Voice has become an increasingly popular User Interaction (UI) channel, mainly contributing to the ongoing trend of wearables, smart vehicles, and home automation systems. Voice assistants such as Siri, Google Now and Cortana, have become our everyday fixtures, especially in scenarios where touch interfaces are inconvenient or even dangerous to use, such as driving or exercising. Nevertheless, the open nature of the voice channel makes voice assistants difficult to secure and exposed to various attacks as demonstrated by security researchers. In this paper, we present VAuth, the first system that provides continuous and usable authentication for voice assistants. We design VAuth to fit in various widely-adopted wearable devices, such as eyeglasses, earphones/buds and necklaces, where it collects the body-surface vibrations of the user and matches it with the speech signal received by the voice assistant's microphone. VAuth guarantees that the voice assistant executes only the commands that originate from the voice of the owner. We have evaluated VAuth with 18 users and 30 voice commands and find it to achieve an almost perfect matching accuracy with less than 0.1% false positive rate, regardless of VAuth's position on the body and the user's language, accent or mobility. VAuth successfully thwarts different practical attacks, such as replayed attacks, mangled voice attacks, or impersonation attacks. It also has low energy and latency overheads and is compatible with most existing voice assistants.
翻译:语音已经成为一个日益流行的用户互动(UI)频道,这主要有助于保持磨损、智能车辆和家用自动化系统的持续趋势。Siri、Google Now和Cortana等语音助理已经成为我们日常的固定装置,特别是在触摸接口不方便甚至使用危险的情况下,例如驾驶或锻炼等。然而,语音频道的开放性质使得声音助理难以安全和接触安全研究人员所显示的各种攻击。本文介绍VAuth,这是第一个为语音助理提供持续和可用认证的系统。我们设计VAuth适合各种广泛采用的各种可穿戴装置,例如眼镜、耳机/耳机和项链,在这种装置中收集用户的身体表面振动,并与语音助理的麦克风收到的语音信号相匹配。VAuth保证语音助理只能执行来自所有者声音的指令。我们用18个低语音用户和30个语音指令来评价VAuth,发现它几乎完全匹配不到0.1%的虚假积极率,而不管是多少个用户的直观性攻击,而不管是多少个用户的直观性攻击,还是高调。VA。