Secure authentication is necessary for everyday applications, such as logging in to a personal computer, making a financial transaction or boarding an aircraft. We present a novel approach to user authentication in which biometric data related to human cognitive processes, in particular visual search, working memory and priming effect on automatic processing, are captured and used to identify users. Our proposed system uses a carefully designed Cognitive Task (CT) that is presented to the user as a game, in order to capture a “cognitive signature” of the user. Our empirical results support the hypothesis that the captured cognitive signatures can identify users across different platforms. Our system provides a proof-of-concept for cognitive-based biometric authentication. We validate the robustness of our system against impersonation attack by experienced users, and show that it is hard to reproduce the cognitive signature by mimicking users' gameplay.
Ensuring that the access to a system is performed only by a human rather than a computer program or bot is another important security concern in online services. We propose a new approach to Captcha which estimates human cognitive ability, in particular visual search ability, to differentiate humans from computers. We refer to this Captcha as Movtcha (Matching Objects by Visual Search To Tell Computers and Humans Apart). The design of Movtcha takes into account the analysis of human behavior to minimize noise during cognitive feature estimation. Our empirical results suggest that Movtcha can provide accuracy and usability comparable to other established Captchas. We show that Movtcha is resistant against random, automated, inference and static relay attacks. Our system is suitable for large scale applications since image selection, challenge generation and response evaluation are automated. Movtcha surpasses language and experience barriers by presenting both challenge and response in clear form and therefore can be used by people all across the world.