Qian Wang,Xiu Lin,Man Zhou,Yanjiao Chen,Cong Wang,Qi Li,Luo Xiangyang

DOI: https://doi.org/10.1109/infocom.2019.8737422

2019-01-01

Abstract:Voice biometrics is widely adopted for identity authentication in mobile devices. However, voice authentication is vulnerable to spoofing attacks, where an adversary may deceive the voice authentication system with pre-recorded or synthesized samples from the legitimate user or by impersonating the speaking style of the targeted user. In this paper, we design and implement VoicePop, a robust software-only anti-spoofing system on smartphones. VoicePop leverages the pop noise, which is produced by the user breathing while speaking close to the microphone. The pop noise is delicate and subject to user diversity, making it hard to record by replay attacks beyond a certain distance and to imitate precisely by impersonators. We design a novel pop noise detection scheme to pinpoint pop noises at the phonemic level, based on which we establish individually unique relationship between phonemes and pop noises to identify legitimate users and defend against spoofing attacks. Our experimental results with 18 participants and three types of smartphones show that VoicePop achieves over 93.5% detection accuracy at around 5.4% equal error rate. VoicePop requires no additional hardware but only the built-in microphones in virtually all smartphones, which can be readily integrated in existing voice authentication systems for mobile devices.

Chen Yan,Yan Long,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1145/3319535.3354248

2019-01-01

Abstract:Verifying the identity of voice inputs is important as voices are increasingly used for sensitive operations. Traditional methods focus on differentiating individuals via the spectrographic features of voices (e.g., voiceprint), yet cannot cope with spoofing attacks, whereby a malicious attacker synthesizes the voice with almost the same voiceprint of a victim or simply replays it. This paper proposes CaField, a text-independent speaker verification method to detect loudspeaker-based voice spoofing attacks with the goal of achieving two seemingly conflicting requirements: usability and security. The key insight of CaField is to construct "fieldprint'' with the acoustic biometrics embedded in sound fields, i.e., a physical field of acoustic energy created as the sound propagates over the air, as analogous to "voiceprint''. We find that fieldprints can be distinctive between speakers (either humans or loudspeakers), and thus we may detect the speakers being used for spoofing attacks from the authentic users. Our evaluation on a dataset of 20 people and 8 loudspeakers shows that by relying on two on-board microphones to sample sound fields while users talk to the smartphones, CaField achieves a detection accuracy of 99.16% and an equal error rate (EER) of 0.85% across multiple sessions and various voice inputs. CaField supports low audio sample rates at 8~kHz and is robust to various factors including phone displacement, user posture, recording environment, etc.

Yan Meng,Jiachun Li,Haojin Zhu,Yuan Tian,Jiming Chen

DOI: https://doi.org/10.1109/tdsc.2023.3319833

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Smart speakers are widely used as the primary user interface in intelligent systems, including smart homes and industrial IoT. However, they are vulnerable to voice spoofing attacks which result in malicious command execution or privacy information leakage. Passive liveness detection, which thwarts voice spoofing via analyzing the collected audio rather than deploying sensors to distinguish between live-human and spoofing voices, has drawn increasing attention. But existing schemes either face performance degradation under environmental factor changes or require the user to keep fixed gestures, which limit their deployment in real-world scenarios. Besides, the space distributed property of smart speakers causes building a universal classifier for all involved users to be cumbersome and increases privacy leakage issues. To address the challenges mentioned above, we propose LIVEARRAY, an efficient, lightweight, and privacy-preserving passive liveness detection system. LIVEARRAY exploits a novel liveness feature, array fingerprint, which utilizes the microphone array inherently adopted by the smart speaker to improve the accuracy of liveness detection. LIVEARRAY's further employs the federated learning-based architecture to reduce the dataset collection overhead during classifier building and eliminate the potential privacy leakage during data transmission. Experimental results show that LIVEARRAY achieves an accuracy of 99.16%, which is superior to existing passive schemes

Zhuoyang Shi,Chaohao Li,Zizhi Jin,Weinong Sun,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/icpads53394.2021.00027

2021-01-01

Abstract:Due to the open nature of voice and voice interface, attackers can easily record the user's voice commands and spoof the voice recognition systems by replaying them. Existing voice replay attack detection methods mainly rely on extra hardware to determine the sound source or require excessively computing resources for training the classifier with a large number of acoustic features. Hence, we prop...

Li Lu,Jiadi Yu,Yingying Chen,Hongbo Liu,Yanmin Zhu,Linghe Kong,Minglu Li

DOI: https://doi.org/10.1109/tnet.2019.2891733

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:To prevent users’ privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, and so on, to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although the state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Toward this end, we explore liveness verification of user authentication leveraging users’ mouth movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users’ speaking mouths through acoustic sensing on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users’ speaking mouths and find that there are unique mouth movement patterns for different individuals. To characterize the mouth movements, we propose a deep learning-based method to extract efficient features from Doppler profiles and employ softmax function, support vector machine, and support vector domain description to construct multi-class identifier, binary classifiers, and spoofer detectors for mouth state identification, user identification, and spoofer detection, respectively. Afterward, we develop a balanced binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.2% accuracy in user identification and 93.1% accuracy in spoofer detection.

Yan Meng,Haojin Zhu,Jinlei Li,Jin Li,Yao Liu

DOI: https://doi.org/10.1109/tdsc.2020.2973620

2020-01-01

Abstract:Voice interface has been a dominant User Interface (UI) channel in the popular smart home environment. Although Voice Control System (VCS) brings users conveniences, it is extremely vulnerable to spoofing attacks (e.g., hidden/inaudible command attack) due to its broadcast nature. In this study, to thwart spoofing attacks, we propose WSVA, a device-free voice liveness detection system based on the prevalent wireless signals generated by IoT devices without requiring user to carry any additional sensor or device. The basic insight of WSVA to distinguish the authentic voice command from a spoofed one is checking the consistency between the voice signal and its corresponding mouth motions, which can be captured by wireless signals. To achieve this goal, WSVA builds a theoretical model to describe the correlations among the wireless signal changes, the mouth motions, and the syllables in the voice command. Then, WSVA selects appropriate features from both voice and wireless signals, and calculates the consistency between these two types of signals to determine whether the VCS is suffering from the spoofing attack. To demonstrate the feasibility of WSVA, we conduct a case study on Samsung SmartThings platform and include WSVA as a new application, which is expected to significantly enhance the security of the existing VCS. We evaluate WSVA with various voice commands in different scenarios. Experimental results demonstrate that WSVA achieves the overall 99 percent true accept rate with 1 percent false accept rate with a good scalability and low latency.

Hanqing Guo,Qiben Yan,Nikolay Ivanov,Ying Zhu,Li Xiao,Eric J. Hunter

DOI: https://doi.org/10.48550/arXiv.2205.14496

2022-05-29

Abstract:Voice-activated systems are integrated into a variety of desktop, mobile, and Internet-of-Things (IoT) devices. However, voice spoofing attacks, such as impersonation and replay attacks, in which malicious attackers synthesize the voice of a victim or simply replay it, have brought growing security concerns. Existing speaker verification techniques distinguish individual speakers via the spectrographic features extracted from an audible frequency range of voice commands. However, they often have high error rates and/or long delays. In this paper, we explore a new direction of human voice research by scrutinizing the unique characteristics of human speech at the ultrasound frequency band. Our research indicates that the high-frequency ultrasound components (e.g. speech fricatives) from 20 to 48 kHz can significantly enhance the security and accuracy of speaker verification. We propose a speaker verification system, SUPERVOICE that uses a two-stream DNN architecture with a feature fusion mechanism to generate distinctive speaker models. To test the system, we create a speech dataset with 12 hours of audio (8,950 voice samples) from 127 participants. In addition, we create a second spoofed voice dataset to evaluate its security. In order to balance between controlled recordings and real-world applications, the audio recordings are collected from two quiet rooms by 8 different recording devices, including 7 smartphones and an ultrasound microphone. Our evaluation shows that SUPERVOICE achieves 0.58% equal error rate in the speaker verification task, it only takes 120 ms for testing an incoming utterance, outperforming all existing speaker verification systems. Moreover, within 91 ms processing time, SUPERVOICE achieves 0% equal error rate in detecting replay attacks launched by 5 different loudspeakers.

Sound,Human-Computer Interaction,Machine Learning,Audio and Speech Processing

Qiang Yang,Kaiyan Cui,Yuanqing Zheng

DOI: https://doi.org/10.1109/tdsc.2024.3367269

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Voice assistants are widely integrated into a variety of mobile devices, enabling users to easily complete daily tasks and even critical operations like online transactions with voice commands. Thus, once attackers replay a secretly-recorded voice command by loudspeakers to compromise users' voice assistants, this operation will cause serious consequences, such as information leakage and property loss. Unfortunately, most voice liveness detection approaches against replay attacks mainly rely on detecting lip motions or subtle physiological features in speech, which are limited within a very short range. In this paper, we propose VoShield to check whether a voice command is from a genuine user or a loudspeaker imposter. VoShield measures sound field dynamics, a feature that changes fast as the human mouths dynamically open and close. In contrast, it would remain rather stable for loudspeakers due to the fixed size. This feature enables VoShield to largely extend the working distance and remain resilient to user locations. Besides, sound field dynamics are extracted from the difference between multiple microphone channels, making this feature robust to voice volume. To evaluate VoShield, we conducted comprehensive experiments with various settings in different working scenarios. The results show that VoShield can achieve a detection accuracy of 98.2% and an Equal Error Rate of 2.0%, which serves as a promising complement to current voice authentication systems for smart mobile devices.

computer science, information systems, software engineering, hardware & architecture

Yuan Gong,Christian Poellabauer

DOI: https://doi.org/10.1109/ICCCN.2018.8487334

2018-11-17

Abstract:Over the last few years, a rapidly increasing number of Internet-of-Things (IoT) systems that adopt voice as the primary user input have emerged. These systems have been shown to be vulnerable to various types of voice spoofing attacks. Existing defense techniques can usually only protect from a specific type of attack or require an additional authentication step that involves another device. Such defense strategies are either not strong enough or lower the usability of the system. Based on the fact that legitimate voice commands should only come from humans rather than a playback device, we propose a novel defense strategy that is able to detect the sound source of a voice command based on its acoustic features. The proposed defense strategy does not require any information other than the voice command itself and can protect a system from multiple types of spoofing attacks. Our proof-of-concept experiments verify the feasibility and effectiveness of this defense strategy.

Cryptography and Security,Sound,Audio and Speech Processing

Si Chen,Kui Ren,Sixu Piao,Cong Wang,Qian Wang,Jian Weng,Lu Su,Aziz Mohaisen

DOI: https://doi.org/10.1109/ICDCS.2017.133

2017-01-01

Abstract:Voice, as a convenient and efficient way of information delivery, has a significant advantage over the conventional keyboard-based input methods, especially on small mobile devices such as smartphones and smartwatches. However, the human voice could often be exposed to the public, which allows an attacker to quickly collect sound samples of targeted victims and further launch voice impersonation attacks to spoof those voice-based applications. In this paper, we propose the design and implementation of a robust software-only voice impersonation defense system, which is tailored for mobile platforms and can be easily integrated with existing off-the-shelf smart devices. In our system, we explore magnetic field emitted from loudspeakers as the essential characteristic for detecting machine-based voice impersonation attacks. Furthermore, we use a state-of-the-art automatic speaker verification system to defend against human imitation attacks. Finally, our evaluation results show that our system achieves simultaneously high accuracy (100%) and low equal error rates (EERs) (0%) in detecting the machine-based voice impersonation attack on smartphones.

Chang Zeng,Xiaoxiao Miao,Xin Wang,Erica Cooper,Junichi Yamagishi

2024-09-10

Abstract:In real-world applications, it is challenging to build a speaker verification system that is simultaneously robust against common threats, including spoofing attacks, channel mismatch, and domain mismatch. Traditional automatic speaker verification (ASV) systems often tackle these issues separately, leading to suboptimal performance when faced with simultaneous challenges. In this paper, we propose an integrated framework that incorporates pair-wise learning and spoofing attack simulation into the meta-learning paradigm to enhance robustness against these multifaceted threats. This novel approach employs an asymmetric dual-path model and a multi-task learning strategy to handle ASV, anti-spoofing, and spoofing-aware ASV tasks concurrently. A new testing dataset, CNComplex, is introduced to evaluate system performance under these combined threats. Experimental results demonstrate that our integrated model significantly improves performance over traditional ASV systems across various scenarios, showcasing its potential for real-world deployment. Additionally, the proposed framework's ability to generalize across different conditions highlights its robustness and reliability, making it a promising solution for practical ASV applications.

Audio and Speech Processing,Sound

Yitao He,Junyu Bian,Xinyu Tong,Zihui Qian,Wei Zhu,Xiaohua Tian,Xinbing Wang

DOI: https://doi.org/10.1145/3300061.3345429

2019-01-01

Abstract:Recent studies show that the voice control system (VCS) is subject to the inaudible voice command attack, which can not be heard by human ears but can be recorded by the microphone. An adversary could leverage the attack to disable the VCS user's home security system, leak the victim's privacy or download malware stealthily. Efforts have been dedicated to developing forensics based defense mechanisms, which target at detecting traces of the attack signal; however, we find that existing approaches of the kind still leave loopholes. Moreover, a complete defense mechanism should be able to not only detect the attack but also cancel out the attack signal, and meanwhile ensure the legitimate voice commands unaffected, which however is still unavailable to the best of our knowledge. This paper is an attempt to fill the gap. We first systematically analyze existing forensics based defense mechanisms and reveal the root cause of their loopholes. Then we present an active inaudible-voice-command cancellation (AIC) design, which can reliably detect and capture the attack signal facilitated by our custom-designed "guard" signal transmitter. AIC can create a special spectrum in the passband of the VCS microphone, based on which we are able to neutralize the attack signal in software means. We implement a prototype of our defense system and conduct comprehensive experiments to validate our design.

Linghan Zhang,Jie Yang

DOI: https://doi.org/10.48550/arXiv.2106.00859

2021-06-02

Abstract:Voice biometrics is drawing increasing attention as it is a promising alternative to legacy passwords for user authentication. Recently, a growing body of work shows that voice biometrics is vulnerable to spoofing through replay attacks, where an adversary tries to spoof voice authentication systems by using a pre-recorded voice sample collected from a genuine user. To this end, we propose VoiceGesture, a liveness detection solution for voice authentication on smart devices such as smartphones and smart speakers. VoiceGesture detects a live user by leveraging both the unique articulatory gesture of the user when speaking a passphrase and the audio hardware advances on these smart devices. Specifically, our system re-uses a pair of built-in speaker and microphone on a smart device as a Doppler radar, which transmits a high-frequency acoustic sound from the speaker and listens to the reflections at the microphone when a user speaks a passphrase. Then we extract Doppler shifts resulted from the user's articulatory gestures for liveness detection. VoiceGesture is practical as it requires neither cumbersome operations nor additional hardware but a speaker and a microphone commonly available on smart devices that support voice input. Our experimental evaluation with 21 participants and different smart devices shows that VoiceGesture achieves over 99% and around 98% detection accuracy for text-dependent and text-independent liveness detection, respectively. Results also show that VoiceGesture is robust to different device placements, low audio sampling frequency, and supports medium range liveness detection on smart speakers in various use scenarios like smart homes and smart vehicles.

Cryptography and Security,Human-Computer Interaction

Peipei Jiang,Qian Wang,Xiu Lin,Man Zhou,Wenbing Ding,Cong Wang,Chao Shen,Qi Li

DOI: https://doi.org/10.1109/tdsc.2022.3163024

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Voice authentication has been increasingly adopted for sensitive operations on mobile devices. While voice biometrics can distinguish individuals by their spectral features (such as voiceprints), they are known to be prone to spoofing attacks, where malicious attackers can use pre-recorded or synthesized samples from legitimate users or impersonate the speaking style of the targeted user to deceive the voice authentication system. In this paper, we design and implement a novel software-only anti-spoofing system on smartphones. Our system leverages the pop noise, which is generated by the user’s oral airflow when speaking the passphrase close to the microphone. The pop noise is delicate and subject to user diversity, making it hard to be recorded by replay attacks beyond a certain distance or to be imitated precisely by impersonators. Specifically, we design a new pop noise detection scheme to pinpoint pop noises at the phonemic level, based on which we establish a theoretical model to calculate the sound pressure level from the speech signal in order to get the estimated pressure signal, and then analyze the consistency with the actual pressure signal extracted from the pop noise. Furthermore, we calculate the similarity score of the unique sequences which describe the individually unique relationship between pop noises and phonemes to resist spoofing attacks. Our evaluation on a dataset of 30 participants and three smartphones shows that our system achieves over 94.79% accuracy. Our system requires no additional hardware and is robust to various factors including authentication angle, authentication distance, the length of passphrase, ambient noise, etc.

Jincheng Zhou,Tao Hai,Dayang N. A. Jawawi,Dan Wang,Ebuka Ibeke,Cresantus Biamba

DOI: https://doi.org/10.1186/s13677-022-00306-5

2022-01-01

Journal of Cloud Computing

Abstract:In our everyday lives, we communicate with each other using several means and channels of communication, as communication is crucial in the lives of humans. Listening and speaking are the primary forms of communication. For listening and speaking, the human voice is indispensable. Voice communication is the simplest type of communication. The Automatic Speaker Verification (ASV) system verifies users with their voices. These systems are susceptible to voice spoofing attacks - logical and physical access attacks. Recently, there has been a notable development in the detection of these attacks. Attackers use enhanced gadgets to record users’ voices, replay them for the ASV system, and be granted access for harmful purposes. In this work, we propose a secure voice spoofing countermeasure to detect voice replay attacks. We enhanced the ASV system security by building a spoofing countermeasure dependent on the decomposed signals that consist of prominent information. We used two main features— the Gammatone Cepstral Coefficients and Mel-Frequency Cepstral Coefficients— for the audio representation. For the classification of the features, we used Bi-directional Long-Short Term Memory Network in the cloud, a deep learning classifier. We investigated numerous audio features and examined each feature’s capability to obtain the most vital details from the audio for it to be labelled genuine or a spoof speech. Furthermore, we use various machine learning algorithms to illustrate the superiority of our system compared to the traditional classifiers. The results of the experiments were classified according to the parameters of accuracy, precision rate, recall, F1-score, and Equal Error Rate (EER). The results were 97%, 100%, 90.19% and 94.84%, and 2.95%, respectively.

Yan Meng,Zichang Wang,Wei Zhang,Peilin Wu,Haojin Zhu,Xiaohui Liang,Yao Liu

DOI: https://doi.org/10.1145/3209582.3209591

2018-01-01

Abstract:With the prevalent of smart devices and home automations, voice command has become a popular User Interface (UI) channel in the IoT environment. Although Voice Control System (VCS) has the advantages of great convenience, it is extremely vulnerable to the spoofing attack (e.g., replay attack, hidden/inaudible command attack) due to its broadcast nature. In this study, we present WiVo, a device-free voice liveness detection system based on the prevalent wireless signals generated by IoT devices without any additional devices or sensors carried by the users. The basic motivation of WiVo is to distinguish the authentic voice command from a spoofed one via its corresponding mouth motions, which can be captured and recognized by wireless signals. To achieve this goal, WiVo builds a theoretical model to characterize the correlation between wireless signal dynamics and the user's voice syllables. WiVo extracts the unique features from both voice and wireless signals, and then calculates the consistency between these different types of signals in order to determine whether the voice command is generated by the authentic user of VCS or an adversary. To evaluate the effectiveness of WiVo, we build a testbed based on Samsung SmartThings framework and include WiVo as a new application, which is expected to significantly enhance the security of the existing VCS. We have evaluated WiVo with 6 participants and different voice commands. Experimental evaluation results demonstrate that WiVo achieves the overall 99% detection rate with 1% false accept rate and has a low latency.

You Zhang,Fei Jiang,Zhiyao Duan

DOI: https://doi.org/10.1109/LSP.2021.3076358

2021-02-09

Abstract:Human voices can be used to authenticate the identity of the speaker, but the automatic speaker verification (ASV) systems are vulnerable to voice spoofing attacks, such as impersonation, replay, text-to-speech, and voice conversion. Recently, researchers developed anti-spoofing techniques to improve the reliability of ASV systems against spoofing attacks. However, most methods encounter difficulties in detecting unknown attacks in practical use, which often have different statistical distributions from known attacks. Especially, the fast development of synthetic voice spoofing algorithms is generating increasingly powerful attacks, putting the ASV systems at risk of unseen attacks. In this work, we propose an anti-spoofing system to detect unknown synthetic voice spoofing attacks (i.e., text-to-speech or voice conversion) using one-class learning. The key idea is to compact the bona fide speech representation and inject an angular margin to separate the spoofing attacks in the embedding space. Without resorting to any data augmentation methods, our proposed system achieves an equal error rate (EER) of 2.19% on the evaluation set of ASVspoof 2019 Challenge logical access scenario, outperforming all existing single systems (i.e., those without model ensemble).

Audio and Speech Processing,Sound

Wenbin Huang,Wenjuan Tang,Hongbo Jiang,Yaoxue Zhang

DOI: https://doi.org/10.1109/tmc.2024.3411791

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Millions of mobile devices are currently equipped with voice assistant (VA) for robust identity authentication. Regrettably, VA authentication remains susceptible to voice spoofing attacks, encompassing playback, synthesis, and conversion attacks. Despite numerous proposed defense schemes, these solutions exhibit deficiencies such as limited versatility and cumbersome implementation. Many are specialized in detecting only one specific type of attack, necessitate additional equipment, or mandate placing the device in specific locations. In this study, we introduce a versatile and user-friendly scheme designed to counteract voice spoofing attacks by analyzing common nonlinear features inherent in vocalization systems. Initially, we demonstrate the nonlinear nature of both human and mobile device vocalization by scrutinizing the mechanisms and processes of voice generation. Subsequently, we develop a comprehensive nonlinear model and extract a universal acoustic nonlinear property to discern sounds produced by humans from those generated by loudspeakers, thereby enhancing resistance against spoofing attacks. Finally, we conduct extensive experiments utilizing a real-world collected dataset and the supplementary ASVspoof2017 dataset. Evaluation results reveal that the proposed scheme significantly improves accuracy and computation cost by nearly 40% and 15%, respectively.

Yan Meng,Jiachun Li,Matthew Pillari,Arjun Deopujari,Liam Brennan,Hafsah Shamsie,Haojin Zhu,Yuan Tian

2022-01-01

Abstract:Though playing an essential role in smart home systems, smart speakers are vulnerable to voice spoofing attacks. Passive liveness detection, which utilizes only the collected audio rather than the deployed sensors to distinguish between live-human and replayed voices, has drawn increasing attention. However, it faces the challenge of performance degradation under the different environmental factors as well as the strict requirement of the fixed user gestures. In this study, we propose a novel liveness feature, array fingerprint, which utilizes the microphone array inherently adopted by the smart speaker to determine the identity of collected audios. Our theoretical analysis demonstrates that by leveraging the circular layout of microphones, compared with existing schemes, array fingerprint achieves a more robust performance under the environmental change and user's movement. Then, to leverage such a fingerprint, we propose ARRAYID, a lightweight passive detection scheme, and elaborate a series of features working together with array fingerprint. Our evaluation on the dataset containing 32,780 audio samples and 14 spoofing devices shows that ARRAYID achieves an accuracy of 99.84%, which is superior to existing passive liveness detection schemes.

Feiyu Han,Panlong Yang,Haohua Du,Xiang-Yang Li

DOI: https://doi.org/10.1145/3560905.3568522

2022-01-01

Abstract:Most existing voice-based user authentication systems mainly rely on microphones to capture the unique vocal characteristics of an individual, which makes these systems vulnerable to various acoustic attacks and suffer high-security risks. In this work, we present Accuth , a novel authentication system that takes advantage of a low-cost accelerometer to verify the user's identity and resist spoofing acoustic attacks. Accuth captures unique sound vibrations during the human pronunciation process and extracts multi-level features to verify the user's identity. Specifically, we analyze and model the differences between the physical sound field of human beings and loudspeakers, and extract a novel sound-field-level liveness feature to defend against spoofing attacks. Accuth is an effective complement to existing authentication approaches as it only leverages a ubiquitous, low-cost, and small-size accelerometer. In real-world experiments, Accuth achieves over 90% identification accuracy among 15 human participants and an average equal error rate (EER) of 3.02% for spoofing attack detection.