TY - GEN
T1 - I Can Think Like You! Towards Reaction Spoofing Attack on Brainwave-Based Authentication
AU - Chiu, Wei Yang
AU - Meng, Weizhi
AU - Li, Wenjuan
N1 - Funding Information:
Acknowledgments. This work was partially supported by National Natural Science Foundation of China (No. 61802077). - Checked PGMS in June 2023.
Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021/2
Y1 - 2021/2
N2 - In the coming period of Internet of Things (IoT), user authentication is one important and essential security mechanism to protect assets from unauthorized access. Textual passwords are the most widely adopted authentication method, but have well-known limitations in the aspects of both security and usability. As an alternative, biometric authentication has attracted much attention, which can verify users based on their biometric features. With the fast development of EEG (electro-encephalography) sensors in current headsets and personal devices, user authentication based on brainwaves becomes feasible. Due to its potential adoption, there is an increasing need to secure such emerging authentication method. In this work, we focus on a brainwave-based computer-screen unlock mechanism, which can validate users based on their brainwave signals when seeing different images. Then, we analyze the security of such brainwave-based scheme and identify a kind of reaction spoofing attack where an attacker can try to imitate the mental reaction (either familiar or unfamiliar) of a legitimate user. In the user study, we show the feasibility and viability of such attack.
AB - In the coming period of Internet of Things (IoT), user authentication is one important and essential security mechanism to protect assets from unauthorized access. Textual passwords are the most widely adopted authentication method, but have well-known limitations in the aspects of both security and usability. As an alternative, biometric authentication has attracted much attention, which can verify users based on their biometric features. With the fast development of EEG (electro-encephalography) sensors in current headsets and personal devices, user authentication based on brainwaves becomes feasible. Due to its potential adoption, there is an increasing need to secure such emerging authentication method. In this work, we focus on a brainwave-based computer-screen unlock mechanism, which can validate users based on their brainwave signals when seeing different images. Then, we analyze the security of such brainwave-based scheme and identify a kind of reaction spoofing attack where an attacker can try to imitate the mental reaction (either familiar or unfamiliar) of a legitimate user. In the user study, we show the feasibility and viability of such attack.
KW - Biometric authentication
KW - Biometric security
KW - Brainwave-based unlock
KW - EEG
KW - Reaction spoofing attack
UR - http://www.scopus.com/inward/record.url?scp=85101828369&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-68851-6_18
DO - 10.1007/978-3-030-68851-6_18
M3 - Conference article published in proceeding or book
AN - SCOPUS:85101828369
SN - 9783030688509
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 251
EP - 265
BT - Security, Privacy, and Anonymity in Computation, Communication, and Storage - 13th International Conference, SpaCCS 2020, Proceedings
A2 - Wang, Guojun
A2 - Chen, Bing
A2 - Li, Wei
A2 - Di Pietro, Roberto
A2 - Yan, Xuefeng
A2 - Han, Hao
PB - Springer Science and Business Media Deutschland GmbH
T2 - 13th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2020
Y2 - 18 December 2020 through 20 December 2020
ER -