Objective Control for TAlker VErification

OCTAVE has addressed the challenge DS-2-2014 “Access control, part of the Digital Security: Cyber security, Privacy and Trust call within the Secure societies – Protecting freedom and security of Europe and its citizens pillar of the Horizon 2020 – Work Programme 2014-2015”. Specifically, it has responded to the part of the work programme calling for “the development and testing of usable, economic and privacy preserving access control platforms based on the use of biometrics”.

The main objective has been to deliver an access control platform through a Trusted Biometric Authentication Service (TBAS) for use in data-sensitive and mission-critical applications, in real business and commercial environments. The platform was meant to reduce the practical burden of users related to password loss and recovery. Through the use of biometrics, OCTAVE has targeted user secure access to diverse and trustworthy online services.

Despite seemingly cost-free use, textual passwords rarely meet user expectations, whilst often resulting in insecure practices: easily guessable, noted-down on paper, and re-used for several services. Strict password policies lead to user inconvenience and frustration. Depending on the scale of services or infrastructure, most estimates show that password recovery or reset requests for critical services can account up to 30% of all help desk calls. Token-based approaches and biometrics both make for appealing solutions. Though, for unsupervised scenarios, tokens are weak, as they can be stolen or transferred to others, whilst biometrics is inherently bound with individual persons.

In its approach, OCTAVE has leveraged on recent advances in biometrics to deliver a trusted biometric-based approach to access control. The technology selected by the project encompasses voice biometrics, specifically automatic speaker verification (ASV). The main technological innovation of OCTAVE comes from leading-edge technologies: (i) countermeasure solutions for robustness against spoofing; (ii) hybrid-ASV solutions to support the flexible deployment of ASV across multiple application scenarios; and (iii) seamless operation across communications channels of varying quality, including telephony (fixed and mobile) and Internet services.

The deployment of biometric voice verification under real conditions has been verified by user trials, under two different contexts: (1) an application for physical (hence local) access, to be authenticated by a remote central server; (2) an application for online authentication of customers accessing a highly automated assistance desk.

OCTAVE started by analysing the most significant baseline voice biometrics systems available in the market and in the open source world, to identify candidate voice biometric systems and study their vulnerability to spoofing attacks.

The core work was scheduled in two phases. An intermediate phase, carried out relatively early in the project run, ensured adoption of a commercial, state-of-the-art system and its enhancement with advanced anti-spoofing solutions, thus yielding the OCTAVE baseline platform. The second phase, corresponding to the final delivery, enhanced the baseline ASV engines and integrated the platform with generalised countermeasures, with solutions ensuring reliability of ASV systems in adverse noise conditions and hybrid speaker verification functionality. The delivered hybrid methods exploit the information provided by different modes of operation, such as prompted text-dependent and text-independent speaker verification, to yield a more accurate speaker verification system, more robust as well against spoofing attacks.

The legal and regulatory framework for protection of personal data in effect in EU and in the member states where project partners generating or processing sensitive user data are based, was surveyed, adopted and used as check-reference to monitor implementation of the solutions, as well as planning and execution of user trials.

The TBAS platform was delivered and deployed in a secure cloud infrastructure. User verification is split in two distinct domains, (1) Identity Management and (2) User Authentication, in the realm of distinct players, thus conforming to the principle of “security by design”, and making it virtually impossible to hack with user data and to break the security of the whole platform.

OCTAVE has paid special attention to in-lab assessment of objective performance of the deployed services and to the end-user reaction to voice biometrics technology, in real life environments. For laboratory assessment, a number of standardized datasets clustering several voice corpora were used to test the system objective performance. As regards the in-field evaluation by the end-users, two project partners provided the experimental real life environments where the potential users could fully use the OCTAVE solution.

Validation results, arising from the final testing phases during physical and online authentication, were used to elaborate the roll out plan bridging the gap between technology and real commercial use.

Voice biometrics was focused, due to resilience against spoofing in unsupervised scenarios and user convenience. By adopting a hybrid approach, the OCTAVE voice biometrics platform has proved very effective for both authentication accuracy and robustness against circumvention. Thus, it has met the promise of offering effectiveness and user-friendliness for authentication in secure access control applications. Of course, it can also be used as a reliable term in a multi-factor authentication approach.

OCTAVE has made advances in anti-spoofing, achieving the best results for the standard ASVspoof 2015 corpus published to date (72% relative improvement over previous state-of-the-art). In addition to this, OCTAVE has achieved one of the most thorough analyses of integrated automatic speaker verification (ASV) and spoofing countermeasures. Subsequent participation in the ASVspoof 2017 campaign has confirmed the outstanding competitive position of OCTAVE. It has produced what is probably the broadest study and comparison of different ASV strategies for user authentication to date. Connected to this work are advances in hybrid ASV and an innovative approach in utterance verification.

The new platform developed by OCTAVE has addressed privacy, trust and security concerns, so traditionally a barrier to exploitation. Overcoming these barriers to some extent, OCTAVE has notable socio-economic and societal implications: new opportunities for exploitation, and new markets stemming from greater trust in biometrics as an alternative to traditional user authentication. It is stressed that results go beyond the use of just voice as a biometric; implications are relevant to the wider biometrics industry as a whole.

It is important to note that the OCTAVE solution is virtually cost-free for the users: no ad-hoc devices needed, just a PC with a microphone and any major web browser, or a smartphone with an app supplied by service providers adopting the OCTAVE platform.

Finally, the social analysis carried out by OCTAVE has given clear indications on how end-users approach and accept voice biometric solutions, under the facilitating conditions set by service providers, acting as key mediators – in the philosophy of OCTAVE – between Identity Management Providers and User Authentication providers, on one side, and end users, on the other side.