WiVo: Enhancing the Security of Voice Control System via Wireless Signal in IoT Environment

With the prevalent of smart devices and home automations, voice command has become a popular User Interface (UI) channel in the IoT environment. Although Voice Control System (VCS) has the advantages of great convenience, it is extremely vulnerable to the spoofing attack (e.g., replay attack, hidden/inaudible command attack) due to its broadcast nature. In this study, we present WiVo, a device-free voice liveness detection system based on the prevalent wireless signals generated by IoT devices without any additional devices or sensors carried by the users. The basic motivation of WiVo is to distinguish the authentic voice command from a spoofed one via its corresponding mouth motions, which can be captured and recognized by wireless signals. To achieve this goal, WiVo builds a theoretical model to characterize the correlation between wireless signal dynamics and the user's voice syllables. WiVo extracts the unique features from both voice and wireless signals, and then calculates the consistency between these different types of signals in order to determine whether the voice command is generated by the authentic user of VCS or an adversary. To evaluate the effectiveness of WiVo, we build a testbed based on Samsung SmartThings framework and include WiVo as a new application, which is expected to significantly enhance the security of the existing VCS. We have evaluated WiVo with 6 participants and different voice commands. Experimental evaluation results demonstrate that WiVo achieves the overall 99% detection rate with 1% false accept rate and has a low latency.

[1]  Paul Tseng,et al.  Robust wavelet denoising , 2001, IEEE Trans. Signal Process..

[2]  Kang G. Shin,et al.  Continuous Authentication for Voice Assistants , 2017, MobiCom.

[3]  Rui Zhang,et al.  Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[4]  Micah Sherr,et al.  Hidden Voice Commands , 2016, USENIX Security Symposium.

[5]  Xiangyu Liu,et al.  Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone , 2014, SPSM@CCS.

[6]  Yunhao Liu,et al.  Widar: Decimeter-Level Passive Tracking via Velocity Monitoring with Commodity Wi-Fi , 2017, MobiHoc.

[7]  Aziz Mohaisen,et al.  You Can Hear But You Cannot Steal: Defending Against Voice Impersonation Attacks on Smartphones , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[8]  Hongbo Liu,et al.  Smart User Authentication through Actuation of Daily Activities Leveraging WiFi-enabled IoT , 2017, MobiHoc.

[9]  Romit Roy Choudhury,et al.  BackDoor: Making Microphones Hear Inaudible Sounds , 2017, MobiSys.

[10]  Tao Li,et al.  Your face your heart: Secure mobile face authentication with photoplethysmograms , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[11]  David Taylor Hearing by Eye: The Psychology of Lip-Reading , 1988 .

[12]  Chen Wang,et al.  Low Human-Effort, Device-Free Localization with Fine-Grained Subcarrier Information , 2018, IEEE Transactions on Mobile Computing.

[13]  Jie Yang,et al.  Hearing Your Voice is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication , 2017, CCS.

[14]  L. Lin,et al.  A concordance correlation coefficient to evaluate reproducibility. , 1989, Biometrics.

[15]  Shu Wang,et al.  Acoustic Eavesdropping through Wireless Vibrometry , 2015, MobiCom.

[16]  Sheng Tan,et al.  WiFinger: leveraging commodity WiFi for fine-grained finger gesture recognition , 2016, MobiHoc.

[17]  Kaishun Wu,et al.  We Can Hear You with Wi-Fi! , 2014, IEEE Transactions on Mobile Computing.

[18]  Jie Yang,et al.  VoiceLive: A Phoneme Localization based Liveness Detection for Voice Authentication on Smartphones , 2016, CCS.

[19]  Florian Schiel,et al.  Signal processing via web services: The use case WebMAUS , 2012 .

[20]  Wenyuan Xu,et al.  DolphinAttack: Inaudible Voice Commands , 2017, CCS.