Skip to main content
SpringerLink
Log in

Threat Modeling and Analysis of Voice Assistant Applications

  • Conference paper
  • First Online:
Information Security Applications (WISA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11402))

Included in the following conference series:

Abstract

Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Anand, P., Ryoo, J., Kim, H., Kim, E.: Threat assessment in the cloud environment: a quantitative approach for security pattern selection. In: Proceedings of the 10th ACM International Conference on Ubiquitous Information Management and Communication (2016)

    Google Scholar 

  2. Burns, S.F.: Threat modeling: a process to ensure application security. GIAC Security Essentials Certification (GSEC) Practical Assignment (2005)

    Google Scholar 

  3. Callegati, F., Cerroni, W., Ramilli, M.: Man-in-the-middle attack to the HTTPS protocol. IEEE Secur. Priv. 7, 78–81 (2009)

    Article  Google Scholar 

  4. Carlini, N., et al.: Hidden voice commands. In: Proceedings of the 25th USENIX Security Symposium (2016)

    Google Scholar 

  5. Garcia-Salicetti, S., et al.: BIOMET: a multimodal person authentication database including face, voice, fingerprint, hand and signature modalities. In: Proceedings of the 4th International Conference on Audio-and Video-based Biometric Person Authentication (2003)

    Google Scholar 

  6. Meier, J., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Murukan, A.: Improving Web Application Security: Threats and Countermeasures. Microsoft Corporation, Redmond (2003)

    Google Scholar 

  7. Park, K., Kim, H.: Encryption is not enough: inferring user activities on KakaoTalk with traffic analysis. In: Proceedings of the 16th International Workshop on Information Security Applications (2015)

    Google Scholar 

  8. Shih, T.K., Tang, N.C., Tsai, J.C., Hwang, J.N.: Video motion interpolation for special effect applications. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 41, 720–732 (2011)

    Article  Google Scholar 

  9. Sounthiraraj, D., Sahs, J., Greenwood, G., Lin, Z., Khan, L.: SMV-HUNTER: large scale, automated detection of SSL/TLS man-in-the-middle vulnerabilities in android apps. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium (2014)

    Google Scholar 

  10. Swiderski, F., Snyder, W.: Threat Modeling (Microsoft Professional), vol. 7. Microsoft Press (2004)

    Google Scholar 

  11. Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., Xu, W.: DolphinAttack: inaudible voice commands. In: Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (2017)

    Google Scholar 

  12. Zhang, L., Tan, S., Yang, J., Chen, Y.: VoiceLive: a phoneme localization based liveness detection for voice authentication on smartphones. In: Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security (2016)

    Google Scholar 

  13. Zhu, H.H., He, Q.H., Tang, H., Cao, W.H.: Voiceprint-biometric template design and authentication based on cloud computing security. In: Proceedings of 4th IEEE International Conference on Cloud and Service Computing (2011)

    Google Scholar 

Download references

Acknowledgments

This work was supported in part by the ITRC (IITP-2018-2015-0-00403) and the NRF (No. 2017K1A3A1A17092614). The authors would like to thank all the anonymous reviewers for their valuable feedback.

Author information

Authors and Affiliations

  1. Sungkyunkwan University, Seoul, South Korea

    Geumhwan Cho, Jusop Choi & Hyoungshick Kim

  2. Chosun University, Gwangju, South Korea

    Sangwon Hyun

  3. Pennsylvania State University, Altoona, USA

    Jungwoo Ryoo

Authors
  1. Geumhwan Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jusop Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hyoungshick Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sangwon Hyun
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jungwoo Ryoo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hyoungshick Kim .

Editor information

Editors and Affiliations

  1. Korea Advanced Institute of Science and Technology, Daejeon, Korea (Republic of)

    Brent ByungHoon Kang

  2. Korea Advanced Institute of Science and Technology, Daejeon, Korea (Republic of)

    JinSoo Jang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cho, G., Choi, J., Kim, H., Hyun, S., Ryoo, J. (2019). Threat Modeling and Analysis of Voice Assistant Applications. In: Kang, B., Jang, J. (eds) Information Security Applications. WISA 2018. Lecture Notes in Computer Science(), vol 11402. Springer, Cham. https://doi.org/10.1007/978-3-030-17982-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-17982-3_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-17981-6

  • Online ISBN: 978-3-030-17982-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation