NEUROSEC is a synergy project led by Carlos III University of Madrid (UC3M), in collaboration with researchers from the Complutense University of Madrid (UCM) and the University of la Laguna (ULL), in search of cybersecurity for neural devices.
One of the significant advances in neurotechnology has been Brain-Computer Interfaces (BCI). The principal application of this technology has always been in the field of medicine. The best-known example of BCI are neurostimulators (known as brain pacemakers). These devices are implanted in the target area (the brain area to be treated) and by using electrical stimulation the implant modulates the activity of this area, treating diseases such as Parkinson’s or Epilepsy. These being the principal diseases treated, BCI also has more sophisticated applications, such as the control of prosthetic limbs or even communication systems for paralysed patients. In this way, BCI technologies have significantly improved the life quality of millions of patients for whom, in many cases, this treatment was the only possible. Nevertheless, medicine is not the only field of application for BCI. There are currently BCI technologies on the market that are capable of recording the brain activity of a subject, thus opening up new frontiers and paradigms (e.g., Brain-to-vehicle Nissan Project).
Despite their increasing development, both in the medical and user fields, these technologies are immature from a cybersecurity point of view. Different attacks tested in the laboratory have shown how an attacker can disable or reprogram therapies and can even induce a shock in a patient wearing a medical device. Likewise, the attacker could also drain the battery of the device, leaving it inoperative. These facts have motivated the FDA (U.S Food and Drug Administration) to launch several alarms warning about the vulnerabilities of these devices. But not only the FDA, prestigious researchers in the area of neuroscience and technology are already talking about the importance of privacy and protection against non-authorised access in BCI devices, stressing that this is a real and not a potential risk. Motivated by this, they have signed what is known as «NeuroRights» to protect users/patients against the misuse of this technology.
The scientific programme of the NEUROSEC project aims to advance along this line, designing new security mechanisms that can be incorporated by design (security & privacy by design) in the new generations of BCI devices. Usually, the term neurosecurity is used in the literature to refer to this area of research. It can be defined as the protection of the confidentiality, integrity and availability of neural devices against malicious entities to preserve the security of the neural mechanisms and computations, as well as the free behaviour of the people who carry these devices. Following the evolution of the application scenarios of these technologies, from medicine to general use applications, we find a wide variety of BCI devices on the market, beyond the implantable medical devices. Although an attack on a neurostimulator can have more catastrophic consequences than an attack on a commercial device, the latter must be equally protected, as the neurological privacy and security of individuals are at risk.
The objectives of this project are clearly in line with the priorities established at the National and European levels for the development of safe environments linked to citizens’ rights. In particular, the results of this project will represent a significant advance for using BCI devices with a higher security level.