Cancellable Deep Learning Framework for EEG Biometrics

EEG-based biometric systems verify the identity of a user by comparing the probe to a reference EEG template of the claimed user enrolled in the system, or by classifying the probe against a user verification model stored in the system. These approaches are often referred to as template-based and model-based methods, respectively. Compared with template-based methods, model-based methods, especially those based on deep learning models, tend to provide enhanced performance and more flexible applications. However, there is no public research report on the security and cancellability issue for model-based approaches. This becomes a critical issue considering the growing popularity of deep learning in EEG biometric applications. In this study, we investigate the security issue of deep learning model-based EEG biometric systems, and demonstrate that model inversion attacks post a threat for such model-based systems. That is to say, an adversary can produce synthetic data based on the output and parameters of the user verification model to gain unauthorized access by the system. We propose a cancellable deep learning framework to defend against such attacks and protect system security. The framework utilizes a generative adversarial network to approximate a non-invertible transformation whose parameters can be changed to produce different data distributions. A user verification model is then trained using output generated from the generator model, while information about the transformation is discarded. The proposed framework is able to revoke compromised models to defend against hill climbing attacks and model inversion attacks. Evaluation results show that the proposed method, while being cancellable, achieves better verification performance than the template-based methods and state-of-the-art non-cancellable deep learning methods

Cancellable Template Design for Privacy-Preserving EEG Biometric Authentication Systems

As a promising candidate to complement traditional biometric modalities, brain biometrics using electroencephalography (EEG) data has received a widespread attention in recent years. However, compared with existing biometrics such as fingerprints and face recognition, research on EEG biometrics is still in its infant stage. Most of the studies focus on either designing signal elicitation protocols from the perspective of neuroscience or developing feature extraction and classification algorithms from the viewpoint of machine learning. These studies have laid the ground for the feasibility of using EEG as a biometric authentication modality, but they have also raised security and privacy concerns as EEG data contains sensitive information. Existing research has used hash functions and cryptographic schemes to protect EEG data, but they do not provide functions for revoking compromised templates as in cancellable template design. This paper proposes the first cancellable EEG template design for privacy-preserving EEG-based authentication systems, which can protect raw EEG signals containing sensitive privacy information (e.g., identity, health and cognitive status). A novel cancellable EEG template is developed based on EEG graph features and a non-invertible transform. The proposed transformation provides cancellable templates, while taking advantage of EEG elicitation protocol fusion to enhance biometric performance. The proposed authentication system offers equivalent authentication performance (8.58\% EER on a public database) as in the non-transformed domain, while protecting raw EEG data. Furthermore, we analyze the system's capacity for resisting multiple attacks, and discuss some overlooked but critical issues and possible pitfalls involving hill-climbing attacks, second attacks, and classification-based authentication systems

PolyCosGraph:A Privacy-Preserving Cancelable EEG Biometric System

Recent findings confirm that biometric templates derived from electroencephalography (EEG) signals contain sensitive information about registered users, such as age, gender, cognitive ability, mental status and health information. Existing privacy-preserving methods such as hash function and fuzzy commitment are not cancelable, where raw biometric features are vulnerable to hill-climbing attacks. To address this issue, we propose the PolyCosGraph, a system based on Polynomial transformation embedding Cosine functions with Graph features of EEG signals, which is a privacy-preserving and cancelable template design that protects EEG features and system security against multiple attacks. In addition, a template corrupting process is designed to further enhance the security of the system, and a corresponding matching algorithm is developed. Even when the transformed template is compromised, attackers cannot retrieve raw EEG features and the compromised template can be revoked. The proposed system achieves the authentication performance of 1.49% EER with a resting state protocol, 0.68% EER with a motor imagery task, and 0.46% EER under a watching movie condition, which is equivalent to that in the non-encrypted domain. Security analysis demonstrates that our system is resistant to attacks via record multiplicity, preimage attacks, hill-climbing attacks, second attacks and brute force attacks.</p