Professional Documents
Culture Documents
ArmorVox ImpostorMaps
How to Build an Effective Voice Biometric Solution in Three Easy Steps
AURAYA SYSTEMS One Tara Boulevard | Nashua, New Hampshire 03062 | +1 603 123 7654 | twitter.com/armorvox | linkedin/in/armorvox
ArmorVox ImpostorMaps
How to Build an Effective Voice Biometric Solution in Three Easy Steps
ImpostorMaps is a methodology developed by Auraya and available from Auraya resellers worldwide to configure, prove, optimize and deploy voice biometrics solutions into major customers facing applications. Originally developed to prove the performance and accuracy of voice biometric systems deployed in Australian Government services, ImpostorMaps has also been used by the National Australia Bank and The Vanguard Group in the USA to successful develop and deploy voice biometric solutions now used by millions of citizens and banking customers to authentication identity over the telephone. The process is focused on confirming the performance and the configuration of the technology to meet the end-users security and customer usability requirements. At the start of the process the end-user specifies their preferred authentication configuration and the process delivers a result that confirms usability and security so that the end-user can deploy the system confident that customers can use the system effectively and at the same time, the system will deliver the security requirements required by the end-user for deployment.
Figure 1: The ImpostorMap Voice Biometric Applications Development and Deployment Methodology
2
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com
However, the data provided is not unique to each speaker. Depending on how the evaluation is set-up, there are typically 10 (or more) other speakers (of the same gender) quoting the exact same example personal information (such as the fabricated account numbers, PINs, names, addresses, dates of birth). In such an arrangement the only way to distinguish between different speakers is from their unique voice characteristics and not the personal information presented. In the ImpostorMap process, the groups of speaker with the same information are then used as impostors to break into each others accounts. In effect, the process simulates a massive hacker attack; where impostors are using other peoples identity information to gain unauthorized access to other users secure services. Given that the speakers in this database are saying the same personal information (i.e. account numbers, name dates and names etc.) then there is no way current telephone voice security processes, including PIN, password or proof-of-identity questioning is able to separate the legitimate speakers from the impostors speakers. This creates the situation, where the current security methods produce a 100% False Accept Rate (FAR). This then becomes the benchmark against which the security performance of the voice biometrics system can be compared to provide the end-users security team with a measure of how much more secure ArmorVox is compared to the current security solution.
As the database is collected the responses can be analyzed to evaluate the usability of the Voice User Interface (VUI). Based on the analysis, the VUI design can be updated and focus group participants invited to re-try the system. This way the design of the VUI can be iteratively improved to achieve the customer usability levels required for production deployment. Further, as this is a voice database of authentic subject responses, including all the speaker mistakes and communications network artifacts, the evaluation results generated by the benchmarking process will give an accurate reflection of the performance of a fully deployed system. The over imposted database design also delivers the data needed to calibrate the security performance, optimize performance and develop the business rules for acceptance and decline of callers claimed identity at the application layer. This is described in Stage 2 of the process.
The data collection process is supported by a quality assurance (QA) module which is built into the ArmorVox system. The Voice QA module detects speaker errors e.g. inconsistency, noisy samples, distorted or clipped speech items and problematic channel effects, as well as measuring the quality of the audio utterance using an ArmorVox proprietary algorithm. The module provides the feedback
4
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com
required by the VUI designers to improve the application and measure enhanced usability. Further, when deployed in the end-users telecommunications environment, it identifies early any issues with the telephony network that is likely to impact of system performance. Deliverables from Stage 1 At the end of this stage, the process delivers a VUI design confirmed to meet customer usability requirements and the Over imposted speech database specifically set-up for the security evaluation, tuning and optimization of the technology to meet the end-users requirements.
5
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com
Once UBM optimization is complete, an analysis of the verification performance can commence based on the measurements made by the system on all the enrolled speakers.
Once enrollment is complete, the verification samples are verified against their respective enrolled acoustic models to generate the true speaker map. Given that the speech data is produced by the same person (i.e. the legitimate speaker) there should be a good match and the technology should return high score for the true speakers. The problem is that this is not always the case and during this stage the analysis focuses on those samples that return low score and understand why score of low.
Low results can be generated by the true speaker for a number of reasons. The speaker may have said the wrong word or phrase. They may have said the information differently than the way it was originally enrolled. For example, they could be speaking more quickly or more slowly than the original enrollment sample. They may have hesitated, ummed, arred, coughed sneezed or just did not say anything at all. There could have been high noise on the line or the line was subject to high levels of distortion, cutting-out (as often heard in mobile and some VoIP networks) or clipping.
Information gathered at this stage is used in stage 3 for business rule refinement to ensure that failures are handled systematically, correctly and efficiently by the application and that when a true speaker failure occurs the reason is understood and appropriate action is implemented.
The ArmorVox Optimizer generates equal error rates (EERs) at the system as well as at the speaker level pre- and post-optimization. The equal error rate measures the trade-off between false acceptance and false rejection at the point where they are both equal. The objective is of course to drive these EERs to a minimum thus resulting in an optimal authentication system.
The optimizer calibrates the performance of each voiceprint enroll against the corresponding impostors saying the same information. This is the key process. What this process does is to simulate a massive hacker attack whereby each voiceprint enrolled in the system is subject to a large number of impostor attacks for speakers of the same gender and age-group where possible are saying the same identity information. Such an attack is very uncommon in real deployment, but does represent a worst case scenario for the technology.
6
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com
The impostor test, which is also performed by the optimizer is opposite of the true speaker test. That is given that the impostors voice quality is different from that enrolled then, despite the information being the same, the technology should return a low score. The problem is that this is not always the case. Some people may have similar voices, in which case the value may be quite high. Alternatively, the enrolled voiceprint may be weak and vulnerable to impostor attack. In this case impostors consistently score higher or score more closely compared to the true speaker scores, resulting into higher speaker equal error rates. The distribution of results generated by the impostor process is known as the ImpostorMap. Typically, Auraya designs the over impostor speech database to have a ratio of 10 impostors for each true speaker. If the database comprises, say 500 speakers, the ImpostorMap, thus comprises 5,000 impostor attempts. Typically, the map can be produced in as many dimensions as there are speech types used in the application (external to the optimizer but part of the process). For example, if an application uses account number and date of birth (as in the case of current banking deployments) then a two dimensional ImpostorMap is created. Adding another speech type, such as a phrase (At the bank my voice is my password) creates a three dimensional map. The Impostor Map is the critical information as it provides a profile of the security performance of the application under consideration and the ability of the application to separate true speakers from Impostor speaker saying the same information. Typically, current security solutions based on knowledge questions and PINs and passwords would generate a 100% false accept rate. That is all impostors would breach the system. Aurayas ImpostorMap process provides a tangible measure on how much more secure a voice biometric system compared to current security solutions and provides the confidence that the system will deliver security when it encounters an impostor. Deliverables from Stage 2 This stage delivers the performance of the technology as the an outcome of running the optimzer and the impostormap (external to the system) which are used in the next stage to develop the business rules for the application and provide additional optimization.
7
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com
8
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com
Voiceprint Vulnerability Analysis A unique feature of ArmorVox is its voiceprint vulnerability analysis. Typically, 10% to 15% of voiceprints stored in the database are potentially vulnerable and susceptible to impostor attacks. Vulnerabilities occur when the enrolment process is corrupted in some way; either through noisy speaking conditions; transmission interference or degradation; or speaker errors or inconsistent speaking style. Analysis shows that weak and vulnerable voiceprints have a significant impact on the overall security performance of an application.
Using impostor data automatically generated by ArmorVox, the ArmorVox system can detect and optimize weak and vulnerable voiceprints and strengthen performance for the whole system. It can also identify outliers or goats that do not exhibit average speaker behaviour. The tool tests each voiceprint in the database attaching a confidence score to each voiceprint indicating the security strength of that voiceprint. Voiceprints found to have weak security strengths are selected for optimization or reenrolment, using either existing or newly acquired speech data, typically, eliminating weak and vulnerable voiceprints.
As well as significantly enhancing the overall security performance of the solution, this proprietary process also sets the individual speaker thresholds automatically and allows business rules to be set at the individual level e.g. by manually raising or lowering individual thresholds. Deliverable from Stage 3 This final stage delivers a suggested configuration for the application to meet the end-users security requirements e.g. the best speech items to use and the situations under which the system generates error response, such as when a voice sample is too noisy, when the caller is saying the incorrect information and so on.
9
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com
Conclusion
ArmorVox Optimizer and the ArmorVox ImpostorMap methodology ensure: a. The dialogue, persona and authentication processes meet the clients customers expectations and that users can effectively authentication their identity using the system. b. The technology performance is known, security setting optimized and vulnerabilities eliminated or minimized to meet the end-users requirements. c. The business rules implement the end-users identity authentication security requirements allowing the system to integrate with the end-users identity management systems At this point the end-user can roll-out the voice biometric application based on ArmorVox confident that the system will work and will deliver the user acceptance and security requirements for successful deployment.
Next Steps
ArmorVox ImpostorMap methodology is available for Auraya or an Auraya Certified Reseller Partner. Either contact Auraya directly via our website at www.armorvox.com or contact your local Auraya Reseller Partners (again see www.armorvox.com for a list of resellers worldwide
10
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com
About the Author Dr. Clive Summerfield is Auraya Systems Founder and Chief Executive Officer. Clive is an internationally recognized authority on voice technology and holds numerous patents in Australia, USA and UK in radar processing, speech chip design and speech recognition and voice biometrics.
As a former Founder Deputy Director of the National Centre for Biometric Studies (NCBS) at University of Canberra, in 2005 Clive undertook at the time the worlds largest scientific analysis of the voice biometric systems leading to the adoption of voice biometrics by for secure services. That experience lead Clive in 2006 founding Auraya, a business exclusively focused on advanced voice biometric technologies for enterprise and cloud based services. Visit ArmorVox.com for Clive Summerfields full bio.
About Auraya Systems Founded in 2006, Auraya Systems, the creators of ArmorVox Speaker Identity System is a global leader in the delivery of advanced voice biometric technologies for security and identity management applications in a wide range of markets including banks, government, and health services. Offices are located near Boston USA, Canberra and Sydney Australia. For more information, please visit www.armorvox.com.com.
11
ARMORVOX ImpostorMaps 2012 Auraya Systems www.ArmorVox.com