Improving Authentication in the Amazon Alexa Virtual Assistant by Using a Geofence

  1. Jorge Fernández García 1
  2. Martiño Rivera Dourado 1
  3. Rubén Pérez Jove 1
  4. Cristian R. Munteanu 1
  5. José Vázquez Naya 1
  1. 1 Universidade da Coruña
    info

    Universidade da Coruña

    La Coruña, España

    ROR https://ror.org/01qckj285

Book:
VI Congreso XoveTIC: impulsando el talento científico
  1. Manuel Lagos Rodríguez (ed. lit.)
  2. Álvaro Leitao Rodríguez (ed. lit.)
  3. Tirso Varela Rodeiro (ed. lit.)
  4. Javier Pereira Loureiro (coord.)
  5. Manuel Francisco González Penedo (coord.)

Publisher: Servizo de Publicacións ; Universidade da Coruña

Year of publication: 2023

Congress: XoveTIC (6. 2023. A Coruña)

Type: Conference paper

Abstract

Amazon Alexa processes voice commands as input to help users perform tasks. For protecting this commands, Amazon Alexa implements some security measures. These security measures, such as voice recognition and user’s PIN, do not have the ability to mitigate replay attacks. In order to mitigate replay attacks, in this paper, we propose an authentication method based on Geofencing, consisting of (1) an Android application and (2) an Alexa Skill. By using the Android application, the user is able to configure a geofence near the Amazon Echo smart speaker. The developed Alexa Skill only accepts requests when the user is within the established geofence. This method mitigates replay attacks: an attacker could only try to use a replay attack when the legitimate user is close to the speaker, making it unfeasible