Securing Passwords Beyond Human Capabilities with a Wearable Neuro-Device

  • Miguel Angel Lopez-Gordo
  • Jesus MinguillonEmail author
  • Juan Francisco Valenzuela-Valdes
  • Pablo Padilla
  • Jose Luis Padilla
  • Francisco Pelayo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10338)


The election of strong passwords is a challenging task for humans that could undermine the secure online subscription to services in mobile applications. Composition rules and dictionaries help to choose stronger passwords, although at the cost of the easiness to memorize them. When high-performance computers are not available, such as in mobile scenarios, the problem is even worse because mobile devices typically lack good enough entropy sources. Then, the goal is to obtain strong passwords with the best efficiency in terms of level of entropy per character unit. In this study, we propose the use neuro-activity as source of entropy for the efficient generation of strong passwords. In our experiment we used the NIST test suite to compare binary random sequences extracted from neuro-activity by means of a mobile brain-computer interface with (i) strong passwords manually generated with restrictions based on dictionary and composition rules and (ii) passwords generated automatically by a mathematical software running on a work station. The results showed that random sequences based on neuro-activity were much more suitable for the generation of strong passwords than those generated by humans and were as strong as those generated by a computer. Also, the rate at which random bits were generated by neuro-activity (4 Kbps) was much faster than the passwords manually generated. Thus, just a very small fraction of the time and cognitive workload caused to manually generate a password has enough entropy for the generation of stronger, shorter and easier to remember passwords. We conclude that in either mobile scenarios or when good enough entropy sources are not available the use of neuro-activity is an efficient option for the generation of strong passwords.


Wearable brain-computer interfaces Neuro-activity Secure passwords 



This work was supported by Nicolo Association for the R+D in Neurotechnologies for disability, the research project P11-TIC-7983 of Junta of Andalucia (Spain), the Spanish National Grant TIN2015-67020-P, co-financed by the European Regional Development Fund (ERDF) and the Spanish National Grant TIN2016-75097-P (AEI/FEDER, UE).


  1. 1.
    Chang, C.-C., Wu, H.-L., Sun, C.-Y.: Notes on secure authentication scheme for IoT and cloud servers. Pervasive Mob. Comput. 24, 210–223 (2016)Google Scholar
  2. 2.
    Altop, D.K., Levi, A., Tuzcu, V.: Deriving cryptographic keys from physiological signals. Pervasive and Mobile Computing (2016)Google Scholar
  3. 3.
    Zheng, G., Fang, G., Shankaran, R., Orgun, M., Zhou, J., Qiao, L., Saleem, K.: Multiple ECG fiducial points based random binary sequence generation for securing wireless body area networks. IEEE J. Biomed. Health Inf. 1–9 (2016)Google Scholar
  4. 4.
    Venkatasubramanian, K.K., Banerjee, A., Gupta, S.K.S.: PSKA: usable and secure key agreement scheme for body area networks. IEEE Trans. Inf. Technol. Biomed.: a publication of the IEEE Eng. Med. Biol. Soc. 14, 60–68 (2010)CrossRefGoogle Scholar
  5. 5.
    Israel, S.A., Irvine, J.M., Cheng, A., Wiederhold, M.D., Wiederhold, B.K.: ECG to identify individuals. Pattern Recogn. 38, 133–142 (2005)CrossRefGoogle Scholar
  6. 6.
    Poon, C., Zhang, Y.-T., Bao, S.-D.: A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. IEEE Commun. Mag. 44, 73–81 (2006)CrossRefGoogle Scholar
  7. 7.
    Eastlake, D., Schiller, J., Crocker, S.: Randomness requirements for security (2005)Google Scholar
  8. 8.
    Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report NIST Special Publication 800–22 Revision 1a. National Institute of Standards and Technology (2010)Google Scholar
  9. 9.
    Wallace, K., Moran, K., Novak, E., Zhou, G., Sun, K.: Toward sensor-based random number generation for mobile and IoT devices. IEEE Internet Things J. 3, 1189–1201 (2016)CrossRefGoogle Scholar
  10. 10.
    Florencio, D. Herley, C.: A large-scale study of web password habits, pp. 657. ACM Press (2007)Google Scholar
  11. 11.
    Shen, C., Yu, T., Xu, H., Yang, G., Guan, X.: User practice in password security: an empirical study of real-life passwords in the wild. Comput. Secur. 61, 130–141 (2016)CrossRefGoogle Scholar
  12. 12.
    Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Polk, W.T., Gupta, S., Nabbus, E.A.: Electronic authentication guideline. Technical report NIST SP 800–63-1. National Institute of Standards, Technology, Gaithersburg, MD (2011). 10.6028/NIST.SP.800-63-1
  13. 13.
    Lopez-Gordo, M.A., Pelayo Valle, F.: Brain-Computer interface as networking entity in body area networks. In: Aguayo-Torres, M.C., Gómez, G., Poncela, J. (eds.) WWIC 2015. LNCS, vol. 9071, pp. 274–285. Springer, Cham (2015). doi: 10.1007/978-3-319-22572-2_20 CrossRefGoogle Scholar
  14. 14.
    Wu, F.-J., Kao, Y.-F., Tseng, Y.-C.: From wireless sensor networks towards cyber physical systems. Pervasive Mob. Comput. 7, 397–413 (2011)CrossRefGoogle Scholar
  15. 15.
    Zhang, Z., Wang, H., Vasilakos, A.V., Fang, H.: ECG-cryptography and authentication in body area networks. IEEE Trans. Inf. Technol. Biomed. 16, 1070–1078 (2012)CrossRefGoogle Scholar
  16. 16.
    Valenzuela-Valdes, J.F., Lopez, M.A., Padilla, P., Padilla, J.L., Minguillon, J.: Human neuro-activity for securing body area networks: application of brain-computer interfaces to people-centric internet of things. IEEE Commun. Mag. 55, 62–67 (2017)CrossRefGoogle Scholar
  17. 17.
    Jasper, H.: Report of the committee on methods of clinical examination in electroencephalography. Electroencephalogr. Clin. Neurophysiol. 10, 370–375 (1958)CrossRefGoogle Scholar
  18. 18.
    Hong, S.L., Liu, C.: Sensor-based random number generator seeding. IEEE Access 3, 562–568 (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Miguel Angel Lopez-Gordo
    • 1
  • Jesus Minguillon
    • 2
    Email author
  • Juan Francisco Valenzuela-Valdes
    • 1
  • Pablo Padilla
    • 1
  • Jose Luis Padilla
    • 3
  • Francisco Pelayo
    • 1
  1. 1.Department of Signal Theory, Communications and Networking - CITICUniversity of GranadaGranadaSpain
  2. 2.Department of Computer Architecture and Technology - CITICUniversity of GranadaGranadaSpain
  3. 3.Department of Electronics and Computers TechnologyUniversity of GranadaGranadaSpain

Personalised recommendations