|
|
|
Last Words
Voiceprints provide mobile encryption keys
By Will Knight, NewScientist.com
18 October 02
The uniqueness of everyone's voice can now be used to lock up data extra securely on mobile phones and portable computers, thanks to a prototype system developed by US researchers. The system could render stolen devices useless.
Existing voice identification systems rely on a person's voiceprint alone before granting security clearance. A typed password can also be used, but this must be easy to remember and so may also easy to guess.
The new system goes further by combining the two. It combines a spoken password and the voiceprint of the speaker to generate a cryptographic key. This is then used to encrypt data automatically.
Mike Rieter at Carnegie Mellon University and Fabian Monrose and colleagues at Bell Labs used a Compaq iPaq handheld computer to built a prototype of the system. To access the device, the user speaks the password. This allows the computer to take the word and voice data, combine it with the previously stored key, and unlock the data.
In a paper entitled Toward speech-generated cryptographic keys on resource constrained devices they write: "Rather than deriving the cryptographic key from merely the pass phrase that was spoken, we strive to generate a substantially stronger cryptographic key with entropy drawn both from the pass phrase spoken and how the user speaks it."
Natural deviation
The creators of the new system say it could eventually generate cryptographic keys as strong as those used to keep files on desktop computers secure. So far they have created 60-bit cryptographic keys with the system, but they hope to increase this to 128 bits and more.
Turning a voiceprint into an encryption key requires significant computational effort. Each time a person speaks, their vocalisations are slightly different, but the key must be reproduced perfectly. So the researchers have created algorithms that detect and correct for these natural deviations.
The team says it would also be nearly impossible for an attacker to capture encryption keys by stealing the device and breaking it open. This is because the complete key only exists when a voiceprint is combined with the stored encryption data.
David Wheeler, an expert in voice identification systems at Cambridge University, says the system has the potential to protect future mobile devices.
"It does give an additional safeguard," Wheeler told New Scientist "Its certainly feasible, although the details are usually more complicated than they first appear."
But Wheeler also warns that advanced voice-recording equipment can often be used to mimic a person's voice. The researchers are also working on preventing this type of attack.
Read the full article at New Scientist
Links:
PCW article
|
|
|