Voice-based authentication systems capture an audio sample of a user's voice at the point of authentication (e.g., at a time the user attempts to access a secured resource such as a device or application) and analyze the audio sample against one or more enrolled voice samples/templates to verify the identity of the user. According to one common implementation, the user is first asked to enroll his/her voice by uttering a user-defined passphrase. This utterance, or a representation thereof, is stored as an enrolled voice sample for the user. The user is then asked to utter the same passphrase at the point of authentication, thereby enabling the uttered sample to be compared with the enrolled sample for verification purposes.
One challenge with implementing a voice-based authentication system is ensuring that the system is resistant to replay attacks. In a replay attack, an imposter presents a pre-recorded audio sample of an enrolled user saying his/her passphrase to the voice authenticator, with the hopes that the authenticator will mistake the recording for a live utterance of the passphrase by the user. If the authenticator is not able to detect/verify the “liveness” of the presented sample, the authentication module may be fooled by the recording and allow entry/access to the imposter.