Security '02 Abstract
Toward Speech-Generated Cryptographic Keys
on Resource Constrained Devices
Fabian Monrose, Bell Labs, Lucent Technologies; Michael Reiter, Carnegie Mellon University; Qi Li, Daniel P. Lopresti, and Chilin Shih, Bell Labs, Lucent Technologies
Programmable mobile phones and personal digital assistants (PDAs) with microphones permit voice-driven user interfaces in which a user provides input by speaking. In this paper, we show how to exploit this capability to generate cryptographic keys on such devices. Specifically, we detail our implementation of a technique to generate a repeatable cryptographic key on a PDA from a spoken passphrase. Rather than deriving the cryptographic key from merely the passphrase that was spoken--which would constitute little more than an exercise in automatic speech recognition--we strive to generate a substantially stronger cryptographic key with entropy drawn both from the passphrase spoken and how the user speaks it. Moreover, the cryptographic key is designed to resist cryptanalysis even by an attacker who captures and reverse-engineers the device on which this key is generated. We describe the major hurdles of achieving this on an off-the-shelf PDA bearing a 206 MHz StrongArm CPU and an inexpensive microphone. We also evaluate our approach using multiple data sets, one recorded on the device itself, to clarify the effectiveness of our implementation against various attackers.
- View the full text of this paper in HTML, PDF, and
PostScript. Until August 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.