Smartphone-Key: Hands-Free Two-Factor Authentication for Voice-Controlled Devices Using Wi-Fi Location

Abstract

In the last few years, Internet of Things (IoT) devices have evolved at an accelerated rate. Smart technology is leaning towards new human-device interaction interfaces that lack screens or buttons, thus reducing the cost of the devices while offering a more natural user experience. Voice is one of the most extended IoT user interfaces nowadays and has been popularized with the advent of smart assistants. However, with the adoption of voice interfaces, new challenges arise in terms of security. According to our research, the complexity of speaker recognition has led to non-reliable voice authentication on IoT devices. Recent approaches to solve this problem include multi-factor authentication (MFA) schemes, but existing solutions, such as one-time passwords (OTP), virtual/physical buttons, and others, have a significant impact on the user experience that is not suitable for all applications and can negate the hands-free benefits of voice interfaces. In addition, the privacy concerns of voice biometrics hinder the development of personalized voice applications that require user accounting and access control policies. Motivated by this security concern, in this paper, we present a two-factor authentication (2-FA) scheme for voice-activated devices that uses a smartphone as a key to authorize voice commands when the user’s presence is detected. The proposed security model, which makes use of Wi-Fi location for presence detection, was implemented on an Amazon Echo device and an Android smartphone, the results proved that the denominated Smartphone-key model can protect against the most common attack vectors on voice-controlled devices without affecting the user experience.