TY - GEN
T1 - Voice Command Fingerprinting with Locality Sensitive Hashes
AU - Charyyev, Batyr
AU - Gunes, Mehmet Hadi
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/11/9
Y1 - 2020/11/9
N2 - Smart home speakers are deployed in millions of homes around the world. These speakers enable users to interact with other IoT devices in the household and provide voice assistance such as telling the weather and reminding appointments. Although smart home speakers facilitate many aspects of our life, security and privacy concerns should be analyzed and addressed. In this paper, we show that an attacker sniffing the network traffic of smart speakers can infer voice commands and compromise the privacy of users. Specifically, we propose a method that utilizes the network traffic of the speakers to fingerprint the voice commands of users without a need for extracting traffic features with machine learning algorithms. We evaluated the proposed method on traffic traces of 100 different voice commands on smart home speakers. Our approach correctly infers 42% of voice commands while machine learning models infer 22% to 34%. We also evaluated the effectiveness of the padding method recommended for preventing voice command fingerprinting and observed that the accuracy of proposed fingerprinting method drops down to 15% and accuracy of machine learning methods ranges from 6% to 15% with traffic padding.
AB - Smart home speakers are deployed in millions of homes around the world. These speakers enable users to interact with other IoT devices in the household and provide voice assistance such as telling the weather and reminding appointments. Although smart home speakers facilitate many aspects of our life, security and privacy concerns should be analyzed and addressed. In this paper, we show that an attacker sniffing the network traffic of smart speakers can infer voice commands and compromise the privacy of users. Specifically, we propose a method that utilizes the network traffic of the speakers to fingerprint the voice commands of users without a need for extracting traffic features with machine learning algorithms. We evaluated the proposed method on traffic traces of 100 different voice commands on smart home speakers. Our approach correctly infers 42% of voice commands while machine learning models infer 22% to 34%. We also evaluated the effectiveness of the padding method recommended for preventing voice command fingerprinting and observed that the accuracy of proposed fingerprinting method drops down to 15% and accuracy of machine learning methods ranges from 6% to 15% with traffic padding.
KW - locality-sensitive hashing
KW - network security
KW - privacy
KW - traffic fingerprinting
UR - http://www.scopus.com/inward/record.url?scp=85096828352&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85096828352&partnerID=8YFLogxK
U2 - 10.1145/3411498.3419963
DO - 10.1145/3411498.3419963
M3 - Conference contribution
AN - SCOPUS:85096828352
T3 - CPSIOTSEC 2020 - Proceedings of the 2020 Joint Workshop on CPS and IoT Security and Privacy
SP - 87
EP - 92
BT - CPSIOTSEC 2020 - Proceedings of the 2020 Joint Workshop on CPS and IoT Security and Privacy
T2 - 2020 Joint Workshop on CPS and IoT Security and Privacy, CPSIOTSEC 2020
Y2 - 9 November 2020
ER -