Date of Award

8-2023

Document Type

Campus Access Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

First Advisor

Xiaohui Liang

Second Advisor

Bo Sheng

Third Advisor

Honggang Zhang

Abstract

The rapid proliferation of Voice Assistant (VA) devices such as Amazon's Alexa, Google Home, and Apple's Siri has transformed how we interact with technology in our daily lives. These devices provide users with hands-free access to various services, from weather forecasts and news updates to music streaming and home automation. However, the convenience and utility of VA devices come with a trade-off regarding privacy and security. Researchers have noted that voice assistant devices may be vulnerable to attacks by malicious actors, who could take control of the device or use it to access other devices on a user's network. Besides that, leaking the biophysical status of the users from voice signals and being profiled by Voice Service Providers (VSP) are recent concerns as the advances of Deep Learning techniques as well as Natural Language Processing (NLP).

This dissertation first presents a solution to enhance the security of VA devices. Our proposed defending system on the VA devices can against both voice replay and injection attacks without any additional devices or any extra user’s effort. Specifically, we use both voice and wireless data to verify the correlation between the user's presence and voice commands, then finally detect the attacks.

Secondly, this dissertation proposes an anonymity scheme on VA devices to protecting users’ voice data from being linked to their accounts by the VSP. Our proposed scheme aims to mix the queries from multiple VA users' devices, hiding the source of queries and hiding the relay's real queries. To achieve effective anonymity, the anonymizer is equipped with a proposed privacy-preserving pattern matching scheme, which is run with the help of a semi-trusted server and is used to find the most effective relay for the requester based on their pattern similarity. Lastly, we introduce a framework VPASS, that supports managing personalized privacy requirements for VA systems. Specifically, we propose mechanisms to quantify two key aspects: the amount of information disclosure and the level of privacy sensitivity each voice command has. Our mechanisms employ deep learning techniques for natural language processing and can accurately detect privacy-sensitive commands based on an individual's prior history of VAS interaction. Finally, VPASS generates monthly reports or immediate privacy alerts based on the privacy policies pre-defined by users.

Comments

Free and open access to this Campus Access Dissertation is made available to the UMass Boston community by ScholarWorks at UMass Boston. Those not on campus and those without a UMass Boston campus username and password may gain access to this dissertation through resources like Proquest Dissertations & Theses Global or through Interlibrary Loan. If you have a UMass Boston campus username and password and would like to download this work from off-campus, click on the "Off-Campus UMass Boston Users" link above.

Share

COinS