Abstract
New emerging devices open up immense opportunities for everyday users. At the same time, they may raise significant security and privacy threats. One such device, forming the central focus of this work, is an EEG headset, which allows a user to control her computer only using her thoughts.
In this paper, we show how such a malicious EEG device or a malicious application having access to EEG signals recorded by the device can be turned into a new form of a keylogger, called PEEP, that passively eavesdrops over user’s sensitive typed input, specifically numeric PINs and textual passwords, by analyzing the corresponding neural signals. PEEP works because user’s input is correlated with user’s innate visual processing as well as hand, eye, and head muscle movements, all of which are explicitly or implicitly captured by the EEG device.
Our contributions are two-fold. First, we design and develop PEEP against a commodity EEG headset and a higher-end medical-scale EEG device based on machine learning techniques. Second, we conduct the comprehensive evaluation with multiple users to demonstrate the feasibility of PEEP for inferring PINs and passwords as they are typed on a physical keyboard, a virtual keyboard, and an ATM-style numeric keypad. Our results show that PEEP can extract sensitive input with an accuracy significantly higher than a random guessing classifier. Compared to prior work on this subject, PEEP is highly surreptitious as it only requires passive monitoring of brain signals, not deliberate, and active strategies that may trigger suspicion and be detected by the user. Also, PEEP achieves orders of magnitude higher accuracies compared to prior active PIN inferring attacks. Our work serves to raise awareness to a potentially hard-to-address threat arising from EEG devices which may remain attached to the users almost invariably soon.
M. L. Rahman—Work done while being a student at UAB.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
B-Alert X-10 Set-Up Manual. http://www.biopac.com/Manuals/b-alert
Emotiv app store. https://www.emotiv.com/store/app.php. Accessed 28 Jul 2016
Emotiv EEG headset. https://www.emotiv.com. Accessed 28 Jul 2016
Emotiv web APIs. https://cpanel.emotivinsight.com/BTLE/document.htm#_Toc396152456. Accessed 28 Jul 2016
Neurofocus. http://www.nielsen.com/us/en/solutions/capabilities/consumer-neuroscience.html. Accessed 14 Aug 2016
Neurosky app store. https://store.neurosky.com/. Accessed 28 Jul 2016
Neurosky EEG headset. https://www.neurosky.com. Accessed 28 Jul 2016
Aha, D.W., Kibler, D., Albert, M.K.: Instance-based learning algorithms. Mach. Learn. 6(1), 37–66 (1991)
Neupane, A., Rahman, M.L., Saxena, N., Hirshfield, L.: A multimodal neuro-physiological study of phishing and malware warnings. In: ACM Conference on Computer and Communications Security (CCS). ACM, Denver (2015)
Ashby, C., Bhatia, A., Tenore, F., Vogelstein, J.: Low-cost electroencephalogram (EEG) based authentication. In: 2011 5th International IEEE/EMBS Conference on Neural Engineering (NER), pp. 442–445. IEEE (2011)
Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, vol. 2004, pp. 3–11 (2004)
Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on Smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 41–50. ACM (2012)
Birbaumer, N., Ghanayim, N., Hinterberger, T., Iversen, I., Kotchoubey, B., Kübler, A., Perelmouter, J., Taub, E., Flor, H.: A spelling device for the paralysed. Nature 398(6725), 297–298 (1999)
Bojinov, H., Sanchez, D., Reber, P., Boneh, D., Lincoln, P.: Neuroscience meets cryptography: designing crypto primitives secure against rubber hose attacks. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 129–141 (2012)
Cai, L., Chen, H.: TouchLogger: inferring keystrokes on touch screen from Smartphone motion. In: HotSec 2011, p. 9 (2011)
Campbell, A., Choudhury, T., Hu, S., Lu, H., Mukerjee, M.K., Rabbi, M., Raizada, R.D.: Neurophone: brain-mobile phone interface using a wireless EEG headset. In: Proceedings of the Second ACM SIGCOMM Workshop on Networking, Systems, and Applications on Mobile Handhelds, pp. 3–8. ACM (2010)
Chuang, J., Nguyen, H., Wang, C., Johnson, B.: I think, therefore i am: usability and security of authentication using brainwaves. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 1–16. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_1
Cleary, J.G., et al.: K*: an instance-based learner using an entropic distance measure
Delorme, A., Makeig, S.: EEGLAB: an open source toolbox for analysis of single-trial EEG dynamics including independent component analysis. J. Neurosci. Method. 134(1), 9–21 (2004)
Donchin, E.: Event-related brain potentials: a tool in the study of human information processing. In: Begleiter, H. (ed.) Evoked Brain Potentials and Behavior. The Downstate Series of Research in Psychiatry and Psychology, vol. 2, pp. 13–88. Springer, Boston (1979). https://doi.org/10.1007/978-1-4684-3462-0_2
Esfahani, E.T., Sundararajan, V.: Classification of primitive shapes using brain-computer interfaces. Comput.-Aided Des. 44(10), 1011–1019 (2012)
Halevi, T., Saxena, N.: A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 89–90. ACM (2012)
Huan, N.J., Palaniappan, R.: Neural network classification of autoregressive features from electroencephalogram signals for brain? computer interface design. J. Neural Eng. 1(3), 142 (2004)
Hyvärinen, A., Oja, E.: Independent component analysis: algorithms and applications. Neural Netw. 13(4), 411–430 (2000)
Johnson, B., Maillart, T., Chuang, J.: My thoughts are not your thoughts. In: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication, pp. 1329–1338. ACM (2014)
Jordan, A.: On discriminative vs. generative classifiers: A comparison of logistic regression and naive bayes (2002)
Makeig, S., et al.: Independent component analysis of electroencephalographic data. In: Advances in Neural Information Processing Systems, pp. 145–151 (1996)
Marquardt, P., Verma, A., Carter, H., Traynor, P.: (SP) iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 551–562. ACM (2011)
Martinovic, I., Davies, D., Frank, M., Perito, D., Ros, T., Song, D.: On the feasibility of side-channel attacks with brain-computer interfaces. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12), pp. 143–158 (2012)
Monrose, F., Rubin, A.: Authentication via keystroke dynamics. In: Proceedings of the 4th ACM conference on Computer and Communications Security, pp. 48–56. ACM (1997)
Neupane, A., Saxena, N., Kuruvilla, K., Georgescu, M., Kana, R.: Neural signatures of user-centered security: an fMRI study of phishing, and malware warnings. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), pp. 1–16 (2014)
Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on Smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems and Applications, p. 9. ACM (2012)
del R Millan, J., Mouriño, J., Franzé, M., Cincotti, F., Varsta, M., Heikkonen, J., Babiloni, F.: A local neural classifier for the recognition of EEG patterns associated to mental tasks. IEEE Trans. Neural Netw. 13(3), 678–686 (2002)
Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM 2001, vol. 10, USENIX Association, Berkeley, CA, USA (2001). http://dl.acm.org/citation.cfm?id=1251327.1251352
Sumon, M.S.P.: First man with two mind-controlled prosthetic limbs. Bangladesh Med. J. 44(1), 59–60 (2016)
Tan, D., Nijholt, A.: Brain-computer interfaces and human-computer interaction. In: Tan, D., Nijholt, A. (eds.) Brain-Computer Interfaces. Human-Computer Interaction Series, pp. 3–19. Springer, London (2010). https://doi.org/10.1007/978-1-84996-272-8_1
Thorpe, J., van Oorschot, P.C., Somayaji, A.: Pass-thoughts: authenticating with our minds. In: Proceedings of the 2005 Workshop on New Security Paradigms, pp. 45–56. ACM (2005)
Vuagnoux, M., Pasini, S.: Compromising electromagnetic emanations of wired and wireless keyboards. In: Proceedings of the 18th USENIX Security Symposium, pp. 1–16. No. LASEC-CONF-2009-007. USENIX Association (2009)
Wang, H., Lai, T.T.T., Roy Choudhury, R.: MoLe: motion leaks through smartwatch sensors. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, pp. 155–166. ACM (2015)
Xu, Z., Bai, K., Zhu, S.: TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 113–124. ACM (2012)
Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(1), 3 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Design of Experiments
A Design of Experiments
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Neupane, A., Rahman, M.L., Saxena, N. (2017). PEEP: Passively Eavesdropping Private Input via Brainwave Signals. In: Kiayias, A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10322. Springer, Cham. https://doi.org/10.1007/978-3-319-70972-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-70972-7_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70971-0
Online ISBN: 978-3-319-70972-7
eBook Packages: Computer ScienceComputer Science (R0)