Attacks on Electroencephalogram Authentication
Michael Thompson, Joseph Bae
Department of Computer Science
Faculty Supervisor: Sara El Alaoui
Brainwave-based authentication has been proposed as an “ultimate” biometric because electroencephalogram (EEG) signals are internal, continuously measurable, and potentially unique to each individual. However, most prior work focuses on identification accuracy and does not rigorously test whether these systems remain secure under intentional manipulation. This project evaluates the security of EEG-based person identification by measuring how easily a model can be vulnerable by subtle, optimized additive perturbations to the EEG signal, and whether defenses can restore performance. We trained a baseline subject-identification system on multichannel EEG time-series recordings using public data with consistent preprocessing and normalization. A Convolutional Neural Network (CNN) learns compact subject embeddings from short EEG windows, followed by a Support Vector Machine (SVM) for identity classification. We evaluate baseline performance using identification accuracy and confusion patterns, and quantify security using false acceptance rate and robustness under perturbations. We then conduct a security stress test by generating low-magnitude, constrained interference to cause targeted impersonation or untargeted misclassification. Vulnerability is measured by increases in false acceptance and drops in accuracy. Finally, we test practical defenses (filtering/denoising, artifact-aware preprocessing, and robustness-oriented training or detection) to measure performance recovery under attack.