TY - GEN
T1 - VibLive
T2 - 36th Annual Computer Security Applications Conference, ACSAC 2020
AU - Zhang, Linghan
AU - Tan, Sheng
AU - Wang, Zi
AU - Ren, Yili
AU - Wang, Zhi
AU - Yang, Jie
N1 - Funding Information:
We thank the anonymous reviewers for their insightful feedback. This work was partially supported by the NSF Grants CNS-1835963, CNS-1910519, CNS-1514238, and DGE-1565215.
Publisher Copyright:
© 2020 ACM.
PY - 2020/12/7
Y1 - 2020/12/7
N2 - The voice user interface (VUI) has been progressively used to authenticate users to numerous devices and applications. Such massive adoption of VUIs in IoT environments like individual homes and businesses arises extensive privacy and security concerns. Latest VUIs adopting traditional voice authentication methods are vulnerable to spoofing attacks, where a malicious party spoofs the VUIs with pre-recorded or synthesized voice commands of the genuine user. In this paper, we design VibLive, a continuous liveness detection system for secure VUIs in IoT environments. The underlying principle of VibLive is to catch the dissimilarities between bone-conducted vibrations and air-conducted voices when human speaks for liveness detection. VibLive is a text-independent system that verifies live users and detects spoofing attacks without requiring users to enroll specific passphrases. Moreover, VibLive is practical and transparent as it requires neither additional operations nor extra hardwares, other than a loudspeaker and a microphone that are commonly equipped on VUIs. Our evaluation with 25 participants under different IoT intended experiment settings shows that VibLive is highly effective with over 97% detection accuracy. Results also show that VibLive is robust to various use scenarios.
AB - The voice user interface (VUI) has been progressively used to authenticate users to numerous devices and applications. Such massive adoption of VUIs in IoT environments like individual homes and businesses arises extensive privacy and security concerns. Latest VUIs adopting traditional voice authentication methods are vulnerable to spoofing attacks, where a malicious party spoofs the VUIs with pre-recorded or synthesized voice commands of the genuine user. In this paper, we design VibLive, a continuous liveness detection system for secure VUIs in IoT environments. The underlying principle of VibLive is to catch the dissimilarities between bone-conducted vibrations and air-conducted voices when human speaks for liveness detection. VibLive is a text-independent system that verifies live users and detects spoofing attacks without requiring users to enroll specific passphrases. Moreover, VibLive is practical and transparent as it requires neither additional operations nor extra hardwares, other than a loudspeaker and a microphone that are commonly equipped on VUIs. Our evaluation with 25 participants under different IoT intended experiment settings shows that VibLive is highly effective with over 97% detection accuracy. Results also show that VibLive is robust to various use scenarios.
KW - bone-conducted vibrations
KW - liveness detection
KW - voice user interface
UR - http://www.scopus.com/inward/record.url?scp=85098094454&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85098094454&partnerID=8YFLogxK
U2 - 10.1145/3427228.3427281
DO - 10.1145/3427228.3427281
M3 - Conference contribution
AN - SCOPUS:85098094454
T3 - ACM International Conference Proceeding Series
SP - 884
EP - 896
BT - Proceedings - 36th Annual Computer Security Applications Conference, ACSAC 2020
PB - Association for Computing Machinery
Y2 - 7 December 2020 through 11 December 2020
ER -