Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges

Short-range audio channels have a few distinguishing characteristics: ease of use, low deployment costs, and easy to tune frequencies, to cite a few. Moreover, thanks to their seamless adaptability to the security context, many techniques and tools based on audio signals have been recently proposed. However, while the most promising solutions are turning into valuable commercial products, acoustic channels are increasingly used also to launch attacks against systems and devices, leading to security concerns that could thwart their adoption. To provide a rigorous, scientific, security-oriented review of the field, in this paper we survey and classify methods, applications, and use-cases rooted on short-range audio channels for the provisioning of security services---including Two-Factor Authentication techniques, pairing solutions, device authorization strategies, defense methodologies, and attack schemes. Moreover, we also point out the strengths and weaknesses deriving from the use of short-range audio channels. Finally, we provide open research issues in the context of short-range audio channels security, calling for contributions from both academia and industry.

[1]  Claudio Soriente,et al.  Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound , 2015, USENIX Security Symposium.

[2]  Di Ma,et al.  Secure Proximity Detection for NFC Devices Based on Ambient Sensor Data , 2012, ESORICS.

[3]  Mauro Conti,et al.  A Survey on Context-based Co-presence Detection Techniques , 2018, ArXiv.

[4]  Zekeriya Erkin,et al.  Secure Comparison Protocols in the Semi-Honest Model , 2015, IEEE Journal of Selected Topics in Signal Processing.

[5]  Nitesh Saxena,et al.  Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[6]  Erkki Oja,et al.  Independent component analysis: algorithms and applications , 2000, Neural Networks.

[7]  Claudio Soriente,et al.  Using audio in secure device pairing , 2009, Int. J. Secur. Networks.

[8]  Matthias Hollick,et al.  Perils of Zero-Interaction Security in the Internet of Things , 2019, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[9]  Hiroshi G. Okuno,et al.  Solving Google's Continuous Audio CAPTCHA with HMM-Based Automatic Speech Recognition , 2013, IWSEC.

[10]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[11]  Won Suk Choi,et al.  Sound-Proximity: 2-Factor Authentication against Relay Attack on Passive Keyless Entry and Start System , 2018 .

[12]  Wenyuan Xu,et al.  DolphinAttack: Inaudible Voice Commands , 2017, CCS.

[13]  N. Asokan,et al.  Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks , 2015, NDSS.

[14]  Peng Ning,et al.  Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time , 2013, 2013 IEEE Symposium on Security and Privacy.

[15]  James Scott,et al.  Audio Location: Accurate Low-Cost Location Sensing , 2005, Pervasive.

[16]  I. Elamvazuthi,et al.  Voice Recognition Algorithms using Mel Frequency Cepstral Coefficient (MFCC) and Dynamic Time Warping (DTW) Techniques , 2010, ArXiv.

[17]  Songwu Lu,et al.  Point&Connect: intention-based device pairing for mobile phone users , 2009, MobiSys '09.

[18]  Nitesh Saxena,et al.  Listening Watch: Wearable Two-Factor Authentication using Speech Signals Resilient to Near-Far Attacks , 2018, WISEC.

[19]  Gerhard P. Hancke,et al.  Self-jamming Audio Channels: Investigating the Feasibility of Perceiving Overshadowing Attacks , 2016, RFIDSec.

[20]  Nitesh Saxena,et al.  Efficient Device Pairing Using "Human-Comparable" Synchronized Audiovisual Patterns , 2008, ACNS.

[21]  Arie Yeredor,et al.  Dictionary attacks using keyboard acoustic emanations , 2006, CCS '06.

[22]  William R. Claycomb,et al.  Secure device pairing using audio , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[23]  Niraj K. Jha,et al.  Vibration-based secure side channel for medical devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[24]  Mauro Conti,et al.  A Survey of Man In The Middle Attacks , 2016, IEEE Communications Surveys & Tutorials.

[25]  Ahmad-Reza Sadeghi,et al.  Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices , 2014, CCS.

[26]  B. Barak Fully Homomorphic Encryption and Post Quantum Cryptography , 2010 .

[27]  Ramarathnam Venkatesan,et al.  Dhwani: secure peer-to-peer acoustic NFC , 2013, SIGCOMM.

[28]  N. Asokan,et al.  Opportunistic Human Observation Attacks: Perils in Designing Zero-Effort Deauthentication , 2015, ArXiv.

[29]  Stephan Sigg,et al.  Context-based security: state of the art, open research topics and a case study , 2011, CASEMANS '11.

[30]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[31]  John C. Mitchell,et al.  The Failure of Noise-Based Non-continuous Audio Captchas , 2011, 2011 IEEE Symposium on Security and Privacy.

[32]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[33]  Hanumant Fadewar,et al.  Audio CAPTCHA Techniques: A Review , 2018 .

[34]  Pierre Comon,et al.  Handbook of Blind Source Separation: Independent Component Analysis and Applications , 2010 .

[35]  Francesco Camastra,et al.  Machine Learning for Audio, Image and Video Analysis - Theory and Applications , 2007, Advanced Information and Knowledge Processing.

[36]  Haitham S. Cruickshank,et al.  Secure Device Pairing: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[37]  Manfred Pinkal,et al.  Acoustic Side-Channel Attacks on Printers , 2010, USENIX Security Symposium.

[38]  Imran Memon,et al.  Content distribution and protocol design issue for mobile social networks: a survey , 2019, EURASIP J. Wirel. Commun. Netw..

[39]  David Gerhard,et al.  Audio Signal Classification: History and Current Techniques , 2003 .

[40]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[41]  Gerhard Nahler,et al.  Pearson Correlation Coefficient , 2020, Definitions.

[42]  B. Matthews Comparison of the predicted and observed secondary structure of T4 phage lysozyme. , 1975, Biochimica et biophysica acta.

[43]  Zhizheng Wu,et al.  Voice conversion and spoofing attack on speaker verification systems , 2013, 2013 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference.

[44]  Mervyn A. Jack,et al.  User perceptions of security, convenience and usability for ebanking authentication tokens , 2009, Comput. Secur..

[45]  Patrick Traynor,et al.  2MA: Verifying Voice Commands via Two Microphone Authentication , 2018, AsiaCCS.

[46]  Klara Nahrstedt,et al.  WritingHacker: audio based eavesdropping of handwriting via mobile devices , 2016, UbiComp.

[47]  MARTA GOMEZ-BARRERO,et al.  Privacy-Preserving Comparison of Variable-Length Data With Application to Biometric Template Protection , 2017, IEEE Access.

[48]  Ngu Nguyen,et al.  Secure Context-based Pairing for Unprecedented Devices , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[49]  Micah Sherr,et al.  Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition , 2015, WOOT.

[50]  Nitesh Saxena,et al.  Keyboard Emanations in Remote Voice Calls: Password Leakage and Noise(less) Masking Defenses , 2018, CODASPY.

[51]  Claudio Soriente,et al.  HAPADEP: Human-Assisted Pure Audio Device Pairing , 2008, ISC.

[52]  Ning Zhang,et al.  S2M: A Lightweight Acoustic Fingerprints-Based Wireless Device Authentication Protocol , 2017, IEEE Internet of Things Journal.

[53]  Angélica Caro,et al.  Authentication schemes and methods: A systematic literature review , 2018, Inf. Softw. Technol..

[54]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[55]  Daniel P. W. Ellis,et al.  Speech and Audio Signal Processing - Processing and Perception of Speech and Music, Second Edition , 1999 .

[56]  Paul Gardner-Stephen,et al.  Survey and Systematization of Secure Device Pairing , 2017, IEEE Communications Surveys & Tutorials.

[57]  Xiang Gao,et al.  Comparing and fusing different sensor modalities for relay attack resistance in Zero-Interaction Authentication , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[58]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[59]  Lucas C. Parra,et al.  A SURVEY OF CONVOLUTIVE BLIND SOURCE SEPARATION METHODS , 2007 .

[60]  Yuqiong Sun,et al.  AuDroid: Preventing Attacks on Audio Channels in Mobile Devices , 2015, ACSAC.

[61]  Simson L. Garfinkel,et al.  Secure and Usable Enterprise Authentication: Lessons from the Field , 2016, IEEE Security & Privacy.

[62]  Nitesh Saxena,et al.  A Sound for a Sound: Mitigating Acoustic Side Channel Attacks on Password Keystrokes with Active Sounds , 2016, Financial Cryptography.

[63]  Patrick Traynor,et al.  Hello, Is It Me You're Looking For?: Differentiating Between Human and Electronic Speakers for Voice Interface Security , 2018, WISEC.

[64]  Nitesh Saxena,et al.  Acoustic Eavesdropping Attacks on Constrained Wireless Device Pairing , 2013, IEEE Transactions on Information Forensics and Security.

[65]  Zekeriya Erkin,et al.  Generating Private Recommendations Efficiently Using Homomorphic Encryption and Data Packing , 2012, IEEE Transactions on Information Forensics and Security.

[66]  Yasunari Obuchi,et al.  Emotion Recognition using Mel-Frequency Cepstral Coefficients , 2007 .

[67]  Yusheng Ji,et al.  Using ambient audio in secure mobile phone communication , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[68]  Arquimedes Canedo,et al.  Acoustic Side-Channel Attacks on Additive Manufacturing Systems , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[69]  Yodai Watanabe,et al.  Security of audio secret sharing scheme encrypting audio secrets with bounded shares , 2014, 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[70]  Jing Chen,et al.  Secure pairing with wearable devices by using ambient sound and light , 2017, Wuhan University Journal of Natural Sciences.

[71]  Dan S. Wallach,et al.  Strengthening user authentication through opportunistic cryptographic identity assertions , 2012, CCS.

[72]  Yuto Miura,et al.  Security of (n, n)-threshold audio secret sharing schemes encrypting audio secrets , 2016, 2016 IEEE Statistical Signal Processing Workshop (SSP).

[73]  Hae Yong Kim,et al.  Differential audio analysis: a new side-channel attack on PIN pads , 2018, International Journal of Information Security.

[74]  Micah Sherr,et al.  Hidden Voice Commands , 2016, USENIX Security Symposium.

[75]  Bhavani Thuraisingham,et al.  Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security , 2017, CCS.

[76]  D. Kibler,et al.  Instance-based learning algorithms , 2004, Machine Learning.

[77]  Chen Qian,et al.  Passive Acoustic Localization Based on COTS Mobile Devices , 2018, 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS).

[78]  Nitesh Saxena,et al.  Keyboard acoustic side channel attacks: exploring realistic and security-sensitive scenarios , 2014, International Journal of Information Security.

[79]  Dorothea Kolossa,et al.  Toward Improved Audio CAPTCHAs Based on Auditory Perception and Language Understanding , 2016, ACM Trans. Priv. Secur..

[80]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.

[81]  Nitesh Saxena,et al.  Vibreaker: Securing Vibrational Pairing with Deliberate Acoustic Noise , 2016, WISEC.

[82]  Mauro Conti,et al.  A Survey on Homomorphic Encryption Schemes: Theory and Implementation , 2017 .

[83]  Peng Gao,et al.  Cognitive Acoustic Analytics Service for Internet of Things , 2017, 2017 IEEE International Conference on Cognitive Computing (ICCC).

[84]  Shen Yan,et al.  SoundAuth: Secure Zero-Effort Two-Factor Authentication Based on Audio Signals , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[85]  Paolo Castellini,et al.  Acoustic beamforming for noise source localization – Reviews, methodology and applications , 2019, Mechanical Systems and Signal Processing.

[86]  Tao Li,et al.  Proximity-Proof: Secure and Usable Mobile Two-Factor Authentication , 2018, MobiCom.

[87]  Gianluca Stringhini,et al.  What Happens After You Are Pwnd: Understanding the Use of Leaked Webmail Credentials in the Wild , 2016, Internet Measurement Conference.

[88]  Xiangyu Liu,et al.  Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone , 2014, SPSM@CCS.

[89]  Anupama,et al.  INFORMATION HIDING USING AUDIO STEGANOGRAPHY - A SURVEY , 2011 .

[90]  Ved Prakash Singh,et al.  Survey of Different Types of CAPTCHA , 2014 .

[91]  Malcolm Slaney,et al.  Construction and evaluation of a robust multifeature speech/music discriminator , 1997, 1997 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[92]  Tao Li,et al.  iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft , 2016, CCS.

[93]  Diarmid Marshall,et al.  User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking , 2011, Comput. Secur..

[94]  Yusheng Ji,et al.  AdhocPairing : Spontaneous audio based secure device pairing for Android mobile devices , 2012 .

[95]  Nitesh Saxena,et al.  Noisy Vibrational Pairing of IoT Devices , 2019, IEEE Transactions on Dependable and Secure Computing.

[96]  Matthieu R. Bloch,et al.  Friendly Jamming for Wireless Secrecy , 2010, 2010 IEEE International Conference on Communications.

[97]  Nitesh Saxena,et al.  On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping , 2010, CCS '10.

[98]  Yuhua Jiao,et al.  Robust Speech Hashing for Content Authentication , 2009, IEEE Signal Processing Letters.

[99]  Miljenko Huzak,et al.  Chi-Square Distribution , 2011, International Encyclopedia of Statistical Science.

[100]  Mathias Johansson VR For Your Ears: Dynamic 3D audio is key to the immersive experience by mathias johansson · illustration by eddie guy , 2019, IEEE Spectrum.

[101]  Kang G. Shin,et al.  Continuous Authentication for Voice Assistants , 2017, MobiCom.

[102]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[103]  Rolf Oppliger,et al.  Authentication and authorization infrastructures (AAIs): a comparative survey , 2004, Comput. Secur..

[104]  David Kotz,et al.  ZEBRA: Zero-Effort Bilateral Recurring Authentication , 2014, IEEE Symposium on Security and Privacy.

[105]  Marko C. J. D. van Eekelen,et al.  A Survey of Authentication and Communications Security in Online Banking , 2016, ACM Comput. Surv..

[106]  Ning Xu,et al.  iKnow Where You Are , 2009, 2009 International Conference on Computational Science and Engineering.

[107]  Claudio Soriente,et al.  DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification , 2018, 2019 IEEE International Conference on Pervasive Computing and Communications (PerCom.

[108]  Gerhard P. Hancke,et al.  Tangible security: Survey of methods supporting secure ad-hoc connects of edge devices with physical context , 2018, Comput. Secur..

[109]  M.R. Aref,et al.  A novel secret sharing scheme from audio perspective , 2008, 2008 International Symposium on Telecommunications.

[110]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[111]  Hae Young Noh,et al.  Do You Feel What I Hear? Enabling Autonomous IoT Device Pairing Using Different Sensor Types , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[112]  A. W. Roscoe,et al.  Authentication protocols based on low-bandwidth unspoofable channels: A comparative survey , 2011, J. Comput. Secur..

[113]  N. Asokan,et al.  Vibrate-to-unlock: Mobile phone assisted user authentication to multiple personal RFID tags , 2011, 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[114]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[115]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[116]  Ron Kohavi,et al.  A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection , 1995, IJCAI.

[117]  Ahmad-Reza Sadeghi,et al.  I Know Where You are: Proofs of Presence Resilient to Malicious Provers , 2015, AsiaCCS.

[118]  Mauro Conti,et al.  Don't Skype & Type!: Acoustic Eavesdropping in Voice-Over-IP , 2016, AsiaCCS.

[119]  Saifur Rahman,et al.  SPEAKER IDENTIFICATION USING MEL FREQUENCY CEPSTRAL COEFFICIENTS , 2004 .

[120]  Si Chen,et al.  ${\ssr{PriWhisper}}$ : Enabling Keyless Secure Acoustic Communication for Smartphones , 2014, IEEE Internet of Things Journal.

[121]  Petteri Nurmi,et al.  Using contextual co-presence to strengthen Zero-Interaction Authentication:Design, integration and usability , 2015 .

[122]  Stephan Sigg,et al.  Secure Communication Based on Ambient Audio , 2013, IEEE Transactions on Mobile Computing.

[123]  Veda Sandeep Nagaraja,et al.  Design, Fabrication and Characterization of a Biologically Inspired MEMS Directional Microphone , 2018, 2018 IEEE SENSORS.

[124]  Bassem Mahafza,et al.  Radar Systems Analysis and Design Using MATLAB , 2000 .

[125]  N. Asokan,et al.  Sensor-Based Proximity Detection in the Face of Active Adversaries , 2019, IEEE Transactions on Mobile Computing.

[126]  Nitesh Saxena,et al.  The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio , 2016, CCS.

[127]  S. Venkateswarlu,et al.  An Overview of Acoustic Side-Channel Attack , 2013 .

[128]  Ingo R. Titze,et al.  Principles of voice production , 1994 .

[129]  Nitesh Saxena,et al.  YELP: masking sound-based opportunistic attacks in zero-effort deauthentication , 2017, WISEC.

[130]  Maximo Cobos,et al.  Practical Considerations for Acoustic Source Localization in the IoT Era: Platforms, Energy Efficiency, and Performance , 2019, IEEE Internet of Things Journal.

[131]  Sharon Gannot,et al.  Multi-microphone voice activity and single-talk detectors based on steered-response power output entropy , 2018, 2018 IEEE International Conference on the Science of Electrical Engineering in Israel (ICSEE).

[132]  Josh H. McDermott The cocktail party problem , 2009, Current Biology.

[133]  Qiao Hu,et al.  Preventing Overshadowing Attacks in Self-Jamming Audio Channels , 2021, IEEE Transactions on Dependable and Secure Computing.

[134]  Yvo Desmedt,et al.  Audio and Optical Cryptography , 1998, ASIACRYPT.

[135]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[136]  Xiao Zhang,et al.  PriWhisper+: An Enhanced Acoustic Short-Range Communication System for Smartphones , 2019, IEEE Internet of Things Journal.

[137]  Guobin Shen,et al.  BeepBeep: a high accuracy acoustic ranging system using COTS mobile devices , 2007, SenSys '07.