Share Email Print
cover

Proceedings Paper

The non-trusty clown attack on model-based speaker recognition systems
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Biometric detectors for speaker identification commonly employ a statistical model for a subject’s voice, such as a Gaussian Mixture Model, that combines multiple means to improve detector performance. This allows a malicious insider to amend or append a component of a subject’s statistical model so that a detector behaves normally except under a carefully engineered circumstance. This allows an attacker to force a misclassification of his or her voice only when desired, by smuggling data into a database far in advance of an attack. Note that the attack is possible if attacker has access to database even for a limited time to modify victim’s model. We exhibit such an attack on a speaker identification, in which an attacker can force a misclassification by speaking in an unusual voice, and replacing the least weighted component of victim’s model by the most weighted competent of the unusual voice of the attacker’s model. The reason attacker make his or her voice unusual during the attack is because his or her normal voice model can be in database, and by attacking with unusual voice, the attacker has the option to be recognized as himself or herself when talking normally or as the victim when talking in the unusual manner. By attaching an appropriately weighted vector to a victim’s model, we can impersonate all users in our simulations, while avoiding unwanted false rejections.

Paper Details

Date Published: 4 March 2015
PDF: 10 pages
Proc. SPIE 9409, Media Watermarking, Security, and Forensics 2015, 940904 (4 March 2015); doi: 10.1117/12.2083412
Show Author Affiliations
Alireza Farrokh Baroughi, Binghamton Univ. (United States)
Scott Craver, Binghamton Univ. (United States)


Published in SPIE Proceedings Vol. 9409:
Media Watermarking, Security, and Forensics 2015
Adnan M. Alattar; Nasir D. Memon; Chad D. Heitzenrater, Editor(s)

© SPIE. Terms of Use
Back to Top