MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION A Goode Intelligence white paper sponsored by AGNITiO
First Edition September 2014 Goode Intelligence All Rights Reserved Sponsored by AGNITiO Published by: Goode Intelligence www.goodeintelligence.com info@goodeintelligence.com Whilst information, advice or comment is believed to be correct at time of publication, the publisher cannot accept any responsibility for its completeness or accuracy. Accordingly, the publisher, author, or distributor shall not be liable to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by what is contained in or left out of this publication. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electrical, mechanical, photocopying and recording without the written permission of Goode Intelligence.
CONTENTS Mobile Biometric Authentication Services Provide Convenient User Authentication... 2 Voice Biometrics A Natural Fit For Mobile & Wearable Authentication... 3 Introduction... 3 Advantages of Voice Biometrics... 4 Mobile Voice Biometrics Showcase AGNITiO KIVOX Mobile... 5 Introduction... 5 Biometric Voiceprint... 5 Key Benefits... 6 Anti-Spoofing... 6 AGNITiO KIVOX Mobile Summary... 7 About Goode Intelligence... 8 Goode Intelligence 2014 www.goodeintelligence.com
We are at a stage in technology development when the password is no longer convenient or secure enough to meet the needs of online authentication. A new breed of standards-based authentication solutions are being brought to market that meet the needs to identify people across a wide range of electronic devices for business and personal digital services. This white paper from research and consultancy company Goode Intelligence (GI) explores mobile voice biometric authentication services. MOBILE BIOMETRIC AUTHENTICATION SERVICES PROVIDE CONVENIENT USER AUTHENTICATION There are currently a number of inter-connected drivers that have created an environment where biometrics can be easily integrated into smart mobile devices (SMDs) and can provide a reliable and convenient alternative to existing authentication technologies in particular the replacement of passwords. These drivers include improved biometric performance, sensor design, integration of biometrics into strong authentication platforms (two-factor (2FA) and multi-factor authentication (MFA) services), the development of enabling authentication standards and protocols (includes the work of the FIDO Alliance) and the realisation that we desperately need a better, more agile, way to authenticate millions of users accessing digital services on a wide range of connected devices including mobile and wearable. Biometrics on mobile devices has moved from a curiosity to become a must-have for high-end smartphones During 2013 and 2014, both Apple and Samsung have launched flagship mobile devices that intelligently allow users to authenticate using a biometric; not just to unlock the device but to authorise payments, allow account authentication, protect passwords, support single-sign-on (SSO) and to unlock secure enterprise containers. That s a game changer and we are just at the beginning of this revolution in authentication provision. Goode Intelligence White Paper GI s white papers offer analyst insight from research extracted from primary sources including surveys, analyst reports, interviews and conferences. GI Definitions MBAS: Mobile Biometric Authentication Services. The use of biometrics on mobile devices for authentication purposes. SMD: Smart Mobile Device. A term coined by Goode Intelligence to denote a connected mobile device running a mobile Operating System. This includes Smartphones, Phablets and Tablets. 2FA: Two-factor Authentication. Something the user knows and something they own or have access to. MFA: Multi-factor Authentication. Requires a user to provide more than one form of identifying factor for identity verification and authentication purposes. Goode Intelligence 2014 P a g e 2 www.goodeintelligence.com
We are very much at the beginning of another transformational aspect of authentication; the use of wearable technology for authentication purposes, in particular leveraging the next wave of biometric technology to create seamless, continuous, authentication. What will be truly transformational about the use of biometrics on wearable devices is the birth of the universal authenticator a device that intuitively knows who we are, where we are, what we want to do and can open doors physical and virtual. There are a number of biometric modalities that are currently being used on mobile devices. Some of these; fingerprint and iris recognition for instance, require specific hardware to operate, whilst some, voice and facial, can be supported on standard devices without modification. One of the biometric modalities that is being successfully deployed to mobile devices is voice. VOICE BIOMETRICS A NATURAL FIT FOR MOBILE & WEARABLE AUTHENTICATION Introduction Voice biometrics is a natural fit for mobile phones as we speak into them and users are getting more comfortable with using voice recognition solutions such as Siri and Google Android Voice control. By 2018 there will be 572 million people using voice biometric authentication on their mobile devices 1 The FIDO Alliance: An organization that has developed authentication standards and specifications to improve online authentication for both mobile and desktop computing experiences. Wearable Technology: Refers to smart computing that is worn by its user and includes smart glass, bands, watches and clothes. Biometric Modalities: Refers to the type of biometric being used. Modalities include voice, fingerprint and iris etc. Using voice for biometrics authentication is a natural extension to these recognition solutions and is following on from the success of fingerprint biometrics being integrated into flagship smartphones. There are a number of voice biometric technologies that are suitable for mobile and wearable device. These include matching a voice to a template stored on the device (local) using software voice biometric services and matching the template stored in the cloud. In terms of the choice of what model a service provider will deploy is very much dependent on security and policy models. 1 Mobile & Wearable Biometric Authentication Market Analysis and Forecasts 2014-2019; Goode Intelligence, June 2014. Goode Intelligence 2014 P a g e 3 www.goodeintelligence.com
Voice is also suited as a biometric authentication solution across a wide range of devices including mobile phones, tablets, wearable devices, PCs, gaming systems (handheld and console), smart TVs, fixed line telephones and even automobiles. It offers device OEMs and System Integrators (SIs) a costeffective and flexible choice when compared to other biometric modalities that may be hindered by hardware integration effort. Advantages of Voice Biometrics Voice biometrics has a number of distinct advantages as a method for user authentication. It is a biometric authentication method that is considered to be the most preferred technology when compared with other biometric methods. 2 The advantages of voice biometrics for user authentication on mobile and wearable devices were included in a report published by Goode Intelligence 3 and these are summarised in figure 1 below. Preferred Biometric Methods Voice US 83% UK 85% Germany 91 % Source: The Ponemon Institute Figure 1: Advantages of Voice Biometrics for User Authentication 2 Moving Beyond Passwords. Consumer Attitudes On Online Authentication. A Study of US, UK and German Consumers. Published by The Ponemon Institute and sponsored by Nok Nok Labs. 3 Mobile & Wearable Biometric Authentication Market Analysis and Forecasts 2014-2019; Goode Intelligence, June 2014. Goode Intelligence 2014 P a g e 4 www.goodeintelligence.com
MOBILE VOICE BIOMETRICS SHOWCASE AGNITIO KIVOX MOBILE Introduction An established voice biometric specialist that has invested in the development of a mobile voice biometric authentication solution is AGNITiO. AGNITiO s KIVOX Mobile is part of the KIVOX family of products. It enables highly secure on-device speaker verification for applications on smartphones and other mobile devices. As the technology is on-device it does not rely on a network connection or cloud service to operate. If a user wants to unlock a phone or access protected files where there is no network coverage, for example while on an airplane, then they can do so. AGNITiO has a proven track record in voice biometrics, and KIVOX Mobile utilizes the same proprietary technology that their customers in law enforcement, military and intelligence industries are using. Biometric Voiceprint A Biometric Voiceprint (BVP) is created by a user either by using a pre-defined passphrase or by choosing their own. To start using KIVOX Mobile a user is required to follow three simple steps: 1. Teach the phone to recognize the user s voice by speaking into the standard microphone. 2. Authorize any app integrated with KIVOX Mobile to use the voiceprint. 3. Unlock, log-in, authenticate, and pay to conduct multiple transactions by using voice. Goode Intelligence 2014 P a g e 5 www.goodeintelligence.com
KIVOX Mobile offers a successful detection rate of more than 99.5 percent, with a false acceptance rate of less than 0.1 percent Key Benefits The key benefits of AGNITiO s KIVOX Mobile include the ability to verify a user ondevice without the need for internet connection. There are many other benefits for choosing KIVOK Mobile and these are summarised in Figure 2 below. Figure 2: Key Benefits of AGNITiO KIVOX Mobile KEY BENEFITS Two-Factor secure authentication: Device + Voiceprint Verify who is using the mobile phone at any time without needing a network connection Works in any language Passphrase can be different for each user No need for additional hardware (sensor, card reader, etc.) User friendly experience Proprietary patented anti-spoofing protection KIVOX Mobile is FIDO Ready Certified (Universal Authentication Framework UAF) Source: Agnitio If biometrics technology is to be used on mass consumer applications, it needs to be accurate and secure. There have been examples of mobile biometric technologies being successfully spoofed (fooled or bypassed), and KIVOX Mobile has a number of anti-spoofing features (summarised in the following section) that prevent an attacker from fooling the technology into believing that an imposter is actually the authorised user of a device or application. Anti-Spoofing Spoofing attacks against voice biometric technology include the replay attack, where a fraudster plays a recording of the user s voice in order to access the device or the applications that is protected by voice biometrics. Another spoofing example is the Goode Intelligence 2014 P a g e 6 www.goodeintelligence.com
cut-and-paste attack where a fraudster builds a pre-defined sentence with words extracted from longer recordings of the legitimate user s voice. AGNITiO s proprietary patented 4 anti-spoofing technology in KIVOX Mobile is designed to protect against spoofing and detects 97% of known replay attacks, as well as many other spoofing attacks such as cut-and-paste. The anti-spoofing protection is achieved as part of the verification process without the need for any additional steps such as liveness detection. AGNITiO KIVOX Mobile Summary KIVOX Mobile from AGNITiO is a biometrics product that allows users to unlock a device or authenticate into an application through a very natural medium the user s voice. It is accurate and secure and is in tune with the needs to conveniently authenticate people into mobile devices and applications. SUMMARY AND CONCLUSIONS A number of inter-connected drivers have created an environment where biometrics can be easily integrated into mobile devices that can provide a reliable and convenient alternative to existing authentication technologies in particular the replacement of passwords. The use of biometrics on mobile devices has moved from a curiosity to become a must-have for high-end smartphones, and Goode Intelligence believes that this trend will accelerate throughout 2014 and 2015 to result in the majority of newly shipped mobile devices supporting biometric authentication. Mobile Biometric Authentication Services are being aided by global authentication standards such as those created by members of the FIDO Alliance. Voice biometrics is a modality that is well suited to mobile devices, and Goode Intelligence forecasts that by 2018 there will be 572 million users of mobile voice biometrics 5. AGNITiO is a voice biometrics specialist that through its KIVOX Mobile product has a solution that is ready to meet the authentication challenges for mobile users wanting a secure and convenient method to unlock mobile devices and authenticate into applications. 4 AGNITiO s proprietary anti-spoofing technology is backed by four patents. 5 Mobile & Wearable Biometric Authentication Market Analysis and Forecasts 2014-2019; Goode Intelligence, June 2014. Goode Intelligence 2014 P a g e 7 www.goodeintelligence.com
ABOUT GOODE INTELLIGENCE Since being founded by Alan Goode in 2007, Goode Intelligence has built up a strong reputation for providing quality research and consultancy services in information security including: Mobile Security Authentication and Identity Biometrics Internet of Things Security For more information on this or any other research please visit www.goodeintelligence.com. This document is the copyright of Goode Intelligence and may not be reproduced, distributed, archived, or transmitted in any form or by any means without prior written consent by Goode Intelligence. Goode Intelligence 2014 P a g e 8 www.goodeintelligence.com