voice based authentication service
Results 1 to 5 of 5

Thread: voice based authentication service

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    119

    Question voice based authentication service

    hi everybody,

    i've to write sth about voice based authentication service and i'm still looking for disadvantages..i'vealreayd found :

    -easily duplicated with tape and other recorders
    -voiceprints can vary over the course of the day, and one’s health, such as cold or laryngitis, can affect verification of the user by the system
    -misspoken and background noises can interfere with the system

    but i' searching for more!!
    has anybody a good site or other hint??

    i looked google and rr.sans.org and other relevant sites but i'd like to get more infos!

    thanks for the help!!

    cheers,
    the only thing that doesn\'t change is everything will always change.

  2. #2
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    One of the businesses that I consult for wanted to institute a company-wide vocie authentification system, but one of their IT guys was the one who shot down the idea. He stated all of the reasons you did, as well as the threat that someone on the inside could simply reset the voice (assuming they could get the proper authorization, which, as we all know, is not that difficult to do on nearly any computer system) with their own voice, essentially blocking out anyone who they did not want to access the systems. Instead, they moved to biometric fingerprint scanners for access to the computer systems, and some more advanced systems for entry into the building and secure areas of the building.

    AJ

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    119
    anyway but i have to write an report over 1-2 pages drawbacks and i don't like to waffle but i couldn't find anything more ... :-(

    cheers,
    the only thing that doesn\'t change is everything will always change.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Just a thought off the top of my head.. I wouldnt think that ones voice be considered as "unique" as some other form of biometric authentication method such as Iris scanning, Retina Scanning, Fingerprints etc...

    With a bit of "googling" you may be able to dig up some figures of "uniqueness" of various forms of biometrics, and I would put money on voice authentication being the least "unique", hence, least secure.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    Another disadvantage with biometrics in general: It's related to something you ARE, and you cannot change it. Eg. if someone steals a sample of your voice, you cannot cahnge the login like a password. The same thing with fingerprints and DNA. If a fingerprint i stolen, you only have 9 more to use. If someone steals your DNA you can never get another for your authentication needs, your 'password' is lost forever.

    Which leads us over to another disadvantage with biometrics, it cannot be transferred across the internet without heavy encryption, because it may be stolen. The current tecniques for secure transfer of data across the internet may not be secure enough for such a solution.

    And what about sentralized storage of biometrics. Would you trust Microsoft to keep a sample of your voice on one of their databases? With you knowing that if they lost that sample, voice authentication would never be secure for you again?

    And how should businesses relate to this threat. Think about the lawsuits that would come if a big database of voice samples got stolen. And would customers ever trust the organization again?

    Another thing, would voice authentication be secure enough alone? Probably not, you would have to use other tecniques, like password and fingerprint authentication in a combination with with the voice authentication. It could be that this extra hassle would ruin an application's usability, maybe this would mean that users would not appreciate the application? And would the extra security pay up for this? I don't know.

    And yet another thing, voice samples would need quite a lot of space in a datbase. This might not bother, because storage space is very cheap. But one thing's for sure, voice samples cannot be indexed in a database, so you would need some kind of login name (at least) to be able to match a voice sample against a voice sample in a database. If not, you would have to do a sequential search in the database, and that would take loooong time.

    Just a little brainstorming, hope this helps!
    ---
    proactive

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •