dolphinattack inaudible voice commands
play

DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, - PowerPoint PPT Presentation

Feb 04, 2023 •205 likes •720 views

DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu Zhejiang University Presenter: Huichen Li This paper won the CCS 2017 Best Paper award Speech Recognition Systems Apple Siri

  1. DolphinAttack: Inaudible Voice Commands Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu Zhejiang University Presenter: Huichen Li This paper won the CCS 2017 Best Paper award

  2. Speech Recognition Systems Apple Siri Amazon Alexa Google Now Huawei HiVoice

  3. Obfuscated Voice Commands Hidden Voice Commands

  4. Threat Model • Inaudible (with ultrasounds f > 20kHz) • No owner interaction. • Whitebox. • No (physical) target device access. • Attacker has required equipments (e.g. speakers for transmitting ultrasound near target devices).

  5. Threat Model • Inaudible (with ultrasounds f > 20kHz) • No owner interaction. • Whitebox . • No (physical) target device access . • Attacker has required equipments (e.g. speakers for transmitting ultrasound near target devices).

  6. Voice Controllable System Q: Which parts of the VCS are most vulnerable? (No known answer)

  7. Voice Controllable System

  8. Voice Controllable System ambient voices: recorded -> amplified -> filtered -> digitized

  9. Voice Controllable System - remove frequencies that are beyond the audible sound range - discard signal segments that contain sounds too weak to be identified

  10. Voice Controllable System

  11. Voice Controllable System Performed locally e.g. Siri - say pre-defined wake words - press a special key

  12. Voice Controllable System Via a cloud service signals sent to servers -> extract features -> recognize commands e.g. Mel-frequency cepstral coe ffi cients(MFCC) e.g. machine learning

  13. Voice Controllable System launch the corresponding application or execute an operation

  14. Voice Controllable System Q: Which parts of the VCS are most vulnerable? (No known answer) Take a guess!

  15. Focus of Attack Inaudible!

  16. Doubts on Inaudible Voice Commands • How can inaudible sounds be audible to devices? low-pass filters? low audio sampling rates? • How can inaudible sounds be intelligible to SR systems? SR systems do not recognize signals that do not match human tonal features? • How can inaudible sounds cause unnoticed security breach to VCS? speaker-dependent wake words?

  17. Microphone Pros: - miniature package sizes - low power consumption air pressure change -> capacitive change -> AC signal

  18. Nonlinearity of Microphone in ultrasound bands f > 20kHz m(t): target voice signal LPF Fourier Transformation

  19. s1(t) = cos(2 π f1 t) at frequency f1=38kHz s2(t) = cos(2 π f2 t) at frequency f2=40kHz s_hi (t) = s1(t) + s2(t) Inaudible Voice Commands: The Long-Range Attack and Defense

  20. Modulated Tone Traversing Voice Capture Device Modulation Demodulation

  21. Nonlinearity Evaluation: Questions • Will the demodulation work well in practice? • Will the demodulated voice signal remain similar to the original one?

  22. Nonlinearity Evaluation: Experimental Setup iPhone SE -> vector signal generator -> power amplifier -> ultrasonic speaker baseband signal -> modulated onto a carrier -> amplified -> transmitted

  23. Nonlinearity Evaluation: Single Tone Results original output signal of MEMS microphone output signal of ECM microphone 20 kHz carrier 2 kHz baseband Demodulation successful!

  24. Nonlinearity Evaluation: Voices Results MCD between original and recorded original TTS generated voice recorded as the 3.1 original voice is played recorded as the 7.6 modulated voice is played by ultrasonic speaker Mel-Cepstral Distortion (MCD) quantifies distortion between two MFCCs Similar! two voices are considered to be acceptable to voice recognition systems if their MCD values are smaller than 8

  25. Attack Design • Generate voice commands • Modulate baseband signals • Launch attack with a portable transmitter

  26. Activation Voice Commands Generation: Brute Force Siri is trained with Google TTS

  27. Activation Voice Commands Generation: Concatenative

  28. Amplitude Modulation (AM): Depth (index) directly related to the utilization of the nonlinearity e ff ect of microphones

  29. Analysis: Modulation Depth Demodulated signals become stronger Signal-to-noise ratio and the attack success rate get higher

  30. Amplitude Modulation (AM): Carrier Frequency f • Factors for choosing f: • frequency range of ultrasounds • bandwidth of the baseband signal • cut-o ff frequency of the low pass filter • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  31. Amplitude Modulation (AM): Carrier Frequency f Inaudibility: • Factors for choosing f: lowest frequency > 20 kHz • frequency range of ultrasounds • bandwidth of the baseband signal • cut-o ff frequency of the low pass filter • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  32. Amplitude Modulation (AM): Carrier Frequency f Inaudibility: • Factors for choosing f: lowest frequency > 20 kHz • frequency range of ultrasounds w: frequency range • bandwidth of the baseband signal of voice command • cut-o ff frequency of the low pass filter • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  33. Amplitude Modulation (AM): Carrier Frequency f Inaudibility: • Factors for choosing f: lowest frequency > 20 kHz • frequency range of ultrasounds w: frequency range • bandwidth of the baseband signal of voice command f - w > 20 kHz • cut-o ff frequency of the low pass filter • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  34. Amplitude Modulation (AM): Carrier Frequency f Inaudibility: • Factors for choosing f: lowest frequency > 20 kHz • frequency range of ultrasounds w: frequency range • bandwidth of the baseband signal of voice command otherwise f - w > 20 kHz • cut-o ff frequency of the low pass filter carrier will not be filtered. • frequency response of the microphone on the VCS • frequency response of the attacking speaker

  35. Amplitude Modulation (AM): Carrier Frequency f

  36. Analysis: Carrier Wave Frequency 400 Hz baseband and higher order harmonics

  37. Analysis: Carrier Wave Frequency amplitude of the harmonics larger than baseband Unacceptable to SR systems! 400 Hz baseband and higher order harmonics

  38. Amplitude Modulation (AM): Voice Selection f - w > 20 kHz • Various voices map to various baseband frequency ranges. • A voice with a small bandwidth shall be selected to create baseband voice signals

  39. Voice Commands Transmitter Powerful transmitter: driven by a dedicated signal generator Portable transmitter: driven by a smartphone

  40. Experimental Goal • Examining the feasibility of attacks. • Quantifying the parameters in tuning a successfully attack. • Measuring the attack performance.

  41. Feasibility Experiments: Device/System & Commands

  42. Impact: Languages

  43. Impact: Background Noise

  44. Impact: Distance

  45. Impact: Sound Pressure Levels

  46. Results Almost all the systems can be attacked!

  47. Defense: Hardware-based • Microphone Enhancement. • Suppress any acoustic signals whose frequencies are in the ultrasound range. • Inaudible Voice Command Cancellation. • Demodulate the signals to obtain the baseband and subtract it.

  48. Defense: Software-based original recorded recovered support vector machine (SVM) -> 10 training sample (5 positive, 5 negative) Q: rigorous? -> 14 testing samples 100% true positive and false positive rates

  49. Remote attack?

  50. Related Work - Embed commands into songs -> distribute through the internet - Use multiple speakers to mitigate leakage

  51. Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang,

DOLPHIN ATTACK: INAUDIBLE VOICE COMMANDS Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu Zhejiang University BACKGROUND- DOLPHIN ATTACK An approach to inject inaudible voice commands at VCS by exploiting the

481 views • 28 slides
Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems Tao Chen 1 Longfei Shangguan 2 Zhenjiang Li 1 Kyle Jamieson 3 1 City University of Hong Kong, 2 Microsoft, 3 Princeton University Voice Assistants in Smart Home 2

808 views • 54 slides
Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**,

Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**,

Hidden Voice Commands Nicholas Carlini*, Pratyush Mishra*, Tavish Vaidya**, Yuankai Zhang**, Micah Sherr**, Clay Shields**, David Wagner*, Wenchao Zhou** * University of California, Berkeley ** Georgetown University Voice channel opens up new

993 views • 64 slides
IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by Jinli Zhong FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild, NDSS17 Presented by Jie Li Protecting Privacy of BLE

470 views • 34 slides
The Shell What does a shell do? - execute commands, programs - but how? For built in commands

The Shell What does a shell do? - execute commands, programs - but how? For built in commands

The Shell What does a shell do? - execute commands, programs - but how? For built in commands run some code to do the command For other commands find program executable and .... run it. Other features: wildcards, pipes, redirection.

468 views • 18 slides
Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed

Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed

Lecture 8: Visual Mode, /<CR>, Drafting Commands, Metaediting Part II: The Core Commands Announcements HW3... is postponed to next week... Too few things to test on Make sure to practice on commands discussed so far. Every

1.11k views • 83 slides
A comparison of in inaudible windfarm noise and the natural environment noise whilst monitoring

A comparison of in inaudible windfarm noise and the natural environment noise whilst monitoring

23rd International Congress on Acoustics A comparison of in inaudible windfarm noise and the natural environment noise whilst monitoring brainwaves and heart rate Steven Cooper Sound system calibrated to playback 3-min sample of Cape

628 views • 15 slides
DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and

DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and

DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes DMR and Digital Voice Modes Presented by N7MOT Lenny Gemar Amateur radio began with spark gap transmitters, evolving to Morse code and analog voice

442 views • 20 slides
Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF

Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF

Digital Voice VHF, UHF, and HF Analog Voice - AM/SSB Analog Voice - FM Digital Voice GMSK UHF 4FSK VHF C4FM AMBE, AMBE+2, Codec-2 HF OFDM Audio Vocoder Modulator Integrate data into protocol A/D Compressed 10101111010 Mic

729 views • 13 slides
Colossians Commands Commands put to death your members 3:5 you yourself are to put

Colossians Commands Commands put to death your members 3:5 you yourself are to put

Colossians Commands Commands put to death your members 3:5 you yourself are to put off all these 3:8 put off the old man with his deeds 3:9 put on the new man who is renewed 3:10 put on tender mercies

2.44k views • 197 slides
Voice production Larynx and the vocal folds ARTICULATION PHONATION BREATHING (Lena Lyons efter

Voice production Larynx and the vocal folds ARTICULATION PHONATION BREATHING (Lena Lyons efter

M Sdersten, Karolinska Institutet, Rekjavik, Oct 12, 2012 Voice team Karolinska University Hospital and Karolinska Institute Voice production and teachers voice disorders How does the voice work and what makes it to fail?

73 views • 5 slides
Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now!

Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now!

Lecture 5: Review + Basic Commands Part I Recurring Themes Part II Core Commands Announcements Homework 2 is due now! Midterm next week! Format is similar to hws, focus on writing clear descriptions that do exactly what you want to

549 views • 43 slides
April 7: Safety Question Protection State Transitions Commands Conditional Commands

April 7: Safety Question Protection State Transitions Commands Conditional Commands

April 7: Safety Question Protection State Transitions Commands Conditional Commands Special Rights Principle of Attenuation of Privilege Harrison-Ruzzo-Ullman result Corollaries April 7, 2017 ECS 235B Spring Quarter

588 views • 33 slides
A simplified A simplified method method for for determination determination of of

A simplified A simplified method method for for determination determination of of

23rd International Congress on Acoustics A simplified A simplified method method for for determination determination of of amplitude amplitude modulation of modulation of audible audible and and inaudible inaudible wind

462 views • 10 slides
There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah

There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah

Jeremiah 1:1-19 There is a voice speaking. That voice is sovereign. That voice alone is sovereign. Jeremiah 1:1-19 That voice rules. not only heard, but heeded. not only obliged, but obyed. Jeremiah 1:1-19 the word of the Lord

617 views • 12 slides
Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background:

Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background:

Conversational Agents Human-AI Interaction Luigi De Russis Academic Year 2019/2020 Background: Voice and Speech 2 Human-AI Interaction Voice and Speech Human voice is an efficient input modality: it allows people to give commands to a

1.49k views • 31 slides
A Full Bandwidth Audio Codec with Low A Full Bandwidth Audio Codec with Low Complexity and Very

A Full Bandwidth Audio Codec with Low A Full Bandwidth Audio Codec with Low Complexity and Very

A Full Bandwidth Audio Codec with Low A Full Bandwidth Audio Codec with Low Complexity and Very Low Delay Complexity and Very Low Delay Jean-Marc Valin, Octasic Inc. Timothy B. Terriberry, Xiph.Org Foundation Gregory Maxwell, Juniper Networks

451 views • 16 slides
Claudio Fiandrino, IMDEA Networks, Madrid, Spain 1 2 3 Introduction on mm-wave

Claudio Fiandrino, IMDEA Networks, Madrid, Spain 1 2 3 Introduction on mm-wave

Claudio Fiandrino, IMDEA Networks, Madrid, Spain 1 2 3 Introduction on mm-wave communications Localization system Hybrid beamforming Architectural design and optimizations 4 Inevitable to achieve multi-Gbit/s data rates

463 views • 18 slides
HIGH FREQUENCY PROPAGATION Results : Metal Oxide Space Cloud (MOSC) Experiment Dev Joshi

HIGH FREQUENCY PROPAGATION Results : Metal Oxide Space Cloud (MOSC) Experiment Dev Joshi

HIGH FREQUENCY PROPAGATION Results : Metal Oxide Space Cloud (MOSC) Experiment Dev Joshi Research Assistant Department of Physics, Boston College (BC) Institute For Scientific Research (ISR), BC 1 Joshi, Dev 1 ; Groves, Keith 1 ; McNeil,

270 views • 16 slides
Lecture 1 Introduction/Signal Processing, Part I Michael Picheny, Bhuvana Ramabhadran, Stanley F

Lecture 1 Introduction/Signal Processing, Part I Michael Picheny, Bhuvana Ramabhadran, Stanley F

Lecture 1 Introduction/Signal Processing, Part I Michael Picheny, Bhuvana Ramabhadran, Stanley F . Chen, Markus Nussbaum-Thom Watson Group IBM T.J. Watson Research Center Yorktown Heights, New York, USA

1.39k views • 94 slides
SEG Spring 2005 Distinguished Lecture: Spectral Decomposition and Spectral Inversion Greg

SEG Spring 2005 Distinguished Lecture: Spectral Decomposition and Spectral Inversion Greg

SEG Spring 2005 Distinguished Lecture: Spectral Decomposition and Spectral Inversion Greg Partyka [ BP ] 2005 Hello, my name is Greg Partyka and this is the extended version of the 2005 Spring SEG Distinguished Lecture. Even though the

823 views • 57 slides
Filters and Bode magnitude plots ( corrected version ) ENGR 40M lecture notes August 4, 2017

Filters and Bode magnitude plots ( corrected version ) ENGR 40M lecture notes August 4, 2017

Filters and Bode magnitude plots ( corrected version ) ENGR 40M lecture notes August 4, 2017 Chuan-Zheng Lee, Stanford University The decibel Recall that the gain of a circuit is the ratio V out V in . We often express (the magnitude of) gains

195 views • 6 slides
Opening new windows Yashwant Gupta National Centre for Radio Astrophysics Pune India

Opening new windows Yashwant Gupta National Centre for Radio Astrophysics Pune India

The upgraded GMRT : Opening new windows Yashwant Gupta National Centre for Radio Astrophysics Pune India Science at Low Frequencies III Pasadena 7 Dec 2016 Plan of today's presentation Upgrading the

506 views • 39 slides
Microsoft Spectr rum Observatory Ranveer Chandra Microsoft Research Joint work with Techn nology

Microsoft Spectr rum Observatory Ranveer Chandra Microsoft Research Joint work with Techn nology

Microsoft Spectr rum Observatory Ranveer Chandra Microsoft Research Joint work with Techn nology & Policy Group p Gupta, Jason van Eaton, Matt Valerio, P Paul Garnett, Paul Mitchell, David Tennenh owing Demand owing Demand 24 HOURS 20X -

575 views • 31 slides

More recommend