Improving Authentication in the Amazon Alexa Virtual Assistant by Using a Geofence
- Jorge Fernández García 1
- Martiño Rivera Dourado 1
- Rubén Pérez Jove 1
- Cristian R. Munteanu 1
- José Vázquez Naya 1
-
1
Universidade da Coruña
info
- Manuel Lagos Rodríguez (ed. lit.)
- Álvaro Leitao Rodríguez (ed. lit.)
- Tirso Varela Rodeiro (ed. lit.)
- Javier Pereira Loureiro (coord.)
- Manuel Francisco González Penedo (coord.)
Publisher: Servizo de Publicacións ; Universidade da Coruña
Year of publication: 2023
Congress: XoveTIC (6. 2023. A Coruña)
Type: Conference paper
Abstract
Amazon Alexa processes voice commands as input to help users perform tasks. For protecting this commands, Amazon Alexa implements some security measures. These security measures, such as voice recognition and user’s PIN, do not have the ability to mitigate replay attacks. In order to mitigate replay attacks, in this paper, we propose an authentication method based on Geofencing, consisting of (1) an Android application and (2) an Alexa Skill. By using the Android application, the user is able to configure a geofence near the Amazon Echo smart speaker. The developed Alexa Skill only accepts requests when the user is within the established geofence. This method mitigates replay attacks: an attacker could only try to use a replay attack when the legitimate user is close to the speaker, making it unfeasible