Researchers propose new method for secure, speech-based two-factor authentication

Researchers propose new method for secure, speech-based two-factor authentication
Nitesh Saxena, Ph.D. Credit: University of Alabama at Birmingham

Researchers at the University of Alabama at Birmingham have developed a new method for two-factor authentication via wearables using speech signals.

Reducing the number of tasks users have to perform during traditional has been an area of focus for emerging technology and security researchers. One method proposed involves using ambient noise to detect the proximity between the two devices being used for authentication, which eliminates the need for a user to type in a numerical code. However, UAB researchers contend this method would leave users vulnerable to malicious mobile device attacks.

In a paper published at the Association for Computing Machinery Conference on Security and Privacy in Wireless and Mobile Networks in June, Nitesh Saxena, Ph.D., and doctoral student Prakash Shrestha propose a system called the "Listening-Watch," a more secure, minimal interaction process using a wearable device, such as a smartwatch or activity tracker, and browser-generated random sounds.

"Listening-Watch offers two key security features," said Nitesh Saxena, Ph.D., professor in the UAB College of Arts and Sciences Department of Computer and Information Sciences. "It uses random code encoded into speech to withstand remote attackers. Low-sensitivity microphones found in current wearable devices cannot capture distant sounds, which will thwart proximity attackers."

In a real-world scenario, two-factor authentication using "Listening-Watch" would be implemented by using an application installed on the . Push messages would prompt the device to record and decode speech sounds played by the browser. When a user attempts to log in, the browser of the primary device, such as a PC terminal, laptop, smartphone or tablet, plays back a short random code encoded into human speech, and the login succeeds if the watch's audio recording contains the same code and is similar enough to the browser's audio recording. The speech is decoded using .

More information: … to-near-far-attacks/

Citation: Researchers propose new method for secure, speech-based two-factor authentication (2018, August 24) retrieved 3 March 2024 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Researchers propose novel solution to better secure voice over internet communication


Feedback to editors