The Cybersecurity Lecture Series at Georgia Tech is a free, one-hour lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from Fortune 500 companies, federal intelligence agencies, start-ups and incubators, as well as Georgia Tech faculty and students presenting their research. Lectures are open to all -- students, faculty, industry, government, or simply the curious.

RSVP

On Friday, March 2 guest speaker and Ph.D. Student, Erkam Uzun will present his lecture titled, "rtCaptcha: Video, voice, and smarts for secure authentication" about research that was recently unveiled at the Network and Distributed Systems Security Symposium conference in San Diego.

Facial/voice-based authentication is becoming increasingly popular (e.g., already adopted by MasterCard and AliPay), because it is easy to use. In particular, users can now authenticate themselves to online services by using their mobile phone to show themselves performing simple tasks like blinking or smiling in front of its built-in camera. Our study shows that many of the publicly available facial/voice recognition services (e.g. Microsoft Cognitive Services or Amazon Rekognition) are vulnerable to even the most primitive attacks. Furthermore, recent work on modeling a person’s face/voice (e.g. Face2Face) allows an adversary to create very authentic video/audio of any target victim to impersonate that target. All it takes to launch such attacks are a few pictures and voice samples of a victim, which can all be obtained by either abusing the camera and microphone of the victim’s phone, or through the victim’s social media account. In this work, we propose the Real Time Captcha (rtCaptcha) system, which stops/slows down such an attack by turning the adversary’s task from creating authentic video/audio of the target victim performing known authentication tasks (e.g., smile, blink) to figuring out what is the authentication task, which is encoded as a Captcha. Specifically, when a user tries to authenticate using rtCaptcha, they will be presented a Captcha and will be asked to take a “selfie” video while announcing the answer to the Captcha. As such, the security guarantee of our system comes from the strength of Captcha, and not how well we can distinguish real faces/voices from synthesized ones. To demonstrate the usability and security of rtCaptcha, we conducted a user study to measure human response times to the most popular Captcha schemes. Our experiments show that, thanks to the humans’ speed of solving Captchas, adversaries will have to solve Captchas in less than 2 seconds in order to appear live/human and defeat rtCaptcha, which is not possible for the best settings on the attack side. 

Erkam Uzun is a third-year Ph.D. student in the School of Computer Science at the Georgia Institute of Technology. He is advised by Professor Wenke Lee, Ph.D., and works as a researcher in the Institute for Information Security and Privacy. Prior to joining Georgia Tech, Uzun worked as a research engineer for two years in the Center for Cyber Security at New York University - Abu Dhabi. His research interests span a broad range of topics, focusing largely on audio/visual authentication systems, security and privacy, digital audio and image forensics, multimedia computing, machine learning and optimization. He holds three degrees from TOBB University of Economics and Technology in Ankara, Turkey: a Bachelor of Science degrees in both Computer Engineering and Electrical & Electronics Engineering, and a Master of Science degree in Computer Engineering.