Security in Wireless Body Area Networks for Medical Applications: A Concise Survey
Garth V. Crosby
Southern IllinoisUniversityCarbondale,
College of Engineering,
Carbondale, Illinois
1
Abstract-Wireless body area networks (WBANs) are emerging as important networks, applicable in various fields. This paper surveys the various approaches to secure WBANs in medical applications. We make an attempt to classify the prior works in accordance with their underlying protocol and or security mechanisms. The approaches and/or protocols presented in this paper are: TinySec, IEEE 802.15.4 Security, ZigBee Security Services, Hardware Encryption, Elliptic Curve Cryptography, Identity-Based Encryption and Biometric. We conclude with open research issues.
Keywords-wireless body area network;security;body sensor network,medical application;WBAN survey.
- INTRODUCTION
The increase in average lifespan and health cost in many developed nations are catalysts to innovation in health care. These factors along with the advances in miniaturization of electronic devices, sensing, battery and wireless communication technologies has lead to the development of Wireless Body Area Networks (WBAN). These consist of smart miniaturized devices (motes) that are able to sense, process and communicate. They can be worn on the human body or implanted. They are designed such that they can monitor physiological signals and transmit these to specialized medical servers without much interference to the daily routine of the patient. The sensitive nature of medical data in addition to the laws that govern the privacy of such data make it very important to secure WBAN.
Our purpose is to present a concise survey of various security approaches in the field of wireless body area networks. By doing this we hope to stimulate more research in the area by identifying open research issues. In section II we give an overview of security threats. In section III we look at the security requirements. In section IV we examine proposed solutions. We conclude with open research problems in section V.
- SECURITY THREATS
Wireless Body Area Network (WBAN) is a type of wireless sensor networks. As such it is susceptible to many of the attacks common to traditional wireless sensor networks. The attacks can be categorized as denial of service attack (tying up of network resources thus making them unavailable), privacy attacks, impersonation attacks, or replay attack. Table 1. present a classification of attacks against wireless sensor and wireless body area networks. There are some notable distinctions that should be made between WSN and WBAN:
(i)Due to the close proximity of the body sensor nodes to the user (either on or implanted in the body) it may be extremely difficult to gain access to the network through tampering with one of the nodes. Also, it makes impersonation attack difficult due to short distance between nodes.
(ii)An implanted body sensor node, in particular, will have more severe constraints of its memory, power consumption and computing power than a mote in a traditional wireless sensor network. Thus security solutions proposed for traditional wireless sensor networks may not be appropriate for WBAN.
(iii)The growing popularity of WBAN makes jamming due to intended or unintended interference a significant concern. This will occur as people who are hosting a WBAN come into close proximity of each other. Common communication protocols such as IEEE 802.15.4[1] and ZigBee[2] that have been implemented to some success in traditionally wireless sensor networks may not be able to effectively deal with frequency jamming. Ultra Wide band (UWB), an emerging standard, may be better equipped in coping with intended and unintended jamming [3].
(iv)Unlike traditional sensor network that remains largely static, mobility must be supported. Therefore, security mechanisms must be able to cope with dynamic topologies caused by postural mobility.
III.SECURITY REQUIREMENT
The WBAN and supporting infrastructure must implement security operations that guarantee the security, data integrity, privacy and confidentiality of the patients’ medical records. In addressing privacy issues it must be ensured that the Health Insurance Portability and Accountability Act of 1996 [4] is observed. The following security requirements must be attained:
i)Authentication: This is necessary to enable the WBAN to validate network nodes and thus prevent network compromise and or node impersonation.
ii)Data Integrity: this is needed to prevent the altering of data traversing the communication paths between nodes, and to prevent replay attacks.
iii)Confidentiality: the network should be able to guarantee the secrecy of message exchange among nodes
iv)Availability: since this network carries highly sensitive, important and potentially life saving information it is of utmost importance that the network resources are available at all times.
v)Privacy: the patients’ data should not be disclosed to unauthorized entities (persons). Medical information is one of the most sensitive set of personal data. The system must employ mechanisms that are able to adequately address current and potential laws in the future, governing the privacy of medical data.
IV. PROPOSED SOLUTIONS
We now turn our attention to emerging security approaches in WBAN.
A. TinySec
TinySec is proposed in [6] as a security solution in biomedical sensor network to achieve link-layer encryption and data authentication. TinySec [7] is a software based security architecture that implements link-layer encryption. It is a component of the official TinyOS release. TinySec is very popular in the wireless sensor community and has even been implemented on a variety of custom hardware.
TinySec encrypt the data packet with a group key common to the sensor nodes and compute a message authentication code (MAC) for the entire packet including the header. This group key is shared network-wide and manually programmed into the nodes prior to deployment. This network-wide key presents a single point of vulnerability. TinySec does not protect against node capture. If a node is compromised and keying material revealed the entire network can be compromised. However, in the case of WBAN we proposed that node capture is not as easy as it may be in traditional wireless sensor network where nodes may be left unattended for long period of times. In WBAN nodes are either on or implanted in the body, hence node capture will mean a compromise of physical security.
Table 1. WSN and WBAN Security Threats and Possible Solutions
Security Threats / Security Requirements / Possible Security SolutionsWSN / WBAN
Unauthorized/ unauthenticated access / Key Establishment and trust setup / Symmetric key distribution , random key distribution, lightweight public key cryptography , elliptic curve cryptography / Symmetric Key Distribution, Biometric key distribution mechanisms
Message disclosure / Confidentiality and privacy / Link and network layer encryption, access control / Link and network layer encryption, access control, identity based encryption
Message Modification / Data Integrity and authenticity / Keyed secure hash function / Keyed secure hash function, identity based encryption
Denial-of-Service / Availability / Intrusion detection, redundancy / Intrusion detection, redundancy
Node capture and compromise / Resilience to node compromise / Tamper proofing, inconstancy detection, node revocation mechanism, trust and reputation monitoring / User surveillance
Routing attacks / Secure routing / Secure routing protocols / Secure routing protocols
Intrusion and high level security attacks / Secure group management, intrusion detection, secure data aggregation / Secure group communication, intrusion detection / Secure group communication, intrusion detection
(adapted from [5])
B. IEEE 802.15.4 Security
First released in 2003, IEEE 802.15.4 [1] has become a popular IEEE standard for low-rate wireless personal area networks (LR-WPANs). Due to the low power consumption, short-range operation, ease of installation, reliable data transfer, and low cost it has been utilized in many sensor network applications. The standard itself defines the physical (PHY) and MAC layers, several security suites can be implemented under the IEEE 802.15.4. The IEEE 802.15.4 security suite modes can be classified into two basic modes: unsecured mode and the secured mode. The unsecure mode simply means no security suite has been selected. The standard defines 8 distinct security suites (see table 3). The first of these is the Null suite that provides no security. The others can be further classified based on the security properties they provide. There is encryption only AES-CTR( counter mode of cryptographic operation with AES), authentication only (AES-CBC-MAC), and encryption & authentication (AES-CCM). Encryption is performed using AES encryption [8], which consume comparatively less energy than other algorithms. Authentication is achieved using the cipher block chaining with message authentication code (CBC-MAC). A more a detail description can be found in [1].
Table 2. IEEE 802.15.4 Security Suites
Name / DescriptionNull / No security
AES-CTR / Encryption only. This provides access control, data encryption, and optional sequential freshness.
AES-CBC-MAC-128
AES-CBC-MAC-64
AES-CBC-MAC-32 / Authentication only allowing flexibility by the selection of different MAC lengths: 32, 64, 128 bits.
AES-CCM-128
AES-CCM-64
AES-CCM-32 / This provides authentication and encryption allowing flexibility by the selection of different MAC lengths: 32, 64, 128 bits
C. ZigBee Security Services
ZigBee is a consortium of industry players which came together to define a new standard for ultra-low power wireless communication [2]. The ZigBee network layer (NWK) is designed to operate on top of the IEEE 802.15.4 defined PHY and MAC layers. The ZigBee standard defines extra security services including processes for key exchange and authentication, in addition to the security services of IEEE 802.15.4 , upon which it is built.
The ZigBee standard specifies a “TrustCenter”. Usually the function of the TrustCenter is performed by the ZigBee coordinator. The Zigbee coordinator is responsible for allowing nodes to join the network and for the distribution of keys. The roles specified for the Trust Center are: (1) trust manager- responsible for authenticating nodes requesting to join the network, (2) network manager- responsible for key maintenance and distribution, (3) configuration manager- responsible for ensuring end-to-end security[9]. More information can be found in [2].
D. Hardware Encryption
Instead of using software encryption as done in TinySec, hardware encryption can be implemented utilizing the ChipCon 2420 ZigBee compliant RF Transceiver. The CC2420 is able to execute IEEE 802.15.4 security operations with AES encryption using 128-bit keys. These operations include the counter (CTR) mode encryption and decryption, CBC-MAC authentication and CCM encryption plus authentication.
Hardware encryption has been implemented in a WBAN project with off-the-shelf ZigBee platform [10]. In this project it was determined that the hardware encryption does not significantly increase power consumption on the sensor platform. This was attributed to the efficient on-chip hardware support for encryption on the wireless controller and the dominant power consumption of the radio frequency (RF) unit when compared to the processing circuitry. However, the drawback of this method is that it is dependent on the specific sensor platform. Not all sensor node hardware offers hardware encryption support.
E. Elliptic Curve Cryptography
Elliptic curve cryptography (ECC) has emerged as a viable option for public key cryptography in wireless sensor networks. The main reason for this is its comparatively fast computation, small key size and compact signatures. There have been several noteworthy contributions in the past few years. One of the earliest works utilizing ECC in sensor networks was done by Malan et al. [11]. In this work, a public key infrastructure, using ECC, was implemented and evaluated on a Mica2 sensor mote platform supported by TinyOS. Uhsadel et al. [12] proposed an efficient implementation of ECC. Liu et al. [13] proposed TinyECC, which is another variation of ECC designed for TinyOS environment. As stated by the developers, “TinyECC is a configurable library for ECC operations in wireless sensor networks. The primary objective of TinyECC is to provide a ready-to-use, publicly available software package for ECC-based PKC operations that can be flexibly configured and integrated into sensor network applications”[13]. Recently, Szczechowiak et al. proposed NanoECC[14], which executes comparatively faster than existing ECC implementations but typically requires significant amount of ROM and RAM.
Although ECC has been successfully implemented in several variations it is still not a top choice for WBAN. This is because its energy requirements are still significantly higher than symmetric systems. This being the case, others have proposed that ECC be implemented only for infrequent and security-sensitive operations such as key establishment during the initial setup of the network or code updates. In line with this thinking, Malasri et al. [15] proposed a solution for medical sensor networks that uses: (i) an ECC-based secure key exchange protocol to set up shared keys between sensor nodes and base stations, (ii) symmetric encryption and decryption for protecting data confidentiality and integrity, and (iii) an authentication scheme for verifying data source.
F. Identity-Based Encryption
Oliveira et al.[16] proposed TinyTate, a lightweight Identity-Based Encryption (IBE) security solution for traditional wireless sensor networks. Tan et al [17] proposed an Identity-Based cryptographic security solution for WBAN. In their work, the sensor nodes compute public keys by applying a hash function on an arbitrary number of application dependent self-generated keys. These keys are stored on their flash memory and are used to execute elliptic curve encryption/decryption using Elliptic Curve Digital Signature Algorithm (ECDSA). This approach has several drawbacks: higher execution time, greater energy consumption due to increased computational overhead, and higher storage requirement for flash ROM as a result of the public key storage. Sankaran et al. [18] proposed IDKEYMAN, an identity-based key management scheme for wireless body area networks. IDKEYMAN is designed for a publisher-subscriber architecture like that of CodeBlue[19]. It uses IBE to set up pair-wise symmetric keys to preserve data confidentiality and integrity. IBE is only used to exchange pair-wise symmetric keys between publishers and subscribers. To reduce the computational overhead on the publisher, the symmetric keys are used in all communications subsequent to setup. IDKEYMAN takes advantage of the superior security strength of public key cryptography while minimizing energy consumption by only utilizing IBE in the bootstrapping phase.
G. Biometric
Biometric has emerged as a useful mechanism to use in the key establishment and authentication of body sensor nodes [20-23]. This method uses measurement of physiological characteristics of the body itself as an important parameter in a symmetric key management system. While the measurement of several physiological signals can be used for biometrics, the ECG (electrocardiogram)[23], and the timing information of heart beats, that is, interpulse interval (IPI)[20], are among the most appropriate. These are appropriate because unlike traditional biometric schemes the physiological value must exhibit proper time variance and randomness. Yet it must produce almost the same value if taken simultaneously at different location on the same individual. The following are necessary characteristic for a useful biometric physiological value [20, 24]:
-Universal: possessed by most patients
-Distinctive: sufficiently different in any two patients
-Collectable: easily measured and collected
-Effective: able to implement a relatively secure biometric system within the constraints of processing, computing and power of the body sensor nodes
-Acceptable: adoption by the public
-Invulnerable: difficult to compromise
-Random: difficult to guess
-Time variance: changes over time
Research is continuing in Biometric system applicability in WBAN. Currently there exist low cost sensor devices for medical applications that can record suitable biometric physiological signal [20, 21, 25]. This could mean that in some current and future WBAN the additional system requirement for implementing a biometric based system would be almost negligible.
V.CONCLUSION AND OPEN RESEARCH ISSUES
As mentioned in this section, there exists a number of emerging security approaches to WBAN. Due to the security-critical nature of WBAN only the most secure approaches will be adopted. However, public key cryptography approaches require more resources and consume significantly more power than less secure symmetric keying systems. Further research on fast, efficient and lightweight application of ECC is needed. Biometric systems require a level of time synchronization in order to implement the symmetric key systems among nodes. A novel method of achieving this in a practical way should be explored. Biometric is also limited by the fact that only nodes in the system that can measure and collect the biometric parameter can participate in the security mechanism. This begs the research question, is it possible to design a biometric based system or a hybrid thereof that can overcome this obstacle?
There is currently no standard designed specifically for WBAN. However, the IEEE 802.15 Task group 6 has been recently formed to facilitate standardization. This will no doubt outline a path for further research in the security operations of WBAN and hopefully define a security suite.
REFERENCES
[1]"Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specification for Low-Rate Wireless Personal Area Networks (LR-WPANs)," IEEE 802.15.4, New York, USA:IEEE 2003.
[2]"ZigBee Specification v1.0," ZigBee Alliance, San Ramon, CA, USA 2005.
[3]A. F. Molisch, P. Orlik, Z. Sahinoglu, and J. Zhang, "UWB-based Sensor Networks and the IEEE 802.14.4a Standard- A Tutorial," Mitsubishi Electric Research Laboratories, Cambridge, Massachusetts TR2006-117, October 2006.
[4]"The Health Insurance Portability and Accountability Act of 1996 (HIPAA)," Centers for Medicare and Medicaid Services, 1996.
[5]S. Saleem, S. Ullah, and H. S. Yoo, "On the Security Issues in Wireless Body Area Networks," JDCTA: International Journal of Digital Content Technology and its Application, vol. 3, pp. 178-184, 2009.
[6]S. S. Marci, Meingast, and T. Roosta, "Security and Privacy Issues with Health Care Information Technology," in the proceedings of 28th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBS 06), pp. 5453-5458, New York City, NY, USA, 2006.