SpringerOpen Newsletter

Receive periodic news and updates relating to SpringerOpen.

Open Access Research Article

Video-Object Oriented Biometrics Hiding for User Authentication under Error-Prone Transmissions

Klimis Ntalianis1*, Nicolas Tsapatsoulis1 and Athanasios Drigas2

Author Affiliations

1 Department of Communication and Internet Studies, Cyprus University of Technology, 3603 Limassol, Cyprus

2 Net Media Laboratory, NCSR Demokritos, 15310 Athens, Greece

For all author emails, please log on.

EURASIP Journal on Information Security 2011, 2011:174945  doi:10.1155/2011/174945

The electronic version of this article is the complete one and can be found online at: http://jis.eurasipjournals.com/content/2011/1/174945


Received:12 April 2010
Revisions received:9 November 2010
Accepted:3 January 2011
Published:13 February 2011

© 2011 Klimis Ntalianis et al.

This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

An automatic video-object oriented steganographic system is proposed for biometrics authentication over error-prone networks. Initially, the host video object is automatically extracted through analysis of videoconference sequences. Next, the biometric pattern corresponding to the segmented video object is encrypted by a chaotic cipher module. Afterwards, the encrypted biometric signal is inserted to the most significant wavelet coefficients of the video object, using its qualified significant wavelet trees (QSWTs). QSWTs provide both invisibility and significant resistance against lossy transmission and compression, conditions that are typical in error prone networks. Finally, the inverse discrete wavelet transform (IDWT) is applied to provide the stego-object. Experimental results under various losses and JPEG compression ratios indicate the security, robustness, and efficiency of the proposed biometrics hiding system.

1. Introduction

Person authentication is one of the most important issues in contemporary societies. It ensures that a system's resources are not obtained fraudulently by illegal users. Real-life physical transactions are generally accomplished using paper ID while electronic transactions are based on password authentication, the most simple and convenient authentication mechanism over insecure networks. In [1], a remote password authentication scheme was proposed by employing a one-way hash function, which was later used for designing the famous S/KEY one-time password system [2]. However, in such schemes, a verification table should be maintained on the remote server in order to validate the legitimacy of the requesting users; if intruders break into the server, they can modify the verification table. Therefore, many password authentication schemes [37] have recognized this problem, and different solutions have been proposed to avoid verification tables.

One very popular solution is based on cryptographic keys, which are long and random (e.g., 128 bits for the Advanced Encryption Standard [8]), thus it is difficult to memorize. As a result, these keys are stored somewhere (e.g., on a server or smart card) and they are released based on some alternative authentication mechanism (e.g., password). However, several passwords are simple and they can be easily guessed (especially based on social engineering methods) or broken by simple dictionary attacks [9]. In this case, user protection is only as secure as the password (weakest link) used to release the correct decrypting key for establishing user authenticity. Simple passwords are easy to guess; complex passwords are difficult to remember, and some users tend to "store" complex passwords at easily accessible locations. Furthermore, most people use the same password across different applications; if a malicious user determines a single password, they can access multiple applications.

Many of these password-based authentication problems can be confronted by the incorporation of biometrics [10, 11]. Biometrics authentication refers to establishing identity based on the physical and/or behavioral characteristics of a person such as face, fingerprint, hand geometry, iris, voice, way of walking, and so forth. Biometric systems offer several advantages over traditional password-based schemes. They are inherently more reliable, since biometric traits cannot be lost or forgotten, they are more difficult to forge, copy, share, and distribute, and they require the person being authenticated to be present at the time and point of authentication. Thus, a biometrics-based authentication scheme is a powerful alternative to traditional systems, and it can be easily combined with password techniques to enhance the offered security.

In order to further promote the wide spread utilization of biometric techniques to applications over error prone networks, increased security and especially robustness of the biometric data is necessary. Towards this direction, proper combination of encryption and steganography can achieve this goal. In particular, cryptographic algorithms can scramble biometric signals so that they cannot be understood. In a real-world scenario, encryption can be applied to the biometric signals for increasing security; the templates that can reside in either a central database or a token (e.g., smart card, or a biometric-enabled device such as a cellular phone with a fingerprint sensor), can be encrypted after enrollment. During authentication, these encrypted templates can be decrypted and used for generating the matching result with the biometric data obtained online. As a result, the encrypted templates are secured since they cannot be utilized or modified without decrypting them with the correct key, which is typically secret. On the other hand, steganographic methods can hide encrypted biometric signals so that they cannot be seen, hence, reducing the chances of illegal modifications. Generally, steganography utilizes typical digital media such as text, images, audio, or video files as a carrier (called a host or cover signal) for hiding private information in such a way that unauthorized parties cannot detect or even notice its presence [12].

Several steganographic algorithms have been proposed in the literature, most of which are performed in pixel domain, where more capacity [13] is provided. Many of the existing approaches are based on least significant bit (LSB) insertion, where the LSBs of the cover file are directly changed with message bits. Examples of LSB schemes can be found in [14, 15]. However, LSB methods are vulnerable to extraction [16, 17], and they are very sensitive to image manipulations. For example, converting an image from BMP to JPEG and then back would destroy the hidden information [16]. Furthermore, if an enciphered message is LSB-embedded and transmitted over a mobile network, then it may not be possible to decipher it, even in case of little losses.

On the other hand, a limited number of methods to confront these problems have been proposed. In [18], spread spectrum image steganography (SSIS) was introduced. The SSIS incorporated the use of error control codes to correct the large number of bit errors. In [19], the message is hidden in the sign/bit values of insignificant children of the detail subbands, in nonsmooth regions of the image. Using this technique, steganographic messages can be sent in lossy environments, with some robustness against detection or attack. However, low losses are considered, and the problem of compression remains. A very interesting approach is proposed in [20]. The message is comprised of two components: a soft-authenticator watermark for authentication and tamper assessment of the given image, and a chrominance watermark employed to improve the efficiency of compression. The approach is implemented as a DCT-DWT dual domain, but, unfortunately, the authenticator watermark is not encrypted, making it possible to extract it.

There are also some schemes focusing on steganography of biometric signals. In [21], an amplitude modulation-based steganographic scheme is proposed, which, however, is not tested under compression or lossy transmission. In [22], a wavelet-based steganographic method for minutiae embedding is proposed. Nevertheless, if opponents know the embedding algorithm, they can easily extract the hidden information. In [23], fingerprints are hidden in the region of interest of images. Both DFT and DWT domains are examined. However, again, no encryption is incorporated, thus it is easy to extract the hidden fingerprints. Another interesting, but not resistant to compression, method is proposed in [24], where a remote multimodal biometrics authentication framework that works on the basis of fragile watermarking is designed. Finally, in [25], a DCT-SVD-based watermarking scheme is proposed for ownership protection using biometrics. The scheme is not tested under compression or lossy transmission.

In order to confront the problem of user authentication, in this paper, we propose an efficient wavelet-based steganographic method for biometric signals hiding in video objects, which focuses on optimizing the authentication rate of hidden biometric data over error prone transmissions. Interesting techniques for object-oriented data hiding have been presented in the literature, for example [26, 27], however, most of them do not particularly consider the case of biometric data. Thus the main contributions and novelties of the proposed system are as follows. (a) It is one of the first to use video objects to hide their respective biometrics. By this way "dual" authentication is accomplished, the first by visual perception of the figured person, and the second by extraction and matching of the hidden pattern. (b) Biometric signals are encrypted before hiding, using a fast chaotic method. The statistical properties of this novel combination are analyzed and presented. (c) A DWT-based algorithm is adapted for biometrics hiding. In contrast to most steganographic algorithms that are capacity-efficient, the proposed algorithm is very robust to several types of signal distortions. Even though it has been incorporated in a limited number of watermarking schemes, its steganographic potential has not been examined. (d) Resistance of steganographic biometrics systems to signal distortions has not been sufficiently investigated in the literature, a topic that is extensively considered in this paper. By this way, the proposed scheme contributes to illustrate the perspective of encrypted biometrics authentication systems over error prone networks.

In particular, in the proposed system, the biometric signal is initially enciphered using a chaotic pseudorandom bit generator and a chaos-driven cipher, based on mixed feedback and time-variant S-boxes. The use of a chaos-based cryptographic module is justified by the following facts. (a) Chaos presents many desired cryptographic qualities, such as sensitivity to initial conditions, a feature that is very important to an encryption scheme, (b) a chaotic pseudo-random bit generator works very well as a one-time pad generator [28, 29], and one-time pads have been proven to be information-theoretically secure, (c) implementations of popular public key encryption methods, such as RSA or El Gamal cannot provide suitable encryption rates, while security of these algorithms relies on the difficulty of quickly factorizing large numbers or solving the discrete logarithm problem, topics that are seriously challenged by recent advances in number theory and distributed computing and (d) private-key bulk encryption algorithms such as Triple DES or Blowfish, similarly to chaotic algorithms, are more suitable for transmission of large amounts of data. However, due to the complexity of their internal structure, they are not particularly fast in terms of execution speed and cannot be concisely and clearly explained, so as to enable detection of cryptanalytic vulnerabilities.

After encryption, a videoconference image, containing the owner of the biometric signal, is analyzed, and the host video object (VO) is automatically extracted based on the method proposed in [30]. Next, a DWT-based algorithm is proposed for hiding the encrypted biometric signal to the host video object. The proposed algorithm hides the encrypted information into the largest-value qualified significant wavelet trees (QSWTs) of energy-efficient pairs of subbands. Compared to other related schemes, the incorporated approach has the following advantages [31]. (a) It is one of the most efficient algorithms of the literature that better support robust hiding of visually recognizable patterns, (b) it is hierarchical and has multiresolution characteristics, (c) the embedded information is hard to detect by the human visual system (HVS), and (d) it is among the best known techniques with regards to survival of hidden information after image compression.

More specifically, initially the extracted host object is decomposed into two levels by the separable 2-D wavelet transform, providing three pairs of subbands (HL 2, HL 1), (LH 2, LH 1), and (HH 2, HH 1). Afterwards, the pair of subbands with the highest energy content is detected, and a QSWTs approach is incorporated [32] in order to select the coefficients where the encrypted biometric signal should be casted. Finally, the signal is redundantly embedded to both subbands of the selected pair, using a nonlinear energy-adaptable insertion procedure. Differences between the original and the stego-object are imperceptible to the HVS while biometric signals can be retrieved even under compression and transmission losses. Experimental results exhibit the efficiency and robustness of the proposed scheme, an overview of which is provided in Figure 1.

thumbnailFigure 1. An overview of the proposed system.

The rest of this paper is organized as follows. In Section 2, a short description of QSWTs together with the essential definitions is provided. In Section 3, the chaotic encryption scheme is analyzed while Section 4 discusses the proposed biometrics hiding method. Experimental results are given in Sections 5 and 6 concludes this paper.

2. Qualified Significant Wavelet Trees (QSWTs)

By applying the DWT once to an image, four parts of high, middle, and low frequencies (i.e., LL 1, HL 1, LH 1, HH 1) are produced, where subbands HL 1, LH 1, and HH 1 contain the finest scale wavelet coefficients. The next coarser scale wavelet coefficients can be obtained by decomposing and critically subsampling subband LL 1. This process can be repeated several times, based on the specific application. Furthermore, the original image can be reconstructed using the IDWT. In the proposed biometrics hiding scheme, coefficients with local information in the subbands are chosen as the target coefficients for inserting a fingerprint image. The coefficients' selection is based on the QSWT derived from EZW [33], and the basic definitions follow.

Firstly, a parent-child relationship is defined between wavelet coefficients at different scales, corresponding to the same location. Excluding the highest frequency subbands (i.e., HL 1, LH 1, and HH 1), every coefficient at a given scale can be related to a set of coefficients at the next finer scale of similar orientation. The coefficient at the coarse scale is called the parent, and all coefficients corresponding to the same spatial location at the next finer scale of similar orientation are called children. For a given parent, the set of all coefficients at all finer scales of similar orientation corresponding to the same location are called descendants.

Definition 1.

A wavelet coefficient is a parent of , where D is a subband labeled HL n, LH n, HH n, , , , and .

Definition 2.

If a wavelet coefficient at the coarsest scale and its descendants satisfy , , for a given threshold T, then they are called wavelet zerotrees, where .

Definition 3.

If a wavelet coefficient at the coarsest scale satisfy , for a given threshold T, then is called a significant coefficient.

Definition 4.

If a wavelet coefficient at the coarsest scale is a parent of , where D is a subband labeled HL n, LH n, HH n, satisfy , for given thresholds and , then and its children are called a QSWT.

3. The Chaotic Encryption Scheme

Since the process of hiding secret content within host files does not provide maximum security, in this paper each biometric signal is initially encrypted before hiding. Encryption is achieved by the proposed chaotic cryptographic module, an overview of which is given in Figure 2. The subsystem consists of a chaotic pseudo-random bit generator and a chaos-based cipher module. Details are provided in the following subsections.

thumbnailFigure 2. The encryption module.

3.1. Keys Generation Based on C-PRBG

In most secure cryptographic schemes, the security of the encrypted content mainly depends on the size of the key. In our system, for each biometric signal a different key is used, which has a size of 256 bits, leading to a symmetric cipher. Each key is generated by a chaotic pseudo-random bit generator (C-PRBG). C-PRBGs based on a single chaotic system can be insecure, since the produced pseudorandom sequence may expose some information about the employed chaotic system [34]. For this reason, in this paper, we propose a PRBG based on a triplet of chaotic systems, which can provide higher security than other C-PRBGs [35], as three chaotic systems are employed. The basic idea of the C-PRBG is to generate pseudo-random bits by mixing three different and asymptotically independent chaotic orbits.

Towards this direction, let , and , be three different 1-D chaotic maps:

(1)

where , , and are control parameters, , , and are initial conditions and , , denote the three chaotic orbits. Then a pseudo-random bit sequence can be defined as

(2)

According to this scheme, the generation of each bit of a key is controlled by the orbit of the third chaotic system, having as initial conditions the outputs of the other two chaotic systems.

3.2. The Encryption Module

After generating a pseudo-random key for each biometric signal, the cipher module is activated. Before encryption, the samples of each biometric signal are properly ordered. In case of 1-D signals (e.g., voice), the order is the same as the sequence of samples while in 2-D signals (e.g., fingerprint image) pixels are scanned from top-left to bottom-right, providing plaintext pixels . Next, we take into consideration the fact that multiple iterations of chaotic functions lead to slow ciphers while a small number of iterations may raise security problems, so that the encryption algorithm is both fast and secure [35]. In order to make possible a single iteration of the chaotic systems while maintaining high security standards, the proposed scheme combines a simple chaotic stream cipher and two simple chaotic block ciphers (with time variant S-boxes) to implement a complex product cipher.

Considering Figure 2, the operation of the cipher module can be described as follows: assume that and represent the plaintext and ciphertext samples, respectively, (both in -bit formats). Then the encryption procedure is defined by

(3)

where symbol represents the XOR function, are time-variant S-boxes (bijections defined on ) and is produced from the states of three chaotic functions. Here, the f S are also pseudorandomly controlled by the chaotic functions. The secret key provides the initial conditions and control parameters of the employed chaotic systems. The increased complexity of the proposed cipher against possible attacks is due to the mixed feedback (internal and external): at FB 1, at FB 2 and ciphertext feedback at FB 3, which lead the cipher to acyclic behavior.

The procedure is terminated after all ordered signal samples are enciphered, providing the final encrypted biometric signal. This encrypted signal is then used by the hiding module.

3.3. The Decryption Module

The decryption module receives at its input a vector of enciphered signal samples, the initial control parameters and initial conditions for the triplet of chaotic maps (C-PRBG module), and the initial cipher value (used at the first feedback).

Afterwards, the digital chaotic systems produce the same specific values used during encryption, but now for decryption purposes. The procedure is terminated after the final sample is decrypted and all decrypted samples are reordered (in case of 2D signals), to provide the initial biometrics signal.

4. The Proposed Biometrics Hiding Method

In the proposed biometrics hiding method, one of the initial steps includes detection of the QSWTs for a pair of subbands of the host video object. Towards this direction, let us assume that the host video object is decomposed into two levels using the DWT to provide three pairs of subbands: , , and . In this paper, and after extensive experimentation, just two levels are used, where 1 to 4 levels' decomposition has been examined. According to our findings, the best tradeoff between complexity and robustness was provided for 2 levels.

Next, in the proposed scheme, the selected pair contains the highest energy content compared to the other two pairs, that is: select , where

(4)

with , , , , and is the size of one of the subbands at level 2.

4.1. The Hiding Strategy

After selecting the pair of subbands containing the highest energy content, QSWTs are found for this pair, and the encrypted biometric signal is embedded by modifying the values of the detected QSWTs. Let us assume, without loss of generality, that pair is selected. Initially, the threshold values of each subband are estimated as

(5)

Next, the QSWTs are detected according to Algorithm 1.

Algorithm 1:Algorithm for QSWTs detection.

For    to  

For    to  /*  is the size of subband  */

  If  

      If   and  

      And   and  

       or  

      

   

   End If

   End If

   End For  

End For  

Afterwards, summation of the coefficients of QSWT[] for to is calculated, and if the encrypted biometric signal is of size (in case of 2-D signals), then the top QSWTs (based on the summation results) are selected for embedding the signal. For this reason, initially, the gray level values of the encrypted biometric signal are sorted in descending order, producing a gray-levels vector. Then for to the coefficients of the gray-levels matrix are embedded as follows:

(6)

where , is a scaling constant that balances unobstructedness and robustness, and is a coefficient of the LH 2 subband of the stego-object. This nonlinear insertion procedure is similar to [36] and adapts the message to the energy of each wavelet coefficient. Thereby, when is small, the embedded message energy is also small to avoid artifacts while when is large, the embedded message energy is increased for robustness. Similarly, for the coefficients of subband LH 1, we have

(7)

where ,, ,.

Finally, the 2-D IDWT is applied to the modified and unchanged subbands to form the stego-object.

4.2. Message Recovery

Considering that the stego-object (or a distorted version of it) has reached its destination, the encrypted biometric signal is initially extracted by following a reverse (to the embedding method) process. Towards this direction, let us assume that the recipient of the stego-object has also received the size of the encrypted 2-D biometric signal (), the scaling constants (, ), and possesses the original host video object. Then the following steps are performed in the recipient's side.

Step 1.

Initially, the received stego-object and original video object , which we assume that every authentication authority could have locally stored or securely obtained for example, from a central authentication database, are decomposed into two levels with seven subbands using the DWT,

(8)

Step 2.

Using the size , the embedded positions are detected by following the hiding process described in Section 4.1. Then the coefficients of subband LH 2 (LH 1) of are subtracted from the coefficients of subband LH 2 (LH 1) of , and the result is scaled down by the value of coefficient of LH 2 (LH 1) of , multiplied by .

(9)

Step 3.

The resulting hidden message coefficients and are averaged and rearranged to provide the encrypted biometric signal.

Step 4.

The original biometric signal is recovered by decrypting the enciphered signal (see Section 3.3).

Here, it should be mentioned that if the same video object is used for every authentication attempt, the scheme may become vulnerable to attacks. In order to confront this problem, the sender and receiver may share multiple video objects (poses) for each user. In each authentication session, the sender may select one pose and inform the receiver of the selected pose's ID. This is a methodology more resistant to attacks, which can become even more efficient if new poses of the users are periodically collected.

5. Experimental Results

For evaluation purposes, the proposed video-objects oriented biometric signals hiding scheme is examined in terms of security and efficiency. In particular, the database of the POLY-BIO project [37] was used, which contains more than 1500 biometric signals, 300 of which are fingerprints. The authentication setting, which focused on fingerprints, was simulation-based and included three different scenarios that are described in the following paragraphs. The general methodology included (a) extraction of the host video object from a videoconference image and detection of the QSWTs to embed the encrypted signal, (b) encryption of the fingerprint, (c) embedding of the encrypted signal to the host video object, (d) compression of the final content and simulated noisy transmission, (e) decompression, and extraction of the encrypted signal, (f) decryption and (g) authentication.

In particular, for presentation purposes the proposed, scheme is applied to the images depicted in Figures 3(a) and 4(a), where each frame is of size pixels. The respective 2-D fingerprint signals for these two persons are shown in Figures 3(b) and 4(b). Their size is pixels.

Initially the images are analyzed according to the method proposed in [30], and the two extracted host video objects are presented in Figures 3(d) and 4(d). Afterwards, the encryption algorithm is activated for enciphering each biometric signal. In our experiments, the three chaotic maps that are incorporated (both in the C-PRBG module and the cipher module) are piecewise linear chaotic maps (PWLCMs) of the form:

(10)

where , with initial control parameters set as , , and . The final encrypted biometric signals are depicted in Figures 3(c) and 4(c) (in 2-D form). As it can be observed, the encrypted content looks completely random and does not provide any clues relevant to the content or minutiae distribution. In particular, this fact is further illustrated in Figures 5(a) and 5(b), where the histograms of Figures 3(c) and 4(c) are presented, respectively. Both histograms approximate the histogram of a table with random values. This is a very important security merit, as the encrypted biometric signals approximate the statistics of a randomly generated 2-D signal, independently of the plaintext.

Here, it should be mentioned that due to the acyclic behavior of the encryption module, the output keystream has all the merits of one-time pads, and thus it is very difficult to cryptanalyze, using statistical attacks. For this reason some tests have been performed to check the security of the encryption system. Towards this direction, let us assume that an unauthorized user knows the QSWTs, where the encrypted biometric signal of Figure 3(c) is hidden and tries to decrypt it by, brute force attack. Let us also assume that he has also obtained a rearranged version of the image, where all pixels are on proper position. If the exact key is used, then the content can be decrypted. However, even if the key differs by just one bit, the content will not be decrypted as it can be seen in Figure 5(c).

Next, the robustness of the proposed biometrics hiding method has been extensively evaluated under various simulation tests, performed using MATLAB. In particular, during experimentation, the host video objects of Figures 3(d) and 4(d) were used, in which, the encrypted biometric signals of Figures 3(c) and 4(c) were hidden, respectively. Then according to the size of the encrypted biometric signals, the top QSWTs were selected for both host video objects to embed the signals. For simplicity, in the performed experiments, and were fixed in all frequency bands and were chosen to be and . The stego-objects can be seen in Figures 3(e) and 4(e), providing PSNRs of 46.17 and 45.44 dB, respectively. As it can be observed, the embedded encrypted biometric signals have caused imperceptible changes to the host video objects.

Afterwards, since the proposed system is designed for user authentication under error-prone transmissions, the case of mobile networks is further studied as a typical example, and the system's resistance is investigated under different JPEG compression ratios and various bit error rates (BERs). More particularly, compression ratios between 1.6 and 7.1 were used while BERs took values between and , considering that typical average BERs for cellular mobile radio channels are in the interval [10-4 10-3] [38]. In our simulations, we assume unreliable connectionless mobile transmission protocols, where errors occur only in the data field of each packet (headers remain intact). Furthermore, here it should be mentioned that even though the majority of mobile applications use "closed" image formats, there are some that use JPEG (e.g., Image Converter by AOXUE.studio or Image Converter 5th v3.0.0 for Symbian s60 5th edition), while the market tendency for JPEG-enabled applications is increasing. Finally, in all experiments, fingerprint authentication is based on the minutiae string matching algorithm presented in [39].

Under these assumptions, in order to fully illustrate the authentication capabilities of the proposed scheme and to compare it to another steganographic method, three different scenarios have been investigated. In the first scenario (SC1), the original biometric data is compressed and transmitted over error-prone channels without being encrypted or hidden. In the second scenario (SC2), the original biometric data is hidden into their respective host-objects using either the proposed method (PR) or another interesting steganographic method (ZG), introduced by Zhang et al. [40]. The final content is compressed and transmitted over error-prone channels. In the third scenario (SC3), which is the full usage scenario of the proposed scheme, the original biometric data is initially encrypted, and now, in contrast to SC2, the encrypted data is hidden to the respective host-objects. The final stego-objects are compressed and transmitted. In all three scenarios, the authentication accuracy is examined.

In particular in Figure 6, the authentication results of SC1 for more than 100 biometric signals are presented. In this case, where the original biometric signal is not hidden to a host-object, the average authentication rate was 72.07%. Furthermore, as it can be observed, compression increase has a more significant impact on authentication results compared to BER increase. This is expected, since distortion due to BER is local while compression has more global effects. In Figure 7, the authentication results of SC2 for the same 112 biometric signals, hidden in their respective stego-objects, is presented, both for the proposed scheme (PR) and the scheme by Zhang et al. (ZG). In this case, the average authentication rate of PR is 74.62 while ZG provides a rate of 4.67%. It is clear that capacity-efficient schemes such as Zhang's cannot survive to signal distortions. This is typical if we focus on the details of such methods. In Zhang's method, in the first layer of the embedding, one secret bit is inserted into each host pixel. If a secret bit is identical to the LSB of the corresponding pixel, no modification is made. Otherwise, the pixel value should be added or subtracted by one, and the choice of addition or subtraction will be determined in the second layer embedding, thus both adding/subtracting change the LSB. If a pixel value is odd, adding and subtracting one flips and keeps the second LSB, respectively. On the other hand, if a pixel value is even, the two operations cause opposite results in the second LSB. Thus the hidden information is hosted by the LSBs of the final content, which are very sensitive to signal distortions.

thumbnailFigure 6. First Scenario. Authentication of 112 biometric signals, under four different JPEG compression ratios and various BERs. SC1: first scenario. PR: proposed scheme. CR: compression ratio.

thumbnailFigure 7. Second scenario. Biometric signals authentication for 112 stego-objects, under four different JPEG compression ratios and various BERs. SC2: second scenario. PR: proposed scheme (red). ZG: Scheme by Zhang et al. (black). CR: compression ratio.

Now, regarding SC3 (full usage scenario), the experiment is repeated for the same 112 biometric patterns, however, in this case the original signals are firstly encrypted and then hidden to host-objects. Results of the retrieved biometric signals for video objects of Figures 3(e) and 4(e) are provided in Tables 1 and 2, respectively. As it can be observed, the retrieved biometric signals are visually apprehensible for the examined combinations of compression ratios and BERs.

Table 1. Biometric signal retrieval results for the stego-object of Figure 3(e), under different combinations of compression ratios and BERs.

Table 2. Biometric signal retrieval results for the stego-object of Figure 4(e), under different combinations of compression ratios and BERs.

In Figure 8, the authentication results of SC3 is presented, both for the proposed scheme (PR) and the scheme by Zhang et al. (ZG). In this case, the average authentication rate of PR is 69.7 while ZG's rate is 3.18%. Considering the 3 different scenarios, it is observed that when the original biometric signal is compressed and transmitted (SC1), the authentication rate is higher than in case of encryption (SC3). This is expected, since an encrypted by a one-time pad signal is less resistant to the plain signal. One encrypted pixel error usually produces more significant visual artifacts during decryption. Furthermore, from the authentication side of view, the best results were accomplished for the settings of SC2. However, even though SC3 is not the most efficient in terms of authentication performance or complexity, compared to SC1 and SC2, it is the most secure, a merit that may make it the first choice in real-world applications. Finally, the proposed scheme is more robust to signal distortions, compared to typical steganographic schemes that are based on LSBs' manipulation.

thumbnailFigure 8. Third scenario. Biometric signals authentication for 112 stego-objects, under four different JPEG compression ratios and various BERs. SC3: third scenario. PR: proposed scheme (red). ZG: Scheme by Zhang et al. (black). CR: compression ratio.

6. Conclusions

Biometric signals enter more and more into our everyday lives, since governments resort to their use in accomplishing crucial procedures (e.g., citizen authentication). Thus there is an urgent need to further develop and integrate biometric authentication techniques into practical applications.

Towards this direction, in this paper, the domain of biometrics authentication over error-prone networks has been examined. Since steganography by itself does not ensure secrecy, it was combined with a chaotic encryption system. The proposed procedure, other than providing results that are imperceptible to human visual system, it also outputs a stego-object that can resist different signal distortions. Experimental results on the database of POLY-BIO project [37], which contains more than 1500 biometric signals, illustrate the performance of the proposed system. Experiments have been designed to fulfill the requirements of three different scenarios. In the first scenario (SC1), the original biometric data was compressed and transmitted over error-prone channels without being encrypted or hidden. In the second scenario (SC2), the original biometric data was hidden into their respective host-objects, and the final content was compressed and transmitted over error-prone channels. In the third scenario (SC3), the original biometric data was initially encrypted and hidden into the respective host-objects and the final stego-objects were compressed and transmitted. All experiments have been performed for JPEG compression and typical BERs of wireless links. By examining the three scenarios, it was found that SC2 provided the highest authentication rate (about 75%). However, even though SC3 did not result into the best authentication scores or lowest complexity, it is the most secure among the three. Finally, the proposed scheme was also compared to a typical steganographic scheme based on LSBs' manipulation, which it outperformed, for the specified signal distortion conditions.

In future research, the effects of compression and mobile transmission of other hidden biometric signals (e.g., voice or iris) should also be examined, or cases of other common signal distortions such as additive noise or image resize operations could be considered. Another very interesting research topic focuses on tackling the problem of lost biometric data. Several techniques could be examined from the areas of image error concealment, region restoration, or region matching. Based on the focus of the first area, the lost biometric data can be concealed from the authentication module, so that it attempts to perform authentication even though parts are missing (maybe parts that do not contain any crucial information, for example, terminations/bifurcations in case of fingerprints). Restoration aims at reproducing lost regions, usually using interpolation techniques. In this case also, if the restored region would not contain crucial information, results could be interesting. Finally, region matching and classification methods can also play an important role in authenticating a partially complete biometric signal.

Acknowledgment

This was funded by the Cyprus Research Promotion Foundation in the framework of PLHRO/0506/04: "POLY-BIO," Multimodal Biometric Security System.

References

  1. L Lamport, Password authentication with insecure communication. Communications of the ACM 24(11), 770–772 (1981). Publisher Full Text OpenURL

  2. N Haller, The S/KEY one-time password system. Proceedings of the ISOC Symposium on Network and Distributed System Security, 1994, 151–157

  3. C-C Lee, M-S Hwang, W-P Yang, A flexible remote user authentication scheme using smart cards. Operating Systems Review 36(3), 46–51 (2002). Publisher Full Text OpenURL

  4. CC Chang, KF Hwang, Some forgery attacks on a remote user authentication scheme using smart cards. Informatica 14(3), 289–294 (2003)

  5. KC Leung, LM Cheng, AS Fong, CK Chan, Cryptanalysis of a modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 49(4), 1243–1245 (2003). Publisher Full Text OpenURL

  6. CL Hsu, Security of Chien et al.'s remote user authentication scheme using smart cards. Computer Standards and Interfaces 26(3), 167–169 (2004). Publisher Full Text OpenURL

  7. M Kumar, Some remarks on a remote user authentication scheme using smart cards with forward secrecy. IEEE Transactions on Consumer Electronics 50(2), 615–618 (2004). Publisher Full Text OpenURL

  8. W Stallings, Cryptography and Network Security: Principles and Practices, 3rd edn. (Prentice-Hall, Upper Saddle River, NJ, USA, 2003)

  9. DV Klein, Foiling the cracker: a survey of, and improvements to, password security. Proceedings of the 2nd USENIX Workshop Security, 1990, 5–14

  10. AK Jain, A Ross, S Prabhakar, An Introduction to Biometric Recognition. IEEE Transactions on Circuits and Systems for Video Technology 14(1), 4–20 (2004). Publisher Full Text OpenURL

  11. RM Bolle, JH Connell, NK Ratha, Guide to Biometrics (Springer, New York, NY, USA, 2004)

  12. MD Swanson, M Kobayashi, AH Tewfik, Multimedia data-embedding and watermarking technologies. Proceedings of the IEEE 86(6), 1064–1087 (1998). Publisher Full Text OpenURL

  13. M Ramkumar, AN Akansu, Capacity estimates for data hiding in compressed images. IEEE Transactions on Image Processing 10(8), 1252–1263 (2001). PubMed Abstract | Publisher Full Text OpenURL

  14. RG van Schyndel, AZ Tirkel, CF Osborne, A digital watermark. Proceedings of the IEEE International Conference on Image Processing, 1994 2, 86–90

  15. JJKÓ Ruanaidh, WJ Dowling, FM Boland, Watermarking digital images for copyright protection. Proceedings of the IEEE International Conference on Image Processing 3, 211–214

  16. NF Johnson, S Jajodia, Exploring steganography: seeing the unseen. Computer 31(2), 26–34 (1998)

  17. J Fridrich, R Du, M Long, Staganalysis of LSB encoding in color images. Proceedings of the IEEE International Conference on Multi-Media and Expo (ICME '00), July-August 2000, New York, NY, USA, 1279–1282

  18. LM Marvel, CG Boncelet, CT Retter, Spread spectrum image steganography. IEEE Transactions on Image Processing 8(8), 1075–1083 (1999). PubMed Abstract | Publisher Full Text OpenURL

  19. S Areepongsa, YF Syed, N Kaewkamnerd, KR Rao, Steganography for a low bit-rate wavelet based image coder. Proceedings of the IEEE International Conference on Image Processing (ICIP '00), 2000, Vancouver, Canada 1, 597–600

  20. D Kundur, Y Zhao, P Campisi, A steganographic framework for dual authentication and compression of high resolution imagery. Proceedings of the IEEE International Symposium on Circuits and Systems, May 2004, Vancouver, Canada 2, II1–II4

  21. AK Jain, U Uludag, Hiding biometric data. IEEE Transactions on Pattern Analysis and Machine Intelligence 25(11), 1494–1498 (2003). Publisher Full Text OpenURL

  22. K Zebbiche, L Ghouti, F Khelifi, A Bouridane, Protecting fingerprint data using watermarking. Proceedings of the 1st NASA/ESA Conference on Adaptive Hardware and Systems (AHS '06), June 2006, tur, 451–456

  23. K Zebbiche, F Khelifi, Region-based watermarking of biometric images: case study in fingerprint images. International Journal of Digital Multimedia Broadcasting 2008 (2008)

  24. T Hoang, D Tran, D Sharma, Remote multimodal biometric authentication using bit priority-based fragile watermarking. Proceedings of the 19th International Conference on Pattern Recognition (ICPR '08), December 2008, 1–4

  25. NN Rao, P Thrimurthy, BR Babu, A novel scheme for digital rights management of images using biometrics. International Journal of Computer Science and Network Security 9(3), 157–167 (2009)

  26. P Campisi, Object-oriented stereo-image digital watermarking. Journal of Electronic Imaging 17(4) (2008)

  27. VQ Pham, T Miyaki, T Yamasaki, K Aizawa, Robust object-based watermarking using feature matching. IEICE Transactions on Information and Systems 91(7), 2027–2034 (2008)

  28. KS Ntalianis, SD Kollias, Chaotic video objects encryption based on mixed feedback, multiresolution decomposition and time-variant S-boxes. Proceedings of the International Conference on Image Processing (ICIP '05), September 2005, Genova, Italy 2, 1110–1113

  29. S Li, X Zheng, X Mou, Y Cai, Chaotic encryption scheme for real-time digital video. Real-Time Imaging VI, January 2002, Proceedings of SPIE 4666, 149–160

  30. A Doulamis, N Doulamis, K Ntalianis, S Kollias, An efficient fully unsupervised video object segmentation scheme using an adaptive neural-network classifier architecture. IEEE Transactions on Neural Networks 14(3), 616–630 (2003). PubMed Abstract | Publisher Full Text OpenURL

  31. MS Hsieh, DC Tseng, YH Huang, Hiding digital watermarks using multiresolution wavelet transform. IEEE Transactions on Industrial Electronics 48(5), 875–882 (2001). Publisher Full Text OpenURL

  32. KS Ntalianis, ND Doulamis, AD Doulamis, SD Kollias, Automatic stereoscopic video object-based watermarking using qualified significant wavelet trees. Proceedings of the International Conference on Consumer Electronics (ICCE '02), June 2002, Los Angeles, Calif, USA, 188–189

  33. JM Shapiro, Embedded image coding using zerotrees of wavelet coefficients. IEEE Transactions on Signal Processing 41(12), 3445–3462 (1993). Publisher Full Text OpenURL

  34. VA Protopopescu, RT Santoro, JS Tollover, Fast and secure encryption—decryption method based on chaotic dynamics (US Patent No), . 5479513, 1995

  35. S Li, X Zheng, X Mou, Y Cai, Chaotic encryption scheme for real-time digital video. Real-Time Imaging VI, January 2002, Proceedings of SPIE 4666, 149–160

  36. X Wu, W Zhu, Z Xiong, YAQ Zhang, Object-based multiresolution watermarking of images and video. Proceedings of the IEEE Internaitonal Symposium on Circuits and Systems, May 2000, Geneva, Switzerland 1, 545–550

  37. A Kounoudes, N Tsapatsoulis, Z Theodosiou, M Milis, POLYBIO: multimodal biometric data acquisition platform and security system. in Biometrics and Identity Management, ed. by Schouten B, Juul NC, Drygajlo A, Tistarelli M (Springer, Berlin, Germany, 2009), pp. 216–227

  38. V Weerackody, C Podilchuk, A Estrella, Transmission of JPEG-coded images over wireless channels. Bell Labs Technical Journal 1(2), 111–125 (1996)

  39. M Kaur, M Singh, A Girdhar, PS Sandhu, Fingerprint verification system using minutiae extraction technique. Proceedings of World Academy of Science, Engineering and Technology, December 2008 36, 497–502

  40. X Zhang, W Zhang, S Wang, Efficient double-layered steganographic embedding. Electronics Letters 43(8), 482–483 (2007). Publisher Full Text OpenURL