Threat modeling and analysis of voice assistant applications

Geumhwan Cho, Jusop Choi, Hyoungshick Kim, Sangwon Hyun, Jungwoo Ryoo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.

Original languageEnglish (US)
Title of host publicationInformation Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers
EditorsBrent ByungHoon Kang, JinSoo Jang
PublisherSpringer Verlag
Pages197-209
Number of pages13
ISBN (Print)9783030179816
DOIs
StatePublished - Jan 1 2019
Event19th World International Conference on Information Security and Application, WISA 2018 - Jeju Island, Korea, Republic of
Duration: Aug 23 2018Aug 25 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11402 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference19th World International Conference on Information Security and Application, WISA 2018
CountryKorea, Republic of
CityJeju Island
Period8/23/188/25/18

Fingerprint

Modeling
Smartphones
Voice
Intuitive
Demonstrate
Model

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Cho, G., Choi, J., Kim, H., Hyun, S., & Ryoo, J. (2019). Threat modeling and analysis of voice assistant applications. In B. B. Kang, & J. Jang (Eds.), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers (pp. 197-209). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-17982-3_16
Cho, Geumhwan ; Choi, Jusop ; Kim, Hyoungshick ; Hyun, Sangwon ; Ryoo, Jungwoo. / Threat modeling and analysis of voice assistant applications. Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. editor / Brent ByungHoon Kang ; JinSoo Jang. Springer Verlag, 2019. pp. 197-209 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{fc1488df545442a790e7ee40f26c30f4,
title = "Threat modeling and analysis of voice assistant applications",
abstract = "Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.",
author = "Geumhwan Cho and Jusop Choi and Hyoungshick Kim and Sangwon Hyun and Jungwoo Ryoo",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-17982-3_16",
language = "English (US)",
isbn = "9783030179816",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "197--209",
editor = "Kang, {Brent ByungHoon} and JinSoo Jang",
booktitle = "Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers",
address = "Germany",

}

Cho, G, Choi, J, Kim, H, Hyun, S & Ryoo, J 2019, Threat modeling and analysis of voice assistant applications. in BB Kang & J Jang (eds), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11402 LNCS, Springer Verlag, pp. 197-209, 19th World International Conference on Information Security and Application, WISA 2018, Jeju Island, Korea, Republic of, 8/23/18. https://doi.org/10.1007/978-3-030-17982-3_16

Threat modeling and analysis of voice assistant applications. / Cho, Geumhwan; Choi, Jusop; Kim, Hyoungshick; Hyun, Sangwon; Ryoo, Jungwoo.

Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. ed. / Brent ByungHoon Kang; JinSoo Jang. Springer Verlag, 2019. p. 197-209 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Threat modeling and analysis of voice assistant applications

AU - Cho, Geumhwan

AU - Choi, Jusop

AU - Kim, Hyoungshick

AU - Hyun, Sangwon

AU - Ryoo, Jungwoo

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.

AB - Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.

UR - http://www.scopus.com/inward/record.url?scp=85065018679&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85065018679&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-17982-3_16

DO - 10.1007/978-3-030-17982-3_16

M3 - Conference contribution

AN - SCOPUS:85065018679

SN - 9783030179816

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 197

EP - 209

BT - Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers

A2 - Kang, Brent ByungHoon

A2 - Jang, JinSoo

PB - Springer Verlag

ER -

Cho G, Choi J, Kim H, Hyun S, Ryoo J. Threat modeling and analysis of voice assistant applications. In Kang BB, Jang J, editors, Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Springer Verlag. 2019. p. 197-209. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-17982-3_16