基于指令合规分析的语音接口权限控制

信息安全研究 ›› 2024, Vol. 10 ›› Issue (12): 1144-.

• 综合安全防御体系专题 • 上一篇下一篇

基于指令合规分析的语音接口权限控制

陈哲轩刘发中孟岩朱浩瑾

(上海交通大学电子信息与电气工程学院上海200240)

出版日期:2024-12-25 发布日期:2024-12-30
通讯作者: 陈哲轩硕士，助理工程师.主要研究方向为计算机工程管理与安全、多媒体技术. chenzx@sjtu.edu.cn
作者简介:陈哲轩硕士，助理工程师.主要研究方向为计算机工程管理与安全、多媒体技术. chenzx@sjtu.edu.cn 刘发中博士研究生.主要研究方向为人工智能安全. liufazhong@sjtu.edu.cn 孟岩博士，助理研究员，博士生导师.主要研究方向为物联网安全. yan_meng@sjtu.edu.cn 朱浩瑾博士，教授，博士生导师.国家杰出青年科学基金获得者.主要研究方向为网络安全与隐私保护. zhuhj@sjtu.edu.cn

Voice Interface Permission Control Based on Command Compliance Analysis

Chen Zhexuan, Liu Fazhong, Meng Yan, and Zhu Haojin

(School of Electronics Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240)

Online:2024-12-25 Published:2024-12-30

摘要/Abstract

摘要： 语音接口作为重要的人机交互手段，由于其允许用户远程交互的特性，已经被广泛部署在智能家居、智能制造等物联网场景中.然而，指令欺骗攻击对语音接口造成巨大威胁，且随着人工智能技术的发展，其攻击性能逐渐提升.回顾了针对语音接口的攻击方式，并指出现有的权限控制手段主要聚焦在对用户身份的认证，缺乏对于语音指令内容分析的考虑.为此，提出了结合身份认证与内容合规分析的安全机制VoDet.VoDet一方面利用麦克风阵列收集语音信号以增强活体检测与身份识别的性能；另一方面针对音频信号的语义信息制定了基于时间与位置的权限控制机制，最终实现对语音指令内容的合规性审计.在6409个语音命令样本的数据集上进行测试，证明与仅考虑身份认证的方案相比，VoDet将权限控制准确率从35.73%提升至93.52%，从而提供了更好的合规性检测能力.

关键词: 语音控制, 身份识别, 音频分析, 合规性检测, 时空权限控制

Abstract: Voice interfaces have been widely deployed in IoT scenarios such as smart homes and smart manufacturing due to their characteristics of allowing remote interaction. However, instruction spoofing attacks pose a huge threat to voice interfaces, and with the development of artificial intelligence technology, their attack performance has gradually improved. This paper reviews the attack methods against voice interfaces and points out that existing access control methods mainly focus on user authentication, lacking consideration for the analysis of voice command content. This paper proposes VoDet, a security mechanism combining identity authentication and content compliance analysis. VoDet enhances liveness detection and identity recognition with microphone arraybased voice signal collection. It also conducts semantic analysis of audio signals and implements permission control based on time and location. Testing on a dataset of over 6409 voice commands shows VoDet significantly improves permission control accuracy from 35.73% to 93.52%, offering better compliance detection.

Key words: voice control, identity recognition, audio analysis, compliance detection, spatiotemporal permission control

中图分类号:

TP309.2

陈哲轩, 刘发中, 孟岩, 朱浩瑾, . 基于指令合规分析的语音接口权限控制[J]. 信息安全研究, 2024, 10(12): 1144-.

参考文献

［1］Diao W, Liu X, Zhou Z, et al. Your voice assistant is mine: How to abusespeakers to steal information and control your phone［C］ Proc of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices(SPSM). New York: ACM, 2014: 6374［2］Zhang L, Tan S, Yang J. Hearing your voice is not enough: An articulatory gesture based liveness detection for voice authentication［C］ Proc of the 2017 ACM SIGSAC Conf on Computer and Communications Security (CCS). New York: ACM, 2017: 5771［3］Meng Y, Zhu H, Li J, et al. Liveness detection for voice user interface via wireless signals in IoT environment［J］. IEEE Trans on Dependable and Secure Computing, 2020, 18(6): 29963011［4］Yan C, Long Y, Ji X, et al. The catcher in the field: A fieldprint based spoofing detection for textindependent speaker verification［C］ Proc of the 2019 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 12151229［5］Yu Z, Chang Y, Zhang N, et al. SMACK: Semantically meaningful adversarial audio attack［C］ Proc of the 32nd USENIX Security Symposium (USENIX Security 23). Berkeley, CA: USENIX Association, 2023: 37993816［6］Yang L, Chen X, Jian X, et al. Remote attacks on speech recognition systems using sound from power supply［C］ Proc of the 32nd USENIX Security Symposium (USENIX Security 23). Berkeley, CA: USENIX Association, 2023: 45714588［7］Zhang L, Meng Y, Yu J, et al. Voiceprint mimicry attack towards speaker verification system in smart home［C］ Proc of IEEE Conf on Computer Communications (INFOCOM 2020). Piscataway, NJ: IEEE, 2020: 377386［8］Sun Z, Ren Y, Huang Y, et al. AFPM: A lowcost and universal adversarial defense for speaker recognition systems［J］. IEEE Trans on Information Forensics and Security, 2024, 19: 22732287［9］Wang S, Cao J, He X, et al. When the differences in frequency domain are compensated: Understanding and defeating modulated replay attacks on automatic speech recognition［C］ Proc of the 2020 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2020: 11031119［10］Feng H, Fawaz K, Shin K G. Continuous authentication for voice assistants［C］ Proc of the 23rd Annual Int Conf on Mobile Computing and Networking. New York: ACM, 2017: 343355［11］Shiota S, Villavicencio F, Yamagishi J, et al. Voice liveness detection algorithms based on pop noise caused by human breath for automatic speaker verification［C］ Proc of the 16th Annual Conf of the International Speech Communication Association. Dresden: ISCA, 2015: 239243［12］Meng Y, Li J, Pillari M, et al. Your microphone array retains your identity: A robust voice liveness detection system for smart speakers［C］ Proc of the 31st USENIX Security Symposium (USENIX Security 22). Berkeley, CA: USENIX Association, 2022: 10771094［13］雷磊, 佘堃. 基于小波分析和超级向量的非对称文本相关的说话人识别模型［J］. 信息安全研究, 2018, 4(4): 352358［14］冯畅, 吴晓龙, 赵熠扬, 等. 生成式伪造语音安全问题与解决方案［J］. 信息安全研究, 2024, 10(2): 122129［15］Ahmed D, Sabir A, Das A. Spying through your voice assistants: Realistic voice command fingerprinting［C］ Proc of the 32nd USENIX Security Symposium (USENIX Security 23). Berkeley, CA: USENIX Association, 2023: 24192436

[1]	魏思佳李涛姜禹. 基于物理层的LoRa设备身份识别方法研究[J]. 信息安全研究, 2022, 8(1): 19-.
[2]	苏威积黎雷蕾李剑. CA 认证在视频监控模型中的应用[J]. 信息安全研究, 2018, 4(2): 175-179.
[3]	阮斌李孟徽. 人工智能推动网络精准营销领域[J]. 信息安全研究, 2017, 3(11): 1011-1016.

基于指令合规分析的语音接口权限控制

Voice Interface Permission Control Based on Command Compliance Analysis

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics