Open, Sesame! Introducing Access Control to Voice Services
This work addresses security risks for smart-home users by providing a practical defense against unauthorized access, though it is incremental as it builds on existing speech and language technologies.
The paper tackles the vulnerability of personal voice assistants to acoustic attacks by introducing Sesame, a lightweight framework that enables fine-grained access control for smart-home voice commands, achieving real-time enforcement with 362ms inference time and minimal accuracy loss using a model under 25MB.
Personal voice assistants (VAs) are shown to be vulnerable against record-and-replay, and other acoustic attacks which allow an adversary to gain unauthorized control of connected devices within a smart home. Existing defenses either lack detection and management capabilities or are too coarse-grained to enable flexible policies on par with other computing interfaces. In this work, we present Sesame, a lightweight framework for edge devices which is the first to enable fine-grained access control of smart-home voice commands. Sesame combines three components: Automatic Speech Recognition, Natural Language Understanding (NLU) and a Policy module. We implemented Sesame on Android devices and demonstrate that our system can enforce security policies for both Alexa and Google Home in real-time (362ms end-to-end inference time), with a lightweight (<25MB) NLU model which exhibits minimal accuracy loss compared to its non-compact equivalent.