Back in the spring of 2014, I met with Dr. Juha Silvanto at the University of Oxford MagStim transcranial magnetic stimulation summer school to discuss a potential project involving cognitive neuroscience and computer security. What became of this initial conversation eventually led to a fully fledged undergrad thesis.
What it does
The system implicitly prompts the user to type on a QWERTY keyboard an underlying sequence (foiled with a distraction sequence in order to confuse the user/ensure explicit rehearsal of the sequence does not take place). After training is complete (determined by a tapering off in RT increase), the user is primed with a knowledge that they cannot explictly express.
We can then use this knowledge as an authentication token, which is so strong that even the user cannot consciously tell you what they learnt. This is effective in situations of military capture, when the user is coerced via torture to reveal sensitive information. If users can no longer consciously express information, the use of torture in this situation is defeated. This ensures the wellbeing of the user as well as protecting the integrity of the information against unintended compremise.
How I built it
Python via Google Colab Notebook.
Challenges I ran into
6 hours to write this thing because I forgot the deadline. Also I am not in San Francisco, so I am technically illegible. But this project is too good to not share.
Accomplishments that I'm proud of
Being mad enough to actually finish this project in 6 hours.
What I learned
Working on a tight deadline
What's next for PsyAuth
- Creating a more polished thresholding system for smarter authentication
- Involve some level of machine learning