Show simple item record

dc.contributor.advisorYang, Bobby
dc.contributor.authorVargas, Sergio
dc.date.accessioned2020-03-18T03:03:26Z
dc.date.available2020-03-18T03:03:26Z
dc.date.copyright2020
dc.identifier.urihttp://hdl.handle.net/10292/13208
dc.description.abstractNot many years ago, the relationship between society and technology was related to a previous understanding or training of the different ways in which users could interact with them. It was common to receive training to operate different electronic devices such as computers or to receive training to handle various applications, such as spreadsheets for example. However, technology advances very fast, and it has become more intuitive and more comfortable to interact and incorporate into people's lives almost transparently. Similarly, many of the technology described in numerous science fiction stories in some cases have become a reality today. One of the latest technologies that simulate having a normal conversation with a human being is digital voice assistants, in which people without any previous training can almost establish a nearly normal conversation with those devices. Smart Personal Assistants (SPA) can help us to simplify activities at home. Similarly, with those devices, one can search for information on the Internet, buy products, make shopping lists, make calls, listen to music and do much more. The opportunities that these devices give us are extensive, and the limits are only tied to what people can do with their voices. Whereas, to the extent that hands-free digital assistants (SPA) become more prevalent in homes and businesses, different elements of society (Academics, scientists, and engineers) have raised their hands pointing out the risks to the privacy and security that these devices have generated. There are press reports, and even the companies producing these devices have admitted in some cases that they have heard private conversations that those devices have transmitted without the knowledge of the owners of the SPA. Although only using voice people can interact with the device; this feature could generate a breach in the security and privacy of the person or family communications exposing the life to unauthorised people or the companies that those devices connect too. The objective of this thesis is to demonstrate the flaws at the level of confidentiality, integrity, availability, and authentication of SPA devices, which can generate security and protection problems of information that these devices can capture and process. It will be introduced in this document, the life cycle of the SPA which composed of eight stages. The first is of the interaction between the user and the SPA. The second stage includes the information that is handled between the SPA and the home router. The third concerns the voice software recognition used by the device owner company to recognise the user´s utterance, process it and answer the user request. Web applications and mobile applications to access these devices are related to the fourth state of the ecosystem. States five and six point out the native applications and applications developed by third parties, respectively. Other AI (Artificial intelligence) cloud devices that work with SPAs are contained in stage seven of the ecosystem. The last state of the ecosystem (Eight) is associated with the physical devices that can be manipulated through SPA devices such as smart TVs, lights or smart plug, only to mention some of them, which are managed through of its respective cloud companies. It will be demonstrated through various security penetration tests, there are severe and worrisome threats to the safety and privacy of the owners of those devices. The digital forensic research will focus on obtaining useful artifacts which can use in a court of law. Through different tests, this document will prove that although there are no standard procedures to develop digital forensic research on SPA devices, it was possible to compile distinct data that may be useful in a court of law. Most of the information was found, it was achieved analysing the data stored on mobile devices; similarly, the data left on web-browsers proved to be meaningful; finally using no-APIs official showed that Amazon-Echo-Dot v3, release valuable information.en_NZ
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.subjectSmart Personal Assistantsen_NZ
dc.subjectAmazon-Echoen_NZ
dc.subjectGoogle-Home-Minien_NZ
dc.subjectSecurity and Analysis of SPAsen_NZ
dc.subjectForensic analysis of SPAsen_NZ
dc.subjectDigital-voice-assistantsen_NZ
dc.subjectHome-digital-assistantsen_NZ
dc.titlePrivacy Issues and Digital Forensic Analysis For "Smart Personal Assistants"en_NZ
dc.typeThesisen_NZ
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Information Security and Digital Forensicsen_NZ
dc.rights.accessrightsOpenAccess
dc.date.updated2020-03-18T02:45:38Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record