Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Security 2002 Paper    [Security '02 Tech Program Index]

Pp. 283-296 of the Proceedings
next up previous
Next: Introduction

Toward Speech-Generated Cryptographic Keys
on Resource Constrained Devices
(Extended Abstract)

Fabian Monrose1     Michael K. Reiter2    
Qi Li3     Daniel P. Lopresti4     Chilin Shih5


Programmable mobile phones and personal digital assistants (PDAs) with microphones permit voice-driven user interfaces in which a user provides input by speaking. In this paper, we show how to exploit this capability to generate cryptographic keys on such devices. Specifically, we detail our implementation of a technique to generate a repeatable cryptographic key on a PDA from a spoken passphrase. Rather than deriving the cryptographic key from merely the passphrase that was spoken--which would constitute little more than an exercise in automatic speech recognition--we strive to generate a substantially stronger cryptographic key with entropy drawn both from the passphrase spoken and how the user speaks it. Moreover, the cryptographic key is designed to resist cryptanalysis even by an attacker who captures and reverse-engineers the device on which this key is generated. We describe the major hurdles of achieving this on an off-the-shelf PDA bearing a 206 MHz StrongArm CPU and an inexpensive microphone. We also evaluate our approach using multiple data sets, one recorded on the device itself, to clarify the effectiveness of our implementation against various attackers.

This version differs slightly from the Proceedings of the $11^{th}$ USENIX Security Symposium, 2002.

next up previous
Next: Introduction
fabian 2002-08-28

This paper was originally published in the Proceedings of the 11th USENIX Security Symposium, August 5–9, 2002, San Francisco, CA, USA
Last changed: 2 Sept 2002 aw
Technical Program
Security '02 Home