Thu, 25. May. 2023   Giesen, Jens-Rene

Presentation at ACM CODASPY

Sebastian Surminski, member of the chair presented a new security solution for smart speakers in April at the ACM Conference on Data and Application Security and Privacy (CODASPY) in Charlotte, NC, in the United States.

Smart speakers like Amazon Alexa can be controlled by users via voice commands and are very popular. However, these devices have to listen in all the time via microphone to see if they are being addressed. And how can you be sure that this device is really just doing what it's supposed to, and hasn't perhaps been hacked and spying on the user?

One technique to determine the integrity of another device is "remote attestation." Remote attestation techniques allow one device to verify that another device is OK. The System Security Group, in collaboration with researchers at TU Darmstadt, has developed a method under the DFG Collaborative Research Center CROSSING called "SCAtt-man" for users to attest smart speakers with their smartphones to determine if the software on the device is unchanged or if viruses or other malware have been installed. In a user study, the prototype was found to have high usability. In addition, the subjects stated that this procedure increases their trust in smart speakers and that they would use it if this procedure were integrated into their smart speakers.

All further details can be found in the paper:
Surminski, S., Niesler, C., Linsner, S., Davi, L., & Reuter, C. (2023, April). SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand. In Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy (pp. 225-236).