Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning
Open Access
- 9 February 2022
- Vol. 22 (4), 1325
- https://doi.org/10.3390/s22041325
Abstract
Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy.Keywords
This publication has 68 references indexed in Scilit:
- Support vector machines, Mel-Frequency Cepstral Coefficients and the Discrete Cosine Transform applied on voice based biometric authenticationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Is secure and usable smartphone authentication asking too much?Computer, 2015
- Evaluation of Three State-of-the-Art Classifiers for Recognition of Activities of Daily Living from Smart Home Ambient DataSensors, 2015
- A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notionAd Hoc Networks, 2014
- Deterministic quantum teleportation of photonic quantum bits by a hybrid techniqueNature, 2013
- Activity Discovery and Activity Recognition: A New PartnershipIEEE Transactions on Cybernetics, 2013
- Secure speech biometric templates for user authenticationIET Biometrics, 2012
- The Scyther Tool: Verification, Falsification, and Analysis of Security ProtocolsLecture Notes in Computer Science, 2008
- Operational Semantics of Security ProtocolsLecture Notes in Computer Science, 2005
- Automatic proof of strong secrecy for security protocolsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004