VoiceGuard: Secure and Private Speech Processing

Brasser, Ferdinand; Frassetto, Tommaso; Riedhammer, Korbinian; Sadeghi, Ahmad‐Reza; Schneider, Thomas; Weinert, Christian

doi:10.21437/interspeech.2018-2032

Cited by 35 publications

(25 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…§ III-B). As our offline keyword recognition application is just a proof of concept, following [35], we do not focus on best accuracy, but study whether accuracy and runtime are affected when providing strong security guarantees.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Offline Model Guard: Secure and Private ML on Mobile Devices

Bayerl¹,

Frassetto

Jauernig

et al. 2020

2020 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

Self Cite

View full text Add to dashboard Cite

Performing machine learning tasks in mobile applications yields a challenging conflict of interest: highly sensitive client information (e.g., speech data) should remain private while also the intellectual property of service providers (e.g., model parameters) must be protected. Cryptographic techniques offer secure solutions for this, but have an unacceptable overhead and moreover require frequent network interaction. In this work, we design a practically efficient hardware-based solution. Specifically, we build OFFLINE MODEL GUARD (OMG) to enable privacy-preserving machine learning on the predominant mobile computing platform ARM-even in offline scenarios. By leveraging a trusted execution environment for strict hardware-enforced isolation from other system components, OMG guarantees privacy of client data, secrecy of provided models, and integrity of processing algorithms. Our prototype implementation on an ARM HiKey 960 development board performs privacy-preserving keyword recognition using TensorFlow Lite for Microcontrollers in real time.

show abstract

Section: Discussionmentioning

confidence: 99%

“…VoiceGuard [35] targets the use case of privacy-preserving speech processing. For this, sensitive voice recordings are collected from user devices, e.g., smart home devices like Amazon Echo, Google Home, and Apple HomePod, and are sent via secure channels to a service provider.…”

Section: B Trusted Execution Environments (Tees)mentioning

confidence: 99%

Offline Model Guard: Secure and Private ML on Mobile Devices

Bayerl¹,

Frassetto

Jauernig

et al. 2020

2020 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [7]- [9], researchers designed PEKS schemes that don't require a secure channel under the random language model and the standard model. Subsequently, some improved searchable encryption schemes were proposed for various scenarios that promoted the development of searchable encryption technology [10]- [16], [20]. Zhao et al [17] combined content filtering and collaborative filtering to provide users with personalized search results.…”

Section: A Ciphertext Search Schemesmentioning

confidence: 99%

Using Granule to Search Privacy Preserving Voice in Home IoT Systems

Chen

et al. 2020

IEEE Access

View full text Add to dashboard Cite

The Home IoT Voice System (HIVS) such as Amazon Alexa or Apple Siri can provide voicebased interfaces for people to conduct the search tasks using their voice. However, how to protect privacy is a big challenge. This paper proposes a novel personalized search scheme of encrypting voice with privacypreserving by the granule computing technique. Firstly, Mel-Frequency Cepstrum Coefficients (MFCC) are used to extract voice features. These features are obfuscated by obfuscation function to protect them from being disclosed the server. Secondly, a series of definitions are presented, including fuzzy granule, fuzzy granule vector, ciphertext granule, operators and metrics. Thirdly, the AES method is used to encrypt voices. A scheme of searchable encrypted voice is designed by creating the fuzzy granule of obfuscation features of voices and the ciphertext granule of the voice. The experiments are conducted on corpus including English, Chinese and Arabic. The results show the feasibility and good performance of the proposed scheme.

show abstract

“…The usage of distance-preserving hashing techniques for privacy-preserving ASV Portêlo et al, 2013;Jiménez et al, 2015;Jiménez & Raj, 2017a,b) is an alternative approach from cancelable biometrics. Additionally, the usage of trusted execution environments like Intel SGX (McKeen et al, 2013) for privacy-preserving speech processing using, among others, i-vectors has been explored by Brasser et al (2018). However, this requires trusting the remote attestation feature that is built into Intel CPUs.…”

Section: Related Workmentioning

confidence: 99%

Privacy-preserving PLDA speaker verification using outsourced secure computation

Treiber

Nautsch

Kolberg

et al. 2019

Speech Communication

Self Cite

View full text Add to dashboard Cite

The usage of biometric recognition has become prevalent in various verification processes, ranging from unlocking mobile devices to verifying bank transactions. Automatic speaker verification (ASV) allows an individual to verify its identity towards an online service provider by comparing freshly sampled speech data to reference information stored on the service provider's server. Due to the sensitive nature of biometric data, the storage and usage thereof is subject to recent EU regulations introduced as means to protect the privacy of individuals enrolled in an automatic biometric verification system. Stored biometric data need to be unlinkable, irreversible, and renewable to satisfy international standards. Preserving privacy in ASV is also important because, contrary to other biometric characteristics such as fingerprints, speech data can be used to infer a lot of sensitive information about the data subject. As a result, some architectures have been proposed to enable privacy-preserving ASV in the encrypted domain. Recently, homomorphic encryption (HE) was proposed to protect both subject features and vendor models in an embedding-based ASV. This architecture improves on previous privacy-preserving ASV by using (probabilistic) embeddings (i-vectors) and by additionally protecting the vendor's model. However, the usage of HE comes with a rather heavy overhead and significantly slows down the verification process. In this work, we align the cryptographic notion of outsourced secure two-party computation to embedding-based ASV. Our architecture protects biometric information in ASV and can also be used for any automatic biometric verification task. We show that unlinkability, irreversibility, and renewability are granted. Compared to the HE solution, our architecture results in considerably lower communication and computation overhead. Our architecture has been implemented and is experimentally evaluated on the NIST i-vector challenge 2014 using the cosine distance and log-likelihood ratio (LLR) scores from probabilistic linear discriminant analysis (PLDA) and two-covariance (2Cov) comparators. The results show that verification accuracy is retained while e ciency is improved. For instance, a PLDA verification with an embedding dimension of 200 takes about 77 milliseconds over a LAN. This is an improvement of more than 3000⇥ over the HE-based solution and shows that privacy of subject and vendor data can be preserved in ASV while retaining practical verification times. Moreover, our system is secure against malicious client devices.

show abstract

VoiceGuard: Secure and Private Speech Processing

Cited by 35 publications

References 20 publications

Offline Model Guard: Secure and Private ML on Mobile Devices

Offline Model Guard: Secure and Private ML on Mobile Devices

Using Granule to Search Privacy Preserving Voice in Home IoT Systems

Privacy-preserving PLDA speaker verification using outsourced secure computation

Contact Info

Product

Resources

About