A team at the University of Alabama at Birmingham (UAB) has proposed a new, secure method for two-factor authentication. The approach utilizes speech signals of wearable devices.

Two-factor authentication tries to stifle digital crime by adding extra layers of security that require more than the standard username and password to gain access to electronics. Researchers have been trying to simply this process for the user, while strengthening its safety. 

In an effort to stop users from typing in a numerical code, an idea has surfaced that centers around ambient noise. The sound can detect distances between the two devices involved in the identity verification process.

However, UAB researchers speak against this technique, and warn devices could be vulnerable to malicious mobile attacks from far-near hackers.

For example, “ones who are remotely located and can guess the victim’s audio environment or make the phone create predictable sounds (e.g., ringers), and those who are in physical proximity of the user,” according to the researchers.

The team proposes a different solution known as the “Listening-Watch” system, which uses a wearable device and random speech sounds.

"Listening-Watch offers two key security features," says Nitesh Saxena, Ph.D., professor in the UAB College of Arts and Sciences Department of Computer and Information Sciences. "It uses random code encoded into speech to withstand remote attackers. Low-sensitivity microphones found in current wearable devices cannot capture distant sounds, which will thwart proximity attackers."

According to UAB, a real-world situation using the “Listening-Watch” authentication would utilize an application installed on a wearable device, such as a fitness tracker or smartwatch. After prompted by a message, the device would record and decode browser-played speech sounds. The browser will be on the primary device, and it will consist of short, random code encoded into human speech.

If the wearable’s audio contains the same code, and closely resembles the browser’s audio recording, the login will be successful. Voice recognition is tasked with decoding the speech.

The research is detailed in the paper, “Listening Watch: Wearable Two-Factor Authentication using Speech Signals Resilient to Near-Far Attacks,” published in June at the Association for Computing Machinery Conference on Security and Privacy in Wireless and Mobile Networks.