IJCNIS Vol. 14, No. 3, 8 Jun. 2022
Cover page and Table of Contents: PDF (size: 1078KB)
Full Text (PDF, 1078KB), PP.1-18
Views: 0 Downloads: 0
Cyber Security, Audio Security, Steganography, User Experience, Accessibility
Although authentication of users of digital voice-based systems has been addressed by much research and many commercially available products, there are very few that perform well in terms of both usability and security in the audio domain. In addition, the use of voice biometrics has been shown to have limitations and relatively poor performance when compared to other authentication methods. We propose using audio steganography as a method of placing authentication key material into sound, such that an authentication factor can be achieved within an audio channel to supplement other methods, thus providing a multi factor authentication opportunity that retains the usability associated with voice channels. In this research we outline the challenges and threats to audio and voice-based systems in the form of an original threat model focusing on audio and voice-based systems, we outline a novel architectural model that utilises audio steganography to mitigate the threats in various authentication scenarios and finally, we conduct experimentation into hiding authentication materials into an audible sound. The experimentation focused on creating and testing a new steganographic technique which is robust to noise, resilient to steganalysis and has sufficient capacity to hold cryptographic material such as a 2048 bit RSA key in a short audio music clip of just a few seconds achieving a signal to noise ratio of over 70 dB in some scenarios. The method developed was seen to be very robust using digital transmission which has applications beyond this research. With acoustic transmission, despite the progress demonstrated in this research some challenges remain to ensure the approach achieves its full potential in noisy real-world applications and therefore the future research direction required is outlined and discussed.
Anthony Phipps, Karim Ouazzane, Vassil Vassilev, "Securing Voice Communications Using Audio Steganography", International Journal of Computer Network and Information Security(IJCNIS), Vol.14, No.3, pp.1-18, 2022. DOI:10.5815/ijcnis.2022.03.01
[1]G. Kesten, “15 mind-blowing stats about voice assistants,” Adobe Inc., 21 September 2020. [Online]. Available: https://blog.adobe.com/en/publish/2020/09/21/mind-blowing-stats-voice-assistants.html#gs.cu22jz. [Accessed 10 August 2021].
[2]Marchick, “Voice Search Trends,” Alpine AI, April 2018. [Online]. Available: https://alpine.ai/voice-search-trends/. [Accessed 4th May 2018].
[3]J. Vlahos, Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think, USA: Houghton Mifflin Harcourt USA , 2019.
[4]N. Gunson, D. Marshall, H. Morton and M. Jack, “User perceptions of security and usability of singlefactor and two-factor authentication in automated telephone banking,” Computers & Security, vol 30, no. 4, pp. 208-220, vol. vol 30, no. no. 4, pp. pp. 208-220, 2011.
[5]European Banking Authority, “Opinion of the European Banking Authority on the elements of strong customer authentication under PSD2,” European Banking Authority, 2019 June 21. [Online]. Available: https://eba.europa.eu/sites/default/documents/files/documents/10180/2622242/4bf4e536-69a5-44a5-a685-de42e292ef78/EBA%20Opinion%20on%20SCA%20elements%20under%20PSD2%20.pdf. [Accessed 29 February 2020].
[6]V. Vassilev, A. Phipps, M. Lane, K. Mohamed and A. Naciscionis, “Two-Factor Authentication for Voice Assistance in Digital Banking Using Public Cloud Services,” in Confluence 2020 10th International Conference on Cloud Computing, Data Science and Engineering, Noida , 2020.
[7]UK Office for National Statistics, “Office for National Statistics,” ONS, 18 February 2020. [Online]. Available: https://www.ons.gov.uk/employmentandlabourmarket/peopleinwork. [Accessed 29 February 2020].
[8]M. Saltzman, “How to Set Up A Smart Speaker: Step-by-step tips for getting started with Amazon Echo, Apple HomePod or Google Home assistants,” AARP, 11 October 2019. [Online]. Available: https://www.aarp.org/home-family/personal-technology/info-2019/smart-speakers-set-up-instructions.html. [Accessed 29 May 2021].
[9]J. A. Markowitz, “Voice Biometrics,” Communications of The ACM, vol. 43, no. No.9, pp. pp 66-73, 2007.
[10]Otti, “Comparison of Biometric Identification Methods,” in 11th IEEE International Symposium on Applied Computational Intelligence and Informatics , Timişoara, 2016.
[11]Z. Rui and Z. Yan, “A Survey on Biometric Authentication: Toward Secure and Privacy-Preserving Identification,” IEEE Access, vol. vol. 7, pp. pp. 5994-6009, 2019.
[12]T. Sabhanayagam, V. Prasanna Venkatesan and K. Senthamaraikannan, “A Comprehensive Survey on Various Biometric Systems,” International Journal of Applied Engineering Research, vol. 13, no. 5 (2018), pp. pp. 2276-2297, 2018.
[13]O. Buckley and J. R. C. Nurse, “The Language of Biometrics: Analysing Public Perceptions,” Journal of Information Security and Applications, vol. 47, pp. 112-119, August 2019.
[14]W. Jansen, S. Gravila and V. Korolev, “NIST Computer Security Resource Centre,” National Institute of Standards and Technology (NIST), 2005. [Online]. Available: https://csrc.nist.gov/publications/detail/nistir/7200/final. [Accessed 3rd December 2018].
[15]Hocking, S. Funnel, N. Clarke and P. Reynolds, “Co-operative user identity verification using an Authentication Aura,” Computers and Security, vol. 39, pp. 486-502, 2013.
[16]Z.-l. Gu and Y. Liu, “Scalable Group Audio-Based Authentication Scheme for IoT Devices,” in 12th International Conference on Computational Intelligence and Security, 2016.
[17]L. Burch, M. Angelo and B. Masoud, “Proximity Based Authentication”. United States of America Patent US 9,722,984 B2, 1st August 2017.
[18]H. Feng, K. Fawaz and K. G. Shin, “Continuous Authentication for Voice Assistants,” in MobiCom '17 Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking, Utah, 2017.
[19]Simmons, “BBC fools HSBC voice recognition security system,” BBC News - Technology , May 2017. [Online]. Available: https://www.bbc.co.uk/news/technology-39965545. [Accessed 30th August 2018].
[20]Sobia Usman, Humera Niaz, "Building Secure Web-Applications Using Threat Model", International Journal of Information Technology and Computer Science, Vol.10, No.3, pp.52-62, 2018.
[21]W. Diao, X. Liu, Z. Zhou and K. Zhang, “Your voice assistant is mine: How to abuse speakers to steal information and control your phone,” in Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, 2014.
[22]G. Zhang, C. Yan, X. Ji, T. Zhang, T. Zhang and W. Xu, “DolphinAtack: Inaudible Voice Commands,” in ACM Conference on Computer and Communications Security (CCS), Dallas, 2017.
[23]J. Seymour and A. Aqil, “Your Voice is My Passport,” in Black Hat USA 2018 Website Whitepapers, Las Vegas, 2018.
[24]Lyrebird, “"We create the most realistic artificial voices in the world",” 2018. [Online]. Available: https://lyrebird.ai. [Accessed 3rd March 2019].
[25]Y. Wang, “Audio samples from "Tacotron: Towards End-to-End Speech Synthesis",” [Online]. Available: https://google.github.io/tacotron/publications/tacotron/index.html. [Accessed 3rd March 2019].
[26]Y. Wang, R. Skerry-Ryan, D. Stanton, Y. Wu, R. J. Weiss, N. Jaitly, Z. Yang, Y. Xiao, Z. Chen, S. Bengio, Q. Le, Y. Agiomyrgiannakis, R. Clark and R. A. Saurous, “Tacotron: Towards End-to-End Speech Synthesis,” in Interspeech, Stockholm, Sweden, 2017.
[27]A. v. d. Oord, S. Dieleman and H. Zen, “WaveNet: A Generative Model for Raw Audio,” Deepmind, 8th September 2016. [Online]. Available: https://deepmind.com/blog/wavenet-generative-model-raw-audio/. [Accessed 3rd March 2019].
[28]M. K. Bispham, I. Agrafiotis and M. Goldsmith, “Nonsense Attacks on Google Assistant,” 6th August 2018. [Online]. Available: https://www.cs.ox.ac.uk/people/mary.bispham/. [Accessed December 2018].
[29]N. Carlini and D. Wagner, “Audio Adversarial Examples: Targeted Attacks on Speech-to-Text,” in IEEE Symposium on Security and Privacy Workshops, San Francisco, California, USA, 2018.
[30]Y. Zhang, L. Xu, A. Mendoza, G. Yang, P. Chinprutthiwong and G. Gu, “Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications,” in Network and Distributed Systems Security (NDSS) Symposium , San Diego, CA, USA, 2019.
[31]T. Sugawara, B. Cyr, S. Rampazzi, D. Genkin and K. Fu, “Lightcommands: Laser-Based Audio Injection on Voice-Controllable Systems,” Defense Advanced Research Projects Agency (DARPA) , 4th November 2019. [Online]. Available: https://lightcommands.com/20191104-Light-Commands.pdf. [Accessed 29 February 2020].
[32]N. Zhang, X. Mi, X. Feng, X. Wang, Y. Tian and F. Qian, “Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems,” in Proceedings of 2019 IEEE Symposium on Security and Privacy (SP) , San Francisco, 2019.
[33]D. Dirk Schnelle-Walka, “W3C Github Repository - Intelligent Personal Assistant Architecture,” World Wide Web Consortium, 24 March 2020. [Online]. Available: https://w3c.github.io/voiceinteraction/voice%20interaction%20drafts/paArchitecture.htm. [Accessed 16 October 2020].
[34]MITRE Corporation, “MITRE ATT&CK,” MITRE, 27th January 2021. [Online]. Available: https://attack.mitre.org/. [Accessed 13th February 2021].
[35]A. Phipps, K. Ouazzane and V. Vassilev, “Enhancing Cyber Security Using Audio Techniques: A Public Key Infrastructure for Sound,” in IEEE 19TH International Conference On Trust, Security And Privacy In Computing And Communications (TRUSTCOM 2020), Guangzhou, CHINA, 2020.
[36]H. Dutta, R. K. Das, S. Nandi and S. R. M. Prasanna, “An Overview of Digital Audio Steganography,” IETE Technical Review, vol. 37, no. 6, pp. 632-650, 2020.
[37]B. Choudhury, R. Das and A. Baruah, “A Novel Steganalysis Method Based on Histogram Analysis: Lecture Notes in Electrical Engineering, vol 315,” in Advanced Computer and Communication Engineering Technology, Switzerland, Springer International, 2015, pp. pp 779-789.
[38]Osama Hosam, "Attacking Image Watermarking and Steganography - A Survey", International Journal of Information Technology and Computer Science, Vol.11, No.3, pp.23-37, 2019.
[39]Md. Rayhan Ahmed, Towhidul Islam Robin, Ashfaq Ali Shafin, " Automatic Environmental Sound Recognition (AESR) Using Convolutional Neural Network", International Journal of Modern Education and Computer Science, Vol.12, No.5, pp. 41-54, 2020.