Abstract
In the coming period of Internet of Things (IoT), user authentication is one important and essential security mechanism to protect assets from unauthorized access. Textual passwords are the most widely adopted authentication method, but have well-known limitations in the aspects of both security and usability. As an alternative, biometric authentication has attracted much attention, which can verify users based on their biometric features. With the fast development of EEG (electro-encephalography) sensors in current headsets and personal devices, user authentication based on brainwaves becomes feasible. Due to its potential adoption, there is an increasing need to secure such emerging authentication method. In this work, we focus on a brainwave-based computer-screen unlock mechanism, which can validate users based on their brainwave signals when seeing different images. Then, we analyze the security of such brainwave-based scheme and identify a kind of reaction spoofing attack where an attacker can try to imitate the mental reaction (either familiar or unfamiliar) of a legitimate user. In the user study, we show the feasibility and viability of such attack. Copyright © 2021 Springer Nature Switzerland AG.
Original language | English |
---|---|
Title of host publication | Security, privacy, and anonymity in computation, communication, and storage: 13th International Conference, SpaCCS 2020, Nanjing, China, December 18-20, 2020, proceedings |
Editors | Guojun WANG, Bing CHEN, Wei LI, Roberto DI PIETRO, Xuefeng YAN, Hao HAN |
Place of Publication | Cham |
Publisher | Springer |
Pages | 251-265 |
ISBN (Electronic) | 9783030688516 |
ISBN (Print) | 9783030688509 |
DOIs | |
Publication status | Published - 2021 |
Citation
Chiu, W.-Y., Meng, W., & Li, W. (2021). I can think like you! Towards reaction spoofing attack on brainwave-based authentication. In G. Wang, B. Chen, W. Li, R. Di Pietro, X. Yan, & H. Han (Eds.), Security, privacy, and anonymity in computation, communication, and storage: 13th International Conference, SpaCCS 2020, Nanjing, China, December 18-20, 2020, proceedings (pp. 251-265). Springer. https://doi.org/10.1007/978-3-030-68851-6_18Keywords
- EEG
- Biometric authentication
- Brainwave-based unlock
- Biometric security
- Reaction spoofing attack