The Vocal Adversary: Privacy Protection by Voice
Keywords
Loading...
Authors
Issue Date
2022-12-01
Language
en
Document type
Journal Title
Journal ISSN
Volume Title
Publisher
Title
ISSN
Volume
Issue
Startpage
Endpage
DOI
Abstract
Many privacy sensitive attributes such as gender, age, emotion and health of a speaker can be obtained just
by their voice. Users of voice controlled devices, i.e. Smart Voice Assistants (SVAs) are often unaware
of the privacy risks of voice input. So-called inference attacks specifically target the privacy sensitive
attributes from a voice and are very successful with Deep Neural Networks. Proposed protective measures
against inference attacks often also rely on neural networks to obfuscate privacy sensitive attributes from
speech. Neural-on-neural methods are successful in the white-box case where the attacker neural network
is known. Here, the protective computational perturbations can be sufficiently small to not disrupt the
utility of the Automatic Speech Recognition (ASR) system that is needed to use the SVA. However, we
find that additionally to being unpractical and not realistic for the use case of SVAs, neural adversaries
are not successful when trying to protect against inference attacks that are based on speech features.
Instead we propose the vocal adversary: a person using their voice to obfuscate privacy sensitive
paralinguistic attributes.
The experiments in this thesis specifically focus on gender obfuscation and before-the-mic protection.
By examining successful neural adversaries with the use of speech features historically developed by
speech scientists that link back to the speech mechanisms, it is revealed what speech features are useful
for gender obfuscation. The vocal adversary leverages these features to protect against both neural and
feature-based gender inference attacks without losing utility of the voice control. The vocal adversary is
intended to provide a realistic everyday protection against inference attacks without requiring extensive
effort on behalf of the SVA user. While more research is necessary, this thesis provides a step away from
solely neural methods and towards more interpretable non-computational methods that are realistic to
use in a daily manner.
Description
Citation
Supervisor
Faculty
Faculteit der Sociale Wetenschappen