This research explores creating a secure verification scheme using voice as a biometric identifier. One of the major contributions of this thesis is the adaptation of the Vaulted Verification protocol to voice. This is achieved by integrating theories from the vision community with those of the voice community. Another contribution of this thesis is the expansion of the challenge-response protocol, introduced in Vaulted Verification, to allow for the natural variations that occur in voice, by way of different types of challenges. This research also contributes to the speaker recognition community by utilizing both text dependent and text independent speaker recognition in a novel way.
Vaulted Verification is a protocol that addresses privacy concerns for a mobile/remote environment by allowing a user to be remotely identified without their template being transmitted when verification takes place. The main idea behind Vaulted Verification is to split the enrollment template into parts, create artificial chaff, and force the client to chose between matching pairs of the real and the chaff. During the verification phase, the server presents the client with a real block and a matching chaff block in a random order. The client must decide the order of the blocks in order to return the correct response to the server. The correct response given to the server includes sending a hash of the function derived from the ordered bitstring and other information. After all the blocks have been sent and responses given, the server then evaluates the response and a decision is made. As with most biometric verification systems, Vaulted Verification is based on the stability of the biometric that it is utilizing. Because of this, there is an inherent invariability in the creation of the template. The templates created must use an ever-increasing amount of permutations, encryption-, obfuscations, etc to remain secure. With this research, we use the variability of speech to increase the complexity without adding additional computational steps.
Vaulted Verification as originally purposed does not work with voice; it is limited face and iris data. By changing perspective on how the templates are generated, and the challenge-response is implemented, this research shows that there exists a structure by which voice can be authenticated in the same spirit as Vaulted Verification did with face and iris. Furthermore, the challenge-response protocol is generalized; first for voice, and then to be independent of a specific biometric identifier all together. For further enhancement of the security, discriminative capabilities and the flexibility of this protocol, speech recognition text dependent and text independent modeling are integrated. The user is not only identified by what they say when answering the challengeresponse questions and the way they sound when speaking certain words, but also by how their voice sounds overall at certain times. This enhances the difficulty for an attacker trying to gain access.
This research also explores key exchange via challenge-response between remote parties using biometric identifiers, such as voice, to verify the identity of the parties during the exchange.
The major contributions of this research include: adaptation of Vaulted Verification to voice, extension of the challenge-response protocol to include different types of challenges, mixing text-dependent and text-independent models into a protocol to enhance the overall robustness of speaker verification, creation of an index-based challenge-response protocol in which no biometric data leaves the remote device, a privacy-enhanced biometrically authenticated remote key exchange protocol, and a security and privacy evaluation of these technologies using a newly created dataset.
List of publications:
Using cloned accounts to track attacks on user accounts Patent
2020, (US Patent App. 16/104,563).
Advanced computer system drift detection Patent
2019, (US Patent 10,445,163).
System and method for compact tree representation for machine learning Patent
2019, (US Patent App. 15/726,166).
Identifying and mapping emojis Patent
2018, (US Patent 10,057,358).
Privacy enhanced remote voice verification PhD Thesis
Voice authentication using short phrases: Examining accuracy, security and privacy issues Inproceedings
In: 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS), pp. 1–8, IEEE 2013.
Secure voice-based authentication for mobile devices: vaulted voice verification Inproceedings
In: Biometric and Surveillance Technology for Human and Activity Identification X, pp. 87120P, International Society for Optics and Photonics 2013.
With vaulted voice verification my voice is my key Inproceedings
In: 2013 IEEE International Conference on Technologies for Homeland Security (HST), pp. 453–459, IEEE 2013.
Hands free messaging Patent
2010, (US Patent App. 12/471,305).
Two thresholds are better than one Inproceedings
In: 2007 IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–8, IEEE 2007.
24/7 security system: 60-FPS color EMCCD camera with integral human recognition Inproceedings
In: Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense VI, pp. 65381S, International Society for Optics and Photonics 2007.
A decade of networked intelligent video surveillance Inproceedings
In: ACM Workshop on Distributed Camera Systems, 2006.