A Cancelable Iris- and Steganography-Based User Authentication System for the Internet of Things

Wencheng Yang¹, Song Wang², Jiankun Hu³, Ahmed Ibrahim⁴, Guanglou Zheng⁴, Marcelo Jose Macedo⁴, Michael N Johnstone⁴, Craig Valli⁴

Affiliations

¹ Security Research Institute, Edith Cowan University, Perth, WA 6207, Australia. w.yang@ecu.edu.au.
² Department of Engineering, La Trobe University, Melbourne, VIC 3083, Australia.
³ School of Engineering and Information Technology, University of New South Wales, Canberra, ACT 2600, Australia.
⁴ Security Research Institute, Edith Cowan University, Perth, WA 6207, Australia.

PMID: 31284592
PMCID: PMC6651016
DOI: 10.3390/s19132985

A Cancelable Iris- and Steganography-Based User Authentication System for the Internet of Things

Wencheng Yang et al. Sensors (Basel). 2019.

. 2019 Jul 6;19(13):2985.

doi: 10.3390/s19132985.

Authors

Wencheng Yang¹, Song Wang², Jiankun Hu³, Ahmed Ibrahim⁴, Guanglou Zheng⁴, Marcelo Jose Macedo⁴, Michael N Johnstone⁴, Craig Valli⁴

Affiliations

¹ Security Research Institute, Edith Cowan University, Perth, WA 6207, Australia. w.yang@ecu.edu.au.
² Department of Engineering, La Trobe University, Melbourne, VIC 3083, Australia.
³ School of Engineering and Information Technology, University of New South Wales, Canberra, ACT 2600, Australia.
⁴ Security Research Institute, Edith Cowan University, Perth, WA 6207, Australia.

PMID: 31284592
PMCID: PMC6651016
DOI: 10.3390/s19132985

Abstract

Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique-steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques.

Keywords: cancelable; feature data protection; iris; steganography.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest.

Figures

**Figure 1**
A partial taxonomy of authentication schemes for IoT devices (adapted from [6]).

**Figure 2**
The entire authentication process of the proposed system.

**Figure 3**
Three iris feature generation steps—Step 1: segmentation, Step 2: normalization, and Step 3: feature extraction.

**Figure 4**
An image before key hiding (**left**) and after key hiding (**right**). The difference between them is impossible to distinguish with the naked eye.

**Figure 5**
Three iris samples from the CASIA-IrisV3-Interval, MMU-V1, and UBIRIS-V1-Session 1 databases, in (a), (b), and (c), respectively.

**Figure 6**
System performance under different score thresholds, with m = 500 on the CASIA-IrisV3-Interval database. FRR, false rejection rate; FAR, false acceptance rate.

**Figure 7**
System performance under different score thresholds, with m = 1000 on the CASIA-IrisV3-Interval database.

**Figure 8**
System performance under different score thresholds, with m = 2000 on the CASIA-IrisV3-Interval database.

**Figure 9**
Distribution of the similarity scores of imposter tests with different feature dimensions on the CASIA-IrisV3-Interval database.

See this image and copyright information in PMC

References

1. Ashton K. That ‘internet of things’ thing. RFID J. 2009;22:97–114.
1. Habib K., Torjusen A., Leister W. A novel authentication framework based on biometric and radio fingerprinting for the IoT in eHealth; Proceedings of the 2014 International Conference on Smart Systems, Devices and Technologies (SMART); Paris, France. 20–24 July 2014; pp. 32–37.
1. Macedo M.J., Yang W., Zheng G., Johnstone M.N. A comparison of 2D and 3D Delaunay triangulations for fingerprint authentication; Proceedings of the 2017 Australian Information Security Management Conference; Perth, Australia. 5–6 December 2017; pp. 108–115.
1. Lai Y.-L., Jin Z., Teoh A.B.J., Goi B.-M., Yap W.-S., Chai T.-Y., Rathgeb C. Cancellable iris template generation based on Indexing-First-One hashing. Pattern Recognit. 2017;64:105–117.
1. Masek L. Iris Recognition. [(accessed on 19 April 2019)]; Available online: https://www.peterkovesi.com/studentprojects/libor/

LinkOut - more resources

Full Text Sources
Other Literature Sources
- The Lens - Patent Citations Database

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

A Cancelable Iris- and Steganography-Based User Authentication System for the Internet of Things

Affiliations

A Cancelable Iris- and Steganography-Based User Authentication System for the Internet of Things

Authors

Affiliations

Abstract

Conflict of interest statement

Figures

References

LinkOut - more resources

Full Text Sources

Other Literature Sources