Abstract
This column aims to describe the characteristics of current cyberpsychology research in Europe. In particular, CyberEurope aims at describing the leading research groups and projects running on the other side of the Ocean.
T
We've all been there: you go to log in to your e-mail or your online banking and you can't remember your password. Or you know your password, but the system asks you to come up with a new combination of letters, numbers, and symbols. With dozens of passwords that you're somehow supposed to remember, like many of us, you simply write them all down on a piece of paper and tuck it safely away in your wallet—which is then stolen or lost…
The password problem is one of the major challenges that the ICT sector is determined to solve. “One way forward is to get rid of passwords for good in favor of user authentication based on biometric traits that are truly unique to each individual,” says OCTAVE's (
Although it may be a non-intrusive solution, this doesn't mean it is an easy one. “First, voice recognition faces such involuntary challenges as noisy environments that induce distortion in voice acquisition,” explains Trigila. “There are also voluntary problems caused by potential attacks that, for example, can fool traditional recognition systems with recorded voice samples from a legitimate speaker.”
Introducing the Trusted Biometric Authentication System
OCTAVE researchers are developing an automatic speaker verification (ASV) system called the Trusted Biometric Authentication System (TBAS). TBAS's unique architecture makes it secure by design and virtually impossible for imposters to hack. It is also the first system to combine speaker verification technology and distributed processing platforms holistically to offer user authentication as a cloud service.
As a powerful computing facility equipped with the best processing technologies and algorithms, traditional ASVs are often protected by industrial secrets—meaning that not every service provider can afford them. Instead, many companies must look to a third-party broker. “To work, an ASV must be in the hands of a trusted business player, a sort of authentication broker, similar to the well-consolidated payment brokers like PayPal that are now on the market,” says OCTAVE's technical leader Mauro Falcone.
TBAS provides this required level of trust and thus makes voice authentication a viable option for small and medium-sized enterprises. With TBAS, the full set of service-related data is stored with the service provider and never passed on to the identity or authentication engine provider. The identity and authentication providers only intervene when a user must be enrolled with biometric means and then recognized by those means. Instead, the identity provider receives a pseudonym of the user identity and associates a second pseudonym that, along with biometric data, is then passed on to the authentication provider. Both pseudonyms are created with non-reversible algorithms that make it nearly impossible to follow the inverse path from authentication provider to service provider.
“As a result, any hacker, who might get hold of data in one of the two domains of the identity and the biometric authentication providers, will not be able to make any meaningful use of it,” says Trigila.
An intermediate platform
According to Trigila, TBAS meets the challenge of creating a secure platform with respect to user data protection. More so, it serves as an intermediate platform between service, identity, and authentication engine providers.
As the project winds down, researchers see great potential for commercializing TBAS. “The ultimate objective of OCTAVE is to set up a voice authentication service for all enterprises, large or small, that serves as a viable alternative to traditional methods based on passwords, tokens and smartcards,” concludes Trigila.