You’ve got 99 problems, but a pitch ain’t one.
With data breaches on the rise, the inability of passwords to keep online accounts secure is more apparent now than ever before. Instead, the use of multi-factor authentication can add another layer of security to fend off malicious attackers. While smart cards and tokens have been implemented throughout the years, a pair of Cornell students Sang Min Han and Alvin Wijaya recently designed their own 2FA system using PINs combined with a form of voice recognition.
The project, which is aptly named SingLock, isn’t as simple as saying a passphrase either. Based on an ATmega1284P, the system features a pair of password protection stages. Not only does a user need to enter a four-digit numeric identification number via key page, but just as its name implies, a user must also sing the correct pitch into the microphone in order to gain entry. And while, one may be worried about an attacker eavesdropping and attempting to sing the key themselves, the team has implemented a couple of mechanisms to defend against those situations.
Created as a final project for Bruce Land’s engineering class, the Makers reveal that SingLock is relatively more secure than the average keypad and/or keyboard-based systems. In addition, the sound-based security system doesn’t leave residues — such as heat signatures on a keypad after a button press — that may make the system vulnerable to penetration by outsiders. The system itself is comprised of three main components, including a keypad, an LCD user interface and a microphone, making it simple to use for a wide-range of users.
As the duo notes, the keypad and LCD screen serve as the main user interface of the system. Using the keypad, a user is instructed follow a set of directions provided on the screen in order to lock and unlock the system correctly. Both the LCD and the set of two LEDs serve as indicators of the system’s lock state. Initially, both the red and green LEDs are lit. However, when the system is locked correctly, only the red LED is lit. Conversely, when the system is successfully unlocked, only the green LED illuminations.
“SingLock is built on a few fundamental concepts in signal processing, namely sampling theory and frequency domain analysis of audio signals. Sampling is carried out so that the system operates at a reasonable range of frequencies. Peak-matching calculations performed at every attempt to unlock the system is carried out using the Fast Fourier Transform (FFT) algorithm. We review these signal processing fundamentals in the next section,” the duo explains.
The built-in microphone is responsible for recording the pitch of the user, while the analog acoustic input signal is amplified and filtered to remove ambient noise. This signal is then sampled into a digital signal by the Analog-to-Digital Converter (ADC) of the ATmega1284P. The team then takes the FFT of the sampled signal and match peaks to the stored peaks in the passkey in the frequency domain. If a predefined number of stored peaks in the passkey are found in the stored frequency peaks of the microphone input signal, the system unlocks. Otherwise, it remains locked.
“Most security systems we find today are keypad and/or keyboard-based. Speech, rather than button-pressing and/or typing, is however the main means of communications for most people. It is therefore intuitive to have speech as the basis of encryption when considering human usability factors and ease-of-access.”
Interested in learning more about the megaAVR based system? You can read all about the project, including its components, mathematical theory, as well as how to create one for yourself here. In the meantime, be sure to watch its demo below.