A Cancelable Iris- and Steganography-Based User Authentication System for the Internet of Things.

Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique-steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques.

Finger-to-Heart (F2H): Authentication for Wireless Implantable Medical Devices.

Any proposal to provide security for implantable medical devices (IMDs), such as cardiac pacemakers and defibrillators, has to achieve a trade-off between security and accessibility for doctors to gain access to an IMD, especially in an emergency scenario. In this paper, we propose a finger-to-heart (F2H) IMD authentication scheme to address this trade-off between security and accessibility. This scheme utilizes a patient's fingerprint to perform authentication for gaining access to the IMD. Doctors can gain access to the IMD and perform emergency treatment by scanning the patient's finger tip instead of asking the patient for passwords/security tokens, thereby, achieving the necessary trade-off. In the scheme, an improved minutia-cylinder-code-based fingerprint authentication algorithm is proposed for the IMD by reducing the length of each feature vector and the number of query feature vectors. Experimental results show that the improved fingerprint authentication algorithm significantly reduces both the size of messages in transmission and computational overheads in the device, and thus, can be utilized to secure the IMD. Compared to existing electrocardiogram signal-based security schemes, the F2H scheme does not require the IMD to capture or process biometric traits in every access attempt since a fingerprint template is generated and stored in the IMD beforehand. As a result, the scarce resources in the IMD are conserved, making the scheme sustainable as well as energy efficient.

Multiple ECG Fiducial Points-Based Random Binary Sequence Generation for Securing Wireless Body Area Networks.

Generating random binary sequences (BSes) is a fundamental requirement in cryptography. A BS is a sequence of N bits, and each bit has a value of 0 or 1. For securing sensors within wireless body area networks (WBANs), electrocardiogram (ECG)-based BS generation methods have been widely investigated in which interpulse intervals (IPIs) from each heartbeat cycle are processed to produce BSes. Using these IPI-based methods to generate a 128-bit BS in real time normally takes around half a minute. In order to improve the time efficiency of such methods, this paper presents an ECG multiple fiducial-points based binary sequence generation (MFBSG) algorithm. The technique of discrete wavelet transforms is employed to detect arrival time of these fiducial points, such as P, Q, R, S, and T peaks. Time intervals between them, including RR, RQ, RS, RP, and RT intervals, are then calculated based on this arrival time, and are used as ECG features to generate random BSes with low latency. According to our analysis on real ECG data, these ECG feature values exhibit the property of randomness and, thus, can be utilized to generate random BSes. Compared with the schemes that solely rely on IPIs to generate BSes, this MFBSG algorithm uses five feature values from one heart beat cycle, and can be up to five times faster than the solely IPI-based methods. So, it achieves a design goal of low latency. According to our analysis, the complexity of the algorithm is comparable to that of fast Fourier transforms. These randomly generated ECG BSes can be used as security keys for encryption or authentication in a WBAN system.

Truthful Channel Sharing for Self Coexistence of Overlapping Medical Body Area Networks.

As defined by IEEE 802.15.6 standard, channel sharing is a potential method to coordinate inter-network interference among Medical Body Area Networks (MBANs) that are close to one another. However, channel sharing opens up new vulnerabilities as selfish MBANs may manipulate their online channel requests to gain unfair advantage over others. In this paper, we address this issue by proposing a truthful online channel sharing algorithm and a companion protocol that allocates channel efficiently and truthfully by punishing MBANs for misreporting their channel request parameters such as time, duration and bid for the channel. We first present an online channel sharing scheme for unit-length channel requests and prove that it is truthful. We then generalize our model to settings with variable-length channel requests, where we propose a critical value based channel pricing and preemption scheme. A bid adjustment procedure prevents unbeneficial preemption by artificially raising the ongoing winner's bid controlled by a penalty factor λ. Our scheme can efficiently detect selfish behaviors by monitoring a trust parameter α of each MBAN and punish MBANs from cheating by suspending their requests. Our extensive simulation results show our scheme can achieve a total profit that is more than 85% of the offline optimum method in the typical MBAN settings.