All ETDs from UAB

Advisory Committee Chair

Nitesh Saxena

Advisory Committee Members

Chengcui Zhang

Rajesh Kana

Sidharth Kumar

Document Type

Dissertation

Date of Award

2022

Degree Name by School

Doctor of Philosophy (PhD) College of Arts and Sciences

Abstract

Brain-computer interfaces, such as consumer-grade EEG headsets, are getting popularity in gaming and entertainment industries, and among people with certain disabilities. However, the increasing popularity of EEG headsets creates significant privacy risks. Silently conversing with the computing system is now possible using neuromuscular signals, for instance, untold digit recognition with higher accuracy is possible, which can inadvertently retrieve PIN or password merely from brainwave signals. These applications can reveal much more private information than their designated benign purpose, for instance, while detecting the job performance of a worker, sensitive information like Parkinson’s disease, epilepsy, substance abuse disorder or heart disease, can be revealed from the brainwave signals. The consequences of these privacy leakages may be potentially devastating, such as, tracking users for intrusive targeted advertisements and targeted attacks against users. In this dissertation, we investigate the vulnerabilities of consumer-grade EEG headsets that an attacker can exploit to learn private sensitive information about the user (e.g., PINs, passwords, health conditions, identity, media/news interests such as interests on political facts, personal interests). To explore the privacy threats of consumer-grade EEG deployments, we design and develop several threat scenarios and investigate how much private sensitive information can be retrieved with minimal effort. We specifically focus on three vulnerable EEG deployments: visual applications (e.g., attention monitoring and visual games), speech-based applications (e.g., speech verification and speech-listening tasks for training purposes) and body posture-based application (e.g., 3D games and virtual reality), and design and validate visual task centric threats, speech centric threats and body posture centric threats using consumer-grade EEG headsets. We also explore possible defense mechanism to mitigate the studied attacks. To be specific, this dissertation work comprises three most vulnerable EEG deployments: visual application (e.g., attention monitoring, visual games), speech-based application (e.g., speech verification, speech-listening task for training) and body posture-based application (e.g., 3D games). To investigate Visual Task Centric threats, we design, develop, and validate News Reader and Warning Sniffer which involve visual task on the computing system to infer information and learn about users’ reading interests and OS vulnerability respectively by analyzing neural patterns. Next, we introduce two Speech Centric BCI threats which can learn information from spoken and listened speech. The Speech-Info Listener attack can learn spoken and listened digits, speaker’s gender, and identity by analyzing brainwaves. Another attack Media Listenerwhich can learn about the wearer’s media interest level from brainwaves. Lastly, we present two BCI threats related to human body postures. Our first Posture Centric threat is Identification Stealer which can infer a person’s identity from neural pattern related to standing and walking patterns. We introduce our second Posture Centric threat, Disease Detector is able to detect the presence of epilepsy disease from some daily life body movements with reasonable accuracy. Both of these attacks are practically possible to launch by EEG mounted AR/VR headset in a 3D gaming session and learn about the gamer’s health condition (e.g., epileptic patient/healthy individual), identity of users (e.g., gender). Finally, we provide a brief exploration of potential defense techniques to mitigate these attacks and to protect users’ private information from being exposed to the unauthorized malicious parties. We believe our work serves as a foundation for building more secure and privacy-preserving brainwave applications in the near future.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.