Cargando…
Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning
Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional...
Autores principales: | , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2022
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8874467/ https://www.ncbi.nlm.nih.gov/pubmed/35214227 http://dx.doi.org/10.3390/s22041325 |
_version_ | 1784657695152799744 |
---|---|
author | Hayashi, Victor Takashi Ruggiero, Wilson Vicente |
author_facet | Hayashi, Victor Takashi Ruggiero, Wilson Vicente |
author_sort | Hayashi, Victor Takashi |
collection | PubMed |
description | Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy. |
format | Online Article Text |
id | pubmed-8874467 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2022 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-88744672022-02-26 Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning Hayashi, Victor Takashi Ruggiero, Wilson Vicente Sensors (Basel) Article Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy. MDPI 2022-02-09 /pmc/articles/PMC8874467/ /pubmed/35214227 http://dx.doi.org/10.3390/s22041325 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Hayashi, Victor Takashi Ruggiero, Wilson Vicente Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning |
title | Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning |
title_full | Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning |
title_fullStr | Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning |
title_full_unstemmed | Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning |
title_short | Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning |
title_sort | hands-free authentication for virtual assistants with trusted iot device and machine learning |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8874467/ https://www.ncbi.nlm.nih.gov/pubmed/35214227 http://dx.doi.org/10.3390/s22041325 |
work_keys_str_mv | AT hayashivictortakashi handsfreeauthenticationforvirtualassistantswithtrustediotdeviceandmachinelearning AT ruggierowilsonvicente handsfreeauthenticationforvirtualassistantswithtrustediotdeviceandmachinelearning |