Linghan Zhang, Sheng Tan, Zi Wang, Yili Ren, Zhi Wang, Jie Yang Dept. of CS, Florida State University, USA Presenter: Linghan Zhang ACSAC 2020 December 7-11, 2020 · Online VibLive: A Continuous Liveness Detection for Secure Voice User Interface In IoT Environment
23
Embed
VibLive: A Continuous Liveness Detection for Secure Voice ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Linghan Zhang, Sheng Tan, Zi Wang, Yili Ren, Zhi Wang, Jie Yang
Dept. of CS, Florida State University, USA
Presenter: Linghan Zhang
ACSAC 2020December 7-11, 2020 · Online
VibLive: A Continuous Liveness Detection for Secure Voice User Interface
In IoT Environment
❑ The Smart Home
✓ Security Control▪ Smart locks
▪ Smart alarms
✓ Appliance control▪ Smart kitchen
▪ Smart vacuums
▪ Smart plugs
✓ Personal Business Control
▪ E-commerce
▪ Daily Schedule
VUI in the IoT Environment
2
VUI in the IoT Environment
❑ The Smart Office.
✓ Access control▪ Access to locations
▪ Access to devices
✓ Environment control▪ Temperature control
▪ Lighting control
✓ Teamwork scheduling
3
❑ The Smart Vehicle
✓ In-car voice assistant▪ Navigation
▪ Making phone calls
▪ Playing music
✓ Hands free Driving
VUI in the IoT Environment
4
Attacks on VUI❑ VUI devices are vulnerable to replay attacks.
✓ Pre-recorded, concatenated, synthesized voices
✓ Easy access
✓ Highly effective
Bank accountPasswordsPrivate conversation……....................
5
Attacks on VUI❑ Successful attacks on VUI could cause severe consequences. ✓ Credential breaching
✓ Privacy leakage
✓ Burglary
✓ Vehicle misleading
Bank accountPasswordsPrivate conversation……....................
6
Previous Work vs. Our Solution
❑ Only support wake words or registered passwords authentication
❖ Continuity
VibLive secures the whole communication session.
❖ Transparency
VibLive requires no additional operations or added hardware.
❖ Applicability
VibLive looses the constraints of distances and locations.
❑ Require extra devices or actions
❑ Necessitate close distances and fixed locations
7
System and Attack Model
Voice recording
Activation?
Google Home Service
Speaker-dependent speech recognition
Speaker-independent speech
recognition
CommandsY
N
Attack at the speech recognition phase
❑ Typical VUI capable devices’ workflow
✓ Activated with the “right” wake words✓ Execute any commands after being activated
✓ Activated by authenticating the user speaking the wake words✓ Only execute the authenticated user’s commands
❑ Replay Attacks
✓ Activation✓ Speech Recognition
Attack at the activation phase
8
VibLive: Basic Idea
❑ Human bone-conducted vibrations and air-conducted voices are different.
❑ Loudspeakers’ rigid-body vibrations and replayed voices are always the same.
❑ Bone-conducted vibrations and air-conducted voices always coexist when a live human speech.