Is biometric bonce authentication really a thing?


Forgotten your password? A new technology is looking into using your skull as a form of biometric authentication.

Here at IT Security Thing we get to read a lot of white papers, research papers and press releases. Few have caught our attention quite as quickly as the snappily titled ‘SkullConduct: Biometric User Identification on Eyewear Computers Using Bone Conduction Through the Skull’

This research paper by Stefan Schneegass from the Human-Computer Interaction Group at the University of Stuttgart, Youssef Oualil of the Spoken Language Systems Group at Saarland University and Andreas Bulling from the Perceptual User Interfaces Group at the Max Planck Institute for Informatics is almost literally mind-boggling in its approach to replacing passwords.

SkullConduct uses the differences that occur to a sound wave after you pass it through an individual’s skull to identify that user

Not since we read about Professor Shigeomi Koshimizu and his authentication chair that uses arse biometrics (yes, really) to identify the person sitting upon it based upon measurement, weight and pressure, has a potential password replacement made us so curious.

So what is SkullConduct exactly? Well, as the name suggests, it’s a method of user authentication that employs the skull of the person as a biometric identifier. Actually, more accurately and according to the researchers it will “analyze the characteristic frequency response created by the user’s skull using a combination of Mel Frequency Cepstral Coefficient (MFCC) features as well as a computationally light-weight 1NN classifier.”

Just in case that hasn’t clarified things enough, what that means is that SkullConduct uses the differences that occur to a sound wave after you pass it through an individual’s skull to identify that user with an in-the-lab test success rate of 97 per cent.

The researchers used a specially rigged-up Google Glass headset (remember that anyone?) to make the head-mounted authentication process hands-free, if not awkwardly embarrassing free of course. That success rate appears pretty good at first glance though, doesn’t it? Even the Google Glass thing doesn’t get in the way of this having potential, after all it’s not a great leap to imagine securely unlocking your smartphone just by holding it up to your ear.

At second glance, and this is new research so still has a long way to go of course, things look less brilliant it has to be said. For a start the researchers admit that the accuracy rate was achieved under lab conditions without any background noise. Factor in the real world and its audio distractions, and that accuracy rate is likely to tumble significantly. Anyway, to paraphrase Shania Twain, 97 per cent don’t impress me much; in secure authentication terms a three per cent error rate is way too big for comfort.

Then there’s the fact that the sound wave being implemented at this stage is actually white noise, a “random signal with a constant power spectral density” according to Wikipedia. This can perhaps most often be ‘heard’ in noise-cancelling headphone applications, and some people really don’t like it at all. It might be possible to replace this with a user-selectable music audio clip according to the researchers.

The researchers will present their findings at the Conference for Human-Computer Interaction in San Jose, but for now you can mark IT Security Thing down as intrigued but as not yet fully convinced this will take off.