Securing Medical Sensor Environments: The CodeBlue Framework Case

Research on wireless sensor networks targeting to medical environments has gathered a great attention. In this context, the most recent and perhaps the most promising complete scheme is the CodeBlue hardware and software combined platform, developed in the context of the self-titled Harvard's University project. CodeBlue relies on miniature wearable sensors to monitor real-time patients' vital activities and collecting data for further processing. Apart from the essential query interface for medical monitoring, CodeBlue offers protocols for hardware discovery and multihop routing. This paper contributes to the CodeBlue security, which until now is considered as pending or left out for future work by its designers. We identify and describe several security issues and attack incidents that can be directly applied on CodeBlue compromising its trustworthiness. We also discuss possible solutions for both internal and external attacks and the key-management mechanisms that these solutions presume

[1]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[2]  Jorjeta G. Jetcheva,et al.  Adaptive demand-driven multicast routing in multi-hop wireless ad hoc networks , 2001, MobiHoc '01.

[3]  John V. Guttag,et al.  Continuous medical monitoring using wireless microsensors , 2004, SenSys '04.

[4]  Chris Toumazou,et al.  Medical Healthcare Monitoring with Wearable and Implantable Sensors , 2004 .

[5]  Gregory G. Finn,et al.  Routing and Addressing Problems in Large Metropolitan-Scale Internetworks. ISI Research Report. , 1987 .

[6]  Deborah Estrin,et al.  Directed diffusion: a scalable and robust communication paradigm for sensor networks , 2000, MobiCom '00.

[7]  Richard Han,et al.  Node Compromise in Sensor Networks: The Need for Secure Systems ; CU-CS-990-05 , 2005 .

[8]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[9]  Shouhuai Xu,et al.  Establishing pairwise keys for secure communication in ad hoc networks: a probabilistic approach , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[10]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[11]  David A. Wagner,et al.  Security considerations for IEEE 802.15.4 networks , 2004, WiSe '04.

[12]  Matt Welsh,et al.  Sensor networks for medical care , 2005, SenSys '05.

[13]  Deborah Estrin,et al.  Highly-resilient, energy-efficient multipath routing in wireless sensor networks , 2001, MOCO.

[14]  Wei Hong,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Tag: a Tiny Aggregation Service for Ad-hoc Sensor Networks , 2022 .

[15]  Robert Szewczyk,et al.  System architecture directions for networked sensors , 2000, ASPLOS IX.

[16]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[17]  Robert A. Greenes,et al.  Demonstration of SMART (Scalable Medical Alert Response Technology) , 2005, AMIA.

[18]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[19]  Roberto Di Pietro,et al.  Efficient and resilient key discovery based on pseudo-random key pre-deployment , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[20]  Ramesh Govindan,et al.  Localized Edge Detection in Wireless Sensor Networks , 2003 .

[21]  Shivakant Mishra,et al.  INSENS: Intrusion-Tolerant Routing in Wireless Sensor Networks , 2002 .

[22]  Mika Ståhlberg Radio Jamming Attacks Against Two Popular Mobile Networks , 2000 .

[23]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[24]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[25]  Matt Welsh,et al.  MoteTrack: a robust, decentralized approach to RF-based location tracking , 2006, Personal and Ubiquitous Computing.