杏吧原创

Secure phone uses sonar to watch your mouth saying a passphrase

Bouncing sound waves off your lips, jaw and tongue as you speak a passphrase can make sure the person trying to access your secure information is really you
woman speaking to her phone
Is that really you?
imagesource/getty

鈥淢y voice is my password.鈥 Passphrases that use biometric voice recognition to verify it鈥檚 really you are becoming increasingly popular. But their increasing use carries a risk: someone with a recording of your voice could easily splice the right spoken words together and spoof their way into your digital life. Now a new technology detects such shenanigans 鈥 using sonar.

Even as biometrics are replacing passwords, voice recognition is becoming more vulnerable to spoofing. Fuelling this risk, says security engineer Jie Yang at the Florida State University in Tallahassee, is the way people now post so much audio and video on social media. 鈥淭his makes it relatively easy to obtain voice samples from a target,鈥 he says.

So Yang and his colleagues devised a technology that detects and defeats such misuse of recordings. VoiceGesture is able to not only recognise that a passphrase carries the authentic voiceprint of its legitimate user, but also that it is being spoken by an actual person 鈥 rather than being played back from another phone鈥檚 voice recording app, say.

To do this, the team have turned a phone into a sonar 鈥 a sound-based radar. At the moment a user sets their passphrase, the VoiceGesture app emits a barely audible, high pitched 20 kilohertz acoustic signal from the phone鈥檚 loudspeaker. This signal bounces off the user鈥檚 moving jaw, lips and tongue as they speak 鈥 and the signal received by the phone鈥檚 microphone in return then contains components that have been uniquely set by the movement of those anatomically-distinct facial features.

Real authentication

Features that create the biggest doppler changes are lip protrusion, lip closure, tongue tip/body constriction 鈥 and jaw angle.聽 The resulting mouthpart doppler signature is used to authenticate you and your passphrase simultaneously. Unveiling the technology at the in Dallas, Texas, in early November, Yang鈥檚 team said the system is 99 per cent accurate at detecting and blocking voice spoof attacks.

Google is currently reviewing the technology for its Android ecosystem, which already allows a 鈥trusted voice鈥 to unlock phones. 鈥淲e hope to hear in early February,鈥 Yang says. They also plan to expand the antispoofing technology鈥檚 applications to voice assistants, like the Amazon Echo and Google Home.

There鈥檚 a pressing need for this, says Nicholas Evans, a biometrics specialist at EURECOM, France. 鈥淲hile the adoption of speaker authentication technology is accelerating, it鈥檚 fair to say that concerns surrounding vulnerabilities to spoofing continue to dent confidence.鈥

Over the past two years, a rising number of attacks on biometrics has motivated a growing community of researchers to develop countermeasures. 鈥淭he current techniques will never be able to detect every attack all the time,鈥 says Evans. 鈥淣ovel alternatives such as VoiceGesture are an essential addition to the anti-spoofing landscape.鈥

Topics: biometrics / Crime / Smartphone

More from New 杏吧原创

Explore the latest news, articles and features