Improving Authentication in the Amazon Alexa Virtual Assistant by Using a Geofence

• Jorge Fernández García ^[1] ; Martiño Rivera Dourado ^[1] ; Rubén Pérez Jove ^[1] ; Cristian R. Munteanu ^[1] ; José Vázquez Naya ^[1]
  1. [1] Universidade da Coruña

     Universidade da Coruña

     A Coruña, España

     
• Localización: VI Congreso XoveTIC: impulsando el talento científico / coord. por Javier Pereira-Loureiro , Manuel Francisco González Penedo ; Manuel Lagos Rodríguez (ed. lit.), Álvaro Leitao Rodríguez (ed. lit.), Tirso Varela Rodeiro (ed. lit.), 2023
• Idioma: inglés
• Enlaces
  • Texto completo
• Resumen

  • Amazon Alexa processes voice commands as input to help users perform tasks. For protecting this commands, Amazon Alexa implements some security measures. These security measures, such as voice recognition and user’s PIN, do not have the ability to mitigate replay attacks. In order to mitigate replay attacks, in this paper, we propose an authentication method based on Geofencing, consisting of (1) an Android application and (2) an Alexa Skill. By using the Android application, the user is able to configure a geofence near the Amazon Echo smart speaker. The developed Alexa Skill only accepts requests when the user is within the established geofence. This method mitigates replay attacks: an attacker could only try to use a replay attack when the legitimate user is close to the speaker, making it unfeasible