while implementing an active challenge/response mechanism to verify the liveness of a subject in a biometric authentication system can significantly enhance security, it also places an additional burden on the user. requiring users to perform specific actions can prolong the authentication process, increase the chance of user mistakes, and result in missed detections.
This can ultimately hinder the adoption of the technology. Consequently, the TrulySecure Voice Liveness Challenge has been carefully crafted to strike a balance between ease of use and security. It is both robust and user-friendly, ensuring that the enrollment and authentication processes remain relatively swift. It also provides flexibility in implementation, allowing for adjustments in ease of use and security tailored to specific applications.
TrulySecure Voice Liveness Challenge
Following the verification of the user's passphrase during an authentication attempt, the TrulySecure Voice Liveness Challenge prompts the user to sequentially speak a short series of two-digit numbers. These numbers are randomly selected from a set previously enrolled by the user.
To reduce the duration of the initial enrollment process, this set of numbers is expanded over time using utterances captured during authentication attempts. As outlined below, the liveness challenge can be configured in various ways to optimize the system for security and user-friendliness.
This system design offers several significant advantages over other voice liveness challenge methods, which are also detailed below.
Enrollment - The enrollment process begins with the user enrolling their chosen passphrase, as is standard in TrulySecure, by repeating it three times. Subsequently, the user is prompted to enroll three two-digit numbers, each following the same procedure used for the passphrase. These numbers are randomly selected by the system.
Authentication - During authentication, the user is first asked to provide their passphrase. The system then displays a sequence of three two-digit numbers. Two of these are randomly chosen from the enrolled set, serving as the liveness test.
Augmentation - The third number shown to the user is randomly selected from the set of unenrolled numbers. The audio from this number is then used to add it to the enrolled set for future liveness tests.
Enrollment
● The user is asked to repeat their chosen passphrase (e.g., "My Voice Is My Password") three times.
● The user is then prompted to enroll three two-digit numbers:
○ The system shows "27" and the user says "twenty-seven" (this is repeated three times to complete the enrollment of that number).
○ The system shows "84" and the user says "eighty-four" (this is repeated three times to complete the enrollment of that number).
○ The system shows "67" and the user says "sixty-seven" (this is repeated three times to complete the enrollment of that number).
Authentication
● The user speaks their chosen passphrase (e.g., "My Voice Is My Password").
● The user is then randomly prompted to say two of the enrolled two-digit numbers, plus a third unenrolled two-digit number (the sequence can vary):
○ The system shows "67" and the user says "sixty-seven".
○ The system shows "84" and the user says "eighty-four".
○ The system shows "53" and the user says "fifty-three".
● If the user's passphrase and the two enrolled numbers match the system's speaker verification test, the user is authenticated.
Augmentation
● The audio of the unenrolled two-digit number ("fifty-three" in this example) is saved for future enrollment. Once the user has spoken this number three times, the system enrolls it and adds it to the list for future liveness prompts.
Benefits
The choice of two-digit numbers as the liveness passphrases in the TrulySecure Voice Liveness Challenge provides several key advantages:
● These numbers are universally recognized symbols, understood globally by speakers of various languages. They can be spoken with any accent without affecting performance, as the verification process is language-independent.
● They can be articulated in any language (e.g., "vingt-sept" in French instead of "twenty-seven"), requiring no changes to the system. This eliminates the need for user interface localization, simplifying app maintenance (fewer versions to manage and less testing needed per release). Additionally, it removes the necessity for language-specific voice models, which require extensive data collection and tuning for each supported language, resulting in a smaller download package.
● They consist of multiple syllables, improving accuracy compared to single-syllable passphrases, which are more challenging to use.
● They enable the development of a large enrolled set from which to draw liveness prompts (90 possibilities for two-digit numbers from 10 to 99).
● They allow the system to scale to desired security levels:
○ More two-digit numbers can be required during enrollment to enhance initial security (at the cost of a longer enrollment process).
○ More two-digit numbers can be required during authentication.
○ The system can incorporate larger sets of numbers, including three-digit or higher numbers.
Some existing biometric systems use single-digit liveness challenges. Single digits are appealing because they are also universally recognized and offer a similar experience to text-based one-time passwords, familiar to consumers. For example, a single-digit liveness check might require the user to enroll by speaking a complete string of single digits multiple times and then authenticate by speaking a shorter string (e.g., during authentication, displaying "17945", to which the user says "one seven nine four five" in English). However, this method has significant drawbacks:
● It requires language-specific parsing of the utterance to recognize each digit during enrollment and authentication. Strong accents can make parsing more challenging and less accurate. If the user wishes to speak in a different language, a different language model is needed for parsing.
● It is less intuitive and robust than the two-digit number system. If the user misinterprets the prompt and does not speak the digits individually (e.g., saying "seventeen nine forty-five" instead of "one seven nine four five"), the system will fail. (In the TrulySecure system, the user only needs to be consistent in their response to the prompt.)
● The enrollment process is lengthy, requiring all ten digits to be spoken multiple times. Most single digits in English have only one syllable, which limits the system's accuracy. This can be mitigated by requesting more digits, but it increases the risk of an attacker recording a substantial portion of the enrolled prompts during a single authentication event.
● The system's security is constrained by the limited number of digits and cannot be scaled. Single-digit systems are limited to ten different inputs for prompts. An attacker who records all or a subset of these digits can easily splice them together to spoof the system.
Alternative Configurations
One approach to further reduce the enrollment process in the TrulySecure Voice Liveness Challenge is to initially enroll only the user-defined passphrase. The numbers are then enrolled over time using the augmentation method described above. This means there would be no liveness check for the first few authentication attempts, but the enrolled phrase list would quickly expand and become effective.
Another potential implementation of the TrulySecure Voice Liveness Challenge, yet to be developed, could replace two-digit numbers with a different set of non-linguistic, unambiguous symbols, such as photos of objects or emojis.
For instance, images of fruits (banana, orange, apple, pear, etc.) could be used. Similar to the two-digit numbers, the enrolled set could grow over time. As long as each user consistently translates each symbol into an utterance, the system will scale effectively.
Allowing users to choose the type of challenge could serve a dual purpose. Authentication systems often include a "reverse authentication" feature to assure the user that the system is legitimate and not a phishing attack, typically through an image selected at account creation. By letting users choose their challenge prompt category, they also gain reassurance that the system is authentic.
