CallShield: Secure Caller Authentication over Real-Time Audio Channels
Mouna Rabh, Yazan Boshmaf, Mashael Alsabah, Shammur Chowdhury, Mohamed Hefeeda, Issa Khalil
TL;DR
CallShield tackles the problem of real-time caller authentication over traditional telephony without transcription or internet connectivity by embedding cryptographically verifiable messages into live speech using neural watermarking. It introduces a three-layer solution: a frame-synchronous Real-Time Audio Watermarking (RTAW) scheme, a data-link protocol over audio with synchronization and BCH error correction, and a lightweight symmetric-key challenge–response authentication using HMAC. The system achieves high end-to-end authentication success (≈99.2% on clean audio, >95% under distortions) while preserving audio quality (PESQ>4.2, STOI>0.94) and maintains practical latency (average ≈63 s with bounded retransmissions). This approach enables secure, real-time identity verification in untrusted telephony environments, with strong resilience to spoofing and minimal network dependencies, and it lays the groundwork for future probabilistic cryptographic extensions and burst-error channel models.
Abstract
We present CallShield, the first caller identity authentication system that operates entirely at the audio layer, without relying on speech transcription, internet connectivity, or trusted infrastructure. CallShield introduces a real-time neural watermarking technique that enables per-bit embedding and recovery within 40-millisecond frames of live 8 kHz speech. This capability allows CallShield to transform the real-time audio channel into a noisy serial communication medium. To ensure reliable data transmission, CallShield implements a low-bitrate data link protocol that provides basic frame synchronization along with error detection, correction, and recovery. For caller authentication, CallShield adopts a secure and lightweight symmetric-key protocol that relies on pairwise shared secrets among trusted contacts. The system completes the full authentication process in an average of 63 seconds, including up to three retransmission attempts, making it suitable for real-time deployment. Extensive experiments under realistic telephony conditions demonstrate that CallShield achieves an overall authentication success rates exceeding 99.2% on clean audio and over 95% under common distortions, aided by selective retransmission of failed messages. Additionally, CallShield maintains high audio quality, achieving PESQ scores above 4.2 and STOI scores above 0.94 on clean speech, and exhibits robustness across a wide range of channel distortions, validating its practical viability for secure, real-time caller authentication.
