Research Online Research Online Integration of biometrics and steganography: A comprehensive Integration of biometrics and steganography: A comprehensive review review

: The use of an individual’s biometric characteristics to advance authentication and veriﬁcation technology beyond the current dependence on passwords has been the subject of extensive research for some time. Since such physical characteristics cannot be hidden from the public eye, the security of digitised biometric data becomes paramount to avoid the risk of substitution or replay attacks. Biometric systems have readily embraced cryptography to encrypt the data extracted from the scanning of anatomical features. Signiﬁcant amounts of research have also gone into the integration of biometrics with steganography to add a layer to the defence-in-depth security model, and this has the potential to augment both access control parameters and the secure transmission of sensitive biometric data. However, despite these efforts, the amalgamation of biometric and steganographic methods has failed to transition from the research lab into real-world applications. In light of this review of both academic and industry literature, we suggest that future research should focus on identifying an acceptable level steganographic embedding for biometric applications, securing exchange of steganography keys, identifying and address legal implications, and developing industry standards. Investigation, I.M.; resources, C.V.; Data Curation, I.M.; writing—original draft preparation, I.M.; writing—review and editing, I.M., A.I., G.Z., W.Y., and C.V.; visualisation, I.M.; supervision, A.I., G.Z. and W.Y.; project administration, C.V.; funding acquisition, C.V., W.Y., and G.Z. paper


Introduction
Biometric authentication is a popular and reliable access control technique and has become a standard feature in smartphones [1]. These applications, and indeed any biometric-related applications, require the secure storage of biometric features in a digital database for subsequent biometric template matching [2]. The storage of such sensitive data, therefore, requires secure encryption to ensure confidentiality. During the transmission of the encrypted data, steganography can be used to further enhance the security of the biometric authentication system. Such measures can be in the form of embedding biometric data to a carrier object, such as the facial image, either related or unrelated to the individual being authenticated [3].
Biometric data, as with any individual's personal information, can be exploited by cyber criminals to conduct identity theft, and its monetary value makes it a commodity that can be traded in underground marketplaces such as the dark web. The dark web consists of a hidden network of websites which can only be accessed via certain browsers that provide anonymising features to help obfuscate user identification [4]. The most recent information available on the value of stolen personal information on the dark web shows, for example, that values range from approximately $5 for a credit card to over $1000 for an individual's complete medical history [5].
The theft of biometric data enables a cyber criminal to potentially conduct replay or substitution attacks through which he gains access to much of the personal information, e.g., the social security Figure 1. The defence-in-depth security model protects assets behind multiple defensive layers, each layer utilising a different strategy, so that if one layer is breached, overall security of the system is not compromised (Adapted from [6]).
There are advantages in amalgamating biometrics with steganography, such as augmenting the security of sensitive biometric information during transmission, and its adoption in real-world applications should be pursued. This paper aims to assess the current status of research in this field, determine why this work has not been embraced by industry, and assess whether the integration of biometrics and stegaography is a viable technology to strengthen layers of security.
The rest of the paper is organised as below. Sections 2 and 3 overview the principle methods used by biometrics and steganography respectively. In Section 4 we review our findings with regards to the integration of biometrics and steganography within the realms of academia and industry, discuss our subsequent interpretation of these findings. Section 5 assesses what future direction for research is required in this field, and the paper is then concluded in Section 6.

Overview
An individual's biometric characteristics can be utilised for identification and authentication purposes [7], of which there are two main categories: (a) Physiological, which uses certain physical identifying attributes. (b) Behavioural, which uses certain identifying attributes from an individual's movement or the manner in which they interact with peripheral devices.
Nowadays biometric technology has been widely used in different areas. For instance, it can be used to deal with challenges in the healthcare sector where doctors and patients can gain access to medical devices and systems by using their biometrics, e.g., fingerprints, instead of remembering and entering a complex password [7,8]. Meanwhile, the biometrics technology is also studied for the use of cattle identification and tracking in the agriculture sector [9,10].
The following sub-sections give a brief overview of the different biometric methods, for example, fingerprint authentication, facial recognition, and iris/retina recognition.

Fingerprint Authentication
The uniqueness of an individual's fingerprint, even between identical twins, has been exploited by law enforcement and forensic investigators for more than a century. Not only can a scan of a fingerprint be represented in an image format, but the key identifying points can be digitally captured at three levels [11].
Features from different levels can be utilised in fingerprint biometrics. Awad et al. [12,13] proposed to use singular points in fingerprint classification and compared the performance of different singular point detection methods. Among these features, minutiae points are commonly used in authentication because minutiae-based representation is efficient in terms of storage and computation [11,14].
Fingerprint authentication involves two stages: enrolment and verification [15,16]. During the enrolment stage, a fingerprint image is acquired from a sensor and is then processed in order to extract unique features. These features are regarded as a fingerprint template and stored in a secure template database. During the verification stage, the same process is followed to extract fingerprint query features. A matching process is performed by comparing the query features with the stored template and calculating a similarity score. If the score is higher than a pre-defined threshold, then the query fingerprint is considered to match the template, and the authentication result is 'success'. Otherwise, the authentication fails. Figure 2 describes steps in a fingerprint authentication process.

Facial Recognition
At its simplest form, facial recognition can be done manually to compare a photograph on an identity card with the face of the bearer of that card. However, the human face can also be represented digitally in the form of eigenfaces. Eigenfaces are constructed by performing principal component analysis (PCA) on a large set of facial imagery and are represented as a set of eigenvectors. They are, in effect, the sum of chosen components from a collection of standardised facial ingredients that best represent a subject's face [18].
Like fingerprint data, facial data can also be represented in both an image format and as digital data. A face-recognition system (FRS) follows a similar two-phase approach of enrolment and verification as applied in a fingerprint authentication process (see Figure 3).

Iris and Retina Detail
The iris and retina detail in an individual's eye is as unique as their fingerprint. Both of these characteristics can be used for identification and authentication purposes, with the registration process securely encrypting the iris and retina detail as a digital code. Not only is the iris a particularly accurate biometric parameter for authentication, but its physiological characteristics can be determined as an immediate liveness check [20].
An iris and retina recognition system again follows the enrolment and verification two-phase approach as applied in fingerprint and face recognition (see Figure 4). A fresh biometric sample is processed before unique identifying features are extracted. These features are then compared to template stored in a secure database for the matching and decision-making stages. . An iris recognition system will usually consist of eight modules, consisting of acquisition, preprocessing, normalisation, enhancement, feature extraction, template storage, feature matching, and decision-making stages [21].
Each of these methods again involve separate enrolment and verification phases, such as the example shown in Figure 5 which is related to keyboard dynamics. Recent advances in keyboard-dynamics research can amalgamate audio into the dynamics parameters to augment liveness checks to the authentication process [38].
The preferred choice of biometric technology is highly dependent on the application for which it is to be used. There are several parameters to consider:  Figure 5. Keyboard dynamics involves an enrolment stage in which a support vector machine (SVM) is used for the learning step and the output is stored in a template database. A verification stage compares the results of the SVM algorithm for a new biometric capture with stored templates. If the decision shows agreement, the data from the new biometric capture replaces the stored template to cater for changes in behavioural characteristics over time [39].

Advantages and Disadvantages of Typical Biometric Methods
All biometric methods have advantages and disadvantages which are summarised in Table 1.

Behavioural Characteristics:
Keyboard Dynamics • Ease of use.

•
Low accuracy negates recognition potential. • Can vary from one signature to the next, over longer time periods, or with changes in emotion.

Security of Biometric Authentication Systems
The majority of present-day authentication and verification systems are dependent on the 'something you have' philosophy, which requires users to remember multiple passwords or to possess tokens that, for example, generate one-time pin (OTP) numbers. Passwords, however, can be easily forgotten or can become compromised if they are written down. Tokens can be lost, so that access to the required services becomes unavailable until the token is replaced. An individual's biometric parameters, both physiological and behavioural, can uniquely identify a person using their personal characteristics so that there is no need to remember passwords or carry a token. These biometric traits do not need to be remembered and can rarely be lost (only, for example, through severe injury to fingers or eyes). While biometric user-authentication and verification is convenient to use, it does make the security of the digitised biometric data a critical matter. If this data is accessed by an adversary, it can be used to conduct attacks by various means. Akhtar (2012) [44] identifies the eight attack points which an adversary might exploit to compromise such a system as shown in Figure 6.
This use of the 'something you are' philosophy to diversify and add robustness to the user identification and authentication process requires each user's biometric parameters to be registered and securely stored in a template database.
Five main components are involved in a biometric authentication system: (1) An attack on the sensor.
(2) The resubmission of previously stored data (replay attack). Sensitive data is subsequently at risk throughout a biometric authentication system, and the security measures implemented to protect this data must cover all contingencies. Security can be applied in three ways: (a) Cryptography-the secure encryption of digitised data whereby the contents can only be decrypted if the recipient has the appropriate key. (b) Watermarking-the overt embedding of, for example, a visible mark in order to provide authentication of a biometric image. (c) Steganography-the covert embedding of, for example, digitised biometric data into a host image file so that the real purpose of the host image is obscured.
Of these cryptography and watermarking have been readily accepted by industry as proven techniques, and this will continue to be the case for all biometric authentication systems. Conversely, the use of steganography to provide additional security for biometric data in transit has struggled for even fundamental acceptance.

Overview
Steganography, the process of concealing sensitive information within a host or carrier medium, has been practised in various forms for centuries [45]. Of particular interest in the context of biometric authentication is the embedding of encrypted biometric data within a host image before transmission. The host image may or may not be related to the individual whose biometric data is being hidden. For example, the use of a facial host image of the individual concerned can augment identification for access control purposes [46]. Alternatively, a completely unrelated host can be used to keep the individual's identity a secret.
Combining steganography with other security techniques, e.g., cryptography or authentication, can improve the security level of a system significantly with a minimum overhead. Challita et al. [47] and Mahale et al. [48] studied the combination of cryptography and steganography in order to achieve a higher level security for a system. Pitropakis et al. [49] proposed an authentication scheme for a cloud-based environment by using two-factor authentication credentials (username, password and a key) where the key is hidden in a stego-message.
For steganography to be successful in the context of biometric authentication, the sole requirement is that the presence of the embedded data cannot be detected. However, the image output of the steganographic process commonly referred to as a 'stego' image, must also be resistant against the embedded secret information becoming irretrievable as a result of, for example, compression, tampering, or image distortion.
The following four generic embedding techniques can be found in the literature, particularly for image steganography:

Least Significant Bit (LSB) Embedding
Each pixel of a red-green-blue (RGB) image is represented by 24 bits, which is an 8-bit binary string covering decimal values 0 to 255 for each of the three red, green, and blue channels. The least significant bit (LSB) of one of these strings is the last (or right-most) binary integer that gives the unit value [50].
Deliberate alteration of the LSB, or indeed the last two binary digits, can be used to embed secret information into that pixel without the change being detectable to the human eye viewing the image [51].

Discrete Cosine Transform (DCT) Embedding
Discrete cosine transform (DCT) is a mathematical transformation which takes an image block in a spatial domain and transforms it into a frequency domain consisting of high, medium, and low-frequency components or sub-bands. JPEG compression is an example of where DCT is used, the process being shown in Figure 7. Each of these frequency sub-bands contains redundancies into which secret information can be embedded [52].
Once the embedding is complete, an inverse DCT algorithm is applied to transform the signal coefficients back to the spatial domain [52]. A cover image is divided into 8 × 8-sized non-overlapping blocks, each block is applied to DCT in a raster scan order, and the transformed DCT coefficients are quantised using a quantization table. As a result of this process secret data can be embedded [53].

Discrete Wavelet Transform (DWT)
Discrete wavelet transform (DWT) is a mathematical transformation which takes an image's wavelet in the spatial domain and transforms it into the frequency domain. However, the main difference between DWT and DCT is in the high-pass bands. DWT provides lower frequency resolution, but higher spatial resolution. It, therefore, contains fewer sub-bands compared to DCT but has improved spatial resolution [54]. Figure 8 shows how decomposition of the original image through mathematical transformation occurs.
As with DCT, DWT frequency sub-bands contain redundancies for embedding secret information. An inverse DWT algorithm applied after embedding returns the properties to the spatial domain [55].

Object-Oriented Embedding (OOE)
Research into the potential embedding capacity of different images led to the concept of regions of interest (ROI) [56]. In particular, it was found that areas of skin tone in colour photographs had the highest potential embedding capacity, and this is another facet in which one aspect of biometrics, namely face recognition, and steganography converge. The percentages and relative proportions of red, green, and blue components for individual pixels can be utilised to determine whether a pixel represents skin-colour or not. Different definition parameters apply according to lighting conditions (e.g., uniform daylight, angled daylight, or flashlight illumination), and skin type (e.g., fair or dark complexion) [57]. Figure 9 shows a step-by-step approach to object-oriented embedding proposed by Cheddad et al. [58]. This process involves the following steps, which includes a skin-segmentation method researched by Zhao et al.

Advantages and Disadvantages of Selected Steganographic Methods
Steganographic methods have advantages and disadvantages which are are summarised in Table 2. Parameters such as ease of implementation, processing speed, embedding capacity, robustness against image modification, and security are taken into account.

Integration of Biometrics and Steganography
The integration of biometrics and steganography had been addressed by very few research papers. This subject matter is also largely absent from digital libraries, standards, and industry articles in such fields as eHealth, law enforcement, and cyber security.
From the survey of literature selected, we can broadly identify the following main categories: (a) Types of biometric features utilised (b) Methods of steganography employed (c) Other methods or applications.
An overall summary of the methodologies (or sub-categories) found within these three main groups can be found in Table 3. The existence of any of the methodologies, as defined in each column, existing within each research paper, as defined in each row, was check-marked. The distribution of the total count for each sub-category within each main category is then shown in Table 4.
A graphical representation of the relative frequency that particular biometric, steganographic, and other pertinent features are shown in the Figures 10-12. Biometric feature types are dominated by fingerprint and facial data. This is likely due to these types being more accessible through online databases for research purposes. Steganographic methods are dominated by LSB, which are the techniques that have been researched the longest. Research into the more recent developments of DCT, DWT, and OOE are fairly evenly distributed. The almost ubiquitous use of cryptography for transmitting sensitive data is reflected in the distribution of other methods. The smallest portion being application-specific is reflective of the failure of the integration of biometrics and steganography to be embraced in the real-world setting.     Katiyar et al. [69] combined simultaneous cryptography and LSB steganography to propose a biometric and password security method applicable to an online voting system. Their system requires pre-existing biometric and key information at both ends of the system before voting takes place.
Secure online shopping systems as proposed, for example, by Ihmaidi et al. (2006) [64]. The Ihmaidi et al. [64] paper discusses a proposed online shopping system that involves a customer receiving an online shopping card and software. The software issues a unique electronic internet shopping card (EISC) image embedded with customer information, including a fingerprint scan, and transaction details. However, there are two problems: (1) the paper does not indicate whether the card issuer or the customer supplies the fingerprint scanner, and (2) the system ties the customer to the PC to which the fingerprint scanner is connected to conduct online shopping.
Akoura Biometrics Inc., founded in 2002, devised a software product that integrated steganography and biometrics [75]. Akoura believed at that time that they were the first company to combine these methods. Its software products were inspired by corporate concerns over the regulations on the safe and secure transmission of information in the health sector (as defined by the Health Information Portability and Accountability Act (HIPAA) 1996 [76]) as well as in the financial sector (as defined by the Gramm-Leach- Bliley Act 1999 [77]).
The Akoura system [75] required senders and receivers to be registered (i.e., it relied on pre-sharing of keys). They used steganography in combination with encryption to ensure security against man-in-the-middle attacks. If all permissions were satisfied, the receiver then used his or her fingerprint to decrypt the message and extract the hidden image or document. We were unable to find other systems, particularly in the health or finance sectors.
Our intuition at this stage was that, if industry had embraced integration of steganography for its privacy preserving and security enhancing capabilities, appropriate standards or policies would address its governance, for example in eHealth. The security and privacy of medical records are paramount to eHealth. Therefore, the following health related standards and committees were investigated: • Digital Imaging and Communications in Medicine (DICOM), the standard for the communication and management of medical imaging information and related data [79]. • Health Level Seven International, a framework (and related standards) for the exchange, integration, sharing, and retrieval of electronic health information [80].  [86].
The search of standards for biometrics/steganography integration was further expanded to encompass information technology (IT) as a whole. There are many standards specific to the various aspects of biometrics, such as ISO/IEC-17922 (telebiometric authentication framework using biometric hardware security module), ISO/IEC-19792 (security evaluation of biometrics), ISO/IEC-24745 (biometric information protection), and ISO/IEC-24761 (authentication context for biometrics) [87]. Additionally, it is notable that there are several standards for cryptography, for example ISO/IEC-15946 (cryptographic techniques based on elliptic curves), ISO/IEC-18033 (encryption algorithms), ISO/IEC-19772 (authenticated encryption), and ISO/IEC-19790 (security requirements for cryptographic modules). However, there are no equivalents for steganography [87]. Our interpretation of this finding suggests that this may be indicative of biometrics and cryptography being considered as industry-proven, whereas steganography is being undermined by a perception that it is not a mature technology.
The integration of biometrics with steganography can be achieved in two principle ways [58,63]: (a) The embedding of digitised and encrypted biometric data into an image of the individual being authenticated to diversify access control verification. (b) The embedding of digitised and encrypted biometric data into an image unrelated to the individual for the covert transmission of sensitive data.
Most of the research utilises fingerprint minutiae and face images (in either an image format or represented by Eigenfaces). This is mainly due to these features being the most readily available online datasets (both real and synthetic) for research purposes, such as from the Biometric System Laboratory at the University of Bologna [98], and the Pattern Recognition and Image Processing Laboratory at Michigan State University [99]. It may also be a factor that scanners for fingerprints and facial recognition tend to be cheaper than comparable hardware for other biometric inputs.
Skin-tone detection is a biometric method employed by five of the reviewed papers (see Table 3). Not only is skin tone particularly useful for embedding data using steganography, but it also has multiple applications in its own right, particularly as part of facial recognition. Cheddad et al. (2009) [58] list the following scenarios in which this technique can be applied:

•
Video surveillance. However, none of these applications utilise steganography. There is, however, a correlation between skin-tone detection biometrics and DWT-based steganography. This suggests that DWT is the preferred embedding method for skin-tone biometrics, as opposed to spatial-domain based steganography where residual visual artefacts are at risk as a result of embedding. Ihmaidi et al. (2006) [64] and Katiyar et al. (2011) [69] propose application-specific usage of integrating biometrics and steganography, namely online shopping and online voting systems respectively. However, as discussed in Section 4, neither of these approaches appear to have been translated to a real-world application.
Indeed, it seems that the efforts invested in research developing the integration of biometrics with steganography have not led to a proportionate usage of the techniques in the real world. It is unclear why this should be the case. There may, of course, be a desire to keep the use of steganography secret. However, as an example, since the embedding of eHealth digital data into a cover image or the embedding of data into an eHealth cover image both have the potential to affect the integrity of the eHealth data itself adversely, then there should be accepted standards, policies or procedures in place. These do not appear to exist. The use of cryptography to encrypt data is, at least for the time being, seen as a sufficiently secure method for the transmission of sensitive information.
The research reviewed assumes that pre-sharing of a key or keys takes place between a sender and a receiver so that the receiver can extract hidden content from a stego image and decrypt the output. If the pre-shared key(s) is(are) intercepted, then subsequent transmissions will become compromised. Only Al-Assam et al. (2013) [73] propose a method using biometrics and steganography to ensure secure mutual authentication and key exchange between a sender and a receiver, but this is only true after the first communication, before which an initial one-time key K o still needs to be shared. Despite this, the issue of pre-sharing of keys applies equally to cryptography as it does to steganography. The widespread integration of biometrics with cryptography in the real-world as opposed to the apparent lack of uptake of biometric/steganographic systems cannot be explained by issues with key-sharing alone.

Future Direction
In light of our review, we suggest that the current research efforts should focus on the following four key areas: (a) Acceptable level of embedding: the capacity to embed data in a cover medium, such as a facial image, varies depending on multiple factors, such as the resolution, dimensions, and content of the host image, as well as the embedding technique employed. The tolerance for the distortions caused by embedding can therefore vary depending on the application. For example, biometrics authentication using facial images could have a higher tolerance compared to eHealth medical imagery, where the slightest foreign visual artefact could lead to a misdiagnosis. (b) Secure steganography key exchange: one issue that still needs to be resolved is that of the initial stego key exchange, otherwise known as the prisoner's problem [100]. Various authors have tried to address this conundrum in recent years, but it remains a field of active research to this day. Nonetheless, this issue applies equally to cryptography, where a public/private key exchange is necessary to enable encryption and decryption between a sender and a receiver.
(c) Legal implications of source alteration: steganography essentially manipulates the source medium (i.e., a facial image or patient medical imagery), consequently rendering the data at the sender and receiver different. The integrity of the data is therefore altered, which raises concerns, for example, from a forensic perspective. Therefore, further research is required to determine and introduce provisions into the current legal framework to accommodate steganographic alteration of data. (d) Industry standards: finally, existing standards need to be extended and/or new standards introduced to govern the use of steganography. Perhaps we are still far from industry adoption of steganography in real-world applications. However, the best approach is to be prepared early rather than relying on impulsive reactions as issues arise.
By expanding and intensifying research into these areas, industry will be provided with the confidence to adopt steganography in real-world applications, thereby enhancing the security and privacy of individuals and biometric systems.

Conclusions
Given the risk that stolen biometric information can be exploited by cyber-criminals to perform, for example, replay attacks, the security of an individual's biometric data is paramount. While the technology of biometric sensors continues to improve, such as encompassing 'liveness' checks, steganography can add a layer to the defence-in-depth model to heighten security.
Our research has identified two primary applications combining biometrics and steganography, which are access control and the transmission of sensitive eHealth/biometric data. However, neither of these applications have made the successful transition from the laboratory to the real-world setting. Proposed models for e-voting and e-shopping are included in this review, but neither of these or similar systems have been implemented as yet. In the future new applications in fields not yet envisaged may tender more readily-accepted opportunities for the integration of biometrics and steganography to be utilised.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: