Irisbased Authentication Scheme in WLAN Using Logistic Map with MAC

— Shift from a wired network to a wireless network is rampant day by day due to the rapid development in information and wireless communications technology. But the wireless networks are insecure and more vulnerable to security threats and attacks. Biometric can play an important role in authentication and identification in WLAN. The image of iris varies from person to person; it could possibly be applied as a tool for biometric recognition and authentication used in WLAN. This paper attempts to introduce an iris based biometric authentication in WLAN using Logistic Map of cryptography and MAC. The encryption system utilizes an irisscanner to collect imagesof the iris of a person and applies an intelligent algorithm based on Chaos theory to generate initial keys for the Logistic Map. After applying Logistic Map, the randomness of irisimage results in a widely expanded key space which would be an ideal key generator for data encryption and decryption. Further to improve the security,We have introduced Message authentication Code (MAC) Scheme to match the hashed value of the decrypted templates from the encrypted templatesstored in the template database during enrollment with the MAC of current input iris image provided by the user for authentication.

Rest of the paper is organized as follows: Section II deals with related work, Section III deals with Proposed authentication scheme; Section IV presents experimental results and security analysis. Finally, we conclude the paper with conclusion and future work discussed in Section V.

II. RELATED WORK
HaojiangGao, Yisheng Zhang et. al.Proposed a new chaotic algorithm for image encryption. In this paper they presented a new nonlinear chaotic algorithm (NCA) which uses the power function and tangent function instead of linear function [1]. The experimental results demonstrated in this paper for the image encryption algorithm based on NCA shows advantages of large key space and high-level security, while maintaining acceptable efficiency. A novel chaotic fingerprint image encryption scheme is proposed combining with shuttle operation and nonlinear dynamic chaos system [2] was proposedby Song Zhao,Hengjian Li, and Xu Yan.Thechaos systemshows that the image encryption scheme provides an efficient and secure way for iris images encryption and storage. Muhammad Khurram Khan and Jiashu Zhang proposedan efficient and practical fingerprint-based remote user authentication scheme using smart cards, which is based on one-way collision free hash functions [3]. Experimental results derived in this paper show that the security, performance and accuracy of the presented system are encouraging for the practical implementation in real environment. A new image encryption technique was introduced by TiegangGao and Zengqiang Chen [4]. In their paper based on the image total shuffling matrix to shuffle the position of the image pixels and then uses a hyper chaotic function to complex the relationship between the plain image and the cipher image. The suggested image encryption algorithm has the advantage of large key space and high security. Moreover a coupled nonlinearchaotic map and a novel chaosbased image encryption technique were used to encrypt the color images by Sahar Mazloom and Amir MasudEftekhari-Moghadam [5]. In this paper they used the chaotic cryptography technique which is basically a symmetric key cryptography with a stream cipher structure. They used the 240 bit long secret key to generate the initial condition and to increase the security of the proposed system. The schemes are especially useful for encryption of large amounts of data, such as digital images or electronic databases. The compound Chaos algorithm combines the Lorenz Chaotic system and Logistics map to generate the pseudo-random sequences. Then the pseudo-random sequences are used to produce the permutation matrix to encrypt the digital image [6]. A novel Chaos based Biocryptic Security aware packet scheduling algorithm (CBSPS) to strengthen the security levels in the WLAN [7] was proposed.

III. PROPOSED SCHEME
In this section, we have provided a brief introduction of Logistic Map, Preprocessing, Segmentation and Encryption and Decryption process. The block diagram of the proposed authentication system is shown in the  X n+1 =rX n (1-X n ) Where X n is a system variable and r is the system parameter. When X n is the number between zero and one that represents the ratio of existing population to the maximum possible population. The values of the system parameter r are those in the interval [0, 4], but the interval of r [3.5699,4.00] gives a highly chaotic behavior with initial condition i.e X 0 ∈ [0,1]. Preprocessing:In this technique, our goal is to enhance the visual appearance of biometric images and improve the manipulation of the dataset. Image resampling, gray scale contrast enhancement, noise removal, mathematical operations and manual correlation are required in this technique. In image resampling, the no of pixels of the dataset are increased or reduced. Further the dataset is brightened to improve the visualization as shown in the below Fig2 and Fig3. Noise removal: For removing the noise from the image dataset, several techniques like i) low pass, high pass, band pass spatial filtering, ii) mean filtering, iii) median filtering etc. can be used. Low pass filtering replaces all pixels of intensity higher than the specified value.Mean filtering and median filtering work on a (n x n) sub region of the image, generally usually 3 or 5.High pass filtering replaces all pixels of intensity lower than the specified value. Band pass filter replaces all pixels of intensity lower than the specified value and higher than another one. Low, High and Bandpass special filtering are efficient only in specific cases. Fig 4 shows the noisy image and its corronsponding median filtered image.  Segmentation: It is the process of partitioning of an image into distinct (usually) non overlapping region in a meaningful way. It can also be thought of as a labelling operation, i.e a label corresponding to iris/anatomical structure is assigned to each pixel or voxel in the image.It identifies separate objects within an image and find a region of connected pixels with similar properties. It also finds boundaries between regions and remove unwanted regions. Feature domain Image domain segmentation can be of the following types i) manual ii) thresholding iii) region growing iv) hierarchical. Manual: Manual segmentation outlines the studied structure in each slice and is applied only on the contour or on the whole object. For segmentation, lines and splines can be used. It is usually a time consuming process. Thresholding: It relies on intensity differences between structures in an image. It can be extended to multiple threshold levels; It is simple to implement but it is a low tolerance to intensity rescaling; difficult to set threshold and can use little of spatial information. Region growing: It relies on intensity differences, but include the notion of spatial proximity of pixels and a seed point for the region. Hierarchical: In this segmentation, pixels of the image are clustered into regions of similar intensity to create an intensity hierarchy. Wheninitial seed is merged to the desired structure ofthe hierarchy, then it iteratively separates the inside and outside of the hierarchical structure. This type of segmentation is fast and easy to implement, but have medium tolerance to intensity rescaling and needs human interaction for defining seed forms. Feature domain segmentation: In this type of segmentation, each pixel is mapped to N pixels in the pixel space. It is powerful and tremendously flexible, but increase computations (because each pixel is mapped to N pixels). Also, large space requires a lot of data (for automated learning) or training examples ( for supervised learning). Two types of feature domain segmentation are used, i.e supervised and unsupervised. In supervised segmentation a set of learning data is given, a learning algorithm uses this to determine a classification rule for new data, whereas in an unsupervised algorithm attempt is to discover clusters (or group of data points) in the feature space. Encryption Process:In the proposed authentication scheme first capture an iris image and extract its features and generate a binary pattern from the given iris image. The binary pattern is further divided into small blocks of binary data to make the process simplified, because it is very difficult to encrypt the binary pattern of hundreds of thousands of bits at once. We made each block of 128 bits to make it simpler and to encrypt each block easily. A random block is then selected to create the initial condition for the secret key. The random selection of the block is preferred because of the attackers, so that no one can easily understand that which block is selected for the initial condition. Decryption Process: In this process, decryption is done byXORing of the encrypted templates of a particular user stored in the template database with the same key used in the encryption process. Plain Image= Encrypted Image⨁Key Where,⨁ indicates Exclusive OR operation. Authentication: In the authentication process, the MAC of the current captured iris image of a particular user is compared with the MAC of decrypted iris images from the encrypted iris templates of a particular user stored in the template database. If the match is found,thenthe user is authenticated and granted access to the system otherwise the system denied to the particular user to access the system.

IV. EXPERIMENTAL RESULTS
In order to evaluate and check the performance of the proposed algorithm, the database contains a lot of iris images taken from different people eyes. In our case, we have created the dataset of iris images of 80 people in our biometric lab, Department of CSE, NIT Jamshedpur and is used to carry out the experiment. These iris imagesare encrypted using logistic map for different value of r, where r is any real value between 0 and 1. The histogram image of the corresponding iris image is generated using Matlab are shown as given below. By observing the maps carefully it's clear that even changing in a small part of the value the whole map become different and are more invisible. The different encrypted templates of iris images of a person is stored in the template database. During Authentication,MAC of the decrypted iris template stored in the template database is matched with the MAC of theiris images captured during authentication.If match is found then the claimant is authenticated and granted access to the system. For each case i.e. encryption, decryption and MAC generation using SHA256 the corresponding histogram are generated and is shown in the Fig. 19 .
A. Security Analysis 1. Key space Analysis: In our proposed biometric authentication scheme, we are using 128 bit symmatric key for encryption and decryption. The key space of this symmatric key is 2 128 , which is enough to resists from all kind of brute-force attack. The key can be 256 bit which will provide larger key space, but it will take loger time for encryption, decryption as well as authentication process, which is not suitable for WLAN biometric authentication.  From the above two correlation matrix, it is clear that there is a less correlation between two adjacent pixels of the encrypted image. However, the two adjacent pixels of the original image are highly correlated.

B. Entropy Analysis
For the proposed biometric authentication scheme based on logistic map the encrypted image is influenced by the value of r. The logistic map chaotic behavior can be visualized with the value of r ranges from [0,4].There is a abrupt chaotic behavior is visualized when r lies between [3.57, 4.0]. From the test run, the entropy of the britened gray image of iris is found to be 2.7977. At this enropy the image is brightened and easily visualized. After applying the logistic map for encryption the entropy of encrypted image must be greater than 2.7977. From the test run it is found that the entropy of the encrypted image is based on the value of r of logistic map and found to be maximum at 3.89 which is 5.7002. It ensures the security of the encrypted image. For r 3.57 and r 4.0 there is a sharp change in entropy, which is shown in the below Fig. 18.

C. Histogram Analysis
It is usuallyused for statistical analysisattack. The image histogram illustrates the distribution ofimage pixels by graphing a no. of pixel at each color intensity.In the Fig. 19, we have shown the histograms of original iris image, its encrypted image for the different value of r of the logistic map. From the below Fig. 19

V. CONCLUSION
This paper presents aniris based authentication scheme in WLAN using Logistic Map and MAC. The proposed algorithm takes an iris image and convert it into the binary bits pattern and divide them into small blocks of 128 bits long to simplify the process. Then a random block is selected from all these blocks to create the initial condition. This initial condition is then passed from the LFSR to generate the secret key. A secret key of 128 bits is generated from the result of the LFSR. This secret key is then used for the encryption of the iris image. The same procedure is then used at the receiver end to decrypt the iris image. Chaotic function is used to make the algorithm more secure and make the process of the encryption and decryption more complex. Experimental results and security analysis of the algorithm shows that the algorithm is stronger and more secure and can be used for the practical implementation of the iris base authentication scheme in WLAN.