Wenbo Ding,Song Liao,Long Cheng,Xianghang Mi,Ziming Zhao,Hongxin Hu

DOI: https://doi.org/10.1145/3634737.3657010

2024-01-01

Abstract:Voice Personal Assistants (VPA) are becoming popular entry points to control connected devices in an IoT environment, e.g., by invoking Amazon Alexa voice-apps (called skills) to turn on/off lights through voice commands. Amazon Alexa platform allows third-party developers to build skills and publish them to marketplaces, which greatly extends the functionalities of VPA. Despite the many convenient features, there are increasing security and safety concerns about VPA-controlled IoT systems. Previous research demonstrated the prevalence of potentially malicious or problematic skills in the marketplace. However, existing works mainly focus on non-IoT skills (e.g., skills under the Kids and Health categories). The security and safety risks of IoT skills are largely under-explored. In this work, we discover new vulnerabilities in the Amazon Alexa platform, which allows malicious third-party developers to hijack Alexa's built-in voice commands to invoke malicious IoT skills. We present three new attacks hijacking Alexa's built-in IoT commands, including Command Invocation Confounding Attack, Custom Command Attack, and Command-Intent Hijacking Attack. We also find a vulnerability that allows arbitrary control of smart-home devices in the back-end code. We evaluate the success rate for each attack and prove that they can be used by malicious developers. In particular, we demonstrate that skills in the Connected Car category using Alexa's built-in intents can be hijacked by customized IoT skills. We also design and implement IoTSkillAnalyzer, a dynamic testing tool to examine IoT skills on the Alexa skills store. After analyzing 488 Alexa 3rd-party IoT skills using IoTSkillAnalyzer, we identified 52 skills with potential command hijacking attacks. We also found that 26 suspicious skills have hidden behaviors potentially caused by the Skill Back-end Code Manipulation vulnerability after they receive normal commands, such as failing to control devices, taking hidden actions, and providing wrong response information to users.

Nan Zhang,Xianghang Mi,Xuan Feng,XiaoFeng Wang,Yuan Tian,Feng Qian

DOI: https://doi.org/10.48550/arXiv.1805.01525

2018-05-03

Cryptography and Security

Abstract:Virtual personal assistants (VPA) (e.g., Amazon Alexa and Google Assistant) today mostly rely on the voice channel to communicate with their users, which however is known to be vulnerable, lacking proper authentication. The rapid growth of VPA skill markets opens a new attack avenue, potentially allowing a remote adversary to publish attack skills to attack a large number of VPA users through popular IoT devices such as Amazon Echo and Google Home. In this paper, we report a study that concludes such remote, large-scale attacks are indeed realistic. More specifically, we implemented two new attacks: voice squatting in which the adversary exploits the way a skill is invoked (e.g., "open capital one"), using a malicious skill with similarly pronounced name (e.g., "capital won") or paraphrased name (e.g., "capital one please") to hijack the voice command meant for a different skill, and voice masquerading in which a malicious skill impersonates the VPA service or a legitimate skill to steal the user's data or eavesdrop on her conversations. These attacks aim at the way VPAs work or the user's mis-conceptions about their functionalities, and are found to pose a realistic threat by our experiments (including user studies and real-world deployments) on Amazon Echo and Google Home. The significance of our findings have already been acknowledged by Amazon and Google, and further evidenced by the risky skills discovered on Alexa and Google markets by the new detection systems we built. We further developed techniques for automatic detection of these attacks, which already capture real-world skills likely to pose such threats.

Meng Xue,Kuang Peng,Xueluan Gong,Qian Zhang,Yanjiao Chen,Routing Li

DOI: https://doi.org/10.1145/3610874

2023-01-01

Abstract:Intelligent audio systems are ubiquitous in our lives, such as speech command recognition and speaker recognition. However, it is shown that deep learning-based intelligent audio systems are vulnerable to adversarial attacks. In this paper, we propose a physical adversarial attack that exploits reverberation, a natural indoor acoustic effect, to realize imperceptible, fast, and targeted black-box attacks. Unlike existing attacks that constrain the magnitude of adversarial perturbations within a fixed radius, we generate reverberation-alike perturbations that blend naturally with the original voice sample 1. Additionally, we can generate more robust adversarial examples even under over-the-air propagation by considering distortions in the physical environment. Extensive experiments are conducted using two popular intelligent audio systems in various situations, such as different room sizes, distance, and ambient noises. The results show that Echo can invade into intelligent audio systems in both digital and physical over-the-air environment.

Dan Su,Jiqiang Liu,Sencun Zhu,Xiaoyang Wang,Wei Wang

DOI: https://doi.org/10.48550/arXiv.2010.10788

2020-10-21

Abstract:The home voice assistants such as Amazon Alexa have become increasingly popular due to many interesting voice-activated services provided through special applications called skills. These skills, though useful, have also introduced new security and privacy challenges. Prior work has verified that Alexa is vulnerable to multiple types of voice attacks, but the security and privacy risk of using skills has not been fully investigated. In this work, we study an adversary model that covers three severe privacy-related vulnerabilities, namely,over-privileged resource access, hidden code-manipulation and hidden content-manipulation. By exploiting these vulnerabilities, malicious skills can not only bypass the security tests in the vetting process, but also surreptitiously change their original functions in an attempt to steal users' personal information. What makes the situation even worse is that the attacks can be extended from virtual networks to the physical world. We systematically study the security issues from the feasibility and implementation of the attacks to the design of countermeasures. We also made a comprehensive survey study of 33,744 skills in Alex Skills Store.

Cryptography and Security

Yan Jiang,Xiaoyu Ji,Juchuan Zhang,Yancheng Jiang,Shui Jiang,Wenyuan Xu

DOI: https://doi.org/10.1109/tdsc.2023.3326184

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recent studies have exposed that voice assistants can be manipulated by various voice commands without being noticed, however, existing attacks require a nearby speaker to play the attack commands. In this paper, we demonstrate that even without a speaker, we can use capacitors inside electronic devices to produce malicious voice commands, i.e., we convert capacitors into speakers and call it CapSpeaker . The underlying principle of CapSpeaker is the inverse piezoelectric effect, i.e., varying the voltage across a capacitor to make it vibrate and thus emit acoustic noises. Forcing capacitors to emit target voice commands is challenging because (1) capacitors' response frequency is out of the range of audible voices. (2) We can not directly control the voltage across capacitors to manipulate their emit sounds. To overcome these challenges, we propose a PWM-based modulation scheme to embed the malicious audio onto a high-frequency carrier, e.g., above 20 kHz, and we create malware to induce the designed voltage across the capacitors such that CapSpeaker plays the chosen malicious commands. Our evaluation of 7 commercial devices demonstrates that CapSpeaker is feasible to inject voice commands, e.g., ”open the door”, at a distance of up to 10.5 cm.

Xiaoyu Ji,Juchuan Zhang,Shui Jiang,Jishen Li,Wenyuan Xu

DOI: https://doi.org/10.1145/3460120.3485389

2021-01-01

Abstract:Voice assistants can be manipulated by various malicious voice commands, yet existing attacks require a nearby speaker to play the attack commands. In this paper, we show that even when no speakers are available, we can play malicious commands by utilizing the capacitors inside electronic devices, i.e., we convert capacitors into speakers and call it CapSpeaker. Essentially, capacitors can emit acoustic noises due to the inverse piezoelectric effect, i.e., varying the voltage across a capacitor can make it vibrate and thus emit acoustic noises. Forcing capacitors to play malicious voice commands is challenging because (1) the frequency responses of capacitors as speakers have poor performance in the range of audible voices, and (2) we have no direct control over the voltage across capacitors to manipulate their emitting sounds. To overcome the challenges, we use a PWM-based modulation scheme to embed the malicious audio onto a high-frequency carrier, e.g., above 20 kHz, and we create malware that can induce the right voltage across the capacitors such that CapSpeaker plays the chosen malicious commands. We conducted extensive experiments with 2 LED lamps (a modified one and a commercial one) and 5 victim devices (iPhone 4s, iPad mini 5, Huawei Nova 5i, etc.). Evaluation results demonstrate that CapSpeaker is feasible at a distance up to 10.5 cm, triggering a smartphone to receive voice commands, e.g., "open the door''.

Xinyu Lei,Guan-Hua Tu,Alex X. Liu,Kamran Ali,Chi-Yu Li,Tian Xie

DOI: https://doi.org/10.48550/arXiv.1712.03327

2019-11-13

Abstract:Home Digital Voice Assistants (HDVAs) are getting popular in recent years. Users can control smart devices and get living assistance through those HDVAs (e.g., Amazon Alexa, Google Home) using voice. In this work, we study the insecurity of HDVA service by using Amazon Alexa as a case study. We disclose three security vulnerabilities which root in the insecure access control of Alexa services. We then exploit them to devise two proof-of-concept attacks, home burglary and fake order, where the adversary can remotely command the victim's Alexa device to open a door or place an order from <a class="link-external link-http" href="http://Amazon.com" rel="external noopener nofollow">this http URL</a>. The insecure access control is that the Alexa device not only relies on a single-factor authentication but also takes voice commands even if no people are around. We thus argue that HDVAs should have another authentication factor, a physical presence based access control; that is, they can accept voice commands only when any person is detected nearby. To this end, we devise a Virtual Security Button (VSButton), which leverages the WiFi technology to detect indoor human motions. Once any indoor human motion is detected, the Alexa device is enabled to accept voice commands. Our evaluation results show that it can effectively differentiate indoor motions from the cases of no motion and outdoor motions in both the laboratory and real world settings.

Cryptography and Security

Zhengxian He,Ashish Kundu,Mustaque Ahamad

2024-11-13

Abstract:Recent advances in voice synthesis, coupled with the ease with which speech can be harvested for millions of people, introduce new threats to applications that are enabled by devices such as voice assistants (e.g., Amazon Alexa, Google Home etc.). We explore if unrelated and limited amount of speech from a target can be used to synthesize commands for a voice assistant like Amazon Alexa. More specifically, we investigate attacks on voice assistants with synthetic commands when they match command sources to authorized users, and applications (e.g., Alexa Skills) process commands only when their source is an authorized user with a chosen confidence level. We demonstrate that even simple concatenative speech synthesis can be used by an attacker to command voice assistants to perform sensitive operations. We also show that such attacks, when launched by exploiting compromised devices in the vicinity of voice assistants, can have relatively small host and network footprint. Our results demonstrate the need for better defenses against synthetic malicious commands that could target voice assistants.

Cryptography and Security,Sound,Audio and Speech Processing

Zhijian Xu,Guoming Zhang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1177/09574565211001563

2021-01-01

Noise & Vibration Worldwide

Abstract:The in-car voice controllable system has become an almost standard feature in smart cars. Prior work shows that the voice controllable system is vulnerable to light commands attack which uses the laser as the medium to inject voice commands. In this article, we first reproduced the light commands attack on acoustic isolated in-car voice controllable system under several scenarios with a lightweight solution. We validate the feasibility of injecting the malicious voice command through a window into the microphone by modulating a laser beam. Then, we tested a variety of mainstream countermeasures such as placing sunscreen film on the glass panel to see whether it can protect the microphone from being attacked. Surprisingly, we find that the lower light transmittance of sunscreen film is the lower the success rate of the attack. Experiment results also show that when the transmittance rate of sun film is 50% which is the darkest sunscreen film that can be applied, the attacking success rate decreased by up to 0.4. We also explore the impact of attack angle by changing the incidence angle of the laser beam and the results demonstrate that light commands is sensitive to attack angle and the successful angle range is ± 15°. Finally, we propose a series of hardware-based protection schemes against light commands attacks.

Sergio Esposito,Daniele Sgandurra,Giampaolo Bella

DOI: https://doi.org/10.48550/arXiv.2202.08619

2022-02-17

Abstract:We present Alexa versus Alexa (AvA), a novel attack that leverages audio files containing voice commands and audio reproduction methods in an offensive fashion, to gain control of Amazon Echo devices for a prolonged amount of time. AvA leverages the fact that Alexa running on an Echo device correctly interprets voice commands originated from audio files even when they are played by the device itself -- i.e., it leverages a command self-issue vulnerability. Hence, AvA removes the necessity of having a rogue speaker in proximity of the victim's Echo, a constraint that many attacks share. With AvA, an attacker can self-issue any permissible command to Echo, controlling it on behalf of the legitimate user. We have verified that, via AvA, attackers can control smart appliances within the household, buy unwanted items, tamper linked calendars and eavesdrop on the user. We also discovered two additional Echo vulnerabilities, which we call Full Volume and Break Tag Chain. The Full Volume increases the self-issue command recognition rate, by doubling it on average, hence allowing attackers to perform additional self-issue commands. Break Tag Chain increases the time a skill can run without user interaction, from eight seconds to more than one hour, hence enabling attackers to setup realistic social engineering scenarios. By exploiting these vulnerabilities, the adversary can self-issue commands that are correctly executed 99% of the times and can keep control of the device for a prolonged amount of time. We reported these vulnerabilities to Amazon via their vulnerability research program, who rated them with a Medium severity score. Finally, to assess limitations of AvA on a larger scale, we provide the results of a survey performed on a study group of 18 users, and we show that most of the limitations against AvA are hardly used in practice.

Cryptography and Security

Man Zhou,Zhan Qin,Xiu Lin,Shengshan Hu,Qian Wang,Kui Ren

DOI: https://doi.org/10.1109/mwc.2019.1800477

IF: 12.777

2019-01-01

IEEE Wireless Communications

Abstract:Autonomous driving is becoming one of the most popular applications of AI. Meanwhile, the advances in deep learning have promoted the rapid development of the voice controllable systems (VCSs), which have almost reached the maturity stage. Before autonomous driving cars reach the highest level of automation, intelligent voice interaction remains the primary approach for human-vehicle interaction. Recent works show that such intelligent systems are vulnerable to hidden voice commands that are unnoticed or unintelligible to humans. In particular, an adversary utilizing hidden voice commands is able to control autonomous driving cars. For example, malicious voice commands embedded into the sound of online shared videos can stealthily control the vehicle when people watch the videos in the car. In this article, we investigate the potential perniciousness of hidden voice commands on the VCS of autonomous driving cars, and then discuss feasible defense strategies. We finally propose a pop-noisebased general defense strategy that can resist various kinds of attacks.

Yanyan Li,Sara Kim,Eric Sy

DOI: https://doi.org/10.48550/arXiv.2102.11442

2021-02-23

Abstract:Since being launched in 2014, Alexa, Amazon's versatile cloud-based voice service, is now active in over 100 million households worldwide. Alexa's user-friendly, personalized vocal experience offers customers a more natural way of interacting with cutting-edge technology by allowing the ability to directly dictate commands to the assistant. Now in the present year, the Alexa service is more accessible than ever, available on hundreds of millions of devices from not only Amazon but third-party device manufacturers. Unfortunately, that success has also been the source of concern and controversy. The success of Alexa is based on its effortless usability, but in turn, that has led to a lack of sufficient security. This paper surveys various attacks against Amazon Alexa ecosystem including attacks against the frontend voice capturing and the cloud backend voice command recognition and processing. Overall, we have identified six attack surfaces covering the lifecycle of Alexa voice interaction that spans several stages including voice data collection, transmission, processing and storage. We also discuss the potential mitigation solutions for each attack surface to better improve Alexa or other voice assistants in terms of security and privacy.

Cryptography and Security

Yuanda Wang,Qiben Yan,Nikolay Ivanov,Xun Chen

2024-01-05

Abstract:The emergence of Artificial Intelligence (AI)-driven audio attacks has revealed new security vulnerabilities in voice control systems. While researchers have introduced a multitude of attack strategies targeting voice control systems (VCS), the continual advancements of VCS have diminished the impact of many such attacks. Recognizing this dynamic landscape, our study endeavors to comprehensively assess the resilience of commercial voice control systems against a spectrum of malicious audio attacks. Through extensive experimentation, we evaluate six prominent attack techniques across a collection of voice control interfaces and devices. Contrary to prevailing narratives, our results suggest that commercial voice control systems exhibit enhanced resistance to existing threats. Particularly, our research highlights the ineffectiveness of white-box attacks in black-box scenarios. Furthermore, the adversaries encounter substantial obstacles in obtaining precise gradient estimations during query-based interactions with commercial systems, such as Apple Siri and Samsung Bixby. Meanwhile, we find that current defense strategies are not completely immune to advanced attacks. Our findings contribute valuable insights for enhancing defense mechanisms in VCS. Through this survey, we aim to raise awareness within the academic community about the security concerns of VCS and advocate for continued research in this crucial area.

Cryptography and Security,Sound,Audio and Speech Processing

Payton Walker,Tianfang Zhang,Cong Shi,Nitesh Saxena,Yingying Chen

DOI: https://doi.org/10.48550/arXiv.2302.02042

2023-02-04

Cryptography and Security

Abstract:The growing adoption of voice-enabled devices (e.g., smart speakers), particularly in smart home environments, has introduced many security vulnerabilities that pose significant threats to users' privacy and safety. When multiple devices are connected to a voice assistant, an attacker can cause serious damage if they can gain control of these devices. We ask where and how can an attacker issue clean voice commands stealthily across a physical barrier, and perform the first academic measurement study of this nature on the command injection attack. We present the BarrierBypass attack that can be launched against three different barrier-based scenarios termed across-door, across-window, and across-wall. We conduct a broad set of experiments to observe the command injection attack success rates for multiple speaker samples (TTS and live human recorded) at different command audio volumes (65, 75, 85 dB), and smart speaker locations (0.1-4.0m from barrier). Against Amazon Echo Dot 2, BarrierBypass is able to achieve 100% wake word and command injection success for the across-wall and across-window attacks, and for the across-door attack (up to 2 meters). At 4 meters for the across-door attack, BarrierBypass can achieve 90% and 80% injection accuracy for the wake word and command, respectively. Against Google Home mini BarrierBypass is able to achieve 100% wake word injection accuracy for all attack scenarios. For command injection BarrierBypass can achieve 100% accuracy for all the three barrier settings (up to 2 meters). For the across-door attack at 4 meters, BarrierBypass can achieve 80% command injection accuracy. Further, our demonstration using drones yielded high command injection success, up to 100%. Overall, our results demonstrate the potentially devastating nature of this vulnerability to control a user's device from outside of the device's physical space.

Bang Tran,Shenhui Pan,Xiaohui Liang,Honggang Zhang

DOI: https://doi.org/10.1109/icc42927.2021.9500792

2021-01-01

Abstract:Voice Assistant System (VAS) provides a convenient way for users to interact with smart-home devices via a voice interface. However, it raises unique security issues, including voice replay and injection attacks, where attackers remotely and maliciously control the smart-home devices via a voice interface. In this paper, we consider a typical smart-home scenario in which a VAS device and a compromised speaker device are placed in close physical proximity. The attacker can remotely play malicious voice commands through the speaker device to manipulate the VAS device for malicious purposes. We propose a defense system on the VAS device to secure the VAS device against both voice replay and injection attacks, without any additional devices and without any extra user effort. Specifically, our system aims to collect voice data and wireless data continuously from the VAS device and then extracts the Mel-Cepstral Frequency Coefficients (MFCC) features from voice and wireless data. We consider that both voice and wireless data are affected by the same present users’ physical activities, and the correlation can be used to detect the attacks. Finally, our system applies a deep learning model that learns from previous time-series data and analyzes real-time data to infer whether the real-time voice command is generated from a user or the speaker device. We have tested our system in certain real-world smart-home scenarios. Our experiments showed that the proposed system has a probability between 76.4% to 89.1% to successfully detect the voice replay and injection attacks in the considered scenarios.

David J. Major,Danny Yuxing Huang,Marshini Chetty,Nick Feamster

DOI: https://doi.org/10.48550/arXiv.1910.14112

2019-10-31

Abstract:Many Internet of Things (IoT) devices have voice user interfaces (VUIs). One of the most popular VUIs is Amazon's Alexa, which supports more than 47,000 third-party applications ("skills"). We study how Alexa's integration of these skills may confuse users. Our survey of 237 participants found that users do not understand that skills are often operated by third parties, that they often confuse third-party skills with native Alexa functions, and that they are unaware of the functions that the native Alexa system supports. Surprisingly, users who interact with Alexa more frequently are more likely to conclude that a third-party skill is native Alexa functionality. The potential for misunderstanding creates new security and privacy risks: attackers can develop third-party skills that operate without users' knowledge or masquerade as native Alexa functions. To mitigate this threat, we make design recommendations to help users distinguish native and third-party skills.

Human-Computer Interaction,Cryptography and Security

Ryo Iijima,Shota Minami,Yunao Zhou,Tatsuya Takehisa,Takeshi Takahashi,Yasuhiro Oikawa,Tatsuya Mori

DOI: https://doi.org/10.1109/tetc.2019.2953041

2021-10-01

IEEE Transactions on Emerging Topics in Computing

Abstract:We propose a novel attack, called an "Audio Hotspot Attack," which performs an inaudible malicious voice command attack, by targeting voice assistance systems, e.g., smart speakers or in-car navigation systems. The key idea of the approach is to leverage directional sound beams generated from parametric loudspeakers, which emit amplitude-modulated ultrasounds that will be self-demodulated in the air. Our work goes beyond the previous studies of inaudible voice command attack in the following three aspects: (1) the attack can succeed on a long distance (3.5 meters in a small room, and 12 meters in a long hallway), (2) it can control the spot of the audible area by using two directional sound beams, which consist of a carrier wave and a sideband wave, and (3) the proposed attack leverages a physical phenomenon i.e., non-linearity in the air, to attack voice assistance systems. To evaluate the feasibility of the attack, we performed extensive in-lab experiments and a user study involving 20 participants. The results demonstrated that the attack was feasible in a real-world setting. We discussed the extent of the threat, as well as the possible countermeasures against the attack.

computer science, information systems,telecommunications

Takeshi Sugawara,Benjamin Cyr,Sara Rampazzi,Daniel Genkin,Kevin Fu

DOI: https://doi.org/10.48550/arXiv.2006.11946

2020-06-22

Abstract:We propose a new class of signal injection attacks on microphones by physically converting light to sound. We show how an attacker can inject arbitrary audio signals to a target microphone by aiming an amplitude-modulated light at the microphone's aperture. We then proceed to show how this effect leads to a remote voice-command injection attack on voice-controllable systems. Examining various products that use Amazon's Alexa, Apple's Siri, Facebook's Portal, and Google Assistant, we show how to use light to obtain control over these devices at distances up to 110 meters and from two separate buildings. Next, we show that user authentication on these devices is often lacking, allowing the attacker to use light-injected voice commands to unlock the target's smartlock-protected front doors, open garage doors, shop on e-commerce websites at the target's expense, or even unlock and start various vehicles connected to the target's Google account (e.g., Tesla and Ford). Finally, we conclude with possible software and hardware defenses against our attacks.

Cryptography and Security

Ashish Hooda,Matthew Wallace,Kushal Jhunjhunwalla,Earlence Fernandes,Kassem Fawaz

DOI: https://doi.org/10.1145/3517232

2022-12-17

Abstract:Voice assistants are deployed widely and provide useful functionality. However, recent work has shown that commercial systems like Amazon Alexa and Google Home are vulnerable to voice-based confusion attacks that exploit design issues. We propose a systems-oriented defense against this class of attacks and demonstrate its functionality for Amazon Alexa. We ensure that only the skills a user intends execute in response to voice commands. Our key insight is that we can interpret a user's intentions by analyzing their activity on counterpart systems of the web and smartphones. For example, the Lyft ride-sharing Alexa skill has an Android app and a website. Our work shows how information from counterpart apps can help reduce dis-ambiguities in the skill invocation process. We build SkilIFence, a browser extension that existing voice assistant users can install to ensure that only legitimate skills run in response to their commands. Using real user data from MTurk (N = 116) and experimental trials involving synthetic and organic speech, we show that SkillFence provides a balance between usability and security by securing 90.83% of skills that a user will need with a False acceptance rate of 19.83%.

Cryptography and Security,Machine Learning

Forrest McKee,David Noever

2023-11-23

Abstract:In this study, we investigate the emerging threat of inaudible acoustic attacks targeting digital voice assistants, a critical concern given their projected prevalence to exceed the global population by 2024. Our research extends the feasibility of these attacks across various platforms like Amazon's Alexa, Android, iOS, and Cortana, revealing significant vulnerabilities in smart devices. The twelve attack vectors identified include successful manipulation of smart home devices and automotive systems, potential breaches in military communication, and challenges in critical infrastructure security. We quantitatively show that attack success rates hover around 60%, with the ability to activate devices remotely from over 100 feet away. Additionally, these attacks threaten critical infrastructure, emphasizing the need for multifaceted defensive strategies combining acoustic shielding, advanced signal processing, machine learning, and robust user authentication to mitigate these risks.

Cryptography and Security,Machine Learning,Sound,Audio and Speech Processing