Eyeball reflexes to improve biometric authentication
By
Liz Tay
9 September 2008 05:09PM
Tags:
security | eyeball | biometric | saccades | researchers
Researchers are developing a new approach to user authentication that cannot be spoofed, even with the most sophisticated contact lenses or surgery.
The method is based on eye saccades, which are the rapid, tiny, reflex movements of a user’s eyeball.
Since reflexes are said to be beyond conscious control, the researchers expect it to be impossible for attackers to adequately replicate an authorised individual’s saccades.
“Biometric information can easily be leaked or copied,” said Masakatsu Nishigaki, who is a researcher at the Shizuoka University in Japan.
“It is therefore desirable to devise biometric authentication that does not require biometric information to be kept secret,” he said.
Nishigaki and his research partner Daisuke Arai are working towards the long-term aim of creating an authentication system which is directly based on differences in human reflexes.
However, the researchers so far have been unable to identify any human reflexes that exhibit sufficient differences between individual people to enable their use in user authentication.
Currently, the researchers are investigating what Nishigaki describes as an ‘indirect’ method of extracting differences in human reflexes.
The method examines the blind spot, which is a fixed region on the retina of the eye, and determines its position relative to the direction of the gaze.
User authentication is carried out by displaying a target within and outside a person’s blind spot, and using eye tracking technology to measure the reflex time taken until the eye movements occur.
As the method still relies on the shape of the user’s eye, an impostor may be successful with the use of surgery or sophisticated contact lenses, the researchers say.
However, the researchers expect each pattern of responses to be unique to the individual and the method to reduce greatly the likelihood of spoofing.
In a preliminary experiment with ten test subjects, the researchers achieved zero spoofing success rate with their method.
As the authentication system requires a costly point-of-gaze detection device, Nishigaki expects the system to be used only for situations that require highly sensitive, important information to be secured.
Further research is required to investigate the consistency of saccade response times, position and size of the blind spot, and conduct trials involving larger groups of people, Nishigaki said.