Open, Sesame! Introducing Access Control to Voice Services

TL;DR

Sesame is a lightweight framework that provides fine-grained access control for voice commands in smart homes, enhancing security against acoustic attacks while maintaining real-time performance and minimal accuracy loss.

Contribution

This work introduces Sesame, the first edge-based system enabling fine-grained, real-time access control for voice commands in smart-home environments.

Findings

Enforces security policies for Alexa and Google Home in 362ms

Uses a lightweight NLU model with minimal accuracy loss

Operates efficiently on Android devices with <25MB size

Abstract

Personal voice assistants (VAs) are shown to be vulnerable against record-and-replay, and other acoustic attacks which allow an adversary to gain unauthorized control of connected devices within a smart home. Existing defenses either lack detection and management capabilities or are too coarse-grained to enable flexible policies on par with other computing interfaces. In this work, we present Sesame, a lightweight framework for edge devices which is the first to enable fine-grained access control of smart-home voice commands. Sesame combines three components: Automatic Speech Recognition, Natural Language Understanding (NLU) and a Policy module. We implemented Sesame on Android devices and demonstrate that our system can enforce security policies for both Alexa and Google Home in real-time (362ms end-to-end inference time), with a lightweight (<25MB) NLU model which exhibits minimal accuracy loss compared to its non-compact equivalent.