Skip to main content
SpringerLink
Log in

PEEP: Passively Eavesdropping Private Input via Brainwave Signals

  • Conference paper
Financial Cryptography and Data Security (FC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10322))

Included in the following conference series:

Abstract

New emerging devices open up immense opportunities for everyday users. At the same time, they may raise significant security and privacy threats. One such device, forming the central focus of this work, is an EEG headset, which allows a user to control her computer only using her thoughts.

In this paper, we show how such a malicious EEG device or a malicious application having access to EEG signals recorded by the device can be turned into a new form of a keylogger, called PEEP, that passively eavesdrops over user’s sensitive typed input, specifically numeric PINs and textual passwords, by analyzing the corresponding neural signals. PEEP works because user’s input is correlated with user’s innate visual processing as well as hand, eye, and head muscle movements, all of which are explicitly or implicitly captured by the EEG device.

Our contributions are two-fold. First, we design and develop PEEP against a commodity EEG headset and a higher-end medical-scale EEG device based on machine learning techniques. Second, we conduct the comprehensive evaluation with multiple users to demonstrate the feasibility of PEEP for inferring PINs and passwords as they are typed on a physical keyboard, a virtual keyboard, and an ATM-style numeric keypad. Our results show that PEEP can extract sensitive input with an accuracy significantly higher than a random guessing classifier. Compared to prior work on this subject, PEEP is highly surreptitious as it only requires passive monitoring of brain signals, not deliberate, and active strategies that may trigger suspicion and be detected by the user. Also, PEEP achieves orders of magnitude higher accuracies compared to prior active PIN inferring attacks. Our work serves to raise awareness to a potentially hard-to-address threat arising from EEG devices which may remain attached to the users almost invariably soon.

M. L. Rahman—Work done while being a student at UAB.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. B-Alert X-10 Set-Up Manual. http://www.biopac.com/Manuals/b-alert

  2. Emotiv app store. https://www.emotiv.com/store/app.php. Accessed 28 Jul 2016

  3. Emotiv EEG headset. https://www.emotiv.com. Accessed 28 Jul 2016

  4. Emotiv web APIs. https://cpanel.emotivinsight.com/BTLE/document.htm#_Toc396152456. Accessed 28 Jul 2016

  5. Neurofocus. http://www.nielsen.com/us/en/solutions/capabilities/consumer-neuroscience.html. Accessed 14 Aug 2016

  6. Neurosky app store. https://store.neurosky.com/. Accessed 28 Jul 2016

  7. Neurosky EEG headset. https://www.neurosky.com. Accessed 28 Jul 2016

  8. Aha, D.W., Kibler, D., Albert, M.K.: Instance-based learning algorithms. Mach. Learn. 6(1), 37–66 (1991)

    Article  Google Scholar 

  9. Neupane, A., Rahman, M.L., Saxena, N., Hirshfield, L.: A multimodal neuro-physiological study of phishing and malware warnings. In: ACM Conference on Computer and Communications Security (CCS). ACM, Denver (2015)

    Google Scholar 

  10. Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (EEG) based authentication. In: 2011 5th International IEEE/EMBS Conference on Neural Engineering (NER), pp. 442–445. IEEE (2011)

    Google Scholar 

  11. Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, vol. 2004, pp. 3–11 (2004)

    Google Scholar 

  12. Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on Smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 41–50. ACM (2012)

    Google Scholar 

  13. Birbaumer, N., Ghanayim, N., Hinterberger, T., Iversen, I., Kotchoubey, B., Kübler, A., Perelmouter, J., Taub, E., Flor, H.: A spelling device for the paralysed. Nature 398(6725), 297–298 (1999)

    Article  Google Scholar 

  14. Bojinov, H., Sanchez, D., Reber, P., Boneh, D., Lincoln, P.: Neuroscience meets cryptography: designing crypto primitives secure against rubber hose attacks. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 129–141 (2012)

    Google Scholar 

  15. Cai, L., Chen, H.: TouchLogger: inferring keystrokes on touch screen from Smartphone motion. In: HotSec 2011, p. 9 (2011)

    Google Scholar 

  16. Campbell, A., Choudhury, T., Hu, S., Lu, H., Mukerjee, M.K., Rabbi, M., Raizada, R.D.: Neurophone: brain-mobile phone interface using a wireless EEG headset. In: Proceedings of the Second ACM SIGCOMM Workshop on Networking, Systems, and Applications on Mobile Handhelds, pp. 3–8. ACM (2010)

    Google Scholar 

  17. Chuang, J., Nguyen, H., Wang, C., Johnson, B.: I think, therefore i am: usability and security of authentication using brainwaves. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 1–16. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_1

    Chapter  Google Scholar 

  18. Cleary, J.G., et al.: K*: an instance-based learner using an entropic distance measure

    Google Scholar 

  19. Delorme, A., Makeig, S.: EEGLAB: an open source toolbox for analysis of single-trial EEG dynamics including independent component analysis. J. Neurosci. Method. 134(1), 9–21 (2004)

    Article  Google Scholar 

  20. Donchin, E.: Event-related brain potentials: a tool in the study of human information processing. In: Begleiter, H. (ed.) Evoked Brain Potentials and Behavior. The Downstate Series of Research in Psychiatry and Psychology, vol. 2, pp. 13–88. Springer, Boston (1979). https://doi.org/10.1007/978-1-4684-3462-0_2

  21. Esfahani, E.T., Sundararajan, V.: Classification of primitive shapes using brain-computer interfaces. Comput.-Aided Des. 44(10), 1011–1019 (2012)

    Article  Google Scholar 

  22. Halevi, T., Saxena, N.: A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 89–90. ACM (2012)

    Google Scholar 

  23. Huan, N.J., Palaniappan, R.: Neural network classification of autoregressive features from electroencephalogram signals for brain? computer interface design. J. Neural Eng. 1(3), 142 (2004)

    Article  Google Scholar 

  24. Hyvärinen, A., Oja, E.: Independent component analysis: algorithms and applications. Neural Netw. 13(4), 411–430 (2000)

    Article  Google Scholar 

  25. Johnson, B., Maillart, T., Chuang, J.: My thoughts are not your thoughts. In: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication, pp. 1329–1338. ACM (2014)

    Google Scholar 

  26. Jordan, A.: On discriminative vs. generative classifiers: A comparison of logistic regression and naive bayes (2002)

    Google Scholar 

  27. Makeig, S., et al.: Independent component analysis of electroencephalographic data. In: Advances in Neural Information Processing Systems, pp. 145–151 (1996)

    Google Scholar 

  28. Marquardt, P., Verma, A., Carter, H., Traynor, P.: (SP) iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 551–562. ACM (2011)

    Google Scholar 

  29. Martinovic, I., Davies, D., Frank, M., Perito, D., Ros, T., Song, D.: On the feasibility of side-channel attacks with brain-computer interfaces. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 143–158 (2012)

    Google Scholar 

  30. Monrose, F., Rubin, A.: Authentication via keystroke dynamics. In: Proceedings of the 4th ACM conference on Computer and Communications Security, pp. 48–56. ACM (1997)

    Google Scholar 

  31. Neupane, A., Saxena, N., Kuruvilla, K., Georgescu, M., Kana, R.: Neural signatures of user-centered security: an fMRI study of phishing, and malware warnings. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), pp. 1–16 (2014)

    Google Scholar 

  32. Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on Smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems and Applications, p. 9. ACM (2012)

    Google Scholar 

  33. del R Millan, J., Mouriño, J., Franzé, M., Cincotti, F., Varsta, M., Heikkonen, J., Babiloni, F.: A local neural classifier for the recognition of EEG patterns associated to mental tasks. IEEE Trans. Neural Netw. 13(3), 678–686 (2002)

    Article  Google Scholar 

  34. Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM 2001, vol. 10, USENIX Association, Berkeley, CA, USA (2001). http://dl.acm.org/citation.cfm?id=1251327.1251352

  35. Sumon, M.S.P.: First man with two mind-controlled prosthetic limbs. Bangladesh Med. J. 44(1), 59–60 (2016)

    Article  Google Scholar 

  36. Tan, D., Nijholt, A.: Brain-computer interfaces and human-computer interaction. In: Tan, D., Nijholt, A. (eds.) Brain-Computer Interfaces. Human-Computer Interaction Series, pp. 3–19. Springer, London (2010). https://doi.org/10.1007/978-1-84996-272-8_1

  37. Thorpe, J., van Oorschot, P.C., Somayaji, A.: Pass-thoughts: authenticating with our minds. In: Proceedings of the 2005 Workshop on New Security Paradigms, pp. 45–56. ACM (2005)

    Google Scholar 

  38. Vuagnoux, M., Pasini, S.: Compromising electromagnetic emanations of wired and wireless keyboards. In: Proceedings of the 18th USENIX Security Symposium, pp. 1–16. No. LASEC-CONF-2009-007. USENIX Association (2009)

    Google Scholar 

  39. Wang, H., Lai, T.T.T., Roy Choudhury, R.: MoLe: motion leaks through smartwatch sensors. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, pp. 155–166. ACM (2015)

    Google Scholar 

  40. Xu, Z., Bai, K., Zhu, S.: TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 113–124. ACM (2012)

    Google Scholar 

  41. Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(1), 3 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Alabama at Birmingham, Birmingham, USA

    Ajaya Neupane & Nitesh Saxena

  2. University of California Riverside, Riverside, USA

    Md. Lutfor Rahman

Authors
  1. Ajaya Neupane
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Md. Lutfor Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nitesh Saxena
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ajaya Neupane .

Editor information

Editors and Affiliations

  1. University of Edinburgh, Edinburgh, UK

    Aggelos Kiayias

A Design of Experiments

A Design of Experiments

Fig. 3.
figure 3

(a) VKPE task: virtual keyboard (b) VAPE task: virtual ATM keyboard

Full size image
Fig. 4.
figure 4

PNKPE task: (a) Layout to enter the PIN (b) Physical numeric keyboard used

Full size image
Fig. 5.
figure 5

PKPE task: (a) Layout to enter 6-digit character based password (b) Physical keyboard used

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Cite this paper

Neupane, A., Rahman, M.L., Saxena, N. (2017). PEEP: Passively Eavesdropping Private Input via Brainwave Signals. In: Kiayias, A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10322. Springer, Cham. https://doi.org/10.1007/978-3-319-70972-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70972-7_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70971-0

  • Online ISBN: 978-3-319-70972-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation