Armor vox impostermaps_how-to-build-an-effective-voice-biometric-solution-in-three-easy-steps

TECHNOLOGY WHITEPAPER

ArmorVox ImpostorMaps™

How to Build an Effective Voice Biometric Solution
in Three Easy Steps

AURAYA SYSTEMS
One Tara Boulevard | Nashua, New Hampshire 03062 | +1 603 123 7654 | twitter.com/armorvox | linkedin/in/armorvox

ArmorVox ImpostorMaps™

How to Build an Effective Voice Biometric Solution in Three Easy Steps

ImpostorMaps™ is a methodology developed by Auraya and available from Auraya resellers worldwide
to configure, prove, optimize and deploy voice biometrics solutions into major customers facing
applications. Originally developed to prove the performance and accuracy of voice biometric systems
deployed in Australian Government services, ImpostorMaps™ has also been used by the National
Australia Bank and The Vanguard Group in the USA to successful develop and deploy voice biometric
solutions now used by millions of citizens and banking customers to authentication identity over the
telephone.
The process is focused on confirming the performance and the configuration of the technology to meet
the end-user’s security and customer usability requirements. At the start of the process the end-user
specifies their preferred authentication configuration and the process delivers a result that confirms
usability and security so that the end-user can deploy the system confident that customers’ can use the
system effectively and at the same time, the system will deliver the security requirements required by
the end-user for deployment.

Figure 1: The ImpostorMap™ Voice Biometric Applications Development and Deployment Methodology

2
ARMORVOX – ImpostorMaps™
© 2012 Auraya Systems www.ArmorVox.com

The ImpostorMap™ methodology comprises three stages:

Stage 1: Prototype Design and Usability Testing

The first step in the ImpostorMap™ process is the prototype design and usability analysis. The focus of
this initial stage is not security but usability. Stage 1 involves setting-up a “prototype application VUI
(Voice User Interface)”, implemented either using the customer’s IVR system (or a hosted IVR system
from one of Auraya’s telephony services partner (Voxeo) to create a prototype “model” of the
authentication solution required by the end-user. This “prototype” implements the VUI which the
customer believes best meets its customer service requirements. At this stage the “prototype” invokes
the core authentication engine in its default settings and implements a voice data capture process that
logs focus group callers’ interactions with the system to understand how callers interact with the
system, their speaking styles and speaking environments (telecommunication environments and so on).

Once set-up, a focus group of callers (usually end-user employees) is used to “prototype” system and
their voice responses are captured. The process requires focus group subjects to telephone the
prototype system and respond to the voice prompts in “the way they think they should respond”.

During this stage each subject is provided with “fabricated” personal identity information, such as
account number, name, date or other personal information designed to model the information that
would be used in the deployed application. The process elicits an authentic voice response from the
focus group subjects in their preferred language and accent; including subjects saying the wrong
words, hesitating and other behaviors that callers frequently exhibit. Further, because they are
speaking over the telephone network (landline, mobile or other), the speech data captured will also
contains the noise, distortion, interference and bandwidth limitations introduced by the network. All this
information is logged by ArmorVox and is used to optimize the performance of the solution during the
following stages of the ImpostorMap™ process.

The “Over -Imposted Speech Database”

The crucial consideration at this stage is the design of the database of “fabricated” personal identity
information. Auraya uses what is known in the scientific community as an “over-imposted speech
database”. In this database each subject is given “sample personal information” to speaker into the trial
system, presented in the same format as would be used in the final deployed system. The speaker is
told that this example information is used to protect their own personal information during testing.

3

However, the data provided is not unique to each speaker. Depending on how the evaluation is set-up,
there are typically 10 (or more) other speakers (of the same gender) quoting the exact same example
personal information (such as the “fabricated” account numbers, PINs, names, addresses, dates of
birth). In such an arrangement the only way to distinguish between different speakers is from their
unique voice characteristics and not the personal information presented. In the ImpostorMap™
process, the groups of speaker with the same information are then used as impostors to break into
each other’s accounts.

In effect, the process simulates a “massive hacker attack”; where impostors are using other peoples’
identity information to gain unauthorized access to other users’ secure services. Given that the
speakers in this database are saying the same personal information (i.e. account numbers, name dates
and names etc.) then there is no way current telephone voice security processes, including PIN,
password or proof-of-identity questioning is able to separate the legitimate speakers from the impostors
speakers. This creates the situation, where the current security methods produce a “100% False
Accept Rate (FAR)”. This then becomes the benchmark against which the security performance of the
voice biometrics system can be compared to provide the end-user’s security team with a measure of
how much more secure ArmorVox is compared to the current security solution.

As the database is collected the responses can be analyzed to evaluate the usability of the Voice User
Interface (VUI). Based on the analysis, the VUI design can be updated and focus group participants
invited to re-try the system. This way the design of the VUI can be iteratively improved to achieve the
customer usability levels required for production deployment. Further, as this is a voice database of
“authentic subject responses”, including all the speaker mistakes and communications network
artifacts, the evaluation results generated by the benchmarking process will give an accurate reflection
of the performance of a fully deployed system.

The “over imposted database design” also delivers the data needed to calibrate the security
performance, optimize performance and develop the business rules for acceptance and decline of
callers claimed identity at the application layer. This is described in Stage 2 of the process.

The data collection process is supported by a quality assurance (QA) module which is built into the
ArmorVox system. The Voice QA module detects speaker errors e.g. inconsistency, noisy samples,
distorted or clipped speech items and problematic channel effects, as well as measuring the quality of
the audio utterance using an ArmorVox proprietary algorithm. The module provides the feedback
4

required by the VUI designers to improve the application and measure enhanced usability. Further,
when deployed in the end-user’s telecommunications environment, it identifies early any issues with the
telephony network that is likely to impact of system performance.

Deliverables from Stage 1

At the end of this stage, the process delivers a VUI design confirmed to meet customer usability
requirements and the “Over imposted speech database” specifically set-up for the security evaluation,
tuning and optimization of the technology to meet the end-user’s requirements.

Stage 2: Technology Evaluation and Impostor Maps

As the speech database is being collected during Stage 1, the analysis, optimization and creation of the
ImpostorMap™ commences. This process is performed by the tuning module that is incorporated in the
ArmorVox product (the ArmorVox Optimizer) plus a separate analysis of the enrolment and verification
processes that the end-user can use the assess security performance and set-up of the system.

The first stage of this process is to optimize the UBM’s (Universal Background Models). The UBM
represent the acoustic characteristics of the voice samples used by the population of speaker to
perform the verification given an acoustic environment e.g. the office. The closer the UBM represents
the population of speakers - the better the performance of the system on that population and the better
the discrimination of speaker outside that population.

The ArmorVox product is shipped with 8 text-dependent UBM’s for different types of speech; ranging
from people saying account numbers in English to words to words and phrases. In addition there is a
UBM for text-independent authentication and another for text-prompted authentication. Typically for
text-dependent authentication the closest UBM is used to seed the process and the tuning process
progressively adapts the parameters of the UBM to represent the acoustics of the enrolment and
verification samples of the speakers. The process is repeated for all UBM used in the trial application to
maximize performance for each verification process and the overall security performance of the
application.

5

Once UBM optimization is complete, an analysis of the verification performance can commence based
on the measurements made by the system on all the enrolled speakers.

Once enrollment is complete, the verification samples are verified against their respective enrolled
acoustic models to generate the true speaker map. Given that the speech data is produced by the
same person (i.e. the legitimate speaker) there should be a good match and the technology should
return high score for the true speakers. The problem is that this is not always the case and during this
stage the analysis focuses on those samples that return low score and understand why score of low.

Low results can be generated by the true speaker for a number of reasons. The speaker may have said
the wrong word or phrase. They may have said the information differently than the way it was originally
enrolled. For example, they could be speaking more quickly or more slowly than the original enrollment
sample. They may have hesitated, “ummed”, “arred”, coughed sneezed or just did not say anything at
all. There could have been high noise on the line or the line was subject to high levels of distortion,
cutting-out (as often heard in mobile and some VoIP networks) or clipping.

Information gathered at this stage is used in stage 3 for business rule refinement to ensure that failures
are handled systematically, correctly and efficiently by the application and that when a true speaker
failure occurs the reason is understood and appropriate action is implemented.

The ArmorVox Optimizer generates equal error rates (EERs) at the system as well as at the speaker
level pre- and post-optimization. The equal error rate measures the trade-off between false acceptance
and false rejection at the point where they are both equal. The objective is of course to drive these
EERs to a minimum thus resulting in an optimal authentication system.

The optimizer calibrates the performance of each voiceprint enroll against the corresponding impostors
saying the same information. This is the key process. What this process does is to simulate a
“massive hacker attack” whereby each voiceprint enrolled in the system is subject to a large number of
impostor attacks for speakers of the same gender and age-group where possible are saying the same
identity information. Such an attack is very uncommon in real deployment, but does represent a worst
case scenario for the technology.

6

The impostor test, which is also performed by the optimizer is opposite of the true speaker test. That is
given that the impostors voice quality is different from that enrolled then, despite the information being
the same, the technology should return a low score. The problem is that this is not always the case.
Some people may have similar voices, in which case the value may be quite high. Alternatively, the
enrolled voiceprint may be weak and vulnerable to impostor attack. In this case impostors consistently
score higher or score more closely compared to the true speaker scores, resulting into higher speaker
equal error rates.

The distribution of results generated by the impostor process is known as the ImpostorMap™.
Typically, Auraya designs the over impostor speech database to have a ratio of 10 impostors for each
true speaker. If the database comprises, say 500 speakers, the ImpostorMap™, thus comprises 5,000
impostor attempts. Typically, the map can be produced in as many dimensions as there are speech
types used in the application (external to the optimizer but part of the process). For example, if an
application uses account number and date of birth (as in the case of current banking deployments) then
a two dimensional ImpostorMap™ is created. Adding another speech type, such as a phrase (“At the
bank my voice is my password”) creates a three dimensional map.

The “Impostor Map” is the critical information as it provides a profile of the security performance of the
application under consideration and the ability of the application to separate true speakers from
Impostor speaker saying the same information. Typically, current security solutions based on
knowledge questions and PINs and passwords would generate a 100% false accept rate. That is all
impostors would breach the system. Auraya’s ImpostorMap™ process provides a tangible measure on
how much more secure a voice biometric system compared to current security solutions and provides
the confidence that the system will deliver security when it encounters an impostor.

Deliverables from Stage 2

This stage delivers the performance of the technology as the an outcome of running the optimzer and
the impostormap™ (external to the system) which are used in the next stage to develop the business
rules for the application and provide additional optimization.

7

Stage 3: Business Rules and Optimization

The optimizer measurements and ImpostorMaps™ can be used to develop and optimize the rules
associated with the application and its intended use. This stage is controlled by what the client is
looking to achieve as a business outcome.

Using EER measurements for different speech items as well as ImpostorMap™ analysis, different
system configurations can be developed that allow the trade-off between impostor false accepts and
true speaker false rejects from being examined. In some case ImpostorMaps™ has been used to
design systems that combine different voice biometric technologies, such as text-dependent and text-
independent technologies to produce system that exhibit very high security and very low true speaker
false reject rates. ImpostorMaps™ also enables rules to be developed to handle ambiguous results
where the authentication score are on the boundary between the true speaker and impostor map.
Maps can be used to attach, confidence and probability scores to speakers; enabling the end-user to
develop rules that limit risk by limiting rights and access privileges based on scores generated by
ArmorVox. ImpostorMap™ have also been used to develop rules to handle infrequent callers for
example, and how to adjust rules in noisy and mobile channels.

For example, in the case of an Australian bank, ImpostorMaps™ were used to determine the
performance of the system as noise in the telephony channel was increased. This highlighted
vulnerabilities in their application, especially during the enrolment process. In this case ImpostorMaps™
was used to develop rules to restrict enrolment to quiet environments and channels. In ArmorVox this
information can be used to set the parameters within the Voice QA module to flag when noisy condition
lead to performance limitations and situations where the security performance of the system could be
compromised (i.e. voice biometric vulnerability analysis).

In another example, a US financial services firm used ImpostorMaps™ to confirm that the technology
met their stringent security requirements for distinguishing between family members access the system.
Having shown that specific configurations of the technology would meet their requirements they then
proceeded to implement and configure the application to meet their security and business
requirements.

8

Voiceprint Vulnerability Analysis

A unique feature of ArmorVox is its voiceprint vulnerability analysis. Typically, 10% to 15% of
voiceprints stored in the database are potentially vulnerable and susceptible to impostor attacks.
Vulnerabilities occur when the enrolment process is corrupted in some way; either through noisy
speaking conditions; transmission interference or degradation; or speaker errors or inconsistent
speaking style. Analysis shows that weak and vulnerable voiceprints have a significant impact on the
overall security performance of an application.

Using impostor data automatically generated by ArmorVox, the ArmorVox system can detect and
optimize weak and vulnerable voiceprints and strengthen performance for the whole system. It can also
identify outliers or “goats” that do not exhibit average speaker behaviour. The tool tests each voiceprint
in the database attaching a confidence score to each voiceprint indicating the security strength of
that voiceprint. Voiceprints found to have weak security strengths are selected for optimization or re-
enrolment, using either existing or newly acquired speech data, typically, eliminating weak and
vulnerable voiceprints.

As well as significantly enhancing the overall security performance of the solution, this proprietary
process also sets the individual speaker thresholds automatically and allows business rules to be set at
the “individual level” e.g. by manually raising or lowering individual thresholds.

Deliverable from Stage 3

This final stage delivers a suggested configuration for the application to meet the end-user’s security
requirements e.g. the best speech items to use and the situations under which the system generates
error response, such as when a voice sample is too noisy, when the caller is saying the incorrect
information and so on.

9

Conclusion

ArmorVox Optimizer and the ArmorVox ImpostorMap™ methodology ensure:

a. The dialogue, persona and authentication processes meet the client’s customers’ expectations and
that users can effectively authentication their identity using the system.

b. The technology performance is known, security setting optimized and vulnerabilities eliminated or
minimized to meet the end-user’s requirements.

c. The business rules implement the end-user’s identity authentication security requirements allowing
the system to integrate with the end-users identity management systems

At this point the end-user can roll-out the voice biometric application based on ArmorVox confident that
the system will work and will deliver the user acceptance and security requirements for successful
deployment.

Next Steps

ArmorVox ImpostorMap methodology is available for Auraya or an Auraya Certified Reseller Partner.
Either contact Auraya directly via our website at www.armorvox.com or contact your local Auraya
Reseller Partners (again see www.armorvox.com for a list of resellers worldwide…

10

About the Author

Dr. Clive Summerfield is Auraya Systems’ Founder and Chief Executive Officer.
Clive is an internationally recognized authority on voice technology and holds numerous
patents in Australia, USA and UK in radar processing, speech chip design and speech
recognition and voice biometrics.

As a former Founder Deputy Director of the National Centre for Biometric Studies (NCBS) at University
of Canberra, in 2005 Clive undertook at the time the world’s largest scientific analysis of the voice
biometric systems leading to the adoption of voice biometrics by for secure services. That experience
lead Clive in 2006 founding Auraya, a business exclusively focused on advanced voice biometric
technologies for enterprise and cloud based services. Visit ArmorVox.com for Clive Summerfield’s full
bio.

About Auraya Systems
Founded in 2006, Auraya Systems, the creators of ArmorVox™ Speaker Identity System is a global
leader in the delivery of advanced voice biometric technologies for security and identity management
applications in a wide range of markets including banks, government, and health services. Offices are
located near Boston USA, Canberra and Sydney Australia. For more information, please
visit www.armorvox.com.com.

11

Armor vox impostermaps_how-to-build-an-effective-voice-biometric-solution-in-three-easy-steps

Recomendados

Recomendados

Más contenido relacionado

Último

Último (20)

Destacado

Destacado (20)

Armor vox impostermaps_how-to-build-an-effective-voice-biometric-solution-in-three-easy-steps