1 Introduction

Progress in the electronics industry and scientific advancements have enabled the mass production of affordable smart products. Consequently, there has been a significant rise in the number of internet-connected devices, leading to the utilization and improvement of existing services across various fields. The Internet of Things (IoT) has gained prominence as a research area, where smart devices can be interconnected globally via wired or wireless networks. IoT finds application in diverse domains such as connected cars, smart cities, government agencies, and wireless sensor networks. These IoT structures are characterized by heterogeneity, employing different technologies, operating on distinct systems and architectures, and relying on unique devices [1].

IoT represents the concept of connecting the entire internet, encompassing various communication objects and data exchange methods. It forms a powerful and efficient network of interconnected physical devices that operate within cyberspace, facilitating real-time data processing, peer-to-peer connectivity, and advanced analytics.

However, the security of IoT frameworks has emerged as the primary challenge for researchers and analysts, impeding the rapid development and widespread adoption of this transformative technology [2]. Many IoT devices lack sophistication and cannot support complex security measures due to limitations in capacity, power handling, and performance. Existing security protocols and conventional approaches are often inadequate for ensuring the security of IoT systems. To ensure the success of IoT, it is crucial for companies and devices to prioritize security aspects such as protection against attacks, data authenticity, controlled access, and consumer privacy. Data integrity and privacy are crucial factors influencing the adoption of IoT services and applications, particularly in the realm of social media. While several privacy and security initiatives are underway, effective IoT security mechanisms that meet the requirements of information integrity, privacy, and trust are still needed [3]. Therefore, the implementation of robust security measures is essential to prevent unauthorized or malicious entities from compromising the integrity and functioning of IoT systems. In this context fits the purpose of this paper.

Where the main objective of this paper is to introduce a secure verification framework for user authentication, specifically between an access point and a node database. To achieve this objective, three stages are implemented.

Firstly, a novel hybrid biometric pattern represented by a merge algorithm is proposed. This model combines image and password features to enhance randomization and bolster the security levels within the pattern structure.

Secondly, a combination of encryption and blockchain techniques suitable for the new hybrid pattern is developed. This ensures the secure transmission of patterns from the access point to the node database. By adhering to the information security standard requirements of confidentiality, integrity, and availability, the proposed approach guarantees the security of the image verification system during the authentication process.

Finally, a new matching process is proposed. The latter involves of comparing the image features and the password features with the corresponding records in the database at the destination level.

The main contributions of this paper are the following:

  • A merging algorithm of image and password has been proposed to enhance the security of the authentication process.

  • Hash Function SHA-256 has been utilized, to ensure data integrity and security of the hybrid model.

  • Shift-AES algorithm has been implemented to offer an extra layer of safety to the hybrid pattern.

  • Blockchain technology has been utilized to secure communication between access point and destination.

  • Finally, a matching process has been implemented to compare the image and password features from the node database with those from the access point.

By encouraging the use of the proposed methods in this article, as it addresses the problem of pattern information leakage and enhance the level of security. The protection of both image and password data is guaranteed by the proposed hybrid verification model, and it applies not only to the user enrollment device and node database but also to the transmission of data from the identification phase to the development phase. This new model also addresses other challenges, such as pattern randomization and the authentication of the user’s location. As a result of the framework’s adaptability to decentralized systems, it can be used for a variety of applications.

The proposed approach’s efficiency and resistance to attacks have been proven through experimental results. These results demonstrate that the proposed approach outperforms the benchmark in terms of execution time, making it faster and more efficient. Moreover, the proposed framework exhibits a higher level of security.

In terms of accuracy, the proposed framework achieves an impressive rate of 98.3%. It also shows a False Rejection Rate (FRR) of 0.992. Conversely, the False Acceptance Rate (FAR) is 0.1, and the error rate is 0.017 when securing the hybrid pattern during data transmission between the access point and the node database. The robustness of the proposed approach against attacks makes it highly suitable for Internet of Things networks. However, the main goal of future research is to improve the performance of the algorithm by focusing on minimizing the false acceptance rate (FAR).

The rest of the paper is organized as follows. Section 2 presents the recent related work papers. Section 3 describes the proposed methodology. Section 4 focuses on results and discussion. Section 5 provides the validation and evaluation of the proposed approach. Finally, Section 6 concludes the paper.

2 Related work

Data reliability and privacy are key factors affecting how distributed IoT products and software packages spread through social means. Although a lot of privacy and security software has emerged in recent years. Several IoT security solutions have been proposed in the literature, including encryption and blockchain technology.

Wan et al. [4] presented a distributed blockchain-based industrial automation platform that is more secure and private than traditional centralized architecture.

The above articles suggested application scenarios and feasible solutions to implement blockchain on the Internet of Things. However, the current implementation of blockchain still has problems with the balance of efficiency and security. The following documentation described the solution and provided ideas.

To develop a decentralized architecture for storing IoT data produced by smart homes and cities, Uddin et al. [5] suggested adopting blockchain. IoT device privacy and security are ensured by the architecture, which includes a secure communication protocol for power-constrained IoT devices and a gateway that employs sign encryption, a type of lightweight cryptography for IoT devices. To bridge the gap between IoT devices with limited power and memory and blockchain, the writers improved Gateway’s capability as a miner selector. A software agent operating on the gateway was suggested to choose a miner node based on the criteria governing the performance of the miner.

In the recognition framework proposed by Mohsin et al. [6], blockchain and other techniques (RFID, steganography…) were used to verify access control by finger vein recognition. This proposition is ingenious in so far as the results could be just unique and strong as a proof of security. But an angle was missed. It concerns the emergency cases where the finger vein recognition does not permit to give access to unconscious patient data. The aforementioned point of view seems to be a start for more research.

To verify user identity, In [7], the authors propose a new authentication security framework to confirm user identification. To improve the randomness and security of the system, this framework uses a new composite algorithm-based control protection framework that combines RFID and Finger Vein (FV) biometric functions. In addition, it combines blockchain and steganography technology to ensure the confidentiality, integrity, and availability of user data. In [7], the authors conceived a flexible iris authentication system. The information about the iris feature is encrypted by the system using homogenous encryption technology before being saved on the blockchain for authentication, certification, and high accuracy.

In [8], the authors examined privacy concerns in IoT systems and explored five privacy preservation strategies based on blockchain technology. These strategies encompass private contracts, anonymization, encryption, differential privacy, and privacy mixing. The authors also discussed future directions and challenges related to privacy preservation in IoT systems based on blockchain. Their research provides a foundation for the development of privacy preservation strategies in the near future.

A blockchain-assisted authentication method that facilitates the authentication of devices in various Internet of Things domains was proposed in the article [9]. The protocol devises an identity management system to keep the authenticated nodes anonymous and introduces a consortium blockchain to foster trust between various domains.

In paper [10] ,the authors introduces and explores the elliptic Galois cryptography protocol, which involves utilizing a cryptographic technique to encrypt sensitive data from various medical sources. Subsequently, a Matrix XOR encoding steganography technique is employed to conceal the encrypted data within a low complexity image. Additionally, the proposed approach incorporates an optimization algorithm known as Adaptive Firefly to enhance the selection of cover blocks within the image.

To address the privacy and security challenges associated with centralized IoT, the authors in [11] proposed a solution by integrating blockchain technology with IoT. They introduced a decentralized security mechanism based on blockchain, aiming to mitigate these issues. Additionally, the widespread adoption of this approach ensures enhanced transparency, which proves advantageous for handling data streaming from various devices and equipment. However, to address the widespread issue of user privacy in the Industrial Internet of Things, A new blockchain-based intelligent industry identification management system was suggested in the paper [12]. Through biometric and fuzzy extractors, the system offers participants anonymous credentials. It also permits selective sharing, suspension/unfreezing, and revocation of credentials. Targeting the issues with the biometric authentication system’s opaque biometric information management, ineffective authentication module, and risk of biometric information leakage, A blockchain-based biometric authentication system was suggested in the article [13]. By dispersing biometric templates and maintaining them with the decentralized and tamper-proof blockchain method, the system enhances the security and dependability of current biometric authentication systems. The blockchain-based infrastructure suggested in the paper [14] enables for safe, transparent, and privacy-protected biometric authentication. The system uses distributed DID to handle biometric data and gives users authority over their own electronic identities, enabling them to fully manage their biometric identification data and guarantee user data security. Given the difficulties that blockchain technology has in storing and allowing access to private files, A biometric-based blockchain file storage and access permission mechanism are suggested in the paper [15]. This system is suitable for usage on devices with limited resources because all file storage and access requests and responses are handled on the blockchain and the file owner is not needed to store any data locally. In conclusion, while there are certain cross-domain authentication solutions based on blockchain, there are significantly fewer of them that can combine security, privacy, adaptability, and robustness, making it challenging to apply to challenging real-world scenarios. Therefore, the need for an effective and all-encompassing cross-domain authentication technique is important.

In [16], the author presented a centralized cloud cross-domain data-sharing platform based on blockchain with several security gateways to address the problem of cross-domain data access in product manufacturing. The technology uses blockchain to store data in a centralized cloud that can be audited, and smart contracts may be used to punish apps or data providers who are found to be acting improperly.

In [17], the author proposes the utilization of smart contracts in the insurance industry to streamline the processing of insurance claims. This approach offers the potential to reduce costs and errors associated with manual claim processing, while also significantly improving processing speed. The study also explores the feasibility of implementing conditional triggers within smart contracts. By leveraging smart contracts, customers can place their trust in the software rather than solely relying on the insurance company, thereby enhancing transparency between clients and the insurance provider. To address the security and privacy concerns between drones, In the paper [18], the authors suggest a blockchain-based intelligent 5G interconnection cross-domain certification scheme for drones. This approach combines smart contracts with multiple signatures based on threshold sharing to create a collaborative domain and validate trustworthy communication across cross-domain devices. The certification link between IoT intelligent devices is abstracted in the paper. [19], and the certification problem is then transformed into a signature transitivity problem using the blockchain. Here, the strain of digital signature authentication can be significantly reduced because the signature only needs to calculate the signatures and witnesses of the pertinent edges. The genuine identity of the present key user cannot be ascertained during authentication in any of the aforementioned studies that use key pairs as the unique identifier of user identity authentication, increasing the danger of account attacks.

The paper [20], examined the effectiveness of blockchain in vehicular ad-hoc networks (VANETS). As the number of transactions increases and the endorsement policy evolves, there is a corresponding increase in the volume of reads and writes occurring within a single transaction. Consequently, the overall block size of the blockchain-based VANET expands. This expansion leads to improvements in throughput and network utilization, while simultaneously reducing latency.

According to the authors in the paper [21], blockchain technology has the potential to empower patients by allowing them to maintain sovereignty and control over their personal data. This enables the availability of accurate data for precision medicine. Additionally, the high level of transparency offered by blockchain can enhance trust in various aspects of healthcare, such as drug delivery, conditions, documentation, and end-to-end visibility. This transparency is particularly beneficial for cold chain management in ensuring the integrity of temperature-sensitive products.

In paper [22], the authors propose advanced versions of blockchain technology with the aim of accelerating various demanding real-time applications. Through simulation analysis, the proposed architecture is shown to meet all essential requirements, empowering network entities to fully leverage the benefits of 5G network sharing. The results of the simulation kernel demonstrate the effectiveness of the suggested approach.

In the paper [23] ,the authors introduced solutions for ensuring efficient blockchain hashing and validation, including approaches that address deadline, latency, and energy considerations. They also presented a BEFC scheme (Blockchain-Enabled Fog Computing) with the objective of enhancing scalability in edge computing and expanding the computational capacity for processing IoT data. These technologies hold promise in improving the overall efficiency and performance of edge computing systems when it comes to blockchain operations and IoT data processing.

Anitha et al [24],introduced a novel approach for secure authentication and improved performance in a multi-Wireless Sensor Network (WSN) model using a Light-Weight Authentication Algorithm (LWAA). Their method is based on a public blockchain and aims to enhance the verification process in Internet of Things (IoT) applications. The proposed method divides the WSN nodes into access points, group head nodes, and regular nodes based on their power variations, creating a hierarchical model. Through the utilization of blockchain, the authentication of nodes in various communication scenarios is established, ensuring a secure and reliable network. By implementing cryptography techniques, the proposed method not only enhances the lifespan of the network but also effectively reduces computation time. This combination of blockchain-based authentication and efficient cryptography contributes to the overall security and performance improvement of the multi-WSN environment, specifically in IoT applications.

Author in paper [25],created a decentralized e-healthcare framework that grants exclusive access to the user for their stored data on the server. This framework incorporates various security components that ensure data integrity and protection.

In the context of the Internet of Medical Things (IoMT), the author of [26], put forth a novel system that combines deep reinforcement learning (DRL) with blockchain technology. This system incorporates DRL-based offloading and blockchain-based task scheduling mechanisms, creating a distinctive approach for healthcare applications in the IoMT.

This paper [27] examines the implementation of a patient healthcare data blockchain that utilizes off-chain storage to enhance scalability. The blockchain includes the hash value of the medical data, while the original data is stored in multiple off-chain servers. Through a multi-server authentication system, a patient can conveniently access these servers through a single enrollment process and share their health data with authorized care providers.

In paper [28], the authors propose a method that combines blockchain with wireless-based public administration process (WBPAP) technique and auto-metric graph neural network (AGNN) approaches. The main goal of this method is to address payload balancing and node authentication in order to mitigate money mishandling and provide benefits to farmers through the implementation of a secure connection. By utilizing this approach, the diffusion, tamper-resistance, and traceability of blockchain movements are improved. This helps to reduce the integrity issues related to routing information through routing nodes. The integration of WBPAP and AGNN techniques in the blockchain system enhances the overall security and efficiency of the process, ensuring a more secure and transparent environment for public administration and benefiting the farmers involved.

In paper [29], The authors introduce a hybrid intelligent Intrusion Detection System (HIIDS) for Internet of Things (IoT) applications, particularly in the healthcare domain. The proposed system combines machine learning and metaheuristic algorithms to enhance the detection capabilities. In IoT-based smart healthcare, biomedical sensors play a crucial role in capturing vital health parameters. These parameters are then transmitted to a cloud server for storage and analysis. However, the security and privacy of the Electronic Health Record (EHR) data stored in the cloud server are of utmost importance. The focus of this research is on identifying security attacks on cloud servers by employing an anomaly-based intrusion detection approach. By leveraging machine learning and metaheuristic algorithms, the HIIDS system aims to detect and mitigate potential security breaches, ensuring the integrity and confidentiality of sensitive health data stored in the cloud server.

Overall, these studies and proposals demonstrate the wide-ranging applications and potential benefits of blockchain technology in ensuring data reliability, privacy, and security across various IoT domains.

3 Methodology

This section describes the data security mechanism of the authentication system. It integrates blockchain technology and a hybrid cryptographic image model. As suggested by this study, providing a secure way to authenticate the system requires two phases.

In the identification phase, a hybrid pattern is represented by combining image and password features using a merging algorithm. To ensure data integrity and security, a SHA-256 hashing function is applied to the hybrid pattern. Additionally, the Shift-AES algorithm has been implemented to add an extra layer of safety to the hybrid pattern. Finally, blockchain technology is utilized to secure the communication between the access point and the destination.

In the development phase, the processes implemented in the identification phase is applied in the reverse order to separate the image features from the password features. The final step involves comparing these extracted features with the corresponding records in the database.

Figure 1 illustrates the framework of our technique and its processing at base stations and nodes for the use of the proposed technique. The diagram above suggests the proposed study architecture.

Fig. 1
figure 1

Verification secure framework

Full size image

The decentralized nature of blockchain allows the distributed transmission of the hybrid pattern, obtained by merging image and password features using a merge algorithm, in a distributed manner at the blockchain level. This approach ensures that participating nodes are distributed and operate in a relaxed manner in terms of memory, computing power, and execution time. The even distribution of resources contributes to enhanced efficiency and mitigates potential bottlenecks within the system.

3.1 The merge algorithm

The purpose of the proposed new merge method is to ensure the security and integrity of each recording method and avoid duplicate references in the database. This proposed method involves combining a password string and a randomly selected string from an image. The image features and password features are merged using a three-step process.

In the first step, the image and password features are extracted and converted into a binary string using a simple protocol.

The second step involves concatenating the binary-converted strings. During the rotation phase, repeated data is replaced with bit-word data.

The third step applies a chaotic function to the data using the equation provided in (1) and (2). This chaotic function is known as the standard Chirikov map, commonly referred to as the Chirikov-Taylor.

$${p}_{n+1}={p}_{n}+k \ \text{sin}\left({\theta }_{n}\right)$$
(1)
$${\theta }_{n+1}={\theta }_{n}+{p}_{n+1}$$
(2)

Where \(p\) and \(\theta\) are angles calculated mod 2π and \(K\) is a positive constant.

Algorithm 1
figure a

Illustrates the pseudo-code of merge algorithm

Full size image

3.2 Secure hash algorithm

The Secure Hash Algorithm (SHA) is a cryptographic hash function developed jointly by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). It was published as the Secure Hash Standard in May 1993, the main objective of ensuring data integrity and security, especially during transmission.

In the context of SHA, hashing involves taking an input, such as a message or data file, and generating a fixed-length string of characters called a hash value or message digest. The length of the hash value depends on the specific hash algorithm used.

The SHA family of algorithms includes four additional hashing algorithms known as SHA-224, SHA-256, SHA-384, and SHA-512. The suffix in their names indicates the bit size of the message digests they produce [30]. Among them, Secure Hash Algorithm 2 (SHA-2) is widely recognized and utilized, with SHA-256 being a well-known subset of SHA-2.

SHA-2 remains widely supported and used in various cryptographic applications due to its strong security properties and widespread adoption.

The Secure Hash Algorithm plays a critical role in cryptography and data security. Its main functions include verifying the integrity of data, authenticating messages, and securely storing passwords. By generating unique hash values for input data, SHA ensures that even a small modification in the input will produce a significantly different output. This property makes it challenging for attackers to tamper with or forge data without detection.

Overall, SHA is an essential component in ensuring the security and reliability of digital communications and data storage. It provides a robust cryptographic foundation for a wide range of applications, safeguarding sensitive information, and mitigating the risks associated with unauthorized access or data manipulation. And for these reasons the hybrid architecture contains SHA-256.

3.3 Encryption using shift-AES algorithm

Encryption techniques have emerged as the most critical approach to protecting recordings from strangers. Encryption structures required records to be encrypted using mathematical algorithms and become incomprehensible during transmission, these would need to be decrypted in order to be used. Although many encryption algorithms have emerged in recent years to provide privacy and security. Several security solutions have been proposed in the literature as shown in Table 1.

Table 1 Comparison of encryption algorithms, DES, RSA, AES, and Shift-AES
Full size table

According to the table, AES outperforms RSA and DES algorithms [31]. Accordingly, the first-class encryption method for information protection is the AES symmetric key encryption standard [32, 33].

The US government employs AES as a symmetric data encryption technique [34]. It can be used to encrypt data in both hardware and software. The AES algorithm can work with any combination of data (128 bits) and key lengths of 128, 192, and 256 bits. Before delivering the final cipher text or retrieving the original plain text, the AES system performs 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys, respectively.

Due to the restrictions, physical constraints and hostile conditions imposed by the IoT; power consumption which is a crucial concern in IoT network to increase network lifetime. Traditional encryption techniques are not suitable for this industry. It was necessary to adjust the traditional encryption algorithms, to increase storage memory, reduce computational complexity and strengthen security. This introduces a new type of encryption called lightweight cryptography. Shift-AES [35] is a new lightweight algorithm that can be used with IoT applications. It is an improvement of the AES algorithm and takes all these specifications. The idea of the Shift-AES algorithm is to replace the Mix-Column transformation of the AES algorithm with another Shift-Column transformation, since the multiplication process consumes more execution time and storage memory. While the other adjustments are very similar to those of the AES algorithm. As a result, the idea of replacing one process with another that requires less execution time while adhering to Shannon’s concepts of dissipation and confusion emerged. Shift-AES [35] is based on four processes in the following sequence:

  • AddRoundKey: is a simple xor function between the data entity and the encryption key.

  • ShiftCols: is a column shift function. The ShiftCols transformation process is based on several cyclic movements of columns with different offsets, allowing a good state swapping, as shown in Eq. 3.

$${{S}^{{\prime }}}_{r,c}={S}_{(r+offset\_shift\left(c\right)) \ {mod} \ {N}_{b},c}$$
(3)
$$\mathrm{With}\;\left\{\begin{array}{cc}\begin{array}{ccc}offset\_shift(0)=1&for&shift=3\\offset\_shift(1)=2&for&shift=2\\offset\_shift(2)=3&for&shift=1\\offset\_shift(3)=0&for&shift=0\end{array},&N_b=4\;and\;0\leq r,\;c < N_b\end{array}\right.$$

Where S is the state before the change. S’ is the state after the change. r is the state line. and Nb is the variety of rows similar to the state size.

  • SubBytes: is a process of changing entity bits by other bits of the S-Box.

  • ShiftRows: is a row shift function by its offset.

Figures 2 and 3 shows the design flow of the Shift-AES encryption algorithm that demonstrates all the processes.

Fig. 2
figure 2

Flow chart of the Shift-AES algorithm

Full size image
Fig. 3
figure 3

Blockchain technology

Full size image

Shift-AES has become a step forward due to this modification to solve the problem of massive computations, and considered as a lightweight cryptography algorithm used for IoT networks. In addition, it is for this reason the hybrid architecture of this paper finds the Shift-AES algorithm splendid and realistic to improve it.

3.4 Blockchain technology

Blockchain technology is a decentralized digital ledger that enables secure and transparent transactions to occur without the need for intermediaries like financial institutions or governments [36].

In a blockchain, each block comprises information, metadata relating to the hash of the information, and a pointer to the hash of the past block. The primary components of blockchain include cryptography, transitive hash lists, digital signatures, and hash functions [37].

Cryptography ensures secure communication, even if a malicious entity gains access to confidential data on a device.

A hash function can be used to map data of any size to translated data of a fixed size. (i) One of the main features of the hash function that makes it interesting to implement is collision avoidance. The same action cannot be created by two different inputs, and (ii) even if they seem entirely random, deterministic concealment of random transcribed data will match the relevant information. These features make blockchain packets resistant to manipulation.

The transitive hash function connects the sites where data alterations may occur. Transitivity is depicted in Fig. 3. Any modification to the data will influence the data’s hash function, which will subsequently affect the final hash because the hash function combines blocks. The hash references help ensure the accuracy of the census.

The digital signature serves as the final block in the blockchain. The owner of the digital hand encrypts the data using the private key, which can only be decrypted with the corresponding public key. The verified person is liable for using the private key to subscribe to the data.

Due to its decentralized nature, the blockchain can continue to function even if specific nodes are targeted or compromised. This resilience is one of the key advantages of blockchain technology [38]. Therefore, the proposed hybrid architecture uses Blockchain technology for secure communication between access point and destination to improve authentication.

By creating an unreadable string whose length is controlled by the hashing algorithm in use, hashing is a technique for preventing data from being altered while being transmitted. Blockchain uses a hash function to encapsulate data in blocks of data. The average string is produced by the hash algorithms SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256 regardless of the length of the input string. The genesis block, the very first block of data, is hashed using the SHA 256 hash function. This sample is then retained in the notebook and forwarded to the node. Following that, the process is repeated for the next user.

Comparing the hashes of the present user and the prior user is the first phase in figuring out whether a second user’s data block can be verified.

3.5 Matching

Verifying the authenticity of a user by comparing their provided image and password with the stored records in a database is a crucial step in the matching process. This task combines computer vision techniques and password verification methods to ensure accurate authentication. After applying the merging algorithm in reverse, which separates the image features from the password features, the next step involves comparing these features with the corresponding records in the database. The image features are compared using similarity measures to find the closest matches, while the encrypted password is compared using password verification techniques like salting to check for a match with the stored password.

When both the image characteristics and password are successfully validated against the database records, the user is granted authentication. However, if there is a mismatch, the user may be denied access or asked to re-enter their credentials. This approach of associating an image and a password with a database is commonly employed in biometric authentication systems that incorporate both visual and textual identification factors. By combining the uniqueness of the user’s image with the confidentiality of their password, this new proposed approach adds an extra layer of security, thereby enhancing the accuracy and reliability of the authentication process. Figure 4 shows the comparison of the two images.

Fig. 4
figure 4

Comparison of the two images

Full size image
Algorithm 2
figure b

Illustrates the pseudo-code of the password comparison algorithm with the database

Full size image

The methodology employed in this research draws on the statistical methods chosen above for the present specific motivations. First, these methods are crucial for integrating and analyzing complex data structures, particularly in merging image and password features, necessitating specialized techniques for effective handling. Second, they play a pivotal role in enhancing system security, ensuring generated patterns exhibit the required randomness and uniqueness. Third, efficiency and resource management are paramount, justifying the inclusion of lightweight cryptography like Shift-AES for resource-constrained IoT networks.

Additionally, statistical methods facilitate the integration of blockchain technology, which aligns with security objectives. They are also integral to user data validation and accurate pattern matching, ensuring reliability. Lastly, these methods emphasize the importance of transparency and reproducibility in research. Ultimately, method selection aligns closely with the research objective of improving authentication security and efficiency.

4 Results and discussion

The data security approach presented comprises two distinct phases, each aligned with a specific objective based on the research goals. The initial phase, referred to as the identification phase, focuses on determining the essential conditions required for data operation. This phase is elaborated in the dedicated subsection titled “Identification step.” the second phase, known as the Development phase, it involves the creation of a secure framework for the verification system. This framework is based on a binary model recently discovered and detailed in the first phase, as described in the subsection titled “Development step”.

4.1 Identification step

The method starts with the identification stage. This article explains record extraction for a new binary instance in data operations. In the second step, called development phase, a new security control architecture is built using the binary paradigm discussed above. The initial layer includes a new hybrid model based on password and image prediction to increase predictability. Password and image features are creatively combined to provide hybrid and random functionality. Figure 5 shows the access point process.

Fig. 5
figure 5

Identification stage

Full size image

4.2 Access point

This section presents the outcomes of the enrolment process for the first user and provides information about the data types involved at each stage of processing. The enrolment process begins from the user side, followed by data transmission, and concludes with processing on the node side. Enrolment on the access point side involves utilizing the user’s image and passwords. The research utilizes the Yale Face database and incorporates password functionality.

The features are enhanced by incorporating one of the earliest fossil images. Subsequently, a double string is created based on these features. To achieve this, a hybrid pattern is formed by combining the user’s password features with image features (Fig. 6).

Fig. 6
figure 6

Image test

Full size image

4.2.1 Datasets

Yale Face database

The Yale Face Database is one of the most commonly used face datasets in face recognition. It was constructed in the early 1990s by Yale University researchers [39].

This dataset was chosen because it has the most relevant data. This series carries 165 GIF pictures of him in 15 special themes (Subject01, Subject02, etc.). Each character has eleven images of her for every facial emotion or composition indexed below: normal, medium light, the right light, wink, with glasses, without glasses, left light, sad, sleeping, happy, and Shock (Fig. 7).

Fig. 7
figure 7

Yale Face dataset

Full size image

Password dataset

A password dataset was created for five users, containing their passwords and emails. There is a set of password information in Table 2.

Table 2 Password dataset
Full size table

4.2.2 Creation of a hybrid pattern

Given the properties of the image structure and the first user’s password, use the fusion system to arbitrarily combine the two properties. The hybrid mode pattern can also be used to construct a double string. The 34 bits of the pixel word make up this design, along with the characteristics of the animated image corresponding to the pixel size. The model consists of images and password features and contains the first protective sublayer. To ensure that the samples satisfy the randomness criterion, the two feature classes are also randomly combined (Fig. 8).

Fig. 8
figure 8

Creating a hybrid model

Full size image

4.2.3 Production of hash from the random pattern

The SHA-256 algorithm is used in the proposed approach to generate a hybrid model hash. The SHA-256 algorithm should be used to create a 32-bit hash. This is because less data, regardless of the amount of input data, is created. Data integrity is ensured by utilizing hash functions, which is a benefit. Any modification or manipulation of the utility bill will modify the hash value and produce a different hash. The integrity of the secret data is thus achieved when the hash is matched in the node’s ledger, revealing this modification.

4.2.4 Encryption of the hybrid pattern using Shift-AES algorithm

A security layer is added to the hybrid model using shift-AES encryption technology. Figure 9 describes the process of the new hybrid model as well as the location of the encryption algorithm. Subsequently, a validation of this process is presented.

Fig. 9
figure 9

Encrypt the hybrid model

Full size image

Validation of Shift-AES algorithm

Evaluation studies will be conducted to verify the new approach with the image database. The security analysis performance of the new Shift-AES method is explained at several levels: visibility scene, histogram, entropy image, near-pixel correlation, and execution time comparison with other works. These different parameters constitute the statistical attack analysis.

Visibility scene

During the experiment, the standard images of the database with a size of 32 KB and a dimension (320 × 243) at the gray level will be used, along with a key size equal to 128 bits.

The visual observation of the standard image in Code Block Chaining (CBC) mode in given by Fig. 10, which explains well that the proposed version of the Shift-AES algorithm used in the proposed hybrid architecture satisfies the visual scene requirement and make blurry images.

Fig. 10
figure 10

Example of encryption of Image

Full size image

Histogram images

Image histograms are crucial for statistical confidence assessment, and their purpose is to train you on image information, including distinguishing between darker and brighter images, or the degree of gradient from the most attractive elements in an image. For image security and anti-attack, the encrypted image map must be flat. Figure 11 shows the histograms of the encoded and real images. So, the result proves the efficiency of the algorithm.

Fig. 11
figure 11

Histogram analysis of image. a Histogram original image, b Histogram encrypted image

Full size image

The entropy analysis

The second analytical concept is entropy. It is the amount of calculation of random data, or the average uncertainty produced by each level of the input signal, as stated in Eq. 4.

$$E=\sum\nolimits_{i=1}^{N}{X}_{i}\left({log}2\left({X}_{i}\right)\right)=\sum\nolimits_{i=1}^{N}{X}_{i}\left({log}2\left(1/{X}_{i}\right)\right)$$
(4)

If E is the entropy of the image in bits, X is the probability that intensity level i appears in the image, and N represents the total number of intensity levels of the image.

According to the Eq. 4; to generate a single random distribution, the entropy of the gray code image should be 8.

These results show how this method works and how useful it is for statistical attacks. Feedback is more accurate when Shift-AES is enabled for a period, and graphical results are more consistent (Table 3).

Table 3 Entropy information in CBC cipher mode
Full size table

Correlation coefficient

To locate shared data in the image, correlation coefficients of nearby pixels are computed. The standard image’s correlation coefficients must be closely related for this to work. The combined photos, though, are incompatible. Utilizing formulas, as data analysis on correlations. (5)–(7).

$$E\left(x\right)=\frac{1}{N}{\sum }_{i=1}^{N}{x}_{i}$$
(5)
$$D(x)=\frac1N{\textstyle\sum\nolimits_{i=1}^N}(x_i-E(x))^2$$
(6)
$$cov(x,y)=\frac1N{\textstyle\sum\nolimits_{i=1}^N}(x_i-E(x))(y_i-E(y))$$
(7)

Two adjacent image pixels x and y have the same grayscale. The total number of pixels taken from the image is N. The average values are E(x) and E(y). The variance is denoted by D(x) and the covariance by cov (x, y). These algorithms evaluate the horizontal, vertical, and diagonal distribution of 2000 adjacent pixels in a transparent encrypted standard image. Figure 12 shows the correlation coefficient between the original image and the encrypted image. The results show a total difference between the clear image and the encrypted image. The original image pixel distribution in combined either into a single point or two points, while the pixel distribution is completely random in the encrypted image. These results express the algorithm efficiency in the proposed hybrid architecture.

Fig. 12
figure 12

Correlation coefficient between images. a The encrypted image’s vertical, b The original image’s horizontal correlation, c The encrypted image’s horizontal correlation, d The encrypted image’s horizontal correlation, e The encrypted image’s diagonal correlation, f The diagonal correlation

Full size image

Analysis of performance run time

All tweaks made for newer versions of AES are aimed at reducing execution time by changing complex math in MixColumn transformations with simple column shifts. This increases the lifetime of the sensor nodes and the entire network. Compare newer and HD image instances with different AES flavors with different encryption settings.

The results of execution in seconds of HD images in Table 4, show that the Shift-AES algorithm is faster than the standard AES algorithm and the paper [40]. Moreover, the standard database images used in the proposed architecture execute in a few milliseconds in CBC mode; where the execution time of the test image in Fig. 11 is equal to 1.451ms for encryption, while it is equal to 1.482 ms for decryption.

Table 4 Comparison of execution time in seconds of different types of images (HD and standard) and different algorithms in CBC encryption mode
Full size table

In conclusion, loading and processing are complete at this point. A new stage of communication uses the Blockchain technology started to transmit the encrypted data from the access point to the node.

4.2.5 Transmission to the node side

Firstly, the employment of blockchain technology is utilized to divide the data into blocks, and subsequently, the nodes are encrypted. The user pattern, starting from the access point device and extending to the node side, comprises an encrypted pattern alongside the hashes of both the current and previous users. In this chain, every subsequent user, except the first one, carries the information of the preceding user. Consequently, a sequential chain of data blocks is established, connecting the source to the destination (Fig. 13).

Fig. 13
figure 13

Access point results

Full size image

4.3 Development step

The development phase involves the creation of a new security control framework based on the recently identified binary model defined in the first phase. The first step is usually to create a new hybrid modeling template to add randomness based on image and password attributes. A combination algorithm is proposed that combines passwords and image functions in a mixed and random order. Because securing data from leakage is a common issue with authentication systems, a full framework for verifying user identity is proposed at this stage. A new verification model is created. This new verification model is based on biometric recognition. In the new hybrid pattern, the user-defined the first level. Fig. 14 depicts the processing on the node side.

Fig. 14
figure 14

Development phase

Full size image

In the user verification process, the data blocks containing encrypted patterns and hash values play a crucial role. These blocks are transmitted from the enrollment device to the node side, where the verification occurs. The first step is to compare the hash value of user N + 1 with the stored hash of user N in the node’s database. This comparison ensures the consistency of subsequent user hashes with previous ones, enhancing the integrity of the verification process.

To maintain transparency and tamper-resistance, each hash that reaches the node is recorded in the ledger. The ledger acts as an initial filter, validating the integrity of the received data and authenticating the user’s location. It serves as a secure repository for storing various user data, leveraging the robust protection mechanisms provided by blockchain technology. Any attempt to compromise the ledger would require gaining control over the majority (51%) of the network’s nodes, which is a highly challenging task.

If the hash matching process yields positive results, indicating a match between the hashes, the verification process proceeds to the next stage. However, if the hash matching fails, indicating a discrepancy, the process is halted, and the user’s request is rejected. This ensures that only users with valid and consistent data are granted access or further processing, reinforcing the security and accuracy of the system.

Afterwards, the hybrid pattern is decrypted using Shift-AES algorithm in reverse, resulting in the decrypted hybrid pattern. Subsequently, the reverse merge algorithm is applied to generate image and password features from the decrypted pattern. Finally, a matching process is executed to compare the image features extracted from the node database with those from the access point side, as well as the password features extracted from the node database with those from the access point side. This comparison determines whether the user is genuine or an imposter.

5 Validation and evaluation

Data security is an important influencing factor that researchers grapple with. The method evaluates the proposed architecture to determine whether the research goals have been met. The motivation behind the testing is to determine whether the proposed method is suitable for the industry and whether obstacles can be avoided for its planned use. The proposed hybrid model may be suitable for applications such as.

  1. 1.

    Enterprise Systems and Network Security: Large organizations and businesses may implement the hybrid model for employee authentication and access control to sensitive systems and networks. Combining image and password authentication can strengthen security measures, especially for high-level access privileges.

  2. 2.

    Confidential Document Management Systems: Applications that handle confidential documents, such as legal or medical record management systems, may benefit from the hybrid model. It can help ensure that only authorized individuals with the correct credentials can access and modify sensitive information.

Where the verification system uses sensor nodes equipped with camera to capture images outside. In addition, there are keyboard on the door to enter the password if someone wants to enter.

In this section, the performance evaluation of the proposed approach is conducted using software implementation in Python Version 3.8.7. The experiments are executed on a machine equipped with an Intel(R) Core (TM) i7-4790 CPU running at a speed of 3.60 GHz, and 8.00 GB of RAM (Table 5).

Table 5 Comparison between proposed system and literature
Full size table

5.1 Performance assessment of the proposed framework

The evaluation of the proposed cancelable biometric schemes involves estimating the main and imposter distributions using the chosen evaluation metric. The performance of these schemes is assessed by calculating four key metrics: the false positive rate (FAR), the false negative rate (FRR), the error rate, and accuracy.

The false positive rate (FAR) measures the probability of the biometric security system incorrectly accepting an access attempt by an unauthorized user. It indicates the system’s vulnerability to falsely recognizing unauthorized users as legitimate.

$$FAR=\frac{\text{Number of successful authentications by impostors}}{\text{Number of attempts at authentication by unauthorized users}}$$
(8)

The false negative rate (FRR) quantifies the likelihood of the biometric security system incorrectly rejecting an access attempt by an authorized user. It represents the system’s tendency to mistakenly identify authorized users as imposters.

$$FRR=\frac{\text{Number of failed attempts at authentication by authorized}}{\text{Number of attempts at authentication by genuine users}}$$
(9)

The error rate is a metric that quantifies the proportion of misclassifications or incorrect predictions made by a classification or prediction model. It provides a measure of the model’s overall accuracy by considering both false positives and false negatives.

$$Error \ rate =1-Accruacy$$
(10)

In addition to these metrics, accuracy is also evaluated to assess the overall correctness of the biometric system’s classifications defined as follow:

$$Accruacy=\frac{\text{T}\text{P}+\text{T}\text{N} }{\text{T}\text{P}+\text{F}\text{N}+\text{T}\text{N}+\text{F}\text{P} }$$
(11)

In this paper, the False Rejection Rate (FRR) is 0.992, which indicates the proportion of legitimate attempts that are incorrectly rejected by the system. On the other hand, the False Acceptance Rate (FAR) is 0.1, representing the rate at which the system incorrectly accepts unauthorized attempts. These rates are important measures of the system’s accuracy and reliability.

With an impressive accuracy rate of 98.3%, the system’s performance is considered outstanding. This means that it correctly identifies and verifies users with a high degree of precision.

The test level in this context refers to the process of applying the framework in a decentralized structure. It outlines how the system can be effectively utilized in a distributed network, where multiple nodes or entities are involved in the authentication process.

The mentioned research is compared to a recommended approach that involves a suitable biometric image framework. This comparison highlights that the suggested approach incorporates several significant modifications. These modifications could encompass improvements in algorithms, data preprocessing techniques, feature extraction methods, or other aspects to enhance the accuracy, efficiency, or security of the biometric system using image-based data (Table 6).

Table 6 Comparison between proposed system and Mohsin method
Full size table

5.2 Benchmark checklist

The preceding parts describe the evaluation process. Each stage identifies and emphasizes issues that must be addressed with more attention when validating the security of a biometric image. These issues are highlighted and related to the stages of assessment and their relationships. These issues are established as a reference point for control comparisons that show the relationship between the sub-steps of the assessment and the related problems. Three essential components to recall while growing a biometric image authentication gadget are accessibility, privacy, and integrity. In the primary and the second steps, you may locate associated objects inside the checklist. According to the literature studies, that is the maximum essential studies associated with the image biometric protection era, so this study is taken into consideration as a reference model. Instead, this comparative painting is applied to examine the cautioned steady biometric framework era for snapshots primarily based totally on sure essential components. A contrast between the questionnaires for this painting and Table 7 indicates the Comparison between the proposed system and other state-of-the-art approaches in the literature.

Table 7 Comparison between the proposed system and other state-of-the-art approaches in the literature
Full size table

Table 7 provides a comprehensive comparison of benchmarking points between the proposed approach and the benchmark method in detail. As shown in the table, the proposed and benchmark approaches effectively solve four frequent issues: hybrid and randomisation pattern, pattern cancellability, pattern unreadability, and secrecy. However, as shown in the preceding table, the benchmark approach has limited support for hybrid and randomisation, as well as confidentiality problems.

Although the proposed method demonstrates superior performance compared to other approaches, it is essential to acknowledge its limitations, specifically in relation to the False Acceptance Rate (FAR). The FAR measures the probability of incorrectly accepting an unauthorized user, highlighting the system’s vulnerability to impostors. Despite the method’s high accuracy, there is still a possibility of false acceptances, underscoring the need for further improvements to enhance the system’s security and reliability.

6 Conclusion

This paper has introduced a robust user authentication framework designed to secure the transmission of user data from access points to nodes. The method comprises two phases; the identification phase, wherein a hybrid pattern is generated by combining image and password features and applies SHA-256 hashing and Shift-AES for data integrity and security. Blockchain technology is used for secure communication.

The subsequent development phase reverses this process to facilitate the comparison of extracted features with those stored in the database. The proposed approach effectively addresses concerns related to the potential leakage of pattern information, enhancing overall security. It ensures the safeguarding of image and password data not only within the user enrollment device and node database but also during data transmission. Additionally, this method resolves issues like pattern randomization and user location authentication, making it adaptable across diverse fields. Experimental results validate the efficiency and security of the approach, outperforming benchmarks in execution time while achieving an impressive accuracy rate of 98.3%. With a False Rejection Rate (FRR) of 0.992 and a low False Acceptance Rate (FAR) of 0.1, the method demonstrates its resilience during data transmission between access points and node databases, rendering it highly suitable for Internet of Things networks.

Looking ahead, future work will concentrate on further optimizing the algorithm, with a specific focus on minimizing the FAR and bolstering security. The incorporation of three user information sources - face image, password, and Iris Print - is planned to enhance the method’s integrity. Additionally, the intention is to validate the approach on hardware through an FPGA platform, ensuring its practical applicability.