Maliheh Shirvanian

All Your Voices are Belong to Us: Stealing Voices to Fool Humans and Machines

In this paper, we study voice impersonation attacks to defeat humans and machines. Equipped with the current advancement in automated speech synthesis, our attacker can build a very close model of a victim’s voice after learning only a very limited number of samples in the victim’s voice (e.g., mined through the Internet, or recorded via physical proximity). Specifically, the attacker uses voice morphing techniques to transform its voice – speaking any arbitrary message – into the victim’s voice. We examine the aftermaths of such a voice impersonation capability against two important applications and contexts: (1) impersonating the victim in a voice-based user authentication system, and (2) mimicking the victim in arbitrary speech contexts (e.g., posting fake samples on the Internet or leaving fake voice messages).

The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio

Reducing user burden underlying traditional two-factor authentication constitutes an important research effort. An interesting representative approach, Sound-Proof, leverages ambient sounds to detect the proximity between the second factor device (phone) and the login terminal (browser). Sound-Proof was shown to be secure against remote attackers and highly usable, and is now under early deployment phases. In this paper, we identify a weakness of the Sound-Proof system, namely, the remote attacker does not have to predict the ambient sounds near the phone as assumed in the Sound-Proof paper, but rather can deliberately make-or wait for-the phone to produce predictable or previously known sounds (e.g., ringer, notification or alarm sounds). Exploiting this weakness, we build Sound-Danger, a full attack system that can successfully compromise the security of Sound-Proof. The attack involves buzzing the victim users phone, or waiting for the phone to buzz, and feeding the corresponding sounds at the browser to login on behalf of the user. The attack works precisely under Sound-Proofs threat model. Our contributions are three-fold. First, we design and develop the Sound-Danger attack system that exploits a wide range of a smartphones functionality to break Sound-Proof, such as by actively making a phone or VoIP call, sending an SMS and creating an app-based notification, or by passively waiting for the phone to trigger an alarm. Second, we re-implement Sound-Proofs audio correlation algorithm and evaluate it against Sound-Danger under a large variety of attack settings. Our results show that many of our attacks succeed with a 100% chance such that the Sound-Proof correlation algorithm will accept the attacked audio samples as valid. Third, we collect general population statistics via an online survey to determine the phone usage habits relevant to our attacks. We then use these statistics to show how our different correlation-based attacks can be carefully executed to, for instance, compromise about 57% user accounts in just the first attempt and about 83% user accounts in less than a day. Finally, we provide some mitigation strategies and future directions that may help overcome some of our attacks and strengthen Sound-Proof.

Two-Factor Authentication with End-to-End Password Security

We present a secure two-factor authentication (TFA) scheme based on the possession by the user of a password and a crypto-capable device. Security is “end-to-end” in the sense that the attacker can attack all parts of the system, including all communication links and any subset of parties (servers, devices, client terminals), can learn users’ passwords, and perform active and passive attacks, online and offline. In all cases the scheme provides the highest attainable security bounds given the set of compromised components. Our solution builds a TFA scheme using any Device-Enhanced PAKE, defined by Jarecki et al., and any Short Authenticated String (SAS) Message Authentication, defined by Vaudenay. We show an efficient instantiation the modular, generic construction we give is not PAKE-agnostic because it doesn’t even use PAKE, but the instantiation of this scheme which instantiates DE-PAKE with PTR+PAKE is PAKE-agnostic as you say of this modular construction which utilizes any password-based client-server authentication method, with or without reliance on public-key infrastructure. The security of the proposed scheme is proven in a formal model that we formulate as an extension of the traditional PAKE model.

Short voice imitation man-in-the-middle attacks on Crypto Phones: Defeating humans and machines

Establishing secure voice, video and text over Internet (VoIP) communications is a crucial task necessary to prevent eavesdropping and man-in-the-middle attacks. The traditional means of secure session establishment (e.g., those relying upon PKI or KDC) require a dedicated infrastructure and may impose unwanted trust onto third-parties. “Crypto Phones” (popular instances such as PGPfone and Zfone), in contrast, provide a purely peer-to-peer user-centric secure mechanism claiming to completely address the problem of wiretapping. The secure association mechanism in Crypto Phones is based on cryptographic protocols employing Short Authenticated Strings (SAS) validated over the voice medium. The security of Crypto Phones crucially relies on the assumption that the voice channel, over which SAS is validated, provides the properties of integrity and source authentication. In this paper, we challenge this assumption, and report on automated SAS voice imitation man-in-the-middle attacks that can compromise the security of Crypto Phones in both two-party and multi-party settings, even if users pay due diligence and even if an automated software (voice biometrics systems) is used to detect voice manipulation. The first attack, called the short voice reordering attack, builds arbitrary SAS strings in a victim’s voice by reordering previously eavesdropped SAS strings spoken by the victim. The second attack, called the short voice morphing attack, builds arbitrary SAS strings in a victim’s voice from a few previously eavesdropped sentences (less than 3 minutes) spoken by the victim. We design and implement our attacks using off-the-shelf speech recognition/synthesis tools, and comprehensively evaluate them with respect to both manual detection (based on a user study with 30 participants) and automated detection via a speaker verification tool. The results demonstrate the effectiveness of our attacks against three prominent forms of SAS encodings: numbers, PGP word lists and Madlib sentences. These attacks can be used by a wiretapper to compromise the confidentiality and privacy of Crypto Phones voice, video and text communications (plus authenticity in case of text conversations).

On the Pitfalls of End-to-End Encrypted Communications: A Study of Remote Key-Fingerprint Verification

Many widely used Internet messaging and calling apps, such as WhatsApp, Viber, Telegram, and Signal, have deployed an end-to-end encryption functionality. To defeat potential man-in-the-middle attackers against the key exchange protocol, the approach crucially relies upon users to perform a code verification task whereby each user must compare the code (a fingerprint of the cryptographic keys) computed by her app with the one computed by the other users app and reject the session if the two codes do not match. In this paper, we study the security and usability of this human-centered code verification task for a prominent setting where the end users are remotely located, and compare it as a baseline to a potentially less frequent scenario where the end users are in close proximity. We consider several variations of the code presentation and code verification methods, incorporated into representative real-world apps, including codes encoded as numbers or images, displayed on the screen, and verbally spoken by the users. We perform a carefully-designed human factors study in a lab setting to quantify the security and usability of these different methods. Our study results expose key weaknesses in the security and usability of the code verification methods employed in the remote end-to-end encryption apps. First, we show that generally most code verification methods offer poor security (high false accepts) and low usability (high false rejects and low user experience ratings) in the remote setting. Second, we demonstrate that, security and usability under the remote code verification setting is significantly lower than that in the proximity code verification setting. We attribute this result to the increased cognitive overhead associated with comparing the codes across two apps on the same device (remote setting) rather than across two devices (proximity setting). Overall, our work serves to highlight a serious fundamental vulnerability of Internet-based communication apps in the remote setting stemming from human errors.