A Novel Multi-Level Security Technique Based on IRIS Image Encoding

Providing highly secured access to restricted or private areas has become highly required these days, mainly due to terrorism threats. One method of security is no longer sufficient, hence the term and technology of a “multilevel” security system was developed by integrating more than one security procedure, on both hardware and software levels. This research provides a simple, cheap, easily achievable, yet highly secured multi-level security system to control access through doors. The system integrates IRIS scan authentication, innovative IRIS image encoding, encrypted of mobile communication, and multipoint Control Unit (MCU) Security as main procedures of security. The system’s novelty shows in the encoding and encryption of IRIS image data that is acquired by a mobile phone before it is sent to the authentication site, where it is decrypted by a cheap and fast MCU to retrieve the IRIS image that is fed into a Neural Network in order to grant authorization to the user.


Introduction
Securing confidential establishment that hold top-secret information is now done over more than one level.The old school password or IRIS scan or fingerprint recognition are becoming part of the past, science today is seeking to use multiple security procedures to enhance the security and minimize the danger of hacking into confidential systems and establishments.a lot of research was done to enhance the security over multiple levels by employing a combination of security approaches (Scheirer, Bishop, and Boult, 2013) to make hacking into these systems a hard thing to do, if not impossible, and to add different recognizable features that would allow more subjects be verifiable (Kanade et al., 2013).Recognizing a person based on his/her physical or behavioural features using a pattern recognition technique is referred to as "biometric recognition" (Gunasekaran et al., 2014).These features are recorded and saved on some storage media (a separate database or a memory chip for example).
Many biometric methods can be used in personal identification.New techniques like the study of gait, which is the distinctive way a person walks, require lots of calculations and pre-stored data in a spatio-temporal database (Bowyer et al., 2016).Recognizing a human's facial features is another identification technique that was adopted in research (Owayjan et al., 2015) because this is the way human beings recognize each other.Some researchers went as far as recognizing personal odour and take it as a biometric feature, as in the research of (Rodriguez-Lujan et al., 2013) where hand odour is recognized through multiple pattern recognition techniques.
The use of fingerprint and IRIS scan is the widely used biometric security measure, due to their uniqueness in recognizing a human being, since no two humans on the face of earth, not even twins, have the exact same features of those (Ngo et al., 2015).
IRIS authentication is done mostly by capturing IRIS print in advance and store it to compare it later with the live scanned at the authentication site.Yet this technique has proven to be vulnerable to attacks, like impersonation attacks (Itkis et al., 2015) as does any binary matching system.Reading fingerprint is also done using the aforementioned binary matching technique.The stored images of all ten fingerprint (and sometimes the whole palm print (Chin et al., 2014)) are compared against those captured at the authorization scene.However, different countermeasures have been studied and developed to overcome such vulnerability (Marasco and Ross, 2015) but new spoofing and hacking methods arise every day.
With the enhancements on graphics and the use of avatars and robots, faking certain biometrics, like face features and fingerprints, has become more applicable.So efforts were put to recognize these fake features as in the work of (Galbally, Marcel, and Fierrez, 2014) who employs enhanced image quality processing to assess the features and separate fake from legitimate.This work is another proof that relying only on biometric recognition for security might not be efficient.
Security measures developers have studied and developed many techniques that combine two or more authentication techniques.Some of the combinations integrated biometrics with network and hardware technologies to enhance security and prevent hacking.The most common and easy to use is the Near Field Communication (NFC), which is a short-range, wireless communication technology that allows two devices communicate and exchange data when they are at close fields and are paired together (Coskun, Ozdenizci and Ok, 2013).
New mobile phones are trying to be the top in the market by integrating new technologies and gadgets into the mobile device.Recent version of some mobile phone vendors have included a high-quality iris scanner within the phone.The captured iris images can be used in various applications related to the phone itself (De Marsico et al., 2015), and with some tweaking, can be used for applications that are not related to the phone itself.
Iris scanners that are embedded in some mobile phones has several advantages for authentication over other biometric features.According to the survey results done by (Meng et al., 2014); IRIS is considered non-intrusive authentication measure, easily collected, has a high recognition accuracy, and can be used universally.
Encryption of data, along with biometric measures, was adopted in many research to enhance the security, like the work of (Salas, 2013) who combined elliptic curve cryptography (ECC) encryption with fingerprint, (Li et al. 2017) where palm print was combined with two-layer error correction codes, and (Yan and You, 2017) who used the fingerprint as a transformed biometric public key used in encryption.
Physical attacks to the data used to authenticate legitimate users force security enforcement measures to take extra precautions when encrypting biometric data.The researchers in (Revenkar, Anjum, and Gandhare, 2010) propose a "visual encryption" technique, where biometric images are enclosed within another image that has no relation of information with the original iris image used for authentication.
Encoding the iris image into a different format was adopted in the research of (Tan and Kumar, 2014), were some basic iris features were randomly selected as 'geometric keys' to encode individual images before storing them, and are used later for comparison and authentication.Encoding iris features was investigated in (Thavalengal et al., 2015) where features are stored as vector data and stored for later comparison with pre-stored vectors of the same iris image (like user authentication).

The System Design and Hardware Structure
The process starts by capturing an IRIS image by the mobile phone's camera from a distance between 10 cm to 32 cm.After that the image is processed by a dedicated software to isolate IRIS segment in both internal (pupil boundaries) and external IRIS boundaries, a successful iris image capture results in an acceptance message shown on mobile application's interface (represented by a green Tick as in the Figure 1).The output is encoded and encrypted immediately for security purposes, after being transformed into a matrix and converted into a colorcoded image.Next, the encoded image will be sent to the authentication site through Near Field Communication (NFC) subroutine, to get it compared against the one stored in the database, which, by default, includes a copy of the color-coded image of the iris image of the authenticated users.When the similarity index returns true (based on a threshold value), it is said that a match with that user is found and thus the user is granted access.
To prevent personal identification information from being stolen or revealed, and to prevent impersonation attacks on the phone and connection; an encryption mechanism is needed such as RSA which is known to be strong and fast in encrypting data, with no known linear or algebraic weaknesses.
The block diagram of the entire system is illustrated in figure 2 below, showing the integration of the system's parts, where there's an NFC module that is responsible for sending encoded iris image data to the authentication site, the solenoid unit that is the main mechanism for opening the door, and a power source to feed the authentication and the door opening mechanism; all of these components are connected to the MCU that is responsible for receiving granting access commands through the NFC module from the base controller, and activates the door opening mechanism.

IRIS Image Encoding
The iris scanner captures the main features of the iris, and performs localization of the boundaries to determine the correct boundaries of the iris region.An identification process takes place to separate the pupil's boundaries from the IRIS's to establish initial identification points; these points are fitted to capture the distinguish features of the IRIS in a step ahead of converting this image into a matrix before encrypting and sending it to the authentication site.Figure 3 below shows detailed steps of the IRIS scanning procedure.

Figure 3. IRIS scan steps
The scanned IRIS image is stored as a 2D image matrix, where each entry represents a pixel of the iris image (example of features is shown in figure 4).The resulting matrix is ready for encryption using the known RSA algorithm that uses large prime numbers in simple mathematical operations to generate a public key.This public key is used to encrypt each entry of the colour coded image matrix, in a manner similar to the technique mentioned in the work of (Saranya and Prabhu, 2016).
The private key is used to decrypt this matrix's values to restore original colour codes.The encrypted coded image is then sent to the authentication site via NFC.

Sending Encoded Image and Authentication Process
The flow chart in figure 8 illustrates the steps taken in encode the iris image information.Once the image encoding process finishes, the final encrypted "mist-like" image file information is sent through the NFC module to the authentication site.
Figure 8. IRIS image coding process The NFC subroutine starts by receiving the encoded and encrypted image, and then it will keep sending handshake requests until the user's phone gets in the range of the microcontroller unit (MCU) which sends a reply to the handshake.Once this handshake is successful, the encrypted image is sent to the authentication site.This subroutine is shown in details in figure 9.
Figure 9. NFC subroutine At the authentication side (the door site), the image matrix (encoded and encrypted) is received by the MCU after a successful handshake procedure and acceptance.Since Microcontrollers in general have limited capabilities, it is easier (and more efficient) to process a colour code matrix rather than an image with features to be extracted and compared.The decryption process is initialized using the calculated private key from the RSA algorithm, and then reversing the encoding process, this time dividing each of the image matrix entries by the pre-defined vector k to transfer the iris image data back to a 2D image matrix as described in the flowchart of figure 10.
Figure 10.Image decoding and decryption process The retrieved features from the IRIS image are used as input to the Neural Network to match the received iris image with the one stored at the site.Once the image is validated, the door opening mechanism is activated and the user is granted access to the facility.The flowchart in figure 11 shows the security checking subroutine.
Figure 11.Final authentication subroutine

System Performance
A similar idea to the one proposed in this research was proposed in (Dwivedi et al., 2017), where a randomized look-up table was created and pixels of the IRIS image are mapped with values in this look-up table to generate a new coded image that cannot be returned to its original image unless the look-up table used for encoding is available.
Comparing the security technique of this research with the one in (Dwivedi et al., 2017) (hereafter named the lookup mapping technique) shows better applicability of the proposed system in terms of security and performance.In terms of security the look-up mapping technique doesn't enforce any security to the look-up table itself, where this table can be hacked when dumping device memory using K150 chip reader for example.While in the proposed technique, the encoded image is encrypted before being sent wirelessly.
When the image in the look-up mapping technique in (Dwivedi et al., 2017) is transmitted wirelessly it consumes a big space of the network's bandwidth, in addition to the need for more time in transmission and processing of the encoded image (four versions are sent).
Putting both techniques under different types of attacks returned brilliant results for the system we proposed in this research.The simple encryption procedure used in the look-up mapping technique makes the data easily sniffed in a silent attack, the system is also vulnerable to brute force attacks and packet retransmission based attacks.
The data in table 1 compares the time required by some of the most common attacks against both techniques (in case there was a successful hack).

Conclusion and Future Vision
Authentication is a very important issue these days, especially with the escalation of terrorism and vandalism actions.A new multilevel security system is proposed that uses the cutting-edge technology of mobile phones iris scanners to authenticate the user on the first level.
Iris image of the user is captured, and transformed into a formatted data matrix, that cannot be recognized if it was interrupted and captured while transferred.Another advantage of this transformation is to allow the simple, yet efficient, microcontroller unit process and decode the received image faster and more reliable.
The NFC secured communication allows better performance and higher security reliability since it activates

Figure 1 .
Figure 1.Mobile phone application -IRIS Successful Read

Figure 7 .
Figure 7.The colour image resulting from encoding the iris image

Table 1 .
Time required for different types of attacks to hack the encoded IRIS image