dolphinattack inaudible voice commands
play

DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, - PowerPoint PPT Presentation

Feb 04, 2023 •205 likes •720 views

DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu Zhejiang University Presenter: Huichen Li This paper won the CCS 2017 Best Paper award Speech Recognition Systems Apple Siri

  1. DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu Zhejiang University Presenter: Huichen Li This paper won the CCS 2017 Best Paper award

  2. Speech Recognition Systems Apple Siri Amazon Alexa Google Now Huawei HiVoice

  3. Obfuscated Voice Commands Hidden Voice Commands

  4. Threat Model • Inaudible (with ultrasounds f > 20kHz) • No owner interaction. • Whitebox. • No (physical) target device access. • Attacker has required equipments (e.g. speakers for transmitting ultrasound near target devices).

  5. Threat Model • Inaudible (with ultrasounds f > 20kHz) • No owner interaction. • Whitebox . • No (physical) target device access . • Attacker has required equipments (e.g. speakers for transmitting ultrasound near target devices).

  6. Voice Controllable System Q: Which parts of the VCS are most vulnerable? (No known answer)

  7. Voice Controllable System

  8. Voice Controllable System ambient voices: recorded -> amplified -> filtered -> digitized

  9. Voice Controllable System - remove frequencies that are beyond the audible sound range - discard signal segments that contain sounds too weak to be identified

  10. Voice Controllable System

  11. Voice Controllable System Performed locally e.g. Siri - say pre-defined wake words - press a special key

  12. Voice Controllable System Via a cloud service signals sent to servers -> extract features -> recognize commands e.g. Mel-frequency cepstral coe ffi cients(MFCC) e.g. machine learning

  13. Voice Controllable System launch the corresponding application or execute an operation

  14. Voice Controllable System Q: Which parts of the VCS are most vulnerable? (No known answer) Take a guess!

  15. Focus of Attack Inaudible!

  16. Doubts on Inaudible Voice Commands • How can inaudible sounds be audible to devices? low-pass filters? low audio sampling rates? • How can inaudible sounds be intelligible to SR systems? SR systems do not recognize signals that do not match human tonal features? • How can inaudible sounds cause unnoticed security breach to VCS? speaker-dependent wake words?

  17. Microphone Pros: - miniature package sizes - low power consumption air pressure change -> capacitive change -> AC signal

  18. Nonlinearity of Microphone in ultrasound bands f > 20kHz m(t): target voice signal LPF Fourier Transformation

  19. s1(t) = cos(2 π f1 t) at frequency f1=38kHz s2(t) = cos(2 π f2 t) at frequency f2=40kHz s_hi (t) = s1(t) + s2(t) Inaudible Voice Commands: The Long-Range Attack and Defense

  20. Modulated Tone Traversing Voice Capture Device Modulation Demodulation

  21. Nonlinearity Evaluation: Questions • Will the demodulation work well in practice? • Will the demodulated voice signal remain similar to the original one?

  22. Nonlinearity Evaluation: Experimental Setup iPhone SE -> vector signal generator -> power amplifier -> ultrasonic speaker baseband signal -> modulated onto a carrier -> amplified -> transmitted

  23. Nonlinearity Evaluation: Single Tone Results original output signal of MEMS microphone output signal of ECM microphone 20 kHz carrier 2 kHz baseband Demodulation successful!

  24. Nonlinearity Evaluation: Voices Results MCD between original and recorded original TTS generated voice recorded as the 3.1 original voice is played recorded as the 7.6 modulated voice is played by ultrasonic speaker Mel-Cepstral Distortion (MCD) quantifies distortion between two MFCCs Similar! two voices are considered to be acceptable to voice recognition systems if their MCD values are smaller than 8

  25. Attack Design • Generate voice commands • Modulate baseband signals • Launch attack with a portable transmitter

  26. Activation Voice Commands Generation: Brute Force Siri is trained with Google TTS

  27. Activation Voice Commands Generation: Concatenative

  28. Amplitude Modulation (AM): Depth (index) directly related to the utilization of the nonlinearity e ff ect of microphones

  29. Analysis: Modulation Depth Demodulated signals become stronger Signal-to-noise ratio and the attack success rate get higher

  30. Amplitude Modulation (AM): Carrier Frequency f • Factors for choosing f: • frequency range of ultrasounds • bandwidth of the baseband signal • cut-o ff frequency of the low pass filter • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  31. Amplitude Modulation (AM): Carrier Frequency f Inaudibility: • Factors for choosing f: lowest frequency > 20 kHz • frequency range of ultrasounds • bandwidth of the baseband signal • cut-o ff frequency of the low pass filter • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  32. Amplitude Modulation (AM): Carrier Frequency f Inaudibility: • Factors for choosing f: lowest frequency > 20 kHz • frequency range of ultrasounds w: frequency range • bandwidth of the baseband signal of voice command • cut-o ff frequency of the low pass filter • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  33. Amplitude Modulation (AM): Carrier Frequency f Inaudibility: • Factors for choosing f: lowest frequency > 20 kHz • frequency range of ultrasounds w: frequency range • bandwidth of the baseband signal of voice command f - w > 20 kHz • cut-o ff frequency of the low pass filter • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  34. Amplitude Modulation (AM): Carrier Frequency f Inaudibility: • Factors for choosing f: lowest frequency > 20 kHz • frequency range of ultrasounds w: frequency range • bandwidth of the baseband signal of voice command otherwise f - w > 20 kHz • cut-o ff frequency of the low pass filter carrier will not be filtered. • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  35. Amplitude Modulation (AM): Carrier Frequency f

  36. Analysis: Carrier Wave Frequency 400 Hz baseband and higher order harmonics

  37. Analysis: Carrier Wave Frequency amplitude of the harmonics larger than baseband Unacceptable to SR systems! 400 Hz baseband and higher order harmonics

  38. Amplitude Modulation (AM): Voice Selection f - w > 20 kHz • Various voices map to various baseband frequency ranges. • A voice with a small bandwidth shall be selected to create baseband voice signals

  39. Voice Commands Transmitter Powerful transmitter: driven by a dedicated signal generator Portable transmitter: driven by a smartphone

  40. Experimental Goal • Examining the feasibility of attacks. • Quantifying the parameters in tuning a successfully attack. • Measuring the attack performance.

  41. Feasibility Experiments: Device/System & Commands

  42. Impact: Languages

  43. Impact: Background Noise

  44. Impact: Distance

  45. Impact: Sound Pressure Levels

  46. Results Almost all the systems can be attacked!

  47. Defense: Hardware-based • Microphone Enhancement. • Suppress any acoustic signals whose frequencies are in the ultrasound range. • Inaudible Voice Command Cancellation. • Demodulate the signals to obtain the baseband and subtract it.

  48. Defense: Software-based original recorded recovered support vector machine (SVM) -> 10 training sample (5 positive, 5 negative) Q: rigorous? -> 14 testing samples 100% true positive and false positive rates

  49. Remote attack?

  50. Related Work - Embed commands into songs -> distribute through the internet - Use multiple speakers to mitigate leakage

  51. Thanks!

Recommend

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu Zhejiang University BACKGROUND- DOLPHIN ATTACK An approach to inject inaudible voice commands at VCS by exploiting the

481 views • 28 slides
Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1 Longfei Shangguan 2 Zhenjiang Li 1 Kyle Jamieson 3 1 City University of Hong Kong, 2 Microsoft, 3 Princeton University Voice Assistants in Smart Home 2

808 views • 54 slides
Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**,

Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**,

Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**, Micah Sherr**, Clay Shields**, David Wagner*, Wenchao Zhou** * University of California, Berkeley ** Georgetown University Voice channel opens up new

993 views • 64 slides
IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by Jinli Zhong FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild, NDSS17 Presented by Jie Li Protecting Privacy of BLE

470 views • 34 slides
The Shell What does a shell do? - execute commands, programs - but how? For built in commands

The Shell What does a shell do? - execute commands, programs - but how? For built in commands

The Shell What does a shell do? - execute commands, programs - but how? For built in commands run some code to do the command For other commands find program executable and .... run it. Other features: wildcards, pipes, redirection.

468 views • 18 slides
Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed

Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed

Lecture 8: Visual Mode, /<CR>, Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed to next week... Too few things to test on Make sure to practice on commands discussed so far. Every

1.11k views • 83 slides
A comparison of in inaudible windfarm noise and the natural environment noise whilst monitoring

A comparison of in inaudible windfarm noise and the natural environment noise whilst monitoring

23rd International Congress on Acoustics A comparison of in inaudible windfarm noise and the natural environment noise whilst monitoring brainwaves and heart rate Steven Cooper Sound system calibrated to playback 3-min sample of Cape

628 views • 15 slides
DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and

DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and

DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes Presented by N7MOT Lenny Gemar Amateur radio began with spark gap transmitters, evolving to Morse code and analog voice

442 views • 20 slides
Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF

Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF

Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF 4FSK VHF C4FM AMBE, AMBE+2, Codec-2 HF OFDM Audio Vocoder Modulator Integrate data into protocol A/D Compressed 10101111010 Mic

729 views • 13 slides
Colossians Commands Commands put to death your members 3:5 you yourself are to put

Colossians Commands Commands put to death your members 3:5 you yourself are to put

Colossians Commands Commands put to death your members 3:5 you yourself are to put off all these 3:8 put off the old man with his deeds 3:9 put on the new man who is renewed 3:10 put on tender mercies

2.44k views • 197 slides
Voice production Larynx and the vocal folds ARTICULATION PHONATION BREATHING (Lena Lyons efter

Voice production Larynx and the vocal folds ARTICULATION PHONATION BREATHING (Lena Lyons efter

M Sdersten, Karolinska Institutet, Rekjavik, Oct 12, 2012 Voice team Karolinska University Hospital and Karolinska Institute Voice production and teachers voice disorders How does the voice work and what makes it to fail?

73 views • 5 slides
Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now!

Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now!

Lecture 5: Review + Basic Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now! Midterm next week! Format is similar to hws, focus on writing clear descriptions that do exactly what you want to

549 views • 43 slides
April 7: Safety Question Protection State Transitions Commands Conditional Commands

April 7: Safety Question Protection State Transitions Commands Conditional Commands

April 7: Safety Question Protection State Transitions Commands Conditional Commands Special Rights Principle of Attenuation of Privilege Harrison-Ruzzo-Ullman result Corollaries April 7, 2017 ECS 235B Spring Quarter

588 views • 33 slides
A simplified A simplified method method for for determination determination of of

A simplified A simplified method method for for determination determination of of

23rd International Congress on Acoustics A simplified A simplified method method for for determination determination of of amplitude amplitude modulation of modulation of audible audible and and inaudible inaudible wind

462 views • 10 slides
There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah

There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah

Jeremiah 1:1-19 There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah 1:1-19 That voice rules. not only heard, but heeded. not only obliged, but obyed. Jeremiah 1:1-19 the word of the Lord

617 views • 12 slides
Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background:

Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background:

Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background: Voice and Speech 2 Human-AI Interaction Voice and Speech Human voice is an efficient input modality: it allows people to give commands to a

1.49k views • 31 slides
Getting Sta rted with Voice API Lorna Mitchell Getting Sta rted with Voice API Use the Voice

Getting Sta rted with Voice API Lorna Mitchell Getting Sta rted with Voice API Use the Voice

Getting Sta rted with Voice API Lorna Mitchell Getting Sta rted with Voice API Use the Voice API to make and receive calls, play audio, send and receive DTMF tones, and to record calls. Workshop plan: Introduce concepts and vocabulary

480 views • 19 slides
SQL , the Structured Query Language Overview Introduction DDL Commands DML Commands SQL

SQL , the Structured Query Language Overview Introduction DDL Commands DML Commands SQL

SQL , the Structured Query Language Overview Introduction DDL Commands DML Commands SQL Statements, Operators, Clauses Aggregate Functions Structured Query Language ( SQL SQL ) The ANSI standard language for the definition and manipulation

854 views • 30 slides
1 Incidence of teachers voice problems in UK LSBU survey of teachers voice levels (2004) 36

1 Incidence of teachers voice problems in UK LSBU survey of teachers voice levels (2004) 36

Damaging effects of noise on hearing and voice in childrens Outline learning environments Reykjavik Iceland 12-13 October 2012 Voice Care Network Oral communication ergonomic work in UK Incidence of teachers voice problems in UK

551 views • 5 slides
Commands The picture can't be displayed. Dr. John Yoon The History Almost every shell stores

Commands The picture can't be displayed. Dr. John Yoon The History Almost every shell stores

Advanced Linux Commands The picture can't be displayed. Dr. John Yoon The History Almost every shell stores the previous commands that you have issued. Most shells allow you to press the up arrow to cycle through previous commands.

656 views • 17 slides
Unix Commands on processes Xiaolan Zhang Spring 2013 1 Outlines Last class: commands

Unix Commands on processes Xiaolan Zhang Spring 2013 1 Outlines Last class: commands

Unix Commands on processes Xiaolan Zhang Spring 2013 1 Outlines Last class: commands working with files tree, ls and echo od (octal dump), stat (show meta data of file) touch, temporary file, file with random bytes locate,

548 views • 51 slides
SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit

SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit

SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit Management Systems Diane Serban, Ph.D., SAA Inc. Vincent Houston, NASA Langley Research Center SAA Provides Off-Line VOICE RECOGNITION Solutions to

501 views • 11 slides
1 Agenda Agenda Agenda Wie sieht die HW aus? IP Telefon Voice Gateway Was Was

1 Agenda Agenda Agenda Wie sieht die HW aus? IP Telefon Voice Gateway Was Was

Voice over IP Voice over IP Erfahrungsbericht Cisco & Voice over IP Compaq Computer GmbH Jrgen Wedler Consultant Network Services Kieler Str. 147, D-22769 Hamburg Tel: +49 (40) 85361 145 Fax: +49 (40) 85361 322 Mobil: +49 (175)

740 views • 28 slides
TO TO VOICE SEARCH Be Beware: e: Vo Voice Search Is Ex Exciting iting Everyone is

TO TO VOICE SEARCH Be Beware: e: Vo Voice Search Is Ex Exciting iting Everyone is

TO TO VOICE SEARCH Be Beware: e: Vo Voice Search Is Ex Exciting iting Everyone is talking about voice search. At tech and marketing conferences you cant turn around without bumping into someone saying by 2020, 50 percent

1.53k views • 75 slides

More recommend