A novel spoofing attack against electroencephalogram-based security systems

Security systems using brain signals or Electroencephalogram (EEG), attempt to exploit chaotic nature of brain signals and their individuality to derive security primitives that are hard to reproduce. In this sense, the signal features are extracted to train a Machine Learning (ML) algorithm for classification. However, although brain signals are chaotic, feature extraction process might reduce the chaos rendering features in a way that they can be generated. Besides, even if features are chaotic, ML techniques might classify them in such a manner that an element in a particular class becomes easy to generate. In this paper, we perform entropy analysis on common features used in EEG-based security systems to estimate their information content, which is used to propose a novel technique for EEG signal generation in feature domain instead of time domain. These generated signals can potentially be used for spoofing attacks. We consider five types of feature extraction techniques and six classifiers found in recently proposed security systems, and analyze their vulnerability to spoofing attacks using generated EEG signals. The results show that the generation scheme can synthesize artificial signals to get classified as genuine brain signals by ML algorithms.

[1]  SafeDrive: An autonomous driver safety application in aware cities , 2016, 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops).

[2]  Minfen Shen,et al.  A Prediction Approach for Multichannel EEG Signals Modeling Using Local Wavelet SVM , 2010, IEEE Transactions on Instrumentation and Measurement.

[3]  Koosha Sadeghi,et al.  Toward Parametric Security Analysis of Machine Learning Based Cyber Forensic Biometric Systems , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[4]  Tomi Kinnunen,et al.  Spoofing and countermeasures for automatic speaker verification , 2013, INTERSPEECH.

[5]  Ali Harounabadi,et al.  Implementing a cognition cycle with words computation , 2011, 2011 IEEE Symposium on Computational Intelligence, Cognitive Algorithms, Mind, and Brain (CCMB).

[6]  Patrizio Campisi,et al.  On the vulnerability of an EEG-based biometric system to hill-climbing attacks algorithms' comparison and possible countermeasures , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[7]  Mohammad Mansour Riahi Kashani,et al.  The shadow of a real conscious mind , 2011, IEEE 10th International Conference on Cognitive Informatics and Cognitive Computing (ICCI-CC'11).

[8]  N. Birbaumer,et al.  BCI2000: a general-purpose brain-computer interface (BCI) system , 2004, IEEE Transactions on Biomedical Engineering.

[9]  Koosha Sadeghi,et al.  Enabling Real-Time Collaborative Brain-Mobile Interactive Applications on Volunteer Mobile Devices , 2015, HotWireless@MobiCom.

[10]  Julian Fiérrez,et al.  Face verification put to test: A hill-climbing attack based on the uphill-simplex algorithm , 2012, 2012 5th IAPR International Conference on Biometrics (ICB).

[11]  Jeffrey M. Hausdorff,et al.  Physionet: Components of a New Research Resource for Complex Physiologic Signals". Circu-lation Vol , 2000 .

[12]  B. Samanta,et al.  Prediction of chaotic time series using computational intelligence , 2011, Expert Syst. Appl..

[13]  Koosha Sadeghi,et al.  E-BIAS: A Pervasive EEG-Based Identification and Authentication System , 2015, Q2SWinet@MSWiM.

[14]  Chris Roberts,et al.  Biometric attack vectors and defences , 2007, Comput. Secur..

[15]  Koosha Sadeghi,et al.  Optimization of Brain Mobile Interface Applications Using IoT , 2016, 2016 IEEE 23rd International Conference on High Performance Computing (HiPC).

[16]  Benjamin Johnson,et al.  My thoughts are not your thoughts , 2014, UbiComp Adjunct.

[17]  Jesús B. Alonso,et al.  Electroencephalogram subject identification: A review , 2014, Expert Syst. Appl..

[18]  Charles Wang,et al.  I Think, Therefore I Am: Usability and Security of Authentication Using Brainwaves , 2013, Financial Cryptography Workshops.

[19]  U. Rajendra Acharya,et al.  Entropies for detection of epilepsy in EEG , 2005, Comput. Methods Programs Biomed..