Attacking speaker recognition systems with phoneme morphing

Conference item

As voice interfaces become more widely available they increasingly implement speaker recognition, to provide both personalized functionalities and security via authentication. In this paper, we present a method that transforms the voice of one person so that it resembles the voice of a victim, such that it can be used to deceive speaker recognition systems into believing an utterance was spoken by the victim. The transformation only requires short pieces of audio recordings from the source and victim voices, and does not require specific words to be spoken by the victim. We show that the attack can be improved by using a population of source voices and we provide a metric to identify promising source voices, from within such a population. We evaluate our attack along a set of dimensions, including: varying quantity, quality and types of known victim audio, verification and identification systems, white- and black-box models and both over-the-wire and over-the-air access. We test the audio transformation on two different proprietary models: (i) the Azure Speaker Recognition API and (ii) the Siri voice activation of an Apple iPhone, showing that individuals can easily be impersonated by obtaining as little as one minute of their audio, even when such audio is recorded in noisy conditions. With attempts from only three source voices, our attack achieves success rates of over 40% in the weakest assumption scenario against the Azure Verification API and rates of over 80% in all scenarios against Siri.

Authors: Turner, H; Lovisotto, G; Martinovic, I

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Springer Nature
• Host title: Lecture Notes in Computer Science
• Journal: Lecture Notes in Computer Science
• Volume: 11735
• Pages: 471-492
• Publication date: 2019-09-15
• Acceptance date: 2019-06-21
• Event location: Luxembourg
• DOI: 10.1007/978-3-030-29959-0_23
• ISSN: 0302-9743
• ISBN: 9783030299583