Advancing Brainwave-Based Biometrics: A Large-Scale, Multi-Session Evaluation

The field of brainwave-based biometrics has gained attention for its potential to revolutionize user authentication through hands-free interaction, resistance to shoulder surfing, continuous authentication, and revocability. However, current research often relies on single-session or limited-session datasets with fewer than 55 subjects, raising concerns about the generalizability of the findings. To address this gap, we conducted a large-scale study using a public brainwave dataset comprising 345 subjects and over 6,007 sessions (an average of 17 per subject) recorded over five years using three headsets. Our results reveal that deep learning approaches significantly outperform hand-crafted feature extraction methods. We also observe Equal Error Rates (EER) increases over time (e.g., from 6.7% after 1 day to 14.3% after a year). Therefore, it is necessary to reinforce the enrollment set after successful login attempts. Moreover, we demonstrate that fewer brainwave measurement sensors can be used, with an acceptable increase in EER, which is necessary for transitioning from medical-grade to affordable consumer-grade devices. Finally, we compared our results to prior work and existing biometric standards. While our performance is on par with or exceeds previous approaches, it still falls short of industrial benchmarks. Based on the results, we hypothesize that further improvements are possible with larger training sets. To support future research, we have open-sourced our analysis code.

💡 Research Summary

This paper presents a comprehensive, large‑scale evaluation of EEG‑based biometric authentication using the publicly available PEERS dataset, which comprises 345 participants and 6,007 recording sessions collected over five years with three different medical‑grade headsets. The authors address two critical gaps in the field: the lack of multi‑session, long‑term studies and the scarcity of cross‑device evaluations. After unifying the channel layouts of the three headsets to a 93‑channel extended 10‑20 system, they apply standard preprocessing steps—common average reference, 1–50 Hz band‑pass filtering, 50 Hz notch filtering, and robust median‑IQR normalization—producing 1‑second non‑overlapping EEG epochs aligned to stimulus markers.

Two families of feature extraction methods are compared. Hand‑crafted features consist of power spectral density (PSD) and autoregressive (AR) model coefficients, both widely used in prior EEG authentication work. For deep learning, the authors adopt metric‑learning encoders trained with a variety of loss functions: soft‑max‑based SoftTripleLoss and ArcFaceLoss, and distance‑based TripletLoss, LiftedStructureLoss, and SupConLoss. The metric‑learning models map each epoch into a compact embedding space where samples from the same subject are close and samples from different subjects are far apart.

Experimental results show that deep‑learning approaches dramatically outperform hand‑crafted features, cutting equal‑error‑rate (EER) by up to 50 % (the best deep model achieves 6.7 % EER after one day). However, authentication performance degrades over time: EER rises to 14.3 % after one year, indicating a substantial drift in EEG signatures due to physiological, psychological, and environmental factors. The authors propose a “dynamic enrollment” strategy—updating the reference template after successful logins—to mitigate this long‑term degradation.

A key practical contribution is the channel‑reduction study. By collapsing the 93‑channel medical‑grade setup to 14, 7, and finally 4 channels—mirroring typical consumer‑grade EEG devices—the authors observe only modest increases in EER (approximately 1–2 % absolute). This demonstrates that affordable, low‑density headsets can still support viable authentication, opening a path toward real‑world deployment.

Cross‑device experiments reveal that when the metric‑learning encoder is trained on data from multiple headsets, authentication across devices remains robust, suggesting that users could authenticate with any of their owned EEG devices without a loss of security.

When benchmarked against international biometric standards (e.g., NIST, ISO/IEC), the current system’s false‑rejection rate exceeds the stringent industrial thresholds (typically ≤1 %). Nevertheless, the authors find a logarithmic relationship between the number of training subjects and error rates, implying that further scaling of the dataset could bring performance within acceptable limits.

The paper’s contributions are summarized as follows: (1) the first large‑scale, multi‑session, multi‑device EEG authentication benchmark; (2) a systematic comparison showing deep metric learning’s superiority over traditional PSD/AR features; (3) quantitative analysis of temporal degradation and a recommendation for template updating; (4) evidence that substantial channel reduction incurs only minor performance penalties; (5) demonstration of feasible cross‑device authentication; (6) comparison with biometric standards highlighting remaining gaps; and (7) release of all analysis code to ensure reproducibility.

In conclusion, this work provides a solid empirical foundation for the viability of EEG‑based biometrics in realistic settings. It highlights both the promise—high accuracy with low‑cost hardware when deep learning is employed—and the challenges—temporal drift and the need to meet industrial error thresholds. Future research directions include expanding the dataset further, implementing real‑time continuous authentication, exploring user‑centric usability studies, and refining model architectures to achieve the stringent false‑acceptance and false‑rejection rates required for commercial deployment.