Alphanumeric and biometric (e.g., fingerprints) authentications are common and popular. While it is possible to copy alphanumeric and biometric information, it is not always trivia to do so. It is often easier to simply force a user into authenticating a system. Current alphanumeric and biometric authentication systems cannot withstand situations where a user is forced to release their passwords under hostile circumstances. Coercion attacks are considered dangerous because most authentication systems cannot protect against users who attempt to authenticate themselves after being put under significant stress, such as under physical threat. Coercion attacks can undermine cryptography and prove even the most secure alphanumeric or biometric authentication systems worthless.
Coercion attacks are effective because they allow an attacker to acquire authentication materials from a victim, regardless of if those materials are something they know, something they have, or something they are. The reason being that something you know can be told to another, something you have can be given to another, and something you are can be seen by another. Because these extra factors can be transferred to an attacker, or in the case of biometrics copied by an attacker, they are not effective in the scenario where a victim is coerced into giving up their authentication materials to the attacker. To combat this issue, we propose a coercion resistant authentication system (“CRAS”) that could prevent authentication under significant stress and offer at least the same protections as biometric and alphanumeric passwords.
Music may result in a release of neurochemical, such as dopamine, inside the brain of a user who listens to the music. The dopamine release results in one or more neurophysiological responses from the user, such as change of heart rate, skin conductance, skin temperature, blood pressure, respiration rate, and Alpha/Beta/Gamma/Delta/Theta brave waves. Not all music, however, would stimulate a dopamine release in a user; and a piece of music does not necessarily stimulate the same dopamine release in every user. The degree of neurophysiological responses caused by a dopamine release varies from user to user as well as the music being listened to. Because of the uniqueness of the neurophysiological response of a user to a particular piece of music, such unique neurophysiological response may be use as a key for authentication.
The dopamine release stimulated by listening to highly pleasurable music is often. referred to as the “chill effect.” This is because the most common description of such a reaction is feeling a “chill” or “shivers down the spine.” The chill effect may be mathematically defined based on a pre-defined magnitude and/or occurrence of neurophysiological responses. A music piece is considered a “chill” music if a chill effect is found in multiple occurrences during listening to that piece of music. As previously discussed, not all music would stimulate a dopamine release in a user; similarly, not all music would stimulate a chill effect in a user, Moreover, not all segments of a music piece that could stimulate a chill effect would result in sufficient magnitude of neurophysiological responses suitable for use in a CRAS. Therefore, a screening process is necessary to determine specific segment(s) of a music piece that would he suitable for use in a CRAS.