Strong and/or multi-factor entity authentication protocols are of crucial importancein building successful identity management architectures. Popular mechanisms to achieve these types of entity authentication are biometrics, and, in particular, voice, for which there are especially interesting business cases in the telecommunication and financial industries, among others. Despite several studies on the suitability of voice within entity authentication protocols, there has been little or no formal analysis of any such methods.

In this paper we embark into formal modeling of seemingly cryptographic properties of voice. The goal is to define a formal abstraction for voice, in terms of algorithms with certain properties, that are of both combinatorial and cryptographic type. While we certainly do not expect to achieve the perfect mathematical model for a human phenomenon, we do hope that capturing some properties of voice in a formal model would help towards the design and analysis of voice-based cryptographic protocols, as for entity authentication. In particular, in this model we design and formally analyze two voice-based entity authentication schemes, the first being a voice-based analogue of the conventional password-transmission entity authentication scheme. We also design and analyze, in the recently introduced bounded-retrieval model [4], one voice-and-password-based entity authentication scheme that is additionally secure against intrusions and brute-force attacks, including dictionary attacks.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano, Public-Key Encryption with Keyword Search, in Proceedings of Eurocrypt 2004, LNCS, Springer-Verlag.
	2	J. L. Carter and M. N. Wegman, Universal Classes of Hash Functions, Journal of Computer and System Sciences, vol. 18, 1979, pp. 143--154.
	3	G. Davida, Y. Frankel, and B. Matt, On Enabling Secure Application through Off-Line Biometric Identification, in Proceedings of 1998 IEEE Symposium on Research in Security and Privacy.
	4	G. Di Crescenzo, R. Lipton, and S. Walfish, Perfectly-Secure Password Protocols in the Bounded Retrieval Model, in Proceedings of TCC 2006, LNCS, Springer-Verlag.
	5	Y. Dodis, L. Reyzin, and A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, in Proceedings of Eurocrypt 2004, LNCS, Springer-Verlag.
	6	D. Z. Du and F. K. Hwang, Combinatorial Group Testing and its Applications, World Scientific, Singapore, 1993.
	7	P. Erdos, P. Frankl and Z. Furedi, Families of finite sets in which no set is covered by the union of r others, in Israeli Journal of Mathematics, 51: 79--89, 1985.
	8	W. Kautz and R. Singleton, Nonrandom binary superimposed codes, in IEEE Transactions of Information Theory, vol. 10, pp. 363--377, 1964.
	9	Juan A. Garay , Jessica Staddon , Avishai Wool, Long-Lived Broadcast Encryption, Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology, p.333-352, August 20-24, 2000
	10	Robert Morris , Ken Thompson, Password security: a case history, Communications of the ACM, v.22 n.11, p.594-597, Nov. 1979  [doi>10.1145/359168.359172]
	11	L. Myers, An Exploration of Voice Biometrics, http://www.sans.org/reading room/whitepapers/authentication/1436.php, April 2004.
	12	N. K. Ratha , J. H. Connell , R. M. Bolle, Enhancing security and privacy in biometrics-based authentication systems, IBM Systems Journal, v.40 n.3, p.614-634, March 2001
	13	Salil Prabhakar , Sharath Pankanti , Anil K. Jain, Biometric Recognition: Security and Privacy Concerns, IEEE Security and Privacy, v.1 n.2, p.33-42, March 2003  [doi>10.1109/MSECP.2003.1193209]
	14	Bruce Schneier, Inside risks: the uses and abuses of biometrics, Communications of the ACM, v.42 n.8, p.136, Aug. 1999  [doi>10.1145/310930.310988]
	15	Michael Siper, Expanders, randomness, or time versus space, Journal of Computer and System Sciences, v.36 n.3, p.379-383, June 1988  [doi>10.1016/0022-0000(88)90035-9]
	16	Y. Sutcu, Q. Li, and N. Memon, Protecting Biometric Templates with Sketches: Theory and Practice, in IEEE Transactions on Information Forensics and Security, 2007