(USA)

Voice-activated control offers easy access to devices and services but is it a secure system?

To combat the threat of impersonators and hackers gaining entry to personal data, researchers at the University of Michigan (U-M) have developed a wearable that adds an additional level of security.

“Increasingly, voice is being used as a security feature but it actually has huge holes in it,” explained Kang Shin, professor of electrical engineering and computer science at U-M. “If a system is using only your voice signature, it can be very dangerous. We believe you have to have a second channel to authenticate the owner of the voice.”

And the U-M team has created a second channel, a wearable system – labelled VAuth – that can be worn as a necklace, placed in ear buds or on glasses. It monitors the vibrations generated when a person speaks, on the face, throat or chest, and works by matching the ‘signals from the accelerometer in the wearable security token and the microphone in the electronic device’.

Shin continued: “It delivers physical security, which is difficult to compromise even by sophisticated attackers. Only with this guarantee can the voice assistant be trusted as personal and secure, especially in scenarios such as banking and home safety.”

In tests with 18 users and 30 voice commands the team recorded a 97% level of detection accuracy.

VAuth also “overcomes a key problem of voice biometrics,” said Kassem Fawaz, who was involved in the project as a student at U-M, and is now assistant professor at the University of Wisconsin.

“A voice biometric, similar to a fingerprint, is not easy to keep protected. From a few recordings of the user’s voice, an attacker can impersonate the user by generating a matching ‘voice print’,” he said.

“The users can do little to regain their security as they cannot simply change their voice. On the other hand, when losing VAuth for any reason, the user can simply unpair it to prevent an attacker from using their device.”