Threat Modeling and Analysis of Voice Assistant Applications

Cho, Geumhwan; Choi, Jusop; Kim, Hyoungshick; Hyun, Sangwon; Ryoo, Jungwoo

doi:10.1007/978-3-030-17982-3_16

Cited by 12 publications

(7 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The liveness detection calculates phoneme localization using two microphones. Using the liveness detection method, the voice assistant can distinguish whether the input voice is coming from the user in real time or if it has been replayed [4].…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

To Check the Public Opinion About the Reliability of Voice Assistant(va)

2022

IRJMETS

View full text Add to dashboard Cite

Voice Assistant(VA) like Amazon Alexa, Google assistant, Siri, etc. are gradually becoming a part of our daily life. This VA provides different types of services. This Voice assistant can easily spy on user's sensitive information and stores them. This leads to various privacy issues and threats to the user. This all happens because the users don't know about them or not taking proper measures against them. There are various ways by which we can secure our voice assistants. In this paper we will find out public opinions about the reliability of voice assistant and based on this provide conclusion on them.

show abstract

Section: Resultsmentioning

confidence: 99%

“…and their voice streams are delivered to a voice assistant server. After the server interprets the voice stream, the user is presented with information about the day [4]. As the usage of voice assistant is increasing exponentially, there may be a lot of security issues.…”

Section: Working Of Voice Assistant:-mentioning

confidence: 99%

To Check the Public Opinion About the Reliability of Voice Assistant(va)

2022

IRJMETS

View full text Add to dashboard Cite

show abstract

“…STRIDE is a threat modeling classification developed by Microsoft. STRIDE is an acronym that contains the following concepts, namely spoofing, tampering, repudiation, information disclosure, denial of service, and elevation [18]. Our main goal in this study was to identify and categorize threats to a public service complaint application from an attacker's point of view, and the STRIDE model fits this goal.…”

Section: Introductionmentioning

confidence: 99%

Threat modeling in application security planning citizen service complaints

Tedyyana¹,

Ratnawati²,

Syam³

2022

IJEECS

View full text Add to dashboard Cite

The mobile-based service complaint application is one way to implement good governance today. Public facilitated to make complaints without going through a complicated process. Security aspects must be considered to protect user privacy. The security design must be considered so that no one is harmed by the application's users damaged in the application's use. This study used threat modeling during the planning stage of developing a citizen service complaint application to obtain information about vulnerabilities. The researcher uses the threat modeling process that the open web application security project (OWASP) organization has formulated as a framework. The researchers took steps to describe application information, determine and rank threats, countermeasures, and mitigation. In the final stage, the spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege (STRIDE) threat modeling methodology is used to analyze and assess mitigation actions against threats in the application. The researcher gets a defense strategy to reduce the danger based on the threat analysis results. Threat modeling in the early phase software development life cycle process is constructive in ensuring that software is developed with adequate security based on threat mitigation from the beginning.

show abstract

“…[8] The adversary can also make a significant amount purchase through the user's associated account [9] by telling the VA system "Alexa, Order a MacBook from Prime Now. " When the adversary can access the VA system at home remotely (e.g., through a hacked Smart TV), the adversary can even use critical commands to control security critical IoT devices [15], such as disarming a smart locking system and gain entry into the house. To ensure the successful large-scale deployment of VA systems, it is critical to address these inherited security vulnerabilities in VA systems and bring trustworthiness to users.…”

Section: Introductionmentioning

confidence: 99%