1.0 VoiceAuth ------------- VoiceAuth is a module for the Linux-PAM project intended to authenticate users by their voice, instead of letting the user type his/her username/password. VoiceAuth has the following features: - Speaker dependent (one cannot login as another user by just speaking someone's password) - Password checking in various levels: + Voice password length + Fourier coefficients dependency Necessary packages: - Linux-PAM Of course, you will also need to have an sound driver up and running, such as OSS or ALSA . The current version works with the OSS API, but the ALSA OSS emulation is fully functional. The provided module has a few parameters the administrator can use to improve the security of the password matches, while also giving a very flexible in means of system configuration. They are: "va_dir=" Define the directory to be used as repository of the voice password files. #define DEFAULT_VOICE_AUTH_DIR "/etc/security/voiceauth" "audiodev=" Define the audio device to be used when dealing with the microphone. #define DEFAULT_AUDIO_DEVICE "/dev/dsp" "mixerdev=" Define the mixer device to be used. #define DEFAULT_MIXER_DEVICE "/dev/mixer" "mic_level=" Set the default mixer volume. The default value (-1) means the microphone volume should not be modified. #define DEFAULT_MIC_LEVEL -1 "igain_level=" Set the default input gain. The default value (-1) means the input gain level should not be modified. #define DEFAULT_IGAIN_LEVEL -1 "silence_level=" Set the silence level. This can be used on a well-known environment, where the noise volume is always the same (I don't know of any, but..). This value can be overwritten by the application: the module can calibrate this level on every authentication. #define DEFAULT_SILENCE_LEVEL 32760 "silence_threshold=" Set the silence threshold, that is: the first data up to ($silence_level * (1 + $silence_threshold)) will be defined as the start of the speaking. #define DEFAULT_SILENCE_THRESHOLD 0.05 "corr_threshold=" Define the correlation threshold. This is one of the most important variables: it will tell the module if the password spoken by the user is the same as the stored one. Values smaller than 0.9 can authenticate wrong passwords. #define DEFAULT_CORR_THRESHOLD 0.9 "passwd_maxlen_diff=" Define the max difference in length between the stored password and the spoken one. This variable must be greater than 1.0. See the sources for more information about how this variable is used. #define DEFAULT_PASSWD_MAXDIFF 1.35 An entry in the pam.conf file for the 'voicelogin' application should be configured such as: # The PAM configuration file for the 'voiceauth' service voicelogin auth required pam_voice_auth.so \ va_dir=/etc/security/voiceauth \ audiodev=/dev/dsp \ mixerdev=/dev/mixer \ mic_level=80 \ igain_level=35 \ silence_level=32760 \ silence_threshold=0.07 \ corr_threshold=0.95 \ passwd_maxlen_diff=1.25 The module also define a default prompt. Surelly it is a ridiculous one, just to make application developers to choose a reasonable msg ;) #define DEFAULT_PROMPT "Sing your password now" 2.0 Additional Applications --------------------------- 2.1 VoicePasswd --------------- VoicePasswd acts as 'passwd', but instead of dealing with /etc/passwd and /etc/shadow, this one keeps track of the (new) /etc/va_passwd file. This file has the following structure: username:password_length 'username' must be a valid account. This is already checked by the VoicePasswd program. 'password_length' represents the length of the voice password spoken by the user. The password is stored on a raw/binary file named $va_dir/. By now, there is not any kind of encryption on it. The method to be used is still being studed, and is the next thing to be implemented on the software. Note that the use of the voice authentication rely both on va_passwd and on $va_dir/, so you must first create the user's voice passwords with this application to be able to use 'voicelogin' or another program based on VoiceAuth module. VoicePasswd uses by default the 'MIC' channel as recording device. If you are using another channel, such as 'LINE IN', either change it to 'MIC' or make your own modifications to the voicepasswd.c file. In a not-so-far future VoicePasswd will have it's own config file, and these problems will be fixed quickly. 2.2 VoiceLogin -------------- 'voicelogin' is an implementation of the 'login' program, using the PAM conversation methods to authenticate the user. VoiceLogin was implemented as a way to learn the application view of PAM, rather than implementing things in the module land only. To let 'voicelogin' act as the default login program, a simple modification on /etc/inittab can be made, as shown below: 1:2345:respawn:/sbin/agetty -il /bin/voicelogin tty1 9600 2.3 PlayPasswd -------------- Although 'playpasswd' doesn't fit in the original sketch, it is a very useful tool to enable recovery of lost passwords. The command-line syntax is: $ playpasswd