Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.820745
Title: The security of human-computer interaction by speech
Author: Bispham, Mary K.
ISNI:       0000 0004 9356 5958
Awarding Body: University of Oxford
Current Institution: University of Oxford
Date of Award: 2020
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
This thesis investigates the security issues associated with human-computer interaction by speech, focussing on the context of voice-controlled digital assistants. The security of human-computer interaction by speech has become increasingly important as use of voice control has become more widespread. The research questions addressed in the thesis are whether the speech interface presents particular vulnerabilities that are not relevant to other types of interfaces, and, if so, what these vulnerabilities are and how attacks exploiting them can be defended. Based on a critical review of prior work, it is argued that the speech interface does represent a new attack surface with specific security vulnerabilities that have not as yet been comprehensively studied. These vulnerabilities arise both in relation to the inherently open nature of the speech interface, as well in relation to unintended functionality in the technologies implemented in voice-controlled systems to imitate human speech and language processing. The thesis makes three main contributions towards closing the gaps in knowledge on the security of human-computer interaction by speech identified in the review of prior work. The first contribution of the thesis is a novel taxonomy of the types of attacks that might be executed via a speech interface, representing a systemisation of knowledge in this area. The second contribution of the thesis is experimental work demonstrating new types of attacks via the speech interface that are foreshadowed in prior work, but have not been validated in practice. The experimental work develops systematic methodologies for executing attacks that hide malicious voice commands in nonsensical word sounds and in apparently unrelated utterances. The methodologies applied in these experiments involve testing both machine and human responses to such input to assess the potential for exploiting differences in machine and human perceptions to execute covert attacks. The third contribution of the thesis is proposals for the development of new defence mechanisms to counter attacks via the speech interface for which no effective defence mechanisms are currently available. These proposals include feasibility tests on the application of two existing technologies for security purposes in voice-controlled systems. The proposals for new defence mechanisms are grounded in a novel attack and defence modelling approach for analysing the security of human-computer interaction by speech that enables conceptualisation of the security of the speech interface in an inclusive framework, and facilitates a review of currently available defence mechanisms.
Supervisor: Agrafiotis, Ioannis ; Goldsmith, Michael Sponsor: Engineering and Physical Sciences Research Council
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.820745  DOI: Not available
Keywords: speech and language processing ; computer science ; cyber security
Share: