Skip to main content
SpringerLink
Log in
Book cover

International Work-Conference on the Interplay Between Natural and Artificial Computation

IWINAC 2017: Biomedical Applications Based on Natural and Artificial Computing pp 87–95Cite as

Securing Passwords Beyond Human Capabilities with a Wearable Neuro-Device

  • Conference paper
  • First Online:

  • 1957 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10338))

Abstract

The election of strong passwords is a challenging task for humans that could undermine the secure online subscription to services in mobile applications. Composition rules and dictionaries help to choose stronger passwords, although at the cost of the easiness to memorize them. When high-performance computers are not available, such as in mobile scenarios, the problem is even worse because mobile devices typically lack good enough entropy sources. Then, the goal is to obtain strong passwords with the best efficiency in terms of level of entropy per character unit. In this study, we propose the use neuro-activity as source of entropy for the efficient generation of strong passwords. In our experiment we used the NIST test suite to compare binary random sequences extracted from neuro-activity by means of a mobile brain-computer interface with (i) strong passwords manually generated with restrictions based on dictionary and composition rules and (ii) passwords generated automatically by a mathematical software running on a work station. The results showed that random sequences based on neuro-activity were much more suitable for the generation of strong passwords than those generated by humans and were as strong as those generated by a computer. Also, the rate at which random bits were generated by neuro-activity (4 Kbps) was much faster than the passwords manually generated. Thus, just a very small fraction of the time and cognitive workload caused to manually generate a password has enough entropy for the generation of stronger, shorter and easier to remember passwords. We conclude that in either mobile scenarios or when good enough entropy sources are not available the use of neuro-activity is an efficient option for the generation of strong passwords.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Chang, C.-C., Wu, H.-L., Sun, C.-Y.: Notes on secure authentication scheme for IoT and cloud servers. Pervasive Mob. Comput. 24, 210–223 (2016)

    Google Scholar 

  2. Altop, D.K., Levi, A., Tuzcu, V.: Deriving cryptographic keys from physiological signals. Pervasive and Mobile Computing (2016)

    Google Scholar 

  3. Zheng, G., Fang, G., Shankaran, R., Orgun, M., Zhou, J., Qiao, L., Saleem, K.: Multiple ECG fiducial points based random binary sequence generation for securing wireless body area networks. IEEE J. Biomed. Health Inf. 1–9 (2016)

    Google Scholar 

  4. Venkatasubramanian, K.K., Banerjee, A., Gupta, S.K.S.: PSKA: usable and secure key agreement scheme for body area networks. IEEE Trans. Inf. Technol. Biomed.: a publication of the IEEE Eng. Med. Biol. Soc. 14, 60–68 (2010)

    Article  Google Scholar 

  5. Israel, S.A., Irvine, J.M., Cheng, A., Wiederhold, M.D., Wiederhold, B.K.: ECG to identify individuals. Pattern Recogn. 38, 133–142 (2005)

    Article  Google Scholar 

  6. Poon, C., Zhang, Y.-T., Bao, S.-D.: A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. IEEE Commun. Mag. 44, 73–81 (2006)

    Article  Google Scholar 

  7. Eastlake, D., Schiller, J., Crocker, S.: Randomness requirements for security (2005)

    Google Scholar 

  8. Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report NIST Special Publication 800–22 Revision 1a. National Institute of Standards and Technology (2010)

    Google Scholar 

  9. Wallace, K., Moran, K., Novak, E., Zhou, G., Sun, K.: Toward sensor-based random number generation for mobile and IoT devices. IEEE Internet Things J. 3, 1189–1201 (2016)

    Article  Google Scholar 

  10. Florencio, D. Herley, C.: A large-scale study of web password habits, pp. 657. ACM Press (2007)

    Google Scholar 

  11. Shen, C., Yu, T., Xu, H., Yang, G., Guan, X.: User practice in password security: an empirical study of real-life passwords in the wild. Comput. Secur. 61, 130–141 (2016)

    Article  Google Scholar 

  12. Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Polk, W.T., Gupta, S., Nabbus, E.A.: Electronic authentication guideline. Technical report NIST SP 800–63-1. National Institute of Standards, Technology, Gaithersburg, MD (2011). 10.6028/NIST.SP.800-63-1

  13. Lopez-Gordo, M.A., Pelayo Valle, F.: Brain-Computer interface as networking entity in body area networks. In: Aguayo-Torres, M.C., Gómez, G., Poncela, J. (eds.) WWIC 2015. LNCS, vol. 9071, pp. 274–285. Springer, Cham (2015). doi:10.1007/978-3-319-22572-2_20

    Chapter  Google Scholar 

  14. Wu, F.-J., Kao, Y.-F., Tseng, Y.-C.: From wireless sensor networks towards cyber physical systems. Pervasive Mob. Comput. 7, 397–413 (2011)

    Article  Google Scholar 

  15. Zhang, Z., Wang, H., Vasilakos, A.V., Fang, H.: ECG-cryptography and authentication in body area networks. IEEE Trans. Inf. Technol. Biomed. 16, 1070–1078 (2012)

    Article  Google Scholar 

  16. Valenzuela-Valdes, J.F., Lopez, M.A., Padilla, P., Padilla, J.L., Minguillon, J.: Human neuro-activity for securing body area networks: application of brain-computer interfaces to people-centric internet of things. IEEE Commun. Mag. 55, 62–67 (2017)

    Article  Google Scholar 

  17. Jasper, H.: Report of the committee on methods of clinical examination in electroencephalography. Electroencephalogr. Clin. Neurophysiol. 10, 370–375 (1958)

    Article  Google Scholar 

  18. Hong, S.L., Liu, C.: Sensor-based random number generator seeding. IEEE Access 3, 562–568 (2015)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by Nicolo Association for the R+D in Neurotechnologies for disability, the research project P11-TIC-7983 of Junta of Andalucia (Spain), the Spanish National Grant TIN2015-67020-P, co-financed by the European Regional Development Fund (ERDF) and the Spanish National Grant TIN2016-75097-P (AEI/FEDER, UE).

Author information

Authors and Affiliations

  1. Department of Signal Theory, Communications and Networking - CITIC, University of Granada, Granada, Spain

    Miguel Angel Lopez-Gordo, Juan Francisco Valenzuela-Valdes, Pablo Padilla & Francisco Pelayo

  2. Department of Computer Architecture and Technology - CITIC, University of Granada, Granada, Spain

    Jesus Minguillon

  3. Department of Electronics and Computers Technology, University of Granada, Granada, Spain

    Jose Luis Padilla

Authors
  1. Miguel Angel Lopez-Gordo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jesus Minguillon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Juan Francisco Valenzuela-Valdes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pablo Padilla
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jose Luis Padilla
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Francisco Pelayo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jesus Minguillon .

Editor information

Editors and Affiliations

  1. Departamento de Electrónica, Tecnología de Computadoras y Proyectos, Universidad Politécnica de Cartagena, Cartagena, Spain

    José Manuel Ferrández Vicente

  2. Departamento de Inteligencia Articial, Universidad Nacional de Educación a Distancia, Madrid, Spain

    José Ramón Álvarez-Sánchez

  3. Departamento de Inteligencia Articial, Universidad Nacional de Educación a Distancia, Madrid, Spain

    Félix de la Paz López

  4. Departamento de Electrónica, Tecnología de Computadoras y Proyectos, Universidad Politécnica de Cartagena, Cartagena, Spain

    Javier Toledo Moreo

  5. The Ohio State University, Columbus, Ohio, USA

    Hojjat Adeli

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Lopez-Gordo, M.A., Minguillon, J., Valenzuela-Valdes, J.F., Padilla, P., Padilla, J.L., Pelayo, F. (2017). Securing Passwords Beyond Human Capabilities with a Wearable Neuro-Device. In: Ferrández Vicente, J., Álvarez-Sánchez, J., de la Paz López, F., Toledo Moreo, J., Adeli, H. (eds) Biomedical Applications Based on Natural and Artificial Computing. IWINAC 2017. Lecture Notes in Computer Science(), vol 10338. Springer, Cham. https://doi.org/10.1007/978-3-319-59773-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59773-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59772-0

  • Online ISBN: 978-3-319-59773-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation