Threat modeling and analysis of voice assistant applications

Geumhwan Cho; Jusop Choi; Hyoungshick Kim; Sangwon Hyun; Jungwoo Ryoo

doi:10.1007/978-3-030-17982-3_16

Threat modeling and analysis of voice assistant applications

Geumhwan Cho, Jusop Choi, Hyoungshick Kim, Sangwon Hyun, Jungwoo Ryoo

Division of Business, Engineering, and Information Sciences & Technology (Altoona)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Scopus citations

Abstract

Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.

Original language	English (US)
Title of host publication	Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers
Editors	Brent ByungHoon Kang, JinSoo Jang
Publisher	Springer Verlag
Pages	197-209
Number of pages	13
ISBN (Print)	9783030179816
DOIs	https://doi.org/10.1007/978-3-030-17982-3_16
State	Published - 2019
Event	19th World International Conference on Information Security and Application, WISA 2018 - Jeju Island, Korea, Republic of Duration: Aug 23 2018 → Aug 25 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11402 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th World International Conference on Information Security and Application, WISA 2018
Country/Territory	Korea, Republic of
City	Jeju Island
Period	8/23/18 → 8/25/18

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-17982-3_16

Cite this

Cho, G., Choi, J., Kim, H., Hyun, S., & Ryoo, J. (2019). Threat modeling and analysis of voice assistant applications. In B. B. Kang, & J. Jang (Eds.), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers (pp. 197-209). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-17982-3_16

Cho, Geumhwan ; Choi, Jusop ; Kim, Hyoungshick et al. / Threat modeling and analysis of voice assistant applications. Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. editor / Brent ByungHoon Kang ; JinSoo Jang. Springer Verlag, 2019. pp. 197-209 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{fc1488df545442a790e7ee40f26c30f4,

title = "Threat modeling and analysis of voice assistant applications",

abstract = "Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.",

author = "Geumhwan Cho and Jusop Choi and Hyoungshick Kim and Sangwon Hyun and Jungwoo Ryoo",

note = "Funding Information: Acknowledgments. This work was supported in part by the ITRC (IITP-2018-2015-0-00403) and the NRF (No. 2017K1A3A1A17092614). The authors would like to thank all the anonymous reviewers for their valuable feedback. Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.; 19th World International Conference on Information Security and Application, WISA 2018 ; Conference date: 23-08-2018 Through 25-08-2018",

year = "2019",

doi = "10.1007/978-3-030-17982-3_16",

language = "English (US)",

isbn = "9783030179816",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "197--209",

editor = "Kang, {Brent ByungHoon} and JinSoo Jang",

booktitle = "Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers",

address = "Germany",

}

Cho, G, Choi, J, Kim, H, Hyun, S & Ryoo, J 2019, Threat modeling and analysis of voice assistant applications. in BB Kang & J Jang (eds), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11402 LNCS, Springer Verlag, pp. 197-209, 19th World International Conference on Information Security and Application, WISA 2018, Jeju Island, Korea, Republic of, 8/23/18. https://doi.org/10.1007/978-3-030-17982-3_16

Threat modeling and analysis of voice assistant applications. / Cho, Geumhwan; Choi, Jusop; Kim, Hyoungshick et al.
Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. ed. / Brent ByungHoon Kang; JinSoo Jang. Springer Verlag, 2019. p. 197-209 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Threat modeling and analysis of voice assistant applications

AU - Cho, Geumhwan

AU - Choi, Jusop

AU - Kim, Hyoungshick

AU - Hyun, Sangwon

AU - Ryoo, Jungwoo

N1 - Funding Information: Acknowledgments. This work was supported in part by the ITRC (IITP-2018-2015-0-00403) and the NRF (No. 2017K1A3A1A17092614). The authors would like to thank all the anonymous reviewers for their valuable feedback. Publisher Copyright: © Springer Nature Switzerland AG 2019.

PY - 2019

Y1 - 2019

N2 - Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.

AB - Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in very few studies. In this paper, we identify potential threats to voice assistant applications and assess the risk of those threats using the STRIDE and DREAD models. Our threat modeling demonstrates that generic voice assistants can potentially have 16 security threats. To mitigate the identified threats, we also discuss several defense strategies.

UR - http://www.scopus.com/inward/record.url?scp=85065018679&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85065018679&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-17982-3_16

DO - 10.1007/978-3-030-17982-3_16

M3 - Conference contribution

AN - SCOPUS:85065018679

SN - 9783030179816

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 197

EP - 209

BT - Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers

A2 - Kang, Brent ByungHoon

A2 - Jang, JinSoo

PB - Springer Verlag

T2 - 19th World International Conference on Information Security and Application, WISA 2018

Y2 - 23 August 2018 through 25 August 2018

ER -

Cho G, Choi J, Kim H, Hyun S, Ryoo J. Threat modeling and analysis of voice assistant applications. In Kang BB, Jang J, editors, Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Springer Verlag. 2019. p. 197-209. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-17982-3_16

Threat modeling and analysis of voice assistant applications

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this