17

Mind Your Mind: EEG-Based Brain-Computer Interfaces and

Their Security in Cyber Space

OFIR LANDAU, Malware Lab at the Cyber Security Research Center and Department of Software and
Information Systems Engineering, Ben-Gurion University of the Negev, Israel
RAMI PUZIS, Department of Software and Information Systems Engineering, Ben-Gurion University of
the Negev, Israel
NIR NISSIM, Malware Lab at the Cyber Security Research Center and Department of Industrial
Engineering and Management, Ben-Gurion University of the Negev, Israel

A brain-computer interface (BCI) system is a system that leverages brainwave information acquired by a
designated brain monitoring device to interact with a computerized system. Over the past 40 years, many
BCI applications have been developed in a variety of domains, from entertainment to medical field and even
to computer security mechanisms. Until now, the development of BCI systems has focused on improving their
accuracy, functionality, and ease of use, and not enough effort and attention has been invested in securing
these systems and the sensitive data they acquire. In this article, we present the principles of brain activity
data acquisition, with a special focus on EEG, and we present a taxonomy of BCI applications and domains.
We also provide a comprehensive survey that covers eight possible attacks aimed at BCI systems. For each BCI
application, we created an ecosystem and data and attack flow-diagram, which comprehensively describes the
roles and interactions of the players associated with the BCI application and presents the most vulnerable
vectors and components within its ecosystem; we identified gaps between existing security solutions and
the presented attacks and vulnerabilities. Finally, we provide several concrete suggestions for improving the
security of BCI systems in cyber-space.
CCS Concepts: • Security and privacy → Human and societal aspects of security and privacy;
Additional Key Words and Phrases: Brain-computer interface, EEG, security, attack, detection, privacy, cyber
space
ACM Reference format:
Ofir Landau, Rami Puzis, and Nir Nissim. 2020. Mind Your Mind: EEG-Based Brain-Computer Interfaces and
Their Security in Cyber Space. ACM Comput. Surv. 53, 1, Article 17 (February 2020), 38 pages.
http://dx.doi.org/10.1145/3372043

Author’s address: O. Landau, Malware Lab, Cyber Security Research Center, Ben-Gurion University of the Negev, Beer-
Sheva, Israel and Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev,
Beer-Sheva, Israel; email: [email protected]; R. Puzis, Department of Software and Information Systems Engineering,
Ben-Gurion and University of the Negev, Beer-Sheva, Israel; email: [email protected]; N. Nissim, Malware Lab, Cyber Security
Research Center, Ben-Gurion University of the Negev, Beer-Sheva, Israel and Department of Industrial Engineering and
Management, Ben-Gurion University of the Negev, Beer-Sheva, Israel; email: [email protected].
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee
provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and
the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored.
Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires
prior specific permission and/or a fee. Request permissions from [email protected].
© 2020 Association for Computing Machinery.
0360-0300/2020/02-ART17 $15.00
http://dx.doi.org/10.1145/3372043

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:2 O. Landau et al.

1 INTRODUCTION
According to [Wolpaw et al. 2000], brain-computer interface (BCI) and brain-machine interface
(BMI) systems are systems that “give their users communication and control channels that do not
depend on the brain’s normal output channels of peripheral nerves and muscles.” BCIs use a brain
monitoring device to record and analyze the brain’s activity and translate it to the requested out-
put. To the best of our knowledge, BCI research began in 1973 at the University of California
[Vidal 1973], where researchers described a series of experiments that were meant to prove that
direct brain-computer communication is possible. Since then, researchers in academia and indus-
try have invested significant effort to turn this hypothesis into a promising new technology, and
progress in both supporting technologies (computational neuroscience and computer processing)
and our understanding of the cortical map has led to improvements in BCI and a wide range of
BCI applications [Kotchetkov et al. 2010].
According to Tiwary et al. [2018], and as can be seen in Figure 1, the BCI field has grown tremen-
dously over the past few years. In Figure 1, we see the steady increase in the number of publica-
tions regarding BCI. As a relatively new domain, BCI raises some issues that have never been
encountered before that must be addressed before these kind of systems can become more heavily
adopted. For example, according to Greenberg [2019], the data that is collected using BCIs is ex-
tremely private and can reflects the user’s cognition, mental and physical health, and much more.
Furthermore, current privacy-related policies leave gaps in the protection of this data, and such
policies need to be updated to encompass this domain [Greenberg 2019]. In our study, we aim to
help security and software experts smoothly enter the world of BCI and understand its ecosystems
and the vulnerabilities and attacks associated with them. The scope of our study covers research
areas or applications that involve EEG recordings, since EEG (electroencephalography) is the most
widely used form of brain activity acquisition among individuals, where abuse of the procedures or
the data of the BCI systems can directly impact the person whose EEG was recorded. For example,
neurogaming will be included in this survey, because in this case, the recording has a direct impact
on one’s gaming experience, and the data might be saved with an association to the gamer’s profile;
moreover, such recordings can be maliciously used later to breach a gamer’s privacy and security.
Although previous studies have discussed some of the security risks associated with BCI [Bonaci
et al. 2014; Li 2015; Ienca and Haselager 2016; Umair, Ashfaq, and Khan 2017], they presented
somewhat limited coverage and a narrow approach. For example, Umair, Ashfaq, and Khan [2017]
focused mainly on current BCI trends and the challenges this domain will face in the future, only
briefly addressing security issues. In Ienca and Haselager [2016], the researchers provided a broad
review of the security breaches this domain suffers from but didn’t mention current defense mech-
anisms. Furthermore, none of the abovementioned studies provided a comprehensive review of the
brain, how its unique structure facilitates the development of BCI systems, and how these systems
work. Thus, a comprehensive survey that covers the entire domain is currently lacking. The con-
tributions of this article are as follows:
1. We present a taxonomy of the existing brain activity acquisition methods and provide an
explanation and comparison of these methods. We found the EEG to be the most advanta-
geous method in terms of practical use and accuracy and therefore provide a more detailed
explanation of the different types of brain activity and approaches to analyzing EEG data.
2. We present a taxonomy and explanations of the current trends in BCI systems based on
EEG and its domains.
3. We present an attack and data flow diagram and describe a BCI ecosystem for each BCI, and
in so doing, identify the weak links and components that are vulnerable to cyber attacks.
4. We covered eight different cyber attacks aimed at BCI systems, discussing their impact and
possible consequences.
ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:3

Fig. 1. The number of BCI publications per year (x–year, y–number of publications/citations) (used with the
permission of SciCurve).

5. We suggest practical avenues of cyber security enhancement for BCI systems, including
some existing solutions.

2 BACKGROUND
Some preliminary background information must be provided before we can move on to the core
contribution of our study, the security of BCI. In this section, we describe basic concepts regarding
BCI, providing the necessary background to better understand the domain and our contribution.
We start by presenting a taxonomy of the different acquisition methods used to acquire brain
activity, including their advantages and disadvantages. Last, we discuss the brainwaves that can
be acquired using some of the different neuronal acquisition methods and the characteristics of
each type of brainwave.

2.1 General Structure and Areas of the Brain

The main organ of the human nervous system, the brain is divided into three major parts: the
cerebrum, brainstem, and cerebellum.1 Each of these parts has a different structure and is respon-
sible for specific essential brain functions. Understanding the role of each part is important for the
acquisition of the relevant neural activity for each type of brain stimuli, such as visual, movement,
emotions, and so on.
2.1.1 The Cerebrum. The cerebrum [Arnould-Taylor 1998], which consists of two hemispheres,
is the largest part of the brain. The cerebrum is further divided into different lobes, each of which
contains areas associated with different functions of the brain. Table 1 summarizes the roles each
lobe is responsible for and lists previous studies [Squire and Zola-Morgan 1991; Chayer and Freed-
man 2001; Fogassi et al. 2005; Buckner 2013; Jiang et al. 2016] that describe these roles. In general,

1 https://en.wikipedia.org/wiki/Human_brain.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:4 O. Landau et al.

Table 1. The Different Lobes of the Cerebrum and Their Roles

Lobe Roles
Frontal [Chayer and Freedman 2001] Language, attention, movement, self-awareness,
mood, personality
Temporal [Squire and Zola-Morgan 1991] Audio processing, new memories
Parietal [Fogassi et al. 2005] Spatial sense, inferring intentions of others
Occipital [Jiang et al. 2016] Visual memory
Limbic [Graybiel et al. 1994] [Gloor and Olfaction
Guberman 1997]

Fig. 2. A taxonomy tree for devices that capture brain activity, based on activity type. PET is marked with a
negative sign (-), because we chose not to discuss it further, due to its lack of relevancy.

the cerebrum is responsible for the senses, memory, reasoning, moral sense, learning, communi-
cation, and movement.
2.1.2 The Cerebellum. Much smaller than the cerebrum, the cerebellum is located underneath
and behind it. A recent study [Schmahmann 2019] mentioned that the cerebellum is involved in
emotion processing, cognition, and movement.
2.1.3 The Brainstem. The brainstem plays a major role in the development of comas following
head injury [Smith et al. 2000], thus damage to the brainstem can be life threatening.

2.2 Neural Activity Acquisition Methods

There are many different methods for capturing human brain activity, and they are collectively
referred to as neuroimaging; these methods are primarily used in the medical field. Brief explana-
tions of the major neuroimaging methods are presented later in this section (see Figure 2, which
summarizes these methods and Table 2 for a comparison of them). The green section lists the
natural phenomenon on which the method is based, while the yellow section lists the methods,
associating them with the relevant phenomena. The numbers in parentheses correspond to the
subsections where we discuss the methods. The explanation of each method will help the reader
ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:5

Table 2. A Comparison of Different Methods of Capturing Brain Activity Data

Requires surgical Comfort Price (1 – most expensive,

Method Based on
procedure (Y/N) (L/M/H) 5 – cheapest)
MEG Magnetic fields N L 2
fMRI Blood flow N L 1
ECoG Electrical signals Y L 3
fNIRS Blood flow N M 4
L 5
EEG Electrical signals N M 4
H 5

better understand the methods’ pros and cons, in terms of their accuracy, usability, popularity, and
connection to cyber security.
2.2.1 MEG—Magnetoencephalography. Magnetoencephalography (MEG) is a noninvasive
technique for investigating neural activity in the human brain. MEG maps brain activity by record-
ing magnetic fields created by electrical currents occurring in the brain while processing informa-
tion. The magnetic field created is relatively weak, and therefore MEG uses a sensitive magne-
tometer called a SQUID [Hamalainen et al. 1993]; the SQUIDs are placed on the scalp to measure
the activity of the neurons (mainly the ones that are closer to the magnetometer itself).
2.2.2 fMRI—Functional Magnetic Resonance Imaging. Functional magnetic resonance imaging
(fMRI) is a technique used to investigate brain activity by monitoring blood flow in the brain. This
method relies on the fact that neural activity affects the brain’s blood flow. In particular, neurons
that process information create electrical activity and a magnetic field and therefore require more
energy to fulfill their task [Nikos K. 2008]. To create energy, the cell needs both oxygen and glucose.
The oxygen is carried by red blood cells. Active neurons need more oxygen and glucose compared
to inactive ones, and that leads to increased blood flow to and from active neurons. This principle
is referred to as BOLD (blood-oxygenation-level-dependency). fMRI devices rely on the fact that
the hemoglobin of a blood cell that carries oxygen tends to be more robust to external magnetic
fields compared to the hemoglobin of a blood cell that does not carry oxygen [Gore 2003].
2.2.3 fNIRS—Functional Near-Infrared Spectroscopy. Functional near-infrared spectroscopy
(fNIRS) is another technique for monitoring brain activity using blood flow. Like fMRI, this method
is also based on BOLD but uses a different technique to capture the data. fNIRS is based on the
relative transparency of human tissue to near-infrared light (NIR). NIR light is largely dissolved
in human tissue, however pigmented compounds absorb some of it, which causes a certain atten-
uation of NIR light, and this attenuation is captured using the fNIRS device’s sensors [Ferrari and
Quaresima 2012].
Hemoglobin has a distinctive absorption spectrum based on its oxygenation levels and causes
high attenuation of NIR light. Therefore, the sensors of the fNIRS device that monitor this high
attenuation will detect the red blood cells transmitting oxygen to the more active neurons (similar
to the method used in fMRI). The fNIRS device is composed of a headset with a light source and
sensors. The light source projects NIR light directly onto the scalp, and the light travels through
the skull and brain. Most of the light is deflected, but some of it resurfaces. The photons of the
resurfaced light are captured by the sensors in the headset. The recordings are used to present a
dynamic picture of the brain [Kassab et al. 2015].
One of the many applications that is being investigated is neural injury rehabilitation [Naseer
and Hong 2015]. Currently, fNIRS is mainly used as a BCI control signal and brain imaging
ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:6 O. Landau et al.

method. fNIRS provides faster results than fMRI or MRI, but it is still relatively slow. However,
its noninvasiveness, as well as its mobility, means that fNIRS will likely play a role in the future
of BCIs.
2.2.4 ECoG—Electrocorticography. Electocorticography (ECoG) is a technique used to measure
electrical activity, in which electrodes are placed directly on the cerebral cortex. This method has
some advantages over other methods that use electrical activity, such as EEG, due to the electrodes’
placement. Since the distance between the neurons and the electrodes in ECoG is shorter than in
EEG, it allows for more accurate identification of neural activity [Buzsáki, Anastassiou and Koch
2012]. Furthermore, sensors are affected by noise, which decreases the reliability of the data; since
ECoG’s electrodes obtain the information directly from the brain’s surface, the noise caused by
the scalp and hair is irrelevant, and the data is more accurate than in EEG [Buzsáki, Anastassiou
and Koch 2012], which makes it preferable when accuracy is a priority.
2.2.5 EEG—Electroencephalography. Brainwaves are trackable thanks to techniques, such as
electroencephalography (EEG), which enable monitoring the electrical activity of the brain [Vogel
1970]. EEG uses electrodes that are attached to specific areas of the scalp (depending on the type
of information required), as can be seen in Figure 3(a). An example of EEG output is shown in
Figure 3(c). Its noninvasiveness, low cost, and relatively comfortable use make EEG one of the
most popular methods for tracking neural activity in the brain. The two main uses of EEG are in
the medical domain and research [Vogel et al. 1979]. In the medical field, EEG is used to confirm
or reject various conditions, including sleep disorders, head injuries, memory problems, epilepsy,
brain tumors, and so on (e.g., EEG’s use in identifying Angelman syndrome [Boyd, Harden, and A.
1988]). In the research field, it is used to map locations of the brain and associate them with different
activities and bodily states (reading, sleep, awareness, and more), as well as a signal control for
BCI (Figure 3(b) presents an example of a modern Emotiv2 EEG device). There are currently many
different types of EEG devices available. Some, like the one in Figure 3(b), are relatively cheap
and comfortable, but less accurate; such devices have become more popular as part of consumer-
level systems in domains like entertainment. Other more “traditional” devices (like the one in
Figure 3(d)) require the use of a cap and designated gel, which allows easier placement of electrodes
and better data acquisition ability; such systems are less comfortable, less portable/mobile, and
more accurate. Other devices, like DSI 24,3 allow more comfortable use compared to the less mobile
systems but are more accurate than others; they are, however, significantly more expensive. In
addition, EEG can also be used independently by users, another reason for both its popularity and
the need to secure it over other brainwave acquisition methods.
As can be seen by the background presented thus far in this section, there are various techniques
used to monitor and assess the human brain, which are based on different principles. Many of
the techniques listed are used in research and the development of BCIs. While it is difficult to
quantify each method’s accuracy because of the large variety of devices available for each method,
as well as the different brain activities monitored, we can confidently claim that ECoG is more
accurate than EEG, because the electrodes are placed much closer to the brain. In addition, we
can say that methods that are based on electrical signals reveal changes in the brain faster than
methods that are based on blood flow, because blood flow is slower. Note that EEG seems to be the
most suitable method by which brainwaves can be easily acquired, analyzed, and studied for the
following reasons: EEG headsets are relatively affordable and comfortable for the user, and they
don’t require a surgical procedure; these reasons make EEG an increasingly accepted technology

2 https://www.emotiv.com/insight/.
3 http://wearablesensing.com/products/dsi-24.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:7

Fig. 3. The standard 10–20 electrode placement areas4 (a), emotiv insight (b), the output of an EEG scan (c),
and “traditional” EEG headset (d).

and the best candidate for more widespread use among individuals. Therefore, we suggest that
more effort should be made in securing EEG BCI applications and devices for the benefit and
security of their many potential users.

2.3 Different Types of Brainwaves

The first attempt at researching electrical activity of the brain took place in 1875, when Caton
conducted an experiment using a galvanometer to visualize electrical impulses in animals’ brains
[Caton 1875]. Later, in 1929, Berger reported on the first human EEG recording, which he made in
1924 [Berger 1929]. Using the terms “Alpha and Beta waves,” Hans defined the term “brain waves,”
which we discuss in this section. In measurements conducted with electrical devices for capturing
neural activity, including EEG and ECoG, some typical patterns have been identified when the
brain is active in the context of different tasks and behaviors performed by an individual. Some-
times (mainly when the person is relaxed with their eyes closed) those patterns form wave shapes
that are sinusoidal—also known as previously mentioned brainwaves or brain rhythms. In such
cases, the brain state may lead to the dominance of certain frequencies. These patterns, or waves,
have been categorized into different groups, based on their frequencies [Teplan 2002]. An example
of a brain electrical scan can be found in Figure 4 where the image shows the more active parts of
the brain in red for different waves (clockwise starting from top left: Delta, Theta, Beta, and Alpha).
A brief description of the different types of brainwaves is provided below; research performed
focusing on these attributes (i.e., brainwave types) is also presented.
There are different partitions of the frequency spectrum, and the most general one, which
contains the least number of wave types, can be seen in Table 3. An example of an alternative

4 https://commons.wikimedia.org/wiki/File:21_electrodes_of_International_10-20_system_for_EEG.svg.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:8 O. Landau et al.

Fig. 4. Brain electrical activity by wave type [Delorme and Makeig 2004].

Table 3. A Summary of the Main Wave Types and Their Properties

Type Frequency (Hz) State in which it occurs Associated with

Delta 1.5–4 Dreamless sleep NREM sleep
Theta 4–8 Sleep or meditation REM, memory processing
Alpha Type 1 8–10.5 Relaxed wakefulness, Learning, calmness
Type 2 10.5–13 eyes closed
Beta Type 1 13–18.5 Waking consciousness Physical activity, awareness of
Type 2 18.5–21 the outside world, problem
Type 3 21–30 solving
Gamma 30+ Excitement —

partition is available in Knyazev [2012], where the upper bound of Delta waves is 3.5 Hz and
[Tatum et al. 2013] where the authors defined Lambda waves. A short explanation of each type
and its properties, relation to the subject’s behavior, and uniqueness is included in the table and
the subsections that follow.
2.3.1 Delta. The Delta wave is a brainwave with a low frequency ranging from 1.5 to 4 Hz. The
amplitude of Delta rhythms is expressed by pyramid shaped voltage differences. Studies using dif-
ferent devices (PET [Dang-vu et al. 2005], EEG [Amzica and Steriade 1998]) have been conducted
to discover the relation of this wave and the corresponding brain state, and there is a broad con-
sensus that Delta waves appear mainly during non-rapid eye movement (NREM) sleep. Most of
the studies conducted on Delta rhythms were performed to identify when they occur and what
can be inferred from them. Delta waves in NREM sleep also reflect neural plasticity (the ability of
neurons to alter their form and function in response to environmental changes). An example of the
use of Delta waves in research is a study conducted by Adrian et al [Pótári et al. 2017], who used
Delta wave recordings to assess sleep duration, sleep quality, and other parameters of age-related
changes in sleep. In this study, the researchers showed that highly intelligent individuals are less
affected by the sleep-related effects of aging. This potentially means that they are less at risk for
age-related cognitive deficits.
2.3.2 Theta. Theta waves are brainwaves with a frequency between 4 and 8 Hz [Schacter
1977]. Theta waves occur mainly in the hippocampus, a part of the brain that lies in the temporal
lobe and is a part of the system responsible for short and long-term memory processing [Squire
1992]. Therefore, many studies of the hippocampus base their insights on Theta wave activity
[Patel, Fujisawa and Bere 2012; Colgin 2013; Zhang and Jacobs 2015]. Past studies indicate
that Theta waves occur primarily during rapid eye movement (REM) sleep [Colgin 2013]. The
hippocampus is active when a person is dreaming, which is considered to be a part of processing
the past day’s memories and experiences [Hobson 1988; Steck and Steck 2016]. Dreaming is

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:9

thought to be associated with creativity, but no real connection has yet been found, as stated by
Holly [2017]. Furthermore, Theta waves are also associated with the learning process. Zhongqing
et al. [Jiang et al. 2017] investigated the connection between Theta activity and behaviors that
differentiate facilitation and interference effects of emotional content on cognitive performance.
2.3.3 Alpha. The most well-known and most studied wave type is the Alpha wave. The fre-
quency of Alpha waves can be anywhere from 8Hz to 13Hz, and they can be categorized into two
subtypes: Alpha-1, with a frequency of 8 to 10.5 Hz and Alpha-2 with a frequency of 10.5 to 13 Hz.
The Alpha rhythm can best be monitored in the parietal and occipital lobes. Usually, when people
close their eyes, their wave pattern changes from Beta to Alpha Teplan [Teplan 2002]. Alpha waves
are most dominant during a relaxed state with closed eyes, in which the subject does not move or
think of anything in particular. However, Alpha waves may occur also when one’s eyes are open
and the “mind is active,” although this is less common among adults. Research in various fields
(from neuroscience to psychology) use Alpha waves as a parameter of neural activity [Klimesch
1999; Tsaytler et al. 2011]. An example of the potential application of Alpha wave monitoring is a
drowsiness detection system for drivers [Kartsch and Benatti 2017]; drowsiness detection may de-
crease the number of car accidents related to drivers’ concentration and wakefulness. Studies are
also being conducted to determine whether there are connections between an individual’s Alpha
rhythm activity and intelligence, and their cognitive and memory performance [Klimesch 1999;
Aris Lias and Taib 2010]. Other studies have been conducted to learn whether music/audio can
elicit Alpha waves, since they occur in a relaxed meditative state [Wu Li and Yao 2009].
2.3.4 Beta. Beta waves are the most dominant wave pattern seen over the course of a human’s
day [Pfurtscheller 1979]. Their frequency can be anywhere between 13 and 30 Hz, with a division
into three subtypes: Beta-1, with a frequency of 13 to 18.5 Hz; Beta-2, with a frequency of 18.5
to 21 Hz; and Beta-3, with a frequency of 21 to 30 Hz. Beta waves are associated with waking
consciousness, meaning that they can occur when a person is performing his/her daily routine,
whether he/she is moving or simply sitting with his/her eyes open. Since this rhythm is domi-
nant in most cognitive and physical tasks, there is no specific lobe in which Beta waves are more
commonly seen [Qiu et al. 2016]. For example, during movement, Beta waves can be monitored in
the motor cortex (a part of the frontal lobe) [Buschman 2011]. Most of today’s BCI development
is conducted using Beta rhythm frequencies, since, as mentioned, they are the most common ones
seen during waking consciousness.
2.3.5 Gamma. Of the five main wave patterns (along with Delta, Theta, Alpha, and Beta),
Gamma rhythms are the least studied due to their high frequency (30 to 40 or 80 Hz, depend-
ing on the frequency partition, as mentioned earlier). Researchers have not reached a consensus
regarding the circumstances under which Gamma waves may appear, but several hypotheses have
been investigated [Whittington et al. 2010]. Some think Gamma rhythms appear when an individ-
ual is excited or aroused [Hughes 2008]. As for possible applications, recent studies in the cyber
security domain have used Gamma rhythms for user authentication [Thomas and Vinod 2018].
2.3.6 Other Waves. There are several other wave patterns to consider when discussing brain-
waves. Epsilon [Drinkenburg 2015] and Lambda waves [Tatum et al. 2013] have extremely low
and extremely high frequencies, respectively. Both Epsilon and Lambda rhythms remain largely
unstudied, because today’s devices cannot accurately acquire them. Another reason might be the
rarity of those patterns, making them hard to investigate. Another type of brainwave are Mu waves.
Mu waves have a frequency ranging from 9Hz to 13Hz, similar to Alpha waves. As mentioned be-
fore, Alpha waves occur in the parietal and occipital lobes. In contrast, Mu waves appear in the
sensorimotor areas in the frontal lobe. As studied by Pfurtscheller et al. [2006], Mu waves are

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:10 O. Landau et al.

associated with imagining movements. It has been suggested that Mu waves occur when an indi-
vidual’s sensory cortical area has passed into an “idling” state; when not in this state, the regular
Beta waves occur. Mu rhythms are being investigated by researchers in different fields; an exam-
ple of such research involves the use of the signals recorded by EEG for encryption [Rajendra and
Rajneesh 2011], due to the fact that Mu wave frequency can be monitored and Mu waves occur
when one is relaxed, which is an easy state achieve.

2.4 EEG Analysis

In this section, we present the two main approaches used for the analysis of EEG data; these
approaches define when and how the data should be analyzed.

2.4.1 Event-related Potential Based Technique. In short, event-related potentials (ERPs) are neu-
ral activities that occur as results of stimuli. Many of the brain-computer interfaces discussed in
upcoming sections base their input on ERP to process neural activity at the relevant time rather
than monitoring it continuously. In general, ERPs are used to study neural activities as a response
to various stimuli, both physical and mental, and are investigated in many different research fields.
ERPs are electrical potentials generated by the neurons in the brain that are related to internal
or external events (e.g., stimuli, responses, decisions) [Luck 2012]. ERPs can be divided into two
main categories: exogenous and endogenous. Exogenous ERPs are also called sensory ERPs, be-
cause they are not related to or affected by cognitive processing. Sensory ERPs have low latency
compared to endogenous ERPs, and they depend on the physical features of the stimuli and not on
the subject’s consciousness. However, endogenous ERPs are characterized by high latency, which
occurs because the brain processes the stimuli, and therefore these ERPs are also called cognitive
ERPs. Different ERP components have been defined based on their amplitude, the average amount
of time between the stimuli and the neural response, and whether the deflection is positive or neg-
ative. ERPs can be further categorized based on the causal event (e.g., hearing a sound, identifying
objects or people, object counting, reading grammatically incorrect sentences, etc.). ERPs can be
categorized as follows (note that some ERP components might fall into multiple categories):
• Language-related components—Some ERP components, N400 being the most well-known of
them, are related to language comprehension. The N400 component reaches peak amplitude
on the negative spectrum (voltage < 0) about 400 ms after a stimuli has been detected. The
N400 can typically be observed when encountering words that are unrelated in any way to
the preceding words or sentences presented (whether the presentation of the words is visual
or auditory). For example, if a sentence is presented, word by word, then we will witness
a higher N400 amplitude (when considering its absolute value) when the last word of the
sentence is unrelated to the rest of sentence, compared to a situation when this is not the
case (e.g., “He likes to play video games,” and “He likes to play video giraffe.”) [Luck 2012].
Another example is the P600 component (occurring about 600 ms after a stimuli has been
detected, with a peak amplitude on the positive spectrum (voltage > 0)). The P600 can be
seen when the subject detects syntactic anomalies. For example, reading the sentence “Nice
to knowing you” will cause a higher P600 amplitude, compared to “Nice to know you” [Luck
2012].
• Memory-related components—Several ERP components have been identified as related to
memory. These components are visible using the old/new effect, which occurs when a per-
son performs a mental task more than once. The task can be performed again after a couple
of hours/days/weeks depending on the type of memory (long or short-term) and ERP com-
ponent designated for testing. Each time a person reacts to the same stimuli, similar ERP
components will be visible. In addition, if the person has already reacted to this stimuli in
ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:11

the past, then components related to memory will also appear, since the subject will re-
member they were exposed to this stimuli in the past [Herzmann and Sommer 2007]. The
difference between the first and second stimuli response is called the difference due to mem-
ory effect [Dm effect]. In most cases, the Dm effect will be expressed with dominant P400
and P600 components [Luck 2012]. Memory-related ERP components are a source of the
weakness associated with using ERP to investigate neural activity. A stimulus that requires
deceiving the subject or surprising him/her will be problematic, because the scenario must
be repeated several times to obtain an acceptable median of the component’s latency and
amplitude. Also note that the Dm effect contains several memory-related components and
cannot be related to as a single ERP.
• Emotion-related components—Many ERP components’ amplitudes, including the P300,
N400, N170, and N200 amplitudes can be increased using emotional stimuli, such as a happy
face, instead of neutral stimuli, such as a landscape. Research performed regarding these
kind of ERPs must consider the fact that emotions are subjective, and therefore, each sub-
ject may react different to a stimulus [Luck 2012]. Some emotional responses can become
less noticeable after using the same stimuli more than once (similar to memory-related com-
ponents), another issue that needs to be taken into consideration. Prior research in which
changes in the P300 component were shown to be correlated to the level of personal im-
portance of items in a version of Concealed Information Test (CIT) provided an example
regarding the usability of emotion-related components [Lukács et al. 2019].
• Response-related components—When a subject reacts to a movement (motor) response and
not to a stimuli, a response-related component of ERP can be visible, usually in the motor
cortex [Luck 2012]. This component reflects the cognitive process that led up to this re-
sponse. This component also occurs when challenging subjects to respond rapidly to stim-
uli (e.g., showing different pictures to the subject and asking him/her to respond only when
a specific picture occurs) [Luck 2012]. When quick responses to stimuli are required, the
actual response to the stimuli itself needs to be taken into account as well. The difference
between the total voltage and the voltage related to the stimuli (i.e., the response-related
component) is called the lateralized readiness response (LRP).5 The LRP has mainly been
used to study the processes that are involved in selecting the appropriate response to an
imperative stimulus.
Phenomena similar to ERPs that can be associated with any of the categories mentioned above are
evoked potentials (EPs), which encompass visually evoked potentials (VEPs) and auditory evoked
potentials (AEPs). AEPs are produced by auditory stimuli [Plourde 2006]. VEPs result when pre-
sented with any type of visual stimuli (image, person, etc.); a subtype of VEP, the steady state VEP
(SSVEP) is a brainwave feature commonly used in brain-computer interfaces to detect the user’s
choices. An example of such use is provided in Lui et al. [2018], where it was shown that SSVEP
can be used to reveal people’s recognition of faces by using images of familiar and unfamiliar faces.
Other EP subgroups are discussed in Chiappa [1997].
2.4.2 Resting State Based Technique. A resting state EEG recording is a recording obtained
when using a device to monitor someone’s brain when he/she is not reacting to any kind of stimuli,
and it is usually acquired when the subject is not moving or thinking of anything in particular.
The value of resting state data for research is still unclear. An example of its worth was presented
when researchers obtained resting state EEG data of 84 healthy subjects to evaluate its correlation

5 https://books.google.co.il/books?hl=iw&lr=&id=p_sTDAAAQBAJ&oi=fnd&pg=PA209&dq=lateralized+readiness+

potential&ots=4yh8lCDS81&sig=HgkISVbTNNmS-nSLsSY7RbDGias&redir_esc=y#v=onepage&q=lateralized%
20readiness%20potential&f=false.
ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:12 O. Landau et al.

Fig. 5. A taxonomy of the domains within the scope of this survey.

with dissociation (i.e., the tendency to be immersed in a stimulus); the level of dissociative
absorption was determined using a known questionnaire. Then, resting state EEG data was
acquired from the subjects. The results showed that a correlation between the two [Soffer-Dudek
et al. 2019].
However, the correlation between the performance of the subjects in executive function (EF)
tasks and their resting state EEG signals was measured, and the results obtained were different.
Executive function is defined as “the ability to organize, monitor and regulate lower-level cognitive
processes” [Gordon et al. 2018]. Classifying the participants as good or bad at EF was done using a
series of tests with objective results. The results showed no monotonic correlation between resting
state EEG and EF [Gordon et al. 2018].

3 TAXONOMY OF BCI APPLICATIONS AND DOMAINS

Thus far, brain monitoring has largely been used for medical purposes, for example, in disease
diagnosis. However, advances in technology related to monitoring brainwaves have enabled the
entry of brain monitoring devices in various other domains as well. Figure 5 shows the fields
currently using brainwaves, which fit the scope of our survey. Recall that the scope and goal of
this survey is to encompass the BCIs that meet the following criteria: A research area or application
that involves EEG records will be included in this survey only if abuse of the procedures or the
data can directly impact the person whose EEG was recorded.

3.1 Security
Brainwaves have been shown to have unique patterns that can represent an individual’s character-
istics, and thus they can be used for many cyber security challenges. Such challenges include user
authentication (e.g., using the brainwaves as biometrics), cryptography (e.g., brainwaves can be
used for generating random numbers widely used in cryptographic applications.) and lie detection.
3.1.1 User Authentication. As stated in Faundez-Zanuy [2006], biometrics refers to the biomet-
ric recognition of people. Currently, biometrics are widely used in many fields, all of which have
a connection to security, user authentication, and identification. The use of biometrics has many
advantages over traditional paper passports or ID cards. The advantages stem from the fact that
a biometric is not something you own, like a key or a card, or something you remember, like a
password or PIN, but something you are. You cannot easily forget or lose your fingerprints, iris, or
ear. In addition, biometrics are usually distinctive and unique for each person, unlike passwords,
which suffer from “smart guesses” of common passwords (e.g., “1234”). Furthermore, the output of
biometric capturing devices is not informative to a third party (cannot be translated to an ASCII
string that makes sense). These advantages, along with the availability of the required equipment,

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:13

have made the use of biometrics quite common today, however they also have some disadvan-
tages, such as their inflexibility (one cannot grant access to his/her account without physically
being there), errors in authentication that are not the fault of the user (unlike mistyping a pass-
word or forgetting a token) [Gorman 2003], and their cost, which becomes an issue when there is
a need for a large number of capturing devices (e.g., fingerprint readers).
Today, many companies have a dataset containing some biometrics, which are used to track an
employee’s work hours and prevent unauthorized people from entering the company’s premises.
A good biometric for authentication should minimally fulfill the following requirements [Jain,
Ross and Prabhakar 2004]:
• Universality: Every person should have the biometric.
• Distinctiveness: This characteristic of a person should be unique enough to distinguish be-
tween any two given people.
• Permanence: The characteristic should remain fairly stable over time, in different environ-
ments and user conditions.
• Collectability: The characteristic should be quantitatively measurable.
• Acceptability: People would be willing to accept a biometric system based on this charac-
teristic (and not feel that it is invasive, for example). This requirement is not necessarily
fulfilled by the characteristic itself but rather by the marketing of it in the media.
• Performance: The time required to successfully recognize a person with good accuracy must
be reasonably acceptable. The authentication should be achieved online adequately within
a few seconds, allowing the authorized user to access the system without a significant delay.
• Anti-circumvention: A system based on this characteristic should be immune to any kind
of attempts to trick the system and steal the biometric credentials.
Table 4 is a shorter version of a table presented in Jain Ross and Prabhakar [2004], which presents
a comparison of different biometric identifiers based on the requirements listed above. We added
“Cost” because the price affects the popularity of the biometric. “L” means several hundred dollars,
“M” means several thousand dollars, and “H” is over $10,000 (“NA” means that to the best of our
knowledge, there is no such system available). However, a simple cost comparison is misleading
due to the number of factors (e.g., accuracy, number of people that need to be recognized, etc.) that
have an impact on the price of the system [Liu and Silverman 2001].
Note that in the original table, brainwaves were not considered a biometric feature. We included
it here, also comparing it against the requirements listed above, with the following thoughts in
mind: First, everyone with adequate brain function can use a brainwave-based system (H). Differ-
ent studies show that brainwaves when performing a specific cognitive task are sufficiently unique
to be used to distinguish between subjects [Milla 2007; Hema Paulraj and Kaur 2008; Riera et al.
2007; Nakanishi Baba and Miyamoto 2009; Quintela and Cunha 2010; Campisi et al. 2011; Shedeed
2011; Su Zhou and Feng 2012; Chuang et al. 2013; Koike-Akino et al. 2016; Thomas and Vinod 2018]
(see Table 5 for a comparison between different methods of recognition and identification (M)). To
the best of our knowledge, there has only been one study that evaluated the permanence of brain-
waves in the contest of user authentication by testing subjects over a six month period [Blondet
et al. 2015], and the authors agree that brainwaves have the potential to be a good biometric in
terms of permanence. However, it is well-known that brain activity changes due to normal aging
[Damoiseaux et al. 2007], and it appears that no research has been performed to determine if and
how different states of the mind, body, and environment (stress, trauma, disease, etc.) might affect
a biometric system based on brainwaves (L for now).
Today, there are EEG devices that can work with a minimal number of dry electrodes and are
comfortable to wear and easy to use, and therefore brainwaves can easily be measured. However,

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:14 O. Landau et al.

Table 4. A Comparison of Biometric Identifiers (L/M/H)

a http://www.neurotechnology.com/prices.html b https://www.typingdna.com/ c http://www.biometric-solutions.com/.

the recording itself must be made in a quiet setting (to limit the amount of external noise) to
increase the accuracy of the EEG results. This might make the use of brainwaves as a biometric
less convenient (M).
When it comes to acceptability, it is hard to determine with confidence how brainwave-based
user authentication systems would be accepted once they are available. There are articles dis-
cussing possible issues associated with BCI that might come up in the future, which could include
a system like the one discussed here [Glannon 2014; Wahlstrom Fairweather and Ashman 2017].
However, an individual’s brain pattern can be recorded when he/she is thinking a specific thought,
which makes it very dynamic. Since an EEG scan is affected by many factors like thoughts and
movements, it makes sense that the common opinion would be that there is no issue with obtain-
ing an individual’s EEG scan for a specific moment, because it is unlikely that that exact moment
will be recreated when using an authentication system (unlike fingerprints, which are permanent
and therefore might be problematic to use). Such a product is not yet available on the market, and
its acceptance in the future would also likely depend on the marketing of the product (H). The
performance of such a biometric is also presented in Table 5 (M).

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:15

Table 5. A Comparison of Research in the User Authentication Domain

Authentication/
Number of Number of Authentication
Authors Link Identification Year Cognitive task Algorithms
electrodes subjects rate (%)
(A/I)
Imagine GMM, 92.9
Marcel [Milla 2007] A 2007 32 9 movement— Maximum A
left index Posteriori
finger model
adaptation
Imagine 91.6
movement—
right index
finger
Hema [Hema, A 2008 3 6 Relax, NN 94.4-97.5
Paulraj and multiply, read
Kaur 2008]
Riera [Riera et al. A 2008 2 51 Relax DA 96.4
2007]
Nakanishi [Nakanishi, A 2009 1 23 Relax * 89
Baba and
Miyamoto
2009]
KNN 98.17
[Quintela SVDD 99.13
Image
Z´uquete and Cunha A 2010 8 70
recognition KNN&SVDD 99.62
2010]
KNN|SVDD 96.65

[Shedeed Standard back 87-93

Shedeed I 2011 4 3 Relax propagation
2011]
algorithm
Voting scheme 100
using DFT &
Wavelet
Campisi [Campisi A 2011 3 48 Relax * 96.08
et al. 2011]
[Su, Zhou I 40 Relax 93.75
Su and Feng 2012 2 LDA
I (Convert 24 Relax/clench 90
2012]
Warning) teeth
Chuang [Chuang A 2013 1 15 Personalized * 98
et al. 2013]
Akino [Koike- I 2016 14 25 Card counting QDA 96.7
Akino et al.
2016]
Thomas [Thomas and A 2017 19 109 Relax MCC 99.8
Vinod 2018] Threshold
*The research used a predefined, constant threshold and evaluation method, not an adaptive model.

Attempts to trick such a biometric will likely be very difficult, because brainwaves are not visible
(like other biometrics like a fingerprint, iris, etc.) and cannot be replicated by another person (note,
we are not referring to the ability to replicate existing EEG scans) when being used in conjunction
with online and new captcha, since the person trying to imitate them cannot accurately reproduce
the brainwaves of another person’s brain without direct access to the person and their brain to
record the person reacting to the new captcha. Furthermore, maliciously recording an EEG scan
of a person is more difficult (the victim must wear a special headset) than installing a virus on a
smartphone to steal a fingerprint [Fiebig Krissler and Hänsch 2014] (H). As can be seen, brainwaves
have some advantages over other common biometrics, and could, with some additional research,
be the next breakthrough in user authentication.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:16 O. Landau et al.

Note that this section is aimed at providing the reader with a brief introduction to biometrics
and provides an explanation of the term and a comparison of traditional brain wave as a biometric
to other biometrics, along with some examples. This information will help the reader understand
BCI-based user authentication in the wider context of brain wave biometrics and how the threats
discussed in later sections of the article could affect the use of EEG in the user authentication
domain. For further information and a detailed description of the biometrics associated with brain
waves and the steps in brainwave-based user authentication systems, we refer the reader to a
recently published paper that focuses on that topic [Gui et al. 2019].
Table 5 presents the work that has been done in this domain, comparing different algorithms,
the number of subjects and electrodes and the authentication’s success rate. It is worth mentioning
that all articles included in Table 5 used only brainwaves for user authentication. The modern per-
spective of combining “what you have” (like a key or a card), “what you know” (PIN), and “what
you are” (biometrics) might solve some of the current issues in the use of brainwaves as a useful
biometric. In this table, we indicated whether the paper focuses on identifying or authenticating
the user based on the EEG signals in the Authentication/Identification column; while closely re-
lated, there is a subtle difference between them. An article worth mentioning is the one by Su,
Zhou, and Feng [2012], in which the authors implemented a covert warning feature alongside the
identification system. The covert warning feature is a feature that allows the user to secretly send
a warning message. In this case, the message is sent using teeth clenching (with a 100% detection
rate).

3.1.2 Cryptography. According to Diffie and Hellman [1976], cryptography is the study of
“mathematical” systems for solving security problems that are related to privacy and authenti-
cation. In terms of computer science and information security, cryptography is usually associated
with the process of making plaintext (ordinary processable data) into ciphertext (encrypted un-
readable data) and vice versa. In the modern world, cryptography has four main goals [Menezes,
van Oorschot and Vanstone 1996]: (1) Confidentially—the information cannot be understood by
someone for whom it was unintended, since secured systems allow transmitting confidential data
over a public channel in a way that only specific individuals will have access to it and will be able
to decrypt and use it; (2) Data integrity—the information cannot be altered without the relevant
side’s awareness at any point from the moment it was first sent by the data owner until it was re-
ceived at the destination; (3) Non-repudiation—the creator/receiver cann0t deny their part in the
transmission after it is performed; and (4) Authentication—the sender and receiver can confirm
each other’s identity and the source/destination of the data; user authentication systems are used
to prevent unauthorized access to a system or data. Cryptographic systems that implement or use
a protocol that meets the above criteria are called cryptosystems.
Due to the importance of information in the modern world, cryptography has become a fun-
damental and important domain. Designing new and better cryptosystems is a high priority, es-
pecially in the domain of data security [Simmons and Simmons 1979]. Most cryptosystems have
three algorithms: one to generate keys, another to encrypt a message with the calculated keys,
and a third to decrypt the encrypted message back to the original one, using a key. There are two
types of cryptography: symmetric and asymmetric. In symmetric cryptography, the same key is
used for both encrypting and decrypting a message (the key should be transmitted between the
parties in a secure manner), while in asymmetric cryptography, encryption is done using a public
key, and decryption is done using a respective private key. A discussion of the pros and cons of
both methods as well as key management is out of the scope of this article.
Several methods of generating, binding, and storing private keys using biometrics have been
developed, and they are gaining popularity due to advantages they have over those that do not

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:17

use biometrics [Faundez-Zanuy 2006]. These cryptosystems are called crypto-biometric systems
[Panchal 2013]. There are different methods with different biometrics; however, we will focus on
EEG-based crypto-biometric systems. The first example of an EEG-based cryptosystem was created
in 2007 [Ravi Palaniappan and Eswaran 2007]. It used an EEG scan performed with 61 electrodes
to generate a 61 bit key to randomize a Huffman tree, which was then used to encrypt the data
(more specifically, the message to encrypt was “The quick brown fox jumps over the lazy dog”).
To decrypt the data, a new EEG scan is needed to create a key, using the already shuffled tree,
which will then be used to decrypt the ciphertext. The recording was done while the subject was
focusing on a picture containing black and white stripes. This experiment was conducted with 10
subjects, and 40 EEG scans were extracted at various times. The true positive (correct decryption
by the genuine subject) rate was 82.05–100%, and the true negative rate (correct decryption by the
impostor subjects—not the one whose scan was used for encrypting the image) was lower than
27.22%, but the most important feature of this encryption is that each EEG recording is one second
long, which is considered to be a reasonable time, since most EEG-based BCIs require a relatively
long recording to function properly.
Another example of a crypto-biometric system is the protocol presented by Nitinkumar et al.
[Rajendra and Rajneesh 2011]. This protocol used a pass thought to generate a restorable EEG
scan, which was used to generate two keys, however no results were provided. Rawat et al. [90]
used EEG scans to generate encryption keys for images, using quantum walks. The quantum walks
can be converted into a two-dimensional probability matrix, which is used to form a random key
sequence that is the same size as the original plaintext image, which, combined with an EEG scan,
can generate a sensitive key and a potentially infinite key space. They presented a comparison of
the plaintext image and the decrypted one but did not mention the hit rate, however their results
are promising. Bajwa and Dantu [Bajwa and Dantu 2016] suggested a key generation method
using EEG scans for user authentication and encryption, but they didn’t conduct an encrypting
experiment. They also showed promising results, using a single key for both authentication and
cryptography, and provided a discussion about the trade-offs between accuracy and complexity.

3.1.3 BCI-based Lie Detectors. BCI-based lie detectors are an additional example of ERP-based
BCI systems. Today’s most well-known lie detector is the polygraph—a device that records blood
rate, heart rate, and sweat levels while the person is answering a series of questions to determine
if he/she is lying. However, the results of a polygraph test usually provide an incomplete picture of
a deception [Bablani and Tripathi 2018], and a specialist that can interpret the results is required.
In addition, it is known that some people can train their body and control the inspected vitals
while answering questions and thus mange to evade lie detection using the polygraph [Cook and
Mitschow 2019].
In a newer approach to lie detection, a BCI system is used to detect ERPs. The main idea behind
lie detectors, including BCI-based detectors, is that the average person cannot control their body’s
physiological reaction when lying. Such reactions include the activity of the brain when shown
a stimulus. As explained in previous sections, ERPs are related to emotions and memory, things
that are not controlled by the person undergoing a lie detector test. If the individual lies, then
he/she is likely to feel some guilt, stress, or other emotions that will affect the emotion-related
ERPs visible on an EEG scan. A known ERP component in this category is the P300, which can be
used in a BCI-based lie detector. A detailed explanation about the methods applied by P-300-based
lie detectors is available in Bablani and Tripathi [2018].
In addition, when considering memory-related components, a person reacts differently to famil-
iar and unfamiliar stimuli, as shown in Bablani et al. [2019]. In this research, the authors divided
the subjects into two groups: innocent and guilty. EEG recordings were taken when the subjects

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:18 O. Landau et al.

viewed three types of stimuli: probe (familiar to the guilty only), target (familiar to all), and ir-
relevant (unfamiliar to all). The most accurate BCI-based lie detection method examined in this
research achieved accuracy of 92.4%.
Another study worth mentioning is the one by Anwar, Batool, and Majid [2019], in which the au-
thors performed a study involving 30 subjects who knew one another. In their experimental setup,
there was a box for each subject that contained comments made about the subject by the other
subjects. Then, one at a time, each subject obtained access to his/her box and but was instructed
not to read the comments (based on the assumption that some of the subjects would still choose
to read them). Finally, the comments were presented to the group on a screen. With 83% accuracy,
the authors used the fact that “lying” subjects (those that who read the comments) had already
seen their comments, and therefore would recognize them when they appeared on screen, unlike
the subjects who were seeing them for the first time. The authors tried using different machine
learning models trained on EEG recordings taken while the subjects saw the comments on the
screen to identify the “lying” subjects. In this article, a comparison to other works was made, and
the authors showed that the accuracy of their method remained high when using less electrodes
(16), therefore training their model using less information.
Using BCI for lie detection can address some of the current limitations of polygraphs, like the
need for a specialist. However, when looking at this domain from a security-related perspective,
it is important to secure this kind of lie detector so a malicious entity will not interfere with it,
resulting in evading lie detection.

3.2 Medical
The brain reflects (based on its activity, physiology, etc.) chemical responses to different mental
states [Haynes and Rees 2006]; as such, monitoring brain activity helps in diagnosing and treat-
ing patients’ neural disorders, and devices like EEG headsets and fMRI enable the monitoring and
recording of brain activity. In addition, BCI systems can be used as supportive systems (e.g., pros-
thesis or wheelchair).
3.2.1 Prosthesis Control Using Brain Signals. A prosthesis6 is an artificial device that replaces
a missing body part; we focus on upper and lower limb prostheses, which are the most common
types of prostheses. It is estimated that around 500 people lose a limb each day, and there are
around two million people living with the loss of a limb in the U.S.7 According to Ziegler-Graham
et al. [2008], this number will increase to around 3.5 million in 2050. There are many reasons
why an individual might require an amputation and subsequently a prosthesis, including injury,
a cancerous tumor or infection, a birth defect, frostbite, and so on. In most cases, a prosthesis is
recommended to enable a person to continue to perform his/her daily routine with ease.
Using brain monitoring, such as EEG and ECoG, researchers are developing prostheses that will
be able to move and function based on the owner’s thoughts, with hope that they will act and feel
like the missing limb. Several different aspects of realistic prostheses have been investigated. In
2005, Gernot et al. [Scherer and Pfurtscheller 2005] replaced the Freehand prosthesis shoulder
joystick with the analog voltage coded output of a BCI. They showed that a subject can gain
control of the BCI in just a couple of days, which indicates that this method might be an alternative
approach for prosthesis control.
A different aspect that is being investigated involves notifying the brain when the prosthesis
comes in contact with an object. Doing so will make it possible for an individual with a prosthesis

6 http://www.merckmanuals.com/home/special-subjects/limb-prosthetics/overview-of-limb-prosthetics.
7 https://www.mobilityworks.com/blog/limb-loss-awareness/.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:19

to function without having to actually visually see what is being touched or lifted by the prosthesis,
enabling the person to handle an object in a manner that is more similar to that of a person using
his/her real hands. Berg et al. [2013] and Tabot [2014] also performed studies in this field, focusing
on the importance of feeling through the prosthesis. Berg et al. showed success with making an
animal “feel” when a stimulus (electrical and mechanical) was sent to a prosthetic finger. Setting
a threshold of 75% success at identifying the stimuli, the minimal stimuli needed was equal to
15 grams of force. Tabot et al. used a similar idea one year earlier and showed that there is no
significant difference in the minimal voltage required to make an animal feel.
In 2014 [Mcmullen et al. 2014], a system to control a prosthetic arm was introduced using ECoG
signals, eye tracking, and computer vision for object identification. The two subjects were asked
to perform two tasks of reach, grasp, and drop. The first task was a simple case involving one
object, and in the second more challenging task the subject had to pick up the requested object,
which was located among other similar objects. After some training, both subjects were able to
complete the first task with a success rate of 100% and the second one with a rate of 70%. To the
best of our knowledge, this was the first attempt at using a semi-autonomous prosthesis, and with
further investigation, the use of such a prosthesis might allow users to focus on other matters
while the prosthesis performs a requested action. A possible drawback of this research, as stated
by David et al. [Mcmullen et al. 2014], is the fact that the subjects were paralyzed, and therefore
the prosthesis uses an imagined reaching movement instead of an actual one, which might cause
problems when used by a patient that is not fully paralyzed. However, there are many challenges to
making artificial body parts that can fully replace real ones, and further research is needed to make
neuroprosthesis operational. In addition, looking into the future, when the use of such prostheses
becomes more common, some security issues may arise, for example, what would happen if an
attacker obtains the ability to hack and control a prosthesis? Such questions must be considered
to prevent prostheses and other assistive medical technologies from hurting the people they are
designed to help.
Other papers relating to neuroprostheses deal with controlling a robotic arm. The arm is usually
placed on a table (and not close to the subject’s body, like a prosthesis), and the subject uses an
EEG to control the arm and perform various tasks. Researchers have had different goals and levels
of success. In one study [97], a 70% success rate was achieved in the task of moving the arm
in four different directions. In a study conducted by [Meng et al. 2016], 13 subjects controlled a
robotic arm, successfully reaching and grasping a requested object; an important finding is that
the subjects were able to control the arm a few months later.
When looking at this domain from a security-related perspective, it is clear that it is extremely
important to secure the prosthesis and ensure that an entity with malicious intentions cannot take
control of the prosthesis or interfere with its intended use.

3.2.2 Wheelchair Control Using EEG. Just like some types of prostheses, a wheelchair is de-
signed to enhance mobility. Currently, people who are completely paralyzed must rely on a family
member or aide to move around in a wheelchair; while helpful, this limits the wheelchair user’s
independence.
Some alternatives for controlling a wheelchair have been proposed, including the use of eye
movement [Plesnick Repice and Loughnane 2014] (which can be problematic for people with stra-
bismus), voice [Nishimori Saitoh and Konishi 2007] (which can be difficult for people who stutter),
and the use of a sip-and-puff control unit or the tongue [Lund et al. 2010] (the latter is problematic
for the elderly, since it relies on using the tongue to operate a joystick for a long period of time or
producing different levels of air pressure to control the wheelchair).

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:20 O. Landau et al.

An electronic wheelchair controlled by EEG might address some of these issues as well as other
problems for wheelchair users with the necessary brain function to interact with a BCI system.
As stated in [Grübler and Hildt 2014], a system based on high-level user commands generated
from the patient’s EEG signals, combined with low-level machine commands (to avoid obstacles,
for example) could provide a good solution. A comparison of the research performed until 2013
can be found in Bi Fan and Liu [2013]. This work identified the following challenges with mak-
ing a wheelchair controlled by brain activity a relevant option in the real world: (1) Performance
improvement needs to be addressed, both in terms of accuracy and reaction time. (2) The overall
driving performance is very important. (3) A standardized performance evaluation for wheelchairs
needs to be established.
Another issue arising from the abovementioned study is that some people can use a BCI based on
certain ERPs, while others cannot, and vice versa. This means that a good BCI method might have
to combine different aspects of brain activity, while still being simple enough to use without a long
training period. An advantage of using EEG scans as a way to control devices such as wheelchairs
is that a powerful processing unit can be placed on the wheelchair without impacting the user. This
changes the balance in the accuracy-computational cost trade-off, allowing heavier computations.
An example of maximizing this advantage can be found in Carson and Millan’s research [2013],
in which the authors used cameras and sensors, in addition to the user’s input, to achieve more
accurate results (based on two input channels). A study [Kaufmann Herweg and Kübler 2014]
in which a virtual room and wheelchair were used with healthy subjects who tried to navigate
between obstacles found that the main issues were the fact that commands took 28 seconds to
execute and that there was no immediate stop option. Another problem was that focusing on
controlling the wheelchair can tire the user, a problem that can be solved with a better signal-to-
noise ratio, which will result in a faster reaction time for commands. A study conducted in 2017 [Li
et al. 2017] suggested more command options, including autonomous speed control and moving in
a straight line smoothly. Yet, as can be seen in Kim and Lee [2017], using an EEG-based wheelchair
still resulted in poorer results than a joystick-controlled wheelchair (281 seconds compared to 129).
Much research remains to be done to address the issues mentioned above. Furthermore, as with
prostheses, security issues also need to be considered to prevent malicious entities from controlling
or interfering with the use of a wheelchair.

3.2.3 Communication Using BCI. BCI has also been considered as a solution for people with
other impairments as well, for example, as a means of helping people with communication
difficulties interact with their surroundings more easily and thus improving their quality of life
tremendously.
Based on Gr and Hildt [2014], the first time a BCI was successfully used for communication was
in 1988 [Middleton IV. et al. 2011], with a matrix of letters and numbers enabling letter by letter
word composition. Letter selection required the user to focus on the location of the letter in the
matrix, while columns and rows in the matrix were randomly highlighted. Using this version of the
oddball paradigm, a P300 component should be visible on the EEG scans when the requested letter
is highlighted. Using different algorithms and the described scans, the authors obtained a hit rate
of 80–95%, but the pace was relatively slow (a letter every 26 seconds). Various BCI communication
systems later used this paradigm, often referred to as “P300 Speller,” as can be seen in Birbaumer
[2006]; Krusienski et al. [2008]; Speier et al. [2012]; Mainsah et al. [2014, 2015].
Several possible improvements have been proposed over the years. One suggestion is including
recorded ERP components related to familiar faces (on top of P300), like N400, while flashing
famous faces, replacing the letters used in the original highlighting method [Kaufmann et al. 2011].
The use of this method resulted in a stable 100% hit rate, which was achieved with less rounds of

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:21

highlighting, as well as a faster letter selection pace (1.8 times faster, on average). An improvement
implemented in Yin et al. [2013] involved incorporating the SSVEP (steady-state visual evoked
potential) component into the conventional P300 paradigm. This resulted in a 93.75% average hit
rate with an information transfer rate of 56.44 bit/second. Moreover, five of the 12 subjects had
a 100% hit rate and a 63.56 bit/second transfer rate, which indicates that some individuals might
be more suited to the P300 Speller method than others. Another suggestion involves combining
the regular P300 Speller paradigm with the known probability of a letter to occur in the English
language [Speier, Arnold, and Pouratian 2013], both in general (for example, the most frequently
used letter is “E,” at 11%) and after a given letter (“H” is more likely to follow “C” or “T”). Unlike
prostheses that relied upon patterns of thinking, here the key is the use of ERPs.
Ossmy et al. [2011] proposed a hierarchical character selection method to accelerate the spelling
of words beyond the pace achieved by the abovementioned linear scanning approaches. Instead
of P300, the authors used detection of three cognitive actions to control the input. The same ap-
proach was used to control a pointing device, resulting in full control of a computer desktop. Using
the MindDesktop BCI, subjects succeeded in opening an Outlook application, typing a recipient’s
address, and sending an email containing 12 characters in a period of 4-13 minutes.
However, no matter the approach taken, the challenges center on quality and quantity: quality,
as the goal is a high hit rate without errors, and quantity, as a high information transfer rate is
desired. Research in this area could potentially improve communication by BCI so that it is just as
fast and reliable as speaking or texting—and we provide our ideas for this in the future directions
section.
Another important subdomain is communicating with people who are in a completely locked-
in state (CLIS), in which they have normal cognitive capabilities but no muscle control, as in the
final stages of ALS. In this case, none of the paradigms discussed work, because the individual
cannot open his/her eyes and therefore will not be able to see the flashing letters. This issue is
more difficult to solve, because a solution that will allow the person to communicate fully on
his/her own must rely solely on brain activity, without a visual stimulus [Chaudhary et al. 2017]. As
stated in Kubler and Birbaumer [2008], there is no significant relation between the level of physical
impairment and the success of using BCI, however in a study aimed at interpreting brainwaves
to provide a “yes” or “no” answer for patients in a locked-in state (LIS) and CLIS patients, the LIS
patients had a higher success rate. In 2017 [Chaudhary et al. 2017], researchers achieved a 70%
success rate in a similar experiment (with “yes” or “no” questions) in which fNIRS was used to
measure brain activity in CLIS patients. This study showed that fNIRS outperformed both EEG
and ECoG, suggesting that using fNIRS might be a good choice for LIS patients as well.
When considering the security threats of this type of BCI, we see two main threats. The first
threat is that a malicious entity could take control of the output of the system, giving it the ability
to control what the user says. The second threat is that an attacker could interfere with the user’s
ability to use the device, preventing the user from communicating at all.

3.2.4 Diagnosis and Therapy. As previously mentioned, the EEG is one of the most common
noninvasive methods for monitoring and recording brain activity. Similar to other brain activity
recording methods, like fMRI or MEG, EEG can and is being used as a tool to diagnose many brain-
related disorders. Many studies have been aimed at more accurately predicting and automatically
diagnosing Alzheimer’s disease [Adeli Ghosh-dastidar and Dadmehr 2008; Dauwels et al. 2010],
however more attention needs to be directed at the security of these methods. A threat in this
context can be an attacker that tries to interfere with a normal diagnosis, replacing the actual input
with input that indicates a disease, resulting in false positive tests and unnecessary treatment for
healthy patients, or replacing a diagnosis with one incorrectly indicating that the patient is healthy.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:22 O. Landau et al.

For example, the false positive diagnosis rate for epilepsy is estimated to be somewhere between
2% and 71% [Xu et al. 2016]. Therefore, epilepsy diagnosis is performed very carefully and often
is based on more than just an EEG scan, to reduce the likelihood of a misdiagnosis. Although it
might not be an immediate problem, attention should be given to this issue while still focusing on
developing an automatic, EEG-based diagnostic method.
Other uses of BCI in the medical world include rehabilitation and therapy. Several studies have
been performed on the use of EEG-based BCI in stroke rehabilitation [Pfurtscheller, Scherer and
Neuper 2008], to restore motor abilities that were lost due to a stroke. During rehabilitation, it is
common to have both physical therapy (performing tasks with the affected limb) and cognitive
exercises (mostly mental imagery in which the patient imagines performing a physical action).
According to Prasad et al. [2009], patients tend to lose attention quickly when performing mental
tasks during rehabilitation. In this case, EEG-based BCI is used to give patients feedback about
their ability to focus and performance, which, according to the patients, helps them concentrate
for longer periods of time. EEG and BCI is also used for therapy, to help patients with depression,
anxiety [Hammond 2005], ADHD [Arns, Heinrich and Strehl 2013], and more. In one study [Saxby
and Peniston 1995], 14 subjects with chronic alcohol abuse and depression treated with brainwave
neurofeedback therapy showed an increase in their Alpha and Theta waves, which resulted in a
reduction in depression symptoms (lower scores on Beck’s Depression Inventory [Beck Steer and
Brown 1996]). Among the challenges of EEG-based BCI are the fact that it requires a long period
of preparation (set up and calibration), it cannot be used in the patient’s home, and it takes a lot
of time to master [Pfurtscheller, Scherer, and Neuper 2008; Ang and Guan 2013].

3.3 Entertainment
Similar to diagnosing the mental state of a patient, brainwaves can be used to improve one’s expe-
rience with a movie or a game. For example, brain monitoring is used to obtain unfiltered, honest
feedback when testing new products [Lee Broderick and Chamberlain 2007] or to alter a video
game to maximize the player’s enjoyment (see 3.1).
3.3.1 Neural Gaming. While most of today’s BCI applications focus on medical uses, re-
searchers and developers are also focusing on bringing the advantages of BCI to the gaming field,
allowing individuals both with and without disabilities to enjoy games controlled by their mind.
Neural gaming combines BCI and traditional gaming. Usually an EEG is used, due to the conve-
nience and low price of specific EEG systems, to improve the gaming experience. BCI devices can
be used as either an input device (replacing the joystick/mouse/keyboard) or as a way of receiving
live feedback from the user. Using BCI as an input device requires the user to actively generate
brain signals to play the game. Using it as a feedback tool can help the game adapt to better fit the
individual playing [Stein et al. 2018].
BCNI Horizon 20208 states that gaming companies will shift their attention to the possible uses
of the brain in the domain in the near future. Researchers believe that the curiosity and open-
mindedness of gamers (especially when it comes to technological challenges) [Allison Graimann
and Gräser 2007], as well as their relatively young age (an indication of the high percentage of their
life spent around modern technology), make gamers a logical potential population for using BCI
in a nonmedical context and neural gaming a promising domain [van Erp, Lotte and Tangermann
2012].
Other advantages of BCI gaming over traditional gaming are the possible solutions it offers for
various problems that negatively impact the gaming industry. For example, bots (software that

8 http://bnci-horizon-2020.eu/images/bncih2020/Roadmap_BNCI_Horizon_2020.pdf page 13.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:23

controls an avatar in the game instead of the player) can negatively affect the gaming experience
in multiplayer games, and traditional methods of distinguishing between a player and a bot can
be improved or replaced by EEG-based ones. This can be done via the brain signals recorded in
an EEG. A game includes many stimuli, and it is difficult to mimic human’s reactions to different
events in the game, what will allow easier identification of bots.
Neural gaming can also be used as a part of systems with different goals. First, neural gaming can
be used in entertainment systems like gaming consoles. The use of BCI as feedback can enhance
the game by increasing users’ excitement and concentration by adjusting the difficulty level based
on the player’s input [Stein et al. 2018]. Neuro gaming can also be used to acquire a specific skill
or capability [Vasiljevic and De Miranda 2019]; in this case, the aim is to improve or gain skills,
and the game is the vehicle for accomplishing this, keeping the user interested and focused on the
task.
As stated by [B. Kerous, F. Skola, and F. Liarokapis 2017], BCI games can be categorized accord-
ing to the type of brain activity recorded and used in the game (e.g., P300, SSVEP, other ERPs, and
more). Each feature has its advantages and disadvantages. P300-based games come in different
types and shapes. Since P300 is related to decision-making, as well as to stimuli processing, and
occurs when using the oddball paradigm [Hassanien and Azar 2015], ERP is often used when the
goal of the game is to maintain the user’s concentration. One example for such a game is an alter-
native version of “Connect Four” [Maby et al. 2012] where two players compete against each other,
trying to be the first to place four game pieces in a row. When incorporating BCI in this game, the
players select the column to place the next coin in, using brain signals (similar to the letter matrix
used in research about communication using BCI discussed in Section 3.2.3). Maby et al. [2012]
presented two different versions of the original game, obtaining 82% accuracy, which supports the
feasibility of playing such a game using just brain signals. In another example, a game designed as
a training tool for improving attention (potentially for users diagnosed with ADHD [Rohani and
Puthusserypady 2015]) was evaluated. This game environment was designed as a classroom and
included several short games designed to test the user’s concentration level. Games using other
ERPs such as SSVEP have also been studied [Ali and Puthusserypady 2015; Koo et al. 2015; Wong
et al. 2015]. As [Kerous, Skola, and Liarokapis 2017] cited, the advantage of P300 is its robustness
and the fact that it can be detected without user training.
The steady increase in the popularity of BCI gaming is accompanied by an increasing need for
security in this domain. The fact that the input to the games is the user’s EEG scan is a potential
threat to the user’s privacy. In 2012, Ivan et al. demonstrated how a security breach in this area
could occur [Martinovic et al. 2012]; in this experiment, the ERP component related to familiar
objects was used, and a malicious entity with access to the EEG input was able to extract sensitive
information related to the users. Access to the EEG scans can be obtained through a side-channel
attack or via the game itself (the game could be designed in such a way as to steal information from
the user). However, Lange et al. [2017] claimed that this issue is not the most alarming; according
to these authors, the possible identification of the users is far more likely. For example, medical
companies as well as hospitals maintain large datasets of EEG scans, which can be related to other
medical and personal information contained in different databases. An attacker can obtain the
EEG scans from the game as well as access to the hospital’s data, and then compare the scans
(as mentioned in the user authentication section, research has shown that identification using
EEG scans is feasible). In such a case, the attacker can obtain details about the users and violate
the users’ privacy. This scenario can lead, for example, to the discrimination of specific users or
groups of users (for example, based on religious beliefs, which can be extracted from brain signals
[Inzlicht et al. 2009]), which impacts on the fairness of the game.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:24 O. Landau et al.

Table 6. An Overview of the Attacks Presented

It is worth noting that some of the issues faced by the traditional gaming industry are also
relevant for neural gaming (e.g., bots, as previously discussed). In addition, research aimed at de-
termining whether BCI games can be played using brief EEG samples is needed, since it might
prevent the authentication of users (state-of-the-art authentication methods use samples of a cou-
ple of seconds). The abovementioned issues and solutions should be considered by the relevant
stakeholders, preferably before BCI becomes a main part of the gaming industry.

4 THE SECURITY OF BCI APPLICATIONS AND DOMAINS

4.1 Attacks and Breaches
In this section, we further discuss possible security vulnerabilities of and attacks on BCI systems.
Table 6 provides a brief overview of the attacks discussed in this section, including a short de-
scription of each breach and attack. Attacks that haven’t been presented or proposed in previous
work are denoted as “New” in the year column. In addition, the breaches that are relevant for the
domains presented in the previous section are indicated (a red rectangle indicates relevance in a
specific domain); the last row in the table notes the percentage of breaches that are relevant for
each domain. As can be seen, the entertainment domain is exposed to all of the attacks, making
users much more vulnerable when using BCI applications and devices during their leisure time.
As seen in the table, while none of these attacks have yet been launched (noted in the last column),

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:25

Fig. 6. Generic ecosystem of the BCI domain considered in this article (*optional).

the potential for attacks is there, and each of the domains presented remains vulnerable to such
attacks. A more extensive description of the attacks is provided later in this section.

1. Noise Addition: This attack can be thought of as a type of modified input attack. As can
be seen in Figure 6, the attacker disrupts the data sent from the capturing device (e.g.,
EEG headset) to the noise cancellation module (usually located in the processing unit of
the system, often a computer). Unlike EEGs used in neuroscience research or healthcare,
consumer-level BCIs usually have a wireless EEG headset, which results in sending the
user’s input to the processing unit via Wi-Fi or Bluetooth. In addition, the methods used to
reduce noise are not perfect, and therefore we expect to find noise in data that hasn’t been
altered as well (e.g., resulting from incorrect placement of the device or shifting attention
to and from the stimuli), which makes it more difficult to know whether the device is under
attack. The disadvantage of this attack, from the attacker’s perspective, is that it is hard to

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:26 O. Landau et al.

get the device to do what the attacker wants (as opposed to what the user wants), and in
most cases, this attack will result in a denial-of-service attack and user frustration, although
it can be effective against users with impairments who use BCI to communicate or operate
a prosthesis. The addition of noise changes the input of the BCI itself, and therefore all
of the domains discussed are vulnerable to it, although the consequences are different for
each domain.
2. Altered Stimuli: In this case, the attacker captures the original, benign stimulus and
presents a new and different stimulus to the user. Altered stimuli can lead to various out-
comes in each of the domains, with more threatening outcomes in the medical and gaming
domains. For example, it can lead to the misdiagnosis of a patient or misuse of the system
(when the user wants to do X, but the outcome is as if the user did Y, causing confusion).
Executing this type of attack requires access to the device that presents the output. The
access can be obtained using computer malware. Unlike the execution of an altered stimuli
attack on a system that relies on accurate input by the user (e.g., by altering the output pre-
sented on the screen), when using BCI today, noise and false classification of commands
are well-known issues, and therefore users will have a harder time distinguishing between
unexpected stimuli that are the result of a cyber attack and noise resulting from user error.
Such noise can be caused by the incorrect calibration of the acquisition device, the user’s
misinterpretation of the instructions, or random thoughts that have an impact on the sig-
nals recorded during the use of the system. Since this kind of attack requires a stimulus,
the target domain will probably be the entertainment domain, although there are some
examples of stimuli in the medical domain as well (e.g., ADHD treatment).
3. Artificial Input: In this type of attack, the attacker is able to insert input that is not from
human brain signals. When using BCI systems for user authentication in the security do-
main, artificial input can mimic different users’ brain signals to fool the system into au-
thenticating the hacker as the authorized user. In the gaming industry, this can lead to
bots (as discussed in Section 3.3.1). The difficulties of implementing this type of attack de-
pend on the attacker’s goal. Mimicking generic human brain activity is relatively easy and
can be done using any EEG data that can be found online, however mimicking a specific
brain is more challenging and requires access to specific EEG recordings (if they exist). In
this attack, the easiest way to perform this attack is to input prerecorded brainwaves that
were acquired through a legitimate process; the attacker would need to steal them from
an existing database that is used by another system/in another context. This, in fact, is a
replay attack that utilizes brainwave biometrics, which could be applied in each of the do-
mains, since it changes the input of the BCI itself. The hill-climbing attack [Maiorana et al.
2013] provides another means of executing this attack. This method requires access to the
matching score of the input. The hill-climbing attack is performed by attempting to use
an artificial signal as input, receiving its matching score from the benign user’s signal and
altering the artificial input to improve this score. This process is repeated until the match-
ing score is high enough and the system grants access to the attacker. More and different
hill-climbing methods have been further presented by the same authors [Maiorana et al.
2015].
4. Modified Input: Similar to the altered stimuli attack, this attack is performed by capturing
the user’s input and replacing it with the attacker’s input (man-in-the-middle attack). It is
also similar to the altered stimuli attack in that the user will have a difficult time determin-
ing whether the output is the result of an attacker or the result of his/her own use. It is
more difficult to execute this type of attack than an attack based on the addition of white
noise, because the attacker will have to ensure that the processing unit acquires the data

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:27

desired by the attacker rather than the user’s data. The outcome of the attack is limited
only by the system’s function, because the attacker will send data that will be classified
as one of the possible commands the system understands. Again, similar to the previous
attack, all of the domains can be affected by this kind of attack.
5. Data Leakage via Secondary Channel: This can serve as “preparation” for an artificial in-
put or privacy violation attack, in which the attacker obtains the data (brain signals) of
a specific user to mimic the user for malicious purposes (e.g., to gain access to the user’s
workplace). This can be accomplished by listening to the communication between the cap-
turing device and the processing unit (which, as stated before, can be assumed to be done
using Wi-Fi or Bluetooth); this can occur in each of the domains.
6. Privacy Violation: This attack can be executed by both a third party and by the system’s
creator. In this type of attack, the attacker is able to obtain private information from the
system, i.e., data about the user that is not relevant for the system’s regular operation.
For example, an EEG scan can be used legitimately to diagnose Alzheimer’s disease [Adeli
Ghosh-dastidar and Dadmehr, 2008; Dauwels et al. 2010]; however, a game creator can use
the brain signals of the user to obtain medical information about a user without his/her
permission or knowledge. This is a severe privacy violation that could lead, for example,
to a situation in which vendors in the gaming industry would be persuaded to sell their
users’ medical data to other interested parties. A third party can also execute this attack
after performing a side-channel attack to obtain a user’s EEG scan. In addition, the creator
of the system, as well as anyone with access to the data the system uses, can easily use this
information for his/her own purposes. The main issue with this attack is that there is no
easy way to identify that a user’s data has been taken, because the application itself might
need the data to function. Since all BCI systems use (and may even save) the brain activity
of the user, a malicious entity can exploit it no matter what the original intended use of the
data is.
7. Misleading Stimuli: This attack is a more sophisticated variation of the privacy violation
attack. In this case, the attacker presents stimuli to elicit a response by the user that is
aligned with the attacker’s aims instead of the data provided by the user during a regular
EEG scan. Our mind is influenced by our personal thoughts, opinions, and experiences, and
therefore we will react differently from one another when presented with various stimuli.
For example, presenting a picture of a friend of A who is a stranger to B will result in
different EEG scans for each person (in particular, P300 will be seen in A’s scan but not in
B’s) [Frank et al. 2017]. If a BCI game creator presents A’s friend to A in the game, then
the game creator will be able to infer that A knows A’s friend and B does not. Advances in
the BCI and neuroscience domains will create many more potential uses for such an attack
in which the privacy issue is even more dangerous, because, again, the system creator can
disguise the stimulus as a legitimate one, and therefore the user will be unable to tell if the
system itself is malicious. This attack can also be executed by a third party, similar to the
altered output attack, but in this case, the user should be able to see that the original system
has been tampered with (if the output seems out of context). Like the altered stimuli attack,
this kind of attack can only be executed when there is a benign stimulus to begin with.

4.2 Ecosystem and Data and Attack Flow Diagrams

This section provides an illustration of the BCI domains surveyed in this article, as well as possi-
ble security breaches in these systems. Table 7 provides a legend for the figures that follow and
describes the main roles and players in a generic BCI ecosystem. Detailed ecosystem and data and
attack flow diagrams are provided for each BCI domain presented in the article (Figures 7–10).

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:28 O. Landau et al.

Table 7. The Legend for Figures 6–10

Fig. 7. Illustration of an authentication BCI (*optional).

The red and blue numbers in the diagrams correspond to the numbers of the possible cyber at-
tacks listed in Table 7, while the green terms represent possible defense mechanisms, which will
be discussed later.
4.2.1 Generic BCI Ecosystem and Data and Attack Flow Diagram. In this section, a generic
ecosystem is presented. All BCIs receive brain activity as input using a brain signal capturing
device of some sort (e.g., an EEG). Then there is a preprocessing stage, which includes noise re-
duction, aggregation of the data to form the “waves,” normalization of values, and more. After the
data has been processed, the system extracts relevant data from the EEG scan and uses it as is or
integrates additional relevant information from an external database.
In the following subsections, we describe each of the EEG applications, explaining their internal
processes and procedures, and mention how EEG scans are used in the application.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:29

Fig. 8. Illustration of a cryptography BCI.

Fig. 9. Illustration of a medical BCI.

4.2.2 Authentication. In this case, when signing up a new user to the system, the data will be
used to generate a unique user profile for the new user (a). Then, in the authentication phase, the
generator will generate a user profile based on the data it obtains as input (this might not include
an identity, and in this case, the system will have to infer the identity the user claims he/she is
based on the existing profiles and their similarity to the new one) (b), and compare it to the saved
ones (c) and return an identity (or confirm that the user is who he/she claims to be). Note that the
same component is used in (a) and (b); in the first step, a new profile is added to the database, and
in the second step, a profile that should already be in this database is generated.

4.2.3 Cryptography. In cryptography systems, the processed EEG scan data is used to generate
an encryption key or random number that is used in the creation of the key (a), which is used to
encrypt a message using a standard encryption protocol. Then, the message is encrypted (b) using
the generated encrypted key, and the system provides the user with the encrypted message (ci-
pher) as output. When decrypting (c), the key will be generated again, and the cipher (encrypted
message) will be loaded and decrypted before being returned to the user.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:30 O. Landau et al.

Fig. 10. Illustration of a gaming BCI (*optional).

4.2.4 Medical. In the medical domain, there are two main types of systems: diagnosis (I) and
supportive (II). When diagnosing, the data will be presented to a certified third party (e.g., a human
expert). This entity will use the user’s prior medical history to diagnose the user and return the
diagnosis as output, in addition to adding the new diagnosis to the user’s medical file, as can be
seen in (II). For supportive systems (e.g., a prosthesis or communication system), the data will be
translated to commands that will be executed by the device for the benefit of the user/patient. This
translation can be performed by a processing unit that is a part of the component itself.

4.2.5 Gaming. As previously discussed, the options in the gaming domain vary. Some games
will use the input as commands and change the user’s situation in the game according to this input.
Another option can be monitoring the user’s experience, and then the commands are sent via a con-
troller (e.g., a keyboard). In addition, some games will use and update the user’s data in a database.

5 EXISTING DEFENSE METHODS

In terms of current defense methods, there are no magic solutions. Attacks on the databases of
applications or the communication between the acquisition device and the processing unit can
be prevented (or at least made more difficult to execute) using the same methods as the ones that
are used in other information systems. Encryption of the scans (data at rest) and using secure
communication protocols (data in motion) are good examples. BCI Anonymizer [Bonaci et al.
2014] is a possible solution for some of the attacks presented in Section 4.1, filtering the input sent
to reduce the private information that can be extracted from it. In contrast to the commonly used,
more general attacks, attacks that are unique to BCIs are less common and therefore there are
fewer solutions currently mentioned in the literature. According to Ienca and Haselager [2016],
the addition of an anomaly detection mechanism to the signal-to-noise ratio is a possible safeguard
that could be used to detect when the system is under a noise addition attack. An extension to
this mechanism might involve adding a user specific anomaly detection mechanism to the system
to detect modified input. Another defense method suggested in Ienca and Haselager [2016] is a
feedback mechanism that signals an unintended outcome of the system to a third party (this could
be relevant to users with disabilities whose caregivers will be alerted if the system is malfunc-
tioning); this can help in the recovery from attacks like modified input. A proposed mechanism

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:31

to defend against artificial input (in particular, replay attacks) was proposed and implemented by
Gui et al. [2016]. The authors used an ensemble of classifiers to detect whether noise was added to
the benign input or not. The results were promising, although they are based on a single session,
and more work needs to be performed to extend this mechanism to multiple users and sessions.
Other possible solutions include increasing public awareness, which will make users more aware
of the risks involved with BCI systems and also lead to additional research in this domain aimed
at providing solutions. Increased public awareness will also enable users to more easily detect
suspicious stimuli in an altered stimuli attack. When considering other issues associated with this
domain, including military projects, for example, another solution that is under heavy debate is
the regulation of neurotechnology, including BCI systems [Kotchetkov et al. 2010; Ienca et al.
2018]. Only allowing BCI applications developed by authorized organizations could reduce the
possibilities of altered stimuli attacks.
To summarize, assuming that we have a BCI system that has a good malware detection mech-
anism and is completely immune to “typical” malware and data leakage, both on the user and
server ends, attacks like data leakage via secondary channel and altered stimuli are still a threat
and should be considered when creating and using BCI systems.

6 DISCUSSION
A number of significant conclusions and observations can be made regarding the information pre-
sented in this article. First, there are several existing and potential cyber-attacks aimed at BCI
systems that can either cause improper medical diagnosis and treatment, or create user privacy
issues. Second, there are some existing and standard defense mechanisms that can prevent or make
it more difficult for attackers to carry out and launch some of the attacks reviewed in this article.
For example, a simple anomaly detection mechanism could reduce the possibility of manipulated
input. Such a mechanism is a crucial addition to future BCI systems, such as prostheses or com-
munication systems.
It is likely that such defense mechanisms have not been fully developed and embedded in today’s
BCI systems due to a lack of awareness regarding the potential risks associated with the cyber-
attacks discussed. However, by raising awareness and paying increased attention to this issue as
this article has done, we hope to change this situation.
Another observation is that some of the proposed attacks have no real solution, and today’s
systems are vulnerable to them. An example of such an attack is the privacy violation attack in
which an attacker can use the data the BCI system receives as input to learn or infer private infor-
mation about the user (EEG data can be used, for example, to check whether the user has an eating
disorder [Horndasch et al. 2012; Groves Kennett and Gillmeister 2017]). The theft and inference
of this information is a cyber-attack vector that, on the one hand, can violate patient privacy and,
on the other hand, can jeopardize the reputation of BCI system vendors and cause them to lose a
large amount of money, particularly due to the new General Data Protection Regulation (GDPR)
[Zúquete et al. 2010], which imposes significant fines on vendors whose customers suffer from
privacy violation.
When looking at the current state of BCIs, we observed that these systems are no longer rele-
gated to the medical domain as advances in neuroscience, hardware, and software have led to the
emergence of BCI systems in many other domains; this is very likely to continue, and we will soon
find BCI systems in even more new domains. Since, as previously mentioned, brain monitoring and
inference can (and should) be seen as privacy violations, it is important to know exactly where the
public stands on this issue and similar dilemmas before BCI gains more popularity. In addition,
there are other technical difficulties the research community will have to solve before BCI can be
fully integrated in future technologies. Although the accuracy of the monitoring components has

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:32 O. Landau et al.

improved, much more progress must be made to ensure comfortable yet accurate devices. This,
along with the long training process most of these systems require, should be improved.

7 FUTURE DIRECTIONS AND SUGGESTIONS FOR BCI’S SECURITY

ENHANCEMENTS
It is clear that the future of BCIs depends on providing solutions to the security issues and cyber
attacks mentioned above, and therefore finding such solutions is one of our main future directions.
Developing a means of automatically distinguishing between a malicious BCI gaming application
and a benign one, filtering data that can be used to infer personal information of the user, and
more are among the breakthroughs required.
Other directions can focus on improving the accuracy of the acquisition devices, because many
existing applications are only partially effective and need long periods of time to correctly classify
commands used as input. For example, for EEG-based authentication to replace current authen-
tication methods (like fingerprints), the method must be more accurate, efficient, and reliable.
Such ongoing accuracy improvements in classification abilities can be achieved by using the ac-
tive learning approach that has demonstrated efficiency in variety of challenges and domains,
such as malware detection in the cyber-security domain [Moskovitch et al. 2007; 2008] and severe
condition classification in the biomedical informatics domain [Nissim et al. 2016; 2017]. Other
improvements that need to be made to increase the popularity of BCI center on shortening and
simplifying the training process. Unlike a regular joystick or touchscreen, which are familiar to
users, operating a device via the brain is not intuitive and requires training before it can be used.
Long and complicated training will leave the user frustrated and less willing to cooperate. We
believe that a study needs to be performed to determine the best way to train users and identify
which users learn such tasks most easily. Another study that would help make BCI more widely
accepted involves obtaining the public’s opinion on the topic, for example, learning what people
think of it and whether addressing the existing security issues will change their minds?
Another direction lies in the security domain. As can be seen, not all of the attacks have been
comprehensively dealt with, and, to the best of our knowledge, not all of the proposed defense
methods are implemented in today’s BCI systems, leaving many avenues for future work.
Several additional avenues for future work relate to communication using BCI. It seems likely
that it is possible to control a prosthesis with a cursor-like mechanism, in which the subject con-
trols a cursor on the letter matrix (instead of using the oddball paradigm) and communicates with
the screen, like one would type on a virtual keyboard on a regular computer. Such continuous
movement of a cursor is more secure (and difficult to forge) compared to currently implemented
methods.
A possible “semi-solution” might involve applying the standard P300 Speller protocol (or any of
the improved ones) in a specific field, which might help a user communicate in his/her workspace
or classroom, where the subjects center on a relatively small domain. For example, if someone
works as a programmer and uses Java on daily basis, then he/she types the words “public” and “int”
more frequently than “yes” or “hey,” whereas the opposite might be true for the same individual
when texting family and friends after work. This avenue of research might, for example, enable
Amyotrophic Lateral Sclerosis (ALS) diagnosed workers to continue working and maintaining
their normal routine longer. Another direction could be studying the patient’s patterns of use to
suggest shortcuts for the matrix, similar to currently available features on smartphones, like “auto-
correct.” This would not necessarily decrease the hit rate (word selection errors will still be made
by the user), but it will increase the transfer rate, as every correct prediction will decrease the
number of letters needed by at least one.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:33

REFERENCES
H. Adeli, S. Ghosh-dastidar, and N. Dadmehr. 2008. Neuroscience letters a spatio-temporal wavelet-chaos methodology for
EEG-based diagnosis of Alzheimer’s disease. Neurosci. Lett. 444 (2008), 190–194. DOI:10.1016/j.neulet.2008.08.008.
A. Ali and S. Puthusserypady. 2015. A 3D learning playground for potential attention training in ADHD: A brain-computer
interface approach. In Proceedings of the 37th Annual International Conference of the IEEE Engineering in Medicine and
Biology Society (EMBC’15). IEEE, 67–70. DOI:10.1109/EMBC.2015.7318302.
B. Allison, B. Graimann, and A. Gräser. 2007. Why use a BCI if you are healthy? In Proceedings of the ACE Workshop on
Brain-Computer Interfaces and Games.
F. Amzica and M. Steriade. 1998. Electrophysiological correlates of sleep delta waves, Electroencephalogr. Clin. Neurophysiol.
107 (1998), 69–83.
K. K. Ang and C. Guan. 2013. Brain-computer interface in stroke rehabilitation. J. Comput. Sci. Eng. 7, 2 (2013), 139–146.
S. Anwar, T. Batool, and M. Majid. 2019. Event-related potential-based lie detection using a wearable EEG headset. In
Proceedings of the 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST’19). 543–547.
S. A. M. Aris, S. Lias, and M. N. Taib. 2010. The relationship of alpha waves and theta waves in EEG during relaxation and
IQ test. In Proceedings of the 2nd International Congress on Engineering Education. 69–72.
W. Arnould-Taylor. 1998. A Textbook of Anatomy and Physiology. Nelson Thornes.
M. Arns, H. Heinrich, and U. Strehl. 2013. Evaluation of neurofeedback in ADHD the long and winding road 2014. Biol.
Psychol. 95 (2013), 108–115.
A. Bablani et al. 2019. An efficient concealed information test: Eeg feature extraction and ensemble classification for lie
identification. Mach. Vision Appl. 30, 5 (2019), 813–832.
A. Bablani and D. Tripathi. 2018. A review on methods applied on P300-based lie detectors. In Advances in Machine Learning
and Data Science. Springer, 251–257.
G. Bajwa and R. Dantu. 2016. Neurokey : Towards a new paradigm of cancelable biometrics-based key generation using
electroencephalograms. Comput. Secur. 62 (2016), 95–113. DOI:10.1016/j.cose.2016.06.001.
A. T. Beck, R. A. Steer, and G. K. Brown. 1996. Beck depression inventory-II. San Antonio 78, 2 (1996), 490–498.
J. A. Berg et al. 2013. Behavioral demonstration of a somatosensory neuroprosthesis. IEEE Trans. Neural Syst. Rehab. Eng.
21, 3 (2013), 500–507. DOI:10.1109/TNSRE.2013.2244616
H. Berger. 1929. Über das elektrenkephalogramm des menschen. Eur. Arch. Psych. Clin. Neurosci. 87, 1 (1929), 527–570.
L. Bi, X. Fan, and Y. Liu. 2013. EEG-based brain-controlled mobile robots : A survey. IEEE Trans. Hum.-Mach. Syst. 43, 2
(2013), 161–176.
N. Birbaumer. 2006. Breaking the silence : Brain – computer interfaces (BCI) for communication and motor control. Psy-
chophysiology 43 (2006), 517–532. DOI:10.1111/j.1469-8986.2006.00456.x
M. V. R. Blondet, S. Laszlo, and Z. Jin. 2015. Assessment of permanence of non-volitional EEG brainwaves as a biometric.
In IEEE International Conference on Identity, Security and Behavior Analysis (ISBA’15). IEEE, 1–6.
T. Bonaci et al. 2014. Securing the exocortex : A 21st century cybernetics challenge. Norbert Wiener in the 21st Century.
S. G. Boyd, A. Harden, and P. M. A. 1988. The EEG in early diagnosis of the angeiman (happy puppet) syndrome. Eur. J.
Pediatr. 147, 5 (1988), 508–513.
R. L. Buckner. 2013. Perspective the cerebellum and cognitive function : 25 years of insight from anatomy and neuroimaging.
Neuron 80, 3 (2013), 807–815. DOI:10.1016/j.neuron.2013.10.044
T. J. Buschman. 2011. Propagating waves in human motor cortex. Front. Hum. Neurosci. 5 (2011), 1–8. DOI:10.3389/fnhum.
2011.00040
G. Buzsáki, C. A. Anastassiou, and C. Koch. 2012. The origin of extracellular fields and currents—EEG, ECoG, LFP, and
spikes. Nature Publish. Group 13 (2012), 407–420. DOI:10.1038/nrn3241
P. Campisi et al. 2011. Brain waves-based user recognition using the " eyes closed resting conditions " protocol. In Proceed-
ings of the IEEE International Workshop on Information Forensics and Security. 16–19.
T. Carlson and J. D. R. Millan. 2013. Brain-controlled wheelchairs: a robotic architecture. IEEE Robotics and Automation
Magazine 20, 1 (2013), 65–73.
R. Caton. 1875. Electrical currents of the brain. J. Nervous Mental Dis. 2, 4 (1875), 610.
U. Chaudhary, B. Xia, S. Silvoni, L. G. Cohen, and N. Birbaumer. 2017. Brain–computer interface–based communication in
the completely locked-in state. PLoS Biology 15, 1 (2017), e1002593.
C. Chayer and M. Freedman. 2001. Frontal lobe functions. Curr. Neurol. Neurosci. Rep. 1 (2001), 547–552.
K. H. Chiappa. 1997. Evoked Potentials in Clinical Medicine. Lippincott Williams & Wilkins.
J. Chuang, H. Nguyen, C. Wang, and B. Johnson. 2013. I think, therefore I am: Usability and security of authentication using
brainwaves. In International Conference on Financial Cryptography and Data Security. Springer, Berlin, Heidelberg, 1–16.
L. L. Colgin. 2013. Mechanisms and functions of theta rhythms. Annual Review of Neuroscience 36 (2013), 295–312.
L. G. Cook and L. T. C. Mitschow. 2019. Beyond the polygraph: Deception detection and the autonomic nervous system,
federal practitioner. Frontline Med. Commun. 36, 7 (2019), 316.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:34 O. Landau et al.

J. S. Damoiseaux, C. F. Beckmann, E. J. Arigita, F. Barkhof, P. Scheltens, C. J. Stam, S. M. Smith, and S. A. Rombouts. 2007.
Reduced resting-state brain activity in the “default network” in normal aging. Cerebral Cortex 18, 8 (2007), 1856–1864.
T. T. Dang-vu et al. 2005. Cerebral correlates of delta waves during non-REM sleep revisited. NeuroImage 28 (2005), 14–21.
DOI:10.1016/j.neuroimage.2005.05.028
J. Dauwels et al. 2010. A comparative study of synchrony measures for the early diagnosis of alzheimer’s disease based on
EEG. NeuroImage 49, 1 (2010), 668–693. DOI:10.1016/j.neuroimage.2009.06.056
A. Delorme and S. Makeig. 2004. EEGLAB: An open source toolbox for analysis of single-trial EEG dynamics including
independent component analysis. J. Neurosci. Methods 134, 1 (2004), 9–21.
W. Diffie and M. E. Hellman. 1976. New directions in cryptography. IEEE Trans. Info. Theory 22, 6 (1976), 644–654. DOI:10.
1109/TIT.1976.1055638
W. H. I. M. Drinkenburg. 2015. Electroencephalography, Encyclopedia of Psychopharmacology. Springer, 592–602.
J. B. F. van Erp, F. Lotte, and M. Tangermann. 2012. Brain-computer interfaces: Beyond medical applications. Computer 45,
4 (2012), 26–34.
M. Faundez-Zanuy. 2006. Biometric security technology. IEEE Aerospace Electron. Syst. Mag. 21, 6 (2006), 15–26. DOI:10.
1109/MAES.2006.1662038
M. Ferrari and V. Quaresima. 2012. A brief review on the history of human functional near-infrared spectroscopy (fNIRS)
development and fields of application. Neuroimage 63, 2 (2012), 921–935.
T. Fiebig, J. Krissler, and R. Hänsch. 2014. Security impact of high resolution smartphone cameras. In Proceedings of the 8th
Workshop on Offensive Technologies.
L. Fogassi, P. F. Ferrari, B. Gesierich, S. Rozzi, F. Chersi, and G. Rizzolatti. 2005. Parietal lobe: from action organization to
intention understanding. Science 308, 5722 (2005), 662–667.
M. Frank et al. 2017. Using EEG-based BCI devices to subliminally probe for private information. In Proceedings of the
Workshop on Privacy in the Electronic Society (WPES’17). 1–12.
W. Glannon. 2014. Ethical issues with brain-computer interfaces. Front. Hum. Neurosci. 8 (2014), 1–3. DOI:10.3389/fnsys.
2014.00136
P. Gloor and A. H. Guberman. 1997. The temporal lobe & limbic system, canadian medical association. J. Joule 157, 11
(1997), 1597.
S. Gordon et al. 2018. Are resting state spectral power measures related to executive functions in healthy young adults ?’
Neuropsychologia 108 (2017), 61–72. DOI:10.1016/j.neuropsychologia.2017.10.031
J. C. Gore. 2003. Principles and practice of functional MRI of the human brain. The Journal of Clinical Investigation 112, 1
(2003), 4–9.
L. O. Gorman. 2003. Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91, 12 (2003), 2019–
2040.
G. Grübler and E. Hildt (Eds.). 2014. Brain-Computer-Interfaces in their ethical, social and cultural contexts. Springer
Netherlands.
A. M. Graybiel et al. 1994. The basal ganglia and adaptive motor control, Science. Amer. Assoc. Adv. Sci. 265(5180), (1994),
1826–1831.
A. Greenberg. 2019. Inside the mind’s eye: An international perspective on data privacy law in the age of brain-machine
interfaces. Alb. LJ Sci. & Tech. 29 (2019), 79.
K. Groves, S. Kennett, and H. Gillmeister. 2017. Evidence for ERP biomarkers of eating disorder symptoms in women. Biol.
Psychol. 123 (2017), 205–219. DOI:10.1016/j.biopsycho.2016.12.016
Q. Gui et al. 2016. A residual feature-based replay attack detection approach for brainprint biometric systems. In Proceedings
of the IEEE International Workshop on Information Forensics and Security (WIFS’16). IEEE, 1–6. DOI:10.1109/WIFS.2016.
7823907
Q. Gui et al. 2019. A survey on brain biometrics. ACM Comput. Surv. 51, 6 (2019), 112.
M. Hämäläinen, R. Hari, R. J. Ilmoniemi, J. Knuutila, and O. V. Lounasmaa. 1993. Magnetoencephalography—theory, instru-
mentation, and applications to noninvasive studies of the working human brain. Reviews of Modern Physics 65, 2 (1993),
413.
D. C. Hammond. 2005. Neurofeedback treatment of depression and anxiety. J. Adult Dev. 12(2–3), 131–137. DOI:10.1007/
s10804-005-7029-5
A. E. Hassanien and A. A. Azar. 2015. Brain-Computer Interfaces. Springer, Switzerland.
J. D. Haynes and G. Rees. 2006. Decoding mental states from brain activity in humans. Nature Rev. Neurosci. 7, 7 (2006),
523–534. DOI:10.1038/nrn1931
C. R. Hema, M. P. Paulraj, and H. Kaur. 2008. Brain signatures: A modality for biometric authentication. In Proceedings of
the International Conference on Electronic Design (ICED’08). 3–6. DOI:10.1109/ICED.2008.4786753
G. Herzmann and W. Sommer. 2007. Memory-related ERP components for experimentally learned faces and names : Char-
acteristics and parallel-test reliabilities. Psychophysiology 44, 262–276. DOI:10.1111/j.1469-8986.2007.00505.x

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:35

J. A. Hobson. 1988. The Dreaming Brain. Basic Books, New York.

S. Horndasch et al. 2012. The late positive potential as a marker of motivated attention to underweight bodies in girls with
anorexia nervosa. J. Psychosom. Res. 284–286, 6, (2012), 443–447. DOI:10.1016/j.jpsychores.2012.09.020
E. Hortal et al. 2015. SVM-based brain-machine interface for controlling a robot arm through four mental tasks. Neurocom-
puting 151 (2015), 116–121. DOI:10.1016/j.neucom.2014.09.078
J. R. Hughes. 2008. Gamma, fast, and ultrafast waves of the brain: Their relationships with epilepsy and behavior. Epilepsy
Behav. 13 (2008), 25–31. DOI:10.1016/j.yebeh.2008.01.011
M. Ienca and P. Haselager. 2016. Hacking the brain: brain–computer interfacing technology and the ethics of neurosecurity.
Ethics and Information Technology 18, 2 (2016), 117–129.
M. Ienca, F. Jotterand, and B. S. Elger. 2018. From healthcare to warfare and reverse: How should we regulate dual-use
neurotechnology? Neuron 97, 2 (2018), 269–274.
M. Inzlicht et al. 2009. Neural markers of religious conviction. Psychol. Sci. 20, 3 (2009), 385–392.
A. K. Jain, A. Ross, and S. Prabhakar. 2004. An introduction to biometric recognition. IEEE Trans. Circ. Syst. Video Technol.
14, 1 (2004), 4–20.
F. Jiang, G. C. Stecker, G. M. Boynton, and I. Fine. 2016. Early blindness results in developmental plasticity for auditory
motion processing within auditory and occipital cortex. Frontiers in Human Neuroscience 10 (2016), 324.
Z. Jiang et al. 2017. Event-related theta oscillatory substrates for facilitation and interference effects of negative emotion
on children’s cognition. Int. J. Psychophysiol. 116 (2017), 26–31. DOI:10.1016/j.ijpsycho.2017.02.012
V. Kartsch and S. Benatti. 2017. A wearable EEG-based drowsiness detection system with blink duration and alpha waves
analysis. In Proceedings of the IEEE EMBS Conference on Neural Engineering. 251–254.
A. Kassab et al. 2015. Functional near-infrared spectroscopy caps for brain activity monitoring: A review. Appl. Optics 54,
3 (2015), 576–586.
T. Kaufmann et al. 2011. Flashing characters with famous faces improves ERP-based brain–computer. J. Neural Eng. 8, 5.
DOI:10.1088/1741-2560/8/5/056016
T. Kaufmann, A. Herweg, and A. Kübler. 2014. Toward brain-computer interface-based wheelchair control utilizing tactually
evoked event-related potentials. J. Neuroengineer. Rehab. 1–17.
B. Kerous, F. Skola, and F. Liarokapis. 2017. EEG-based BCI and video games: A progress report. Virtual Reality. Springer,
London, 1253. DOI:10.1007/s10055-017-0328-x
K. T. Kim and S. W. Lee. 2017. Towards an EEG-based intelligent wheelchair driving system with vibro-tactile stimuli. In
Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics (SMC’16). 2382–2385. DOI:10.1109/
SMC.2016.7844595
W. Klimesch. 1999. EEG alpha and theta oscillations reflect cognitive and memory performance: A review and analysis.
Brain Res. Rev. 29, 169–195.
G. G. Knyazev. 2012. Neuroscience and biobehavioral reviews EEG delta oscillations as a correlate of basic homeostatic and
motivational processes. Neurosci. Biobehav. Rev. 36, 1 (2012), 677–695. DOI:10.1016/j.neubiorev.2011.10.002
T. Koike-Akino et al. 2016. High-accuracy user identification using EEG biometrics. In Proceedings of the Annual Interna-
tional Conference of the IEEE Engineering in Medicine and Biology Society (EMBS’16). 854–858. DOI:10.1109/EMBC.2016.
7590835
B. Koo et al. 2015. Immersive BCI with SSVEP in VR head-mounted display. In Proceedings of the 37th Annual International
Conference of the IEEE Engineering in Medicine and Biology Society (EMBC’15). IEEE, 1103–1106. DOI:10.1109/EMBC.
2015.7318558
I. S. Kotchetkov et al. 2010. Brain-computer interfaces: Military, neurosurgical, and ethical perspective. J. Neurosurg. 28,
(2010), 1–6. DOI:10.3171/2010.2.FOCUS1027
D. J. Krusienski et al. 2008. Toward enhanced P300 speller performance. J. Neurosci. Methods 167, 15–21. DOI:10.1016/j.
jneumeth.2007.07.017
A. Kubler and N. Birbaumer. 2008. Brain–computer interfaces and communication in paralysis: Extinction of goal directed
thinking in completely paralysed patients? Clin. Neurophysiol. 119, 11 (2008), 2658–2666.
J. Lange et al. 2017. Side-channel attacks against the human brain: The PIN code case study. In Proceedings of the In-
ternational Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE’17). 171–189. DOI:10.1007/
978-3-319-64647-3.
N. Lee, A. J. Broderick, and L. Chamberlain. 2007. What is “neuromarketing” ? A discussion and agenda for future research.
Int. J. Psychophysiol. 63 (2004), 199–204. DOI:10.1016/j.ijpsycho.2006.03.007.
Q. Li. 2015. Brain-computer interface applications: Security and privacy challenges. In Proceedings of SPiCy’15, 663–666.
Z. Li et al. 2017. Human cooperative wheelchair with brain – machine interaction based on shared control strategy.
IEEE/ASME Trans. Mechatron. 22, 1 (2017), 185–195.
S. Liu and M. Silverman. 2001. A Practical Guide to Biometric Security Technology. IEEE.
S. J. Luck. 2012. Event-related potentials. In Handbook of Research Methods in Psychology. APA, vol. 1, 1–18.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:36 O. Landau et al.

M. Lui et al. 2018. Suppression of 12-Hz SSVEPs when viewing familiar faces: An electrophysiological index to detect
recognition. Int. J. Psychophysiol. 133 (2018), 159–168.
M. E. Lund, H. V. Christiensen, H. A. Caltenco, E. R. Lontis, B. Bentsen, and L. N. A. Struijk. 2010. Inductive tongue control
of powered wheelchairs. In 2010 Annual International Conference of the IEEE Engineering in Medicine and Biology. IEEE,
3361–3364.
G. Lukács et al. 2019. Item roles explored in a modified P300-based CTP concealed information test. In Applied Psychophys-
iology and Biofeedback. Springer, 1–15.
E. Maby et al. 2012. BCI could make old two-player games even more fun: A proof of concept with connect four. Advances
in Human-Computer Interaction. ACM. DOI:10.1155/2012/124728
B. O. Mainsah et al. 2014. Utilizing a language model to improve online dynamic data collection in P300 spellers. IEEE Trans.
Neural Syst. Rehab. Eng. 22, 4 (2014), 837–846. DOI:10.1109/TNSRE.2014.2321290
B. O. Mainsah et al. 2015. stopping towards more practical use: An ALS study increasing BCI communication rates with
dynamic stopping towards more practical use: An ALS study. J. Neural Engineer. 12, 1 DOI:10.1088/1741-2560/12/1/
016013
E. Maiorana et al. 2013. On the vulnerability of an EEG-based biometric system to hill-climbing attacks algorithms com-
parison and possible countermeasures. In Proceedings of the IEEE 6th International Conference on Biometrics: Theory,
Applications and Systems (BTAS’13). IEEE, 1–6. DOI:10.1109/BTAS.2013.6712726
E. Maiorana et al. 2015. Hill-climbing attacks on multibiometrics recognition systems. IEEE Trans. Info. Forensics Secur. 10,
5 (2015), 900–915. DOI:10.1109/TIFS.2014.2384735
I. Martinovic, D. Davies, M. Frank, D. Perito, T. Ros, and D. Song. 2012. On the feasibility of side-channel attacks with
brain-computer interfaces. In Presented as part of the 21st USENIX Security Symposium (USENIX Security’12). 143–158.
D. P. Mcmullen et al. 2014. Demonstration of a semi-autonomous hybrid brain – machine interface using human intracranial
EEG, Eye tracking, and computer vision to control a robotic upper limb prosthetic, IEEE Trans. Neural Syst. Rehab. Eng.
22, 4 (2014), 784–796.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. 1996. Handbook of Applied Cryptography. CRC Press.
J. Meng et al. 2016. Noninvasive electroencephalogram-based control of a robotic arm for reach and grasp tasks. Sci. Rep. 6
(Nov. 2016), 1–15. DOI:10.1038/srep38565
R. Middleton IV, C. Howell, S. Peebles, and K. Powell. 2011. Unsafe harbor: An analysis of local Government use of harboring
ordinances to restrict illegal aliens’ access to housing. Journal of Immigrant & Refugee Studies 9, 2 (2011), 127–138.
R. Milla. 2007. Person authentication using brainwaves (EEG) and maximum a posteriori model adaptation. IEEE Trans.
Pattern Anal. Mach. Intell. 29, 4 (2007), 743–748.
I. Nakanishi, S. Baba, and C. Miyamoto. 2009. EEG-based biometric authentication using new spectral features. In Proceed-
ings of the Symposium on Intelligent Signal Processing and Communication Systems. 651–654.
N. Naseer and K. S. Hong. 2015. fNIRS-based brain-computer interfaces: A review. Frontiers in Human Neuroscience 9, 3
(2015).
K. L. Nikos. 2008. What we can do and what we cannot do with fMRI. Nature Rev. Neurosci. 453, 869–878. DOI:10.1038/
nature06976
M. Nishimori, T. Saitoh, and R. Konishi. 2007. Voice controlled intelligent wheelchair. In Proceedings of the SICE Annual
Conference. 336–340.
O. Ossmy et al. 2011. Minddesktop-computer accessibility for severely handicapped. In Proceedings of the International
Conference on Enterprise Information Systems (ICEIS’11). Vol. 4, 316–320.
D. Panchal. 2013. Bio-Crypto System. Doctoral Dissertation. Indian Institute of Technology, Kharagpur.
J. Patel, S. Fujisawa, and A. Bere. 2012. Report traveling theta waves along the entire septotemporal axis of the hippocampus.
Neuron 75, 410–417. DOI:10.1016/j.neuron.2012.07.015
G. Pfurtscheller. 1979. Central beta rhythm during sensorimotor activities in man. Electroencephalogr. Clin. Neurophysiol.
1, 51 (1979), 253–264.
G. Pfurtscheller et al. 2006. Mu rhythm (de) synchronization and EEG single-trial classification of different motor imagery
tasks. NeuroImage 31, 153–159. DOI:10.1016/j.neuroimage.2005.12.003
G. Pfurtscheller, R. Scherer, and C. Neuper. 2008. Rehabilitation with brain-computer interface systems. Computer 41, 10
(2008), 58–65.
S. Plesnick, D. Repice, and P. Loughnane. 2014. Eye-controlled wheelchair. In Proceedings of the IEEE Canada International
Humanitarian Technology Conference (IHTC’14).
G. Plourde. 2006. Auditory evoked potentials. Best Pract. Res. Clin. Anaesthesiol. 20, 1 (2006), 129–139.
A. Pótári et al. 2017. NeuroImage age-related changes in sleep EEG are attenuated in highly intelligent individuals. Neu-
roImage 146(2016), 554–560. DOI:10.1016/j.neuroimage.2016.09.039
G. Prasad et al. 2009. Using motor imagery-based brain-computer interface for post-stroke rehabilitation. In Proceedings of
the IEEE International Conf erence on Neural Engineering. 258–262.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
Mind Your Mind: EEG-Based BCIs and Their Security in Cyber Space 17:37

S. Qiu et al. 2016. Event-related beta EEG changes during active, passive movement and functional electrical stimulation
of the lower limb. IEEE Trans. Neural Syst. Rehab. Eng. 24, 2 (2016), 283–290.
B. Quintela and S. Cunha. 2010. Biometric authentication using brain responses to visual stimuli. 103–112.
J. R. Wolpaw, N. Birbaumer, W. J. Heetderks, D. J. McFarland, P. H. Peckham, G. Schalk, E. Donchin, L. A. Quatrano, C. J.
Robinson, and T. M. Vaughan. 2000. Brain-computer interface technology: a review of the first international meeting.
IEEE Transactions on Rehabilitation Engineering 8, 2 (2000), 164–173.
G. N. Rajendra and B. Rajneesh. 2011. A new approach for data encryption using genetic algorithms and brain mu waves.
J. Sci. Engineer. Res. 2, 5 (2011), 2–5.
K. V. R. Ravi, R. Palaniappan, and C. Eswaran. 2007. Data encryption using event-related brain signals. In Proceedings of
the International Conference on Computational Intelligence and Multimedia Applications. Vol. 1, 540–544. DOI:10.1109/
ICCIMA.2007.178
N. Rawat, Y. Shin, and I. Balasingham. 2016. EEG-based image encryption via quantum walks. In Proceedings of the Annual
International Conference of the IEEE Engineering in Medicine and Biology Society (EMBS’16). 231–234. DOI:10.1109/EMBC.
2016.7590682
A. Riera, A. Soria-Frisch, M. Caparrini, C. Grau, and G. Ruffini. 2007. Unobtrusive biometric system based on electroen-
cephalogram analysis. EURASIP Journal on Advances in Signal Processing 2008, 1 (2007), 143728.
D. A. Rohani and S. Puthusserypady. 2015. BCI inside a virtual reality classroom: a potential training tool for attention. EPJ
Nonlinear Biomedical Physics 3, 1 (2015), 12.
E. Saxby and E. G. Peniston. 1995. Alpha–theta brainwave neurofeedback training: An effective treatment for male and
female alcoholics with depressive symptoms. Journal of Clinical Psychology 51, 5 (1995), 685–693.
D. L. Schacter. 1977. Eeg theta waves and psychological phenomena: A review and analysis. Biol. Psychol. 5, 47–82.
R. Scherer and G. Pfurtscheller. 2005. EEG-based neuroprosthesis control : A step towards clinical practice. Neurosci. Lett.
382(1–2), 169–174. DOI:10.1016/j.neulet.2005.03.021
J. D. Schmahmann. 2019. Neuroscience letters on the cerebellum and cognition. Neurosci. Lett. 688 (2018), 62–75. DOI:10.
1016/j.neulet.2018.07.005
H. A. Shedeed. 2011. A new method for person identification in a biometric security system based on brain EEG signal
processing. In Proceedings of the IEEE Congress on Information and Communication Technologies. 1205–1210.
G. J. Simmons and G. J. Simmons. 1979. Symmetric and asymmetric encryption. ACM Comput. Surveys 11, 4 (1979), 305–330.
D. H. Smith et al. 2000. Immediate coma following inertial brain injury dependent on axonal damage in the brainstem. J.
Neurosurg. 93, 2 (2000), 315–322.
N. Soffer-Dudek, D. Todder, L. Shelef, I. Deutsch, and S. Gordon. 2019. A neural correlate for common trait dissociation:
Decreased EEG connectivity is related to dissociative absorption. J. Personal. 87, 2 (2019), 295–309. DOI:10.1111/jopy.
12391
W. Speier et al. 2012. Natural language processing with dynamic classification improves P300 speller accuracy and bit rate.
J. Neural Engineer. 9, 1 (2012) DOI:10.1088/1741-2560/9/1/016004
W. Speier, C. Arnold, and N. Pouratian. 2013. Evaluating true BCI communication rate through mutual information and
language models. PLoS ONE 8, 10 (2013) DOI:10.1371/journal.pone.0078432
L. R. Squire. 1992. Memory and the hippocampus: A synthesis from findings with rats, monkeys, and humans. Psychol. Rev.
99, 2 (1992), 195.
L. R. Squire and S. Zola-Morgan. 1991. The Medial Temporal Lobe Memory System. Science 253, 5026 (1991), 1380–1386.
A. Steck and B. Steck. 2016. Dreams and the dreaming brain. In Brain and Mind. Springer, 219–240.
A. Stein et al. 2018. EEG-triggered dynamic difficulty adjustment for multiplayer games. Entertain. Comput. 14–25. DOI:10.
1016/j.entcom.2017.11.003
F. Su, H. Zhou, and Z. Feng. 2012. A biometric-based covert warning system using EEG. In 2012 5th IAPR International
Conference on Biometrics (ICB). IEEE, 342–347.
G. A. Tabot. 2014. Restoring the sense of touch with a prosthetic hand through a brain interface. Proc. Natl. Acad. Sci. U.S.A.
111, 2 (2014), 18279–18284. DOI:10.1073/pnas.1322627111
W. O. Tatum, R. C. Ly, M. Sluzewska-Niedzwiedz, and J. J. Shih. 2013. Lambda waves and occipital generators. Clinical EEG
and Neuroscience 44, 4 (2013), 307–312.
M. Teplan. 2002. Fundamentals of EEG measurement. Measure. Sci, Rev. 2, (2002), 1–11. DOI:10.1021/pr070350l
K. P. Thomas and A. P. Vinod. 2018. EEG-based biometric authentication using gamma band power during rest state.
Circuits, Systems, and Signal Processing 37, 1 (2018), 277–289. DOI:10.1007/s00034-017-0551-4
A. Tiwary et al. 2018. Internet of things (IoT): Research, architectures and applications. Int. J. Future Rev. Comput. Sci.
Commun. Engineer. 4 (2018), 2454–4248. DOI:10.1111/j.1541-1338.2004.00099.x
P. Tsaytler, H. P. Harding, D. Ron, and A. Bertolotti. 2011. Selective inhibition of a regulatory subunit of protein phosphatase
1 restores proteostasis. Science 332, 6025 (2011), 91–94.
H. Tuokka. 2017. Theta Rhythm Production and Creativity Through Simultaneous Sensory Stimulation.

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.
17:38 O. Landau et al.

A. Umair, U. Ashfaq, and M. G. Khan. 2017. Recent trends, applications, and challenges of brain-computer interfacing (BCI).
International Journal of Intelligent Systems and Applications 9, 2 (2017), 58.
G. A. M. Vasiljevic and L. C. de Miranda. 2019. Brain–computer interface games based on consumer-grade EEG Devices:
A systematic literature review. International Journal of Human–Computer Interaction (2019), 1–38.
J. Vidal. 1973. Toward Direct Brain-Computer Communication. Annual review of Biophysics and Bioengineering 2, 1 (1973),
157–180.
F. Vogel. 1970. The genetic basis of the normal human electroencephalogram (EEG). Humangenetik 10, 2 (1970), 91–114.
DOI:10.1007/BF00295509
F. Vogel et al. 1979. The electroencephalogram (EEG) as a research tool in human behavior genetics: Psychological exam-
inations in healthy males with various inherited EEG variants: I. Rationale of the study. Mater. Methods Heritab. Test
Param. Hum. Genet. 47, 1 (1979), 1–45. DOI:10.1007/BF00295569
K. Wahlstrom, B. Fairweather, and H. Ashman. 2017. Privacy and brain-computer interfaces: Method and interim findings.
ORBIT Journal 1, 2 (2017).
M. A. Whittington et al. 2010. Multiple origins of the cortical gamma rhythm. Dev. Neurobiol. 71 (2010), 92–106. DOI:10.
1002/dneu.20814
C. M. Wong et al. 2015. A multi-channel SSVEP-based BCI for computer games with analogue control. In Proceedings of
the IEEE International Conference on Computational Intelligence and Virtual Environments for Measurement Systems and
Applications (CIVEMSA’15). IEEE, 1–6. DOI:10.1109/CIVEMSA.2015.7158612
D. Wu, C. Li, and D. Yao. 2009. Scale-free music of the brain. PLoS ONE 4, 6 (2009), 4–11. DOI:10.1371/journal.pone.0005915
Y. Xu et al. 2016. Frequency of a false positive diagnosis of epilepsy: A systematic review of observational studies, Seizure
41 (2016), 167–174.
E. Yin et al. 2013. A novel hybrid BCI speller based on the incorporation of SSVEP into the P300. J. Neural Eng. 10, 2 (2013)
DOI:10.1088/1741-2560/10/2/026012
H. Zhang and J. Jacobs. 2015. Traveling theta waves in the human hippocampus. J. Neurosci. 35, 36 (2015), 12477–12487.
DOI:10.1523/JNEUROSCI.5102-14.2015
K. Ziegler-graham et al. 2008. Estimating the prevalence of limb loss in the united states : 2005 to 2050’. Arch. Phys. Med.
Rehab. 89 (2008), 422–429. DOI:10.1016/j.apmr.2007.11.005
R. Moskovitch, N. Nissim, and Y. Elovici. 2007. Malicious code detection and acquisition using active learning. In Proceedings
of the Conference on IEEE Intelligence and Security Informatics. IEEE, 371.
R. Moskovitch, N. Nissim, and Y. Elovici. 2008. Acquisition of malicious code using active learning. In Proceedings of the
2nd International Workshop on Privacy, Security, and Trust in KDD.
N. Nissim, M. R. Boland, N. P. Tatonetti, Y. Elovici, G. Hripcsak, Y. Shahar, and R. Moskovitch. 2016. Improving condition
severity classification with an efficient active learning-based framework. J. Biomed. Info. 61 (2016), 44–54.
N. Nissim, Y. Shahar, Y. Elovici, G. Hripcsak, and R. Moskovitch. 2017. Inter-labeler and intra-labeler variability of condition
severity classification models using active and passive learning methods. Artific. Intell. Med. 81 (2017), 12–32.
E. Maiorana, G. E. Hine, and P. Campisi. 2015. Hill-climbing attacks on multibiometrics recognition systems. IEEE Trans.
Info. Forensic Sec. 10, 5 (2015), 900–915.
E. Maiorana, G. E. Hine, D. La Rocca, and P. Campisi. 2013. On the vulnerability of an EEG-based biometric system to
hill-climbing attacks algorithms’ comparison and possible countermeasures. In Proceedings of the IEEE 6th International
Conference on Biometrics: Theory, Applications & Systems (BTAS’13). 1–6.
Q. Gui, W. Yang, Z. Jin, M. V. Ruiz-Blondet, and S. Laszlo. 2016. A residual feature-based replay attack detection approach
for brainprint biometric systems. In Proceedings of the 8th IEEE International Workshop on Information, Forensics, and
Security (WIFS’16). IEEE 1–6.
F. Su, H. Zhou, Z. Feng, and J. Ma. 2012. A biometric-based covert warning system using EEG. In Proceedings of the 5th
IAPR International Conference on Biometrics (ICB’12). IEEE 342–347.
A. Zúquete, B. Quintela, and J. P. da Silva Cunha. 2010. Biometric Authentication using brain responses to visual stimuli.
In Biosignals. 103–112.

Received June 2019; revised November 2019; accepted November 2019

ACM Computing Surveys, Vol. 53, No. 1, Article 17. Publication date: February 2020.