Continuous Authentication for Voice Assistants

Voice has become an increasingly popular User Interaction (UI) channel, mainly contributing to the ongoing trend of wearables, smart vehicles, and home automation systems. Voice assistants such as Siri, Google Now and Cortana, have become our everyday fixtures, especially in scenarios where touch interfaces are inconvenient or even dangerous to use, such as driving or exercising. Nevertheless, the open nature of the voice channel makes voice assistants difficult to secure and exposed to various attacks as demonstrated by security researchers. In this paper, we present VAuth, the first system that provides continuous and usable authentication for voice assistants. We design VAuth to fit in various widely-adopted wearable devices, such as eyeglasses, earphones/buds and necklaces, where it collects the body-surface vibrations of the user and matches it with the speech signal received by the voice assistant's microphone. VAuth guarantees that the voice assistant executes only the commands that originate from the voice of the owner. We have evaluated VAuth with 18 users and 30 voice commands and find it to achieve an almost perfect matching accuracy with less than 0.1% false positive rate, regardless of VAuth's position on the body and the user's language, accent or mobility. VAuth successfully thwarts different practical attacks, such as replayed attacks, mangled voice attacks, or impersonation attacks. It also has low energy and latency overheads and is compatible with most existing voice assistants

Interfaz gráfica de etiquetado de atributos faciales

Los sistemas tradicionales de identi cación presentan algunas carencias, pues requieren de información como claves de acceso, documentos de identidad o tarjetas de acceso que se pueden perder, robar o incluso falsi car fácilmente. Es por ello que surge el reconocimiento biométrico, cuya nalidad consiste en identi car al individuo a través de información característica propia como puede ser la cara, huella digital, etc. Dichas características propias son conocidas como Soft Biometrics. Se tratan de características humanas físicas (color de ojos, color de pelo, presencia de barba, etc), conductuales (dinámica de tecleo, forma de escribir, forma de andar, etc) y adheridas a características humanas (color de ropa, presencia de tatuajes, accesorios, etc), establecidas y probadas en el tiempo por los seres humanos con el objetivo de diferenciar a los individuos. Estas características físicas y de comportamiento humano se utilizan cada vez más en aplicaciones de seguridad debido a diversas ventajas, tales como la universalidad, la robustez, la permanencia y la accesibilidad. En el presente Trabajo Fin de Grado, se estudia, implementa y evalúa un sistema de reconocimiento basado en Soft Biometrics. Dichos Soft Biometrics resultan interesantes ya que pueden proporcionar información de un individuo convirtiendo a un sistema biométrico primario más able. Para llevarlo a cabo, se desarrolla una interfaz de etiquetado facial, con el n de estudiar y evaluar cómo afectan un conjunto de Soft Biometrics en la identi cación del individuo. Como punto de partida se ha estudiado el estado del arte en Soft Biometrics y su evolución a lo largo de la historia. Posteriormente se ha diseñado la interfaz grá ca para etiquetado de atributos faciales y se ha procedido al etiquetado de la base de datos LFW, que no dispone de un etiquetado de Soft Biometrics de los individuos, públicamente disponible para investigación. Una vez obtenido el etiquetado, se ha realizado una cuanti cación de los resultados obtenidos con el n de poder operar y extraer conclusiones con dichos datos. En la parte de análisis, se ha estudiado y evaluado la correlación que existe entre los diferentes Soft Biometrics que se han de nido para este proyecto. En la parte experimental, se ha diseñado un sistema basado en un conjunto de Soft Biometrics en el que se ha estudiado el rendimiento individual y varios conjuntos de ellos atendiendo a distintos criterios. Por último, se presentan las conclusiones, extraídas a lo largo del trabajo y se proponen líneas de trabajo futuro.Traditional identi cation systems present some limitations, since they require information such as passwords, IDs or access cards which can get lost, stolen or even easily falsi ed. Thus, biometric recognition arose with the purpose of identifying individuals across their own characteristics such as the face, ngerprint, etc. These characteristics are known as Biometric traits. They involve physical human characteristics (i.e. eyes color, hair color, the presence of beard, etc.), behavioral characteristics (i.e. typing dynamics, writing style, gait, etc.) and characteristics adhered to human characteristics (i.e. clothes color, the presence of tattoos, accessories, etc.), established and proved in the time by human beings with the objective of di erentiating individuals. Physical characteristics and human behavior are increasingly being used within security applications due to their several advantages, such as universality, robustness, permanency and accessibility. The present TFG studies, implements and evaluates a recognition system based on Soft Biometrics. Soft Biometrics are interesting since they may provide information of an individual turning into a reliable primary biometric system. In order to carry it out, a facial labelling interface is developed with the objective of studying and evaluating how a set of Soft Biometrics may perform in identi cation tasks of an individual. As starting point, the state of the art in Soft Biometrics and its evolution along history has been studied. Later, the interface for facial attributes labeling has been designed, which has no Soft Biometrics labeling of individuals, labeled. This database was provided by the group of ATVS biometric recognition. As soon as the labeling was obtained, a quanti cation of the results has been realized with the purpose of operating and extracting conclusions from this data. In the analysis section, the existing correlation among di erent Soft Biometrics included in this project has been studied and evaluated. In the experimental part, a system based on a set of Soft Biometrics has been designed and the individual yield has been studied attending on di erent criteria. Finally, the conclusions extracted along the development of the project are presented and future lines of work are proposed

Voice Mimicry Attacks Assisted by Automatic Speaker Verification

International audienceIn this work, we simulate a scenario, where a publicly available ASV system is used to enhance mimicry attacks against another closed source ASV system. In specific, ASV technology is used to perform a similarity search between the voices of recruited attackers (6) and potential target speakers (7,365) from VoxCeleb corpora to find the closest targets for each of the attackers. In addition, we consider 'median', 'furthest', and 'common' targets to serve as a reference points. Our goal is to gain insights how well similarity rankings transfer from the attacker's ASV system to the attacked ASV system, whether the attackers are able to improve their attacks by mimicking, and how the properties of the voices of attackers change due to mimicking. We address these questions through ASV experiments, listening tests, and prosodic and formant analyses. For the ASV experiments, we use i-vector technology in the attacker side, and x-vectors in the attacked side. For the listening tests, we recruit listeners through crowdsourcing. The results of the ASV experiments indicate that the speaker similarity scores transfer well from one ASV system to another. Both the ASV experiments and the listening tests reveal that the mimicry attempts do not, in general, help in bringing attacker's scores closer to the target's. A detailed analysis shows that mimicking does not improve attacks, when the natural voices of attackers and targets are similar to each other. The analysis of prosody and formants suggests that the attackers were able to considerably change their speaking rates when mimicking, but the changes in F0 and formants were modest. Overall, the results suggest that untrained impersonators do not pose a high threat towards ASV systems, but the use of ASV systems to attack other ASV systems is a potential threat.

Acoustic-channel attack and defence methods for personal voice assistants

Personal Voice Assistants (PVAs) are increasingly used as interface to digital environments. Voice commands are used to interact with phones, smart homes or cars. In the US alone the number of smart speakers such as Amazon’s Echo and Google Home has grown by 78% to 118.5 million and 21% of the US population own at least one device. Given the increasing dependency of society on PVAs, security and privacy of these has become a major concern of users, manufacturers and policy makers. Consequently, a steep increase in research efforts addressing security and privacy of PVAs can be observed in recent years. While some security and privacy research applicable to the PVA domain predates their recent increase in popularity and many new research strands have emerged, there lacks research dedicated to PVA security and privacy. The most important interaction interface between users and a PVA is the acoustic channel and acoustic channel related security and privacy studies are desirable and required. The aim of the work presented in this thesis is to enhance the cognition of security and privacy issues of PVA usage related to the acoustic channel, to propose principles and solutions to key usage scenarios to mitigate potential security threats, and to present a novel type of dangerous attack which can be launched only by using a PVA alone. The five core contributions of this thesis are: (i) a taxonomy is built for the research domain of PVA security and privacy issues related to acoustic channel. An extensive research overview on the state of the art is provided, describing a comprehensive research map for PVA security and privacy. It is also shown in this taxonomy where the contributions of this thesis lie; (ii) Work has emerged aiming to generate adversarial audio inputs which sound harmless to humans but can trick a PVA to recognise harmful commands. The majority of work has been focused on the attack side, but there rarely exists work on how to defend against this type of attack. A defence method against white-box adversarial commands is proposed and implemented as a prototype. It is shown that a defence Automatic Speech Recognition (ASR) can work in parallel with the PVA’s main one, and adversarial audio input is detected if the difference in the speech decoding results between both ASR surpasses a threshold. It is demonstrated that an ASR that differs in architecture and/or training data from the the PVA’s main ASR is usable as protection ASR; (iii) PVAs continuously monitor conversations which may be transported to a cloud back end where they are stored, processed and maybe even passed on to other service providers. A user has limited control over this process when a PVA is triggered without user’s intent or a PVA belongs to others. A user is unable to control the recording behaviour of surrounding PVAs, unable to signal privacy requirements and unable to track conversation recordings. An acoustic tagging solution is proposed aiming to embed additional information into acoustic signals processed by PVAs. A user employs a tagging device which emits an acoustic signal when PVA activity is assumed. Any active PVA will embed this tag into their recorded audio stream. The tag may signal a cooperating PVA or back-end system that a user has not given a recording consent. The tag may also be used to trace when and where a recording was taken if necessary. A prototype tagging device based on PocketSphinx is implemented. Using Google Home Mini as the PVA, it is demonstrated that the device can tag conversations and the tagging signal can be retrieved from conversations stored in the Google back-end system; (iv) Acoustic tagging provides users the capability to signal their permission to the back-end PVA service, and another solution inspired by Denial of Service (DoS) is proposed as well for protecting user privacy. Although PVAs are very helpful, they are also continuously monitoring conversations. When a PVA detects a wake word, the immediately following conversation is recorded and transported to a cloud system for further analysis. An active protection mechanism is proposed: reactive jamming. A Protection Jamming Device (PJD) is employed to observe conversations. Upon detection of a PVA wake word the PJD emits an acoustic jamming signal. The PJD must detect the wake word faster than the PVA such that the jamming signal still prevents wake word detection by the PVA. An evaluation of the effectiveness of different jamming signals and overlap between wake words and the jamming signals is carried out. 100% jamming success can be achieved with an overlap of at least 60% with a negligible false positive rate; (v) Acoustic components (speakers and microphones) on a PVA can potentially be re-purposed to achieve acoustic sensing. This has great security and privacy implication due to the key role of PVAs in digital environments. The first active acoustic side-channel attack is proposed. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smartphone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movement can be monitored to steal Android unlock patterns. The number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel unnoticeable acoustic side-channel

Regulating and Securing the Interfaces Across Mobile Apps, OS and Users

Over the past decade, we have seen a swift move towards a mobile-centered world. This thriving mobile ecosystem builds upon the interplay of three important parties: the mobile user, OS, and app. These parties interact via designated interfaces many of which are newly invented for, or introduced to the mobile platform. Nevertheless, as these new ways of interactions arise in the mobile ecosystem, what is enabled by these communication interfaces often violates the expectations of the communicating parties. This makes the foundation of the mobile ecosystem untrustworthy, causing significant security and privacy hazards. This dissertation aims to fill this gap by: 1) securing the conversations between trusted parties, 2) regulating the interactions between partially trusted parties, and 3) protecting the communications between untrusted parties. We first deal with the case of mobile OS and app, and analyze the Inter-Process Communication (IPC) protocol (Android Binder in particular) between these two untrusted parties. We found that the Android OS is frequently making unrealistic assumptions on the validity (sanity) of transactions from apps, thus creating significant security hazards. We analyzed the root cause of this emerging attack surface and protected this interface by developing an effective, precautionary testing framework and a runtime diagnostic tool. Then, we study the deficiency of how a mobile user interacts with an app that he can only partially trust. In the current mobile ecosystem, information about the same user in different apps can be easily shared and aggregated, which clearly violates the conditional trust mobile user has on each app. This issue is addressed by providing two complementary options: an OS-level extension that allows the user to track and control, during runtime, the potential flow of his information across apps; and a user-level solution that allows the users to maintain multiple isolated profiles for each app. Finally, we elaborate on how to secure the voice interaction channel between two trusted parties, mobile user and OS. The open nature of the voice channel makes applications that depend on voice interactions, such as voice assistants, difficult to secure and exposed to various attacks. We solve this problem by proposing the first system, called VAuth, that provides continuous and usable authentication for voice commands, designed as a wearable security token. It collects the body-surface vibrations of a user via an accelerometer and continuously matches them to the voice commands received by the voice assistant. This way, VAuth guarantees that the voice assistant executes only the commands that originate from the voice of the owner. Overall, this thesis examined the privacy and security issues across various interfaces in the mobile ecosystem, analyzed the trust relationship between different parties and proposed practical solutions. It also documented the experience learned from tackling these problems, and can serve as a reference in dealing with similar issues in other domains.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/137033/1/huanfeng_1.pd