Example Security Review #1

By Tadayoshi Kohno at 9:18 am on December 31, 2007Comments Off on Example Security Review #1

David Chen provided this example CSE 490K Security Review.

Summary

Project Epoc is a headset that uses sensors to read electric signals emitted by the brain to “detect player thoughts, feelings, and expression.” It can transmit this information wirelessly, and is intended to relay “non-conscious communication – expression intuition, perception” in addition to conscious interaction.

The purpose of Project Epoc is to be used for video games and it is currently not a working product, though there is a working demo that seems to be able to detect general calmness (or not) of the person, read general facial expressions, and read large slow motions.

Assets and Security Goals

  1. The information gathered by the device should not be received by any unintended parties. That is, communications between the headset and the game console should be confidential. Otherwise, third parties may be able to read your thoughts.
  2. The device should only be able to read the thoughts of the person wearing it. Otherwise, the integrity of the information may be compromised, or the device could be used in unintended ways that would bring bad press to the company.
  3. The device itself is an asset and should be physically secure from tampering. Otherwise, it may be modified to compromise any other security goal or used to harm the user.

Adversaries and Threats

  1. Eavesdroppers on the wireless channel could use the devices mind-reading abilities to learn about things users may not even be consciously thinking about, or think about offhand, and learn a lot of information about the user, especially since the device is designed to relay non-conscious communication.
  2. Competitors may tamper with the product to cause it to malfunction, relay information insecurely, and ruin the reputation of the product.
  3. Malware writers on the target (receiving) device could interpret the information, revealing unconscious and conscious thoughts.

Potential Weaknesses

  1. Communication between the headset and game console is accomplished wirelessly, which might it would be easy for eavesdropping to occur invisibly. A physical connection, strong encryption, and data flooding could make it very difficult to determine what is being communicated.
  2. The integrity of the receiving device (both software and hardware) needs to be maintained to ensure that the confidentiality of a person’s thoughts is maintained and not sent elsewhere. Running only signed and approved code on a trusted computing platform with a TPM chip can help maintain this integrity.
  3. The integrity of the headset must be maintained so that it cannot be modified to leak information. Using unique physical one-way seals could make it so any modification to the device would be evident, in which case it would be up to the user to spot it and not trust the device.
Filed under: Announcements,Security ReviewsComments Off on Example Security Review #1

Comments are closed.