CAREER: Secure Voice-Controlled Platforms
University Of Virginia Main Campus, Charlottesville VA
Investigators
Abstract
Voice control technologies, which utilize natural language processing (NLP) techniques to enable handsfree interactions through Voice User Interface (VUI), are widely deployed in a plethora of IoT platforms, such as Amazon Alexa, Google Home, and automotive voice assistants. In addition to the built-in functionalities, voice-controlled devices are enhanced by an ecosystem fostered by their providers, such as Amazon and Google. In such an ecosystem, third-party developers can build new functions to offer additional services to the end-users for example, order food, manage bank accounts, and lock doors. These systems have already been deployed to households around the world and utilized by tens of millions of users. However, they could bring in new security and privacy risks, whose implications are not adequately understood so far. This work focuses on addressing the security and privacy issues in voice-controlled platforms. The project defines how we secure users while using voice interfaces and make key progress towards securing the IoT infrastructure and enhancing national security. Combined with integrated education and outreach efforts, this work provides a technical foundation for designing IoT platforms with strong security and privacy properties. Protecting Voice User Interfaces is fundamentally challenging, owing to the lack of effective means to authenticate and authorize the parties involved in the open and noisy channel. The project focuses on protecting users by helping them avoid unexpected sensitive behaviors through the noisy, open, and low-bandwidth voice channel. The work is organized around three main thrusts: (1) the design of a chatbot-based effective and efficient testing framework that combines semantic understanding and security domain knowledge to generate inputs, and understands outputs for determining unexpected sensitive behaviors in the voice apps during installation time, (2) the design of context-based integrity check and detection for unexpected voice command at runtime, and (3) the design of usable interfaces to communicate with users about the risks identified in the first two thrusts. These explorations culminate in the design options for a security module as part of a voice-controlled platform, and broader security and privacy recommendations for IoT platforms. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →