voice based authentication service

[dieterle81]

hi everybody,

i've to write sth about voice based authentication service and i'm still looking for disadvantages..i'vealreayd found :

-easily duplicated with tape and other recorders
-voiceprints can vary over the course of the day, and one’s health, such as cold or laryngitis, can affect verification of the user by the system
-misspoken and background noises can interfere with the system

but i' searching for more!!
has anybody a good site or other hint??

i looked google and rr.sans.org and other relevant sites but i'd like to get more infos!

thanks for the help!!

cheers,

[avdven]

One of the businesses that I consult for wanted to institute a company-wide vocie authentification system, but one of their IT guys was the one who shot down the idea. He stated all of the reasons you did, as well as the threat that someone on the inside could simply reset the voice (assuming they could get the proper authorization, which, as we all know, is not that difficult to do on nearly any computer system) with their own voice, essentially blocking out anyone who they did not want to access the systems. Instead, they moved to biometric fingerprint scanners for access to the computer systems, and some more advanced systems for entry into the building and secure areas of the building.

AJ

[dieterle81]

anyway but i have to write an report over 1-2 pages drawbacks and i don't like to waffle but i couldn't find anything more ... :-(

cheers,

[SoggyBottom]

Just a thought off the top of my head.. I wouldnt think that ones voice be considered as "unique" as some other form of biometric authentication method such as Iris scanning, Retina Scanning, Fingerprints etc...

With a bit of "googling" you may be able to dig up some figures of "uniqueness" of various forms of biometrics, and I would put money on voice authentication being the least "unique", hence, least secure.

[proactive]

Another disadvantage with biometrics in general: It's related to something you ARE, and you cannot change it. Eg. if someone steals a sample of your voice, you cannot cahnge the login like a password. The same thing with fingerprints and DNA. If a fingerprint i stolen, you only have 9 more to use. If someone steals your DNA you can never get another for your authentication needs, your 'password' is lost forever.

Which leads us over to another disadvantage with biometrics, it cannot be transferred across the internet without heavy encryption, because it may be stolen. The current tecniques for secure transfer of data across the internet may not be secure enough for such a solution.

And what about sentralized storage of biometrics. Would you trust Microsoft to keep a sample of your voice on one of their databases? With you knowing that if they lost that sample, voice authentication would never be secure for you again?

And how should businesses relate to this threat. Think about the lawsuits that would come if a big database of voice samples got stolen. And would customers ever trust the organization again?

Another thing, would voice authentication be secure enough alone? Probably not, you would have to use other tecniques, like password and fingerprint authentication in a combination with with the voice authentication. It could be that this extra hassle would ruin an application's usability, maybe this would mean that users would not appreciate the application? And would the extra security pay up for this? I don't know.

And yet another thing, voice samples would need quite a lot of space in a datbase. This might not bother, because storage space is very cheap. But one thing's for sure, voice samples cannot be indexed in a database, so you would need some kind of login name (at least) to be able to match a voice sample against a voice sample in a database. If not, you would have to do a sequential search in the database, and that would take loooong time.

Just a little brainstorming, hope this helps!