Running head: BIOMETRICS IN CYBER SECURITY 1

Biometrics in Cyber security

Name

Institution

Date
 BIOMETRICS IN CYBER SECURITY 2

Biometric's in cyber security (Biometric's Type: Brain waves)

Abstract

For the last three decades, cyber-security has been a race to protect the privacy of internet

users while keeping cyber criminals at bay. The development of biometrics was an instrumental

step in safeguarding electronic commerce. Nevertheless, hackers can still access confidential

information and gain an authorized access. Despite these improvements, fraud in the cyber space

has been on an upward trajectory. Cyber- security experts argue that the use of brainwave

signatures for authentication will ensure security for online users. Brainwave authentication will

overcome the challenges faced by biometric authentication and give systems an opportunity to

revoke access when the psychological profile of the user does not match the records stored in the

system.
 BIOMETRICS IN CYBER SECURITY 3

Introduction

Cyber-security is an arms race between cyber-security experts and cyber criminals.

Cyber-security experts in governments and private corporations are in a race to develop new

technologies that keep cybercriminals away from private data of users. Cyber-criminals on the

other hand are in a race to develop ways of by-passing passwords and security measures. The

architecture of the internet in the early 1990s only required a password for a user to access the

system. Password crackers were soon developed and hackers could easily crack the

password[ CITATION Dso19 \l 1033 ] . The next move in the cyber-security domain was secondary

authentication where the user will be provided with a code to a mobile phone number to access

the user interface. The secondary authentication introduced in addition to successful login. Soon

thereafter, hackers developed mechanisms of hijacking secondary authentication.

The next phase in cyber-security was the use of biometrics in authentication. This has

proved to be very effective in securing access to devices and secured locations [ CITATION Gup18 \l

1033 ]. However, just like the two previous attempts biometric authentication, creates loopholes

that can easily be exploited by hackers. Hackers can easily access the bio-data and get

unauthorized access. There is a need for cyber-security officials to end the arms race and offer

security to corporations and their customers. The introduction of brainwave technology in the

brainwave authentication provides a unique electroencephalogram signature that is unique to the

user[ CITATION Yan18 \l 1033 ] . Although the technology is years from full scale commercial

application, it provides a chance to end the arms race in the cyber-security and provide security

in the cyber space.

Over view of different Biometrics in cyber security

The internet has paved way for people in different regions of the world to interact

without meeting face to face. It has also paved way for businesses to serve customers over the

internet without a physical presence. The ease in interactions between business and customers

had led to the growth of electronic commerce. It has also led to the rise of cybercrimes which are

difficult to prosecute because they are cross-jurisdictional in nature [ CITATION Gen17 \l 1033 ] . In

an attempt to combat cybercrime, businesses have invested heavily in biometrics technology to

prevent hackers from accessing the personal information of customers. Apple has made advances

in this sector to ensure that customers can access their devices through fingerprint authentication

or facial recognition. The financial services sector in the United States and around the globe has

spent billions of dollars to develop biometric technologies and as such prevent the monumental

losses occasioned by cybercrimes[ CITATION Dso19 \l 1033 ].

The leading technologies in this sector are facial recognition, finger print identification,

iris identification, retina identification, and voice recognition and hand geometry. Retina

identification involves the analysis of the capillary vessels located in the human eye. It controls

secure access to sensitive locations such as bank vaults, military bases and other installations.

Voice recognition involves the analysis of the tone, the depth the cadence and the frequency of a

person’s voice[ CITATION Gup18 \l 1033 ] . Voice recognition has been employed in mobile phones,

personal computers and personal vehicles. These characteristics are unique to every person and

they are instrumental in deterring an unauthorized access. Finger print identification is the most

commonly used biometric information in cyber security. It is commonly used in accessing

mobile phones and allowing access to buildings. The rise of biometric in cyber security can be

attributed to defects in standard authentication methods.

The recent Yahoo hack where passwords and personal information of over a billion

people were exposed has led for a push for biometric authentication methods in cyber security.

Following the Yahoo hack, email service providers are arguing their users to employ a variety of

different methods in accessing their personal information [ CITATION Gen17 \l 1033 ] . Zoho email

now requires customers to use finger print identification to enable access. Finger print

technology requires both hardware and software components which are not present in the

majority of the computers that are in use. Companies are exploring other modes of biometric

authentication such as brain wave which is in early stages of development and has not been

rolled out to the public in massive scale such as voice recognition or finger print verification.

Elaborate on use of brain wave in cyber security

The human brain is an electro-chemical organ that produces electrical pattern during its

neurological functions. The human brain consists of billions of neural networks that produce

electric voltage when in operation. The electrical activity of the brain is displayed as a brain

waves. When the human brain is engaged in brain activity, it displays beta waves, beta waves are

of low amplitude and are the fastest. These signs are produced when the brain is actively

engaged. The brain produces alpha waves when it is not aroused [ CITATION Gup18 \l 1033 ] . Alpha

waves are produced when the mind is resting. When a person is day dreaming, the brain

produces theta waves. The brain produces delta waves when it is undisturbed and the person is

going through deep sleep without dreaming[ CITATION Dso19 \l 1033 ]. An analysis of the beta,

theta and alpha waves produced by a person creates an emotional profile which is unique to a

person.

The unique neural framework of a person can be detected through wearing an

electroencephalogram to measure the brain activity of the user. Instead of requesting for a
 BIOMETRICS IN CYBER SECURITY 6

password, the system displays a series of questions on the screen to determine the psychological

profile of the user. The questions will be different from time to time. Each question will

generate a very unique electroencephalogram signature for the user [ CITATION Dso19 \l 1033 ]. The

brain wave activity will also determine whether the person is too drunk to function and as such

lock out the user. The system will also determine how the user responds to external stimuli. This

data will be collected as the user is introduced into the system. The unique electroencephalogram

signature created by the stimuli can easily be for authentication across multiple devices [ CITATION

Dso19 \l 1033 ].

The use of brainwave as a password on a commercial scale is a decade or two away. This

is because the unique technology will change the architecture of the internet. Changes in cyber-

security are preceded by innovations in areas such as voice recognition and finger-print

identification[ CITATION Yan18 \l 1033 ] . These new technologies are then built into devices before

it is rolled out into the public. This novel technology will have to be built into computer devices

before they can be used. For a user to use brainwave as a method of identification, he or she will

require a computer fitted with sensory identification equipment [ CITATION Dso19 \l 1033 ]. When

the user goes online, the software will compare the brainwave signature from the last point of

action and the one registering when one logs in. The information will be compared to the one

stored in the system.

If a user wants to change the password, he or she will only need to change the questions

that are to be asked for authentication. Changing the password will be easy because the brain

signature will remain the same despite the change [ CITATION Gen17 \l 1033 ]. The system will be

able to verify that the person who caused the change in verification is the same one who is using

the device. In addition to the technological changes required to support using brainwave as a
 BIOMETRICS IN CYBER SECURITY 7

password, the user will also be fitted with a small sensory device that will identify the unique

brainwave. The technology at the moment requires a user to wear a helmet fitted with close to

32 sensors to capture the brainwave. However, some companies are making monumental

progress in reducing the size of the sensor so that it can easily fit inside a hat. Using brainwave

for personal authentication will be a departure from the standard authentication methods because

it will establish an emotional blueprint [ CITATION Gen17 \l 1033 ] . The emotional blue print

generated by an electroencephalogram scan will then be used to access bank accounts, credit

cards and other financial data.

Why is brain wave better than other biometrics? How to overcome the issue discussed?

Standard modes of identification only enable to user to access the system. But recent

hacks have demonstrated that someone can easily access the system through impersonation.

Once access has been granted, there is no way for the cyber security software to determine

whether the person who is accessing the device is really the one. The greatest weakness of cyber-

security is that once access has been granted it cannot be revoked unless the user logs

out[ CITATION Gen17 \l 1033 ]. Based on the activity of the user in the system, there is a need for

the system to continue with the verification procedures to ensure that the activity that is carried

out by the user is unique to the user. Brainwave authentication allows the system to identify the

unique neural patterns and ensure that the person who has been granted access is the person who

is supposed to access the system. Authentication systems are blind to the activity of the user and

with behavioral mapping of users it will be easy for companies to keep track of the user activity

and request for re-authentication[ CITATION Mog20 \l 1033 ]. This can be done through keeping a
 BIOMETRICS IN CYBER SECURITY 8

confidence matrix based on the neural activity of the user. When the confidence score falls below

a particular level, access will be revoked.

Brainwave activity has been described as the most accurate in identifying a user in the

cyber-security sector. Brainwaves are not vulnerable similar levels of manipulation such as

password authentication and finger print authentication [ CITATION Mog20 \l 1033 ]. Since

brainwaves from an individual cannot be copied or replicated, you need the registered user to

operate the system. The current research into brainwave authentication will focus on moving

cyber-security from personal data such as birthday, names or place of residence. The change will

focus on behavioral traits such as alcoholism, mental health and other behavioral

patterns[ CITATION Yan18 \l 1033 ]. In addition, the brain produces unique electrical pattern which

will be used to supplement the behavioral traits of the user.

The principal aim of the use of brainwaves in cyber technology is to ensure that if a

cybercriminal is unable to by-pass access by simply acquiring the personal information of the

user. This objective can only be achieved through reducing the personal access error

rates[ CITATION Gup18 \l 1033 ] . While traditional biometric authentication systems have the

highest authentication error rates, biometric identification has the lowest and in some companies,

the error rate is at 10%. Traditional biometric authentication methods have an error rate of 80%.

The traditional biometric technologies come with potential data and privacy breaches.

This is because sensitive information, even though it’s encrypted, it is stored as data sets. Once

the criminal gains access to the confidential information, they use it to gain access to the system

and in some instances, lock out the victim. The use of brainwave in authentication and cyber-

security does away with the leakage of private information. It makes massive hacks such as the

Yahoo hack or Sony hack of 2014 unappealing because it is extremely difficult to replicate a
 BIOMETRICS IN CYBER SECURITY 9

person’s brainwave activity. In addition, the technology for replacing the brainwave of a

particular person will be very expensive for lone wolf operators [ CITATION Mog20 \l 1033 ] .

Hacking is illegal in almost all the jurisdictions and the people engaged in hacking aim to incur

the least expense, hacking would be an expense running into billions of dollars and as such

unappealing to both state and non-state actors. Using brainwave activity as a method of

authentication limits the personal information that can be exposed in the case of a hack, the

technology aims at establishing psychological profiles and behavioral patterns [ CITATION Gup18 \l

1033 ]. For a hack to happen, the hacker has to determine the psychological profile of the user

and then go look for an individual with a similar psychological profile and convince this person

to participate in the hack.

Consequences of biometric information theft

Although the brain wave and other biometric technologies are still in their formative

years, the risk of information theft possess a great risk to the financial systems and personal

identification systems. Airports, banks, secure government facilities use bio data to identify and

eliminate security threats. Some airports in Dubai, Europe and United States use bio-data to

identify who is coming into and out of these regions. The use of bio-data has prevented terrorists

from travelling using airlines. The theft of bio-data could mean that terrorists could use this

information and then impersonate someone who is not in the terrorist watch list [ CITATION

Yan18 \l 1033 ]. Theft of bio data could lead to identity fraud. The fraudsters would them assume

the identity of the victim and take unsurmountable loans and incur liabilities. Credit card fraud

and identify theft are already an insurmountable challenge to credit card companies. With the
BIOMETRICS IN CYBER SECURITY 10

theft of bio-data, the victims will face difficulties in explaining that they were not involved in the

fraud[ CITATION Yan18 \l 1033 ].

While safety systems are advanced to ensure that hackers and fraudsters do not bypass

the security checks online and offline, the bad actors are developing malicious software to catch

up with the emerging cyber security technologies. The theft of bio-data could have enormous

implications to national security. Terrorists could easily steal the bio- information of the people

who are in charge of the weapons systems and launch a missile towards a hostile

nation[ CITATION Gup18 \l 1033 ] . If the loss of life caused by this attack is massive, this might

trigger an international conflict. Theft of bio-data could be detrimental to energy and

infrastrastructure projects. Hackers have attempted in the past, to shut down energy projects, or

traffic mayhem using passwords. With the bio data of the key personnel it would be impossible

to get administrative control of various infrastructure projects.

The theft of bio-data could have a detrimental impact on the criminal justice system

around the world. Conviction of offenders in the criminal justice system is based on the

identification of the offender either through eye witnesses or forensic investigations [ CITATION

Gup18 \l 1033 ]. Forensic examination requires the collection of the bio-data of the offender from

the crime scene. If hackers were able to access a directory that contains the bio-data of all the

United States citizens, this data could be planted in crime scenes causing innocent people to

serve jail terms. If these incidences happen in a massive scale, it can cause the citizens to lose

faith in the criminal justice system.

Conclusion

In conclusion, cyber criminals and hackers are usually in an arms race to by-pass the

verification systems employed in the cyber space. The goal is to access personal information and
BIOMETRICS IN CYBER SECURITY 11

deploy the same for financial gain. The private information collected by hackers is either used

for identity fraud or sold in the black market for financial gain. Initially passwords were stored as

data that could be easily accessed. These measures proved deficient and there was need to

develop other biometric- identification mechanisms to safeguard information. While biometric

verification in cyber-security is widely used, there are gaps that still allow for unauthorized

access. A hacker can easily access the bio- information of a user and impersonate him or her with

devastating consequences. The deficiencies in biometric verification in cyber-security has led to

research into the use of brain waves for authentication. Brainwaves are unique to an individual

and they develop a unique emotional profile that cannot easily be replicated. Systems using

brainwaves for user authentication will compare the user’s electroencephalogram signature with

the signature generated during the last log. Using brainwave as a means of authentication in

cyber security will be hacker-proof because the system can easily revoke access when the

brainwave does not match during the user’s activity.

References

Dsouza, J. (2019). Security in Cyber-Physical Systems. Amity International Conference on

Artificial Intelligence , 840-844.

Genovese, A., & Enreque, M. (2017). Advanced Biometric Technologies: Emerging Scenarios

and Research Trends. From Database to Cyber Security, 324-352.

Gupta, H. (2018). Role of Multiple Encryptions in Biometric Devices. Cyber Security, 291-300.

Mogos, G. (2020). Biometrics in Cyber Defense. MATEC Web of Conferences , 2003.

Yang , W. (2018). A fingerprint and finger-vein based cancelable multi-biometric system.

Pattern Recognition, 242-252.