Improving the Security of Voice Interface Systems
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
Voice interfaces have become common on modern devices, and increasingly support complex interactivity, as well as authentication mechanisms to provide personalised (and sensitive) functionality to users.
We focus on such voice interfaces, and in particular improving their performance in adversarial situations. We do this through the testing of attacks against such systems and through the development of tools to analyse security properties. In turn these allow us to identify flaws and weaknesses in voice systems.
We then design improved voice interface systems to combat weaknesses and flaws we identify, to improve their overall security properties.
In addition to work on voice interface systems, we intend to try and translate some of our attacks and tooling to other biometric systems, to see if they suffer from similar weaknesses and can be improved in similar ways.
This research project is linked to the EPSRC Cyber Security research theme
We focus on such voice interfaces, and in particular improving their performance in adversarial situations. We do this through the testing of attacks against such systems and through the development of tools to analyse security properties. In turn these allow us to identify flaws and weaknesses in voice systems.
We then design improved voice interface systems to combat weaknesses and flaws we identify, to improve their overall security properties.
In addition to work on voice interface systems, we intend to try and translate some of our attacks and tooling to other biometric systems, to see if they suffer from similar weaknesses and can be improved in similar ways.
This research project is linked to the EPSRC Cyber Security research theme
Planned Impact
It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
Organisations
People |
ORCID iD |
| Ivan Martinovic (Primary Supervisor) | |
| Henry Turner (Student) |
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/P00881X/1 | 01/10/2016 | 31/03/2023 | |||
| 1939120 | Studentship | EP/P00881X/1 | 02/10/2017 | 30/09/2021 | Henry Turner |