Brain Hemorrhage: When Brainwaves Leak Sensitive Medical Conditions and Personal Information

Brain Computer Interfaces (BCI) are rapidly gaining popularity in consumer market. It is therefore important to analyze the security and privacy threats these devices may introduce to their users. In this paper, we explore how malicious access to brainwave signals may surreptitiously reveal users' privacy-sensitive medical conditions and personal information, while they are browsing the web (or interacting with an app). At a conceptual level, we investigate the potential of brainwave signals, captured during a user's normal interactions with visual stimuli (e.g., images and audio-visuals) through a website or computer, in exposing whether the user is suffering from a given medical disorder (e.g., drug abuse or autism) and to which demographics group the user belongs (e.g., young vs. elderly or male vs. female). At an empirical level, as two representative case studies into such conceptual attacks, we present a concrete brainwave privacy attack, (Brain) Hemorrhage11In the context of our work, the term “Hemorrhage” is an attack against brainwave privacy. Brain Hemorrhage is a type of alcoholic cocktail, and hence the terminology is also intended to capture one of the case studies of our work on Alcohol Use Disorder., focusing on the leakage of Alcohol Usage Disorder (AUD) and users' age group. Hemorrhage is designed using machine learning techniques to identify the users suffering from AUD and age group by analyzing the seemingly innocuous brainwave signals leaked online in response to users' viewing of simple images or watching of videos. Based on the publicly available EEG datasets on AUD and aging, our study shows that Hemorrhage can predict the presence or absence of alcohol usage disorder with the precision of 96% and the presence or absence of aging condition with 94% accuracy. We also analyze, visualize and interpret the differences in the brainwave signals corresponding to AUD and aging, which serves to justify why our attack succeeds. While the use of neuroimaging devices to diagnose medical disorders in clinical settings is a common practice in the medical field, our study constitutes one of the first steps towards exploring the malicious use of brainwave devices in compromising people's health information privacy in an online setting (otherwise protected under the HIPAA law) as well as their age privacy. Given any website can have unfettered, permission-less access to the signals captured by the current BCI devices, we believe that our work raises a serious online health privacy and age privacy issues as these devices get widely deployed.

[1]  Thasneem Fathima,et al.  Detection of Epileptic Seizure Event and Onset Using EEG , 2014, BioMed research international.

[2]  Shaohan Hu,et al.  NeuroPhone: brain-mobile phone interface using a wireless EEG headset , 2010, MobiHeld '10.

[3]  Kyle Nash,et al.  Neural Markers of Religious Conviction , 2009, Psychological science.

[4]  H. Begleiter,et al.  Event related potentials during object recognition tasks , 1995, Brain Research Bulletin.

[5]  John Lumsden,et al.  EEG Responses to Visual Erotic Stimuli in Men with Normal and Paraphilic Interests , 2003, Archives of sexual behavior.

[6]  Dawn Xiaodong Song,et al.  Subliminal Probing for Private Information via EEG-Based BCI Devices , 2013, ArXiv.

[7]  J. G. Snodgrass,et al.  A standardized set of 260 pictures: norms for name agreement, image agreement, familiarity, and visual complexity. , 1980, Journal of experimental psychology. Human learning and memory.

[8]  J W Rohrbaugh,et al.  Alcohol use disorders and anxiety disorders: relation to the P300 event-related potential. , 2001, Alcoholism, clinical and experimental research.

[9]  P. Fletcher,et al.  Brain Structural Signatures of Negative Symptoms in Depression and Schizophrenia , 2014, Front. Psychiatry.

[10]  Ehsan Tarkesh Esfahani,et al.  Classification of primitive shapes using brain-computer interfaces , 2012, Comput. Aided Des..

[11]  Nitesh Saxena,et al.  Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings , 2014, NDSS.

[12]  Michelle N. Lumicao,et al.  EEG correlates of task engagement and mental workload in vigilance, learning, and memory tasks. , 2007, Aviation, space, and environmental medicine.

[13]  Nitesh Saxena,et al.  Neural Underpinnings of Website Legitimacy and Familiarity Detection: An fNIRS Study , 2017, WWW.

[14]  Alcoholism and the brain , 1977 .

[15]  H. van Engeland,et al.  Visual and somatosensory event-related brain potentials in autistic children and three different control groups. , 1994, Electroencephalography and clinical neurophysiology.

[16]  C. Harper,et al.  Ethanol and brain damage. , 2005, Current opinion in pharmacology.

[17]  K. Marinković,et al.  Alcoholism and the Brain: An Overview , 2003, Alcohol research & health : the journal of the National Institute on Alcohol Abuse and Alcoholism.

[18]  Keum-Shik Hong,et al.  fNIRS-based brain-computer interfaces: a review , 2015, Front. Hum. Neurosci..

[19]  M. Westerfield,et al.  Modality-specificity of sensory aging in vision and audition: Evidence from event-related potentials , 2008, Brain Research.

[20]  Helge J. Ritter,et al.  2009 Special Issue: The MindGame: A P300-based brain-computer interface game , 2009 .

[21]  W. Hauser,et al.  American Electroencephalographic Society Guidelines for Laboratory Accreditation , 1986, Journal of clinical neurophysiology : official publication of the American Electroencephalographic Society.

[22]  G. Koob,et al.  Neurobiology of Alcohol Dependence: Focus on Motivational Mechanisms , 2008 .

[23]  Marcello Ienca,et al.  Towards new human rights in the age of neuroscience and neurotechnology , 2017, Life Sciences, Society and Policy.

[24]  Keum Shik Hong,et al.  Hybrid EEG–fNIRS-Based Eight-Command Decoding for BCI: Application to Quadcopter Control , 2017, Front. Neurorobot..

[25]  Peter F. Edemekong,et al.  Health Insurance Portability and Accountability Act , 2020 .

[26]  J. Morrison,et al.  Life and death of neurons in the aging brain. , 1997, Science.

[27]  E. Donchin Event-related Brain Potentials: A Tool in the Study of Human Information Processing , 1979 .

[28]  Chris Berka,et al.  Drowsiness/alertness algorithm development and validation using synchronized EEG and cognitive performance to individualize a generalized model , 2011, Biological Psychology.

[29]  Nitesh Saxena,et al.  A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings , 2015, CCS.

[30]  Matcheri S Keshavan,et al.  Prefrontal cortex, thalamus, and cerebellar volumes in adolescents and young adults with adolescent-onset alcohol use disorders and comorbid mental disorders. , 2005, Alcoholism, clinical and experimental research.

[31]  Nitesh Saxena,et al.  PEEP: Passively Eavesdropping Private Input via Brainwave Signals , 2017, Financial Cryptography.

[32]  Gleb V. Tcheslavski,et al.  Alcoholism-related alterations in spectrum, coherence, and phase synchrony of topical electroencephalogram , 2012, Comput. Biol. Medicine.

[33]  Satrajit S. Ghosh,et al.  Predicting treatment response in social anxiety disorder from functional magnetic resonance imaging. , 2012, JAMA psychiatry.

[34]  Z. Koles,et al.  Quantitative EEG studies of pedophilia. , 1991, International journal of psychophysiology : official journal of the International Organization of Psychophysiology.

[35]  R. Root-Bernstein Brain Aging: Models, Methods, and Mechanisms , 2007 .

[36]  Desney S. Tan,et al.  Brain-Computer Interfaces and Human-Computer Interaction , 2010, Brain-Computer Interfaces.

[37]  Era moderna até Health Insurance Portability and Accountability Act , 2011 .

[38]  Dawn Xiaodong Song,et al.  On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces , 2012, USENIX Security Symposium.

[39]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[40]  C. C. Chang,et al.  National technology foresight research: a literature review from 1984 to 2005 , 2010 .

[41]  Chris Berka,et al.  Real-Time Analysis of EEG Indexes of Alertness, Cognition, and Memory Acquired With a Wireless EEG Headset , 2004, Int. J. Hum. Comput. Interact..

[42]  W. Stroebe,et al.  Beyond Vicary's fantasies: The impact of subliminal priming and brand choice , 2006 .

[43]  Afrouz Anderson,et al.  Relative brain signature: a population-based feature extraction procedure to identify functional biomarkers in the brain of alcoholics , 2015, Brain and behavior.

[44]  Yunhao Liu,et al.  MindID: Person Identification from Brain Waves through Aention-based Recurrent Neural Network , 2017 .

[45]  L. Bauer,et al.  Recent EEG and ERP Findings in Substance Abusers , 2009, Clinical EEG and neuroscience.

[46]  Julia A. Leonard,et al.  Altered Intrinsic Functional Brain Architecture in Children at Familial Risk of Major Depression , 2015, Biological Psychiatry.

[47]  H. Begleiter,et al.  Alcoholism and Human Electrophysiology , 2003, Alcohol research & health : the journal of the National Institute on Alcohol Abuse and Alcoholism.

[48]  Benjamin J. Shannon,et al.  Premotor functional connectivity predicts impulsivity in juvenile offenders , 2011, Proceedings of the National Academy of Sciences.

[49]  J. Cole,et al.  Predicting Age Using Neuroimaging: Innovative Brain Ageing Biomarkers , 2017, Trends in Neurosciences.

[50]  Bernice Porjesz,et al.  Understanding alcohol use disorders with neuroelectrophysiology. , 2014, Handbook of clinical neurology.

[51]  Desney S. Tan,et al.  Brain-Computer Interfaces: Applying our Minds to Human-Computer Interaction , 2010 .