Integration of biometrics and steganography: A comprehensive review

The use of an individual’s biometric characteristics to advance authentication and verification technology beyond the current dependence on passwords has been the subject of extensive research for some time. Since such physical characteristics cannot be hidden from the public eye, the security of digitised biometric data becomes paramount to avoid the risk of substitution or replay attacks. Biometric systems have readily embraced cryptography to encrypt the data extracted from the scanning of anatomical features. Significant amounts of research have also gone into the integration of biometrics with steganography to add a layer to the defence-in-depth security model, and this has the potential to augment both access control parameters and the secure transmission of sensitive biometric data. However, despite these efforts, the amalgamation of biometric and steganographic methods has failed to transition from the research lab into real-world applications. In light of this review of both academic and industry literature, we suggest that future research should focus on identifying an acceptable level steganographic embedding for biometric applications, securing exchange of steganography keys, identifying and address legal implications, and developing industry standards

IMDfence: Architecting a Secure Protocol for Implantable Medical Devices

Over the past decade, focus on the security and privacy aspects of implantable medical devices (IMDs) has intensified, driven by the multitude of cybersecurity vulnerabilities found in various existing devices. However, due to their strict computational, energy and physical constraints, conventional security protocols are not directly applicable to IMDs. Custom-tailored schemes have been proposed instead which, however, fail to cover the full spectrum of security features that modern IMDs and their ecosystems so critically require. In this paper we propose IMDfence, a security protocol for IMD ecosystems that provides a comprehensive yet practical security portfolio, which includes availability, non-repudiation, access control, entity authentication, remote monitoring and system scalability. The protocol also allows emergency access that results in the graceful degradation of offered services without compromising security and patient safety. The performance of the security protocol as well as its feasibility and impact on modern IMDs are extensively analyzed and evaluated. We find that IMDfence achieves the above security requirements at a mere less than 7% increase in total IMD energy consumption, and less than 14 ms and 9 kB increase in system delay and memory footprint, respectively

No soldiers left behind: An IoT-based low-power military mobile health system design

© 2013 IEEE. There has been an increasing prevalence of ad-hoc networks for various purposes and applications. These include Low Power Wide Area Networks (LPWAN) and Wireless Body Area Networks (WBAN) which have emerging applications in health monitoring as well as user location tracking in emergency settings. Further applications can include real-Time actuation of IoT equipment, and activation of emergency alarms through the inference of a user\u27s situation using sensors and personal devices through a LPWAN. This has potential benefits for military networks and applications regarding the health of soldiers and field personnel during a mission. Due to the wireless nature of ad-hoc network devices, it is crucial to conserve battery power for sensors and equipment which transmit data to a central server. An inference system can be applied to devices to reduce data size for transfer and subsequently reduce battery consumption, however this could result in compromising accuracy. This paper presents a framework for secure automated messaging and data fusion as a solution to address the challenges of requiring data size reduction whilst maintaining a satisfactory accuracy rate. A Multilayer Inference System (MIS) was used to conserve the battery power of devices such as wearables and sensor devices. The results for this system showed a data reduction of 97.9% whilst maintaining satisfactory accuracy against existing single layer inference methods. Authentication accuracy can be further enhanced with additional biometrics and health data information

Biometrics for internet‐of‐things security: A review

The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric traits and the number of biometric traits employed in the system. As for encryption, biometric‐cryptographic systems, which integrate biometrics with cryptography and take advantage of both to provide enhanced security for IoT, are thoroughly reviewed and discussed. Moreover, challenges arising from applying biometrics to IoT and potential solutions are identified and analyzed. With an insight into the state‐of‐the‐art research in biometrics for IoT security, this review paper helps advance the study in the field and assists researchers in gaining a good understanding of forward‐looking issues and future research directions

Finger-to-Heart(F2H): Authentication for wireless implantable medical devices

Any proposal to provide security for Implantable Medical Devices (IMDs), such as cardiac pacemakers and defibrillators, has to achieve a trade-off between security and accessibility for doctors to gain access to an IMD, especially in an emergency scenario. In this paper, we propose a Finger-to-Heart (F2H) IMD authentication scheme to address this trade-off between security and accessibility. This scheme utilizes a patient\u27s fingerprint to perform authentication for gaining access to the IMD. Doctors can gain access to the IMD and perform emergency treatment by scanning the patient\u27s finger tip instead of asking the patient for passwords/security tokens thereby achieving the necessary trade-off. In the scheme, an improved Minutia Cylinder-Code (MCC) based fingerprint authentication algorithm is proposed for the IMD by reducing the length of each feature vector and the number of query feature vectors. Experimental results show that the improved fingerprint authentication algorithm significantly reduces both the size of messages in transmission and computational overheads in the device, and thus can be utilized to secure the IMD. Compared to existing electrocardiogram signal-based security schemes, the F2H scheme does not require the IMD to capture or process biometric traits in every access attempt since a fingerprint template is generated and stored in the IMD beforehand. As a result, the scarce resources in the IMD are conserved, making the scheme sustainable as well as energy efficient