Stethoscope: Crypto Phones with Transparent & Robust Fingerprint Comparisons using Inter Text-Speech Transformations - Citegraph

Paper Info

Title
Stethoscope: Crypto Phones with Transparent & Robust Fingerprint Comparisons using Inter Text-Speech Transformations

Abstract
Crypto Phones are emerging apps aimed for end-to-end secure communications. To detect man-in-the-middle (MITM) attacks, traditional Crypto Phones rely upon end-users to verbally exchange and compare a short protocol fingerprint. This requirement is often found to be inconvenient by the users. Hence, most current apps do not mandate fingerprint validation, allowing the users to opt-out, completely disregarding security in favor of usability. Besides, speaking the fingerprints is not free of user errors, which may lead to rejection of benign sessions degrading the user experience. In this paper, we address these fundamental problems by introducing Stethoscope <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">1</sup> , a new Crypto Phone model that removes the human user from the loop of fingerprint comparison by using text-to-speech and speech-to-text transformations. Stethoscope automatically performs two tasks on behalf of the user: (1) creating the fingerprint by incorporating a fingerprint speaking tool at the sender side, built on top of a limited-domain text-to-speech engine, and (2) decoding/comparing the fingerprint at the receiver side based on a robust speech-to-text engine. Like the traditional design, Stethoscope relies on the receiver to manually verify the sender's voice to detect sophisticated voice attacks. On the sender side, we design an automated fingerprint speaking tool based on a limited-domain text-to-speech system using reordering of words in a phonetically-distinct word dictionary previously spoken by the user. This tool asks the users to speak all the words in the fingerprint dictionary only once to train the system. On the receiver side, to decode the fingerprint, we design a robust speech-to-text transcription method. We evaluate the effect of automating the fingerprint creation, transfer, and comparison in the Stethoscope design against manual speaker verification with a user study. Our results show that Stethoscope provides a 0% false accept and 0% false reject rate for the fingerprint comparison, while offering a higher level of speaker verification performance compared to traditional Crypto Phones.

Year	DOI	Venue
2019	10.1109/PST47121.2019.8949068	2019 17th International Conference on Privacy, Security and Trust (PST)
Keywords	Field	DocType
VoIP security,end-to-end encryption,SAS validation,key exchange validation,mobile app security	Stethoscope,Crypto phone,User experience design,Man-in-the-middle attack,Computer security,Computer science,Usability,Communication source,Speech recognition,Fingerprint,End-to-end encryption	Conference
ISSN	ISBN	Citations
2574-139X	978-1-7281-3266-2	0
PageRank	References	Authors
0.34	13	2

Authors (2 rows)

Cited by (0 rows)

References (13 rows)

Name	Order	Citations	PageRank
Maliheh Shirvanian	1	77	7.94
Nitesh Saxena	2	1204	82.45

1