Abstract
Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique-steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques.
Document Type
Journal Article
ISSN
1424-8220
Volume
19
Issue
13
PubMed ID
31284592
School
Security Research Institute
RAS ID
29033
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Publisher
MDPI
Comments
Yang, W., Wang, S., Hu, J., Ibrahim, A., Zheng, G., Macedo, M. J., ... Valli, C. (2019). A cancelable iris- and steganography-based user authentication system for the Internet of Things. Sensors, 19(13), Article 2985. Available here