• No se han encontrado resultados

6 La Incidencia de la Corrupción en la CCSS

6.2 La corrupción en los hospitales públicos de Costa Rica

Five core contributions of this thesis are:

• A Taxonomy for the research domain of PVA security and privacy related to acoustic channel. This taxonomy illustrates an extensive research overview on the state of the art and detailed introduction to work related to research topics in this thesis is also presented.

• A defence method against white-box adversarial attack targeting ASR system. The method can detect if an audio input is suspect to be an adversarial attack.

• A speech content management method working in the PVA environment. This method enables users to signal their consent information which is tagged with their speech content.

1.3 Contributions 7 • An active protection method against PVAs making use of DoS technique. This method utilises a portable device to listen to the wake word for a PVA, and to emit jamming signal to break the keyword recognition process on a PVA once the device recognises part of the wake word.

• A novel active acoustic sensing attack achieved by turning the acoustic system on a smartphone into a sonar system. This attack uses speakers on a smartphone to emit inaudible pre-defined sound wave and uses microphones to record echoes reflected by nearby objects. Information about movement can be revealed by analysing the echo signal.

1.3.1

A Taxonomy for PVA Security and Privacy Regarding Challenges

from the Acoustic Channel

Given the increasing dependency of society on PVAs, security and privacy of these has become a major concern of users, manufacturers and policy makers. Consequently, a steep increase in research efforts addressing security and privacy of PVAs can be observed in recent years. While some security and privacy research applicable to the PVA domain predates their recent increase in popularity, many new research strands have emerged. In this thesis a survey of the state of the art in PVA security and privacy is presented. The focus is on security and privacy challenges arising from the use of the acoustic channel. The work that describes attacks and also countermeasures are discussed. Established areas such as Voice Authentication and new areas such as Acoustic DoS that deserve more attention are highlighted. Research areas are described where the threat is relatively well understood but for which countermeasures are lacked as, for example, in the area of hidden voice commands. The work that looks at privacy implications are discussed; for example, work on management of recording consent. This part of the thesis is intended to provide a comprehensive research map for PVA security and privacy.

This work is summarised as a survey paper which is under review for Proceedings of the IEEE. I am the first author and main contributor of this work.

1.3.2

Adversarial Command Detection Using Parallel Speech Recogni-

tion Systems

PVAs are used to interact with digital infrastructures and services and security of this interface has become a concern. PVAs are susceptible to adversarial commands; an attacker is able to modify an audio signal such that humans do not notice this modification but

8 Introduction the ASR will recognise a command of the attacker’s choice. A novel defence method against such adversarial commands is presented. By using a second ASR in parallel to the main ASR of the PVA it is possible to detect adversarial commands. It is infeasible for an attacker to craft an adversarial command that is able to force two different ASR into recognising the adversarial command while ensuring inaudibility. The feasibility of this defence mechanism for practical setups is demonstrated. Our evaluation shows that ASR that differs in architecture and/or training data is usable as protection ASR. In our experimentation setup, the ASR PocketSphinx turned out to be most effective but the other candidates are usable too. Another option of the set up might be to avoid false positive while still obtaining certain adversarial detection capability. For instance, 35% of the time an attack will be detected while not preventing normal use of the system if PocketSphinx is used in our evaluation.

1.3.3

Smart Speaker Privacy Control - Acoustic Tagging for Personal

Voice Assistants

PVAs continuously monitor conversations which may be transported to a cloud back end where they are stored, processed and maybe even passed on to other service providers. A user has little control over this process. She is unable to control the recording behaviour of surrounding PVAs, unable to signal her privacy requirements to back-end systems and unable to track conversation recordings. In this thesis techniques for embedding additional information into acoustic signals processed by PVAs are explored. A user employs a tagging device which emits an acoustic signal when PVA activity is assumed. Any active PVA will embed this tag into their recorded audio stream. The tag may signal a cooperating PVA or back-end system that a user has not given a recording consent. The tag may also be used to trace when and where a recording was taken. Different tagging techniques and application scenarios are discussed, and the implementation of a prototype tagging device based on PocketSphinx is described. Using the popular PVA Google Home Mini a demonstrate is presented that the device can tag conversations and that the tagging signal can be retrieved from conversations stored in the Google back-end system.

This work has been published in Proceedings of the IEEE Workshop on the Internet of Safe Things (SafeThings’19). I am the first author and main contributor of the paper.

1.3 Contributions 9

1.3.4

Towards Reactive Acoustic Jamming for Personal Voice Assis-

tants

PVAs such as the Amazon Echo are commonplace and it is now likely to always be in range of at least one PVA. Although the devices are very helpful they are also continuously monitoring conversations. When a PVA detects a wake word, the immediately following conversation is recorded and transported to a cloud system for further analysis. In this thesis an active protection mechanism called reactive jamming against PVAs is investigated. A Protection Jamming Device (PJD) is employed to observe conversations. Upon detection of a PVA wake word the PJD emits an acoustic jamming signal. The PJD must detect the wake word faster than the PVA such that the jamming signal still prevents wake word detection by the PVA. The thesis presents an evaluation of the effectiveness of different jamming signals. The impact of jamming signal and wake word overlap on jamming success is quantified. Furthermore, the jamming false positive rate in dependence of the overlap is quantified. The evaluation shows that a 100% jamming success can be achieved with an overlap of at least 60% with a negligible false positive rate. Thus, reactive jamming of PVAs is feasible without creating a system perceived as a noise nuisance.

This work has been published in Proceedings of the 2nd ACM International Workshop on Multimedia Privacy and Security (MPS ’18). I am the first author and main contributor of this work.

1.3.5

SonarSnoop: Active Acoustic Side-channel Attacks

The first active acoustic side-channel attack is reported in this thesis. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smartphone (i.e., acoustic system of a PVA) into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel acoustic side-channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.

This work has been published in International Journal of Information Security, Jul 2019. I am the first author and main contributor of this work. This work was a finalist for the Pwnie Awards [17] for the most innovative research in 2019.

10 Introduction

Documento similar