TY - CHAP
T1 - I Can Think Like You! Towards Reaction Spoofing Attack on Brainwave-Based Authentication
AU - Chiu, Wei-Yang
AU - Meng, Weizhi
AU - Li, Wenjuan
PY - 2021
Y1 - 2021
N2 - In the coming period of Internet of Things (IoT), user authentication is one important and essential security mechanism to protect assets from unauthorized access. Textual passwords are the most widely adopted authentication method, but have well-known limitations in the aspects of both security and usability. As an alternative, biometric authentication has attracted much attention, which can verify users based on their biometric features. With the fast development of EEG (electro-encephalography) sensors in current headsets and personal devices, user authentication based on brainwaves becomes feasible. Due to its potential adoption, there is an increasing need to secure such emerging authentication method. In this work, we focus on a brainwave-based computer-screen unlock mechanism, which can validate users based on their brainwave signals when seeing different images. Then, we analyze the security of such brainwave-based scheme and identify a kind of reaction spoofing attack where an attacker can try to imitate the mental reaction (either familiar or unfamiliar) of a legitimate user. In the user study, we show the feasibility and viability of such attack.
AB - In the coming period of Internet of Things (IoT), user authentication is one important and essential security mechanism to protect assets from unauthorized access. Textual passwords are the most widely adopted authentication method, but have well-known limitations in the aspects of both security and usability. As an alternative, biometric authentication has attracted much attention, which can verify users based on their biometric features. With the fast development of EEG (electro-encephalography) sensors in current headsets and personal devices, user authentication based on brainwaves becomes feasible. Due to its potential adoption, there is an increasing need to secure such emerging authentication method. In this work, we focus on a brainwave-based computer-screen unlock mechanism, which can validate users based on their brainwave signals when seeing different images. Then, we analyze the security of such brainwave-based scheme and identify a kind of reaction spoofing attack where an attacker can try to imitate the mental reaction (either familiar or unfamiliar) of a legitimate user. In the user study, we show the feasibility and viability of such attack.
KW - EEG
KW - Biometric authentication
KW - Brainwave-based unlock
KW - Biometric security
KW - Reaction spoofing attack
U2 - 10.1007/978-3-030-68851-6_18
DO - 10.1007/978-3-030-68851-6_18
M3 - Book chapter
SN - 978-3-030-68850-9
VL - 12382
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 251
EP - 265
BT - Security, Privacy, and Anonymity in Computation, Communication, and Storage
PB - Springer
T2 - 13<sup>th</sup> International Conference onSecurity, Privacy, and Anonymity in Computation, Communication, and Storage
Y2 - 18 December 2020 through 20 December 2020
ER -