Passwords kind of suck. Or, rather, people kind of suck at passwords. Even after the plethora of cyber-attacks people have witnessed in recent years, the most commonly used password in 2019 is “123456.” “Qwerty” and “password” follow in quick succession. In a time when our lives are more digitized than ever, when an account being breached risks exposing everything from our banking information to our health records, that’s a problem. And it’s one that researchers have been trying to solve for years.
This is where biometric security systems come into play. Biometrics’ big promise is to replace the typed security systems of yesteryear with new types of body-based identification that require the user to… well, just be who they say they are. Instead of requiring extrinsic tokens, such as a memorized password or a physical keycard, a biometrics system identifies people the way that people identify one another: through intrinsic qualities like appearance, voice, or even the way a person walks.
NuraBut biometric technology can go far beyond this. In the same way that each persons’ fingerprints have been recognized as unique for almost 150 years, so too biometrics researchers have demonstrated plenty of innovative ways to positively ID users. In addition to things like facial recognition and fingerprint scanning, there’s also a person’s unique “heartprint,” their smell, the subtle skin vibrations in a person’s face, throat, or chest when they speak, and even the shape of their butt. All of these have been turned into proof-of-concept biometric security systems that could confirm a users’ identity.
Identifying users… via their ears?
Now researchers at the State University of New York at Buffalo, have come up with a new approach — and, despite how wacky it sounds on the surface, it could actually turn out to be surprisingly practical. Called EarEcho, their novel biometric tool uses sound waves to identify users based on the unique geometry of their ear canal. That’s information that’s going to be pretty difficult for a would-be spoofer to uncover.
“Mobile biometrics are growing rapidly,” Yang Gao, a graduate student who worked on the project, told Digital Trends. “However, with many existing mobile biometric solutions such as face recognition, fingerprints or voice recognition, their templates can be stolen or duplicated. Meanwhile, we noticed that there are more and more people wearing wireless earphones in the street. People are accepting these wireless earphones as a new popular wearable modality. We thought that what we could do is to use earphones to provide a more secure and hidden authentication solution.”
BSIP / GettyThe team took a pair of off-the-shelf earbuds and then modified them slightly; adding a microphone in the earbud which faces the wearer’s ear canal.
“When a sound is played by the earphone’s speaker into the user’s ear, the sound propagates through the ear canal and is reflected back to the built-in microphone in the earbud,” Gao explained. “By analyzing the acoustic information of played sound and captured echo, which is highly related to the ear canal geometry, we extract the unique features from the user and then verify the user’s identity.”
It turns out to be impressively sensitive, too — with a prototype of the EarEcho device capable of identifying users with upwards of 95% accuracy. This was shown in tests in which 20 subjects listened to audio samples ranging from spoken words to music. It was tested in a variety of different locations, such as in a shopping mall or on the street, and with subjects standing or sitting in assorted different positions. The demo device was able to identify users with 95% accuracy within a single second, while the score rose to 97.5% if it was able to keep monitoring them for three seconds.
The usefulness of EarEcho
Gao suggested that there are a couple of scenarios in which such a solution might be useful. The most obvious is for seamless smartphone unlocking. While a system such as Apple’s Face ID works very well, imagine if all it took for your smartphone to know who you are was for you to put on your earbuds. That would work perfectly for anyone taking a morning jog (or, let’s be honest, just slouching to the subway station to commute into work.) Furthermore, it would allow for constant re-verification. That means no need to keep unlocking the phone each time you take it out of your pocket.
Another scenario might be for remote phone call-based authentication. If you’re making a confidential call to someone, you want to be absolutely sure that you are speaking to the right person. That might come to be even more important in a world of deepfake audio, where simulating a person’s voice in real-time isn’t out of the question. Using technology like EarEcho, you could easily verify the identity of the person you’re speaking to. Heck, by handing over your in-ear information to a bank it could serve to prevent fraud or stop the time-consuming need to have to answer private questions to prove who you are.
“We are currently still working on improving the current EarEcho system, including increasing the accuracy, involving more subjects, and testing on different types of earbuds on the market,” Gao said.
There’s no guarantee, of course, that this product will be commercialized and make it to market. But much the same could have been said a few years back about fingerprint scanners, facial recognition or voice identification. All of these once appeared only in science fiction and, presumably, top-secret research labs. Today, not only are they part of our lives but such a seamless part that we don’t even need to think about them.
The right biometric for the right situation
As Mark Waiser, the late chief technologist at legendary Silicon Valley research lab Xerox PARC, once said: “The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.”
This is the story of biometrics so far. To be clear, I don’t think that we will ditch Face ID for ear canal-reading technology any time soon. Just like I don’t think it will ever make sense for a Google Home to stop recognizing users by their voice and to instead listen for their heartbeat. But in a world in which our devices are capable of capturing all kinds of biometric information, devices will be able to choose the most optimal way to identify users at any given moment.
If you’re wearing a smartwatch that tracks your heart rate, this information could be gathered and transmitted to the other devices on your person. If you’re sitting in your car, sensors that can ascertain the unique qualities of your butt could turn out to be pretty useful. This could be used to cover all your biometric information while you’re commuting. And if you’re wearing earbuds, why not take advantage of that by using it to make access to other parts of your life simpler?
There are very few scenarios we’re in on a daily basis where one or more of our biometrics isn’t being measured and assessed in some way. Figuring out when to use these, and doubling or even tripling security by using several, will make our future interactions with machines simpler and safer.
Even if it does potentially mean your bank one day asking if you want to submit information about the shape of your inner ear.