Brain Hemorrhage: When Brainwaves Leak Sensitive Medical Conditions and Personal Information Conference Paper

abstract

• Brain Computer Interfaces (BCI) are rapidly gaining popularity in consumer market. It is therefore important to analyze the security and privacy threats these devices may introduce to their users. In this paper, we explore how malicious access to brainwave signals may surreptitiously reveal users' privacy-sensitive medical conditions and personal information, while they are browsing the web (or interacting with an app). At a conceptual level, we investigate the potential of brainwave signals, captured during a user's normal interactions with visual stimuli (e.g., images and audio-visuals) through a website or computer, in exposing whether the user is suffering from a given medical disorder (e.g., drug abuse or autism) and to which demographics group the user belongs (e.g., young vs. elderly or male vs. female). At an empirical level, as two representative case studies into such conceptual attacks, we present a concrete brainwave privacy attack, (Brain) Hemorrhage¹¹In the context of our work, the term Hemorrhage is an attack against brainwave privacy. Brain Hemorrhage is a type of alcoholic cocktail, and hence the terminology is also intended to capture one of the case studies of our work on Alcohol Use Disorder., focusing on the leakage of Alcohol Usage Disorder (AUD) and users' age group. Hemorrhage is designed using machine learning techniques to identify the users suffering from AUD and age group by analyzing the seemingly innocuous brainwave signals leaked online in response to users' viewing of simple images or watching of videos. Based on the publicly available EEG datasets on AUD and aging, our study shows that Hemorrhage can predict the presence or absence of alcohol usage disorder with the precision of 96% and the presence or absence of aging condition with 94% accuracy. We also analyze, visualize and interpret the differences in the brainwave signals corresponding to AUD and aging, which serves to justify why our attack succeeds. While the use of neuroimaging devices to diagnose medical disorders in clinical settings is a common practice in the medical field, our study constitutes one of the first steps towards exploring the malicious use of brainwave devices in compromising people's health information privacy in an online setting (otherwise protected under the HIPAA law) as well as their age privacy. Given any website can have unfettered, permission-less access to the signals captured by the current BCI devices, we believe that our work raises a serious online health privacy and age privacy issues as these devices get widely deployed.

name of conference

• 2019 17th International Conference on Privacy, Security and Trust (PST)

authors

• Saxena, Nitesh

published proceedings

• 2019 17th International Conference on Privacy, Security and Trust (PST)

altmetric score

• 2

author list (cited authors)

• Neupane, A., Satvat, K., Hosseini, M., & Saxena, N.

citation count

• 1

complete list of authors

• Neupane, Ajaya||Satvat, Kiavash||Hosseini, Mahshid||Saxena, Nitesh

publication date

• January 2019

publisher

• Institute of Electrical and Electronics Engineers (IEEE)  Publisher

published in

• 2019 17th International Conference on Privacy, Security and Trust (PST)  Journal

keywords

• 3 Good Health And Well Being
• Alcoholism, Alcohol Use And Health
• Basic Behavioral And Social Science
• Behavioral And Social Science
• Bioengineering
• Brain Disorders
• Clinical Research
• Mental Health
• Neurosciences
• Substance Abuse

Digital Object Identifier (DOI)

• 10.1109/pst47121.2019.8949062

start page

• 1

end page

• 10

volume

• 00

URL

• http://dx.doi.org/10.1109/pst47121.2019.8949062

user-defined tag

• 3 Good Health and Well-Being