A Biometric Key Establishment Protocol for Body Area Networks

Current advances in semiconductor technology have made it possible to implant a network of biosensors inside the human body for health monitoring. In the context of a body area network (BAN), the confidentiality and integrity of the sensitive health information is particularly important. In this paper, we present an ECG (electrocardiogram)-signal-based key establishment protocol to secure the communication between every sensor and the control unit before the physiological data are transferred to external networks for remote analysis or diagnosis. The uniqueness of ECG signal guarantees that our protocol can provide long, random, distinctive and temporal variant keys. Biometric Encryption technique is applied to achieve the mutual authentication and derive a non-linkable session key between every sensor and the control unit. The correctness of the proposed key establishment protocol is formally verified based on SVO logic. Security analysis shows that our protocol can guarantee data confidentiality, authenticity and integrity. Performance analysis shows that it is a lightweight protocol.

[1]  Sheikh Iqbal Ahamed,et al.  Security in Pervasive Computing: Current Status and Open Issues , 2006, Int. J. Netw. Secur..

[2]  Lin Yao,et al.  A privacy-preserving authentication scheme using biometrics for pervasive computing environments , 2010 .

[3]  Jia Wang,et al.  An ECG-Based Signal Key Establishment Protocol in Body Area Networks , 2010, 2010 7th International Conference on Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing.

[4]  B. Price,et al.  A Privacy Preference Model for Pervasive Computing , 2005 .

[5]  Carmen C. Y. Poon,et al.  A biometrics based security solution for encryption and authentication in tele-healthcare systems , 2009, 2009 2nd International Symposium on Applied Sciences in Biomedical and Communication Technologies.

[6]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[7]  Anil K. Jain,et al.  Biometric Template Security , 2008, EURASIP J. Adv. Signal Process..

[8]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[9]  Matt Welsh,et al.  Sensor networks for emergency response: challenges and opportunities , 2004, IEEE Pervasive Computing.

[10]  Andy Adler,et al.  Vulnerabilities in Biometric Encryption Systems , 2005, AVBPA.

[11]  Qiang Huang,et al.  Fast authenticated key establishment protocols for self-organizing sensor networks , 2003, WSNA '03.

[12]  Abdelsalam Helal,et al.  Virtual sensors for service oriented intelligent environments , 2007 .

[13]  Michael D. Smith,et al.  A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography , 2004, 2004 First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004..

[14]  Pablo Laguna,et al.  A database for evaluation of algorithms for measurement of QT and other waveform intervals in the ECG , 1997, Computers in Cardiology 1997.

[15]  Dimitrios Hatzinakos,et al.  Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling , 2008, EURASIP J. Adv. Signal Process..

[16]  Dimitrios Hatzinakos,et al.  On supporting anonymity in a BAN biometric framework , 2009, 2009 16th International Conference on Digital Signal Processing.

[17]  Heejo Lee,et al.  BARI+: A Biometric Based Distributed Key Management Approach for Wireless Body Area Networks , 2010, Sensors.

[18]  Jeffrey M. Hausdorff,et al.  Physionet: Components of a New Research Resource for Complex Physiologic Signals". Circu-lation Vol , 2000 .

[19]  Mani B. Srivastava,et al.  Context-aware access to public shared devices , 2007, HealthNet '07.

[20]  Inampudi Ramesh Babu,et al.  Authentication Using Fuzzy Vault Based on Iris Textures , 2008, Asia International Conference on Modelling and Simulation.

[21]  Mohammed Feham,et al.  Trust Key Management Scheme for Wireless Body Area Networks , 2011, Int. J. Netw. Secur..

[22]  Madhu Sudan,et al.  A Fuzzy Vault Scheme , 2006, Des. Codes Cryptogr..

[23]  C.Y. Ryu,et al.  Realization of an e-Health System to Perceive Emergency Situations , 2004, The 26th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[24]  Aleksandar Milenkovic,et al.  Journal of Neuroengineering and Rehabilitation Open Access a Wireless Body Area Network of Intelligent Motion Sensors for Computer Assisted Physical Rehabilitation , 2005 .

[25]  Sangseung Kang,et al.  Modeling of multiple agent based cryptographic key recovery protocol , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[26]  Feng Xia,et al.  An inter-domain authentication scheme for pervasive computing environment , 2010, Comput. Math. Appl..

[27]  D. Hatzinakos,et al.  Secure methods for fuzzy key binding in biometric authentication applications , 2008, 2008 42nd Asilomar Conference on Signals, Systems and Computers.

[28]  J. Hsu,et al.  Context-aware Access Control in Pervasive Healthcare , 2005 .

[29]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[30]  Carmen C. Y. Poon,et al.  Using the Timing Information of Heartbeats as an Entity Identifier to Secure Body Sensor Network , 2008, IEEE Transactions on Information Technology in Biomedicine.

[31]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[32]  Carmen C. Y. Poon,et al.  A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health , 2006, IEEE Communications Magazine.

[33]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[34]  Tae Hwan Oh,et al.  Security Issues on Wireless Body Area Network for Remote Healthcare Monitoring , 2010, 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing.

[35]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[36]  Said Fathy El-Zoghdy,et al.  A Scalable and Distributed Security Protocol for Multicast Communications , 2011, Int. J. Netw. Secur..

[37]  Sharath Pankanti,et al.  Fuzzy Vault for Fingerprints , 2005, AVBPA.

[38]  Ayan Banerjee,et al.  PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks , 2010, IEEE Transactions on Information Technology in Biomedicine.

[39]  M. Parashar,et al.  Context-aware Dynamic Access Control for Pervasive Applications , 2004 .

[40]  M. Guennoun,et al.  On the Use of Biometrics to Secure Wireless Biosensor Networks , 2008, 2008 3rd International Conference on Information and Communication Technologies: From Theory to Applications.

[41]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[42]  Marcela D. Rodríguez,et al.  Privacy-Aware Autonomous Agents for Pervasive Healthcare , 2006, IEEE Intelligent Systems.