Article published by a research team from Huazhong University of Science and Technology demonstrate how brain-computer interface spellers could be interfered by conflicting signals – posing a security concern.
Brain-Computer Interface (BCI) is able to record and decode brain signals to formulate a communication pathway, allowing the direct interaction between humans and the computer through the human brain. It has been used for a wide range of applications in a number of fields, including neuroscience, psychology, clinical rehabilitation, and entertainment.
One of the most common uses of the BCI system is the electroencephalogram (EEG) – based BCI speller. This system enables the user to input text to the computer using EEG signals. Such an application for BCI has been proven useful for disabled patients such as amyotrophic lateral sclerosis patients, who lack effective means of using or communicating through the computer.
The security of this interface remains a concern. To solve this issue, a BCI research team led by Professor Wu Dongrui from Huazhong University of Science and Technology (HUST) recently released an article, published in the Beijing-based National Science Review showing how opposing signals can disrupt the output of BCI spellers – demonstrating a potential critical security loop-hole in EEG-based BCIs.
“This article shows for the first time that one can generate tiny adversarial EEG perturbation templates for target attacks for both P300 and SSVEP spellers, i.e., mislead the classification to any character the attacker wants, regardless of what the user intended character to be. The consequence could range from merely user frustration to severe misdiagnosis in clinical applications.” The authors stated in their article entitled, “Tiny noise, big mistakes: adversarial perturbations induce errors in Brain-Computer Interface spellers”.
The authors added that the more pressing issue is that, “these perturbation templates are so tiny that one can barely distinguish the adversarial EEG trial from the original EEG trial. When drawn together, the signals look almost completely overlapping.”
“The adversarial perturbation templates can even stay imperceptible to some widely-used approaches for evaluating the quality of EEG signals.”
The authors further emphasized that, “The spellers’ ability to defend adversarial perturbation templates is totally different from their robustness to random noise. Even the BCI spellers which show excellent performance against random noise can be manipulated by these deliberately-designed perturbation templates with a high successful rate.”
These security concerns highlighted by the authors were by no means specific to those EEG-based BCIs, but also other applications of BCI systems.
Professor Wu shared, “It should be noted that the goal of this study is not to damage EEG-based BCIs. Instead, we aim to demonstrate that serious adversarial attacks to EEG-based BCIs are possible, and hence expose a critical security concern, which has received little attention before. Our further research will focus on addressing this security issue and making BCI systems safer.” [APBN]