1 / 21

Toward Speech-Generated Cryptographic Keys on Resource Constrained Devices

Toward Speech-Generated Cryptographic Keys on Resource Constrained Devices. Fabian Monrose Michael K. Reitery Qi Li Daniel P. Lopresti Chilin Shih. Presented by: Li Meixuan, Li Qihua. Outline . Introduction Background Basic Idea Front-end Signal Processing Security

paige
Download Presentation

Toward Speech-Generated Cryptographic Keys on Resource Constrained Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward Speech-Generated Cryptographic Keys on Resource Constrained Devices Fabian Monrose Michael K. Reitery Qi Li Daniel P. Lopresti Chilin Shih Presented by: Li Meixuan, Li Qihua

  2. Outline • Introduction • Background • Basic Idea • Front-end Signal Processing • Security • Empirical Results • Conclusion

  3. Introduction • Voice is a leading contender for the dominant user input medium in futuristic computing devices. • Cryptographic keys to perform encryption will derive from voice input of the user. • Implementation of an approach to derive a reputable cryptographic key from spoken user input, in which the entropy of the key is drawn from both the passphrase that is spoken and the speech patterns of the user while speaking it.

  4. Background • Two main stages in generating cryptographic keys from biometric measurements • 1st stage: • features (Φ) of raw input are used to compute an m-bit string called feature descriptor • Feature descriptors produced by the same user should be ‘sufficiently similar’ while descriptors produced by different users are ‘sufficiently different’

  5. Background • 2nd stage: • Magnifies the separating property • Develops a cryptographic key from the feature descriptor and stored cryptographic data • If two descriptors are sufficiently similar, the same cryptographic key will be generated from them

  6. Background • Initialization: • Generate a cryptographic key K • Generate 2m shares of K • Aligned in a m x 2 table that is stored on stable storage • Upon entry of passphrase: • System measures mbiometric features, Φi, of the user’s entry of the passphrase • Generates feature descriptorbl(i) determined from the l-th login attempts from the i-th feature Φi(l) • bl(i) = 0 if Φi(l)< some fixed threshold value or bl(i) = 1 otherwise • The system then attempts to reconstruct K using the table elements at positions <i, bl(i) >

  7. Background • For each successful login: • History of feature descriptor is observed and elements of the table not typically accessed are perturbed randomly. • Hence, if b(i)=1, then the <i,0> element of the table is randomly altered. • b(i) is a distingushing feature if b(i) is sufficiently consistent that element <i,1-b(i)> in the table is perturbed in this way. • The correct user, when inducing feature descriptors consistent with those she has induced in the past, should not encounter any of the altered elements in the table. • Security of this technique requires that an adversary who captures the device be unable to efficiently differentiate a random table element from a valid share of K

  8. Basic Idea Dispersing the secret

  9. Basic Idea Key Reconstruction

  10. Basic Idea How it works

  11. Basic Idea How it works

  12. Front-end Signal Processing • The main goal is to translate the sound to digital representation using an analog-to-digital converter • The less silence and background noise in the representation after processing, the more consistent the user’s utterances will be, the higher the computational cost of processing • The higher the sampling rate, the better the resolution of the reconstructed signal, but more storage is required for saving and processing

  13. Front-end Signal Processing A/DC Down sampling Autocorrelation analysis energy End-point detection LPC analysis Fames Voice-only cepstral mean subtraction Silence remover

  14. Security • One potential security weakness is the fact that an adversary who captures the device can conceivably reconstruct the key from not just one element of the table per row, but instead using anym elements of the table • It is hence important to have distinguishing features • An attacker who captures the device on which the key is generated but who has no information about the user's distinguishing features may attack the system by repeatedly guessing a feature descriptor b at random • If there are d distinguishing features then each guess will be successful with probability of 2-d, making it harder to attack the system. • Security is improved as m and d/m are increased.

  15. Empirical Results • To calculate the average number of distinguishing features per user, it is important to define when a feature is distinguishing • Let µi and σi denote the mean and standard deviation of feature φi • φiis distinguishing if | µi – τi | > k σi • k tunes the ‘sensitivity’ of the scheme => k must be tuned in order for the user to successfully regenerate his key reliably

  16. Empirical Results:Evaluation of IPAQ™ recordings Figure 1: This graph demonstrates the average number of distinguishing features per user as a function of k.

  17. Empirical Results:Evaluation of IPAQ™ recordings • Gap between the "distinguishing features" and the "true speaker" indicates the number of error corrections needed during the key regeneration process to achieve a reasonably low false reject rate • Inverse relationship between security and feasibility • Human imposters did not match significantly more than if they had guessed a random feature descriptor

  18. Other possible attacks • Cut-and-paste imposter • Concatenate the raw speech samples to yield speech like true user • Severe discontinuities at the concatenation boundaries, differences in recording levels • Text-to-Speech (TTS) imposter • Use traditional TTS signal processing to synthesize the passphrase. Makes use of duration and pitch predictions • Predictions may not correspond how the true user speaks, pitch and duration pronounced by user is difficult to reproduce

  19. Empirical Results:Evaluation

  20. Conclusion • The viability of (re)generating strong cryptographic keys from voice remains unproven • More extensive trials are needed to fine-tune this scheme

  21. References • F. Monrose, M. K. Reiter, Q. Li, D. P. Lopresti, and C. Shih. Toward speech-generated cryptographic keys on resource constrained devices. In Proceedings of the 11th USENIX Security Symposium, pages 283–296, August 2002. • F. Monrose, M. K. Reiter, Q. Li and S. Wetzel. Cryptographic key generation from voice (extended abstract). In Proceeedings of the 2001 IEEE Symposium on Security and Privacy, May 2001 • C. Ellison, C. Hall, R. Milbert, and B. Schneier. Protecting secret keys with personal entropy. Future Generation Computer Systems 16:311-318, 2000 • R. D. Rodman. Computer Speech Technology. Artech House, Norwood, MA, 1999

More Related