Stethoscope: Crypto Phones with Transparent & Robust Fingerprint Comparisons using Inter Text-Speech Transformations Conference Paper uri icon

abstract

  • Crypto Phones are emerging apps aimed for end-to-end secure communications. To detect man-in-the-middle (MITM) attacks, traditional Crypto Phones rely upon end-users to verbally exchange and compare a short protocol fingerprint. This requirement is often found to be inconvenient by the users. Hence, most current apps do not mandate fingerprint validation, allowing the users to opt-out, completely disregarding security in favor of usability. Besides, speaking the fingerprints is not free of user errors, which may lead to rejection of benign sessions degrading the user experience. In this paper, we address these fundamental problems by introducing Stethoscope1, a new Crypto Phone model that removes the human user from the loop of fingerprint comparison by using text-to-speech and speech-to-text transformations. Stethoscope automatically performs two tasks on behalf of the user: (1) creating the fingerprint by incorporating a fingerprint speaking tool at the sender side, built on top of a limited-domain text-to-speech engine, and (2) decoding/comparing the fingerprint at the receiver side based on a robust speech-to-text engine. Like the traditional design, Stethoscope relies on the receiver to manually verify the sender's voice to detect sophisticated voice attacks. On the sender side, we design an automated fingerprint speaking tool based on a limited-domain text-to-speech system using reordering of words in a phonetically-distinct word dictionary previously spoken by the user. This tool asks the users to speak all the words in the fingerprint dictionary only once to train the system. On the receiver side, to decode the fingerprint, we design a robust speech-to-text transcription method. We evaluate the effect of automating the fingerprint creation, transfer, and comparison in the Stethoscope design against manual speaker verification with a user study. Our results show that Stethoscope provides a 0% false accept and 0% false reject rate for the fingerprint comparison, while offering a higher level of speaker verification performance compared to traditional Crypto Phones.

name of conference

  • 2019 17th International Conference on Privacy, Security and Trust (PST)

published proceedings

  • 2019 17th International Conference on Privacy, Security and Trust (PST)

author list (cited authors)

  • Shirvanian, M., & Saxena, N.

citation count

  • 2

complete list of authors

  • Shirvanian, Maliheh||Saxena, Nitesh

publication date

  • January 2019