Thinking Unveiled

Abstract

Very few studies have explored linkages between physiological, such as electroencephalograph (EEG), and behavioral patterns, such as wrist movements. These linkages provide us a unique mechanism to predict one set of patterns from other related patterns. Unlike conventional biometrics, EEG biometrics are hard to spoof using standard presentation attack methods, given the intrinsic liveness resulting from the bounded randomness of EEG signals specific to an individual. In this article, we propose a novel attack on the EEG-based authentication systems by investigating and leveraging the strong correlation between hand movements and brain signals captured through the motion sensors on a smartwatch and the wearable EEG headset, respectively. Based on this technique, we can successfully estimate the user’s EEG signals from the stolen hand movement data while the user was typing on the keyboard. Our attack results on the EEG biometric authentication system show an increase in the mean equal error rates of the classifiers by between 180% and 360% based on a dataset of 59 users. In summary, our pilot study calls for a rethinking of EEG-based authentication mechanisms from the perspective of unique vulnerabilities, particularly for multimodal biometric systems involving a variety of wearable or mobile devices.