IEEE Technology and Society Magazine - September 2015 - 49
Types of Attackers
Based on the way attackers analyze recorded neural signals, we distinguish between two types of attackers. The
first type extracts users' private information by hijacking
legitimate components of a BCI system. This attacker
exploits feature extraction and decoding algorithms intended for the legitimate BCI applications to mount attacks.
The second type extracts users' private information
by adding or replacing the legitimate BCI components.
This attacker may implement additional feature extraction and decoding algorithms, and either replace or
supplement the existing BCI components with the additional malicious code.
Example Attack
One simple example of a possible brain spyware attack,
Evoked Response Attack, was recently developed by
our laboratory. It is shown in Figure 2. In this BCI-based
game, a user uses his or her EMG signal, recorded from
the forearm, to control the position of the whale on the
screen. While the user is controlling the whale, different
visual stimuli are presented and the user's responses to
these stimuli are recorded using seven EEG electrodes.
The EEG recordings are analyzed to search for the user's
preferences towards categories such as coffee shop
chains, restaurant chains, financial institutions, sports
leagues, and automobile makes.
Our Solution
For a block diagram of a BCI with the BCI Anonymizer
component, under brain spyware attacks, please refer
to Figure 3 in paper [15], the June issue of this magazine.
The basic idea of this component is to pre-process neural
signals, before they are stored and transmitted, in order
to remove all information except users' specific intents.
Unintended information leakage is prevented by never
transmitting and never storing raw neural signals, or
any signal components that are not explicitly needed for
the purpose of BCI communication and control.
This approach is similar to those taken in the smartdevices industry, where attackers may attempt to access
users' private identifying information (PII), such as users'
location or address book entries. In the smartphone
industry, such attacks on users' privacy are typically
prevented by limiting access to the phone's operating system and users' PII. Neural signals have a similar role as a
users' PII data, in that they contain information beyond
the intended messages.
The BCI Anonymizer is realized in hardware and
software, as a part of a BCI, but not as part of any external network or computational platform. It thus acts as
a secured and trusted subsystem that takes the raw
neural signal and decomposes it to specific components. Upon request, instead of the complete recorded
september 2015
∕
Figure 2. An example of Evoked Response Attack: Subject is
playing Flappy Whale with EMG signals from electrodes on arm
used to move the whale (avoiding barriers on screen), while EEG
signals are simultaneously collected. Subliminal images are also
shown on the screen, to trigger evoked responses. Photo credit:
University of Washington and Matt Hagen.
neural signal, the BCI Anonymizer provides an external
application only with a needed (and allowable) subset of
requested signal components [15].
Principles of Appropriate Use of Exocortex
In determining principles of appropriate use for braincomputer technologies, we begin with an assessment of
the current state of policies and practices governing the
relationship between information and communication
technology and society. This informs our new principles,
because a wide spectrum of mobile information processing technologies exists. BCIs can be considered the
extreme example of cybernetic integration.
Security features for smartphones provide a convenient example. Generally, it is now a standard for
smartphone operating systems to provide granular user
control of access permission to potentially private information. This is done by providing users options to grant
or deny access to specific, atomic resources on the
device (e.g., data storage or sensor stream), and relying
on the user to make choices informed by her knowledge
of the information content of those resources.
This approach to security has failed in several ways.
First, the operating system does not exercise sufficient control over all communication channels to enforce security
policies. A recent example of this is third-party embedded
advertising software broadcasting users' private identifiable information over insecure Internet connections [47].
Second, some implementations do not give users complete
control of resource access at the level of granularity possible. That is, requests for resource access are bundled so
that a user may have to choose between compromising a
resource that exposes private information, and not using
an application at all. For example, the use of location
IEEE TEchnology and SocIETy MagazInE
49
Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - September 2015
IEEE Technology and Society Magazine - September 2015 - Cover1
IEEE Technology and Society Magazine - September 2015 - Cover2
IEEE Technology and Society Magazine - September 2015 - 1
IEEE Technology and Society Magazine - September 2015 - 2
IEEE Technology and Society Magazine - September 2015 - 3
IEEE Technology and Society Magazine - September 2015 - 4
IEEE Technology and Society Magazine - September 2015 - 5
IEEE Technology and Society Magazine - September 2015 - 6
IEEE Technology and Society Magazine - September 2015 - 7
IEEE Technology and Society Magazine - September 2015 - 8
IEEE Technology and Society Magazine - September 2015 - 9
IEEE Technology and Society Magazine - September 2015 - 10
IEEE Technology and Society Magazine - September 2015 - 11
IEEE Technology and Society Magazine - September 2015 - 12
IEEE Technology and Society Magazine - September 2015 - 13
IEEE Technology and Society Magazine - September 2015 - 14
IEEE Technology and Society Magazine - September 2015 - 15
IEEE Technology and Society Magazine - September 2015 - 16
IEEE Technology and Society Magazine - September 2015 - 17
IEEE Technology and Society Magazine - September 2015 - 18
IEEE Technology and Society Magazine - September 2015 - 19
IEEE Technology and Society Magazine - September 2015 - 20
IEEE Technology and Society Magazine - September 2015 - 21
IEEE Technology and Society Magazine - September 2015 - 22
IEEE Technology and Society Magazine - September 2015 - 23
IEEE Technology and Society Magazine - September 2015 - 24
IEEE Technology and Society Magazine - September 2015 - 25
IEEE Technology and Society Magazine - September 2015 - 26
IEEE Technology and Society Magazine - September 2015 - 27
IEEE Technology and Society Magazine - September 2015 - 28
IEEE Technology and Society Magazine - September 2015 - 29
IEEE Technology and Society Magazine - September 2015 - 30
IEEE Technology and Society Magazine - September 2015 - 31
IEEE Technology and Society Magazine - September 2015 - 32
IEEE Technology and Society Magazine - September 2015 - 33
IEEE Technology and Society Magazine - September 2015 - 34
IEEE Technology and Society Magazine - September 2015 - 35
IEEE Technology and Society Magazine - September 2015 - 36
IEEE Technology and Society Magazine - September 2015 - 37
IEEE Technology and Society Magazine - September 2015 - 38
IEEE Technology and Society Magazine - September 2015 - 39
IEEE Technology and Society Magazine - September 2015 - 40
IEEE Technology and Society Magazine - September 2015 - 41
IEEE Technology and Society Magazine - September 2015 - 42
IEEE Technology and Society Magazine - September 2015 - 43
IEEE Technology and Society Magazine - September 2015 - 44
IEEE Technology and Society Magazine - September 2015 - 45
IEEE Technology and Society Magazine - September 2015 - 46
IEEE Technology and Society Magazine - September 2015 - 47
IEEE Technology and Society Magazine - September 2015 - 48
IEEE Technology and Society Magazine - September 2015 - 49
IEEE Technology and Society Magazine - September 2015 - 50
IEEE Technology and Society Magazine - September 2015 - 51
IEEE Technology and Society Magazine - September 2015 - 52
IEEE Technology and Society Magazine - September 2015 - 53
IEEE Technology and Society Magazine - September 2015 - 54
IEEE Technology and Society Magazine - September 2015 - 55
IEEE Technology and Society Magazine - September 2015 - 56
IEEE Technology and Society Magazine - September 2015 - 57
IEEE Technology and Society Magazine - September 2015 - 58
IEEE Technology and Society Magazine - September 2015 - 59
IEEE Technology and Society Magazine - September 2015 - 60
IEEE Technology and Society Magazine - September 2015 - 61
IEEE Technology and Society Magazine - September 2015 - 62
IEEE Technology and Society Magazine - September 2015 - 63
IEEE Technology and Society Magazine - September 2015 - 64
IEEE Technology and Society Magazine - September 2015 - 65
IEEE Technology and Society Magazine - September 2015 - 66
IEEE Technology and Society Magazine - September 2015 - 67
IEEE Technology and Society Magazine - September 2015 - 68
IEEE Technology and Society Magazine - September 2015 - 69
IEEE Technology and Society Magazine - September 2015 - 70
IEEE Technology and Society Magazine - September 2015 - 71
IEEE Technology and Society Magazine - September 2015 - 72
IEEE Technology and Society Magazine - September 2015 - 73
IEEE Technology and Society Magazine - September 2015 - 74
IEEE Technology and Society Magazine - September 2015 - 75
IEEE Technology and Society Magazine - September 2015 - 76
IEEE Technology and Society Magazine - September 2015 - 77
IEEE Technology and Society Magazine - September 2015 - 78
IEEE Technology and Society Magazine - September 2015 - 79
IEEE Technology and Society Magazine - September 2015 - 80
IEEE Technology and Society Magazine - September 2015 - 81
IEEE Technology and Society Magazine - September 2015 - 82
IEEE Technology and Society Magazine - September 2015 - 83
IEEE Technology and Society Magazine - September 2015 - 84
IEEE Technology and Society Magazine - September 2015 - 85
IEEE Technology and Society Magazine - September 2015 - 86
IEEE Technology and Society Magazine - September 2015 - 87
IEEE Technology and Society Magazine - September 2015 - 88
IEEE Technology and Society Magazine - September 2015 - Cover3
IEEE Technology and Society Magazine - September 2015 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2023
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2023
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2023
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2022
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2022
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2022
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2022
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2021
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2021
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2021
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2021
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2020
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2020
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2020
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2020
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2019
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2019
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2019
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2019
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2018
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2018
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2018
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2018
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2017
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2017
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2017
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2017
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2016
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2016
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2016
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2016
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2015
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2015
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2015
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2015
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2014
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2014
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2014
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2014
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2013
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2013
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2013
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2013
https://www.nxtbookmedia.com