Abstract

Traditional bank locker security systems that depend on mechanical keys, static passwords, or single-modality biometrics, like fingerprints or fixed voice phrases, have several weaknesses. These include risks of spoofing, replay attacks, and reliance on external infrastructure. Current voice-based solutions often do not include liveness detection and are not fully integrated, which limits their practical use. This study introduces a standalone, spoof-resistant voice-based smart locker system that is entirely implemented on an ESP32-S3 microcontroller. The system uses a dynamic challenge-response method, where users receive randomized digit sequences (for example, “3-8-1-5”) to guard against replay attacks. Voice features are extracted using 39- dimensional Mel-Frequency Cepstral Coefficients (MFCCs), and speaker verification is conducted using lightweight Gaussian Mixture Models (GMMs) tailored for each user. To combat spoofing, liveness cues such as spectral flux at the start of speech, variance in zero- crossing rate, and response latency (under 3 seconds) are incorporated. The system was tested with 20 users (10 male and 10 female) in various environments: quiet, office (60 dB), and café (65 dB), and it was evaluated against replay attacks using a smartphone speaker from different distances. In quiet conditions, the system achieved an Equal Error Rate (EER) of 2.1%, while under 60 dB noise, the EER was 4.8%. The False Acceptance Rate (FAR) against replay attacks was less than 1%, which is a significant improvement over fixed-phrase systems that had FARs greater than 30%. The average time to unlock was 2.4 seconds, with all processing done offline on the device. The solution requires no more than 100 KB of flash storage per user and functions without needing cloud or PC support. This work showcases a practical, embedded voice authentication system that effectively addresses major issues in current locker security, such as the absence of liveness detection, reliance on static credentials, and lack of embedded designs. Tested under realistic conditions, the proposed system provides a strong, cost- effective, and deployable solution for secure access control in banking and institutional environments.