1

Voice Recognition technology has been used across a plethora of systems for authentication and personalization such as phone banking and smart devices. The security of this technology against deepfake attacks relies on one assumption: its ability to tell human and machine-generated voices apart. In this work, we challenge this assumption by conducting a live human impersonation attack on speaker identification models using simple acoustic structures such as plastic tubes.

In this project, we implemented a robust ensemble of keyword spotting models to protect against accidental and adversarial wrong activations and distribution drifts. The ensemble leverages the stochastic nature of the acoustic channel and the harmonics present in speech signals to enable a collection of independent models. We evaluated the system on public datasets and commodity devices such as smart devices, and also on commercial smart speakers like Amazon Echo.

Cloud operators offer ML as a Service (MLaaS) in which customers send their data to the cloud and receive the model’s prediction. In speech recognition services, the data can be highly sensitive and private. In this work, we quantified the utility-privacy trade-offs of cloud-based speech transcription models in terms of acoustic and textual data. We implemented an end-to-end system that offers privacy-preserving access to cloud APIs by applying local voice transformations and differential privacy.