SpokenSecurity
Description
SpokenSecurity is a voice-locked password vault designed to provide two factor authentication (possession and inherence) while simultaneously making it easy to retrieve (and subsequently use) the multiple passwords any security-conscious person should maintain.
Motivation
Password vaults on the two largest mobile operating systems are either lacking in security altogether or maintain woefully poor security. Blackhat Europe's 2011/2012 summits published several papers on the topic. Due to the nature of typical, password-driven authentication for most applications, the best solution - until better authentication becomes ubiquitous - is a two or three factor authentication bridge such as SpokenSecurity.
Use Cases
SpokenSecurity is meant to be used by anyone who wants to be security minded but who doesn't want to be troubled with remembering a dozen or more different passwords. SpokenSecurity will - in future releases- also feature a friendly voice-assist interface.
Current State
The demo screenshots display capabilities not available in the actual product. The ability to drop an authentication already set will be removed for obvious reasons. Once you hit "Record," you'll have two seconds to say the word displayed. From then on, your passwords will be locked behind your voice. For the curious, a visual representation of your voice's frequency distribution is presented to you.
|
|
|
Demo
In this demo, you'll see SpokenSecurity being primed for a first-time user. The "Record" button is pushed once, and the voice print of the first speaker is stored. A second recording closely matches the first, and the original speaker is let through. A third recording using a different voice fails to get through. During each recording, a frequency profile appears. The first two recordings are similar while the third is noticeably different.
Future Work
SpokenSecurity is in its infancy. Future work will see improvements to its speaker recognition capabilities, a special voice-assist interface, and an API for developers wishing to use SpokenSecurity directly from their applications. An option to make SpokenSecurity an input method service is being explored.