Yanjiao Chen,Meng Xue,Jian Zhang,Qianyun Guan,Zhiyuan Wang,Qian Zhang,Wei Wang

DOI: https://doi.org/10.1145/3494962

2021-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:Voice-based authentication is prevalent on smart devices to verify the legitimacy of users, but is vulnerable to replay attacks. In this paper, we propose to leverage the distinctive chest motions during speaking to establish a secure multi-factor authentication system, named ChestLive. Compared with other biometric-based authentication systems, ChestLive does not require users to remember any complicated information (e.g., hand gestures, doodles) and the working distance is much longer (30cm). We use acoustic sensing to monitor chest motions with a built-in speaker and microphone on smartphones. To obtain fine-grained chest motion signals during speaking for reliable user authentication, we derive Channel Energy (CE) of acoustic signals to capture the chest movement, and then remove the static and non-static interference from the aggregated CE signals. Representative features are extracted from the correlation between voice signal and corresponding chest motion signal. Unlike learning-based image or speech recognition models with millions of available training samples, our system needs to deal with a limited number of samples from legitimate users during enrollment. To address this problem, we resort to meta-learning, which initializes a general model with good generalization property that can be quickly fine-tuned to identify a new user. We implement ChestLive as an application and evaluate its performance in the wild with 61 volunteers using their smartphones. Experiment results show that ChestLive achieves an authentication accuracy of 98.31% and less than 2% of false accept rate against replay attacks and impersonation attacks. We also validate that ChestLive is robust to various factors, including training set size, distance, angle, posture, phone models, and environment noises.

Li Lu,Jiadi Yu,Yingying Chen,Hongbo Liu,Yanmin Zhu,Linghe Kong,Minglu Li

DOI: https://doi.org/10.1109/tnet.2019.2891733

2019-01-01

IEEE/ACM Transactions on Networking

Abstract:To prevent users’ privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, and so on, to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although the state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Toward this end, we explore liveness verification of user authentication leveraging users’ mouth movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users’ speaking mouths through acoustic sensing on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users’ speaking mouths and find that there are unique mouth movement patterns for different individuals. To characterize the mouth movements, we propose a deep learning-based method to extract efficient features from Doppler profiles and employ softmax function, support vector machine, and support vector domain description to construct multi-class identifier, binary classifiers, and spoofer detectors for mouth state identification, user identification, and spoofer detection, respectively. Afterward, we develop a balanced binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.2% accuracy in user identification and 93.1% accuracy in spoofer detection.

Li Lu,Jiadi Yu,Yingying Chen,Hongbo Liu,Yanmin Zhu,Yunfei Liu,Minglu Li

DOI: https://doi.org/10.1109/infocom.2018.8486283

2018-01-01

Abstract:To prevent users' privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, etc., to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Towards this end, we explore liveness verification of user authentication leveraging users' lip movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users' speaking lips leveraging build-in audio devices on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users' speaking lips, and find that there are unique lip movement patterns for different individuals. To characterize the lip movements, we propose a deep learning-based method to extract efficient features from Doppler profiles, and employ Support Vector Machine and Support Vector Domain Description to construct binary classifiers and spoofer detectors for user identification and spoofer detection, respectively. Afterwards, we develop a binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.21% accuracy in user identification and 93.1% accuracy in spoofer detection.

Zhaohui Li,Wei Luo,Yongmin Zhang,Jianxi Chen,Yuanchao Shu,Yaoxue Zhang

DOI: https://doi.org/10.1145/3666025.3699321

2024-01-01

Abstract:As society progresses, liquid identification plays an increasingly important role in human life. But for now, minority of existing liquid identification solutions on the market can meet daily requirements of being ubiquitous, cost-effective and non-intrusive enough. In this work, we propose ASLiquid, the first liquid counterfeit identification system with commercial off-the-shelf earphones. Our core insight is that earphones can effectively induce acoustic resonance in container, and this phenomenon is observed highly associated with the changes in liquid density and solute compositions. Deploying ASLiquid introduces three main challenges: hardware heterogeneity among different earphones, diversity of user operations, and data complexity due to variations in liquid volume and device placement. To address these issues, we first propose to eliminate the existence of hardware noise and frequency response diversity for an earphone-irrelevant solution. Afterwards, we design a user operation adaptation algorithm to extract valuable feature data during each measurement period. To alleviate problems in data complexity, we propose a spectrum projection algorithm that can effectively generate CFR data of unknown liquid volumes and a VAE based anomaly detection model for counterfeit identification. We evaluate our system with six different earphones and under various conditions. Experimental results reveal that ASLiquid can achieve F1 scores of 95%-99.25% for seven frequently occurring liquid counterfeit tasks, even in specialized attacks on liquids with 1% difference in mass fraction and different types of solutions but with the same density.

Libing Wu,Jingxiao Yang,Man Zhou,Yanjiao Chen,Qian Wang

DOI: https://doi.org/10.1109/tifs.2019.2944058

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Voice authentication is becoming increasingly popular, which offers potential benefits over knowledge and possession based authentication methods. Meanwhile, the unique features of lip movements during speaking have been proved to be useful for authentication. However, the unimodal biometric authentication systems based on either voice or lip movements have certain limitations. Voice authentication systems are prone to spoofing attacks and suffer from serious performance degradation in noisy environments. Lip movements authentication systems are unstable and are sensitive to the user's physical and psychological conditions. In this paper, we propose and implement LVID, a multimodal biometrics authentication system on smartphones, which resolves the defects of the original systems by combining the advantages of lip movements and voice. LVID simultaneously captures these two biometrics with the built-in audio devices on smartphones and fuses them at the data level. The reliable and effective features are then extracted from the fused data for authentication. LVID is practical as it requires neither cumbersome operations nor additional hardwares but only a speaker and a microphone that are commonly available on smartphones. Our experimental results with 104 participants show that LVID can achieve 95 accuracy for user authentication, and 93.47 of the attacks can be detected. It is also verified that LVID works well with different smartphones and is robust to different smartphone positions.

Li Lü,Jiadi Yu,Yingying Chen,Yan Wang

DOI: https://doi.org/10.1145/3397320

2020-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:Recent years have witnessed the surge of biometric-based user authentication for mobile devices due to its promising security and convenience. As a natural and widely-existed behavior, human speaking has been exploited for user authentication. Existing voice-based user authentication explores the unique characteristics from either the voiceprint or mouth movements, which is vulnerable to replay attacks and mimic attacks. During speaking, the vocal tract, including the static shape and dynamic movements, also exhibits the individual uniqueness, and they are hardly eavesdropped and imitated by adversaries. Hence, our work aims to employ the individual uniqueness of vocal tract to realize user authentication on mobile devices. Moreover, most voice-based user authentications are passphrase-dependent, which significantly degrade the user experience. Thus, such user authentications are pressed to be implemented in a passphrase-independent manner while being able to resist various attacks. In this paper, we propose a user authentication system, VocalLock, which senses the whole vocal tract during speaking to identify different individuals in a passphrase-independent manner on smartphones leveraging acoustic signals. VocalLock first utilizes FMCW on acoustic signals to characterize both the static shape and dynamic movements of the vocal tract during speaking, and then constructs a passphrase-independent user authentication model based on the unique characteristics of vocal tract through GMM-UBM. The proposed VocalLock can resist various spoofing attacks, while achieving a satisfactory user experience. Extensive experiments in real environments demonstrate VocalLock can accurately authenticate user identity in a passphrase-independent manner and successfully resist various attacks.

Feiyu Han,Panlong Yang,Shaojie Yan,Haohua Du,Yuanhao Feng

DOI: https://doi.org/10.1109/INFOCOM53939.2023.10229037

2023-01-01

Abstract:As one of the most natural physiological activities, breathing provides an effective and ubiquitous approach for continuous authentication. Inspired by that, this paper presents BreathSign, which reveals a novel biometric characteristic using bone-conducted human breathing sound and provides an anti-spoofing and transparent authentication mechanism based on inward-facing microphones on commercial earphones. To explore the breathing differences among persons, we first analyze how the breathing sound propagates in the body, and then derive unique body physics-level features from breathing-induced body sounds. Furthermore, to eliminate the impact of behavioral biometrics, we design a triple network model to reconstruct breathing behavior-independent features. Extensive experiments with 20 subjects over a period have been conducted to evaluate the accuracy, robustness, and vulnerability of BreathSign. The results show that our system accurately authenticates users with an average authentication accuracy rate of 95.17% via only one breathing cycle, and effectively defends against various spoofing attacks with an average spoofing attack detection rate of 98.25%. Compared with other continuous authentication solutions, BreathSign extracts hard-to-forge biometrics in the effortless human breathing activity for authentication and can be easily implemented on commercial earphones with high usability and enhanced security.

Yadong Xie,Fan Li,Yue Wu,Huijie Chen,Zhiyuan Zhao,Yu Wang

DOI: https://doi.org/10.1109/infocom48880.2022.9796951

2022-01-01

Abstract:With the rapid development of mobile devices and the fast increase of sensitive data, secure and convenient mobile authentication technologies are desired. Except for traditional passwords, many mobile devices have biometric-based authentication methods (e.g., fingerprint, voiceprint, and face recognition), but they are vulnerable to spoofing attacks. To solve this problem, we study new biometric features which are based on the dental occlusion and find that the bone-conducted sound of dental occlusion collected in binaural canals contains unique features of individual bones and teeth. Motivated by this, we propose a novel authentication system, TeethPass, which uses earbuds to collect occlusal sounds in binaural canals to achieve authentication. We design an event detection method based on spectrum variance and double thresholds to detect bone-conducted sounds. Then, we analyze the time-frequency domain of the sounds to filter out motion noises and extract unique features of users from three aspects: bone structure, occlusal location, and occlusal sound. Finally, we design an incremental learning-based Siamese network to construct the classifier. Through extensive experiments including 22 participants, the performance of TeethPass in different environments is verified. TeethPass achieves an accuracy of 96.8% and resists nearly 99% of spoofing attacks.

Chenpei Huang,Hui Zhong,Jie Lian,Pavana Prakash,Dian Shi,Yuan Xu,Miao Pan

2023-09-27

Abstract:Recent advances in machine learning and natural language processing have fostered the enormous prosperity of smart voice assistants and their services, e.g., Alexa, Google Home, Siri, etc. However, voice spoofing attacks are deemed to be one of the major challenges of voice control security, and never stop evolving such as deep-learning-based voice conversion and speech synthesis techniques. To solve this problem outside the acoustic domain, we focus on head-wearable devices, such as earbuds and virtual reality (VR) headsets, which are feasible to continuously monitor the bone-conducted voice in the vibration domain. Specifically, we identify that air and bone conduction (AC/BC) from the same vocalization are coupled (or concurrent) and user-level unique, which makes them suitable behavior and biometric factors for multi-factor authentication (MFA). The legitimate user can defeat acoustic domain and even cross-domain spoofing samples with the proposed two-stage AirBone authentication. The first stage answers \textit{whether air and bone conduction utterances are time domain consistent (TC)} and the second stage runs \textit{bone conduction speaker recognition (BC-SR)}. The security level is hence increased for two reasons: (1) current acoustic attacks on smart voice assistants cannot affect bone conduction, which is in the vibration domain; (2) even for advanced cross-domain attacks, the unique bone conduction features can detect adversary's impersonation and machine-induced vibration. Finally, AirBone authentication has good usability (the same level as voice authentication) compared with traditional MFA and those specially designed to enhance smart voice security. Our experimental results show that the proposed AirBone authentication is usable and secure, and can be easily equipped by commercial off-the-shelf head wearables with good user experience.

Cryptography and Security,Human-Computer Interaction,Signal Processing

Zhenyang Guo,Hao Yan,Jin Cao,Jiawei Yang,Ben Niu,Ang Li,Hui Li

DOI: https://doi.org/10.1109/jiot.2024.3450692

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Presently, the prevalent authentication approaches in smartphones are susceptible to interference from light,0 noise, temperature, and the risk of replay attacks. In light of these vulnerabilities, and taking into account user behavior alongside smartphone interaction patterns, we have developed an innovative behavioral-based authentication system. This system harnesses the distinctiveness of individual keystroke dynamics for secure user authentication, offering resilience against noise and light fluctuations. In this unique approach, our smartphone’s speakers and microphones emit and capture high-frequency acoustic signals (AS). To the best of our knowledge, this is the first instance of employing the Doppler effect generated by the high-frequency AS in response to keystroke activity as a distinctive user feature. Our definition of ’keystroke behavior’ encompasses the motions involved in tapping screen buttons while holding the smartphone, effectively capturing unique user attributes without necessitating any special procedures or passwords. Our initial experiments have convincingly shown that the AS Doppler effect, triggered by keystroke actions, is uniquely identifiable per user during button presses. Subsequently, we utilized a Convolutional Autoencoder (CAE) to distill keystroke behaviors from the reflected signals, employing a One-Class Support Vector Machine (OCSVM) for user authentication and identification processes. We then implemented a prototype of this scheme on smartphones and rigorously tested its performance across four real-world scenarios. The outcomes are promising, demonstrating that our scheme not only withstands disturbances from noise and light but also achieves an impressive average accuracy rate of 95.08%. Regarding security, it effectively thwarts replay and record attacks, further underscoring its robustness and reliability.

Zi Wang,Jie Yang

DOI: https://doi.org/10.48550/arXiv.2108.05432

2021-08-11

Cryptography and Security

Abstract:Biometric-based authentication is gaining increasing attention for wearables and mobile applications. Meanwhile, the growing adoption of sensors in wearables also provides opportunities to capture novel wearable biometrics. In this work, we propose EarDynamic, an ear canal deformation-based user authentication using in-ear wearables. EarDynamic provides continuous and passive user authentication and is transparent to users. It leverages ear canal deformation that combines the unique static geometry and dynamic motions of the ear canal when the user is speaking for authentication. It utilizes an acoustic sensing approach to capture the ear canal deformation with the built-in microphone and speaker of the in-ear wearable. Specifically, it first emits well-designed inaudible beep signals and records the reflected signals from the ear canal. It then analyzes the reflected signals and extracts fine-grained acoustic features that correspond to the ear canal deformation for user authentication. Our extensive experimental evaluation shows that EarDynamic can achieve a recall of 97.38% and an F1 score of 96.84%. Results also show that our system works well under different noisy environments with various daily activities.

Ying Zhang,Huaiyu Zhu,Haipeng Liu,Dingchang Zheng,Shaomin Zhang,Yun Pan

DOI: https://doi.org/10.1109/EMBC48229.2022.9871902

2022-01-01

Abstract:Swallowing recognition is the leading step in the evaluation of dysphagia which seriously affects people's life. Current medical swallowing monitoring methods require an in-hospital environment and overly rely on professional knowledge of the medical staff. In this study, we developed a wearable swallowing recognition system that consists of an on-neck wearable swallowing sensing device and a data processing module on a host computer. The wearable device collects inertial signals including acceleration and angular velocity, as well as dual photoplethysmography (PPG) signals based on infrared and green light from the neck. A novel processing framework for dual PPG signals is proposed to extract and enhance the laryngeal motion component introduced by swallowing activities in the data processing module. The laryngeal motion component of dual PPG signals together with the preprocessed inertial signals are further used for feature extraction to proceed swallowing recognition based on random forest classifier. We collected data from 32 healthy subjects in the center and side positions on the neck using our system to analyze their swallowing activities. As a result, we achieved a high average area under curve (AUC) of the swallowing recognition by 86.6%. We also find the sensing position has a significant impact on gender-specific swallowing recognition performance, as the center position was better for females (92.9%), while the side position was better for males (87.6%). The results indicate that the proposed system could achieve high integrity and good performance, which is helpful for the future swallowing research.

Jianxiang Peng,Zhanjun Hao,Zhenyi Zhang,Ruidong Wang,Mengqiao Li,Xiaochao Dang

DOI: https://doi.org/10.1109/jsen.2024.3353256

IF: 4.3

2024-03-15

IEEE Sensors Journal

Abstract:User authentication is crucial for privacy and security. In daily life, personalized intelligent devices are frequently used; however, these devices are vulnerable to unauthorized access, which can result in serious privacy breaches. To address this problem, this article proposes a user security authentication method that uses millimeter-wave radar to perceive human life signals for verification. First, the millimeter-wave radar is used to perceive the user's breathing and heartbeat signals. Second, to eliminate the influence of breath-holding on the verification result, this article adopts the method of recognizing breathing patterns and establishing two channels: one for other breathing signals when not holding breath and another for heartbeat signals when holding breath. Finally, the wavelet packet decomposition (WPD) and Mel-frequency cepstral coefficients (MFCC) features of the user's breathing signals, as well as the MFCC features of the heartbeat signals, are extracted. A lightweight neural network, ShuffleNet V2, is used for security authentication. Through a large number of experiments, the verification accuracy is 93.7%.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Huining Li,Chenhan Xu,Aditya Singh Rathore,Zhengxiong Li,Hanbin Zhang,Chen Song,Kun Wang,Lu Su,Feng Lin,Kui Ren,Wenyao Xu

DOI: https://doi.org/10.1109/tmc.2021.3084971

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:With the continuing growth of voice-controlled devices, voice metrics have been widely used for user identification. However, voice biometrics is vulnerable to replay attacks and ambient noise. We identify that the fundamental vulnerability in voice biometrics is rooted in its indirect sensing modality (e.g., microphone). In this paper, we present VocalPrint, a resilient mmWave interrogation system which directly captures and analyzes the vocal vibrations for user authentication. Specifically, VocalPrint exploits the unique disturbance of the skin-reflect radio frequency (RF) signals around the near-throat region of the user, caused by the vocal vibrations. The complex ambient noise is isolated from the RF signal using a novel resilience-aware clutter suppression approach for preserving fine-grained vocal biometric properties. Afterward, we extract the vocal tract and vocal source features and input them into an ensemble classifier for authentication. VocalPrint is practical as it allows the effortless transition to a smartphone while having sufficient usability due to its non-contact nature. Our experimental results from 41 participants with different interrogation distances, orientations, and body motions show that VocalPrint achieves over 96 percent authentication accuracy even under unfavorable conditions. We demonstrate the resilience of our system against complex noise interference and spoof attacks of various threat levels.

computer science, information systems,telecommunications

Xiang Zhang,Lina Yao,Chaoran Huang,Tao Gu,Zheng Yang,Yunhao Liu

DOI: https://doi.org/10.1145/3393619

IF: 5

2020-01-01

ACM Transactions on Intelligent Systems and Technology

Abstract:Biometric authentication involves various technologies to identify individuals by exploiting their unique, measurable physiological and behavioral characteristics. However, traditional biometric authentication systems (e.g., face recognition, iris, retina, voice, and fingerprint) are at increasing risks of being tricked by biometric tools such as anti-surveillance masks, contact lenses, vocoder, or fingerprint films. In this article, we design a multimodal biometric authentication system named DeepKey, which uses both Electroencephalography (EEG) and gait signals to better protect against such risk. DeepKey consists of two key components: an Invalid ID Filter Model to block unauthorized subjects, and an identification model based on attention-based Recurrent Neural Network (RNN) to identify a subject’s EEG IDs and gait IDs in parallel. The subject can only be granted access while all the components produce consistent affirmations to match the user’s proclaimed identity. We implement DeepKey with a live deployment in our university and conduct extensive empirical experiments to study its technical feasibility in practice. DeepKey achieves the False Acceptance Rate (FAR) and the False Rejection Rate (FRR) of 0 and 1.0%, respectively. The preliminary results demonstrate that DeepKey is feasible, shows consistent superior performance compared to a set of methods, and has the potential to be applied to the authentication deployment in real-world settings.

Xinyue Fang,Jianwei Liu,Yike Chen,Jinsong Han

DOI: https://doi.org/10.1109/icpads63350.2024.00019

2024-01-01

Abstract:With a wide range of common and privacy-sensitive applications, smartphones are frequently accessed for substantial personal information. Therefore, user-friendliness and security are crucial for user authentication on smartphones. Recently, convenient and secure biometric-based authentication is widely employed for smartphones, where the facial authentication stands out due to its potential for advancements in both user-friendliness and security. However, existing facial authentication methods possess some defects. For example, camera-based methods require good illumination conditions and are susceptible to 2D spoofing attacks. Moreover, previous acoustic-based methods either require camera assistance, or still suffer from 3D spoofing attacks. Even worse, some acoustic-based methods use audible sound waves, causing discomfort to users. To solve these questions, in this paper we propose UltraFace, an anti-spoofing and user-friendly facial authentication system on smartphones. It extracts facial geometry features and acoustic impedance features from imperceptible ultrasound. Leveraging the principle of ultrasound propagation, UltraFace correlates spectrograms of reflected signals with facial biometrics. Utilizing a deep learning model as a feature extractor, UltraFace mines fine-grained facial geometry features and acoustic impedance features from the spectrograms for accurate user authentication. Extensive experiments show that UltraFace achieves $97.2 \%$ accuracy in user authentication and can effectively defend against spoofing attacks. Furthermore, UltraFace exhibits robustness for long-term usage.

Yang Gao,Wei Wang,Vir V. Phoha,Wei Sun,Zhanpeng Jin

DOI: https://doi.org/10.1145/3351239

2019-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:Smart wearable devices have recently become one of the major technological trends and been widely adopted by the general public. Wireless earphones, in particular, have seen a skyrocketing growth due to its great usability and convenience. With the goal of seeking a more unobtrusive wearable authentication method that the users can easily use and conveniently access, in this study we present EarEcho as a novel, affordable, user-friendly biometric authentication solution. EarEcho takes advantages of the unique physical and geometrical characteristics of human ear canal and assesses the content-free acoustic features of in-ear sound waves for user authentication in a wearable and mobile manner. We implemented the proposed EarEcho on a proof-of-concept prototype and tested it among 20 subjects under diverse application scenarios. We can achieve a recall of 94.19% and precision of 95.16% for one-time authentication, while a recall of 97.55% and precision of 97.57% for continuous authentication. EarEcho has demonstrated its stability over time and robustness to cope with the uncertainties on the varying background noises, body motions, and sound pressure levels.

Yang Gao,Yincheng Jin,Jagmohan Chauhan,Seokmin Choi,Jiyang Li,Zhanpeng Jin

DOI: https://doi.org/10.1145/3448113

2021-01-01

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:With the rapid growth of wearable computing and increasing demand for mobile authentication scenarios, voiceprint-based authentication has become one of the prevalent technologies and has already presented tremendous potentials to the public. However, it is vulnerable to voice spoofing attacks (e.g., replay attacks and synthetic voice attacks). To address this threat, we propose a new biometric authentication approach, named EarPrint, which aims to extend voiceprint and build a hidden and secure user authentication scheme on earphones. EarPrint builds on the speaking-induced body sound transmission from the throat to the ear canal, i.e., different users will have different body sound conduction patterns on both sides of ears. As the first exploratory study, extensive experiments on 23 subjects show the EarPrint is robust against ambient noises and body motions. EarPrint achieves an Equal Error Rate (EER) of 3.64% with 75 seconds enrollment data. We also evaluate the resilience of EarPrint against replay attacks. A major contribution of EarPrint is that it leverages two-level uniqueness, including the body sound conduction from the throat to the ear canal and the body asymmetry between the left and the right ears, taking advantage of earphones' paring form-factor. Compared with other mobile and wearable biometric modalities, EarPrint is a low-cost, accurate, and secure authentication solution for earphone users.

Feiyu Han,Panlong Yang,Haohua Du,Xiang-Yang Li

DOI: https://doi.org/10.1109/tmc.2023.3314837

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Most existing voice-based user authentication systems mainly rely on microphones to capture the unique vocal characteristics of an individual, which are vulnerable to various acoustic attacks and may suffer high-security risks. In this work, we present Accuth$^+$, a novel authentication system on the wrist-worn device that takes advantage of a low-cost accelerometer to verify the user's identity and resist spoofing acoustic attacks. Accuth$^+$ captures unique sound vibrations during the human pronunciation process and extracts multi-level features to verify the user's identity. Specifically, we analyze and model the differences between the physical sound field of human beings and loudspeakers, and extract a novel sound-field-level liveness feature to defend against spoofing attacks. Accuth$^+$ is an effective complement to existing wearable authentication approaches as it only leverages a ubiquitous, low-cost, and small-size accelerometer. In real-world experiments. Accuth$^+$ achieves over 92.85% averaged identification accuracy among 15 human participants and an averaged equal error rate (EER) of 1.91% for spoofing attack detection.

computer science, information systems,telecommunications

S. Abhishek Anand,Jian Liu,Chen Wang,Maliheh Shirvanian,Nitesh Saxena,Yingying Chen

DOI: https://doi.org/10.1145/3433210.3437518

2021-01-01

Abstract:Recent advances in speaker verification and speech processing technology have seen voice authentication being adopted on a wide scale in commercial applications like online banking and customer care support and on devices such as smartphones and IoT voice assistant systems. However, it has been shown that the current voice authentication systems can be ineffective against voice synthesis attacks that mimic a user's voice to high precision. In this work, we suggest a paradigm shift from the traditional voice authentication systems operating in the audio domain but susceptible to speech synthesis attacks (in the same audio domain). We leverage a motion sensor's capability to pick up phonatory vibrations, that can help to uniquely identify a user via voice signatures in the vibration domain. The user's speech is played/echoed back by a device's speaker for a short duration (hence our method is termed EchoVib) and the resulting non-linear phonatory vibrations are picked up by the motion sensor for speaker recognition. The uniqueness of the device's speaker and its accelerometer results in a device-specific fingerprint in response to the echoed speech. The use of the vibration domain and its non-linear relationship with audio allows EchoVib to resist the state-of-the-art voice synthesis attacks, shown to be successful in the audio domain. We develop an instance of EchoVib using the onboard loudspeaker and the accelerometer embedded in smartphones, as the authenticator, based on machine learning techniques. Our evaluation shows that even with the low-quality loudspeaker and the low-sampling rate of accelerometer recordings, EchoVib can identify users with an accuracy of over 90%. We also analyze our system against state-of-art-voice synthesis attacks and show that it can distinguish between the morphed and the original speaker's voice samples, correctly rejecting the morphed samples with a success rate of 85% for voice conversion and voice modeling attacks. We believe that using the vibration domain to detect synthesized speech attacks is effective due to the hardness of preserving the unique phonatory vibration signatures and is difficult to mimic due to the non-linear mapping of the unique speaker and accelerometer response in the vibration domain to the voice in the audio domain.