AuthenticationNew method for secure, speech-based two-factor authentication

Published 30 August 2018

Reducing the number of tasks users have to perform during traditional two-factor authentication has been an area of focus for emerging technology and security researchers. One method proposed involves using ambient noise to detect the proximity between the two devices being used for authentication, which eliminates the need for a user to type in a numerical code. Researchers have developed a new method for two-factor authentication via wearables using speech signals.

Researchers at the University of Alabama at Birmingham have developed a new method for two-factor authentication via wearables using speech signals.

Reducing the number of tasks users have to perform during traditional two-factor authentication has been an area of focus for emerging technology and security researchers. One method proposed involves using ambient noise to detect the proximity between the two devices being used for authentication, which eliminates the need for a user to type in a numerical code. However, UAB researchers contend this method would leave users vulnerable to malicious mobile device attacks.

Alabama says that in a paper published at the Association for Computing Machinery Conference on Security and Privacy in Wireless and Mobile Networks in June, Nitesh Saxena, Ph.D., and doctoral student Prakash Shrestha propose a system called the “Listening-Watch,” a more secure, minimal interaction process using a wearable device, such as a smartwatch or activity tracker, and browser-generated random speech sounds.

“Listening-Watch offers two key security features,” said Nitesh Saxena, Ph.D., professor in the UAB College of Arts and Sciences Department of Computer Science. “It uses random code encoded into speech to withstand remote attackers. Low-sensitivity microphones found in current wearable devices cannot capture distant sounds, which will thwart proximity attackers.”

In a real-world scenario, two-factor authentication using “Listening-Watch” would be implemented by using an application installed on the wearable device. Push messages would prompt the device to record and decode speech sounds played by the browser. When a user attempts to log in, the browser of the primary device, such as a PC terminal, laptop, smartphone or tablet, plays back a short random code encoded into human speech, and the login succeeds if the watch’s audio recording contains the same code and is similar enough to the browser’s audio recording. The speech is decoded using voice recognition technology.

To read more about the “Listening Watch: Wearable Two-Factor Authentication using Speech Signals Resilient to Near-Far Attacks,” visit the UAB SPIES Lab website.

Saxena is the director of the Security and Privacy In Emerging computing and networking Systems lab and the UAB CyberCorps Program. The National Science Foundation funded, scholarship for service program provides students applying to or currently pursuing a Master of Science in Computer Forensics and Security Management degree with academic year stipends of $34,000 per year. The purpose of the program is to help prepare a highly qualified workforce to address cybersecurity challenges and threats against the nation’s computer and information systems.