CERIAS Security Seminar: Fingerprinting Encrypted Voice Commands on Smart Speakers

The Center for Education and Research in Information Assurance and Security
December 4, 2019
4:30 PM - 5:30 PM
STEW G52 (Suite 050B), West Lafayette Campus


Boyang Wang
University of Cincinnati


Smartspeakers, such as Amazon Echo, have been adopted by millions of users. However,the privacy impacts of smart speakers have not been well examined. We investigatethe privacy leakage of smart speakers under an encrypted traffic analysisattack, referred to as voice command fingerprinting. In this attack, anadversary eavesdrops encrypted voice traffic from and to a smart speaker andinfers which voice command a user says without decrypting encrypted traffic. Wedesign our attacks based on neural networks and collect two large-scaledatasets on Amazon Echo and Google Home by using an automatic traffic crawler. Ourexperimental results show disturbing privacy concerns. Specifically, comparedto 1% accuracy with random guessing, an attacker can infer 92% voice commandscorrectly on Amazon Echo and 99% voice commands correctly on Google Home. Wealso propose a defense to preserve user privacy against this attack with minimallatency and bandwidth overhead. Our simulations show that the proposed defensecan reduce attack accuracy to 1% if an attacker trains neural networks withoriginal traffic and 32% if an attacker adapts and trains neural networks withobfuscated traffic.  


Boyang Wang is atenure-track Assistant Professor in the Department of Electrical Engineeringand Computer Science at the University of Cincinnati. He received his Ph.D. inElectrical and Computer Engineering from the University of Arizona in 2017, hisPh.D. in Cryptography and B.S. in Information Security from Xidian University,China, in 2014 and 2007, respectively. He worked for Bosch Research andTechnology Center as a research intern in 2015. He was a visiting student atUtah State University from 2012 to 2013 and a visiting student at theUniversity of Toronto from 2010 to 2012. His current research focus on datasecurity and privacy, adversarial machine learning, encrypted traffic analysis,blockchain and applied cryptography. He is a member of IEEE and ACM.

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info

Contact Details

Add to calendar