USF researchers work to close gap in security to help prove it's you behind a device

Apps often have you press a button or enter a code on your phone to log in. But, a couple of University of South Florida professors are working to close a gap in security to prove it’s actually you behind the device and not an imposter.

Sriram Chellappan developed technology to use your voice to prove you are where you say you are and create a digital alibi, and his reasons sprung from the need for justice. He teamed up with USF business professor Balaji Padmanabhan to create the "Here I Am" app.

"I know in criminal justice system many times, you know, people who are economically disadvantaged, they get rounded up for crimes mostly, and sometimes they can be detained too. So, when they are detained without alibis, they could lose their jobs," said Chellappan, a professor in the computer science and engineering department at USF College of Engineering. "So people come questioning for me because somebody saw me there. I can always provide the digital certificate."

MORE: Twitter Blue signups unavailable after raft of fake accounts

It’s an unforgeable alibi that records your voice and matches it then notes the time and place that gets stored on a server forever. Chellappan said he had the idea for the verification app for a few years

"How can I prove it so that the telecom company or the location service provider actually authenticates that? But they do it in such a manner that nobody can forge that authentication certificate," said Chellappan.

Padmanabhan said they worked on a prototype, built the app, got a patent in September, and are now looking to commercialize it. They came up with three different types of applications.

"We had the solo the person using it to authenticate themselves, an organization authenticating a user, and the third is ambient. The ambient is the one where you might want to protect yourself by leaving your phone, saying on a constant basis captures sound and stored it," said Padmanabhan.

PREVIOUS: USF researchers study evacuation behaviors before and after Hurricane Ian

They figured out the many ways people and businesses can use "Here I Am," including protecting against fraud when you use two-factor authentication on banking apps.

"Most of today's technologies are focusing on the device. They are authenticating you based on your phone. The user is not part of the authentication explicitly," said Padmanabhan. "This is a problem because more and more, people become sophisticated. They might find ways to evade device-based authentication, and so user-based authentication becomes critical."

There’s also ride share protection.

"First of all, I don't even know if the original Uber driver is the one picking me up. Maybe his friend or her friend is picking me up. That's a problem," said Chellappan. "There are lots of sexual assault reports in the night that rideshare companies are going through. So in technologies like this, Uber can then authenticate the driver every 5 minutes, every 10 minutes."

It can even be used to shield against cheating on standardized tests. 

READ: USF researcher studies impact of 'zero responders' during Hurricane Ian

"If I'm a student, I'm going to a testing center. How can the testing center know that somebody else is not taking the test?" said Chellappan. "They push the button. They read off the sentence, the device, the location, the voice they all registered compared. And then that can eliminate cheating."

Location is essentially to our daily lives, and it can be spoofed.

"That's what we're trying to do, [provide] provable location for years after the fact. That is unforgeable," said Chellappan.

So they are working with companies interested in preventing fraud. 

"Privacy is such an important thing, right? So technologies like this have to be deployed properly. And that's why we said, you know, almost all of our use cases, the user is in control of how this is being used," said Padmanabhan.

The USF professors said they are in talks with some businesses and hope to roll it out in the next few months. They said the tech can also be used for elections security, social media and even be help survivors of domestic abuse.