2023-05-01: Summary of "User Authentication via Electrical Muscle Stimulation"

ElectricAuth is a completely unique technique for user authentication that takes advantage of one's specific response to stimuli. Users may be uniquely identified by using a number of mild electric stimuli to the muscle mass of the forearm and measuring the resulting finger movements. In "User Authentication via Electrical Muscle Stimulation" (CHI, 2021), Chen et al. explored and developed an ElectricAuth system, which can identify users based on their muscle response to electric stimuli. To identify users, the authors developed a model by training it on muscle responses from many users.

A new authentication method based on electrical muscle stimulation could provide the highest level of security without the need to remember passwords or PINs. 

The University of Chicago's SAND Lab (Security, Algorithms, Networking and Data) has developed a new method for user authentication that makes use of a person's particular response to stimuli. It is recognized individually by applying various gentle electrical stimuli to the muscles of the forearm and observing the resulting finger movements.

Traditional biometric authentication techniques, such as fingerprint identification, offer security using everyone's unique features and do not require memory. However, we can't use this biometric technique if they are compromised in a security attack. 

However, by using interactive systems we can have enhanced biometric security, and they are adaptable. The system contains a sleeve with electrodes that are attached to the user's skin. The device can be used to evaluate involuntary movements of the fingers and hand as a result of these electrodes sending electrical impulses to four muscles in the user's forearm which don't hurt.

A user is given a personalized sleeve once after registering with ElectricAuth. The electrodes can be placed correctly on the target muscle and can be adjusted for comfort which is one of the advantages of the sleeve. The sleeve is then used to quickly and accurately place electrodes during subsequent sessions. The impersonator must wear a user-specific sleeve in order to do an impersonation, so this adds an extra layer of security which is another advantage.

Figure 2 in Chen et al. ElectricAuth system

In Figure 2, we can see the whole system, the user registers their response to the signals during registration. Small nodes attached to the fingers in this example are used to capture the unique user reactions, but other devices, like cameras with visual input, can also be used.

The fundamental assumption is that every person would react uniquely to a specific pattern of electrical stimulation applied to their forearm, which can be used to verify user identity.
Figure 3 in Chen et al. System Flow

ElectricAuth is made up of three main parts: electrical muscle stimulation (EMS) technology, an inertial measurement unit (IMU), and a trained machine learning model. In Figure 3, we can see the entire system flow, the forearm is first fitted with an EMS device, which has eight independently controllable channels. The wearer's arm is then given a series of brief electrical pulses. A group of five 9-DOF IMUs is mounted on the tips of each user's fingers with the aid of a 3D-printed ring, and they each record the user's response to the electrical stimulation challenge. In order to authenticate a previously registered user, two deep neural networks come together in the end.

Each user must register their identification before using the device for the first time. This is done by having the user complete a series of electrical stimulation challenges, then recording their unique reactions. In order to train the neural networks, this data is used.

Figure 6 in Chen et al. User responses

The networks are prepared for authentication after being trained. Initially, an unsupervised anomaly detector is used to determine whether a response appears to have been produced by the person to whom the model belongs. By doing this, the risk of impersonation attacks is removed. If no abnormalities are found, then a challenge classifier is used. By doing this we are confirming that the observed response is a response to the challenge presented in the current authentication session and this classifier is used to deny replay attacks. We can see sample responses of different users in Figure 6.
The demo video of this work is available:


The effectiveness of the method was evaluated by doing a study of thirteen participants. It revealed that ElectricAuth had a 99.78% total authentication accuracy rate. The results also demonstrated that the system is resistant to most severe replay and synthesis attacks and the system can distinguish between a genuine user and an impostor.
Figure 7 in Chen et al. Evaluation results

In Figure 7, we can see that for length-2 challenges, accuracy results show that the average accuracy is 99.89% (SD=0.19% among users), and for length-6 challenges accuracy is 99.78% (SD=0.50%). The challenges (whole set of length-2, subset of length-6), as used for this study, are different from one another.

This ElectricAuth has the advantage of being more difficult for an attacker to fake when compared with other biometric authentication methods which are in use right now such as fingerprint, face, or iris imaging.

However, it is not practical to use it daily by wearing a large EMS device on the forearm, rings on each fingertip, and the wires related to that system. It is also given that to reduce weight cameras can be replaced with the IMUs (Inertial measurement units) but by doing this also it is not practical to use daily.

The authors highlighted the fact that this ElectricAuth system performs well in small user studies, but authors suggested that more physiological research is required to confirm the intersubject variability of electrical stimulus responses in bigger populations.


-- Mohan Krishna Sunkara (@mk344567)

Chen, Y., Yang, Z., Abbou, R., Lopes, P., Zhao, B. Y., & Zheng, H. (2021, May). User authentication via electrical muscle stimulation. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (pp. 1-15).









Comments