Community Research and Development Information Service - CORDIS


OCTAVE Report Summary

Project ID: 647850
Funded under: H2020-EU.3.7.

Periodic Reporting for period 1 - OCTAVE (Objective Control for TAlker VErification)

Reporting period: 2015-06-01 to 2016-05-31

Summary of the context and overall objectives of the project

OCTAVE addresses the specific challenge DS-2-2014 “Access control, part of the Digital Security: Cyber security, Privacy and Trust call within the Secure societies – Protecting freedom and security of Europe and its citizens pillar of the Horizon 2020 – Work Programme 2014-2015”. Specifically, it responds to the component of the work programme calling for a focus on “the development and testing of usable, economic and privacy preserving access control platforms based on the use of biometrics”.

OCTAVE will deliver an access control platform through a Trusted Biometric Authentication Service (TBAS) for use in data-sensitive and mission-critical applications in real business/commercial environments. While simultaneously relieving end-users from the inconvenience of dealing with textual passwords, the OCTAVE platform will reduce the practical burden of users related to password loss and recovery. Through the use of biometrics, OCTAVE will ensure users secure access to diverse and trustworthy smart services.

The following drivers constitute strong motivations for the OCTAVE approach.
• Despite the convenience and seemingly cost-free use of textual passwords for secure access control, both the media and scientific literature are awash with evidence portraying a very different story. Rarely do passwords meet user expectations often resulting in insecure practices: the use of weak, but easily remembered passwords (e.g. a partner’s date of birth); writing down passwords; and the re-use of passwords across multiple services. Some studies point towards the alarming impact of poor password practices on security. While strict password policies can tackle these problems to some extent, they invariably lead to user inconvenience, frustration and dissatisfaction, often to the point that overly complex, difficult-to-remember passwords are frequently lost.
• Several recent studies have illustrated the costs of password use for access control. Aside from the obvious security vulnerabilities through poor security practice and policy, there is also the significant cost of recovering or resetting user passwords. While estimates vary according to the scale of services or infrastructure, most studies show that password recovery or reset requests can account for over 30% of all help desk calls. The same surveys show that each request can cost more than $25. More convenient, secure and economical access control solutions are thus needed to meet the needs of today’s increasingly demanding ICT systems, services and infrastructures.
• Token-based approaches and biometrics make for appealing solutions, however the growing proliferation of distributed, smart services often involve unsupervised scenarios. Since token-based solutions generally require specific authentication equipment (e.g. smart-card readers), they cannot be effective in meeting the requirements; they can still be stolen or transferred to other persons. On the other hand, biometrics technology is increasingly meeting the demands of users for user-friendly solutions to access control. Even so, user concerns regarding privacy and security are rather high.

OCTAVE will leverage recent advances in biometrics technology to deliver a trusted biometric-based approach to access control. The selected technology to achieve this objective encompasses voice biometrics, specifically automatic speaker verification (ASV). As a natural, convenient and non-invasive type of biometrics, ASV is a particularly appealing solution to user-friendly access control. The main technological innovation comes from leading-edge technologies to ensure users that:
(i) countermeasure solutions for robustness against spoofing are put in place;
(ii) hybrid-ASV solutions to support the flexible deployment of ASV across multiple application scenarios are put in place; and
(iii) means for successful operation across communications channels of varying quality, including telephony (fixed and mobile) and Internet services are used.

The deployment of biometric voice verification under real conditions will be verified by user trials, in a real scenario considering two different applications. The application context is two-fold:
1) an application proposed by SEA Aeroporti di Milano, which foresees a physical (hence local) access, to be authenticated by a remote central server. Such an application is a significant example of an authentication service granting access to a critical infrastructure;
2) an application proposed by Findomestic and Advalia, which foresees online authentication of customers accessing a highly automated customer assistance desk.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

OCTAVE has started by analysing the most significant baseline voice biometrics systems available in the market and in the open source world; then it has established baseline voice biometric systems and demonstrated their vulnerability to spoofing attacks.

The work was scheduled in two phases, the first one is an intermediate phase relatively early on in the project and the second phase corresponds to the final delivery a few months before the end of the project.

This ensured that the work would be performed with state-of-the-art systems and also served to highlight the need for spoofing countermeasures which will be delivered by OCTAVE, with initial and then advanced and generalised countermeasures coming in phases 1 and 2 respectively. Robustness to spoofing has already been demonstrably improved and outputs have been integrated into the phase 1 OCTAVE platform. Multi-stage approaches to noise compensation, so essential to reliability in adverse noise conditions, have also been delivered.

Hybrid speaker verification methodologies have been established in OCTAVE. These combine single mode speaker verification engines, which have already been developed. The delivered hybrid methods exploit the information provided by different modes of operation, such as prompted text-dependent and text-independent speaker verification, to yield a more accurate speaker verification system, which will be more robust as well against spoofing attacks.

A survey of the legal and regulatory framework related to the protection and handling of personal data in effect in EU as well as specializations of the framework in select member states has been completed. Specifically, the Project has also provided a survey of the procedures, techniques and technologies used for the protection of personal data. The surveys are intended as guiding reports to be used for assessing the platform's compliance with existing regulation. Technical developments are constantly monitored with the intent to provide feedback to issues related to the handling of personal data. The project also benefits from advice, feedback and guidance assured by a Security and an Ethical committee that were put in place since OCTAVE start time.

The general architecture of the TBAS platform has been established including selecting and rationalising the interface between different components brought in by different Beneficiaries of the TBAS. The phase 1 version of the speaker verification platform including improvement to meet the project requirements has been delivered and deployed in a secure cloud infrastructure. The availability in the cloud facilitates the integration with the IDM component and the testing work. The speaker verification platform includes a biometric mode of operation representing the current state of the art and two anti-spoofing modules. One of the modules, the so called anti-artificial-voice: protecting against synthetic voice and voice transform, is a fully new capability that was not available in the selected baseline platform (provided by the participant beneficiary ValidSoft) at project start. The principle of Privacy by design has been reviewed and some criteria successes have been set for the development work in the TBAS, to ensure best practices are followed.

Since OCTAVE is an industry innovation project, it has paid specific attention both to the objective performance assessment in laboratory of the deployed services and to the end-users reaction to voice biometrics technology in real life environments.

As regards the laboratory assessment, a number of standardized datasets clustering multiple corpora were analytically used to test the system objective performance. Additionally, within certain values, the pioneering solution was also able to directly access the OCTAVE TBAS platform and to validate the services delivered. In all this process, by directly assessing the platform that provides the service as a whole, we endorsed the stated project validation strategies to chase a higher level of deployment chain of the biometric solution. A further test plan in laboratory of pair-wise modules and integrated TBAS platform has been scheduled to take place at late time in the project.

As regards the in-field evaluation by the end-users expected for the second year, a huge work has been done primary in identifying the real scenarios where to test the TBAS service applications. Two project partners in particular have provided the experimental real life environments where the potential users intend to use the OCTAVE solution. User needs and requirements, interaction procedures, and techno-architectural boundaries have been outlined according to research purposes and metrics to effectively assess the acceptance of this innovative technology.

Through the deployment of a combination of already existing and totally new technologies, the consortium is implementing a commercial voice biometric authentication service. Besides the protection of personal data, specific business needs have been defined, to be met during the development phase and once the Platform will be released for the “real” market.

The system will be tested for:
- online authentication – logical access to remote banking services;
- physical authentication – physical access to restricted sensitive areas;
In order to obtain a successful result, the two pilot scenarios have been well defined: all necessary details have been provided in terms of use cases relevant to the different scenarios, as far as functional, security, performance, availability and scalability requirements are concerned. These details have been followed by two operational flow charts, a kind of “action sequences”, describing user registration and user authentication, either for physical access to critical infrastructures and for online use of data-sensitive services.
A timely comparison with the outcomes of technical deliverables will permit to constantly verify and assess the characteristics of the TBAS to obtain maximum adherence to the real operative and business needs of the application owners.

Validation results, arising from the final testing phases during physical and online authentication, will be used to elaborate the roll out plan bridging the gap from technology to a possible real initial selected panel of clients.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

Amongst various biometric methods, voice biometrics is considered for the project, due to its promising resilience against spoofing in unsupervised applications and also the user convenience it offers. Through the adoption of an appropriate hybrid approach, the voice biometrics platform to be developed in OCTAVE will offer effectiveness in terms of both authentication accuracy and robustness against circumvention. As such, it bears the promise of offering the required effectiveness and user-friendliness as the sole means of authentication in secure access control applications, whilst it can also be deployed as a reliable inherent factor in a multi-factor authentication approach.

OCTAVE has made significant advances in anti-spoofing, having achieved the best results for the standard ASVspoof 2015 corpus published to date (72% relative improvement over previous state-of-the-art). In addition to this, and as a result of cross- activities, OCTAVE has achieved one of the most thorough analyses of integrated automatic speaker verification (ASV) and spoofing countermeasures. This work has also been accepted for publication in the scientific literature.

As possibly the only large-scale, collaborative project to have investigated not only fixed pass-phrase text-dependent, text-prompted text-dependent and text-prompted text-independent ASV systems, OCTAVE has produced what is probably the broadest study and comparison of different ASV strategies for user authentication to date. Connected to this work are advances in hybrid ASV and also new work in utterance verification (UV). The OCTAVE consortium has defined this new research area with the first scientific publication which introduces the concept and which presents the very first results.

While progress beyond the state of the art relates naturally to research, OCTAVE is not without industrial advances. New spoofing countermeasures have been integrated successfully into a state-of-the-art, commercial grade voice biometric platform. To the best of our knowledge, no other such technologies, demonstrated with the use of public or open evaluation platforms, are in use in competing, marketed technology. Having been validated in such an open, transparent manner, the new technology emerging from OCTAVE has addressed privacy, trust and security concerns, so traditionally a barrier to exploitation. With these barriers now overcome to some extent, OCTAVE has obvious socio-economic and societal implications. These include new opportunities for exploitation, new markets stemming from greater trust in biometric technologies as an alternative to user authentication. It is stressed that these go beyond the use of just voice as a biometric; implications are relevant to the wider biometrics industry as a whole.

With increasingly widespread use of mobile devices in the every daily life, the need to provide end-users with a secure, easy-to-use and trustful access to physical or online services still requires direct studies and in-depth field analyses. In this view OCTAVE has aspired to give a significant contribution to the research in particular about the perceived security of the access to services using ASV. A remarkable observation has been that e.g. most of users did not use mobile online banking services due to its concerns. In the current project perceived security has been taken as the central determinant of the acceptance and it is affected by factors such as the environment, the service experience, the reputation of the provider, etc. Thereby the users’ acceptance model developed to study the OCTAVE solution has covered all relevant factors, i.e. those to have a better performance, those to give awareness of security or risk and those in relation with being free of effort. According to this planning, two in-field evaluations have been designed and scheduled for the second part of the project duration. The impact on end-users’ behavioural intention is expected to come from the study of the above factors by two real life trials. Moreover on the field trials, they have been set up by a huge collaboration and work within the whole consortium.

With particular regard to the socio-economic impact, it has to be outlined that the acceptance model has included, as usual, such relevant constructs like the social influence and /or the facilitating conditions. Since OCTAVE in-field studies are not going to charge any direct cost to the trial participants, either in enrolment or in execution phases, the dimension of the perceived “price value” (cost of technology and/or service) is expected to be largely unexplored. However, even though applied to small samples in two real life trials, the social influence exploration is expected to help in understanding the tendency that groups of end-users might disclose in approaching/sharing the VB solution over the physical and online applications, under the facilitating conditions provided by the owners of the services.

Related information

Record Number: 191388 / Last updated on: 2016-11-16
Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top