| Popis: |
This thesis investigates the security issues associated with human-computer interaction by speech, focussing on the context of voice-controlled digital assistants. The security of human-computer interaction by speech has become increasingly important as use of voice control has become more widespread. The research questions addressed in the thesis are whether the speech interface presents particular vulnerabilities that are not relevant to other types of interfaces, and, if so, what these vulnerabilities are and how attacks exploiting them can be defended. Based on a critical review of prior work, it is argued that the speech interface does represent a new attack surface with specific security vulnerabilities that have not as yet been comprehensively studied. These vulnerabilities arise both in relation to the inherently open nature of the speech interface, as well in relation to unintended functionality in the technologies implemented in voice-controlled systems to imitate human speech and language processing. The thesis makes three main contributions towards closing the gaps in knowledge on the security of human-computer interaction by speech identified in the review of prior work. The first contribution of the thesis is a novel taxonomy of the types of attacks that might be executed via a speech interface, representing a systemisation of knowledge in this area. The second contribution of the thesis is experimental work demonstrating new types of attacks via the speech interface that are foreshadowed in prior work, but have not been validated in practice. The experimental work develops systematic methodologies for executing attacks that hide malicious voice commands in nonsensical word sounds and in apparently unrelated utterances. The methodologies applied in these experiments involve testing both machine and human responses to such input to assess the potential for exploiting differences in machine and human perceptions to execute covert attacks. The third contribution of the thesis is proposals for the development of new defence mechanisms to counter attacks via the speech interface for which no effective defence mechanisms are currently available. These proposals include feasibility tests on the application of two existing technologies for security purposes in voice-controlled systems. The proposals for new defence mechanisms are grounded in a novel attack and defence modelling approach for analysing the security of human-computer interaction by speech that enables conceptualisation of the security of the speech interface in an inclusive framework, and facilitates a review of currently available defence mechanisms. |
