The Insecurity of Home Digital Voice Assistants - Vulnerabilities, Attacks and Countermeasures

Lei, Xinyu; Tu, Guan-Hua; Liu, Alex X.; Li, Chi‐Yu; Xie, Tian

doi:10.1109/cns.2018.8433167

Cited by 84 publications

(78 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…With the rapidly growing popularity and capabilities of voice-driven IoT systems, the likelihood and potential damage of voicebased attacks also grow very quickly. As discussed in [2], [13], [11], an attack may lead to severe consequences, e.g., a burglar could enter a house by tricking a voice-based smart lock or an attacker could make unauthorized purchases and credit card charges via a compromised voice-based system. Such attacks can be very simple, but still very difficult or even impossible to detect by humans.…”

Section: Attacks On Voice Controlled Systemsmentioning

confidence: 99%

“…Voice replay attacks, i.e., an attacker makes a VCS perform a specific malicious action by replaying a previously recorded voice sample [1], [10], [11]. This attack can be executed remotely, e.g., via the Internet.…”

Section: B Basic Voice Replay Attackmentioning

confidence: 99%

“…In order to defend against such attacks, multiple defense strategies have been proposed [1], [10], [11], [12]. However, most existing defense technologies can either only defend against one specific kind of attack or require an additional authentication step using another device, which limits the effectiveness and usability of the voice controlled system.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Protecting Voice Controlled Systems Using Sound Source Identification Based on Acoustic Cues

Gong¹,

Poellabauer²

2018

2018 27th International Conference on Computer Communication and Networks (ICCCN)

View full text Add to dashboard Cite

Over the last few years, a rapidly increasing number of Internet-of-Things (IoT) systems that adopt voice as the primary user input have emerged. These systems have been shown to be vulnerable to various types of voice spoofing attacks. Existing defense techniques can usually only protect from a specific type of attack or require an additional authentication step that involves another device. Such defense strategies are either not strong enough or lower the usability of the system. Based on the fact that legitimate voice commands should only come from humans rather than a playback device, we propose a novel defense strategy that is able to detect the sound source of a voice command based on its acoustic features. The proposed defense strategy does not require any information other than the voice command itself and can protect a system from multiple types of spoofing attacks. Our proof-of-concept experiments verify the feasibility and effectiveness of this defense strategy.

show abstract

Section: Attacks On Voice Controlled Systemsmentioning

confidence: 99%

Section: B Basic Voice Replay Attackmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Protecting Voice Controlled Systems Using Sound Source Identification Based on Acoustic Cues

Gong¹,

Poellabauer²

2018

2018 27th International Conference on Computer Communication and Networks (ICCCN)

View full text Add to dashboard Cite

show abstract

“…C Urrently, we have already stepped into the era of artificial intelligence from the digital era. Apps with AI systems can be seen everywhere in our daily life, such as Amazon Alexa [1], DeepMind's Atari [2], and AI-phaGo [3]. Nowadays with the development of edge computing, 5G technology and etc., AI technologies become more and more mature.…”

Section: Introductionmentioning

confidence: 99%

“…CAGFuzz iterative selects the test examples in the processing pool and generates the adversarial examples through the pre-trained adversarial example generator (see Section 3 for details) to guide the DL systems to expose incorrect behaviors. During the process of generating adversarial examples, 1. https://github.com/QXL4515/CAGFuzz CAGFuzz maintains adversarial examples to provide a certain improvement in neuron coverage for subsequent fuzzy processing, and limits the minor perturbations invisible to human eyes, ensuring the same meaningfulness between the original example and the adversarial example.…”

Section: Introductionmentioning

confidence: 99%

Condition-Guided Adversarial Generative Testing for Deep Learning Systems

Zhang

Dai

2019

2019 IEEE International Conference on Artificial Intelligence Testing (AITest)

View full text Add to dashboard Cite

With the emerging of big data technology, Deep Learning systems (DL) based on Deep Neural Networks (DNNs) are more and more used in various aspects of our life, including unmanned vehicles, speech processing, and robotics. However, due to the limited dataset and the dependence on manual labeling data, DNNs often fail to detect their erroneous behaviors, which may lead to serious problems. Several approaches have been proposed to enhance the input examples for testing DL systems. However, they have the following limitations. First, most of them do not consider the influence of small perturbations on input examples. Some approaches take into account the perturbations, however, they design and generate adversarial examples from the perspective of model. These examples generated from a specific model may cause low generalization ability when they are applied to other models. Second, they only use surface feature constraints (e.g. pixel-level constraints) to judge the difference between the adversarial example generated and the original example. The deep feature constraints, which contain high-level semantic information, such as image object category and scene semantics are completely neglected. To address these two problems, in this paper, we propose CAGFuzz, a Coverage-guided Adversarial Generative Fuzzing testing approach, which generates adversarial examples for a targeted DNN to discover its potential defects. First, we train an adversarial case generator (AEG) from the perspective of general data set. AEG only considers the data characteristics, and avoids low generalization ability when it is testing other models. Second, we extract the depth features of the original and adversarial examples, and constrain the adversarial examples by cosine similarity to ensure that the semantic information of adversarial examples remains unchanged. Finally, we retrain effective adversarial examples to improve neuron testing coverage rate. Based on several popular data sets, we design a set of dedicated experiments to evaluate CAGFuzz. The experimental results show that CAGFuzz can improve the generalization ability, the neuron coverage rate, detect hidden errors, and also improve the accuracy of the target DNN.

show abstract