August 24, 2018
Researchers propose new method for secure, speech-based two-factor authentication
Researchers at the University of Alabama at Birmingham have developed a new method for two-factor authentication via wearables using speech signals.
Reducing the number of tasks users have to perform during traditional two-factor authentication has been an area of focus for emerging technology and security researchers. One method proposed involves using ambient noise to detect the proximity between the two devices being used for authentication, which eliminates the need for a user to type in a numerical code. However, UAB researchers contend this method would leave users vulnerable to malicious mobile device attacks.
In a paper published at the Association for Computing Machinery Conference on Security and Privacy in Wireless and Mobile Networks in June, Nitesh Saxena, Ph.D., and doctoral student Prakash Shrestha propose a system called the "Listening-Watch," a more secure, minimal interaction process using a wearable device, such as a smartwatch or activity tracker, and browser-generated random speech sounds.
"Listening-Watch offers two key security features," said Nitesh Saxena, Ph.D., professor in the UAB College of Arts and Sciences Department of Computer and Information Sciences. "It uses random code encoded into speech to withstand remote attackers. Low-sensitivity microphones found in current wearable devices cannot capture distant sounds, which will thwart proximity attackers."
In a real-world scenario, two-factor authentication using "Listening-Watch" would be implemented by using an application installed on the wearable device. Push messages would prompt the device to record and decode speech sounds played by the browser. When a user attempts to log in, the browser of the primary device, such as a PC terminal, laptop, smartphone or tablet, plays back a short random code encoded into human speech, and the login succeeds if the watch's audio recording contains the same code and is similar enough to the browser's audio recording. The speech is decoded using voice recognition technology.