Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Contents lists available at ScienceDirect

Journal of King Saud University –

Computer and Information Sciences
journal homepage: www.sciencedirect.com

CAB-IoT: Continuous authentication architecture based on Blockchain

for internet of things
Fatimah Hussain Al-Naji a,⇑, Rachid Zagrouba b
a
Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
b
Department of Computer Information Systems, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam
31441, Saudi Arabia

a r t i c l e i n f o a b s t r a c t

Article history: Raising incidents of security threats among active sessions is an increasing concern in IoT environment.
Received 24 August 2020 Continuous authentication was introducing to be superior to traditional authentication schemes by con-
Revised 1 November 2020 stantly verify users’ identities on an ongoing basis and spot the moment at which an illicit attacker seizes
Accepted 10 November 2020
control of the session. However, several challenges remain unsolved. This research aims to investigate the
Available online 19 November 2020
power of Blockchain technology to provide real-time and non-intrusive continuous authentication for the
IoT environment. Accordingly, a distributed and scalable continuous authentication solution based on
Keywords:
Blockchain technology called CAB-IoT was proposed. It enabled fog nodes layer that tackles the limita-
Blockchain
Continuous authentication
tions of IoT resources by providing localized processing of heavy continuous authentication-related tasks
Face recognition for a group of IoT devices. Besides, CAB-IoT introduced a trust module that depends on the face recogni-
Internet of things tion machine learning model to detect outliers and abnormal access. Moreover, mutual authentication
Machine learning between end-users and fog nodes is also designed, as well as secure communication between the authen-
ticated nodes. The results demonstrate a lightweight continuous authentication solution that achieved
the desired balance between security and performance requirements where it was observed in a real-
world environment for truly performance results. Security analysis and attack analysis are also consid-
ered during the evaluation.
Ó 2020 The Authors. Published by Elsevier B.V. on behalf of King Saud University. This is an open access
article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

1. Introduction
Internet of Things (IoT) environment merges the digital and
physical universes and enabling them to communicate real-time
data, this makes security and privacy concern critical aspects that
cannot be neglected. To illustrate, smartphone store a significant
amount of personal data and it could be pair with a smartwatch
to exchange data between them, these sensitive data should be
accessed only by legitimate users, a vulnerability in one of them
can directly affect the connected device. Consequently, the IoT
device needs a unique identity that can reliably identify the legit-
imate user, thus authenticating the legitimacy of the access
request. Besides, it would prevent malicious usage if the IoT device
is robbed. It is crucial to constantly ensure that, the user is not
impersonated which brings a particular type of authentication
known as continuous authentication.
The traditional authentication scheme authenticates the legiti-
macy of an entity statistically at the beginning of the communica-
tion session and decides either it is authenticated or not. Therefore,
they are vulnerable to security threats such as hijacking attacks,
which take control of the active sessions. Accordingly, there is an
urgent need to tackle this weakness by continuously authenticate
the identity of the connected nodes during the whole session. It
must be considered that the continuous authentication scheme

⇑ Corresponding author.
E-mail addresses: [email protected] (F. Hussain Al-Naji), [email protected] (R. Zagrouba).
Peer review under responsibility of King Saud University.

Production and hosting by Elsevier

https://doi.org/10.1016/j.jksuci.2020.11.023
1319-1578/Ó 2020 The Authors. Published by Elsevier B.V. on behalf of King Saud University.
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
F. Hussain Al-Naji and R. Zagrouba
proposed to complement and reinforce static scheme not to
replace it, and it has two types of communication models namely:
device-to-device model and user-to-device model.
In the IoT ecosystem, the user-to-device communication model
identified several opportunities and challenges regarding the
authentication process as opposed to the device-to-device model.
Several schemes aim to authenticate users continuously in real-
time with the help of IoT devices to prevent impersonation attacks
or illegal access to the IoT environment from both anonymous and
known users. The proposed IoT-based user-to-device continuous
authentication solutions are largely focused on the performance
of the authentication decision. More specifically, the reviewed lit-
eratures evaluate the performance either on a fixed number of user
actions, or over a chunk of test dataset, and others evaluate the
results in terms of Equal Error Rate (EER), False Acceptance Rate
(FAR), and False Rejection Rate (FRR) over the test data set which
consequently allows an imposter to carry out a variety of unautho-
rized actions before the system recognize his/her identity for the
first time, this considered as a parodic authentication rather than
CA procedure. Accordingly, there is a lack of detecting unautho-
rized access as short a few times as possible continuously in
real-time.
IoT devices have limitations in terms of storage, computation,
and battery which differ between devices. In this regard, portable
devices are the most preferred device selection for CA, smart-
phones in particular (Gonzalez-Manzano et al., 2019). While wear-
ables and implementable devices are considered as the most
constrained IoT devices, usually rely on a powerful third-party ser-
ver, cloud-based infrastructure, or even another portable device to
carry out the computation process either partially or completely.
Accordingly, there is a need for a lightweight CA approach for the
user-to-device communication model. Behavioral biometrics is
receiving high attention as a unique feature identified by each user.
Recalling the previous point, matching the selected feature with
the appropriate device to extract it is a crucial evaluation. This type
of analysis has been presented in reference (Gonzalez-Manzano
et al., 2019), portable devices stand out to be suitable for all col-
lected features as a result of the variety of sensors they have, the
ease of their use, and their economic price.
Recently, Blockchain technology took a step toward wider
applications in various areas, including the IoT (Khan et al.,
2020). More succinctly, Blockchain technology prevents unautho-
rized data tampering and improve system integrity and immutabil-
ity. The use of cryptographic algorithms and decentralized peer-to-
peer networks make Blockchain technology a very safe and secure
way to store and maintain data for the IoT systems. Moreover, it is
a strong solution to reliably conduct the authentication process
without a central authority and overcome single-point-of-failure,
where it is unsuitable to depend on a centralized scheme for con-
stantly growing systems. The data on Blockchain represents the
core, and the IoT depends on information like this to function prop-
erly. The Blockchain is currently developing into a kind of universal
authentication technique (Khalid et al., 2020), since it contains a
database entry for each transaction, it will be easy to search for
patterns in real-time as needed which consequently detect anoma-
lies early or near real-time.
This research aims to investigate the power of Blockchain tech-
nology to provide real-time and non-intrusive continuous authen-
tication for the IoT environment. However, integrating Blockchain
technology into the IoT environment for continuous authentication
purposes arise several challenges that must be taken into consider-
ation to prove its usefulness. Among them, the use of events com-
ing from IoT devices to create precise users’ behavior profiles in
real-time, and as the continuous authentication performed fre-
quently and the IoT devices are resources constrained. Accordingly,
it is necessary to adopt a lightweight mechanism to reduce
2498
Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514
resources consumption of IoT devices. The main contributions of
this research are the following:

CAB-IoT proposed mutual initial static authentication between
end-users and fog nodes to establish a secure encrypted channel
between them, whereby access tokens are issued by the smart
contract with no intermediary or trusted third party.

This research presented the key role of the overall architecture
components including the architecture design, sequence dia-
grams that illustrate the interactions among the participants,
and the exchanged information, as well as the design process
of the face recognition Machine Learning (ML) model.

Several experiments that demonstrate the applicability of the
proposed architecture to continuously authenticate a user in
an IoT enabled environment showing real-time confidence eval-
uation, minimum time required to authenticate a user, and low
resources consumption.

This research analyzed the security of the proposed solution
and showed how it achieves major security goals and its ability
to overcome different common attacks that target the IoT
environment.
The rest of this paper is organized as follows. Section 2 dis-
cusses the related work. Section 3 describes the design adopted
by this research, outlines the overall methodology to be used, dis-
cusses the solution design, and presents some definitions of the
proposed architecture is more detail which will be subsequently
defined as layers to shape the key role of its major components.
Moreover, this section lists the instruments of the study and justi-
fies their usage, provides the description of the applied dataset,
outlines the procedure in detail, and shows the interaction dia-
grams and the exchanged information between architecture com-
ponents. Section 4 highlights the main settings that were made
to apply the proposed solution in the Ethereum platform, provides
the performance results, and an analysis of the security aspects of
the proposed solution. Finally, the limitations and the future work
are presented in the conclusions in Section 5.
2. Related work
Authentication is an imperative security requirement that
should be applied for the whole IoT architecture (El-hajj
et al.,2019). It is crucial for the authentication between the end
devices and the gateway device. The gateway should authenticate
itself while transmitting data to the cloud, and the application
node should be authenticated to the cloud to gather data for anal-
ysis (Xu et al., 2014). In the IoT ecosystem, the user-to-device com-
munication model identified several opportunities and challenges
regarding the authentication process as opposed to the device-to-
device model (Gonzalez-Manzano et al., 2019).
Several schemes aim to authenticate users continuously in real-
time with the help of IoT devices to prevent impersonation attacks
or illegal access to the IoT environment from both anonymous and
known users. IoT devices are characterized by limited resources in
terms of storage, computation, and battery. In particular, wear-
ables and implementable devices are the most constrained IoT
devices where they have few MHz of CPU, few 10 s of KB of
RAM, and few 100 s KB of ROM (Xu et al., 2014; Shafagh et al.,
2017). Portable devices, specifically smartphones, and tablets are
the most used in the IoT user continuous authentication applica-
tions, this could be due to their wide usage versatility. Followed
by wearable devices like smart bracelets in reference (Brown
et al., 2017), general wearables with the accelerometer and the
gyroscope sensors in references (Brown et al., 2017; Matsuyama
et al., 2015; Mosenia et al., 2017; Mukherjee, 2017), smart glasses
F. Hussain Al-Naji and R. Zagrouba
in references (Van Hamme et al., 2017; Chauhan et al., 2016)
smartwatch in reference (Acar et al., 2018), wearable voice device
in reference (Feng et al., 2017). Regarding the external devices, like
surveillance cameras utilized in references (Feng et al., 2017;
Ashibani et al., 2019) besides portable devices, non-contact radar
to capture cardiac motion in reference (Lin et al., 2017), and smart
kiosk in reference (Phan et al., 2015). It is noticeable that reference
(Camara et al., 2018) use a smartphone beside a wearable device to
overcome the limitations of its constrained resources and improve
processing capabilities.
However, some of the challenges in providing an IoT system with
security service is the efficiency of computation and communication.
These challenges should be addressed carefully as many resource-
constrained devices are usually involved in IoT systems (Al Salami
et al., 2016). The utilization of emerging technologies through the
application of Blockchain technology and fog computing can provide
a practical solution ensuring the security requirements of the IoT
environment (Zhang and Chen, 2020; Aceto et al., 2020). Blockchain
represents a promising technology to provide security in an IoT envi-
ronment where its information is about the composition of dis-
tributed IoT services (Xu and Viriyasitavat, 2019) which
consequently matches the decentralized infrastructure and dis-
tributed general ledger agreement of Blockchain technology (Lu,
2018). Also, its smart contracts offer opportunities to improve the
reliability of IoT applications (Viriyasitavat et al., 2019). Authors in
(Camara et al., 2018; Al Salami et al., 2016) investigate how Block-
chain technology could be integrated into different IoT use cases, uti-
lizing its features in IoT environments, and a list of the advantages
and limitations of its usage in IoT platforms. Similarly, in (Xu et al.,
2018), the author utilized Blockchain’s features to propose a dis-
tributed storage system for large-scale IoT applications based on
Blockchain technology. While authors in (Salah et al., 2019), propose
a Blockchain-based framework to enable a seamless integration of
business transactions and workflows in the agricultural supply chain,
the results showed an efficient trace and track process. In (Hardjono
and Smith, 2016), the authors proposed a privacy-preserving method
based on permissioned Blockchain to share IoT sensors data between
device owners and the service providers through cloud ecosystems
securely. However, it achieved full anonymity of the communicating
devices, while it is not adapted for the cases that required identifying
the devices. As well as in (Huh et al., 2017), the author proposed an
idea based on Blockchain which relies on the smart contracts to
define the actions of each connected object when using the system
in complete anonymity.
2.1. Blockchain for authentication in IoT
Bubbles of Trust system in Hammi et al. (2018), aims to provide
secure virtual zones to authenticate the connected devices in IoT envi-
ronments securely. The approach is based on public Blockchain. Thus,
it is utilized from its security characteristics and it has the feature to
be applied in a wide range of IoT contexts. Besides, the evaluation
results proved its efficiency, ability to satisfy IoT security require-
ments, and its lowest cost. The approach suffers from its adaptability
to real-time applications, since validating the sent messages depends
on the consensus needed time which takes almost 14 s.
While in Wu et al. (2018), the author identified an out-of-band
two-factor authentication scheme, where even if the first authenti-
cation factor fails (e.g. the passcode or access token is stolen), the
second factor will prevent the malicious devices by checking the
relationship information stored in the Blockchain, which in turn
overcome single point failure problem exists in the centralized ser-
ver. The evaluation of the proposed scheme showed that the mem-
ory overhead is well acceptable.
2499
Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514
2.2. Blockchain and fog cloud for CA in IoT
In Agrawal (2018), the Blockchain utilized to provide continu-
ous and seamless user authentication in the IoT environment as
well as controlling the access to smart buildings. Each interaction
from the legitimate user (i.e., in terms of gates behavior) within
IoT-zones is recorded from their devices as a transaction in the
Blockchain to generate the user’s IoT-trail, IoT-hubs is used as a
third-party platform to perform the continuous authentication
process. Markov chain and LSTM models are applied on a public
gait dataset to improve generating a unique digital crypto-token
for the user to access the system. The proposed mechanism
achieved better accuracy under the LSTM model with 99.30%
accuracy.
In (Nikouei et al., 2019), the authors proposed a novel decen-
tralized mechanism to verify the real-time video frames of the
surveillance systems. The distributed sensor devices aim to track
and detect surveillance video events continually, which results in
difficulty in determining suspicious objects from thousands of
video frames. The authors used a real-time indexing service to
assign a unique index for each extracted feature, so the images
are not vulnerable to malicious modification after their index table
is hashed via smart contact and store in the Blockchain for future
authentication purpose. It is noticed that the data analysis process
is deployed in fog nodes as they have more computational capabil-
ities. The results showed the low overhead of the proposed solu-
tion while it authenticates the video data continually in real-time.
In fog cloud solutions, scalability is a key issue, and the scalabil-
ity of cloud resources and fog nodes becomes important to meet
the workload of IoT data. Authors in (Salah, 2013); proposed an
analytical model that aims to determine the minimal number of
cloud resources needed to satisfy the response time based on finite
queueing systems. Moreover, authors in (El Kafhali and Salah,
2017), proposed a stochastic model based on queuing theory that
aims to analyze the performance in cloud data centers by modeling
it with an open queuing system that can be used to estimate the
expected Quality of Service (QoS) guarantees the cloud can offer.
3. The proposed CAB-IoT
This research is an applied research and based on experimental
design.
3.1. Overall methodology
The overall CAB-IoT proposed Blockchain-based user continu-
ous authentication architecture is shown in Fig. 1. Aiming to pro-
vide an efficient continuous authentication for the IoT
environment, CAB-IoT proposes a distributed architecture that uti-
lizes Blockchain technology to avoid the need for an intermediary
or a trusted third party, therefore it will provide high trust and
availability. The selection of Ethereum Blockchain specifically
because of its ability to assign a unique Ethereum address (i.e.,
with public and private keys) for every participated node which
supports creating custom tokens-based access that enhances the
security factor in IoT (Fotiou et al., 2019). Moreover, Ethereum car-
ries out transactions relatively fast where its block time is between
10 s and 20 s, while other Blockchain networks take about 10 min
(Ozyilmaz and Yurdakul, 2019). Besides, Ethereum’s design sup-
ports the scalability feature as it uses block gas limits (e.g. com-
plexity needs, storage needs, and bandwidth usage) for every
transaction’s cost (Anthony Heston, 2019). This research is going
to implement a private Ethereum network using the proof of
authority consensus instead of the more familiar proof of work
consensus. Private Blockchain is simple and provides more advan-
F. Hussain Al-Naji and R. Zagrouba
tages comparing to the public networks where it improves security
and privacy as well as provides much faster computing time,
cheaper cost, and greater scalability (Larmuseau et al., 2019).
Furthermore, the proposed architecture will enable fog nodes
layer which can augment resource-constrained limitations of IoT
devices by providing high storage and computing capabilities and
networking as well. Besides, fog nodes will provide scalability to
the proposed architecture and carrying out the heavy continuous
authentication-related tasks and communication with the Blockchain
network. As the fog nodes will be deployed near to IoT devices and by
using an ML model, fog computing will provide real-time learning
from IoT devices data more effectively than cloud computing which
causes latency in response time to IoT devices.
3.2. Solution design
The proposed architecture design details consist of the follow-
ing main components: the cloud, fog nodes, Blockchain network,
IoT devices, admin, and end-users. All components have a unique
Ethereum address and connect with the Ethereum smart contract
through an EC directly except the IoT devices which interface with
the smart contract indirectly. Fig. 2 shows the block diagram of the
proposed architecture. The key role of the architecture components
illustrated as the following:
1. The cloud: store non-real-time data transactions for big data
business logic analysis. The proposed solution considers a
real-time continuous authentication process where the fog
nodes layer provides localized control response to the IoT
devices.
2. Admin user: the admin user maps each IoT device to one fog
node, give permissions through the smart contract to the end-
users to access IoT devices. The owner of the smart contract will
be responsible to initiate and deploy it and we assume he/she
can add multiple admins with management control according
to the business requirements.
3. End-users: request access permission to certain IoT device via
the smart contract. Then, the user will have access to permis-
sion after the authentication process at the responsible fog
node.
4. IoT devices: each device belongs to a fog node. Since IoT devices
have limited resources, they are unable to run Blockchain.
Accordingly, the fog nodes layer is enabled as an agent of IoT
devices.
5. Fog nodes: are directly connected to the Ethereum smart con-
tract and act as an interface between IoT devices and Blockchain
network to relives IoT resource-constrained devices from the
continuous authentication load process. Fog nodes are charac-
terized by having high-performance capabilities so that they
will be able to handle multiple simultaneous requests of the
continuous authentication process. The proposed CAB-IoT is
similar to (Almadhoun et al., 2019) where they leverage fog
nodes layer to manage accessing IoT devices, but CAB-IoT host
the face recognition ML model where each fog node trains the
model and the classification parameters are shared with the
neighbor fog node rather than having a coordinating node
which will affect all the connected fog nodes and make the sys-
tem vulnerable to risks if it is hacked or manipulated in an
unauthorized manner, but in CAB-IoT, it affects only the neigh-
bor fog node which is relatively easier to handle. The generated
face similarity score will be primarily utilized for the continu-
ous authentication process, where the similarity threshold will
be synced with Blockchain which in turn will immediately
detect if the similarity score goes below the threshold. The gen-
erated comparison result will be the input in the access decision
2500
Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514
Fig. 1. Overall proposed architecture.
module to determine whether continuing access or lockout the
user from accessing the device. More details will be explained
in the solution procedure in Section 3.5.
Regarding the selection of the biometric modality, in Al
Abdulwahid et al. (2015), the author has presented chronological
evolution of the selected features that are taken to create an iden-
tifier for authentication in IoT starting from 2009 to the end of
2019. The evolution showed the widespread of using humans’
behavioral data, keystroke dynamics were considered most suit-
able for continuous behavioral biometric authentication
(Deutschmann et al., 2013). Also, mobile devices data is used to
some extent, specifically touch-screen events. However, humans’
physiological data has significant growth in the last few years
offering robust, unique, and secure identity verification.
The most common physiological biometric modalities are fin-
gerprint, iris, and face (Sundararajan et al., 2019). Selecting the
most effective biometric modality is a prerequisite for maximizing
the efficiency of deployment success. Continuous authentication
systems should not require the user’s active involvement to
authenticate users continuously (Niinuma and Jain, 2010). Every
biometric modality has its strengths and drawbacks as the follow-
ing (Mondal and Bours, 2015):

Fingerprint recognition is the most popular physiological
modality as it is relatively inexpensive and has a small template
size that provides fast matching, but it does need a high degree
of user involvement and it is easy to spoof.

Iris stands out from the others in terms of accuracy and stability
throughout our lifetime, but it is relatively expensive and diffi-
cult to perform at a distance larger than the specified distance.
Also, in other circumstances, it works by holding an iris scanner
device or looking into the camera which consequently requires
active user involvement.

Face modality is more desirable for a continuous authentication
process, where there is no contact required for facial recogni-
tion like there is with the previous modalities, it offers a quick,
automatic, seamless, and user-friendly verification experience.
As well as it enables to authenticate people in real-time and
from a distant location (Meenakshi, 2013). Accordingly, face
modality will be used in the proposed solution.

Blockchain network: the proposed CAB-IoT is based on the
Ethereum Blockchain, its platform consists of the following
(Zhang et al., 2019):
F. Hussain Al-Naji and R. Zagrouba
Fig. 2. Block diagram of the proposed architecture.

Ethereum accounts: which are controlled accounts and smart
contract accounts, both accounts are identified by a 20-bytes
address.

Smart contract: is a program stored inside the Blockchain and
function similarly to the real word contracts to reach the pre-
defined goals. It has ABIs to access its functions by sending a
transaction or a message from Ethereum accounts.

Blockchain ledger: every node in the network has a local copy
of the Blockchain.
In the proposed solution, the process at the Blockchain layer
divided into three stages which are the following:
a) Registration stage.
b) Static authentication stage.
c) Continuous authentication stage.
As shown in Fig. 3, the smart contract receives and responses to
requests from the end-user or fog nodes to perform different kinds
of transactions (e.g., registration, static authentication, and contin-
uous authentication).
3.3. Instruments
The experimental study will be carried out using the Anaconda
platform to pre-process the data and to simulate the face recogni-
tion ML model using Python language. The development IDE is
Jupyter Notebook which provides a presentational and interactive
environment. TensorFlow distribute strategy will be applied to
implement the distributed processing where the nodes will update
the model parameters after training the data (Xia et al., 2017). The
dataset will be sliced into several chunks and TensorFlow dis-
2501
Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514
tributes strategy to allow the nodes to exchange and update the
parameters, where each node will train the data chunk locally
and save the parameters, then exchange the parameters with the
next node which will use the received parameter to train the next
data chunk. Then, the ML model will be deployed as a web service
in the Azure cloud by using Azure Machine Learning Workspace.
Regarding the Blockchain network layer, Microsoft has been
investing a lot into the development of Azure Blockchain service
or even the Ethereum network. Azure Blockchain Development
Kit for Ethereum will be used for building the Blockchain network
and deploying the smart contract on top of it where Azure Block-
chain Workbench REST API able to initiates calls to the ledger,
and sending data from the external system to a specific contract
hence neither Blockchain nor smart contract can access data from
outside their network. Besides, Azure Blockchain Development Kit
provides an easily accessible test environment and offers a graph-
ical user-friendly interface for running Ethereum test scenarios and
exploring the Blockchain network. Moreover, Azure Monitor ser-
vice includes a set of performance charts that target several key
KPIs to determine how well the solution is performing at the entire
network level or node level.
3.4. Dataset description
The dataset that will be used in this research is the AT&T Data-
base of Faces provided by the Olivetti Research Laboratory, Cam-
bridge, UK (AT&T Laboratories Cambridge, xxxx). It contains
64  64 pixels grayscale face images of 40 people with no class
labels and scaled to a common size. Fig. 4 shows a face image for
every 40 distinct people in the dataset.
There are 400 images in the dataset, 10 images for each person
in a different direction, under different light conditions, they have
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Fig. 3. The interaction between system nodes and Blockchain.

different facial expressions (e.g., happy, sad, embarrassed, or
angry), and facial details (e.g., wrinkles, eyebrows, or eyeglasses)
aiming to have variations on those images which add robustness
of the applied face recognition system as shown in Fig. 5 which
shows 10 face images of selected subjects.
3.5. Procedure
This section describes the procedure across and within fog
nodes and Blockchain layers. It is divided into two parts, namely:
the face recognition model which is held in the fog nodes layer,
and the authentication which is consists of static authentication
and continuous authentication.
3.5.1. Face recognition model
To reduce the power consumption and achieving a small delay
for the IoT applications, fog computing could apply ML in their
operations to utilize the readily available data and computing
resources (La et al., 2019). CAB-IoT applies ML face recognition
model that is working on verification mode to authenticate the
user’s identity by matching the claimed identity image against
the images that correspond to it in the template database. The pro-
cess flow of the face recognition system is shown in Fig. 6.
The whole process divided into pre-processing and recognition
stages as the following [160,161]:
a) Preprocessing stage: CAB-IoT is going to deal with gray-
scale images that are first processed in the face detection
module to separate the face area from the background seg-
ment and detect the size and pose for each image. Then,
the face alignment module aims to provide more accurate
localization of the facial components, such as eyes, nose,
mouth, and facial outline. Fig. 7 illustrates face detection
and alignment processes.
b) Recognition stage: will start by extracting useful features
that distinguish between different faces from the aligned
face which is generated from the preprocessing stage. This
stage consists of the following modules:

Feature extraction module: CAB-IoT is going to apply the
eigenface algorithm by using the PCA technique. It is one of
the most important dimensionality reduction technique, where
the huge amount of data which is hard to process reduce to a
smaller amount while keeping as much of information as possi-
ble (Jolliffe and Cadima, 2016). PCA is a kind of classical feature
extraction and it is an unsupervised learning algorithm widely
applied in computer vision area such as face recognition, it is
a proven way to improve the accuracy of identifying and verify-
ing face-based models in ML (Zhang et al., 2020). The key
advantages of PCA that make it a suitable selection for face
recognition system in the IoT environment are the following
(Karamizadeh et al., 2013):

Fig. 4. A face image for every 40 distinct people in the dataset.

2502
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Fig. 5. Various face images of selected subjects.

Fig. 6. Face recognition process.

- Reduction of noise since it focuses to find a projection that
maximizes the total variance of the projected data so the
small variations in the background are ignored automati-
cally making the process faster and give better accuracy.
- The decreased requirements for computations, time com-
plexity, as well as memory capacity where only the pro-
jected trainee images are stored on a reduced basis.
- All principal components are orthogonal to each other, so it
avoids redundant information, which subsequently pro-
vides radical data compression thus, allows narrow band-
width communication channels to transfer a huge
amount of data (Alabi et al., 2015).

Classification module: CAB-IoT is going to split the dataset into
80% for training and 20% for testing which is a common ideal
practice in data science. In the classification module, the
extracted feature vector of the input face image is matched
against those of enrolled face images in the template database,
verifying the face when a match is found with sufficient confi-
dence or as an unknown face otherwise (Arjun et al., 2010).
As shown in the literature review, classification algorithms are
the preferred selection for continuous authentication enforce-
ment, SVM classifier is one of the most used classifiers and
showed the highest accuracy and perform faster prediction
compared to other classifiers. Several researches have been
done on face recognition by SVMs and satisfying results have
been reported (Dadi and Mohan Pillutla, 2016). Moreover, the
SVM classifier has efficient usage of memory where it uses a
subset of the training data in the decision function called sup-
port vectors (Suthaharan, 2016). Basically, it finds the maxi-
mum margin of the hyperplane which separates the data
points into classes as shown in Fig. 8.
One of the critical challenges of the SVM classifier is the neces-
sity of determining the components that relatively determine its
performance which is the appropriate kernel function and the
value of soft margin parameter C to guarantee high accuracy (Lee
et al., 2012). Accordingly, to minimize their impact, CAB-IoT is
going to apply an enhanced SVM classification approach by replac-
ing the separating hyperplane as the decision-making function
with Euclidean distance function (Lee et al., 2012). Fig. 9 illustrates
the Euclidean-based approach.
Face images dataset must be pre-processed and converted to a
numerical format for both training and classification purposes so
they could be mapped into a vector space. Besides, PCA dimension-
ality reduction of the data will be applied to decrease the compu-
Fig. 7. Face detection and alignment processes (Jaha and Ghouti, 2012).

2503
F. Hussain Al-Naji and R. Zagrouba
tation time of computing as discussed earlier in the feature extrac-
tion module.
During the training phase, training data points will be fit into
the SVM algorithm and mapped into support vectors for each cat-
egory, and discard unidentified data points. During the classifica-
tion phase (Lee et al., 2012), a new unlabelled data point will be
pre-processed and fit into the classification module where the
Euclidean distance function which is illustrated in Eq. (1) is used
instead of the conventional SVM decision function where pi and
qi are the coordinates of P or Q in dimension n
vffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
!ffi
u n
u X
D¼ t ðpi  qi Þ 2
ð1Þ
i¼1
The average distance between the new data point and the set
SVs of each of the categories will be calculated to label the data
point with the category whose distance is less.

Feature matching module: CAB-IoT is going to apply identity
verification. It is important to note that, SVM is a binary classi-
fier. It is traditionally used to classify a two-class pattern and
returns the class of the object. While face recognition belongs
Fig. 8. Illustration of SVM classifier (Suthaharan, 2016).
Fig. 9. Block diagram of the Euclidean-SVM classification approach.
2504
Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514
to M class problems, where M is the number of individuals.
Accordingly, CAB-IoT is going to formulate face recognition
problems in a different space (Phillips, 1999) as a binary class
problem instead of the traditional face space approach which
encodes each facial image as a separate view of a face. The
two classes in the different spaces are dissimilarities between
face images of the same user and dissimilarities between face
images of different users. These classes will be the input to
the SVM algorithm. Then, the decision surface generated by
SVM will be re-interpret to generate the similarity score
between two face images which is the basis for verification
and identification purposes. To clarify better, as shown in
Fig. 10, if the similarity score which is the output of the compar-
ison function equals the specified threshold or higher, the cap-
tured face image matches the template which means the same
person. Otherwise, the result is non-match.
3.5.2. Authentication
Authenticating a user in the proposed solution is token-access
based which is generated by the smart contract. More details will
be described in Section 3.6. While the user’s token which is used
in the static authentication as one-shot authentication, the charac-
teristic of the continuous monitoring excludes it for this task.
Instead, CAB-IoT is seeking a biometric trait-based approach. In
the continuous authentication system, it is more important to rec-
ognize when an imposter is detected rather than an imposter is
detected (Bours, 2012). For the proposed solution, CAB-IoT focuses
mainly to detect unauthorized access as fast as possible within a
few times as possible.
In data science, anomaly detection is widely applied using var-
ious statistical techniques and ML algorithms. However, in IoT, the
explosion of the generated data over time made this task more
challenging. CAB-IoT introduces a trust module for user continuous
authentication. The access decision of a user is re-evaluated based
on the captured face image of the current user and compare it to
the template of the genuine user. Accordingly, a trust-level value
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Fig. 10. Feature matching process.

‘‘TrustLogin‘‘ will be identified ranging from 0.0 (i.e., absolutely no Regarding the continuous authentication in CAB-IoT, the face
trust) to 1.0 (i.e., complete trust) to determine the geniuses of similarity score ‘‘SCface‘‘ transformed into some increment or
the current user, whenever it becomes below the pre-defined decrement to the ”TrustLogin” value during the active sessions.
threshold, the static obtrusive verification must be performed to There are rules used to determine the influence of a face similarity
continue accessing the system. Otherwise, the user will be locked score from a session on the login score. Table 1 defines the points
out from accessing the device. In more detail, the change of to which the function is fit. Table 2 defines the values of confidence
trust-level value ‘‘DTrustLogin” will be calculated continuously function parameters.
which is depends on the face similarity score ‘‘SCface” of the user The resulting fit function is used as ‘‘fmap”, which in this case
that is generated from the face recognition ML model at the fog uses values of face similarity score ‘‘SCface” as shown in Eqs. (4)
nodes layer. Thresholding the similarity score of the user for each and (5).
captured face image during the whole session will increase FAR 8  
< 0:4;
> FAR SC face  1%
and FRR, and subsequently removes a great deal of granularity of 0   
the applied authentication procedure. Accordingly, ‘‘fmap” and f map ¼ f SC face ; 1% < FAR SC face < 20% ð4Þ
>
:  
‘‘fdecrease” functions of the face similarity score will be used to 0:4; FAR SC face  20%
increment or decrement the ‘‘TrustLogin” value.
0 
f SC face ¼ 0:608SC 3face  0:853SC 2face þ 0:648SC face ð5Þ

Computing the Confidence Score ‘‘D TrustLogin”
‘‘fmap” and ‘‘fdecrease” along with the time of the previous session
As mentioned above, if the confidence in the user’s identity ‘‘tprev”, are used to determine the ‘‘TrustLogin” at time ‘‘tses” as
depends on just thresholding the face similarity score, it will result shown in equation
in a large number of false accepts and false rejects which is not pre- Z
  t ses
ferred for authentication. The confidence score should rather TrustLogin ðt ses Þ ¼ TrustLogin t prev þ f decrease dt þ f mapðSC face Þ ð6Þ
change over the time between sessions, where two major functions t prev

will be used to compute it namely: ‘‘fmap” and ‘‘fdecrease” (Crouse

et al., 2015).
Function ‘‘fdecrease‘‘ aims to control the system behavior if there
is no detected face image. In terms of security, the system is more
secure when there are several sessions with no detected face if the
device has not been used for a period of time than when the device
is in use even for a few minutes. This function is with one param-
eter ”TLogout‘‘, which specifies the time to log out the user if there is
no detected face image.
Moreover, function ‘‘fdecrease‘‘ dictates the slope of the
”TrustLogin” value at any given time ‘‘t” based on Eqs. (2) and (3).
The quadratic portion corresponds to a cubic decline in login con-
fidence. After the legitimate user confirmed his/her identity, the
confidence should decline slowly once there is no detected face
image and gets decline faster as more time passes. The slope of
‘‘fdecrease” function is bounded at 0.1 per minute to avoid overly
rapid loss of confidence. The slop of function ‘‘fdecrease” is plotted
in Fig. 11.
(
 t0:1
2 t 2 ; t < t switch
f decrease ðt Þ ¼ switch ð2Þ
0:1; t  tswitch
t switch ¼ 1:5  t logout  6 ð3Þ
As ‘‘tdelay” gets longer, it becomes more possible that ‘‘fdecrease”
will cause the ‘‘TrustLogin‘‘ score to dip below zero between ses-
sions. To prevent an imposter from accessing the device for a
longer time from that point to the next session, a future (i.e. at
the time ”tfut”) estimate of ‘‘TrustLogin” is calculated using ‘‘tdelay”
and ‘‘tsample” as shown in Eqs. (7) and (8).
Z
  t fut
TrustLogin t fut ¼ TrustLogin ðtses Þ þ f decrease
t ses
tfut ¼ tses þ t delay þ t sample ð8Þ
The score at ‘‘tfut” is compared with the login threshold
‘‘ThreshouldConfidence” which is adjusted from the legitimate user
template. If the trust value drops below the threshold, means there
is a large deviation between the current user and the legitimate
user, the system will be locked and require obtrusive verification
to unlock it. Otherwise, accessing the system will be continuing.
3.6. Interactions diagrams
Fig. 12 shows the interactive activities of the registration and
static authentication processes at the Blockchain layer. The defini-
tions of the used notations are presented in Table 3.

2505
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

active activities of this stage occur outside the Blockchain

network (e.g., off-chain interactions) aiming to increase data
throughput as well as reducing transactions latency.

Fig. 11. Illustration of function fdecrease (t) mapped for 10 min (Crouse et al., 2015).
a) Registration stage: each node in the proposed architecture
will have a unique EA and a key pair where the private key
is encrypted and stored locally while the public key is stored
in the Blockchain ledger. All the registered information will
be used to process the static and continuous authentication
stages.
First, the admin creates and deploys the smart contract, and
register other admins if required according to the business
requirements.
Then, the admin maps each device to a fog node through the
‘‘DeviceFogMapping” function and assigns end users to the device
that has access to it using the ‘‘UserDeviceMapping” function.
b) Static authentication stage: An access request to the smart
contract will be issued from the end-user using the
‘‘AccessRequest” function specifying the Ethereum address
of the IoT device and the Ethereum address of the fog node
in which the device belongs. Then, the smart contract will
check the access control list of the IoT devices for that partic-
ular user; a ‘‘Reject” message will be emitted to the user if
he/she is not authorized. Otherwise, an acceptance event
will be issued by the smart contract with access ‘‘TokenUser”.
By definition of the Blockchain, this event will be broadcast
to all fog nodes of the system. Upon receiving the acceptance
token, the user will move to the off-chain interaction phase.
As the throughput and transaction latency is the main short-
comings of Blockchain technology (Jakobs, 2018), the inter-
Table 1
Rules used to determine the influence of a face similarity
score on the login score (Crouse et al., 2015).
Values of SCface Changes of TrustLogin
SCface >= score at 1% FAR 1.0 – TLogout
SCface = score at 5% FAR 0.1  (tdelay + tsample)
SCface = score at 10% FAR 0 will be suspended and require the static authentication to
SCface <= score at 20% FAR -(1.0 – TLogout)
The user will send the ‘‘TokenUser”, the timestamp at which the
token is issued ‘‘T1‘‘, and a random number ‘‘RNUser” encrypted
using the public key of the fog node ‘‘EPK.Fog”.
Once the fog node receives the token, it first checks its fresh-
ness, whether the time between the current time at fog node
‘‘T2” and token issues time is less than the time interval ‘‘DT” that
has been fixed by the admin during the system initialization
(T2  T1 < DT). If not, then a ‘‘Reject” message will be emitted to
the user. If yes, the fog node will further check the received mes-
sage by comparing it ‘‘TokenUser|End User” with the one received
before from the Blockchain network ‘‘TokenUser | Blockchain” or else,
a ‘‘Reject” message will be emitted to the user.
If the token ‘‘TokenUser‘‘ is valid, the fog node authenticates the
end-user and proceeds as the following:
1. Decrypting the encrypted message ‘‘EPK.Fog (RNUser)” which is
sent from the user with the token, by using the private key of
the fog node ‘‘DPV.Fog” and extract the random number
‘‘RNUser*”.
2. Sending H (RNUser*, RNFog), EPK.User(RNFog) to the end-user for
authenticating itself.
o The end-user decrypts the received message ‘‘EPK.User
(RNFog)” using the private key ‘‘DPV.User” and extract the ran-
dom number ‘‘RNFog*”. Then, compares it with the first part
of the message. If matches, the user will reply to the fog
node with ‘‘RNFog”, or else, a ‘‘Reject” message will be sent
to the fog node.
o The fog node will verify it based on the verification result.
o Finally, the session key ‘‘H (RNUser, RNFog, UID, EAUser)” can
be used to secure the data exchanges between the end-user
and the IoT device.
c) continuous authentication stage: As shown in Fig. 13, if the
user successfully passes the static authentication, the
‘‘TrustLogin” value which represents the confidence in the
user’s identity will be initially set to 1.0 and he/she will be
monitored continuously. Each captured face image during
the session will be compared with the template of the gen-
uine user which can be updated when the authorized user
has been obtrusively verified to access the IoT device. In
the simplest form of Blockchain technology, it is a dis-
tributed ledger on which transactions are anonymously
recorded and information on its ledger serves as a tamper-
proof source. Accordingly, a pre-defined confidence thresh-
old ‘‘ThreshouldConfidence”, in this model 0.6 will be adjusted
from the genuine user template at the fog nodes layer and
recorded in the Blockchain ledger, if the ‘‘TrustLogin” value
drops below the threshold, means there is a large deviation
between the current user and the genuine user, the system
continue accessing the device. Otherwise, the device will
be locked.

4. Simulation and results analysis

Table 2
Confidence function param- 4.1. Ethereum platform settings
eters values (Hammi et al.,
2018).
To apply the Ethereum platform in the proposed solution, the
Parameter Value following configurations have been implemented to its
TLogout 10 min components:
TLogin 0.6 s
tsample 10 s Each node is associated with an EA to identify itself during the
tdelay 30 s
authentication process.
2506
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Fig. 12. Sequence diagram of registration and static authentication process.

The Ethereum client is run at all nodes in the architecture
except IoT devices, due to their limited resources. Each
enabled-Ethereum client node interacts directly with the Block-
chain network and sends transactions to run the smart con-
tract’s functions.
Each fog node behaves as an agent to its local IoT devices and
uses their addresses to execute the smart contract on behalf
of them, hence IoT devices do not have Ethereum clients.
Geth client which is a command-line interface implemented in
the Go language was installed in the MacBook Pro laptop com-
puter to transfer it into an Ethereum node. Besides, web3.js was
also installed to interact with the geth for sending access
2507
requests to the smart contract via transactions and also receiv-
ing the results (Githup, xxxx). This configuration was made
specifically to evaluate the energy consumption at the user’s
IoT device. The specifications of the device are listed in Table 4.
4.2. Performance analysis
The performance of the proposed solution will be divided into
the performance of the face recognition ML model and the perfor-
mance of the entire authentication procedure.
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Table 3 As shown in Table 5, conventional SVM classifiers with linear

The definition of the used notations.
kernel and RBF kernel have contributed high classification accura-
Notation Definition cies, which are between the range of 95.92% and 99.17%. On the
EADevice Ethereum address of the device. other hand, it performed poorly with polynomial kernel and sig-
EAFog Ethereum address of the fog node. moid kernel with accuracies of 25.00%. This proves the fact that
EAUser Ethereum address of the end-user. the kernel functions greatly affect the accuracy of the SVM.
TokenUser = (UID, EAUser, EADevice, PKUser, T1, DT).
EPK.Fog Encryption using the public key of the fog node.
Regarding the performance of the Euclidean-SVM enhanced
DPK.Fog Decryption using the private key of the fog node. classification approach, the results were ranging from 98.17% to
EPK.User Encryption using the public key of the end-user. 99.83%. Therefore, it is not affected by the implementation of ker-
DPV.User Decryption using the private key of the end-user. nel function and parameter C for achieving good classification
RNUser Random number established by the user.
accuracy. Accordingly, using the Euclidean approach has per-
RNUser* The extracted user’s random number.
RNFog Random number established by the fog node. formed well on face images as in text documents as proved in
RNFog* The extracted fog node’s random number. (Lee et al., 2012).
T1 Timestamp at which the token is issued. Moreover, for both applied classifier approaches, parameter C
T2 Current time at fog node. does not have a significant impact on their accuracies. As illus-
DT Time interval fixed by admin during system initialization.
TokenUser The user token is received from the user.
trated in Table 5, the variance of classification accuracies across
|

End-User
TokenUser | The user token received from the Blockchain.
Blockchain
H Keccad256 one-way hashing algorithm function which is
built within the Solidity language. It is the most efficient
function in Ether gas consumption.
UID User Identification = H (EAUser, EADevice, EAFog).
4.2.1. Face recognition model
To evaluate the results of the applied face recognition ML
model, the following key metrics have been generated
(Biometrics, 2017):

Accuracy: is the simplest metric that shows the correctness rate
of the classifier. Table 5 shows the accuracy results of the
applied classifiers under different parameters.
the tested values of parameter C is relatively low. Such a result
can be justified by considering that, the data points in the applied
dataset are effectively differentiated which subsequently decreases
the number of the non-separable data points (Lee et al., 2012).
As for testing accuracy, as shown in Table 5, with Euclidean-
SVM linear function the training results were not improved after
tuning the c parameter and the test score is still 99.97%, but we
can still try improving the training accuracy to ensure that it will
catch more test data if new data were introduced as the dataset
is really small and that may be a bit tricky. Accordingly, polynomial
kernel function was applied, and the training score increased com-
pared to a linear function, it improved from 98.75% to 99.83% and
the testing accuracy is 99.97%.
Table 6 presents a comparison between the proposed face
recognition model with related work results that have used the
same dataset and applied PCA for features extraction and SVM
algorithm for classification. The proposed model outperformed

Fig. 13. Sequence diagram of the continuous authentication process.

2508
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Table 4
Specifications of the used user’s IoT device.

Device Name CPU Operating System Memory Hard Disk

MacBook Pro Intel Core i5, 2 GHz macOS sierra 8 GB 256 GB

Table 5
Accuracy results of the face recognition model.

Classification Approach (Kernel) Value of Soft Margin Parameter C Variance of Accuracies

1 10 100 1000 10,000 100,000
SVM (Linear) 96.75% 96.33% 95.92% 95.92% 95.92% 95.92% 0.10012
SVM (Polynomial) 25.00% 25.00% 25.00% 25.00% 25.00% 25.00% 0
SVM (RBF) 99.17% 99.17% 99.17% 99.17% 99.17% 99.17% 0
SVM (Sigmoid) 25.00% 25.00% 25.00% 25.00% 25.00% 25.00% 0
Euclidean-SVM (Linear) 98.75% 98.33% 98.75% 98.17% 98.17% 98.17% 0.06800
Euclidean-SVM (Polynomial) 99.83% 98.33% 98.75% 98.75% 98.75% 98.75% 0.05018
Euclidean-SVM (RBF) 98.33% 98.33% 98.33% 98.33% 98.33% 98.33% 0
Euclidean-SVM (Sigmoid) 98.33% 98.33% 98.33% 98.33% 98.33% 98.33% 0

Table 6 dom imposters face images that were performed besides the
Accuracy comparison between the CAP-IoT face recognition model and the related face images of the genuine user. The time since they logged-in
work results.
until they were logged out was noted. The idle automatic logout
Reference Feature Extractor Classifier Accuracy time according to HIPPA suggestion was set to 10 min (Hippa,
Maw et al. (2019) PCA SVM 91.6% 2020). As shown in Fig. 15, in 97% of genuine user trails, the
Li et al. (2018) Gabor wavelet and SVM 97.00% genuine users kept up access to the device during the entire
PCA trail. Of the remaining trials, the genuine user retained device
Saraswathi and Sivakumari PCA 93.7%
access for at least 5 min.
(2015)
CAB-IoT PCA Euclidean- 99.97%
SVM As indicated in Fig. 16, the impostor had access to the device for
less than 1 min, and the rest had access for less than 1.5 min.
Comparing to the results showed in (Crouse et al., 2015) where
Table 7 this research applied their proposed method in computing the con-
Classification report. fidence score of thresholding face similarity score, this research
Accuracy Precision Recall F1-score results have shown significant reduction regarding imposters
access time. In Crouse et al. (2015), 89% of impostor’s trails had
99.97% 98% 97% 97%
access to the device for less than 1 min, and 11% had access for
more than 2 min which consequently gives them a greater chance
to perform malicious behaviour. Such improvement can be justi-
the others which differ between them by implementing the Eucli-
fied by considering that, unlike (Crouse et al., 2015), CAB-IoT elim-
dean distance function.
inates the need for a separate server for matching and perform all
face recognition ML related tasks in one place. Moreover, Fig. 17

Precision, recall, and f1-score: as shown in Table 7, the model
illustrates how the trust level changes during several sessions with
achieved 98% exactness which represents the performance of
test data of genuine and imposter users. It is clear that the trust
the model in minimizing the number of authorized users that
level dropped below the confidence threshold, which is 0.6 three
are classified as unauthorized, 97% completeness which repre-
times, then the trust value back to the upper limit to 1.0 and a
sents the performance of the model in minimizing the number
new session have been started. This means that an imposter would
of unauthorized users that are classified as authorized, and the
be detected once the trust value drops below the confidence
balance between the two is 97%.
threshold. To mitigate the chance of taking advantage of the sys-

ROC curve: Fig. 14 represents diagrammatically the perfor-
tem by the imposter, the trust level re-set to the upper limit to pre-
mance of classification models. As the AUC gets closely to 1.0,
vent the impostor from taking advantage of the trust that was
the more accurate the results. The AUC score of the model is
constructed up by the legitimate user.
99.54%.

Time evaluation: the average time required for deploying the
4.2.2. Authentication procedure
entire solution is less than one minute and that for executing
To measure the performance of the continuous authentication
the smart contract for static authentication is 0.42 s. Notice that
procedure, the following evaluations were conducted:
CAB-IoT is applied in a real-world private Ethereum which gives
exact time cost as it varies depending on various factors, like the

Confidence evaluation: assuming there are 40 subjects used
hash rate, network architecture, and computing power (Zhang
IoT devices equipped with the proposed solution hence the
et al., 2019).
dataset contains face images of 40 people. In genuine user trails,

Data throughput/overhead: Ethereum Blockchain system
the genuine user used the device for 15 min, while in imposter
depends on gas limit per block to measure data throughput in
trails the genuine user used the device for about a minute, then
its network, where gas is a measurement unit represents the
an imposter gained access to the device. For each session in gen-
required computational work to perform a transaction or a
uine user trails, the trials were performed with all 10 different
smart contract (Borgsten and Jiang, 2018). Setting gas limit
face images of the genuine user, while in imposters trails, ran-
per block aims to protect the Blockchain network’s nodes par-

2509
F. Hussain Al-Naji and R. Zagrouba
Fig. 14. ROC curve.
ticularly miners from losing energy in flawed transactions or
malicious attacks. As the average gas price is 21,000 gas, and
the applied limit is 4,712,400 gas/block, a block will contain
224 transactions. Taking into account that, private Ethereum’s
average block time is 14 s (Ozyilmaz and Yurdakul, 2019).
Therefore, the throughput of the proposed solution is 16 trans-
actions per second.

Resources consumption: the impact of the CAB-IoT solution on
the CPU and RAM usage of IoT devices have been explored by
conducting two experiments while considering scalability fea-
ture as the following:

Resources consumption while increasing the number of events
belonging to a genuine user.

Resources consumption while increasing the number of users.
In the first experiment, the number of events belonging to a
genuine user increased from 1 event to 10 events. As shown in
Fig. 18, RAM usage increased linearly and reached 1 MB. Such
behaviour can be justified by considering that as the number of
events increased, the needed data structure to store the template
of the user became wider. Therefore, memory consumptions repre-
sent a linear increasing trend. On the contrary, the results did not
show CPU-demanding, it remained constant at 2%. In the second
experiment, the number of users increased from 1 user to 40 users,
and one face image for each user. As depicted in Fig. 19, the RAM
consumption remained at 4 MB. On the other side, the CPU usage
increased exponentially and reached 16%, such behaviour can be
justified by considering that as the number of users increased,
the system requires more cycles to process the authentication
process.
The results of both experiments demonstrate the minimal ben-
efit of the resources and the applicability of the proposed solution
in smart environments, such as smart home or smart office. Such
results can be justified by considering that the fog nodes layer
has the power to provide high resource capabilities for IoT devices,
as well as scalability features to the proposed solution, and aug-
ment the heavy continuous authentication-related tasks of the
Fig. 15. Results of genuine users’ trails.
2510
Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514
Fig. 16. Results of imposters’ trails.
Blockchain. Comparing to the results showed in the literature
reviews with those studies that consider scalability criteria by
increasing the number of users as shown in Table 8, and another
comparison with those studies that evaluate the network overhead
of their proposed solution without scaling the number of users as
shown in Table 9. It is noted that CAB-IoT results were not affected
negatively on the resources consumption while using Blockchain
technology for the proposed solution and it showed minimal
resources consumption compared to the results of the related stud-
ies, except for energy consumption where CAB-IoT consumes 8%
from the battery during active continuous authentication whiten
15 min similarly to reference [1 5 6] but at the same time it is
within an acceptable range.
4.3. Security analysis

Confidentiality: integrating Blockchain in the proposed solu-
tion allows us to assign a unique EA to every participated node
with almost no collision which is a powerful feature of Block-
chain (Dannen, 2017), which relieves the use of the traditional
expensive PKI for key distribution. EA comes with asymmetric
public key pairs which makes it possible to ensure the confiden-
tiality and authentication of the message at the same time,
which can be subsequently used for session key exchange and
establishing secure SSL sessions.

Integrity and non-repudiation: the proposed authentication
process supports two-way authentication between the end-
user and the fog node to prove their legitimacy to each other,
where fog nodes use the tokens to authenticate a user while
the end-user verifies the fog node using randomly generated
unique numbers, this feature is the main contribution added
to similar work in reference (Almadhoun et al., 2019). Table 10
illustrates the main improvements of the CAB-IoT. It is noted
that fog nodes layer has been utilized in both solutions, but
CAB-IoT applied the distribution strategy instead of relying on
one coordinating node which subsequently overcomes a single
Fig. 17. Illustration of changing the trust level.
F. Hussain Al-Naji and R. Zagrouba
point of failure problem. Besides, CAB-IoT hosted a biometric
recognition model including the real-time use of ML for contin-
uous authentication purposes.

Availability: the proposed distributed solution utilizes Block-
chain technology to provide secure authentication and access
to IoT devices in a decentralized manner without an intermedi-
ary or a trusted third party. Therefore, it provides high trust and
availability and eliminates several issues including a single
point of failure and scalability.

Achieving these security requirements makes the proposed
solution secure against the following attacks:

MITM and replay attacks: the proposed architecture secured
against these attacks as the exchange messages within the
authentication processes are cryptographically signed using a
hash function algorithm and random numbers technique. In this
context, the so-called cryptographic hashing functions are fun-
damentally important, the nature of the Blockchain technology
relies heavily on cryptography to achieve data security (Bashir
and Blockchain, 2017). If an imposter tries to replicate the
access request of the legitimate user to the fog node ‘‘TokenUser;
T1, EPK.Fog [RNUser]” by replacing the user EA with imposter EA.
The fog node will reply with two sets of messages, one for the
legitimate user: ‘‘H (RNUser*, RNFog), EPK.User(RNFog)” and the
other for the imposter node ‘‘ H (RNUser*, RNFog from imposter),
Efrom imposter
PK.User (RNFog from imposter) ”. Then, the attacker blocks the
message meant for the end-user and sends ‘‘H (RNUser*, RNFog
from imposter
), Efrom imposter
PK.User (RNFog from imposter)” to the end-user.
Fig. 18. CPU-RAM usage of a user.
Fig. 19. CPU-RAM usage of multiple users.
Table 8
Comparison of resource consumption based on scalability criteria.
Reference Number of users CPU consumption
Nespoli et al. (2019) 30 13%
Centeno et al. (2018) – –
CAB-IoT 40 16%
2511
Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514
The user computes ‘‘RNFog from imposter and sends back ‘‘H
(RNFog from imposter)” to the fog node. The verification of ‘‘H
(RNFog from imposter)” will fail, which explains that an attacker
cannot launch a MITM attack in the proposed architecture.
Moreover, the timestamp values ensure that an imposter can
never forward an already sent message to impersonate the
legitimate user. Besides, a nonce value which is the UID in
the proposed solution prevent these attacks where even if the
attacker replaced the user EA with his/her EA and public key,
the attacker will not be able to correctly sign it and it will fail
at the verification stage at the fog node.

DoS and DDoS attacks: the distributed characteristic of the
Blockchain technology makes the proposed solution resilient
against DoS and DDoS attacks. More specifically, the Blockchain
enables IoT network to work in P2P, trustless, and with no need
for a centralized node to trust each other which subsequently
removes a single point of failure (Almadhoun et al., 2019).

Sybil attack: according to the principle of Blockchain, each reg-
istered node has a unique EA and one key pair (Khan and Salah,
2018), hence it is difficult for an attacker to create multiple fake
identities. Besides, Blockchain use raising the cost strategy for
creating a new identity which subsequently requires a signifi-
cant cost to add a large number of pseudonymous fake nodes
(Turesson et al., 2019).
5. Conclusion
We have proposed a blockchain-based continuous authentica-
tion solution for an IoT environment called CAB-IoT. The main find-
ings of the proposed solution are the following:

CAB-IoT presented an accurate face recognition ML model with
a 99.97% accuracy percentage. It found that the Euclidean-SVM
enhanced classification approach performed better than the
conventional classifier during classification and it showed low
effect by kernel function and parameter C.

It is computationally saved when the proposed solution applied
the PCA feature extraction technique on the face recognition ML
model. It makes the process faster by narrowing the bandwidth
communication channel to transfer a huge amount of data and
stored them on a reduced basis which subsequently decreased
the storage requirement.

By principle, IoT devices are power sensitive, the use of contin-
uous authentication and Blockchain technology will cause
resources drain, which seems to be a not practical way. The
fog nodes layer gets rid of the resources limitation problem by
handling the frequent communication with Blockchain instead
of them. Moreover, the proposed solution demonstrates a low
impact on the bandwidth where there is a limited overhead;
it reached 16 transactions per second.

The applied method in thresholding face similarity score
showed a great impact on the confidence level, 97% of genuine
users kept up access to the device during the entire trail and
the remaining kept up access for at least 5 min. Regarding
the imposter’s trails, the majority detected in less than
1 min, and only 4% of imposters had access for less than
1.5 min.
Memory consumption Static authentication time
8 MB 0.5 s
1 MB 1s
4 MB 0.42 s
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Table 9
Comparison of resource consumption.

Reference Network overhead

Energy consumption CPU consumption Memory consumption Authentication time
Banafa (2017) 5.4% – – 5s
Acar et al. (2018) – – – 20 s
Feng et al. (2017) 6.3% – – 1s
Lee and Lee (2017) 2.4% 35% 3 MB 5s
Mosenia et al. (2017) – – – 37 ms
Lin et al. (2017) – – – 4s
Fridman et al. (2017) – – – 1m
Shen et al. (2015) – – 5 MB 0.5 s
Sitova (2016) – – – 3.56 s
Temper et al. (2017) 8% – – –
CAB-IoT 8% 2% 1 MB 0.42 s

Table 10
Comparison of Blockchain-enabled fog nods solutions.

Reference Two-way authentication Continuous authentication Machine learning Fog nodes layer
p
Almadhoun et al. (2019) x x x (Single Coordinating Node)
p p p p
CAB-IoT (Distributed Strategy)

The proposed mutual authentication between the end-user and oratory, Cambridge, UK, AT&T Laboratories Cambridge, (www.cl.-
the fog node enables for session key exchange and establishing cam.ac.uk/research/dtg/attractive/face database.html).
a secure SSL session for secured communication.

Declaration of Competing Interest

5.1. Limitations
The authors declare that they have no known competing finan-
The limitations that were found in the proposed solution and cial interests or personal relationships that could have appeared
how such limitations can be overcome are the following: to influence the work reported in this paper.

As the level of security is the main challenge, CAB-IoT has lim-

itans in conducting extensive experiments to measure the
robustness of the proposed solution against various attacks.
We recommend performing threats modelling and report the
accuracy of the proposed solution against different adversarial
situations which include random, targeted, and engineered
attacks.

The concern of the CAB-IoT solution is to provide a real-time
continuous user-to-device authentication. As the solution
depends on the user’s face identity and although the imple-
mented private Ethereum network provides privacy, criminals
can use a variety of methods to manipulate users’ identities.
Therefore, we recommend providing a method to protect users’
identities and secure their private information.
5.2. Future work
In future work, we intend to extend our solution to give more
generalizations of the proposed solution. We are going to track
users’ faces using Arduino and Python and make the webcam fol-
low users’ faces, which means the solution is not customized to
the data that we used. Moreover, we intend to evaluate our solu-
tion in terms of multiple performances related measures, including
deployment issues on smartphone devices.
6. Data availability
The dataset that is used to support the findings of this study is
the AT&T Database of Faces provided by the Olivetti Research Lab-
References
Acar, A., Aksu, H., Uluagac, A.S., Akkaya, K., 2018. ‘‘WACA: Wearable-assisted
continuous authentication”, in. IEEE Security and Privacy Workshops (SPW)
2018, 264–269.
Aceto, G., Persico, V., Pescapé, A., 2020. Industry 4.0 and health: Internet of things,
big data, and cloud computing for healthcare 4.0. J. Ind. Inf. Integr. 18, 100129.
Agrawal, R. et al., 2018. Continuous security in IoT using Blockchain. In: in 2018 IEEE
International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp.
6423–6427.
A. Al Abdulwahid, N. Clarke, I. Stengel, S. Furnell, and C. Reich, ‘‘A survey of
continuous and transparent multibiometric authentication systems,” 2015..
Al Salami, S., Baek, J., Salah, K., Damiani, E., 2016. Lightweight Encryption for Smart
Home. In: in 2016 11th International Conference on Availability, Reliability and
Security (ARES), pp. 382–388. https://doi.org/10.1109/ARES.2016.40.
A. A. Alabi, A. A., Akanbi, L. A., & Ibrahim, ‘‘Performance Evaluation of the Eigenface
Algorithm on Plain-Feature Images in Comparison with Those of Distinct
Features,” Am. J. Signal Process., vol. 5, no. 2, pp. 32–39, 2015..
R. Almadhoun, M. Kadadha, M. Alhemeiri, M. Alshehhi, and K. Salah, ‘‘A User
Authentication Scheme of IoT Devices using Blockchain-Enabled Fog Nodes,”
2019, doi:10.1109/AICCSA.2018.8612856..
Anthony Heston, ETHEREUM: HOW TO SAFELY CREATE STABLE AND LONG-TERM
PASSIVE INCOME BY INVESTING IN ETHEREUM, First edit. 2019..
V. K. Arjun, V. M., MANZA, R. R., & Karbhari, ‘‘Human face recognition using superior
principal component analysis (SPCA),” Int. J. Comput. Theory Eng., vol. 2, no. 5,
p. 688, 2010..
Y. Ashibani, D. Kauling, and Q. Mahmoud, ‘‘Design and Implementation of a
Contextual-Based Continuous Authentication Framework for Smart Homes,”
Appl. Syst. Innov., 2019, doi: 10.3390/asi2010004..
AT&T Laboratories Cambridge, ‘‘The database of faces.” www.cl.cam.ac.uk/research/
dtg/attarchive/face database.html..
Banafa, A., 2017. Three Major Challenges Facing IoT. IEEE IoT Newsl..
I. Bashir, Mastering Blockchain. 2017..
Biometrics, P., 2017. ‘‘Understanding biometric performance evaluation. Teknik
Rapor”..
E. Borgsten and O. Jiang, ‘‘Authentication using Smart Contracts in a Blockchain.”
2018..

2512
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514
Bours, P., 2012. Continuous keystroke dynamics: A different perspective towards
biometric evaluation. Inf. Secur. Tech. Rep.. https://doi.org/10.1016/j.
istr.2012.02.001.
J. D. Brown, W. Pase, C. McKenzie, M. Salmanian, and H. Tang, ‘‘A prototype
implementation of continuous authentication for tactical applications,” 2017,
doi: 10.1007/978-3-319-51204-4_28..
Camara, C., Peris-Lopez, P., Gonzalez-Manzano, L., Tapiador, J., 2018. Real-time
electrocardiogram streams for continuous authentication. Appl. Soft Comput.
68, 784–794. https://doi.org/10.1016/j.asoc.2017.07.032.
M. P. Centeno, Y. Guan, and A. van Moorsel, ‘‘Mobile based continuous
authentication using deep features,” 2018, doi: 10.1145/3212725.3212732..
J. Chauhan, H. J. Asghar, A. Mahanti, and M. A. Kaafar, ‘‘Gesture-based continuous
authentication for wearable devices: The smart glasses use case,” 2016, doi:
10.1007/978-3-319-39555-5_35..
D. Crouse, H. Han, D. Chandra, B. Barbello, and A. K. Jain, ‘‘Continuous authentication
of mobile user: Fusion of face image and inertial Measurement Unit data,” 2015,
doi: 10.1109/ICB.2015.7139043..
Dadi, H.S., Mohan Pillutla, G.K., 2016. Improved face recognition rate using HOG
Features and SVM Classifier. IOSR J. Electron. Commun. Eng.. https://doi.org/
10.9790/2834-1104013444.
Dannen, C., 2017. Introducing Ethereum and Solidity..
Deutschmann, I., Nordstrom, P., Nilsson, L., 2013. Continuous Authentication Using
Behavioral Biometrics. IT Prof. 15 (4), 12–15. https://doi.org/10.1109/
MITP.2013.50.
El Kafhali, S., Salah, K., 2017. Stochastic modelling and analysis of cloud computing
data center. In: in 2017 20th Conference on Innovations in Clouds, Internet and
Networks (ICIN), pp. 122–126. https://doi.org/10.1109/ICIN.2017.7899401.
M. El-Hajj, A. Fadlallah, M. Chamoun, and A. Serhrouchni, ‘‘A survey of internet of
things (IoT) authentication schemes,” Sensors (Switzerland), 2019, doi:
10.3390/s19051141..
H. Feng, K. Fawaz, and K. G. Shin, ‘‘Continuous authentication for voice assistants,”
2017, doi: 10.1145/3117811.3117823..
N. Fotiou, I. Pittaras, V. A. Siris, S. Voulgaris, and G. C. Polyzos, ‘‘Secure IoT access at
scale using blockchains and smart contracts,” 2019, doi: 10.1109/
WoWMoM.2019.8793047..
Fridman, L., Weber, S., Greenstadt, R., Kam, M., 2017. Active authentication on
mobile devices via stylometry, application usage, web browsing, and GPS
Location. IEEE Syst. J.. https://doi.org/10.1109/JSYST.2015.2472579.
githup, ‘‘Geth Client for Building Private Blockchain Networks.”.
Gonzalez-Manzano, L., Fuentes, J.M.D., Ribagorda, A., 2019. Leveraging user-related
internet of things for continuous authentication: A Survey. ACM Comput. Surv.
52 (3), 1–38. https://doi.org/10.1145/3314023.
Hammi, M.T., Hammi, B., Bellot, P., Serhrouchni, A., 2018. Bubbles of Trust: A
decentralized blockchain-based authentication system for IoT. Comput.
Security 78, 126–142. https://doi.org/10.1016/j.cose.2018.06.004.
T. Hardjono and N. Smith, ‘‘Cloud-based commissioning of constrained devices
using permissioned blockchains,” 2016, doi: 10.1145/2899007.2899012..
Hippa, ‘‘Security Rule.” https://www.hhs.gov/hipaa/for-professionals/faq/security-
rule/index.html (accessed Feb. 01, 2020)..
S. Huh, S. Cho, and S. Kim, ‘‘Managing IoT devices using blockchain platform,” 2017,
doi: 10.23919/ICACT.2017.7890132..
Jaha, E.S., Ghouti, L., 2012. ‘‘Color face recognition using quaternion. PCA”. https://
doi.org/10.1049/ic.2011.0109.
Jakobs, K., 2018. Corporate and global standardization initiatives in contemporary
society. IGI Global.
Jolliffe, I.T., Cadima, J., 2016. Principal component analysis: A review and recent
developments. Phil. Trans. R. Soc. A. 374 (2065), 20150202. https://doi.org/
10.1098/rsta.2015.0202.
Karamizadeh, S., Abdullah, S.M., Manaf, A.A., Zamani, M., Hooman, A., 2013. An
overview of principal component analysis. JSIP 04 (03), 173–175. https://doi.
org/10.4236/jsip.2013.43B031.
Khalid, U., Asim, M., Baker, T., Hung, P.C.K., Tariq, M.A., Rafferty, L., 2020. A
decentralized lightweight blockchain-based authentication mechanism for IoT
systems. Cluster Comput 23 (3), 2067–2087. https://doi.org/10.1007/s10586-
020-03058-6.
Khan, M.A., Jamali, M.M., Maksymyuk, T., Gazda, J., 2020. A blockchain token-based
trading model for secondary spectrum markets in future generation mobile
networks. Wireless Commun. Mobile Comput. 2020, 1–12. https://doi.org/
10.1155/2020/7975393.
Khan, M.A., Salah, K., 2018. IoT security: Review, blockchain solutions, and open
challenges. Futur. Gener. Comput. Syst.. https://doi.org/10.1016/
j.future.2017.11.022.
La, Q.D., Ngo, M.V., Dinh, T.Q., Quek, T.Q.S., Shin, H., 2019. Enabling intelligence in
fog computing to achieve energy and latency reduction. Digital Commun.
Networks 5 (1), 3–9. https://doi.org/10.1016/j.dcan.2018.10.008.
Larmuseau, A., Shila, D.M., 2019. In: Blockchain for Distributed Systems Security.
Wiley, pp. 253–274. https://doi.org/10.1002/9781119519621.ch12.
Lee, W.H., Lee, R.B., 2017. ‘‘Implicit Smartphone User Authentication with Sensors
and. Contextual Machine Learning”. https://doi.org/10.1109/DSN.2017.24.
Lee, L.H., Wan, C.H., Rajkumar, R., Isa, D., 2012. An enhanced Support Vector
Machine classification framework by using Euclidean distance function for text
2513
document categorization. Appl. Intell.. https://doi.org/10.1007/s10489-011-
0314-z.
Li, M., Yu, X., Ryu, K.H., Lee, S., Theera-Umpon, N., 2018. Face recognition technology
development with Gabor, PCA and SVM methodology under illumination
normalization condition. Cluster Comput.. https://doi.org/10.1007/s10586-017-
0806-7.
F. Lin, C. Song, Y. Zhuang, W. Xu, C. Li, and K. Ren, ‘‘Cardiac scan: A non-contact and
continuous heart-based user authentication system,” 2017, doi: 10.1145/
3117811.3117839..
Lu, Y., 2018. Blockchain and the related issues: A review of current research topics. J.
Manage. Anal. 5 (4), 231–255. https://doi.org/10.1080/23270012.2018.1516523.
Matsuyama, Y., Shozawa, M., Yokote, R., 2015. Brain signal‫׳‬s low-frequency fits the
continuous authentication. Neurocomputing 164, 137–143. https://doi.org/
10.1016/j.neucom.2014.08.084.
Maw, H.M., Thu, S.M., Mon, M.T., 2019. ‘‘Face Recognition based on Illumination
Invariant Techniques Model”, in. Int. Conf. Adv. Inf. Technol. (ICAIT) 2019, 120–
125.
Meenakshi, M., 2013. Real-time facial recognition system – design, implementation
and validation. J. Signal Process. Theory Appl.. https://doi.org/10.7726/
jspta.2013.1001.
S. Mondal and P. Bours, ‘‘Continuous Authentication in a real world settings,” 2015,
doi: 10.1109/ICAPR.2015.7050673..
Mosenia, A., Sur-Kolay, S., Raghunathan, A., Jha, N.K., 2017. CABA: Continuous
Authentication Based on BioAura. IEEE Trans. Comput. 66 (5), 759–772. https://
doi.org/10.1109/TC.2016.2622262.
Mukherjee, T., 2017. An Approach to Software Development for Continuous
Authentication of Smart Wearable Device Users. Arizona State University.
P. Nespoli, M. Zago, A. H. Celdrán, M. G. Pérez, F. G. Mármol, and F. J. G. Clemente,
‘‘PALOT: Profiling and authenticating users leveraging internet of things,”
Sensors (Switzerland), 2019, doi: 10.3390/s19122832..
K. Niinuma and A. K. Jain, ‘‘Continuous user authentication using temporal
information,” 2010, doi: 10.1117/12.847886..
Nikouei, S.Y., Xu, R., Nagothu, D., Chen, Y., Aved, A., Blasch, E., 2019. ‘‘Real-Time
Index Authentication for Event-Oriented Surveillance Video Query using.
Blockchain”. https://doi.org/10.1109/ISC2.2018.8656668.
Ozyilmaz, K.R., Yurdakul, A., 2019. Designing a Blockchain-Based IoT With
Ethereum, Swarm, and LoRa: The software solution to create high availability
with minimal security risks. IEEE Consumer Electron. Mag. 8 (2), 28–34. https://
doi.org/10.1109/MCE.2018.2880806.
D. T. Phan, N. N. T. Dam, M. P. Nguyen, M. T. Tran, and T. T. Truong, ‘‘Smart kiosk
with gait-based continuous authentication,” 2015, doi: 10.1007/978-3-319-
20804-6_18..
P. J. Phillips, ‘‘Support vector machines applied to face recognition,” 1999..
Salah, K., 2013. ‘‘A Queueing Model to Achieve Proper Elasticity for Cloud Cluster
Jobs”, in. IEEE Sixth Int. Conf. Cloud Comput. 2013, 755–761. https://doi.org/
10.1109/CLOUD.2013.20.
Salah, K., Nizamuddin, N., Jayaraman, R., Omar, M., 2019. Blockchain-based soybean
traceability in agricultural supply chain. IEEE Access 7, 73295–73305. https://
doi.org/10.1109/ACCESS.2019.2918000.
Saraswathi, M., Sivakumari, D.S., 2015. ‘‘Evaluation of PCA and LDA techniques for
Face recognition using ORL face database”, IJCSIT). Int. J. Comput. Sci. Inf.
Technol. 1, 810–813p.
H. Shafagh, L. Burkhalter, A. Hithnawi, and S. Duquennoy, ‘‘Towards blockchain-
based auditable storage and sharing of iot data,” 2017, doi: 10.1145/
3140649.3140656..
C. Shen, Y. Zhang, Z. Cai, T. Yu, and X. Guan, ‘‘Touch-interaction behavior for
continuous user authentication on smartphones,” 2015, doi: 10.1109/
ICB.2015.7139046..
Sitova, Z. et al., 2016. HMOG: New behavioral biometric features for continuous
authentication of smartphone users. IEEE Trans. Inf. Forensics Secur.. https://
doi.org/10.1109/TIFS.2015.2506542.
Sundararajan, A., Sarwat, A.I., Pons, A., 2019. A survey on modality characteristics,
performance evaluation metrics, and security for traditional and wearable
biometric systems. ACM Comput. Surv. 52 (2), 1–36. https://doi.org/10.1145/
3309550.
Suthaharan, S., 2016. Machine learning models and algorithms for big data
classification. Integr. Ser. Inf. Syst 36, 1–12.
Temper, M., Tjoa, S., Kaiser, M., 2017. ‘‘Touch to Authenticate -. Continuous
Biometric Authentication on Mobile Devices”. https://doi.org/10.1109/
ICSSA.2015.016.
H. Turesson, A. Roatis, M. Laskowski, and H. Kim, ‘‘Privacy-preserving blockchain
mining: Sybil-resistance by proof-of-useful-work,” arXiv Prepr.
arXiv1907.08744, 2019..
T. Van Hamme, D. Preuveneers, and W. Joosen, ‘‘Improving resilience of
behaviometric based continuous authentication with multiple
accelerometers,” 2017, doi: 10.1007/978-3-319-61176-1_26..
Viriyasitavat, W., Xu, L.D., Bi, Z., Hoonsopon, D., 2019. Blockchain technology for
applications in internet of things – Mapping from system design perspective.
IEEE Int. Things J. 6 (5), 8155–8168. https://doi.org/10.1109/JIOT.2019.2925825.
Wu, L., Du, X., Wang, W., Lin, B., 2018. ‘‘An Out-of-band Authentication Scheme for
Internet of. Things Using Blockchain Technology”. https://doi.org/10.1109/
ICCNC.2018.8390280.
F. Hussain Al-Naji and R. Zagrouba Journal of King Saud University – Computer and Information Sciences 34 (2022) 2497–2514

Xia, X.-L., Xu, C., Nan, B., Long, L., Li, Y., Li, X., Dai, Y., Yang, H., 2017. Facial expression
recognition based on tensorflow platform. ITM Web Conf. 12, 01005. https://
doi.org/10.1051/itmconf/20171201005.
Xu, Q., Aung, K.M.M., Zhu, Y., Yong, K.L., 2018. ‘‘A blockchain-based storage system
for data analytics in the internet of things”, in Studies. Comput. Intell..
Xu, L.D., Viriyasitavat, W., 2019. Application of blockchain in collaborative internet-
of-things services. IEEE Trans. Comput. Soc. Syst. 6 (6), 1295–1305. https://doi.
org/10.1109/TCSS.2019.2913165.
Xu, L.D., He, W.u., Li, S., 2014. Internet of Things in Industries: A Survey. IEEE Trans.
Ind. Inf. 10 (4), 2233–2243. https://doi.org/10.1109/TII.2014.2300753.
Zhang, C., Chen, Y., 2020. A review of research relevant to the emerging industry
trends: Industry 4.0, IoT, blockchain, and business analytics. J. Ind. Intg. Mgmt.
05 (01), 165–180. https://doi.org/10.1142/S2424862219500192.
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J., 2019. Smart contract-based access
control for the internet of things. IEEE Int. Things J. 6 (2), 1594–1605. https://
doi.org/10.1109/JIOT.2018.2847705.
Zhang, Y., Xiao, X., Yang, L.-X., Xiang, Y., Zhong, S., 2020. Secure and efficient
outsourcing of PCA-based face recognition. IEEE Trans. Inform. Forensic Secur.
15, 1683–1695. https://doi.org/10.1109/TIFS.2019.2947872.

2514