Abstract
In smart home environments, users are provided with various convenient services using smart devices. However, without adequate security measures, sensitive information can be exposed to adversaries because messages are transmitted through public channels. The biometric information of users can be employed for security, but leakage of biometric templates can cause permanent damage to users. In 2025, Hu et al. proposed a user authentication scheme using revocable biometrics for smart home environments. However, we found that their scheme is insecure to eavesdropping and stolen verifier attacks and does not ensure user untraceability. To overcome these security problems, we propose a robust and lightweight user authentication scheme for smart home environments. Moreover, we propose a new cancelable biometric protection scheme using DeepPrint and indexing-min-max (IMM) hashing to protect biometric templates of users. To demonstrate the performance and security of these schemes, this work conducts performance and security analyses on the cancelable biometric template (CBT) generation scheme and the user authentication scheme. The results demonstrate that the proposed scheme offers lower equal error rates (EERs), lower computational and communication costs, and more security features than existing schemes.