Abstract
In the coming period of Internet of Things (IoT), user authentication is one important and essential security mechanism to protect assets from unauthorized access. Textual passwords are the most widely adopted authentication method, but have well-known limitations in the aspects of both security and usability. As an alternative, biometric authentication has attracted much attention, which can verify users based on their biometric features. With the fast development of EEG (electro-encephalography) sensors in current headsets and personal devices, user authentication based on brainwaves becomes feasible. Due to its potential adoption, there is an increasing need to secure such emerging authentication method. In this work, we focus on a brainwave-based computer-screen unlock mechanism, which can validate users based on their brainwave signals when seeing different images. Then, we analyze the security of such brainwave-based scheme and identify a kind of reaction spoofing attack where an attacker can try to imitate the mental reaction (either familiar or unfamiliar) of a legitimate user. In the user study, we show the feasibility and viability of such attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Altahat, S., Chetty, G., Tran, D., Ma, W.: Analysing the robust EEG channel set for person authentication. In: Arik, S., Huang, T., Lai, W.K., Liu, Q. (eds.) ICONIP 2015. LNCS, vol. 9492, pp. 162–173. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26561-2_20
Becker, K., Arias-Cabarcos, P., Habrich, T., Becker, C.: Poster: towards a Framework for assessing vulnerabilities of brainwave authentication systems. In: Proceedings of CCS, pp. 2577–2579 (2019)
Bidgoly, A.J., Bidgoly, H.J., Arezoumand, Z.: A survey on methods and challenges in EEG based authentication. Comput. Secur. 93, 101788 (2020)
Chen, C.H., Chen, C.Y.: Optimal fusion of multimodal biometric authentication using wavelet probabilistic neural network. In: Proceedings of ISCE, pp. 55–56 (2013)
Chiu, W., Yeh, K.-H., Nakamura, A.: Seeing is believing: authenticating users with what they see and remember. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 391–403. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_24
Chuang, J., Nguyen, H., Wang, C., Johnson, B.: I think, therefore i am: usability and security of authentication using brainwaves. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 1–16. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_1
Crawford, H.: Understanding user perceptions of transparent authentication on a mobile device. J. Trust Manag. 1(1), 7 (2014)
Damasevicius, R., Maskeliunas, R., Kazanavicius, E., Wozniak, M.: Combining cryptography with EEG biometrics. Comput. Intell. Neurosci. 1867548, 1–11 (2018)
Gartner Says 5.8 Billion Enterprise and Automotive IoT Endpoints Will Be in Use in 2020. https://www.gartner.com/en/newsroom/press-releases/2019-08-29-gartner-says-5-8-billion-enterprise-and-automotive-io. Accessed 12 Apr 2020
Gupta, E., Agarwal, M., Sivakumar, R.: Blink to get. In: Biometric Authentication for Mobile Devices using EEG Signals. ICC 2020, pp. 1–6 (2020)
Biometric Facial Recognition - Windows Hello. Microsoft. https://www.microsoft.com/en-us/windows/windows-hello. Accessed 21 Apr 2020
Biometrics—Android Open Source Project. Google. https://source.android.com/security/biometric. Accessed 24 Apr 2020
Human Interface Guidelines - Apple Developer: Authentication - User Interaction - iOS - Apple Developer. Apple. https://developer.apple.com/design/human-interface-guidelines/ios/user-interaction/authentication/. Accessed 24 Apr 2020
Huang, H., Hu, L., Xiao, F., Du, A., Ye, N., He, F.: An EEG-based identity authentication system with audiovisual paradigm in IoT. Sensors 19(7), 1664 (2019)
Izuta, R., Murao, K., Terada, T., Iso, T., Inamura, H., Tsukamoto, M.: Screen unlocking method using behavioral characteristics when taking mobile phone from pocket. In: MoMM 2016, pp. 110-114 (2016)
Li, W., Tan, J., Meng, W., Wang, Y.: A swipe-based unlocking mechanism with supervised learning on smartphones: design and evaluation. J. Netw. Comput. Appl. 165, 102687 (2020)
Liew, S.H., Choo, Y.H. and Low, Y.F.: Fuzzy-rough nearest neighbour classifier for person authentication using EEG signals. In: Proceedings of iFUZZY, pp. 316–321 (2013)
Liew, S.H., Choo, Y.H., Yusoh, Z.I.M., Low, Y.F.: Incrementing FRNN model with simple heuristic update for brainwaves person authentication. In: Proceedings of IECBES, pp. 115–120 (2016)
Lotte, F., et al.: A review of classification algorithms for EEG-based brain-computer interfaces: a 10 year update. J. Neural Eng. 15, 031005 (2018)
Marcel, S., Millan, J.R.: Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 743–752 (2007)
Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17(3), 1268–1293 (2015)
Meng, W.: Evaluating the effect of multi-touch behaviours on android unlock patterns. Inf. Comput. Secur. 24(3), 277–287 (2016)
Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 629–647. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_34
Meng, W., Li, W., Lee, W.H., Jiang, L., Zhou, J.: A pilot study of multiple password interference between text and map-based passwords. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 145–162. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_8
Meng, W., Wang, Y., Wong, D.S., Wen, S., Xiang, Y.: TouchWB: touch behavioral user authentication based on web browsing on smartphones. J. Netw. Comput. Appl. 117, 1–9 (2018)
Monrose, F., Rubin, A.D.: Keystroke dynamics as a biometric for authentication. Future Gener. Comput. Syst. 16(4), 351–359 (2000)
Moctezuma, L.A., Molinas, M.: Event-related potential from EEG for a two-step identity authentication system. In: INDIN, pp. 392–399 (2019)
Abo-Zahhad, M., Ahmed, S.M., Abbas, S.N.: A new multi-level approach to EEG based human authentication using eye blinking. Pattern Recognit. Lett. 82, 216–225 (2016)
Muse\(^{\text{TM}}\) - Meditation Made Easy with the Muse Headband. Muse. https://choosemuse.com/. Accessed 24 Apr 2020
Noor, M.B.M., Hassan, W.H.: Current research on Internet of Things (IoT) security: a survey. Comput. Netw. 148, 283–294 (2019)
Nakamura, T., Goverdovsky, V., Mandic, D.P.: In-Ear EEG biometrics for feasible and readily collectable real-world person authentication. IEEE Trans. Inf. Forensics Secur. 13(3), 648–661 (2018)
EEG-ECG-Biosensors. NeuroSky. http://neurosky.com/. Accessed 24 Apr 2020
Pham, T., Ma, W., Tran, D., Nguyen, P., Phung, D.: EEG-based user authentication in multilevel security systems. In: Motoda, H., Wu, Z., Cao, L., Zaiane, O., Yao, M., Wang, W. (eds.) ADMA 2013. LNCS (LNAI), vol. 8347, pp. 513–523. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-53917-6_46
Pham, T., Ma, W., Tran, D., Nguyen, P., Phung, D.Q.: Multi-factor EEG-based user authentication. In: IJCNN 2014, pp. 4029–4034 (2014)
Tran, N., Tran, D., Liu, S., Trinh, L., Pham, T.: Improving SVM classification on imbalanced datasets for EEG-based person authentication. In: Martínez Álvarez, F., Troncoso Lora, A., Sáez Muñoz, J.A., Quintián, H., Corchado, E. (eds.) CISIS/ICEUTE -2019. AISC, vol. 951, pp. 57–66. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-20005-3_6
Researchers can identify you by your brain waves with 100 percent accuracy. https://www.sciencedaily.com/releases/2016/04/160418120608.htm
Wang, M., Abbass, H.A., Hu, J.: Continuous authentication using EEG and face images for trusted autonomous systems. In: PST 2016, pp. 368–375 (2016)
Wolpaw, J., Wolpaw, E.W.: Brain-Computer Interfaces: Principles and Practice. Oxford University Press, Oxford (2012)
Yan, J., Blackwell, A.F., Anderson, R.J., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)
Yiu, M.L., Lo, E., Yung, D.: Authentication of moving kNN queries. In: Proceedings of ICDE, pp. 565–576 (2011)
Zhou, L., Su, C., Chiu, W., Yeh, K.H.: You think, therefore you are: transparent authentication system with brainwave-oriented bio-features for IoT Networks. IEEE Trans. Emerg. Topics Comput. 8(2), 303–312 (2020)
Acknowledgments
This work was partially supported by National Natural Science Foundation of China (No. 61802077).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Chiu, WY., Meng, W., Li, W. (2021). I Can Think Like You! Towards Reaction Spoofing Attack on Brainwave-Based Authentication. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12382. Springer, Cham. https://doi.org/10.1007/978-3-030-68851-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-68851-6_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68850-9
Online ISBN: 978-3-030-68851-6
eBook Packages: Computer ScienceComputer Science (R0)