With everything from banking records and health data to contacts lists and photos available through our mobile phones, the ability to securely access this data is an increasingly important concern. That’s why many phone manufactures and data holders are keen on biometric security systems that reliably identify individuals.
The question of course is which biometric system to use. Face, fingerpint and iris recognition are all topics of intense research. But the most obvious choice for a mobile phone is surely voice identification. However, this approach has been plagued with problems.
For example, people’s voices can change dramatically when they are ill or in a hurry. What’s more, it’s relatively easy to record somebody’s voice during authentication and use that to break the system. So many groups have steered away from voice biometrics.
That could be set to change. Today, RC Johnson at the University of Colorado at Colorado Springs and a couple of pals lay out a new approach to voice biometrics which they say solves these problems. The new system provides secure authentication while also preserving the privacy of the user.
In the new system, users set up their accounts by recording a large number of words and phrases which are sent in encrypted form to a bank, for example. This forms a template that the bank uses to verify the user.
Ensuring that this template cannot fall into the wrong hands is important and Johnson and co have found an interesting way to do this, called Vaulted Voice Verification.
When users want to access their bank account, they dial in and give their name and password which allows the bank’s server to find their template. The server then asks the user to repeat a set of words or phrases. The problem with this step is that an eavesdropper can record the transmission, thereby gaining information about the template.
Johnson and co get around this by not transmitting the voice data at all. Instead, the bank sends two encrypted versions of each word or phrase to the mobile phone. One is the user’s voice, the other is spoken by an entirely different person.
Software on the mobile phone then has the job of comparing the user’s voice with both files and deciding which is authentic, like a multiple choice quiz. It then sends back the answers to this ‘quiz’ rather than transmitting the voice recording.
The beauty of this system is that the user’s recording of the template words are never transmitted over the network, thereby preserving their privacy.
The multiple choice approach also helps tackle the problem of voice instability given that the task is simply to work out which of the templates supplied by the bank is more likely to be the user’s voice.
Johnson and co say their tests indicate that the approach works well and certainly better than other similar voice biometric systems.
That’s not to say that we’re all going to be using this kind of voice biometric system to access our bank accounts. Merely that this form of authentication is back in contention for mobile phone type security systems in the near future.
Ref: arxiv.org/abs/1212.0042: Secure Voice Based Authentication for Mobile Devices: Vaulted Voice Verification