Skip to main content
SpringerLink
Log in

I Can Think Like You! Towards Reaction Spoofing Attack on Brainwave-Based Authentication

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12382))

Abstract

In the coming period of Internet of Things (IoT), user authentication is one important and essential security mechanism to protect assets from unauthorized access. Textual passwords are the most widely adopted authentication method, but have well-known limitations in the aspects of both security and usability. As an alternative, biometric authentication has attracted much attention, which can verify users based on their biometric features. With the fast development of EEG (electro-encephalography) sensors in current headsets and personal devices, user authentication based on brainwaves becomes feasible. Due to its potential adoption, there is an increasing need to secure such emerging authentication method. In this work, we focus on a brainwave-based computer-screen unlock mechanism, which can validate users based on their brainwave signals when seeing different images. Then, we analyze the security of such brainwave-based scheme and identify a kind of reaction spoofing attack where an attacker can try to imitate the mental reaction (either familiar or unfamiliar) of a legitimate user. In the user study, we show the feasibility and viability of such attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Altahat, S., Chetty, G., Tran, D., Ma, W.: Analysing the robust EEG channel set for person authentication. In: Arik, S., Huang, T., Lai, W.K., Liu, Q. (eds.) ICONIP 2015. LNCS, vol. 9492, pp. 162–173. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26561-2_20

    Chapter  Google Scholar 

  2. Becker, K., Arias-Cabarcos, P., Habrich, T., Becker, C.: Poster: towards a Framework for assessing vulnerabilities of brainwave authentication systems. In: Proceedings of CCS, pp. 2577–2579 (2019)

    Google Scholar 

  3. Bidgoly, A.J., Bidgoly, H.J., Arezoumand, Z.: A survey on methods and challenges in EEG based authentication. Comput. Secur. 93, 101788 (2020)

    Article  Google Scholar 

  4. Chen, C.H., Chen, C.Y.: Optimal fusion of multimodal biometric authentication using wavelet probabilistic neural network. In: Proceedings of ISCE, pp. 55–56 (2013)

    Google Scholar 

  5. Chiu, W., Yeh, K.-H., Nakamura, A.: Seeing is believing: authenticating users with what they see and remember. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 391–403. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_24

    Chapter  Google Scholar 

  6. Chuang, J., Nguyen, H., Wang, C., Johnson, B.: I think, therefore i am: usability and security of authentication using brainwaves. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 1–16. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_1

    Chapter  Google Scholar 

  7. Crawford, H.: Understanding user perceptions of transparent authentication on a mobile device. J. Trust Manag. 1(1), 7 (2014)

    Article  Google Scholar 

  8. Damasevicius, R., Maskeliunas, R., Kazanavicius, E., Wozniak, M.: Combining cryptography with EEG biometrics. Comput. Intell. Neurosci. 1867548, 1–11 (2018)

    Article  Google Scholar 

  9. Gartner Says 5.8 Billion Enterprise and Automotive IoT Endpoints Will Be in Use in 2020. https://www.gartner.com/en/newsroom/press-releases/2019-08-29-gartner-says-5-8-billion-enterprise-and-automotive-io. Accessed 12 Apr 2020

  10. Gupta, E., Agarwal, M., Sivakumar, R.: Blink to get. In: Biometric Authentication for Mobile Devices using EEG Signals. ICC 2020, pp. 1–6 (2020)

    Google Scholar 

  11. Biometric Facial Recognition - Windows Hello. Microsoft. https://www.microsoft.com/en-us/windows/windows-hello. Accessed 21 Apr 2020

  12. Biometrics—Android Open Source Project. Google. https://source.android.com/security/biometric. Accessed 24 Apr 2020

  13. Human Interface Guidelines - Apple Developer: Authentication - User Interaction - iOS - Apple Developer. Apple. https://developer.apple.com/design/human-interface-guidelines/ios/user-interaction/authentication/. Accessed 24 Apr 2020

  14. Huang, H., Hu, L., Xiao, F., Du, A., Ye, N., He, F.: An EEG-based identity authentication system with audiovisual paradigm in IoT. Sensors 19(7), 1664 (2019)

    Article  Google Scholar 

  15. Izuta, R., Murao, K., Terada, T., Iso, T., Inamura, H., Tsukamoto, M.: Screen unlocking method using behavioral characteristics when taking mobile phone from pocket. In: MoMM 2016, pp. 110-114 (2016)

    Google Scholar 

  16. Li, W., Tan, J., Meng, W., Wang, Y.: A swipe-based unlocking mechanism with supervised learning on smartphones: design and evaluation. J. Netw. Comput. Appl. 165, 102687 (2020)

    Article  Google Scholar 

  17. Liew, S.H., Choo, Y.H. and Low, Y.F.: Fuzzy-rough nearest neighbour classifier for person authentication using EEG signals. In: Proceedings of iFUZZY, pp. 316–321 (2013)

    Google Scholar 

  18. Liew, S.H., Choo, Y.H., Yusoh, Z.I.M., Low, Y.F.: Incrementing FRNN model with simple heuristic update for brainwaves person authentication. In: Proceedings of IECBES, pp. 115–120 (2016)

    Google Scholar 

  19. Lotte, F., et al.: A review of classification algorithms for EEG-based brain-computer interfaces: a 10 year update. J. Neural Eng. 15, 031005 (2018)

    Article  Google Scholar 

  20. Marcel, S., Millan, J.R.: Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans. Pattern Anal. Mach. Intell. 29(4), 743–752 (2007)

    Article  Google Scholar 

  21. Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17(3), 1268–1293 (2015)

    Article  Google Scholar 

  22. Meng, W.: Evaluating the effect of multi-touch behaviours on android unlock patterns. Inf. Comput. Secur. 24(3), 277–287 (2016)

    Article  Google Scholar 

  23. Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 629–647. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_34

    Chapter  Google Scholar 

  24. Meng, W., Li, W., Lee, W.H., Jiang, L., Zhou, J.: A pilot study of multiple password interference between text and map-based passwords. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 145–162. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_8

    Chapter  Google Scholar 

  25. Meng, W., Wang, Y., Wong, D.S., Wen, S., Xiang, Y.: TouchWB: touch behavioral user authentication based on web browsing on smartphones. J. Netw. Comput. Appl. 117, 1–9 (2018)

    Article  Google Scholar 

  26. Monrose, F., Rubin, A.D.: Keystroke dynamics as a biometric for authentication. Future Gener. Comput. Syst. 16(4), 351–359 (2000)

    Article  Google Scholar 

  27. Moctezuma, L.A., Molinas, M.: Event-related potential from EEG for a two-step identity authentication system. In: INDIN, pp. 392–399 (2019)

    Google Scholar 

  28. Abo-Zahhad, M., Ahmed, S.M., Abbas, S.N.: A new multi-level approach to EEG based human authentication using eye blinking. Pattern Recognit. Lett. 82, 216–225 (2016)

    Article  Google Scholar 

  29. Muse\(^{\text{TM}}\) - Meditation Made Easy with the Muse Headband. Muse. https://choosemuse.com/. Accessed 24 Apr 2020

  30. Noor, M.B.M., Hassan, W.H.: Current research on Internet of Things (IoT) security: a survey. Comput. Netw. 148, 283–294 (2019)

    Article  Google Scholar 

  31. Nakamura, T., Goverdovsky, V., Mandic, D.P.: In-Ear EEG biometrics for feasible and readily collectable real-world person authentication. IEEE Trans. Inf. Forensics Secur. 13(3), 648–661 (2018)

    Article  Google Scholar 

  32. EEG-ECG-Biosensors. NeuroSky. http://neurosky.com/. Accessed 24 Apr 2020

  33. Pham, T., Ma, W., Tran, D., Nguyen, P., Phung, D.: EEG-based user authentication in multilevel security systems. In: Motoda, H., Wu, Z., Cao, L., Zaiane, O., Yao, M., Wang, W. (eds.) ADMA 2013. LNCS (LNAI), vol. 8347, pp. 513–523. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-53917-6_46

    Chapter  Google Scholar 

  34. Pham, T., Ma, W., Tran, D., Nguyen, P., Phung, D.Q.: Multi-factor EEG-based user authentication. In: IJCNN 2014, pp. 4029–4034 (2014)

    Google Scholar 

  35. Tran, N., Tran, D., Liu, S., Trinh, L., Pham, T.: Improving SVM classification on imbalanced datasets for EEG-based person authentication. In: Martínez Álvarez, F., Troncoso Lora, A., Sáez Muñoz, J.A., Quintián, H., Corchado, E. (eds.) CISIS/ICEUTE -2019. AISC, vol. 951, pp. 57–66. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-20005-3_6

    Chapter  Google Scholar 

  36. Researchers can identify you by your brain waves with 100 percent accuracy. https://www.sciencedaily.com/releases/2016/04/160418120608.htm

  37. Wang, M., Abbass, H.A., Hu, J.: Continuous authentication using EEG and face images for trusted autonomous systems. In: PST 2016, pp. 368–375 (2016)

    Google Scholar 

  38. Wolpaw, J., Wolpaw, E.W.: Brain-Computer Interfaces: Principles and Practice. Oxford University Press, Oxford (2012)

    Book  Google Scholar 

  39. Yan, J., Blackwell, A.F., Anderson, R.J., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)

    Article  Google Scholar 

  40. Yiu, M.L., Lo, E., Yung, D.: Authentication of moving kNN queries. In: Proceedings of ICDE, pp. 565–576 (2011)

    Google Scholar 

  41. Zhou, L., Su, C., Chiu, W., Yeh, K.H.: You think, therefore you are: transparent authentication system with brainwave-oriented bio-features for IoT Networks. IEEE Trans. Emerg. Topics Comput. 8(2), 303–312 (2020)

    Article  Google Scholar 

Download references

Acknowledgments

This work was partially supported by National Natural Science Foundation of China (No. 61802077).

Author information

Authors and Affiliations

  1. Department of Applied Mathematics and Computer Science, Technical University of Denmark, Lyngby, Denmark

    Wei-Yang Chiu & Weizhi Meng

  2. Department of Computing, Hong Kong Polytechnic University, Kowloon, China

    Wenjuan Li

  3. Institute of Artificial Intelligence and Blockchain, Guangzhou University, Guangzhou, China

    Weizhi Meng & Wenjuan Li

Authors
  1. Wei-Yang Chiu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Weizhi Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weizhi Meng .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Aeronautics and Astronautics, Nanjing University, Nanjing, China

    Bing Chen

  3. Computer Science, Georgia State University, Atlanta, GA, USA

    Wei Li

  4. College of Science and Engineering, Qatar Foundation Education City, Doha, Qatar

    Roberto Di Pietro

  5. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Xuefeng Yan

  6. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Hao Han

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chiu, WY., Meng, W., Li, W. (2021). I Can Think Like You! Towards Reaction Spoofing Attack on Brainwave-Based Authentication. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12382. Springer, Cham. https://doi.org/10.1007/978-3-030-68851-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-68851-6_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-68850-9

  • Online ISBN: 978-3-030-68851-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation