SkillFence: A Systems Approach to Practically Mitigating Voice-Based Confusion Attacks

TL;DR

SkillFence is a system that enhances voice assistant security by analyzing user activity across web and mobile apps to prevent confusion attacks, balancing usability and security effectively.

Contribution

This work introduces SkillFence, a novel system that leverages cross-platform activity analysis to mitigate voice-based confusion attacks on commercial voice assistants.

Findings

Secures 90.83% of user-needed skills

False acceptance rate of 19.83%

Effective in real user scenarios

Abstract

Voice assistants are deployed widely and provide useful functionality. However, recent work has shown that commercial systems like Amazon Alexa and Google Home are vulnerable to voice-based confusion attacks that exploit design issues. We propose a systems-oriented defense against this class of attacks and demonstrate its functionality for Amazon Alexa. We ensure that only the skills a user intends execute in response to voice commands. Our key insight is that we can interpret a user's intentions by analyzing their activity on counterpart systems of the web and smartphones. For example, the Lyft ride-sharing Alexa skill has an Android app and a website. Our work shows how information from counterpart apps can help reduce dis-ambiguities in the skill invocation process. We build SkilIFence, a browser extension that existing voice assistant users can install to ensure that only legitimate skills run in response to their commands. Using real user data from MTurk (N = 116) and experimental trials involving synthetic and organic speech, we show that SkillFence provides a balance between usability and security by securing 90.83% of skills that a user will need with a False acceptance rate of 19.83%.