The EU-funded OCTAVE project is developing an innovative voice verification system combined with user authentication as a cloud service that could replace the use of passwords for online security.

OCTAVE researchers are developing an automatic speaker verification (ASV) system called the Trusted Biometric Authentication System (TBAS). TBAS’ unique architecture makes it secure by design and virtually impossible for imposters to hack. It is also the first system to holistically combine speaker verification technology and distributed processing platforms to offer user authentication as a cloud service.

As a powerful computing facility equipped with the best processing technologies and algorithms, traditional ASVs are often protected by industrial secrets – meaning not every service provider can afford them. Instead, many companies must look to a third-party broker. “To work, an ASV must be in the hands of a trusted business player, a sort of authentication broker, similar to the well-consolidated payment brokers like PayPal that are now on the market,” says OCTAVE’s technical leader Mauro Falcone.

TBAS provides the required level of trust, making voice authentication a viable option for small and medium-sized enterprises.

The password problem is one of the major challenges that the ICT sector is determined to solve. “One way forward is to get rid of passwords for good in favour of user authentication based on biometric traits that are truly unique to each individual,” says OCTAVE’s project manager Sebastiano Trigila. Of the various biometrics available (fingerprints, face and iris recognition, etc.), the project focuses on voice biometrics, which it considers to be the least intrusive.

Although it may be a non-intrusive solution, this doesn’t mean it is an easy one. “First, voice recognition faces such involuntary challenges as noisy environments that induce distortion in voice acquisition,” explains Trigila. “There are also voluntary problems caused by potential attacks that, for example, can fool traditional recognition systems with recorded voice samples from a legitimate speaker.”

With TBAS, the full set of service-related data is stored with the service provider and never passed on to the identity or authentication engine provider. The identity and authentication providers only intervene when a user must be enrolled with biometric means and then recognised by those means. Instead, the identity provider receives a pseudonym of the user identity and associates a second pseudonym that, along with biometric data, is then passed on to the authentication provider. Both pseudonyms are created with non-reversible algorithms that make it nearly impossible to follow the inverse path from authentication provider to service provider.

“As a result, any hacker, who might get hold of data in one of the two domains of the identity and the biometric authentication providers, will not be able to make any meaningful use of it,” says Trigila.

An intermediate platform

According to Trigila, TBAS meets the challenge of creating a secure platform with respect to user data protection. More so, it serves as an intermediate platform between service, identity and authentication engine providers.

As the project winds down, researchers see great potential for commercialising TBAS. “The ultimate objective of OCTAVE is to set up a voice authentication service for all enterprises, large or small, that serves as a viable alternative to traditional methods based on passwords, tokens and smartcards,” concludes Trigila.

The UK is one of seven EU countries taking part in the €5m+ project which concludes in May 2017.