Abstract
Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique—steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques.
Highlights
In Internet of Things (IoT) networks, things, called smart objects, are connected by wireless networks, producing and consuming data in order to perform their function
Contributions of this work: To reduce the risk introduced by the exposure of user-specific keys, we propose a cancelable iris- and steganography-based user authentication system
Since the objective of this paper is to design an authentication system that improves the security of the cancelable iris biometrics by hiding the secret key K, we implemented an online steganography program [39]
Summary
In Internet of Things (IoT) networks, things, called smart objects, are connected by wireless networks, producing and consuming data in order to perform their function. Smart objects in the IoT are commonly bound with sensors and computing capabilities, which enable them to sense the surrounding environment, communicate with each other, and potentially make a decision without (or with limited) human intervention. Because of the energy and computing constraints of smart objects (e.g., cameras), rather than relying on their limited resources, data need to be collected and transmitted wirelessly by smart objects to remote central servers for further processing in the scenario of remote surveillance IoT networks. For such IoT networks, security threats such as unauthorized access can significantly impact on data confidentiality and user privacy. The capability of an authentication system to detect imposters determines the trust level in the IoT environment [2]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
