4S: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks

Abstract Cloud-assisted wireless body area networks (WBANs) significantly facilitate efficient patient treatment of high quality, unfortunately in the meanwhile greatly challenge the patient’s data confidentiality and privacy. The existing work mainly focused on the traditional scenario where patients securely stay indoors. In this paper, we consider a more practical situation of cloud-assisted WBANs in m-healthcare social networks where patients traverse among blocks outdoors and WBANs are more vulnerable to sophisticated attacks including even node compromise attack. To solve the problem, a secure and privacy-preserving key management scheme resilient to both time-based and location-based mobile attacks is proposed by the cooperation of the mobile patients in the same social group for both hierarchical and distributed environment. It also protects patient’s identity privacy, sensor deployment privacy and location privacy by exploiting the blinding technique and embedding human body’s symmetric structure into Blom’s symmetric key mechanism with modified proactive secret sharing. Especially, the computationally-intensive privacy-preserving key material updating is outsourced to the cloud server and the unchanged pairwise keys after key material updating dramatically saves the resources for energy-constrained WBANs. Finally, the security analysis and simulation results show our scheme far outperforms the previous ones in terms of resisting mobile attacks and storage, computation and communication overhead.

[1]  Ratna Dutta,et al.  Provably Secure Constant Round Contributory Group Key Agreement in Dynamic Setting , 2008, IEEE Transactions on Information Theory.

[2]  M. Teplan FUNDAMENTALS OF EEG MEASUREMENT , 2002 .

[3]  Manuel Barbosa,et al.  Delegatable Homomorphic Encryption with Applications to Secure Outsourcing of Computation , 2012, CT-RSA.

[4]  Yunhao Liu,et al.  Refresh: Weak Privacy Model for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[5]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[6]  Fabio Bellifemine,et al.  SPINE2: developing BSN applications on heterogeneous sensor nodes , 2009, 2009 IEEE International Symposium on Industrial Embedded Systems.

[7]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[8]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[9]  Xuemin Shen,et al.  Mutual Authentication and Key Exchange Protocols for Roaming Services in Wireless Mobile Networks , 2006, IEEE Transactions on Wireless Communications.

[10]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[11]  Xiaolei Dong,et al.  Securing m-healthcare social networks: challenges, countermeasures and future directions , 2013, IEEE Wireless Communications.

[12]  Jun Zhou,et al.  TIS: A threshold incentive scheme for secure and reliable data forwarding in vehicular Delay Tolerant Networks , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[13]  Jun Zhou,et al.  An Improved Distributed Key Management Scheme in Wireless Sensor Networks , 2008, WISA.

[14]  Yuguang Fang,et al.  Scalable and deterministic key agreement for large scale networks , 2007, IEEE Transactions on Wireless Communications.

[15]  Craig Gentry,et al.  i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits , 2010, IACR Cryptol. ePrint Arch..

[16]  Carmen C. Y. Poon,et al.  A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health , 2006, IEEE Communications Magazine.

[17]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[18]  Ayan Banerjee,et al.  PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks , 2010, IEEE Transactions on Information Technology in Biomedicine.

[19]  Oscar Garcia Morchon,et al.  Efficient distributed security for wireless medical sensor networks , 2008, 2008 International Conference on Intelligent Sensors, Sensor Networks and Information Processing.

[20]  Xiaodong Lin,et al.  Sage: a strong privacy-preserving scheme against global eavesdropping for ehealth systems , 2009, IEEE Journal on Selected Areas in Communications.

[21]  Carmen C. Y. Poon,et al.  Using the Timing Information of Heartbeats as an Entity Identifier to Secure Body Sensor Network , 2008, IEEE Transactions on Information Technology in Biomedicine.

[22]  K.K. Venkatasubramanian,et al.  EKG-based key agreement in Body Sensor Networks , 2008, IEEE INFOCOM Workshops 2008.

[23]  Xiaohui Liang,et al.  A Secure Handshake Scheme with Symptoms-Matching for mHealthcare Social Network , 2011, Mob. Networks Appl..

[24]  Rolf Blom,et al.  An Optimal Class of Symmetric Key Generation Systems , 1985, EUROCRYPT.

[25]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[26]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[27]  Xiaolei Dong,et al.  BDK: Secure and Efficient Biometric based Deterministic Key Agreement in Wireless Body Area Networks , 2013, BODYNETS.

[28]  Elena Villalba,et al.  A new solution for a Heart Failure Monitoring system based on Wearable and Information Technologies , 2006, BSN.

[29]  Felix C. Freiling,et al.  Towards an Intrusion Detection System in Wireless Sensor Networks , 2007 .

[30]  Yuguang Fang,et al.  Privacy and emergency response in e-healthcare leveraging wireless body sensor networks , 2010, IEEE Wireless Communications.

[31]  Jun Zhou,et al.  PSMPA: Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributedm-Healthcare Cloud Computing System , 2015, IEEE Transactions on Parallel and Distributed Systems.

[32]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[33]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[34]  Min Chen,et al.  An Integrated Biometric-Based Security Framework Using Wavelet-Domain HMM in Wireless Body Area Networks (WBAN) , 2011, 2011 IEEE International Conference on Communications (ICC).

[35]  Xiuzhen Cheng,et al.  From Time Domain to Space Domain: Detecting Replica Attacks in Mobile Ad Hoc Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[36]  Giancarlo Fortino,et al.  Engineering Large-Scale Body Area Networks Applications , 2013, BODYNETS.

[37]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[38]  Azzedine Boukerche,et al.  Monitoring patients via a secure and mobile healthcare system , 2010, IEEE Wireless Communications.

[39]  Yuguang Fang,et al.  Security analysis and enhancements of 3GPP authentication and key agreement protocol , 2005, IEEE Trans. Wirel. Commun..

[40]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[41]  L. Gatzoulis,et al.  Wearable and Portable eHealth Systems , 2007, IEEE Engineering in Medicine and Biology Magazine.

[42]  Ian F. Akyildiz,et al.  Sensor Networks , 2002, Encyclopedia of GIS.

[43]  Mukaddim Pathan,et al.  BodyCloud: Integration of Cloud Computing and body sensor networks , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[44]  Ilias Iakovidis,et al.  Towards personal health record: current situation, obstacles and trends in implementation of electronic healthcare record in Europe , 1998, Int. J. Medical Informatics.