Trash Eavesdropping Alexa with a Secure Open Source Alternative
The Linux Foundation sponsored this post.
“Alexa, how’s the weather today?”
I start every day by asking Alexa Echo this question as I prepare my children’s backpacks for school. It’s convenient and I do not need to look at my smartphone to know how to properly clothe them.
The Voice User Interface and Voice Assistant Devices have become an integral part of our daily lives. It is likely that you have one or two Alexas at home or have thought about buying one as a gift. While it might not be perfect at understanding everything you ask nor have all the functionality you desire but it has come a long way.
Talking to computers like “Jarvis from Iron Man have evolved into real-working conversational engines. It is an inevitable change to the computer user interface that will be commonplace in my children’s generation. They’ll use this technology like we use the mouse or touch screen today.
However, there are still many people who don’t like to use this technology. Many are concerned someone is eavesdropping on their conversation. The concerns are not unfounded — there have been multiple incidents reported that these devices and providers are lacking 100 percent protection of privacy. These devices can not only be an invasion of privacy but also expose critical corporate data.
For this reason, I wanted to create and demonstrate a way to secure voice data and conversation, as well as actions/engagements from the conversation for use in the Enterprise. Vicom Infinity created a device called VIVA (Vicom Infinity Voice Assistant) that can provide a secure voice assistant for enterprise users. VIVA utilizes three key technologies from IBM as well as from The Linux Foundation’s Open Mainframe Project — Watson Assistant/STT/TTS for IBM Cloud Private, IBM LinuxONE Secure Service Container and Open Mainframe Project’s Zowe.
First, the IBM LinuxONE Secure Service Container (SSC) provides a hyper-protected container/server to host API handlers’ actions. SSC can be equipped with IBM Z CryptoExpress HSM (CEX), which provides FIPS 140-2 Level 4 security. The IBM Z has provided this level of security for over a decade. SSC will encrypt its root file system as well as persistent data storage using encryption keys protected by CEX’s master key. IBM Cloud Private on SSC deploys Docker containers using “runq” instead of “runc,” which also provides another layer of security to host multiple conversational skills and services.
Secondly, IBM Watson Assistant, Speech-to-Text and Text-to-speech will be hosted on IBM Cloud Private (ICP). ICP is IBM’s version of Kubernetes cluster manager for on-premise cloud solutions. You can download ICP for free and access many SW catalogs on a trial basis. ICP also comes with various enterprise offerings. IBM Watson running on ICP guarantees complete control of your voice and conversation data since it will be in your data center with the protected storage key and not off premises in the Cloud.
Finally, VIVA uses Open Mainframe Project’s Zowe as a framework to mediate APIs from various sources, especially from the IBM Z mainframe. Originally launched last August, the Zowe framework provides interoperability and uses the latest web technologies among products and solutions from multiple vendors. It also helps enable developers to use the familiar, industry-standard, open source tools to access mainframe resources and services. Just six months later, Open Mainframe Project launched production-ready Zowe 1.0, which makes the z/OS environment more “cloud-like” and aims to improve integration in hybrid cloud environments.
Why IBM Z? There is a great portion of corporate data stored on IBM Z today. For example, more than 80 percent of credit card transactions go through the IBM Z. So, if you swiped your card (or tapped with Apple Pay), chances are you interfaced with an IBM Z Mainframe. Since Zowe runs on IBM Z, it is protected by its highly secure access controls for APIs.
The Open Mainframe Project’s Zowe community is open to every developer, not just mainframe developers, as it can serve as a gateway/connector to outside of the mainframe for many applications.
Our VIVA is a good example of how we used Zowe to manage IBM Z system APIs to obtain information using the Voice User Interface.
When I start or end my work day, I ask VIVA some of the following questions (“Hey TJ” is in honor of Thomas J Watson, the founder of IBM):
“Hey TJ, what is the current CPU utilization?”
“Hey TJ, how is my mainframe doing?”
To learn more about Open Mainframe Project or Zowe, visit the Open Mainframe Project’s website.
Feature image via Pixabay.
