1 Introduction

Digital Identity [24, 29] is digital representation of information about a person, group, or organization which include photos, bank account information, and physical identifiers [28]. Many organizations and governments have raised the alarm about identity theft and fraud. Biometric Authentication Systems (BASs) are using unique biometric features such as fingerprints, facial recognition, hand geometry, palm print, iris, signature, gait, and voice patterns to identify individuals. It has become popular due to their simplified enrolment. An administration module manages user biometric data (templates), and the authentication module analyses freshly individual trait against enrolled templates. The unique and complex nature of biometric data may result in several security concerns [9, 27]. In classical BASs, biometric data is maintained by central administration module, which questions the security. A centralized server should be “honest yet inquisitive”. But the centralized server may be hacked, which leads to an incorrect result.

Deep Learning (DL) has become a successful recipe for biometric authentication because it can extract features and learn from complex data, such as images and videos. So allows deep learning models to be used to identify individuals based on their unique biometric features such as fingerprints, facial recognition, hand geometry, palm print, iris, signature, gait, and voice patterns [1]. Deep learning is more accurate, scalable, and robust than traditional biometric authentication methods due to its ability to recognize even subtle differences in biometric features, robustness to noise and variations in biometric data, and scalability to handle larger biometric datasets. Due to its popularity, it is used in mobile devices, access control systems, and online banking [3]. On other hand, deep learning models can be vulnerable to attack, thrift and alteration which means that they can be tricked into misidentifying individuals [31]. Cyberattacks on a variety of services have become increasingly common, including Facebook, LinkedIn, Yahoo, and Zoom [30]. Recent research focused on enhancing the safety of biometric templates and reduce attacks [17, 22].

Blockchain technology is a distributed ledger, allows untrustworthy nodes to provide trustworthy and irreversible services [4, 13]. Since there is no central authority, distributed ledgers were employed to retain an immutable chronological record of all transactions. Blockchain technology was popularized by Bitcoin [18]. Blockchain might provide safe, efficient, and transparent information transmission to secure authentication, anonymity, and permanence [6] in digital identity, banking, healthcare, voting, real estate, social media and Internet of Things (IoT). A Blockchain network can be classified as: (1) public, (2) consortium, and (3) private. Public Blockchain are permissionless, economic incentives for anonymous and universal access. In contrast, consortium Blockchain are permissioned, semi-decentralized. Lastly, private Blockchain for small, trustworthy organizations. Biometrics integration is simpler with private Blockchain applications. To unlock the full potential of Blockchain-biometric synergy in public, consortium, and private Blockchain, we need to conduct further research and develop innovative security architectures [15, 26]. Smart contracts were originally coined by Nick Szabo [6] in 1996, long before the advent of Bitcoin and Blockchain. A smart contract is a piece of code that run in a safe setting to regulate digital assets [15]. Although smart contract execution is possible on a variety of public Blockchain. Ethereum smart contracts turn Blockchain into a reliable computing platform. The Blockchain network employs gas as a monetary unit to enable the execution of smart contracts. The expenditure of resources by a smart contract result in a gas expense that necessitates user responsibility. Therefore, programmers construct decentralized applications (DApps) using Solidity language.

The implementation of Blockchain technology has the potential to mitigate certain limitations associated with conventional biometric authentication methods. The technology of Blockchain has the potential to store biometric data securely and immutably. Furthermore, Blockchain technology has the potential to facilitate the development of DApps that operate without the need for a central governing entity. This implies that DApps have the potential to facilitate the creation of biometric authentication mechanisms that are impervious to security breaches. Blockchain can enhance biometric authentication in a number of ways, including security, transparency, scalability and decentralization [23, 25].

Therefore, the objective of this study is to present a decentralized biometric authentication system that employs Blockchain technology. The system employs various data types, including Ethereum address, username, and data derived from a facial biometric for the purpose of user registration and authentication. Blockchain technology incorporates several key features, including peer-to-peer communication, cryptography, consensus mechanism, and the utilization of smart contracts. These characteristics enable the technology to effectively address authentication concerns through the use of a decentralized database and communication between nodes. The system under consideration attains enrolment and authentication phases in the absence of a centralized governing body. The main contributions can be summarized as follows:

  • The present study suggests the implementation of a decentralized and secure user authentication system that leverages Blockchain technology, smart contract, and secure ledger.

  • The system is capable of processing authentication requests through the utilization of the Ethereum address, and biometric facial data obtained from a sensor, specifically a camera.

  • It is imperative for the system to ensure that user’s data obtained from a biometric reader is non-transferable.

  • The scalability of the system enables it to expand and accommodate numerous Internet of Things (IoT) devices.

  • The proposed system might incorporate diverse authentication techniques and data formats for user enrolment and authentication, thereby presenting an advancement in contrast to current methods.

This paper is organized as follows: The second section briefly outlines the related work. The proposed face biometric authentication in the Blockchain setting is presented in Sect. 3. Section 4 introduced experimental data evaluation for the proposed approach. Section 5 presents the conclusions.

2 Related work

The limitations and vulnerabilities of biometric user identification open the door to benefits from recent technologies such as Blockchain and deep learning. Recently, several efforts had introduced deep learning and Blockchain to identity authentication problems. In this section, we discuss the current research in deep learning architecture for biometric authentication and then present the recent work related to Blockchain.

2.1 Biometric authentication

User authentication is a major digital challenge. Tokens, passwords, and personal identifications (PINs) are becoming outdated as they may be lost, stolen, forgotten, guessed, or compromised. In 2020, 80% of security breaches were due to weak and stolen passwords, according to the World Economic Forum [1, 22]. In recent years, biometric authentication has been a focus of research. It identifies and authenticates individuals using unique behavioural and biological traits such as face, fingerprints, hand geometry, iris, voice, palm, DNA, etc. Biometrics are unique to individuals and nearly impossible to copy or fake [25], which gives higher accuracy and prevents unauthorized access [3, 24]. A BAS [24] is composed of three main modules as illustrated in Fig. 1 (1). The biometric trait is collected by the sensor, (2) the trait is processed by the feature extractor to create biometric template, (3) the matcher module is used to identify the similarities between the input biometric trait, and the enrolled templates. Despite the boost in performance in recent years, the BASs may be vulnerable to a variety of security risks, such as the thrift or manipulation of registered templates [15, 25] due to immutability and management of biometric templates within a centralized database or module. The revelation of biometric data may give rise to diverse security risks, including the potential for stolen biometric data to be reused. Encryption, transformation, and dissemination of biometric templates have been the primary focus of previous research.

Fig. 1
figure 1

Biometric system modules

Full size image

Deep neural network (DNN) helps facial authentication systems achieve tremendous progress. Transfer learning was used to train different deep convolutional neural network models for facial recognition. DeepFace [29], a pioneering work in face recognition, was based on the AlexNet convolutional neural network architecture. VGGFace [19] and FaceNet [7] use the Visual Geometry Group network (VGGNet) and GoogleNet convolutional neural networks as backbones, respectively. The utilization of triple loss function enables both models to outperform DeepFace. Later in 2017, SphereFace [16] used Residual Networks (ResNet) as backbone to future boost the performance. The large backbone networks are well known for their high computational needs, but embedded devices had trouble fitting these networks. MobileNet and SqueezeNet are compact convolutional neural network designs that are well-suited for devices with limited capabilities [8, 34]. In recent years, significant advancements have been made in BAS through the utilization of deep learning models. Despite these advancements, there remain several challenges that must be addressed in the coming years. Although some of the current biometric recognition system achieve accuracy rates of over 99%, some fundamental challenges such as matching faces/biometrics across ages, different poses, partial-data, different sensor types remain challenging. In real scenarios, datasets tend to be larger in size. Therefore, biometrics dataset which contains a much larger number of classes (10–100 M), as well as a lot more intra-class variations, would be another big step towards supporting all conditions. In real situations, the collected dataset is small size and the goal is to train powerful discriminative mode using very few samples for each individual or identity (zero/one shot in extreme case) [14]. In many applications, accuracy is most important, but a near real-time biometric identification model is also important. This could help on-device solutions like smartphone and tablet authentication. Some deep biometrics identification models are slow, therefore building near-real-time, accurate models would be useful. Knowledge distillation and model quantization may be considered. Many approaches were introduced to protect biometric templates. In [5], the authors proposed a novel approach to protect biometric templates from attack, even by quantum computers. The proposed scheme uses Learning Parity with Noise (LPN), which are a type of cryptographic that is resistant to quantum attacks. The proposed scheme works by first converting the biometric template into a binary string and then splitting the string into smaller blocks. Each block is then committed to using an LPN commitment scheme. The LPN commitments are then stored in a database. To authenticate a user, the system compares the user’s biometric template to the LPN commitments stored in the database. If the template matches any of the commitments, the user is authenticated. Otherwise, the user is not authenticated. The proposed scheme has several advantages over traditional biometric template protection schemes. It is resistant to quantum attacks, it is efficient and can be implemented using existing cryptography libraries, and it is secure and can protect biometric templates from a variety of attacks. Overall, the proposed scheme is a promising approach to post-quantum biometric template protection. In [2], a new post-quantum fuzzy commitment scheme for biometric template protection was proposed. This scheme is resistant to attack by quantum computers, even when the biometric templates are noisy and imprecise. The scheme works by first converting the biometric template into a binary string and then splitting the string into smaller blocks. Each block is then committed to using an LPN fuzzy commitment scheme. The LPN fuzzy commitments are then stored in a database. To authenticate a user, the system compares the user’s biometric template to the LPN fuzzy commitments stored in the database. If the template matches any of the commitments within a certain error threshold, the user is authenticated. Otherwise, the user is not authenticated. The proposed scheme was evaluated using a variety of biometric templates, including fingerprints, faceprints, and iris scans. The results showed that the proposed scheme was able to accurately authenticate users, even when the biometric templates were noisy and imprecise. Overall, the proposed scheme is a promising approach to post-quantum biometric template protection.

2.2 Blockchain using biometric authentication

Blockchain is a revolutionary and promising technology that records information in a way that makes it difficult or impossible to change, hack, or cheat. The exceptional security features of Blockchain have transformed various financial services and digital payments. Additionally, its distinct attributes, including decentralization, immutability, auditability, fault tolerance, and availability, have been instrumental in garnering increased public attention [11]. The decentralized and readily accessible nature of Blockchain technology makes it a viable solution for addressing security concerns that arise from the storage of biometric data. This is particularly relevant in cases where biometric data of the same individual is stored across multiple independent applications. Specifically, with regards to biometric authentication. On the other hand, Blockchain-based identity management (IDM) is essential for data protection. Blockchain-based identity management overcomes conventional IDM’s defects such as security and scalability. Blockchain includes three crucial concepts: nodes, miners, and Blocks [21]. Blockchain simplifies life by altering the manner of personal data is kept are made available. As long as the governments and the other third parties are dealing with the problem, the users continue to be exposed. Personal IDM takes rising productivity and security. Blockchain gets rid of the third party by exchanging data between two nodes. Blockchain technology [10] can improve biometric systems by incorporating immutability, accountability, and availability.

  • A Blockchain provides the immutability of its registers, which a biometric system might employ to save templates securely.

  • A Blockchain enhances the auditability and accountability for data stored, which can prove to a third party that biometric patterns have not been altered.

In [21], the authors addressed a biometrics-based secure authentication system. User authentications rely on a modified approach based on discrete cosine transform (DCT) feature transformation and Lagrange’s interpolation. The proposed method supplies secure authentication with high degree of accuracy, a constant-size database, and multi-biometric protection. The proposed system achieved an average of 95.42% and 4.57% for Genuine Acceptance Rate (GAR) and False Rejection Rate metric (FRR), respectively. In [12], Blockchain-based hybrid image encryption technique was proposed for IoT setting. The proposed technique creates a private Blockchain with smart contracts for seamless data exchange, automation, data monetization, which enhanced privacy and identity security, for IoT medical networks to increase data offloading safety. The Blockchain system uses a bi-scroller chaotic encryption algorithm to encode medical imagery. The proposed technique achieved an average of 34%. 99.65% in terms of Unified Averaged Changed Intensity (UACI) and Number of Pixel Change Rate (NPCR), respectively.

3 Proposed method

The proposed system for biometric-based face recognition employs a private Blockchain platform that incorporates smart contracts. The system is designed to verify user identity using face recognition, with the aim of ensuring data security and protecting user privacy, as depicted in Fig. 2 The components of the proposed system consist of a client device (CD) in the form of a smart phone, a trusted Agency (TA), a cloud server (CS), and a Blockchain (BC) platform that is equipped with a smart contract. The proposed system comprises of two distinct stages: (1) The enrolment (training) phase, and (2) The authentication (testing) phase. During the training phase, the employed face recognition system generates a database by capturing individual face images. During the testing phase, the system identifies individuals by comparing the similarity scores of facial features obtained from facial images submitted as test queries. The face recognition approach that has been adopted consists of the following steps.

3.1 Acquisition of biometrics data

The initial step of the proposed recognition system involves the acquisition of data. The database system necessitates the inclusion of a unique identifier (UID) for each user. During the process of data acquisition, a Client Device (CD) utilizes sensors such as a camera to capture face images of individual users. The process of image capturing is followed by face detection, wherein Viola-Jones algorithms face detection algorithm is employed to identify and isolate the facial region.

3.2 Face pre-processing and normalization

The pre-processing and normalization are essential step in the context of feature extraction and matching of facial images. We employed Contrast Limited Adaptive Histogram Equalization (CLAHE) technique to reduce noise to within the acquired facial images in order identifying distinctive features. The facial image is subjected to cropping and resizing, resulting in a final representation of the facial region with dimensions of 244 × 244 pixels × 3 channels.

3.3 Biometric feature extraction

Next, Client Device (CD) proceeds to transmit facial images to the Trusted Agency (TA). Trusted Agency is tasked with the generation of embedding for face images using the FaceNet [7] network due to its ability to overcome problems, like age, handling variations in pose, expression, illumination, and heterogeneous face matching. To overcome the influence of poses, illuminations, occlusions, different augmentation techniques had been. The overall structure of the FaceNet network, depicted in Fig. 3, is designed to optimize the squared L2 distances between the two embedding vectors.

This optimization is achieved through the utilization of the triplet loss function defined in Eq. (1)

$$L = \sum\limits_{{i = 1}}^{N} {\left[ {\left\| {{\text{f}}(x_{i}^{a} ) - {\text{f}}(x_{i}^{p} )\left\| {_{2}^{2} } \right. - } \right\|{\text{f}}(x_{i}^{a} ) - {\text{f}}(x_{i}^{n} )\left\| {_{2}^{2} + \alpha } \right.} \right]}$$
(1)

where \({\text{f}}\left( {x_{i}^{a} } \right)\) indicates the anchor input image, \({\text{f}}\left( {x_{i}^{p} } \right)\) indicates the positive input image, which corresponds to the same person as the anchor image. The \({\text{f}}\left( {x_{i}^{n} } \right)\) corresponds to the negative input image, i represents to the i’th input. The subscript a denotes an anchor image, p is a positive image, n is a negative image as depicted in Fig. 4, and \(\alpha\) refers to the bias. The goal is to minimize Eq. (1) by minimizing the first term and maximizing the second term, and \(\alpha\) bias acts as a threshold. The triplet loss function allows for embedding vectors with the same identity to have a lower distance, indicating similarity, while vectors representing different identities have a larger distance, indicating dissimilarity. During the testing phase, the FaceNet network utilizes these optimized embedding vectors to extract facial features. The network adopted in this study is designed to extract a face embedding of size 2048-D face embedding from a given face image. FaceNet is derived on the Inception model, which is itself based on the GoogleNet architecture.

Fig. 2
figure 2

The proposed biometric identity recognition system via blockchain platform

Full size image
Fig. 3
figure 3

FaceNet architecture: an input layer, deep convolutional neural network, L2 feature normalization give the face embedding, and training phase using triplet loss function

Full size image
Fig. 4
figure 4

Training FaceNet with triplet loss function for face recognition

Full size image

3.4 Face vector and UID fusion

Additionally, the Trusted Agency uses a single layer autoencoder to combine the face embedding and UID to create the final template \({X}_{i}\), which is sent back to the client device. Then, the Rivest-Shamir-Adleman (RSA) algorithm, is used by the client device encrypts the final fused template \({X}_{i}\) to produce the encrypted template \(\varepsilon (X_{i} )\) then sent to the cloud server to be stored in the Blockchain.

3.5 The blockchain computation and matching process

Finally, the identification of individual users is achieved through the utilization of similarity matching techniques. The query face template fused by user identifier (UID) is compared to face templets saved on the Blockchain server using smart contracts to facilitate efficient processing. Within the realm of Blockchain technology, the procedure entails the calculation of the hash value for the encrypted facial template, symbolized as \(\varepsilon (X_{y} )\), which yields the outcome marked as \({\text{H}}(\varepsilon (X_{y} ))\). The smart contract Matcher illustrated in Fig. 5 is employed by the Blockchain to obtain \(\varepsilon (X_{i} )\) from the cloud server that bears the same identity label.

Fig. 5
figure 5

The blockchain computation and matching flowchart

Full size image

The Blockchain computes the hash value \({H}_{x}\) for the retrieved \(\varepsilon ({\text{Xi}})\) and then compares \({H}_{y}\) with \({H}_{x}\). The Blockchain algorithm computes the distance \(\varepsilon ({\text{d}})\) to determine if the hash value matches, indicating successful recognition of the individual. Subsequently, the system transmits \(\varepsilon ({\text{d}})\) to the trusted Agency. In the event of such an occurrence, a message indicating an integrity failure will be transmitted to the user. The enrolment and authentication phases are illustrated in Algorithm 1 and Algorithm 2, respectively.

figure e

4 Experimental results and discussion

This section describes the test setup, database, parameters validation, and results for the proposed approach. The proposed system was tested on two widely popular datasets: CelebFaces Attributes (CelebA) and large-scale face UTKFace. A selected samples from CelebA and UTKFace as shown in Fig. 6. The test environment runs on Windows 10 Pro with Python 3.5.2. In a private Ethereum Blockchain, the smart contract is written in Solidity Language, as shown in Fig. 7. We utilized Remix IDE to create and communicate with smart contract. The experiments were run on a machine with Intel Core i7 CPU with 2.60GHz and 16 GB RAM. Truffle is used to access the Ethereum virtual network and is linked to a private Blockchain known as ganache. The connection between the host computer’s local IP address (//127.0.0.1) and TCP port 8545 has been established. The contracts may be used immediately upon compilation using the ‘truffle compile’ command. The truffle’s setup was verified, and the contracts were deployed using the ‘truffle migrate’ command. The instance may be put through its paces by using the ‘truffle test’ command, which shows the smart contract’s events and operations as they unfold during testing. For all datasets, we chose 20 identities at random and 50 photos for each one, with a total of 1000 images. We consider 40 images per person in order to be used to generate the templates. Then, the rest 10 of images were used for identity authentication, with the total of 200 images for test set.

Fig. 6
figure 6

Selected samples of a CelebFaces attributes (CelebA) and b large-scale faces UTKFace dataset

Full size image
Fig. 7
figure 7

Implementation of matcher smart contract in blockchain platform using solidity programming language

Full size image

First, Tests were conducted of 20 users show that on average, 98% of users have been correctly identified. 65% identification is successful for at the first attempt, 22% at the second, 8% at the third, and 3% at the fourth as shown in Table 1.

Table 1 Percentage of 20 users identity check using the proposed method
Full size table

As shown in Table 2, independent assessments pertain to the identity check conducted on 10 biometric samples for each individual. The many tries test examines the distribution of users who have successfully completed the identity check by providing one or more biometric instances. This analysis takes into account the Equal Error Rate (EER) % for two datasets, each consisting of 20 users. The majority of users may be accurately recognized within the initial two attempts, with a success rate of up to 87%. The quantity of tries required to ascertain the identity of the user is significantly impacted by the template photographs provided by the user. The presence of heterogeneity in the dataset photos results in noticeable variations among multiple shots of individuals. Given that hats and sunglasses are among the primary factors contributing to the three attempts requirement, it can be asserted with a reasonable degree of certainty that, in practical scenarios, their inclusion will yield results comparable to those achieved through experimental trials.

Table 2 EER (%) regarding CelebA and UTFace dataset
Full size table

Next, Fig. 8 illustrates the EER (Equal Error Rate) results corresponding to various sizes of fused templates, which consist of both facial images and UID (Unique Identifier) data. The X-axis is representing the databases, while the Y-axis is employed to show the EER percent. In our experiment, it was determined that to achieve optimal accuracy, the fused code vector must be partitioned into blocks of size 16 bits, and 4-bits for the CelebA and UTKFace databases, respectively. The results show that the EER decreases as the block size increases. This is because a larger block size allows the face recognition system to learn more about the individual faces, which makes it more difficult to misidentify them. On the CelebA dataset, the EER decreases from 0.321 to 0.13% as the block size increases from 1 to 16. On the UTKFace dataset, the EER decreases from 0.13 to 0.0015% as the block size increases from 1 to 16 bit.

Fig. 8
figure 8

The obtained equal error rate (EER) values across different sizes of face template code

Full size image

Next, experiments regarding the running time of the authentication. Table 3, show that the user authentication phases, i.e., the stage in which the biometric template is constructed, computation of hash, computing the distance between different user biometric traits. The distance computing is considered to be the most time-consuming step in the proposed approach as it done on Blockchain. Overall, the Table 3 shows that the operation time for the face recognition process varies depending on the dataset. The larger the dataset, the longer the operation time will be. On the CelebA dataset, the smart contract deployment time is 673.389 ms, the computation of hash and store it time is 877,741 ms, the verification of hash time is 797,410 ms, and the distance computation time is 2,751,053 ms. On the UTKFace dataset, the smart contract deployment time is 673.593 ms, the computation of hash and store it time is 1,753.485 ms, the verification of hash time is 1,673,154 ms, and the distance computation time is 5,885,037 ms.

Table 3 Smart contract computation time in terms of mile-second
Full size table

Finally, Table 4 shows a comparison of the Equal Error Rate (EER) for the proposed method and different face recognition methods as Visual Geometry Group network VGGface, CosFace loss function, and adaptive and hyper-parameter P2SGrad Deep Face Model on our two datasets: CelebA and UTKFace. The proposed method achieves the lowest EER on both datasets, followed by VGGface [20], Cos Face [32], and P2SGrad [33]. This suggests that the proposed method is the most effective face recognition method on these two datasets. On the CelebA dataset, the proposed method achieves an EER of 0.341, which is significantly lower than the other methods. The second-best method is P2SGrad, with an EER of 0.482. On the UTKFace dataset, the proposed method achieves an EER of 0.31, which is again significantly lower than the other methods. The second-best method is P2SGrad, with an EER of 0.4193. Overall, the results of the table suggest that the proposed method is a very effective face recognition method. It achieves the lowest EER on both the CelebA and UTKFace datasets, which indicates that it is able to correctly recognize faces with a high degree of accuracy.

Table 4 Comparison of the proposed method with state-of-the-art approaches (EER in terms of %)
Full size table

These findings validate that the proposed approach as a trustworthy, time-saving, and biometric based identity management. Gaining access to a person’s facial biometrics is a fool proof way to ensure their anonymity and speedy identification. All nodes in a Blockchain must be uniquely identifiable, and there must be a way to effectively monitor identify thrifting. Even on low-powered devices, the suggested framework may be used to execute the authentication procedure quickly.

5 Conclusions

In the past few years, the employment of facial biometrics has witnessed a surge in various corporate applications due to the constraints associated with conventional identification techniques. The widespread adoption of Blockchain technology enables companies to transition from inefficient and time-consuming processes to more reliable, secure, and cost-effective alternatives. The objective of this study is to explore the potential of Blockchain technology in the context of biometric identification, with a specific focus on facial recognition. The storage of biometric templates on remote servers has been associated with security apprehensions. In order to tackle this issue, we have developed and implemented a proof-of-concept mechanism that leverages smart contract technology integrated into a private Blockchain infrastructure to facilitate a facial biometric authentication system. During the enrolment process, the verification of a user’s identity is facilitated through the utilization of both Ethereum address and facial biometric data. Blockchain technology comprises several elements, including smart contracts, distributed ledgers, decentralized consensus mechanisms, and cryptographic exchanges. We tested the proposed approaches on two publicly available face databases to ensure its efficacy. Experimental results show that our method achieves excellent performance (EER = 0.05 and 0.07% on Multiple attempts test for CelebA, and UTKFace datasets, respectively). The proposed method was compared to three other face recognition methods, VGGface, CosFace, and P2SGrad. The proposed method achieved the lowest EER on both datasets. In the future, the proposed approach can be extended in IoT setting to enable a solution for double spending problems.