Smartspeakers, such as Amazon Echo, have been adopted by millions of users. However,the privacy impacts of smart speakers have not been well examined. We investigatethe privacy leakage of smart speakers under an encrypted traffic analysisattack, referred to as voice command fingerprinting. In this attack, anadversary eavesdrops encrypted voice traffic from and to a smart speaker andinfers which voice command a user says without decrypting encrypted traffic. Wedesign our attacks based on neural networks and collect two large-scaledatasets on Amazon Echo and Google Home by using an automatic traffic crawler. Ourexperimental results show disturbing privacy concerns. Specifically, comparedto 1% accuracy with random guessing, an attacker can infer 92% voice commandscorrectly on Amazon Echo and 99% voice commands correctly on Google Home. Wealso propose a defense to preserve user privacy against this attack with minimallatency and bandwidth overhead. Our simulations show that the proposed defensecan reduce attack accuracy to 1% if an attacker trains neural networks withoriginal traffic and 32% if an attacker adapts and trains neural networks withobfuscated traffic.
About the Speaker
Boyang Wang is atenure-track Assistant Professor in the Department of Electrical Engineeringand Computer Science at the University of Cincinnati. He received his Ph.D. inElectrical and Computer Engineering from the University of Arizona in 2017, hisPh.D. in Cryptography and B.S. in Information Security from Xidian University,China, in 2014 and 2007, respectively. He worked for Bosch Research andTechnology Center as a research intern in 2015. He was a visiting student atUtah State University from 2012 to 2013 and a visiting student at theUniversity of Toronto from 2010 to 2012. His current research focus on datasecurity and privacy, adversarial machine learning, encrypted traffic analysis,blockchain and applied cryptography. He is a member of IEEE and ACM.