TY - GEN
T1 - Toward speech-generated cryptographic keys on resource constrained devices
AU - Monrose, Fabian
AU - Reiter, Michael K.
AU - Li, Qi
AU - Lopresti, Daniel P.
AU - Shih, Chilin
N1 - Publisher Copyright:
© 2002 USENIX Association. All rights reserved.
PY - 2002
Y1 - 2002
N2 - Programmable mobile phones and personal digital assistants (PDAS) with microphones permit voice-driven user interfaces in which a user provides input by speaking. In this paper, we show how to exploit this capability to generate cryptographic keys on such devices. Specifically, we detail our implementation of a technique to generate a repeatable cryptographic key on a PDA from a spoken passphrase. Rather than deriving the cryptographic key from merely the passphrase that was spoken—which would constitute little more than an exercise in automatic speech recognition—we strive to generate a substantially stronger cryptographic key with entropy drawn both from the passphrase spoken and how the user speaks it. Moreover, the cryptographic key is designed to resist cryptanalysis even by an attacker who captures and reverse-engineers the device on which this key is generated. We describe the major hurdles of achieving this on an off-the-shelf PDA bearing a 206 MHZ StrongArm CPU and an inexpensive microphone. We also evaluate our approach using multiple data sets, one recorded on the device itself, to clarify the effectiveness of our implementation against various attackers.
AB - Programmable mobile phones and personal digital assistants (PDAS) with microphones permit voice-driven user interfaces in which a user provides input by speaking. In this paper, we show how to exploit this capability to generate cryptographic keys on such devices. Specifically, we detail our implementation of a technique to generate a repeatable cryptographic key on a PDA from a spoken passphrase. Rather than deriving the cryptographic key from merely the passphrase that was spoken—which would constitute little more than an exercise in automatic speech recognition—we strive to generate a substantially stronger cryptographic key with entropy drawn both from the passphrase spoken and how the user speaks it. Moreover, the cryptographic key is designed to resist cryptanalysis even by an attacker who captures and reverse-engineers the device on which this key is generated. We describe the major hurdles of achieving this on an off-the-shelf PDA bearing a 206 MHZ StrongArm CPU and an inexpensive microphone. We also evaluate our approach using multiple data sets, one recorded on the device itself, to clarify the effectiveness of our implementation against various attackers.
UR - http://www.scopus.com/inward/record.url?scp=85084163045&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85084163045&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85084163045
T3 - Proceedings of the 11th USENIX Security Symposium
BT - Proceedings of the 11th USENIX Security Symposium
PB - USENIX Association
T2 - 11th USENIX Security Symposium
Y2 - 5 August 2002 through 9 August 2002
ER -