I Can See Your Brain: Investigating Home-Use Electroencephalography System Security - Citegraph

Paper Info

Title
I Can See Your Brain: Investigating Home-Use Electroencephalography System Security

Abstract
Health-related Internet of Things (IoT) devices are becoming more popular in recent years. On the one hand, users can access information of their health conditions more conveniently; on the other hand, they are exposed to new security risks. In this paper, we presented, to the best of our knowledge, the <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">first</italic> in-depth security analysis on home-use electroencephalography (EEG) IoT devices. Our key contributions are twofold. First, we reverse-engineered the home-use EEG system framework via which we identified the design and implementation flaws. By exploiting these flaws, we developed two sets of novel easy-to-exploit PoC attacks, which consist of four remote attacks and one proximate attack. In a remote attack, an attacker can steal a user’s brain wave data through a carefully crafted program while in the proximate attack, the attacker can steal a victim’s brain wave data over-the-air without accessing the victim’s device on any sense when he is close to the victim. As a result, all the 156 brain–computer interface (BCI) apps in the NeuroSky App store are vulnerable to the proximate attack. We also discovered that all the 31 free apps in the NeuroSky App store are vulnerable to at least one remote attack. Second, we proposed a novel deep learning model of a joint recurrent convolutional neural network (RCNN) to infer a user’s activities based on the reduced-featured EEG data stolen from the home-use EEG IoT devices, and our evaluation over the real-world EEG data indicates that the inference accuracy of the proposed RCNN is can reach 70.55%.

Year	DOI	Venue
2019	10.1109/JIOT.2019.2910115	IEEE Internet of Things Journal
Keywords	Field	DocType
Electroencephalography,Security,Frequency measurement,Internet of Things,Brain modeling,Distance measurement	App store,Convolutional neural network,Inference,Computer security,Computer science,Internet of Things,Brain–computer interface,Security analysis,Artificial intelligence,Deep learning,Electroencephalography	Journal
Volume	Issue	ISSN
6	4	2327-4662
Citations	PageRank	References
0	0.34	0
Authors
6

Authors (6 rows)

Cited by (0 rows)

References (0 rows)

Name	Order	Citations	PageRank
Yinhao Xiao	1	23	4.41
Yizhen Jia	2	19	2.02
Xiuzhen Cheng	3	22	7.54
Jiguo Yu	4	688	108.74
Zhenkai Liang	5	1486	81.00
Zhi Tian	6	1195	80.41

1