Voice Authentication for ATM Security



Similar documents
This method looks at the patterns found on a fingertip. Patterns are made by the lines on the tip of the finger.

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Framework for Biometric Enabled Unified Core Banking

Biometrics is the use of physiological and/or behavioral characteristics to recognize or verify the identity of individuals through automated means.

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

May For other information please contact:

Accessing the bank account without card and password in ATM using biometric technology

Multimodal Biometric Recognition Security System

Chapter 5 Understanding Input. Discovering Computers Your Interactive Guide to the Digital World

Biometrics: Advantages for Employee Attendance Verification. InfoTronics, Inc. Farmington Hills, MI

User Authentication Methods for Mobile Systems Dr Steven Furnell

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

White paper Fujitsu Identity Management and PalmSecure

NFC & Biometrics. Christophe Rosenberger

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Application-Specific Biometric Templates

Smart Cards and Biometrics in Privacy-Sensitive Secure Personal Identification Systems

Automatic Speaker Verification (ASV) System Can Slash Helpdesk Costs

Physical Security: A Biometric Approach Preeti, Rajni M.Tech (Network Security),BPSMV preetytushir@gmail.com, ratri451@gmail.com

Two-Factor Authentication Making Sense of all the Options

Measuring Performance in a Biometrics Based Multi-Factor Authentication Dialog. A Nuance Education Paper

Authentication Scheme for ATM Based On Biometric K. Kavitha, II-MCA IFET COLLEGE OF ENGINEERING DEPARTMENT OF COMPUTER APPLICATIONS

Automated Biometric Voice-Based Access Control in Automatic Teller Machine (ATM)

Good Afternoon! Since Yesterday we have been talking about threats and how to deal with those threats in order to protect ourselves from individuals

Microcontroller Based Smart ATM Access & Security System Using Fingerprint Recognition & GSM Technology

MegaMatcher Case Study

COMPARISON OF VARIOUS BIOMETRIC METHODS

VoiceSign TM Solution. Voice Signature Overview

An Enhanced Countermeasure Technique for Deceptive Phishing Attack

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Voice biometrics. Advait Deshpande Nuance Communications, Inc. All rights reserved. Page 1

A Reliable ATM Protocol and Comparative Analysis on Various Parameters with Other ATM Protocols

How To Improve Security Of An Atm

WHITE PAPER Usher Mobile Identity Platform

ATM Transaction Security Using Fingerprint/OTP

W.A.R.N. Passive Biometric ID Card Solution

Biometrics for payments. The use of biometrics in banking

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

SecureStore I.CA. User manual. Version 2.16 and higher

Shared VRU. A Key Link in Your Customer Service Chain Kyle Shadday, Director, Voice Response Strategy

Advanced Authentication

REAL-TIME ATTENDANCE AND ESTIMATION OF PERFORMANCE USING BUSINESS INTELLIGENCE

Biometrics in Physical Access Control Issues, Status and Trends White Paper

Security Model in E-government with Biometric based on PKI

Assignment 1 Biometric authentication

Moving to Multi-factor Authentication. Kevin Unthank

Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

Biometric Authentication using Online Signature

solutions Biometrics integration

White paper. Biometrics and the mitigation of card-related fraud

An Analysis of Keystroke Dynamics Use in User Authentication

Cardless Cash Access Using Biometric ATM Security System Neenu Preetam. I 1, Harsh Gupta 2

DEBIT and CREDIT CARDS

A SECURE METHOD FOR SIGNING IN USING QUICK RESPONSE CODES WITH MOBILE AUTHENTICATION

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

French Justice Portal. Authentication methods and technologies. Page n 1

75% of big companies globally have been affected by fraud in the last 12 months

Signature Verification Why xyzmo offers the leading solution.

Application of Biometric Technology Solutions to Enhance Security

MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION. A Goode Intelligence white paper sponsored by AGNITiO

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Secure communications via IdentaDefense

22 nd NISS Conference

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Multi-factor authentication

3D PASSWORD. Snehal Kognule Dept. of Comp. Sc., Padmabhushan Vasantdada Patil Pratishthan s College of Engineering, Mumbai University, India

WHITE PAPER. Let s do BI (Biometric Identification)

Keywords: fingerprints, attendance, enrollment, authentication, identification

Authentication Solutions Through Keystroke Dynamics

Personal Identification Techniques Based on Operational Habit of Cellular Phone

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

Plastic Fraud. Debit Cards Debit cards, unlike credit cards, automatically withdraw funds from your account at the time you make a transaction.

The Encryption Technology of Automatic Teller Machine Networks

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

The Virginia Electronic Notarization Assurance Standard

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

RFID Based Real Time Password Authentication System for ATM

BIOMETRICS IMPLEMENTING INTO THE HEALTHCARE INDUSTRY 1 BIOMETRICS IMPLEMENTING INTO THE HEALTHCARE INDUSTRY INCREASES

Lecture 1-10: Spectrograms

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Vocera Communications: HIPAA Data Security and Privacy Standards for Voice Communications Over a Wireless LAN

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

NFC technology user guide. Contactless payment by mobile

An Implementation of Secure Online Voting System

BehavioSec participation in the DARPA AA Phase 2

Opinion and recommendations on challenges raised by biometric developments

An Enhanced ATM Security System using Second-Level Authentication

Enova X-Wall LX Frequently Asked Questions

Aegis Padlock for business

Designing a Biometric Strategy (Fingerprint) Measure for Enhancing ATM Security in Indian E-Banking System

Review Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN

Basics of Digital Recording

ARM7 Based Smart ATM Access & Security System Using Fingerprint Recognition & GSM Technology

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

PalmSecureID for the EDUCATION MARKETPLACE

ATM FRAUD AND COUNTER MEASURES

ARMORVOX IMPOSTORMAPS HOW TO BUILD AN EFFECTIVE VOICE BIOMETRIC SOLUTION IN THREE EASY STEPS

Transcription:

Voice Authentication for ATM Security Rahul R. Sharma Department of Computer Engineering Fr. CRIT, Vashi Navi Mumbai, India rahulrsharma999@gmail.com Abstract: Voice authentication system captures the human voice and then verifies the same to find out the identity of the person who he/she claims to be. This paper proposes voice authentication mechanism for enhancement of Automated Teller Machines (ATM) security. ATMs are commonly used by the general public for money transactions. However, they always have fear in the mind whether the system is secured enough to protect their accounts. In voice authentication mechanism, along with card insertion and password entry, the user has to speak his voice password to confirm the verification. Initially the voice password of the ATM user is converted into voiceprint which is then encrypted and stored in the database. When a user wants to login into his/her account, the voice phrase spoken by the user is captured using a microphone and converted into a voiceprint which is then matched with the encrypted voiceprint stored in the database. In case of a successful match, the user gets access to the account. Voice authentication takes into account both physiological and behavioral biometric components. It is highly cost-effective in comparison to other biometric authentication techniques. Index Terms: ATM, voice authentication, ATM security, voiceprint, encrypted. I. INTRODUCTION access to his account. Figure 1 shows different parts of an ATM machine. Money transactions through ATM are convenient for the people. However, they always have fear in their mind whether the system is secured enough to protect their accounts. A large number of accounts have been hacked in the recent years. Since the system only requires a card and the password of the user, the system is vulnerable. The attackers only need to get the ATM card or its copy and password of the customer which is not very difficult in many cases. So, there is a need for a more secure system which identifies the customer according to some characteristics present only in the customer. For this, biometrics can be used. Biometric-based authentication [6] measures individual s unique physical or behavioral characteristics. It exists today in various forms such as fingerprint verification, retinal scans, facial analysis, analysis of vein structures and voice authentication. Of all these methods, voice authentication is the simplest and most user-friendly method. The user only needs to speak his password which is then converted into voiceprint, encrypted and then stored into the database. In this way, voice authentication will provide more security to ATM systems. Automated Teller Machines (ATMs) are commonly used by the general public for money transaction. People can view their accounts, their current balance and withdraw money from their account using ATMs. Since large amount of money is involved, a very high level of security is required for ATMs. The current system involves the use of an ATM card and a password to access the accounts of the user. On most modern ATMs, the customer is identified by inserting a plastic ATM card with a magnetic stripe or a plastic smart card with a chip that contains a unique card number and some security information such as an expiration date or CVV [4]. The user inserts his ATM card into the ATM machine and then enters his password (PIN). If the password is correct, then he gets 14

II. Fig. 1. Parts of an ATM [10] ATM THEFTS AND FRAUDS The following figures (Fig. 2 and Fig. 3) show a card skimming false front and a fake keypad respectively. These are some of the common methods followed by attackers to hack into any ATM account. III. CONCEPT The concept of voice authentication is fairly simple. Voice authentication attempts to verify that the individual speaking is, in fact, who they claim to be. This is normally accomplished by comparing an individual s voice with a previously recorded voiceprint sample of their speech. To register a user s voice password, once a new customer has been issued an ATM card, he/she is asked to visit the bank in order to enroll his/her speech. This voice sample of the user is recorded and stored in the database in the form of voice print. Then, to get access to his account, the user supplies a sample voice password to the system. If the voice password sample matches with the voice password stored in the database, then the user gets access to his account. Otherwise, the user will not get access to his account. A. Operational Requirements Fig. 2. False card slot affixed over the original card slot to copy card information [11] Proper user interface like built-in speakers or a visual clip should be incorporated to guide the user through the login process. Small and highly sensitive microphone to record the voice phrase which should be able to catch a fairly high percentage of the person s voice. ATM cabin should be tightly packed so that when the user speaks his password phrase, it should not be audible outside the cabin. Only one person at a time should be allowed inside the ATM cabin to maintain higher level of privacy. B. Principle Voice authentication technique involves two biometric characteristics of the user: Fig. 3. Fake keypad [11] There have been numerous cases of ATM thefts and frauds that have led to huge economic losses. Hence, there is a pressing need for a better security system for ATM. This security requirement can be fulfilled by the use of voice authentication. Physiological Biometrics: Physiological Biometrics [6] is concerned with some unique physical traits of the user, e.g. the voice tone and pitch of the user. Behavioral Biometrics: Behavioral Biometrics [6] are concerned with the unique way in which a user performs certain actions, i.e., the time which the user takes to speak his password, his accent, the words on which the user gives more stress, etc. 15

The voice of a user is created by air passing over the larynx or other parts of the vocal tract. The larynx vibrates creating an acoustic wave which is modified by the motion of the tongue and lips. All sounds produced are, fundamentally influenced by the actual shape of the vocal tract. This shape is brought about both as a consequence of hereditary and developmental factors. Along with these physiological characteristics, speech contains a behavioral component, i.e., the accent of the voice, how quickly words are spoken, how sounds are pronounced and emphasized, and what other mannerisms are applied to speech. So, every person will have a different voice pattern which is essentially unique for every individual, and are difficult or impossible to duplicate [3]. Since this system takes both of these biometric characteristics of the user into consideration, voice authentication system forms a very powerful technique for accurately identifying a particular user. C. Process The process starts with the registration (or enrollment) phase. In the registration phase, a user has to speak out his password in a microphone multiple times (say 5 times). So, the system has a small range over which the voice of the user will vary. This will lead to a better idea of the voiceprint of the user. The encrypted voiceprint is stored in a database. The next phase is the access verification phase in which the user speaks a voice phrase which is compared with the voiceprint stored in the database. If a sufficient degree of similarity is observed, then the user gets access to his account. This process is depicted by the flowchart in Fig. 5. D. Description of technology A continuous time signal x(t) can be completely represented in its sampled form and recovered back from the sampled form if the sampling frequency (f s ) is greater than or equal to the maximum frequency (W) of the continuous time signal x(t). f s W This sets a restriction on the value of sampling frequency to be greater than or equal to twice the maximum frequency of the input voice signal so that the signal is sampled fully without losing any part of it. The third step is to convert these sampled signals into digital signal so that it can be stored and processed in a computer. For this, these sample voltages are measured and fed into a device called analog to digital converter. This device assigns a value to each measured voltage level. The series of voltage measurements will therefore be turned into a sequence of numbers for example, 161, 159, 85, 10, 118, 282, and 161. These numbers are then encrypted using a strong encryption algorithm. Advanced Encryption Standard (AES) can be used for encryption. AES [5] is a specification for the encryption of electronic data established by the National Institute of Standards and Technology (NIST) in 2002. It is based on a design principle known as a substitution-permutation network and its algorithm is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256 bits) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 bits key lengths. The encrypted data is then stored in the database. E. Comparison of voiceprints The voice produced by a human vocal tract is a very complex acoustic wave. The first stage, converting it from a sound to an electrical wave is simple, using a microphone. The second stage involves converting the signal from a continuous wave to a series of discrete voltage measurements. This is done by a process called sampling. Sampling involves measuring the voltage of the signal at regular intervals, many times per second. Sampling theorem [1] was introduced by Shannon in 1949. The theorem states that: 16

Fig. 4. Voiceprint [12] Fig. 1. Flowchart depicting the ATM Voice authentication process A sample voiceprint is shown in Fig. 4. The data used in a voiceprint is a sound spectrogram, not a wave form. A spectrogram is basically a graph that shows a sound's frequency on the vertical axis and time on the horizontal axis. Different speech sounds create different shapes within the graph [7]. The actual comparison process is complicated. The system never provides a positive or negative result. Any comparison will only give a probability of how much a particular voiceprint is similar to the voiceprint stored in the database. So, it is the responsibility of the system developer to select a threshold percentage probability value which, under ideal conditions, will decide if the user should be allowed access to the account. In the comparison process, two important definitions come into significance, the false-acceptance rate and false-rejection rate. The False-acceptance Rate (FAR) [8] is the percentage of invalid voiceprints incorrectly authenticated as valid users. The Falserejection Rate (FRR) [8] is the percentage of valid users whose voiceprints are incorrectly rejected. FAR and FRR are inversely proportional to each other. For a high degree of security, if a very low value of FAR is taken, then it will increase the FRR. But, if a lower value of FRR is taken, then the FAR increases. So, a proper value of FAR and FRR should be selected. For voice authentication, the voiceprints can be matched by the process of template matching. Template matching is a simple technique and is very accurate when used properly. Template Matching [2] compares the digitized version of a voiceprint against a digitized template, without performing any significant modifications to either print. It attempts to work out the probability that one voiceprint is the same as another voiceprint based on comparisons of the amplitude of the voice signal at various frequencies at various times over the entire period of the authentication phase. In this way, it gives a much accurate comparison result, but its limitation is that it becomes ineffective in presence of considerable noise in the surroundings. But since ATM machines are placed in a closed cabin, a relatively noiseless environment can be assumed in this case and this technique can be used effectively. IV DISCUSSION A microphone records the voice of a user and is able to recognize this voice later because of the specific characteristics of a human voice which is unique for every person. So, for both the first voice recording and later recognition, the equipments of the same quality [9] are required under basically the same circumstances, because things like sound-recording equipment quality, echo, background noise, etc. can influence the recognition system. 17

A. Current usage of voice authentication system reputed companies have implemented systems based on computer voice technologies, such as Visa, AIB Bank, Chase Manhattan Bank, Prudential Securities, Charles Schwab and Trintech [3]. Voice authentication systems have also been used by US and UK police forces to keep track of individuals on bail, parole or curfew orders [3]. Many companies that employed these systems for one application later extended its use to others after finding its effectiveness and the cost savings. At the individual level, products are available which allows private users to use voice authentication to control the extent to which family members can browse the Internet, ensuring children cannot access inappropriate sites [3], e.g., Deep Space Nine voiceprint product, or to remove the need for typing by using Dragon Naturally Speaking. Various other products like Voice Authentication 1.3 screen saver, Nuance Verifier 3.5, etc are also based on the concept of voice authentication discussed in this paper. B. Advantages of voice authentication system Other biometric techniques like retina scan, iris scan and palm vein scan are costlier than voice authentication mechanism. It is cheaper since no extra hardware other than a microphone is required to authenticate the user. It provides a 2-fold security to the ATM users. Physical presence of the user is required for login. The attacker can make the card holder unconscious and pass through the palm vein scan but it is not possible in the case of voice authentication. It is a contactless identification system which enables the applications in public places or in environments where hygiene standards are required, such as in medical applications. The vibration of vocal chords and the patterns created by the physical components resulting in human speech are as distinctive as fingerprints [9]. The familiarity of the telephone device makes it possible for users to comfortably interact with the voice biometric application without any additional training. The ATM user can change his voice password time and again according to the requirement but other biometrics cannot be changed. C. Disadvantages of voice authentication system The voice of a user can change over time. So, the voice password of the user needs to be updated after some period of time. A congested voice during cough, cold or other medical problems can cause difficulty for the voice authentication system in authenticating the valid user. Background noise can make it difficult for voice authentication system to authenticate a correct user. This problem can be solved by installing ATM machines in noiseless surroundings. Also, sealed ATM cabins help in reducing the external noise. The time for which the user speaks the password and the speaking style of the user should not change. Generally, as the duration of voice password increases, it becomes more difficult for an attacker to crack a user s password. But, longer passwords make it more difficult to authenticate a correct user. So, the size of voice passwords should neither be too short, nor too long. V. CONCLUSION The ATMs are vulnerable to threats and the valuable money of card holders is not completely safe. Voice authentication mechanism is a secured method to enhance the security of ATMs. It can be easily implemented in ATMs. Also, it is very cheap, easily implementable and user-friendly. ACKNOWLEDGMENT I would like to acknowledge the contribution of all the people who have helped in reviewing this paper. I would also like to thank my family members and friends who supported me in the course of writing this paper. 18

REFERENCES [1] Communication Systems, Taub and Schilling, second edition [2] Baumann, Jim. "Voice Recognition." The Encyclopedia of Virtual Environments. Web. 02 Mar. 2012. [3] Shedding some light on Voice Authentication, white paper, SANS Institute InfoSec Reading Room. [4] http://en.wikipedia.org/wiki/automated_teller_machine [5] http://en.wikipedia.org/wiki/advanced_encryption_stand ard [6] http://www.wisegeek.org/what-is-biometricauthentication.htm [7] http://science.howstuffworks.com/biometrics3.htm [8] http://www.bayometric.com/blog/index.php/biometricsecurity-systems/false-acceptance-rate-far-falserecognition-rate-frr/ [9] http://www.bayometric.com/products/biometric-voiceauthentication.htm [10] http://money.howstuffworks.com/personalfinance/banking/atm3.htm [11] http://www.businessinsider.com.au/this-atm-keyboardwill-steal-your-card-pin-and-youll-never-notice-it-2011-1 [12] http://1.bp.blogspot.com/_dj81aalsvdg/s_sul4su0ui/a AAAAAAADy8/F16QrgEx_H0/s400/voiceprint.jpg 19

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information