Analysis, Assessment, and Mitigation of Risks in Voice Biometric Authentication Systems
Abstract
Purpose. To develop and substantiate a formalized methodology for comprehensive analysis and quantitative assessment of risk criticality in voice biometric authentication systems, taking into account the architectural features of embedding models and the adaptive nature of modern cyber threats.
Method. The study employs a combination of analytical, quantitative, and applied research methods aimed at the formalized analysis and prioritization of risks in voice biometric authentication systems, considering their architectural characteristics and the contemporary threat landscape. The core research method is a quantitative–analytical assessment of risk criticality based on a modified risk management model.
Findings. It has been determined that the most critical threats to voice authentication systems are attacks involving synthesized and cloned speech, which are characterized by high levels of probability, impact, and adaptability. It is shown that the integration of a liveness detection module based on the analysis of nonlinear spectral–phase characteristics of the audio signal makes it possible to significantly reduce the integral risk criticality of deepfake attacks and to shift them from a critical level to a moderate or acceptable one.
Theoretical implications. The theoretical contribution lies in advancing approaches to the formalized analysis of cyber risks in biometric systems by incorporating the adaptive nature of modern attacks. The proposed model extends classical approaches to biometric security assessment beyond traditional accuracy metrics such as FAR and FRR.
Practical implications. The practical significance of the research consists in the possibility of using the proposed methodology for threat prioritization at the design and software implementation stages of voice biometric authentication systems. The obtained results can be applied by developers to justify the selection of protective mechanisms, in particular liveness detection modules, in order to enhance the cyber resilience of such systems.
Value. The study contributes by forming a comprehensive approach to assessing risk criticality in voice authentication systems that combines architectural analysis, quantitative evaluation, and the substantiation of software-based countermeasures. The proposed approach provides a foundation for systematic risk structuring and for improving the soundness of engineering decisions in the field of voice biometrics.
Future research. Further research should focus on automating the assessment of the threat adaptability coefficient, expanding the set of features for detecting synthesized speech, and experimentally validating the proposed methodology on real industrial voice authentication systems.
Papertype. Analytical and applied study.
Downloads
References
Skoryk, Y., & Bezruk, V. (2023). Selection of the preferred biometric authentication method. International Science Journal of Engineering & Agriculture, 2(4), 28–34. https://doi.org/10.46299/j.isjea.20230204.04
Adelusi, J. (2024). Voice biometrics for authentication: A comprehensive exploration. https://www.researchgate.net/publication/387060240_Voice_Biometrics_for_Authentication_A_Comprehensive_Exploration
Samofal, A. (2022). System of biometric identification and authentication of personnel at industrial facilities (Extended abstract of PhD dissertation). Kyiv, Ukraine.
Ruda, K. (2025). Research on the scalability of voice-embedding-based biometric authentication systems. Social Development and Security, 15(1), 161–170. https://doi.org/10.33445/sds.2025.15.1.15
Filonenko, P., & Vynokurova, O. (2011). Analysis of biometric authentication and identification systems using hybrid intelligent methods for protection against unauthorized access. Radiotekhnika, (166).
Ruda, K., et al. (2024). Comparison of digital signal processing methods and deep learning models in voice authentication. Cybersecurity: Education, Science, Technique, 1(25), 140–160.
Jain, A. K., Ross, A., & Prabhakar, S. (2004). An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology, 14(1), 4–20.
ISO/IEC. (2017). ISO/IEC 2382-37:2017 Information technology — Vocabulary — Part 37: Biometrics. https://www.iso.org/standard/66375.html
Saaty, T. L. (2008). Decision making with the analytic hierarchy process. International Journal of Services Sciences, 1(1), 83–98.
Daugman, J. (2004). How iris recognition works. IEEE Transactions on Circuits and Systems for Video Technology, 14(1), 21–30.
Galbally, J., Marcel, S., & Fierrez, J. (2014). Biometric antispoofing methods: A survey in face recognition. IEEE Access, 2, 1530–1552. https://doi.org/10.1109/ACCESS.2014.2322355
Snyder, D., Garcia-Romero, D., Sell, G., Povey, D., & Khudanpur, S. (2018). X-vectors: Robust DNN embeddings for speaker recognition. In Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (pp. 5329–5333).
Biggio, B., & Roli, F. (2018). Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84, 317–331. https://doi.org/10.1016/j.patcog.2018.07.023
Kinnunen, T., & Li, H. (2010). An overview of text-independent speaker recognition: From features to supervectors. Speech Communication, 52(1), 12–40. https://doi.org/10.1016/j.specom.2009.08.010
Wu, Z., Evans, N., Kinnunen, T., Yamagishi, J., Alegre, F., & Li, H. (2015). Spoofing and countermeasures for speaker verification: A survey. Speech Communication, 66, 130–153. https://doi.org/10.1016/j.specom.2015.02.007
Behl, A., & Behl, K. (2017). Cyberwar, cyberterrorism and cybercrime: A review. Journal of Global Information Technology Management, 20(3), 190–203. https://doi.org/10.1080/1097198X.2017.1364669
ISO/IEC. (2018). ISO/IEC 27005:2018 Information technology — Security techniques — Information security risk management. https://www.iso.org/standard/75281.html
Ruan, K. (2017). Introducing cybernomics: A unifying economic framework for measuring cyber risk. Computers & Security, 65, 77–89. https://doi.org/10.1016/j.cose.2016.12.004
Abstract views: 43 PDF Downloads: 23
Copyright (c) 2025 Dmytro Sabodashko, Khrystyna Ruda, Yuliia Oliiarnyk, Andrii Nestor
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors agree with the following conditions:
1. Authors retain copyright and grant the journal right of first publication (Download agreement) with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
2. Authors have the right to complete individual additional agreements for the non-exclusive spreading of the journal’s published version of the work (for example, to post work in the electronic repository of the institution or to publish it as part of a monograph), with the reference to the first publication of the work in this journal.
3. Journal’s politics allows and encourages the placement on the Internet (for example, in the repositories of institutions, personal websites, SSRN, ResearchGate, MPRA, SSOAR, etc.) manuscript of the work by the authors, before and during the process of viewing it by this journal, because it can lead to a productive research discussion and positively affect the efficiency and dynamics of citing the published work (see The Effect of Open Access).
