passwords is a challenging task for humans that could undermine the secure online subscription to services in mobile applications. Composition rules and dictionaries help to choose stronger passwords, although at the cost of the easiness to memorize them. When high-performance computers are not available, such as in mobile scenarios, the problem is even worse because mobile devices typically lack good enough entropy sources. Then, the goal is to obtain strong passwords with the best efficiency in terms of level of entropy per character unit. In this study, we propose the use neuro-activity as source of entropy for the efficient generation of strong passwords. In our experiment we used the NIST test suite to compare binary random sequences extracted from neuro-activity by means of a mobile brain-computer interface with (i) strong passwords manually generated with restrictions based on dictionary and composition rules and (ii) passwords generated automatically by a mathematical software running on a work station. The results showed that random sequences based on neuro-activity were much more suitable for the generation of strong passwords than those generated by humans and were as strong as those generated by a computer. Also, the rate at which random bits were generated by neuro-activity (4 Kbps) was much faster than the passwords manually generated. Thus, just a very small fraction of the time and cognitive workload caused to manually generate a password has enough entropy for the generation of stronger, shorter and easier to remember passwords. We conclude that in either mobile scenarios or when good enough entropy sources are not available the use of neuro-activity is an efficient option for the generation of strong passwords.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chang, C.-C., Wu, H.-L., Sun, C.-Y.: Notes on secure authentication scheme for IoT and cloud servers. Pervasive Mob. Comput. 24, 210–223 (2016)
Altop, D.K., Levi, A., Tuzcu, V.: Deriving cryptographic keys from physiological signals. Pervasive and Mobile Computing (2016)
Zheng, G., Fang, G., Shankaran, R., Orgun, M., Zhou, J., Qiao, L., Saleem, K.: Multiple ECG fiducial points based random binary sequence generation for securing wireless body area networks. IEEE J. Biomed. Health Inf. 1–9 (2016)
Venkatasubramanian, K.K., Banerjee, A., Gupta, S.K.S.: PSKA: usable and secure key agreement scheme for body area networks. IEEE Trans. Inf. Technol. Biomed.: a publication of the IEEE Eng. Med. Biol. Soc. 14, 60–68 (2010)
Israel, S.A., Irvine, J.M., Cheng, A., Wiederhold, M.D., Wiederhold, B.K.: ECG to identify individuals. Pattern Recogn. 38, 133–142 (2005)
Poon, C., Zhang, Y.-T., Bao, S.-D.: A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. IEEE Commun. Mag. 44, 73–81 (2006)
Eastlake, D., Schiller, J., Crocker, S.: Randomness requirements for security (2005)
Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report NIST Special Publication 800–22 Revision 1a. National Institute of Standards and Technology (2010)
Wallace, K., Moran, K., Novak, E., Zhou, G., Sun, K.: Toward sensor-based random number generation for mobile and IoT devices. IEEE Internet Things J. 3, 1189–1201 (2016)
Florencio, D. Herley, C.: A large-scale study of web password habits, pp. 657. ACM Press (2007)
Shen, C., Yu, T., Xu, H., Yang, G., Guan, X.: User practice in password security: an empirical study of real-life passwords in the wild. Comput. Secur. 61, 130–141 (2016)
Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Polk, W.T., Gupta, S., Nabbus, E.A.: Electronic authentication guideline. Technical report NIST SP 800–63-1. National Institute of Standards, Technology, Gaithersburg, MD (2011). 10.6028/NIST.SP.800-63-1
Lopez-Gordo, M.A., Pelayo Valle, F.: Brain-Computer interface as networking entity in body area networks. In: Aguayo-Torres, M.C., Gómez, G., Poncela, J. (eds.) WWIC 2015. LNCS, vol. 9071, pp. 274–285. Springer, Cham (2015). doi:10.1007/978-3-319-22572-2_20
Wu, F.-J., Kao, Y.-F., Tseng, Y.-C.: From wireless sensor networks towards cyber physical systems. Pervasive Mob. Comput. 7, 397–413 (2011)
Zhang, Z., Wang, H., Vasilakos, A.V., Fang, H.: ECG-cryptography and authentication in body area networks. IEEE Trans. Inf. Technol. Biomed. 16, 1070–1078 (2012)
Valenzuela-Valdes, J.F., Lopez, M.A., Padilla, P., Padilla, J.L., Minguillon, J.: Human neuro-activity for securing body area networks: application of brain-computer interfaces to people-centric internet of things. IEEE Commun. Mag. 55, 62–67 (2017)
Jasper, H.: Report of the committee on methods of clinical examination in electroencephalography. Electroencephalogr. Clin. Neurophysiol. 10, 370–375 (1958)
Hong, S.L., Liu, C.: Sensor-based random number generator seeding. IEEE Access 3, 562–568 (2015)
Acknowledgments
This work was supported by Nicolo Association for the R+D in Neurotechnologies for disability, the research project P11-TIC-7983 of Junta of Andalucia (Spain), the Spanish National Grant TIN2015-67020-P, co-financed by the European Regional Development Fund (ERDF) and the Spanish National Grant TIN2016-75097-P (AEI/FEDER, UE).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Lopez-Gordo, M.A., Minguillon, J., Valenzuela-Valdes, J.F., Padilla, P., Padilla, J.L., Pelayo, F. (2017). Securing Passwords Beyond Human Capabilities with a Wearable Neuro-Device. In: Ferrández Vicente, J., Álvarez-Sánchez, J., de la Paz López, F., Toledo Moreo, J., Adeli, H. (eds) Biomedical Applications Based on Natural and Artificial Computing. IWINAC 2017. Lecture Notes in Computer Science(), vol 10338. Springer, Cham. https://doi.org/10.1007/978-3-319-59773-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-59773-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59772-0
Online ISBN: 978-3-319-59773-7
eBook Packages: Computer ScienceComputer Science (R0)