Cargando…

Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning

Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional...

Descripción completa

Detalles Bibliográficos
Autores principales: Hayashi, Victor Takashi, Ruggiero, Wilson Vicente
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2022
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8874467/
https://www.ncbi.nlm.nih.gov/pubmed/35214227
http://dx.doi.org/10.3390/s22041325
_version_ 1784657695152799744
author Hayashi, Victor Takashi
Ruggiero, Wilson Vicente
author_facet Hayashi, Victor Takashi
Ruggiero, Wilson Vicente
author_sort Hayashi, Victor Takashi
collection PubMed
description Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy.
format Online
Article
Text
id pubmed-8874467
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-88744672022-02-26 Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning Hayashi, Victor Takashi Ruggiero, Wilson Vicente Sensors (Basel) Article Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy. MDPI 2022-02-09 /pmc/articles/PMC8874467/ /pubmed/35214227 http://dx.doi.org/10.3390/s22041325 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Hayashi, Victor Takashi
Ruggiero, Wilson Vicente
Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning
title Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning
title_full Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning
title_fullStr Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning
title_full_unstemmed Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning
title_short Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning
title_sort hands-free authentication for virtual assistants with trusted iot device and machine learning
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8874467/
https://www.ncbi.nlm.nih.gov/pubmed/35214227
http://dx.doi.org/10.3390/s22041325
work_keys_str_mv AT hayashivictortakashi handsfreeauthenticationforvirtualassistantswithtrustediotdeviceandmachinelearning
AT ruggierowilsonvicente handsfreeauthenticationforvirtualassistantswithtrustediotdeviceandmachinelearning