Content area
Full text
Abstract: Voice biometrics offer a convenient and secure authentication method, but the rise of sophisticated deepfake technology presents a significant challenge. This work presents an architecture for voice-based authentication and authorization that integrates deepfake detection to mitigate this risk. This paper explores the design of this cloud-native architecture, leveraging Amazon Web Services (AWS) services for orchestration and scalability. The system combines cutting-edge Al models for robust voice-printing and real-time deepfake analysis. We discuss multi-factor authentication (MFA) strategies that provide layered defense against unauthorized access. Two specific use cases are explored: identity verification and secure approval of banking transactions. This paper addresses key considerations for real-world deployment, including system resiliency, cost-effectiveness, and the efficiency of the Al models under varying conditions. We evaluate the architecture's suitability as a two-factor authentication (2FA) solution, focusing on the accuracy of deepfake detection and the rates of false negatives and false positives.
Keywords: Voice biometrics, Deepfake detection, Authentication and authorization, Al-Driven security, Biometric security
1. Essentials of Access Control Systems
Access control is a fundamental security requirement for systems where resources or processes must be accessible only to authorized entities (individuals, systems, or devices) (Bishop, 2003). These systems employ tiered access levels (permissions) based on user profiles, evident in applications ranging from streaming services where parental controls restrict content based on age, to high-security environments like nuclear facilities, where critical functions (e.g., missile launch) necessitate synchronized physical actions (e.g., multiperson authorization) to mitigate risk. The sensitivity and criticality of the resource or process directly correlates with the stringency of the access control measures employed.
Every access control system comprises three core processes: identification, authentication, and authorization (NIST, 2013):
* Identification; This process encompasses the activities required to ascertain the identity of a user, either during initial enrollment or in subsequent interactions. Enrollment often involves an authoritative validation of the user's identity, establishing a unique record within the system linked to an identifier (e.g., username, government-issued ID). In future interactions, the user presents this identifier. However, this alone does not guarantee the user's authenticity.
* Authentication (AuthNf. This process establishes confidence that the entity presenting the identifier is the legitimate owner. This confidence can be based on objective (quantitative, measurable) or subjective (qualitative) assessments of the evidence provided.
* Authorization...