Student ponders the future and safety
of computer/brain interface devices © Sept. 21, 2012, Norwich University Office of Communications

Saul Costa, a Computer Science and Computer Security and Information Assurance major, hopes to make security the top priority for future technology that accesses human brain activity.

photo by Jordan Silverman, staffSaul Costa, who is earning bachelor's degrees in Computer Science and Computer Security and Information Assurance, hopes to make security the top priority for future technology that accesses human brain activity.

When the Internet was young and developing, security was not always a top priority. As a result, the processes we use to protect our data and systems still feel “tacked on” years later, according to Norwich University student Saul Costa.

He believes we cannot allow the same thing to happen as the medical community begins to explore the use of devices that interact with the human brain. It is critical these devices stay safe from unwanted intervention.

“It’s basically human lives we’re talking about,” said Costa, a sophomore earning a double major in Computer Security and Information Assurance [CSIA] and Computer Science. “We need to be concerned with security up front.”

For a special research project that took up 10 weeks of his summer vacation, Costa, of Websterville, Vt., dove into a topic that is typically the domain of science fiction and scary stories about people manipulated through computer chips in their heads. This is an extreme view that doesn’t address the potential of brain/computer interfaces, he said.

Costa pointed out the use of Cochlear implants, which help people with severe hearing problems, demonstrates that people will inevitably use technology that affects and reacts to neural activity. Potential uses include control of artificial limbs and the precise release of medication. Nor is it a huge step to predict these devices may have some kind of networking capacity for the exchange of information, he said.

“We should make it a future where people don’t get hurt because of a lack of security,” said Costa, who developed an interest in neural activity and the brain during a psychology class earlier in his college career.

Costa proposed a security system that would ensure three things:

  • Any device that interfaces with a brain must not enable the theft of information about the user’s neural activity or history.
  • It must prevent the introduction of information that could lead to harmful activity.
  • It must prevent the harmful release of chemicals or medication.

Computer Science Prof. Jeremy Hansen, who served as research advisor, emphasized that this project was largely theoretical. Their job was to speculate about future flaws in technology and some of the complicated ways functionality might be compromised. One of the big challenges was envisioning security for devices that do not yet exist.

“We’re trying to build it general enough so that it works with any device that comes up,” he said.

Costa's first step was to get a better understanding of neural signals and how they are recorded and tracked. For this, he purchased a commercial electroencephalography [EEG] headset, which detects electrical signals along the scalp that give information about neural activity. Although he did no human testing for his research, the EEG headset and various networking components helped him figure out how a computer detects and interprets this analog information.

A bigger question was envisioning the types of devices that would use this information, and how best to set up “gatekeepers.” Firewall-type security systems, which control information traffic through a predetermined set of criteria, would be ineffective, according to Costa, as they are only as good as the latest update. He sees an antivirus-type system, which tries to interpret and identify malicious intent of external information, as the way to go.

“It was a lot of work,” he said. “It was a lot of pieces in a big puzzle.”

Costa drew up a conceptual design of the security system, and is submitting his final paper to various academic and security-oriented conferences. He plans to keep working on his system during the remaining years at Norwich, as there is much left to do and explore.

“I would say I covered some ground and made some suggestions that have never been made before,” he said.

Costa and Hansen spent part of the early weeks of the project working on an application for grant money from the federal Defense Advanced Research Projects Agency, but were ultimately turned down. This involved a lot of tedious work, according to Hansen, but will prove useful if Costa ever seeks a patent on any device involving the security technology.

Costa said he enjoyed the chance to work with Hansen over the summer, and to exchange ideas and problem-solving tips while he worked at his own pace. The idea for the project came out of a conversation the two had about science fiction, the brain and computer security.

“If you have an idea, he’s got some other idea and some type of resource to steer you,” said Costa.