EEGAuth: A Secure and Lightweight EEG-Based System Integrating Authentication and Key Generation

Electroencephalography (EEG) signals have emerged as a novel biometric feature in identity authentication. However, in highly sensitive scenarios such as remote access control and sensitive operation confirmation, identity authentication alone is insufficient to ensure system security. This article proposes EEGAuth, an EEG-based secure and lightweight authentication system with cryptographic key generation, addressing the demand for integrated systems that enhance both security and user convenience by combining identity authentication and key generation into a unified solution. The proposed system employs a genetic algorithm (GA) for optimal channel selection, integrates a discrete wavelet transform (DWT) with an autoencoder-based feature extraction framework, and implements a convolutional neural network (CNN)-based architecture for robust identity authentication. In addition, the system discretizes feature vectors to generate unique and repeatable seeds, which are used as inputs to a secure hash function to produce keys. The evaluation results show that our model achieves a classification accuracy of 99.38% with only 15 channels, significantly outperforming state-of-the-art methods and baseline models. The generated cryptographic keys demonstrate robust security properties, as evidenced by their successful passage through the NIST statistical test suite for randomness verification, scale index analysis for aperiodicity assessment, and autocorrelation testing for bit-sequence independence, collectively confirming their resistance to cryptographic attacks and compliance with security standards.