efficient and secure framework for body area...

EFFICIENT AND SECURE FRAMEWORK FOR BODY

AREA NETWORKS

NOOR UL AMIN

DEPARTMENT OF INFORMATION TECHNOLOGY

HAZARA UNIVERSITY MANSEHRA

2016

ii

EFFICIENT AND SECURE FRAMEWORK FOR BODY AREA

NETWORKS

SUBMITTED BY NOOR UL AMIN

PhD Scholar

RESEARCH SUPERVISOR DR ARIF IQBAL UMAR

Assistant Professor

Department of Information Technology

DEPARTMENT OF INFORMATION TECHNOLOGY

HAZARA UNIVERSITY MANSEHRA

2016

iii

Intentionally left Blank

v

DEDICATION

Dedicated to all my family and those who respect humanity and love

peace

vi

CONTENTS

ABBREVIATIONS ................................................................................................................... x

LIST OF TABLES .................................................................................................................. xii

LIST OF FIGURES ............................................................................................................... xiii

ACKNOWLEDGEMENTS ................................................................................................. xiv

ABSTRACT ........................................................................................................................... xv

Chapter 1 .................................................................................................................................. 1

1. Introduction ......................................................................................................................... 1

1.1 Motivation ...................................................................................................................... 2

1.2 Research Problem .......................................................................................................... 5

1.3 Research Questions ....................................................................................................... 5

1.4 Proposed Solution ......................................................................................................... 5

Proposed Framework Overview ....................................................................................... 8

1.5 Research Objectives ...................................................................................................... 9

1.6 Research Scope .............................................................................................................. 9

1.7 Thesis Organization ...................................................................................................... 9

Chapter 02 .............................................................................................................................. 10

2. Background Study ............................................................................................................ 10

2.1 BANs Basic Architecture ............................................................................................ 10

2.1.1 Biosensor Nodes ................................................................................................... 10

2.1.2 Base Station ........................................................................................................... 11

2.1.3 Medical Server ...................................................................................................... 11

2.2 Three Tiers Communication Architecture of BANs............................................... 12

2.2.1 Tier-1 Communication ........................................................................................ 13



2.10 Different Forms of Sensors ...................................................................................... 13

2.10.1 Wearable Form ................................................................................................... 13

2.10.2 Implantable Form ............................................................................................... 14

2.10.3 Emplaced Form .................................................................................................. 14

2.3 Requirement of Economical Health Solutions ........................................................ 15

vii

2.4 Infrastructure-based architecture ............................................................................. 16

2.5 Adhoc- based Architecture ........................................................................................ 16

2.6 BANs Laws .................................................................................................................. 16

2.7 BANs Applications ..................................................................................................... 16

2.8 Data Rates and Power Requirements ....................................................................... 18

2.9 Security Methods in BANs Standards ..................................................................... 19

2.9.1 Bluetooth 802.15.1 Security ................................................................................. 19

2.9.2 UWB 802.15.3 Security ........................................................................................ 20

2.9.3 Zigbee 802.15.4 Security ...................................................................................... 20

2.9.4 IEEE 802.15.6 Security ......................................................................................... 20

2.11 Related Work ............................................................................................................. 21

2.11.1 Symmetric Key Agreement............................................................................... 22

2.11.2 Asymmetric Key Agreement ............................................................................ 24

2.11.3 Biometric Key Agreement ................................................................................. 26

2.11.4 Hybrid Key Agreement ..................................................................................... 29

Chapter 03 .............................................................................................................................. 32

3. Materials and Methods..................................................................................................... 32

3.1 Network Model ........................................................................................................... 32

3.2 Radio Model ................................................................................................................. 33

3.3 Threat Modal ............................................................................................................... 34

3.4 Threat Resistance Model ............................................................................................ 34

3.5 Design Requirement ................................................................................................... 35

3.5.1 Cost Efficiency ...................................................................................................... 35

3.5.2 Analysis Tools ...................................................................................................... 35

3.6 Security Requirement ................................................................................................. 36

3.6.1 Physical Security .................................................................................................. 36

3.6.2 Body Sensor Authentication ............................................................................... 36

3.6.3 Secure Key Agreement ........................................................................................ 36

3.6.4 Confidentiality of Information ........................................................................... 37

3.6.5 Patients Data Integrity ......................................................................................... 37

3.6.6 Authenticity .......................................................................................................... 37

viii

3.6.7 Non repudiation ................................................................................................... 38

3.6.8 Unforgeability ....................................................................................................... 38

3.6.9 Keys Update .......................................................................................................... 38

3.6.10 Data Freshness .................................................................................................... 38

3.7 Elliptic Curve ............................................................................................................... 38

3.8 Hyper Elliptic Curve .................................................................................................. 38

3.9 Symmetric Cryptographic Solutions ........................................................................ 39

3.10 Asymmetric Cryptographic Solutions ................................................................... 39

3.11 Hybrid Cryptographic Solutions ............................................................................ 39

3.12 Signcryption ............................................................................................................... 40

Chapter 04 .............................................................................................................................. 41

4. Result and Discussion ...................................................................................................... 41

4.1 Lightweight Authentication and Key Agreement Scheme for BANs ................. 41

4.1.1 Registration and Key Preloading Phase ........................................................... 42

4.1.2 Authentication and key agreement Phase ........................................................ 42

4.1.3 Confidential Data Transmission ........................................................................ 44

4.1.4 Key Updating Phase ............................................................................................ 47

4.1.5 Physical Security .................................................................................................. 48

4.1.6 Security Analysis .................................................................................................. 49

4.1.7 Performance Analysis .......................................................................................... 51

4.1.8 Conclusion ............................................................................................................ 55

4.2 Authenticated Key Agreement for SBANs Based on Hybrid Cryptosystem ..... 56

4.2.1 Registration and Key Preloading Phase ........................................................... 57

4.2.2 Node Authentication and Key Agreement Phase ........................................... 57

4.2.3 Session Key Establishment Phase ...................................................................... 57

4.2.4 Secure Data Transmission Phase ....................................................................... 59

4.2.5 Key Updating Phase ............................................................................................ 60



4.2.7.1 Computation Cost Analysis ............................................................................ 63

4.2.8 Conclusion ............................................................................................................ 67

ix

4.3 A Signcryption based Key Agreement and Cluster Head Selection for BANs .. 67

4.3.1 System Initialization Phase ................................................................................. 69

4.3.2 Session Key Establishment and Cluster Head Selection Phase ..................... 69

4.3.3 Secure Session Data Forwarding ....................................................................... 70

4.3.4 Cluster Head Rotation Phase ............................................................................. 71

4.3.5 Rekeying Phase .................................................................................................... 72



4.3.8 Conclusion ............................................................................................................ 81

4.4 Efficient Key Agreement for Wireless BANs Based on Hyper Elliptic Curves . 81

4.4.1 Initialization Stage ............................................................................................... 82

4.4.2 Key Establishment Stage ..................................................................................... 82

4.4.3 Secure Data Transmission Stage ........................................................................ 83

4.4.4 Key Updating Stage ............................................................................................. 84



4.4.6.1 Computational Cost Analysis ......................................................................... 89

4.4.7 Conclusion ............................................................................................................ 93

4.5 Novel Key Agreement Scheme for BANs Based on Hyper Elliptic Curve

Signcryption ....................................................................................................................... 93

4.5.1 Hyper Elliptic Curve Cryptosystem .................................................................. 94

4.5.2 BAN Initialization Phase ..................................................................................... 95

4.5.3 Session Key Establishment Phase ...................................................................... 95

4.5.4 Secure Session Data Transmission Phase ......................................................... 96

4.5.5 Key Update Phase ................................................................................................ 97


4.5.7 Performance Analysis ........................................................................................ 100

4.5.8 Conclusion .......................................................................................................... 105

Chapter 05 ............................................................................................................................ 106

5.1 Conclusion ................................................................................................................. 106

5.2 Future Work ............................................................................................................... 109

References ............................................................................................................................ 111

x

ABBREVIATIONS

Notation Description

Biosensor node

Base Station

Medical Server

Medical Officer

A finite field of order

An Elliptic Curve over prime field

A base point on of order

A hyper elliptic curve over prime field

A divisor of large prime of order in

A function which maps a divisor to integer value

Biosensor private key

Biosensor public key

Medical server private key

Medical server public key

Public Key

One way hash function / Keyed hash function

Advance Encryption Standard

Symmetric Encryption / Decryption with key

Message/Cipher text

Number used once

Hyper Elliptic Curve Divisor Multiplication

Elliptic Curve Point Multiplication

Bilinear Pairing

Modular Multiplication

Modular Exponentiation

Message Authentication Code

Node Authentication

Key agreement

Key update

Node Tracking

Message Confidentiality

xi

Message Integrity

Key Revocation

Forward Secrecy and Backward Secrecy

Data Freshness

Denial of Service

Masquerade Prevention

Scalability

xii

LIST OF TABLES

TABLE NO

DISCRPTION PAGE

NO

1. 1 Comparisons of BANs and WSNs 2

2. 1 Applications 17

2. 2 Protocol Security Comparison 21

4. 1 Comparison of Security Function of Proposed and Existing Schemes 51


4. 2 Comparison of Computation Cost of Existing and Proposed Schemes 52

4. 3 Computation Cost Comparison at Biosensor Side 52

4.4 Comparison of Computation Cost of Existing and Proposed Scheme 53

4. 5 Computation Cost Comparison at MS Side 53

4. 6 Comparison of Communication Overhead of Proposed and Existing Schemes

54

4. 7 Communication Cost on the basis of Nodes 55





4. 12 Computation Cost Efficiency at MS Side 64


65


4. 15 Communication Cost on the basis of Security Levels 66







79



4. 24 Security Analysis of Proposed and Existing Schemes 88


4. 26 Computation Cost Comparison on Biosensor Side 89


4. 28 Computation Cost Comparison on MS Side 91



4. 31 Comparison of Computation Cost of Existing and Proposed Scheme 101

4. 32 Computation Cost Comparison on Biosensor Side 101

4. 33 Comparison of Computation Cost of Existing and Proposed Scheme 102



xiii

LIST OF FIGURES

FIGURE NO

DISCRIPTION PAGE

NO

2. 1 Data flow in BANs 12

2. 2 Three Tiers Communication Architecture of BA 12

2. 3 Power Requirements and Data Rates in BANs 19

3. 1 Network Model of BANs 32

4. 1 Flow Chart 44

4. 2 Flow Chart for Confidential Data Forwarding 46

4. 3 Graph Representation of Comparison of Computation Cost at Biosensor Side

52

4. 4 Graph Representation of Comparison of Computation Cost at Base Station Side

54

4. 5 Graph Representation of Comparison of Communication Overhead 55

4. 6 System Design of BANs 56

4. 7 Computational Cost Comparison 65


4. 9 Communication Cost on the basis of Security Level 67

4. 10 Proposed Scheme Structure for BANs 68

4. 11 Comparison of Computation Cost at Biosensor Side 78

4. 12 Comparison of Computation Cost at MS Side 79



4. 15 Computation Cost at Biosensor Side 90

4. 16 Computation Cost at MS Side 91

4. 17 Communication Cost on the Base of Nodes 92

4. 18 Communication Cost on the Base of Security Level 93

4. 19 Computational Cost at Biosensor Side 102

4. 20 Computational Cost at MS Side 103

4. 21 Communication Cost on the Base of Number Nodes 104

4. 22 Communication Cost on the Base of Security Levels 105

xiv

ACKNOWLEDGEMENTS

I express my utmost gratitude to my advisor Dr. Arif Iqbal Umar on his open

hearted acceptance for carrying out my research work. His keen interest, pushing to

work, overwhelming attitude, timely advice, valuable suggestions, dedication for

early morning coaching and positive approach took me to accomplish this work.

I pay my heartiest thanks to Professor Dr. Habib Ahmad (TI), Dean Faculty of

Science for his loving inspiration, categorical encouragement, cooperation and taking

me to step up in my academic career.

It would be injustice if I ignore the admirable encouragement, assistance,

constructive criticism and cooperation of my colleague and friend Mr. Nizamuddin

in various stages of my research work.

I would like to profusely thank to all my colleagues, staff and students for their

praiseworthy support and assistance, especially Mr. Abdul Waheed and Mr. Jawaid

Iqbal.

I owe a genuine gratitude to all my committee members, Professor Dr. Habib

Ahmad (TI), Dr. Mohsin Nawaz, Dr. Saleem Abdullah and Dr. Bin Amin for their

valuable suggestions and recommendation.

I pay thanks to overall Hazara University management and Higher Education

Commission for providing me the opportunity of my research and academic growth.

At last It is my privilege to pay thanks to my wife and kids for their unconditional

support, care, patience and bearing me out in the tensed and over encumbering

situations.

NOOR UL AMIN

xv

ABSTRACT

The evolution of Body Area Networks (BANs) under the medical health care field is

vital for human survival. Delay less health monitoring and immediate medical

response is the primary objective of the BANs. In BANs, tiny biosensors nodes

deployed on patient’s body sense the health status data of patients and transmit it to

medical server wirelessly via base station for immediate medical response by the

medical officers. Health status information is disseminated on insecure channels

over the network. The battery-operated biosensors are limited in terms of

computation and communication capabilities. As data in BANs is communicated

over wireless channels, so we need to take strong security measures and ensure

secure transmission of critical health status information. Security of sensitive

physiological information and high computation and communication cost are the

challenging issues in resource constraint environment of BANs. Many solutions have

been proposed to cope with these issues but are still either deficient in security or

high in cost. Unluckily, these solutions often plunge to provide acceptable trade-off

between cost and security. Thus, secure and lightweight solutions are crucial as the

existing schemes presented in the literature either suffer with high cost or have

security flaws. Key agreement plays pivotal role in the secure transmission of

information. In this thesis, we have proposed a framework incorporating five

schemes that offer high security with significant reduction in cost. The performance

measurements and security parameters of each scheme are compared with other

existing schemes and IEEE TG6 standard as shown in graphs and tables and it has

been proved that our proposed solutions out perform in all respects. The first

scheme of our proposed frame wok, a lightweight secure authentication and key

agreement scheme for BANs use encrypted for secure node authentication and

key agreement, a shortened form of hash (compressed hash) is used for the integrity

of critical data. Only critical data packets are transmitted instead of transmitting

continuous sensed data, which obviously improves the overall efficiency of the

proposed work. Updating round wise session keys maintain forward and backward

secrecy. Patient Sensor Tracking (PST) feature of our scheme enhance physical

security of the network. In second scheme, the proposed hybrid authenticated key

xvi

agreement scheme for BANs is based on symmetric and elliptic curve cryptography.

In this scheme, dissemination of critical information from sensor nodes to base

station is performed through cluster head. In third, signcryption based key

agreement and cluster head selection for BANs, the session key and cluster head

selection are performed in a single step. The cluster head rotation phase balances the

energy level of the nodes in the entire network. In fourth, an efficient key agreement

scheme based on Hyper Elliptic Curve Cryptosystem (HECC) for the secure

transmission of patients’ health status data to the intended medical specialist. This

scheme is lightweight as compare to other schemes due to the shorter parameters of

HECC. In fifth the proposed novel key agreement scheme based on HECC

signcryption best fit for inters secure communication in the resource constraint

environment of BANs. Shorter key size, low communication and storage overhead

with promising efficiency and security make this scheme superior over other

schemes. Similarly, avoidance of unnecessary use of cluster head in a ward decreases

one hop, which reduces the overall overhead of the network.

Thus, our proposed framework offers the security features; Node Authentication,

Key agreement, Key Update, Patient Sensor Tracking, Message Confidentiality,

Message Integrity, Key Revocation, Forward Secrecy and Backward Secrecy, Data

Freshness, Prevention of Masquerade and Denial of Service with efficiency of

minimal communication overhead and computational cost as compare to the

existing solutions. Thus, the improved security and the significant cost reduction

would make our proposed framework as a best choice for the resource constraint

environment of BANs.

1

Chapter 01

INTRODUCTION

1. Introduction

All living beings have their own importance but there is nothing more important than

the human beings in the entire creatures on the earth, all of them have the right to be

cared and cured properly to stay for long and enjoy all flavours of life with sound

health. Care and cure for long and healthy human survival is of supreme priority. In

this connection, researchers of the modern era opened the gate to a vital research field

with different names of PAN, BSN, BASNs, WBANs and BANs for care and delay less

cure. (Zimmerman & Benton, 1995) is the pioneer of this research field and proposed

WPAN for the first time with the concept of exchange of information on and near the

human body. Soon, both the academia and industry focused the field. As a result IEEE

Task Group-6 developed a standard IEEE 802.15.6 in 2012 specific to BANs for short

distance communication after five years struggle of the engineers of sixty companies (J.

Liu, Zhang, Chen, & Kwak, 2014). BAN is a wireless network of tiny wearable or

implanted health status monitoring biosensor nodes which sense vital body parameters

(patient physiological data) and transmit it to medical facilities for immediate medical

treatment (Sana Ullah et al., 2012)(M. Chen, Gonzalez, Vasilakos, Cao, & Leung,

2011)(Movassaghi, Abolhasan, Lipman, Smith, & Jamalipour, 2014). BANs provide the

economical and smart services of long term health status monitoring without any

constraint on normal activities of life, quick diagnostic, chronic diseases care,

emergency remedy and fast medicines prescriptions (Halteren, 2004)(Korhonen &

Bardram, 2004)(M. R. Yuce, Ng, Myo, Khan, & Liu, 2007)(Poon & Zhang, 2008). On

body biosensors collect patient physiological status data of vital organs like heartbeat

rate and blood pressure values then communicate to controller nodes like smart phone,

PDA or access point (base station) which is linked to external networks like internet.

Medical officers receives online patient health status data regardless of patient location

2

(M. Yuce & Khan, 2011).The schemes proposed for the WSN predecessor of BAN are

not feasible for BANs due to the nature and size of the network. Comprehensive

comparison is shown in Table. 1.1. The existing BANs solutions presented in the

literature have shortcomings of high cost and low security. In this thesis, we propose an

efficient and secure framework for BANs incorporating five schemes to address the

mentioned shortcomings identified in the literature.

Table 1. 1 Comparisons of BANs and WSNs

Comparison Criteria Wireless Sensor Network Wireless Body Area Network

Network Dimensions Few to several thousand nodes over an area

from meters to kilometers

Dense distribution, limited by body size

Topology Random, Fixed/Static One hop or two-hop star topology

Node Size Small size preferred (no major limitation in

most cases)

Miniaturization required

Node Accuracy Accuracy outweighs large number of nodes

and allows for result validation

Each of the nodes have to be accurate and robust

Node Replacement Easily performed (some nodes are

disposable)

Difficulty in replacement of implanted settings

Bio Compatibility Not a concern in most applications Essential for implants and some external sensors

Power Supply and Battery Accessible, capable of changing more

frequently and easily

Difficulty in replacement and accessibility of

implanted settings

Node Lifetime Several years/ months/ weeks (application

dependent)

Several years/ months (application dependent)

Power Demand Power is more easily supplied hence

apparent candidates

Energy is supplied more difficult hence

apparently lower

Energy Scavenging Wind and solar power are most apparent

candidates

Thermal (body heat) and motion are most

apparent candidates

Data Rate More frequently homogenous More frequently heterogeneous

Data Loss Impact Data loss over wireless transfer is

compensated by the large number of nodes

Data loss is considered more significant (may

need additional measures to ensure real time

data interrogation capabilities and QoS)

Security Level Lower (application-dependent) High security level to protect patient information

Traffic Application specific, modest data rater,

cyclic/sporadic

Application specific, modest data rate,

cyclic/sporadic

Wireless Technology WLAN, GPRS, ZigBee, Bluetooth and RF 802.15.6, ZigBee, Bluetooth, UWB

Context Awareness Insignificant with static sensors in a well-

defined environment

Very significant due to sensitive context

exchange of body physiology

Overall Design Goals Self-operability, cost optimization, energy

efficiency

Energy efficiency, eliminate electromagnetic

exposure

1.1 Motivation

Development of sensors brought the world with new technological changes and new

research areas evolvement in this domain. Communication of information through

sensor nodes gave birth to wireless sensor networks. Characteristics, properties and

3

behavior of human body are very dynamic. Sensing its environment and then

transmission amongst sensor nodes unveiled several new exciting life–sustaining BANs

applications of patient health care, patient monitoring and providing medical solutions

wirelessly. The application of BANs will not only speed up the care and cure of patients

but will positively contribute to the economy of the country. Similarly, establishment of

remote patient care and cure BANs medical units where the medical specialist are not

available or out of reach of the people can be a good facilitation and economical for the

people of remote areas. BANs use special purpose biosensors designed to cope with all

dimensions of human body’s sensitivity i.e. pulse, heat, blood pressure, sudden

reactions etc. Sensors designing, development then deployment should be given prime

attention and special features should be added. Tiny, lightweight, wearable, stitchable

and cheap sensors are required to be well equipped with cost effective security for all

health care systems. As data in BANs is communicated over wireless channels, so we

need to take strong security measures and ensure secure transmission of critical health

status information. Security measurements are essentials for BANs as it has distinct

framework than that of implemented for WSNs which are not feasible for BANs.

Serious security challenges like eavesdropping, data modification, impersonation,

replay of data, denial of service may be faced as highly sensitive natured data is

transmitted amongst biosensor nodes. BANs security and information protection has

not been investigated properly in depth before, so it opens a gate for researchers and

provides opportunity of research in this area. In comparison with Generic WSNs, BANs

require such security solutions that would provide high security with minimum

computational cost and communication overhead. The existing

frameworks/techniques/schemes presented in the literature for the secure

communication of health status information in BANs either prone to attacks or

inefficient with respect to cost and overhead. For any secure framework, Key

Management plays pivotal role in the security of communication of information. In key

agreement, either only symmetric key techniques is applied where problems of security

and scalability occur or only public key techniques is applied where high cost is the

4

prime issue. The hybrid approach, which combines both of the techniques but have still

the issues of cost and security. In biometric-based security frameworks for agreeing

upon a common key, the entire feature set is exchanged. This exchanging makes these

perilous for the dissemination of patient personal information, as the information is

transmitted over a vulnerable wireless channel. In TinySec, if key materials revealed

upon compromise of biosensor node due to lack of node capture protection the whole

network is compromised. Hardware based security schemes suffer with shortcoming as

it leads to platform dependency and not all biosensor nodes present hardware-based

security. Even though several variations of ECC based frame works has been proposed

but still needs improvement in the way implemented in BANs and as well not

economical as that of required for the system. IEEE 802.15.6 standard (“Association,

T.I.S.: IEEE P802.15.6-2012 Standard for Wireless Body Area Networks.

http://standards.ieee.org/findstds/standard/802.15.6-2012.html,” n.d.) specifically

developed for BANs consists of three levels of security between sensor nodes and BS.

The security services concentrate on key generation and key distribution along with

message authentication using Diffie–Hellman key exchange technique but faces security

issues and high cost that need to be rectified. Similarly, the schemes(D He, Chan, &

Tang, 2014),(Drira, Renault, & Zeghlache, 2012),(Y. S. Lee, Alasaarela, & Lee, 2014) fail

in providing the reasonable trade-off between security and cost.

The physical security of patients and biosensors is also an important issue needed to be

properly addressed. Mostly solutions offer continuous transmission of health status

information which are very costly and health status should only be disseminated if the

nature of the sensed information is critical and require immediate medical response.

Therefore, the research gaps identified need to be filled by designing a secure and cost

efficient framework for the resource constrained environment of BANs which should

not only address the security problem but should also address the issue of high

computation and communication cost identified in the preceding schemes.

5

1.2 Research Problem

Secure and authentic communication of critical health status data between patients and

medical officers is the addressable key issue in the vulnerable and resources constraint

environment of BANs. Therefore, a secure and cost efficient framework is unavoidable

to be designed in the way to cope with security issues of BANs, along with minimal cost

and overhead affordable by the tiny biosensor nodes. Minimal computation and

communication cost and high security are the major concern of our work.

1.3 Research Questions

Communicating patient’s data over unreliable wireless channels is always a security

risk that needs to be rectified in form of designing cost efficient and secure BANs

framework as no proper framework for Body Area Networks has been yet developed

which could provide the entire system with several addressable dimensions of

appropriate security, cost and overhead for the dissemination of health status

information. The design of an efficient and secure framework for BANs is unavoidable.

The key agreement plays an important role in the secure transmission of information. In

this connection the relevant literature is reviewed and the following research gaps have

been identified and are presented here in the form of research questions.

How to design lightweight authentication and key agreement scheme for BANs?

How to design authenticated key agreement for secure BANs based on hybrid

cryptosystem?

How to design a signcryption based key agreement and cluster head selection for

BANs?

How to design efficient key agreement for BANs based on hyper elliptic curves?

How to design a novel key agreement scheme for BANs based on hyper elliptic

curves signcryption?

1.4 Proposed Solution

We propose an efficient and secure framework for BANs consisting five schemes to fill

the research gaps identified in the relevant literature and appropriately address the

6

mentioned research problem. We will focus on the key issues of BANs security and

performance. We will add more security features to improve the security and minimize

the computational cost and communication cost/overhead. This will make our solution

secure and light weight. Apart from it, we will disseminate only critical data of a patient

instead of continues sensed data to decrease the overall overhead of the network.

Patient Sensor Tracking (PST) feature of our framework will enhance physical security

of the network.

The proposed solution incorporates five schemes that will be compared with

existing schemes on the basis of cost and security parameters. In first, a

lightweight secure authentication and key agreement scheme for BANs where

we use encrypted for secure node authentication and key agreement, a

shortened form of hash “compressed hash ( ) “is used for the integrity of

critical data. Updating round wise session keys maintain forward and backward

secrecy.

In second, the proposed hybrid authenticated key agreement scheme for SBANs

is based on symmetric and elliptic curve cryptography that combines both the

best features of symmetric and asymmetric key cryptography. In this scheme,

dissemination of critical information from sensor nodes to base station is

performed through cluster head.

In third, signcryption based key agreement and cluster head selection for BANs,

the session key and cluster head selection is performed in a single step. The

cluster head rotation phase balances the energy level of the nodes in the entire

network.

In fourth, an efficient key agreement scheme based on hyper elliptic curve

cryptosystem for the secure transmission of patient health status data to the

intended medical specialist. This scheme is lightweight as compare to other

schemes due to the shorter parameters of .

In fifth the proposed novel key agreement scheme based on signcryption

best fit for inter secure communication in the resource constraint environment of

7

BANs. Shorter key size, low communication and storage overhead with

promising efficiency and security make this scheme superior over other schemes.

Similarly, avoidance of unnecessary use of cluster head in a ward decreases one

hop that reduces the overall overhead of BANs.

All of the five schemes of the proposed framework offer improved security and

minimal cost as compare to the existing schemes shown the tables and graphs.

8

Proposed Framework Overview

9

1.5 Research Objectives

The deliverable of this dissertation is the design of secure and cost efficient framework

for secure and authentic communication of critical health status data between patients

and medical officers in the vulnerable and resource constraint environment of body

area networks in such a way to cope with security issues of the networks with minimal

cost and overhead appropriate for the tiny biosensor nodes.

1.6 Research Scope

The scope of this research dissertation is limited to the design of efficient and secure

framework for Body Area Networks to disseminate secure and authentic critical health

status information of patients to the medical officers with minimal cost and protection

from possible attacks of the miss users.

1.7 Thesis Organization

Chapter 1 consists of introduction, motivation, research problem, proposed solution

and objective. Chapter 2 provides background study and detailed literature reviewed.

Chapter 3 consists of material and methods, basic formal models, security parameters

and cost analysis parameter. Chapter 4 consists of proposed solution result and

discussion. Chapter 5 concludes the thesis and presents some possible future directions

10

Chapter 02

BACKGROUND STUDY

2. Introduction

Background study consists on the basic concepts of BANs, its infrastructure,

applications, laws, data rates, security methods in BANs standards, requirement of

economical health solutions and related work.

2.1 BANs Basic Architecture

Sensors deployed on human body collect sensed data, process sensed data,

communicate it with each other or directly transmit information to Base Station (BS).

Base station consists of processor units, high memory with computational power; used

to connect all sensors deployed on body and interact with external nets. External net

composed of medical servers where patient data is stored and other emergency

response services. Medical doctors/physicians access the servers for generating medical

reports of the patients as and when required.

Common architecture of a BAN as:

Biosensor Nodes

Base Station

Medical Server

2.1.1 Biosensor Nodes

Biosensors are small, low power and light weighted devices, which are deployed and or

implanted in the human body to sense physiological status of human vital organs.

Biosensors are directly connected to the BS. In addition, base station is connected to the

medical server. Sensors are able to sense data, process data and transfer data to the

medical server for diagnoses, analysis and emergency medical response. Sensor

hardware contains tiny processor, small size memory, power unit, and transceiver.

Most widely used sensor motes in sensor networks are given in the following table with

11

their specifications. The tiny low-power wireless biosensor nodes are used in BANs to

gather health status biomedical information for numerous applications in medical

centers, homes, and work places (Zhen, Kohno, & Li, 2007), (Otto & Milenkovic, 2006),

(Seyedi, Kibret, Lai, & Faulkner, 2013), (Latré, Braem, Moerman, Blondia, & Demeester,

2011).

2.1.2 Base Station

Base station (also called gateway) can be a smart phone, access point, computer, or PDA

and have no constraint of resource such as memory, processing power and energy. BS

collects medical data from biosensors and sends it to medical server for diagnoses and

analysis. Medical officer checks the database of patient in medical server and performs

immediate action on the spot. The hardware component of a BS is memory, power unit,

and transceiver. BS is also called body gateway, Body Control Unit (BCU).

2.1.3 Medical Server

Medical server is a database that stores medical records of patients. The health status

information sensed by the biosensors are transmitted to medical server via BS for

analysis. The medical officers respond the patient on the basis of the medical record

received from the server. This record can also be used for future reference.

12

Fig.2. 1. Data flow in BANs

2.2 Three Tiers Communication Architecture of BANs

The three tiers communication architecture of BANs is as:

Tier-1: Intra-BAN, Tier-2: Inter-BAN and Tier-3: Beyond-BAN

Fig.2. 2. Three Tiers Communication Architecture of BANs

13

In Fig.2.2 all BANs devices are spread over the body in a centralized manner, however

the exact setting is application specific (Domenicali & Benedetto, 2007).

2.2.1 Tier-1 Communication

Tier-1 illustrates the network connectivity of biosensor nodes and the communication

range within a BAN, between the BANs and its other tiers. In Tier-1, variable biosensors

are used to transmit the sensed body data to personnel server in Tier-1 and then

transmitted to access point located in Tier-2.


The prime aim of Tier-2 is the interconnection of BANs with cellular networks or

internet accessible by the intended user (M. Chen et al., 2011).


This communication is designed for Metropolitan Area Network, WAN and Internet.

Gateway/BS is used to bridge the connection with Tier-2 (Latré et al., 2011).In this tier

medical servers are used for recording medical history and intimation to the doctors on

his smart phone about the emergency treatment.

2.10 Different Forms of Sensors

Various frame works are proposed for wireless sensor networks in health care. There

are variety of architectures and models being proposed for WSN implementation in

healthcare. The scheme proposed in (D He et al., 2014) is for achieving secure

transmission of data and access control for medical sensor networks. The framework

(Misra & Islam, 2014) focuses the transmission challenges of nano networks and

proposed an architecture of green body area networks. Different types of biosensor

nodes can be deployed depending on the nature of application these can be in wearable

form, implanted form and emplaced form.

2.10.1 Wearable Form

1. Pulse Oximeter: This wearable biosensor in the form of a ring is applied for the

measurement of the saturation level of oxygen in blood. A wearable PPG

14

(photoplethysmographic) biosensor in the form of a ring has been developed. The pulse

oximeter designed in (Crosby, Ghosh, Murimi, & Chin, 2012)(Shnayder, Chen, Lorincz,

Jones, & Welsh, 2005) (Darwish & Hassanien, 2011) integrates micro power oximeter

with biosensor platform Micaz or Mica2.

2. ECG (Electrocardiography): This sensor is utilized for the diagnosis of heart

abnormalities and reporting. The ECG sensor use two electrodes for producing ECG

signal and is supported by platform of Mica2.

3. Smart Shirt : Smart shirt is designed to monitor different activities of body include

capturing and forwarded to ad hoc network through 802.15.4 standard(Varshney, 2007).

4. Wrist Watch : A wrist watch monitors blood pressure, temperature, pulse rate .It has

8MHz processor, 10KB RAM, radio transmission range 100m using Zigbee (Welsh &

Berkeley, 2005)

2.10.2 Implantable Form

1. Glucose Monitoring: Glucose Monitoring is an implantable biosensor covered in

abdomen multilayered membrane of the subcutaneous tissue. It records glucoses level

every 30 seconds and transmit the recorded data every five minutes.

2. Neural Stimulators: Neural stimulators are used for the treatment of Parkinson’s

disease, epilepsy and chronic pain by passing the electrical impulses to spinal cord or

brain(Ko, Lu, & Srivastava, 2010).

3. Artificial Retina: The artificial retina with retina prosthesis chips implanted in human

eyes for the patients visually impaired or with no vision, which make the patient to see

at a reasonable level.

4. Swallowable pills: BANs based swallowable capsule pills for inner examination with

good quality of video and energy efficiency(Wang, Wang, & Zhao, 2014).

2.10.3 Emplaced Form

1. Smart chair: This sensor detects and measures the heart rate and produce cardiac

outputs with interface to body networks. It also senses the environment for monitoring

15

humidity, temperature motion and sound. Seamlessly, manages data reports and the

presence of patient.

2. Pressure sensitive bed: Physical recovery of patients after surgery is unavoidable

process. The designed framework in form of pressure bed for monitoring physical

therapy and evaluation of required patient exercise is analyzed.

3. Motion sensors: This low cast sensor interfaced with MicaZ node forward the

processed and track the human in rooms of the smart hospital by wireless network.

Diagnostic starts with a simple button and LED interface(Virone, Wood, & Selavo,

2006).

2.3 Requirement of Economical Health Solutions

Three major challenges due to population growth are raised in health care costs, rise in

life expectancy that leads to aging population and baby boomers demographic peak

(Zimmerman & Benton, 1995) (J. Liu et al., 2014). Life expectancy in Australia and USA

has risen from 1960 to 2010, 70.8 years to 81.7 years in 2010 and 69.8 to 78.2 years

respectively with average increase 13.5%1. Pyramid in Fig. 2.3 shows that in 2050 the

number of people ranging from 60 to 80 years old is estimated to be almost double than

the year 2000. This increase will overburden health care system and can become an

unavoidable threat to US economy and health care expenditures could reach 20% of the

GDP in 2022.The significant increase is noted in health care expenditures as in 1980

from 5 billion to 1.85 trillion in 2004 and $4 trillion in 2015.These statistics and drastic

raise in health care expenditures attracted the researchers, economists, industrialists to

propose economical and scalable health care solutions(Movassaghi et al., 2014).Heart

disease is the prime reason of death in Europe and US since 1900.Twenty two million

people are affected in the world, one million in US and 10 million in Europe(Cleland et

al., 2003) (Disease, Every, & News, 2015) (“Heart Failure Fact Sheet|Data &

Statistics|DHDSP|CDC,” n.d.).The increase is expected to be triple by 2020. The ratio is

39% in UK and 17% in south Korea(Sana Ullah et al., 2009) (Borger et al., 2006).

16

2.4 Infrastructure-based architecture

This facilitates the dynamic deployment architecture in a limited space like a medical

center with centralized security control.

2.5 Adhoc- based Architecture

This setup consists on multiple APs for transmitting information inside the medical

centre in mesh form. It provides larger radio coverage, easily expandable and support

patient mobility due to multi-hop dissemination. It supports up to 100 meters range of

communication (M. Chen et al., 2011).

2.6 BANs Laws

The privacy of sensitive health status information is mandatory and countries like USA,

Europe and China have passed law and access to these sensitive information are

protected by law, HIPAA(Health Information and Portability Accountability Act) USA

(Hash et al., 2005), 2002/58/EC the European Union Directive in Europe(Parliament.,

n.d.), China Medical Practitioners Law(H. Cam, S. Ozdemir, P. Nair, 1999). We propose

the likewise Law/Act should be passed in Pakistan for keeping the privacy of sensitive

health status information of patients to block the illegal access to such information.

2.7 BANs Applications

The BANs applications are categorized as medical and non-medical (Kwak, Ullah, &

Ullah, 2010). The prime application of BANs appears in the health care domain where

vital parameters or physiological status of patients is continuously monitored and

recorded for the patients affected by chronic diseases like heart attacks, asthma and

diabetes. The vital information sensed by the sensor is forwarded to monitoring units

for analysis. The BAN wirelessly transmits alerts about the changes in the vital signs of

patient before occurrence of heart attack for delay less remedial measurements by the

medical doctors. Similarly, the auto injection of insulin upon the decreasing level of

insulin through a pump in diabetic patients is useful application of BANs. In any critical

17

situation of a patient, the corresponding medical specialist is alarmed for immediate

medical response.

As medical domain is the major application of the BANs where the vital signs as blood

pressure, heart rate, ECG, EEG, respiratory rate and temperature are measured through

by body sensors and forwarded to the relevant persons for the analysis table 2.1 shows

the details. The use of medical technology will not only speedup the patients care and

cure but will also reduce the treatment errors and decrease in workload(Healey &

Picard, 2005)(Kurs, Karalis, Moffatt, & Joannopoulos, 2007). Various new BANs

applications like Emergency Medical Response Centers (EMRC) where short term

BANs medical units can be deployed at disaster points for transmitting the status of

injured people to remote care centers well in time to save the life, UHM, Computer

Assisted Rehabilitation (CAR) and promotion of healthy living style. In UHM the BANs

free patients from the frequent hospitals visits and reduce the dependency on the

specialist medical doctors in health care and cure. The cost effective health care and

cure centers are required to be developed and especially for the countries where

shortage of medical centers and specialist doctors is at peak (M. Chen et al., 2011).

BANs have also its importance in the non-medical applications like sports, military and

social networking. For example, in sports BAN collect body movements’ coordinates of

different organs and transmit for the analysis of referees. In military, the vital organs

can be tested during test flights of the trainee pilots and the recorded body information

are transmitted to earth base station for record and decision-making. In social network,

business card or digital profile can be exchanged just by handshaking. Comprehensive

applications shown in table 2.1 (Latré et al., 2011).

Table 2. 1 Applications

Type of Sensor Medical Condition Descriptions

Accelerometer/gyroscope Muscular atrophy Faculty postures and movements

Blood Pressure Diabetes Blood glucose levels post perfume an fasting

Blood Pressure Cardiac, hypertension Non invasive systolic, diastolic and various pressure

CO2 gas sensor Pulmonary, Asthma Carbon dioxide and oxygen content in the blood

18

ECG sensor Cardiac arrhythmias and other abnormalities

Electrical activity of the heart

EEG sensor Neurological Electrical activity of the brain

EMG sensor Neuromuscular abnormalities

Electrical activity in response to a nerve’s stimulation of the muscle

Pulse Oximetry Cyanosis Oxygen delivery to the peripheral tissues

Retinal Sensor Ophthalmological problems Chemical, nerve, cell level observation

Cochlear Sensors Ear disorders Ear effusions and perfusions

Endoscope: 1 Mbps Gastric abnormalities Ulcers in the gastric pathway

The implementation of BANs becomes a primary need of our country which will not

only speed up the care and cure of patients but will positively contribute to the

economy of the country. Similarly, establishment of remote patient care and cure ‘BANs

medical units’ where the medical specialist are not available or out of reach of the

people can be a good facilitation and cheap treatment solution for the people of remote

areas.

2.8 Data Rates and Power Requirements

The limited power supply is the countable constraint towards the BANs. Fig. 2.3 depicts

the BANs comparison with other technologies with respect to data rats and requirement

of power. The data transmission rate of sensor nodes in BANs is 1Kbps to 100 Mbps

(Dong & Smith, 2012). The data rates and power requirements vary in body area

networks while using different technologies as shown in fig.

19

Fig.2. 3. Power Requirements and Data Rates in BANs

2.9 Security Methods in BANs Standards

The developers presented four communication standards for wireless sensor

networks(Staderini, 2002)(X. Zhao, Fei, & Doarn, 2004)(Wheeler, 2007) Bluetooth

(802.15.1) (“IEEE Std 802.11-2012 (Revision of IEEE Std 802.11-,” 2012), UWB(802.15.3)

(“IEEE Std 802.15.3c-2009 (Amendment to IEEE Std 802,” 2009), Zigbee

(802.15.4)(“Approved IEEE Draft Revision for IEEE Standard for Information

Technology-Telecommunications and Information Exchange Between Systems-Local

and Metropolitan Area Networks-Specific Requirements-Part 15.4B: Wireless Medium

Access Control (MAC) and Physical ,” 2006) and specific BAN standard(802.15.6).

Security issues of these standards are highlighted one by one.

2.9.1 Bluetooth 802.15.1 Security

In this standard, the security of the link layer is maintained by various entities as: a

random number, a unique public address for each user and two secret keys. The link

key or initialization key is used at the time of initialization in case unit keys are not

defined and exchanged or in case of lost of link key. The function of the initialization

key is to protect the transfer of initialization parameters. Random number and PIN code

or the unique public address is used for key derivation. Generating the initialization key

20

using fixed PIN code has the limitation and can be easily attacked by brute force attack

and all body sensors in BANs don’t have interface to enter code and is impractical. This

solution is not feasible for BANs.

2.9.2 UWB 802.15.3 Security

Ultra Wide Band (UWB) provides no security or strong cryptographic techniques for

the communication of information. No security means that device works without any

cryptographic functions on MAC frames. Device operating in secure mode use

symmetric cryptography to protect frames. AES 128 bit is applied to secure data frames,

beacon and command. Replay attack on old data is blocked by including strict

increasing time token in the beacon. A device rejects a received beacon if the token time

is not matched. The limitation of UWB standard is lack of details for non-repudiation

and authentication.

2.9.3 Zigbee 802.15.4 Security

Symmetric key cryptography technique is used in (“Approved IEEE Draft Revision for

IEEE Standard for Information Technology-Telecommunications and Information

Exchange Between Systems-Local and Metropolitan Area Networks-Specific

Requirements-Part 15.4B: Wireless Medium Access Control (MAC) and Physical ,” 2006)

Zigbee comprised on eight security levels. In symmetric cryptographic mechanisms of

Zigbee two most important aspects of key generation and distribution are not

considered. It strongly relies on the selection of security attributes.

2.9.4 IEEE 802.15.6 Security

The BANs researcher use upper mentioned these standards frequently but they are not

suitable for BANs due to not keeping fully under consideration the resource constraints

and requirement of security. Keeping in view the resource constraint of BANs the task

group 6 (TG6) developed 802.15.6 specifically for BANs. It can be used both for medical

and non-medical applications (S. F. Qadri, Awan, Amjad, Anwar, & Shehzad, 2013),

after the draft IEEE 802.15----006 (“IEEE Standards Association - Documents,” n.d.)

mentioning three levels of security between sensor nodes and BS. These levels include

21

unsecured level, authentication level and authentication and encryption levels. The

security services concentrate on key generation, key distribution along with message

authentication. Diffie –Hellman key technique is used for the generation and

distribution of keys, MAC for message authentication and AES for ciphering.

Table 2. 2 Protocol Security Comparison

Protocol Confidentiality Integrity Non-repudiation Authentication Authorization

Bluetooth Yes No No Yes No

Zigbee Yes No No Yes No

TG6 Yes Yes No Yes No

Discussion: the security technique in the first three standards did not fully meet the

BANs requirement and the TG 6 has fulfilled the security requirement to some extent

while keeping the resource constraint of BANs. But still didn’t address all the security

requirement and the threats are not fully resolved as shown in table (S. Qadri, Awan,

Amjad, Anwar, & Shehzad, 2013)

2.11 Related Work

This literature review presents the thematic review of key management techniques in

Wireless Body Area Networks. Although a number of security approaches have been

proposed for WSNs and MANETs as(Du, 2005)(W. He, Huang, Sathyam, Nahrstedt, &

Lee, 2009)(S. Zhao, Aggarwal, Frost, & Bai, 2012) but these approaches can’t be applied

directly to the BANs due to the operational and security challenges of the WBANs.

Body sensors have its unique limitations than that of other wireless network,

particularly limitation of processing, memory, battery power and short range of

transmission. In (Du, 2005)random key solution is a prominent class of key agreement

WSNs protocols. Each sensor node shares at minimum one key with its neighbor

referred as key- sharing probability. Similarly, a number of keys are exchange to

establish pair wise key between sensors. This solution has a large number of keys each

sensor has to preload which leads to penalty of high cost and overhead definitely

infeasible for resources constraint BANs. Similarly (W. He et al., 2009) a self-contained

22

public key infrastructure (PKI) and in (S. Zhao et al., 2012) a special case of PKI, identity

based cryptography solution is proposed to overcome the weakness’ of PKI for the ad

hoc networks. However, these schemes are bulky and vulnerable to Denial of Service

(DoS) attacks. A non-cryptographic solution BANA(L. Shi, Li, Yu, & Yuan, 2013) for

sensors authentication has been proposed where RSS is used to identify legal and illegal

sensor nodes. While being non-cryptographic approach as off body attacker can easily

forge in to network by creating a perfect channel. A need of lightweight authenticated

cryptography solution is demanding to block such type of attacks and provide security

to BANs. In (Selimis et al., 2011) a hardware based design solution is proposed for the

security of BANs where light weight micro-controller is used to save energy. Patients’

data is communicated using TDMA-MAC in system layout. This approach is evaluated

on the basis of energy overhead. This hardware base solution could be expensive and

the issue of energy overhead can be tackled by efficient cryptographic technique. The

proposed scheme (T. F. Lee & Liu, 2013)using password based smart card authenticated

key agreement for telecare medicine but its design shortcoming identified by (A. K. Das

& Bruhadeshwar, 2013) is password and authentication change phase. In (Daojing He,

Chan, Zhang, & Yang, 2014) packets received by each sensor is decrypted and hash is

applied that leads to clear increase in computation cost. All propose security schemes

are analyzed and it was felt that still there is gap which could be filled by introducing a

novel framework fulfilling the design requirement of the resources constraint tiny body

sensors along with addressing security parameters and resistant to adversaries attacks.

A review of the state of the art in different security schemes like Biometric, TinySec,

IEEE 802.15.4 Security, ZigBee Security Services, Hardware Encryption, Elliptic Curve

Cryptography, Identity-Based Encryption has been made.

2.11.1 Symmetric Key Agreement

In Symmetric key agreement, a common secret key is shared between two parties both

for encryption and decryption of patient physiological status information while at the

other hand asymmetric or public key cryptographic techniques use two keys for the

23

same purpose instead of one common secret key. Symmetric technique is preferred due

to its cost effectiveness but key exchange between nodes is addressable issue.

Asymmetric technique addresses the issue of secret key exchange but on the price of

high cost. AES (Information, 2001), DES are the most popular symmetric cryptosystems

(Grabbe, 1992). Eight distinct security suites (Sastry & Wagner, 2004) which can be

implanted under IEEE 802.15.4 standard can be classified into two modes called

unsecure and secure modes. In unsecure mode security suit is selected. Further, these

security suits are classified on the basis of security properties of each suit. (AES-CTR)

provides only confidentiality, (AES-CBC-MAC) provides authentication, (AES-CCM)

provides confidentiality and authentication. AES (Information, 2001) consumes less

energy as compare to other techniques. CBC-MAC details can be found in (Garnaut,

2012). A hardware based encryption techniques ChipCon 2420 is proposed instead of

tinysec software encryption technique with zigbee compliant RF transceiver. This

hardware based CC2420 executes security operation of IEEE 802.15.4 with AES

encryption using 128 bits key.

Hardware based encryption has been implemented in a project WBAN using Zigbee

platform off- the- shelf (Warren et al., 2005). A comprehensive study (Khan, 2009)

highlight the project including mobihealth, code blue for patient monitoring in a

hospital set up. These BSN techniques offer unobtrusive patient health monitoring and

communicate status updates to the center. AES is applied for maintaining security. In

this paper different security systems have been discussed and the security issues have

been highlighted and no new security framework is proposed. The SPINS protocol suit

(Perring et al., 2002) developed earlier using symmetric cryptography that offers

authentication and confidentiality. This suit consists of two protocols, μTESLA for

broadcast authentication and SNEP for authentication confidentiality. These are generic

schemes and the BAN security requirements are not specifically addressed.

Conventional public key cryptography is not feasible for the resources constraint

environments of BANs.

24

ALARM-NET developed for the pervasive and adaptive assisted-living community

healthcare (Wood, Virone, Doan, & Cao, 2006) . AES symmetric cipher is used for the

encryption of patient data to be transmitted. This paper focuses on content aware

privacy, IP network security and power management. A link layer suit of tiny OS is

used for the security of sensor data. This paper has ignored key management and the

possible attacks of the BANs. The IM3 project designed for the patients care includes

BAN, back- end server and external network (Singelée, Latré, & Braem, 2008). Each

BAN transmits patient data to base station. The base station forwards this data to

medical server through external network. In this paper, secure routing and CICADA

protocol is focused. AES cipher is used for encrypting the sensor data using

authenticated mode GCM or CCM for both authentication and confidentiality. The

technique suggested is heavy on the sensors with respect to computation, thus low cost

technique is required. In large scale sensor networks pre-shared symmetric key schemes

are used (D. Liu, Ning, & Li, 2005)(Eschenauer & Gligor, 2002). A common secret key is

derived using pre-loaded shared key. The exact sensor should be associated with

patient due to wireless range overlapping. Extensive computation is required on

replacing of the group key upon changing of the membership.

2.11.2 Asymmetric Key Agreement

Asymmetric or public key cryptosystem use two keys i.e. (private and public) for both

encryption and decryption. The pair of keys initially assigned to the communicating

nodes by CA. If a node wishes to communicate with any other node in the network first

consult public directory to get public key of the target node, upon receiving the data, it

decrypts the data with its private key which is the sole property of this node and not

accessible by any other node in the network. Asymmetric key management solves the

problem of secure key distribution as is identified in the symmetric cryptosystem but

with the tradeoff of cost. Asymmetric cryptosystem include Diffie-Hellman, RSA, ECC,

IBE, and HECC. ECC is a feasible option for public cryptography in WSNs. The

prominent reason behind its comparison with other asymmetric cryptosystems is small

25

key size, fast communication and compact signature that are suitable for the resource

constraint environment. Several ECC base contributions have been presented for WSNs.

The proposed scheme MAACE (Le, Khalid, Sankar, & Lee, 2011) designed for health

care WSNs. this is an ECC based scheme which provides access control and mutual

authentication to medical experts for BSNs. This is a three-layered scheme compressing

of (SN) sensor to network layer, (CN) coordination network layer and (DA) data access

layer. CN (cell phone etc) receives data from SN and then forward it to DA. The plus

point of this scheme is that it can block some real time attacks like DOS attacks but still

suffers with security flaw of patient privacy of data. As is (D. J. Malan, Welsh, & Smith,

2004) where ECC was implemented on Mica2 sensor mote with the support of TinyOS.

Similarly in (Uhsadel, Poschmann, & Paar, 2007) an efficient implementation of ECC is

proposed. In (A. Liu & Ning, 2008) another variation of ECC called TinyECC is

proposed for WSNs. Its main objective was to introduce ECC based PKC software

package for WSNs applications. The proposed technique NanoECC (Szczechowiak,

Oliveira, & Scott, 2008) is faster than ECC but required large size of ROM and RAM.

Although different variation of ECC base cryptosystems have been presented but still is

not feasible for BANs as it is used and energy efficiency is not as that of symmetric

system and improvement is needed. IBE security solution (Oliveira, Dahab, Lopez,

Daguano, & Loureiro, 2007) proposed for WSNs. In (William, Tan, & Wang, 2008) IBE

solution for BANs where nodes computes public keys using hash function on an

arbitrary number of application based self generated flash memory is used for storage

of keys and keys are applied for ECC encryption/decryption using ECDSA. The

demerits of this scheme are high computation cost, high energy overhead due to higher

processing time and increased storage overhead due to higher storage requirement

using flash ROM. Identity based key management technique (Sankaran, Husain, &

Sridhar, 2009) IDKEYMAN for BANs has been proposed. The design of the proposed

scheme is based on publisher subscriber architecture in the same way of CodeBlue (D.

Malan, Fulford-Jones, Welsh, & Moulton, 2004). To preserve data confidentiality and

integrity pair-wise symmetric keys are setup. Publisher and subscriber exchange pair-

26

wise symmetric keys using IBE. Symmetric keys are applied for all subsequent

communication to reduce computation cost. IDKEYMAN gets the advantage of the

security strength of asymmetric cryptosystem with minimization of energy overhead by

taking the advantage of IBE in the bootstrapping phase. In scheme (Singh &

Muthukkumarasamy, 2011) the proposed scheme is based on authenticated and shared

group key for multiple devices. They proposed RSA algorithms that may not be a

suitable choice for the key establishment due to its large key size. Although ECC has

been successfully implemented in several variations, it is still not a top choice for BAN.

This is because its energy requirements are still significantly higher than symmetric

systems. This being the case, others have proposed that ECC be implemented only for

infrequent and security-sensitive operations such as key establishment during the initial

setup of the network or code updates. In line with this thinking, Malasri et al. (Malasri

& Wang, 2007) proposed a solution for medical sensor networks that uses: (i) an ECC-

based secure key exchange protocol to set up shared keys between sensor nodes and

base stations, (ii) symmetric encryption and decryption for protecting data

confidentiality and integrity, and (iii) an authentication scheme for verifying data

source.

2.11.3 Biometric Key Agreement

The schemes based on biometric solutions use bio channels for key distribution. All

body sensors are interconnected through bio channels and are used for keys exchange.

Out of these channels, any bio channel can be borrowed for key agreement. Several

schemes use biometrics for generating keys.

In scheme inter sensor data communication of BANs (Cherukuri, Venkatasubramanian,

& Gupta, 2003). In scheme (K.K. Venkatasubramanian, Venkatasubramanian, Banerjee,

& Gupta, 2008)(Krishna K. Venkatasubramanian & Gupta, 2010)(Ali & Khan, 2010) EKG

is used physiological measure for generating cryptographic keys for inter sensor secure

data transmission. Similarly in (Irum, Ali, Khan, & Abbas, 2013) the security of intra-

BAN communication is maintained by generating cryptographic key using EKG. The

27

EKG values of human body (Pdf et al., 2013) are used for generating cryptographic keys

to secure cluster formation process and intra-BAN communication. EKG values are

calculated first by the communicating sensors that exchange these values for the

generation of common secret keys. The authors of (Jinyang Shi, Lam, Gu, Li, & Chung,

2011) obtain common key for patient data communication by using set reconciliation on

ordered set representation of EKG data. The same concept of set reconciliation is

represented in (J Shi, Lam, Gu, & Li, 2010) for unordered set of biometric values. To

avoid synchronization problem the set is divided into time slots. The schemes (Sastry &

Wagner, 2004) (Garnaut, 2012) which are based on set reconciliation don’t use peak

values in the EKG signals and use the whole EKG signal which results in reducing the

randomization of the generated key.

The merit of using biometrics for generating cryptographic keys includes time variation.

The keys generated through time variant values are extremely random (Krishna K.

Venkatasubramanian & Gupta, 2010) (Ali & Khan, 2010)(Orlitsky, 1991). Biometric

based schemes suffer with the problem of random keys generation using biometric

system and the reason is the dynamicity of multiple nodes. The biometric key exchange

technique for BSN secure communication between body sensors and BS (G. Wu, Yao,

Liu, Yao, & Wang, 2011) use ECG signals for generating keys before to transmit

physiological status data to the external network. This scheme satisfies basic security

parameters but its main limitation is that obtaining exactly the same random signal

from two biological signals is very difficult.

According to (Ruhul Amin & Biswas, 2015) many other biometric based authentication

and key agreement techniques(Ruhul Amin, 2013) (R Amin, Maitra, & Giri, 2013)

(Ruhul Amin, Bengal-, & Rana, 2013) (Bhargav-Spantzel et al., 2007) (AK Das &

Goswami, 2013) (A. Das, 2011) (A. Das, 2011) (Islam & Biswas, 2011) (Khan, Kumari, &

Gupta, 2014) (Khan & Zhang, 2007) (Kumar, Gupta, & Kumari, 2011) (S Kumari &

Gupta, 2014) (Saru Kumari, Khan, & Kumar, 2013) (S Kumari & Khan, 2014b) (S Kumari

& Khan, 2014a) (Saru Kumari, Khan, & Li, 2014) (S Kumari, Khan, Li, & Wu, 2014) (C.-T.

28

Li & Hwang, 2010) (X. Li, Niu, Ma, Wang, & Liu, 2011) have been proposed but still

have security loopholes. The author of (Ruhul Amin & Biswas, 2015) presented a novel

architecture and user authentication with key agreement scheme for accessing multi

medical server. Formal and informal security analysis is done. However this technique

satisfies the basic security parameters but is complicated and need to be reduced. The

scheme (Guo & Chang, 2013) consists of four phases that includes parameter

generation, registration, password change and authentication phase. In this scheme, the

malicious server can determine the session key in advance due to violation of the

contributory property of key establishment. The scheme presentation (T.-F. Lee, 2013) is

based on chaotic maps. In this scheme, the session key is refined and does not need

symmetric encryption/decryption. Hence, the malicious user will not be able to

determine the key in advance. According to (Xu et al., 2013) a number of schemes (H.-

M. Chen, Lo, & Yeh, 2012)(Cao & Zhai, 2013)(Z. Y. Wu, Lee, Lai, Lee, & Chung,

2012)(Debiao, Jianhua, & Rui, 2011)(Wei, Hu, & Liu, 2012)(Zhu, 2012) (Jiang, Ma, Ma, &

Li, 2013)(Lin, 2013)(Xie, Zhang, & Dong, 2013) for telemedicine information systems

have been proposed for secure authentication and key establishment in last few years.

The scheme design in (Xu et al., 2013) is based on ECC and resists some common

attacks. The authors proposed PSKA mechanism in (Krishna K. Venkatasubramanian,

Banerjee, & Gupta, 2010) where the physiological signal capturing time is kept minimal.

In this scheme vault (Juels & Sudan, 2006) is used for the key establishment and vault is

locked and unlocked using physiological data. The limitation of the scheme is that the

contents of vault are not secure if a sensor node is stolen or lost. For Appling this

scheme physical security is mandatory.

The authors of (Challa, Çam, & Sikri, 2008)(Bao, Poon, Zhang, & Shen, 2008)(Ali, Irum,

Kausar, & Khan, 2013) rely on physiological signal of human body like blood flow,

heart rate interval and EEG to achieve a pair wise symmetric key for subsequent secure

communication of patients’ data. Here, they suppose that each body sensor measure the

same physical health parameter type. This assumption restricts these solutions to be not

feasible for many BAN applications. In (Ali et al., 2013), the authors have proposed the

29

application of HMAC-MD5 on ECG blocks to obtain the key agreement; however, MD5

is not suitable in collision resistance. Asymmetric cryptography approaches have been

proposed to assure the BANs security. In (Malasri & Wang, 2009) the authors have

proposed ECC based setup of keys between body sensors and the gateway. Block cipher

RC5 is proposed for the confidential flow and integrity of patients’ physiological data.

However, this approach is inefficient in computational cost and has delay problem due

to use of asymmetric cryptosystem. The (Malasri & Wang, 2009) reported the ECC

based key agreement that takes 7.198 seconds on a Tmote Sky mote which require

MSP430 16-bit, 8-MHz processor. Inter pulse interval or heart rate variance can be used

for generating random numbers the scheme which use these physiological values (K.K.

Venkatasubramanian & Gupta, 2006).The method for generating strong cryptographic

key takes about 1 minute as 67 quantized values measured from different parts of body

may have similarity.

2.11.4 Hybrid Key Agreement

Symmetric and asymmetric cryptosystems have their own merits and demerits.

Schneier says that symmetric cryptosystem is one thousand times faster than

asymmetric cryptosystem but secure key management is unavoidable problem as all

nodes share the same secret key. The asymmetric cryptosystem solve the secure key

management issue but suffers with high computation and communication cost. Hybrid

cryptographic system applies both the best properties of symmetric and asymmetric

cryptographic systems. In this technique random shared secret key is created as that in

symmetric system and then this secret key is encrypted using receiver’s public key as in

asymmetric cryptosystem. The symmetric algorithm and the secret key are used for

encrypting the message. The key along with message are sent to the receiver. The

receiver at the other hand decipher the key by it private key and then that key is used

for deciphering the message as like in Pretty Good Privacy approach. A hybrid scheme

(N. U. Amin, Asad, & Chaudhry, 2012) using ECC and symmetric cryptosystem is

proposed. This scheme reduces the computation cost, communication and storage

30

overhead. Hybrid scheme (Mehmood, Nizamuddin, Ashraf Ch., Nasar, & Ghani, 2012)

introduced for key agreement in BAN. This scheme use RSA and symmetric cipher.

RSA is expensive with respect to computation cost, communication overhead and

cannot be recommended for the resource constraint environment of BAN. Scheme

(Iqbal, Amin, Umar, & Waheed, n.d.) is based on ECC and symmetric cryptosystem

coupled with authentication. It provides node authentication but lacks massage

authentication. Hybrid key agreement technique (Eldefrawy, Khan, & Alghathbar, 2010)

based on RSA and DHECC ensure forward backward secrecy using rekeying which is

bit improvement in scalability and memory efficiency but still has gape of increased

cost with respect to computation, communication and memory overhead as it has six

major and expensive operations including two Modular Exponentiations (M-Exp) and

four Elliptic Curve Point scalar Multiplication (ECPM) which could be further reduced

for cost efficiency. Another hybrid key agreement model (Mehmood et al., 2012) using

symmetric cipher and RSA. Session key for patient data transmission is exchanged

through RSA and confidential data transmission i.e. (EEG, ECG and BP) is through AES

cipher. However, RSA is costly and not appropriate for the resource constraint

environment of WBAN. In this scheme, two expensive operations M-Exp are used.

Hybrid key agreement scheme (Iqbal, Amin, & Umar, 2013) provides authentication

and cluster head selection through rotation. This scheme is based on ECC and AES.

Secret key exchange is performed using ECC and confidential data transmission to the

MO, using AES. The cluster head selection and rotation leads to increased

communication cost and battery power consumption as each sensor node has to reach

to gateway through cluster head so one hop additional cost penalty occurs while

gateway can be reached directly in a ward by each sensor node of the BAN. The cluster

head selection, rotation and then receiving of patient data from each body sensor and

then transmitting the patient data of each sensor to gateway leads to increase cost.

The (Drira et al ) proposed designed scheme performs key updating by using hash

chain and symmetric crypto system for the secure transmission of physiological data of

patients from source to destination. Although authors claim this framework which is

31

using symmetric system suitable for low power biosensor nodes but hash chain and

costly operations leads to increase cost and affect the efficiency.

The (Lee et al) proposed hybrid mechanism use symmetric cryptosystem for bio sensor

nodes and Identity Based Encryption (IBE) for communicating patient vital signs

information between medical server and smart phone. Two techniques are presented to

authenticate and maintain group, pair wise keys amongst all tiers, and assign private

and public keys to smart phones. The scheme based on IBE relies on CA for the

generation of keys and prior trust among nodes is not required. If the KGC is

compromised then the whole network will be compromised and similarly upon

physical compromise of a BAN biosensor node, its prior secrets will be disclosed to the

miss users or adversaries. This technique suffers with high computation cost and

improvement in cost is required.

The ((Daojing et al 2014)) scheme uses symmetric cipher DES for confidential

transmission of patient data and ECC for key revocation, updating and distribution.

This scheme is somehow better but is expensive in computational cost due to two major

ECPM operation .The security enhancement is required

32

Chapter 03

MATERIALS AND METHODS

3. Introduction

This chapter is comprised of models, basic definitions, security features like

confidentiality, authenticity, integrity, unforgeability, non-repudiation and so on,

performance analysis like computational cost and communicational overhead required

to be used in the proposed framework.

3.1 Network Model

The proposed BANs architecture consists on biosensors, base station, medical server

and medical officer.

Biosensors are tiny disease focused biosensors, deployed on patient’s body, sense and

disseminate information wirelessly to the smart phone of medical specialist via BS and

MS for quick medical response. They are directly connected to the BS and accessible by

one or two hops at the distance of maximum up to 10 meters. The 802.15.6 standard is

adopted for the inter operation-ability of the BANs. The architecture is flexible and

adding or removing a node not affects the network structure.

33

Fig.3. 1. Network Model of BANs

3.2 Radio Model

Here we prefer first order radio model in our scheme to measure energy consuming in

transmitting patients physiological data over wireless channel in BANs where

denotes transmitted energy, denotes length of message and denotes communication

distance, equation (3.1) represents energy consumed during data transmission by the

body sensors.

Packet length and distance are directly proportional to power consumed by the

sensors i.e. in case of short distance low power consumption and more energy

consumption in case of long distance.

The following equation (3.2) represents the energy consumption in receiving patients

data by sensor nodes where ( ) denotes energy required, denotes length of packet

and denotes energy consumption per bit.

34

The distance in our scheme < so we use free space model = =10 pJ/bit/

denotes free space model amplifier energy factor.

3.3 Threat Modal

Vulnerable wireless communication of patient status information in BANs is threat full.

The adversary can easily target the patient’s physiological data for misuse. This is

important to make the network secure against expected threats. The model will have to

address all the important security parameters of integrity, confidentiality, authenticity,

scalability and forward/backward secrecy. Secure hybrid approach, for key agreement

and confidential session data transmission are used. Keys updating is the necessary part

of this model. This can avoid the adversary from guessing the actual session key using

old keys.

3.4 Threat Resistance Model

BAN intercommunicate the critical data of vital human organs sensed by biosensors. It

is essential to protect this physiological data from the adversaries and transmit it

securely to the corresponding MOs with possible minimal cost. Authentication of the

source biosensor nodes by the MS and key agreement can block the illegal node from

becoming part of BANs and guarantee secure transmission. Symmetric encryption of

data is the best choice to keep patients critical data confidential as compare to

asymmetric encryption which is costly for these resource constrained biosensor nodes.

Integrity of critical data is an integral part of this model because alteration in packet,

communicating to MOs via BS and MS may harm human life. Keys updating feature of

our model will eliminate the chance for adversary by replaying the captured data using

old keys. Keys updating will be performed round wise while round is a specific interval

of time. Physical security like tracking the presence of body sensors and body with in

the communication range of BANs is also important. To protect both entities

(sensor/patient) from physical attacks such as disconnection, stealing, harming body

sensors or dislocating patients.

35

3.5 Design Requirement

Delays less patient data delivery, security, and cost efficiency along with end-to-end

reliability are the prime requirement of patient health care applications.

3.5.1 Cost Efficiency

Resource constrained body sensors with low processing, storage capacity requires cost

efficient schemes with respect to its computational and communication cost.

Performance analysis is required to measure the efficiency of the proposed work using

analysis tools.

3.5.2 Analysis Tools

Let time complexity of the different operation are as: M- Exp(modular exponentiation),

ECPM (elliptic curve point multiplication), M-M(Modular Multiplication),P(Bilinear

Pairing operation) M-Inv(Modular Inversion), XOR(Bit wise XOR operation), and

hash(one way hash function) .

To get the cost of different operations simulated under a specific environment

(Windows CE, 5.2 OS over 32-bit, Inter(R) PXA270 624MHz processor and 128MB

memory). According to simulation results elliptic curve point multiplication evaluation

time 30.67 ms, a modular exponentiation 63.51 ms , bilinear pairing operation is 96.35

ms and one way hash operation processing time 14.62 ms for the same security level

of 1024 bit RSA algorithm. Furthermore some operations evaluation time is negligible

like XOR operation, point addition and string concatenation operation (Koblitz, 1989).

OriginPro 8 SRO V8.0725 (B725) is used for data analysis and Graphing Work Space.

3.5.3 Scalability

BAN should be enough scalable and entire scheme of the framework should not be

fractured by adding, replacing or removing of sensors if required.

36

3.5.4 Availability

Availability of timely patient status information to the MOs is mandatory; the attacker

may capture or disable a biosensor node, which may put a human life down to earth.

The best way to keep track of sensor nodes the BS can send ACK packet in some specific

time of interval to know status of BAN nodes.

3.5.5 Critical Data Dissemination

In our proposed schemes the biosensors only transmit the critical data rather than to

transmit continuous data which prolong the network life.

3.6 Security Requirement

Timely and secure delivery of patients’ physiological data to the intended recipient is

the major design requirement of the health care applications which include physical

security, body sensor authentication, secure key agreement, confidentiality of

information, patients data integrity, keys update and data freshness.

3.6.1 Physical Security

Keeping in view the BAN of unconscious patients, an adversary may harm or steal a

sensor node may dislocate a patient that could be dangerous for human life. For this

purpose, BS/MS should keep track of the presence of its registered BAN (sensor nodes

and patients) alive.

3.6.2 Body Sensor Authentication

MS has the responsibility to authenticate body sensors and ensure whether the patient’s

data received from legal sensor or an attacker.

3.6.3 Secure Key Agreement

Secure key agreement plays pivotal role in the secure dissemination of the information between

sender and receiver. Secure key agreement techniques provide secrecy of the key and make sure

that key materials are fully secure against the adversaries.

37

Conventional key agreement schemes are not optimal for the resource constraint BANs

due to its high cost. Lightweight secure key management solutions are the design

requirement of such a network composed of tiny biosensors. Secure exchange of session

key for the secure communication of information is the prime concern so that to protect

the patient sensitive information in the way to its destination from the adversaries.

Efficient key management is a major requirement of BANs.

3.6.4 Confidentiality of Information

Confidential transmission of sensitive patients data to the targeted destination is basic

design concern as its disclosure to the illegal users can put human life at risk. As per

HIPAA act patients’ sensitive information must be protected. Patients’ physiological

readings sensed by the body sensors like BP, ECG, and EEG etc should only be

communicated to the intended MOs for emergency feedback. For the confidential flow

of information, various encryption algorithms or ciphers AES, DES, Blow fish, RC5,

Skipjack can be used.

3.6.5 Patients Data Integrity

Integrity assures that the information being communicated has not been altered in the

way to the recipient like MOs. To protect patient data or session key from modification

by the adversaries various hash and message digest algorithms (SHA-128, SHA-512 and

MD5) are used.

3.6.6 Authenticity

Authenticity ensures that the received information is authentic and from the legal node

of the network. Illegal biosensor node should be blacklisted and the incorrect

information needs to be discarded. Authenticity protects the network from the misusers

trying to become part of the network.

38

3.6.7 Non repudiation

Proof of the received data from the sender is important. Non repudiation makes it sure

that the sender will not be able to deny his sent information i.e. one party can prove the

received or sent information by the other party.

3.6.8 Unforgeability

Unforgeability is the required security parameter where the adversary computes a valid

signature on behalf of a legal signer. The network should have this security feature to

block the illegal signers of the network.

3.6.9 Keys Update

Updating session keys feature should be the part of our WBAN design for protecting

the network from the adversaries trying to compromise session key using old keys for

guessing new key.

3.6.10 Data Freshness

Data freshness assures that the data packets received from a body sensor is new and not

replayed. The adversary may delay a data packet and replay later on which affects the

freshness of data as fresh data is mandatory for the decision making of the MOs.

3.7 Elliptic Curve

Let be a finite field of prime order . An Elliptic Curves is a smooth projective

curve of genus one having at least one rational point. It can be defined over in two

dimensions coordinate by short Weierstrass equation ,

where .

3.8 Hyper Elliptic Curve

Hyper elliptic curves can be viewed as generalization of elliptic curves, with genus

. Let , , is monic polynomial and

. A hyper elliptic curve of genus over the finite field is set of points

satisfy the equation

39

A divisor D is a finite formal sum of points .

Jacobian is finite group and its order is

3.9 Symmetric Cryptographic Solutions

In this cryptographic solution both the sender and receiver to encrypt and decrypt a

message where asymmetric crypto solutions use pair of keys share a single common

secret key. These techniques are fast and simple but its main demerit is the secure

session key exchange cost the communicating nodes. Asymmetric or public key crypto

system covers this problem but high cost becomes the addressable issue. DES, AES, are

well known symmetric key crypto ciphers.

3.10 Asymmetric Cryptographic Solutions

Public key cryptography also known as asymmetric cryptography where pair of keys is

used for the encryption and decryption of data messages. This pair of keys (public key

and private key) is initially assigned to the nodes by certain mechanisms like CA. If a

sensor node wishes to transmit encrypted data, the public directory is used to gain a

public key of a target node. Upon receiving the encrypted message, the recipient

decrypts the message with its private key that is not accessible to other nodes of the

network. In symmetric the use of same key for encryption and decryption of a message

is fast but insecure. Asymmetric crypto system is more secure but suffers with high cost.

3.11 Hybrid Cryptographic Solutions

Symmetric cryptography and asymmetric cryptography have emerged with their own

merits and demerits. According to Schneier symmetric technique is one thousand times

faster than asymmetric but all nodes will have to share the same secret key so secure

key management is unavoidable problem. The asymmetric techniques permit public

key cryptosystem but leads to high computation and communication cost. Hybrid

cryptographic solution uses both the best features of symmetric and asymmetric crypto

40

systems. It usually creates a random shared secret key as in symmetric system and then

this secret key is used to be encrypted through asymmetric system while using

receiver’s public key. The symmetric cipher and the secret key are used to encrypt the

message, and then both the key and message are transmitted to the receiver. First, the

receiver deciphers the secret key using its private key and then using that key to

decipher the message. PGP uses this approach.

3.12 Signcryption

The term signcryption was firstly presented by Yuliang Zheng (Zheng, 1997).

Signcryption is based on public key infrastructure that accomplishes both the functions

of Digital Signature and Encryption at a time. Digital signature and encryption are the

two basic cryptographic elements that can ensure the most important security features

like data confidentiality, data integrity and nonrepudiation. In traditional public key

cryptographic techniques, a message is digitally signed and then afterward encrypted

(Signature-Then-Encryption) that faces problems of high cost and low efficiency.

Signcryption being a new technique uses a single logical step to accomplish both the

tasks of digital signature and encryption. This cryptographic technique leads to low

computation and communication costs as compare to its traditional technique i.e.

Signature-then-Encryption.

41

Chapter 04

RESULT AND DISCUSSION

4. Introduction

This chapter presents five schemes of the proposed framework. All schemes are

compared with existing schemes on the basis of cost and security features. The cost

efficiency and security enhancement of our proposed schemes are shown in the

corresponding tables and graphs.

4.1 Lightweight Authentication and Key Agreement Scheme for BANs

The evolved to a new field of research called for monitoring the health

status of patients and immediate response by and emergency treatment without

any delay to save precious human life. The proposed architecture of BANs consists of

stichable, wearable or implantable biosensor nodes, and (Sana Ullah et al.,

2012)(S. Ullah, Higgins, Shen, & Kwak, 2010). Sensor nodes sense physiological data

like blood pressure , , etc, and communicate the status of patient to

through and . Sensors are low cost devices have limitations of energy,

processing and memory. Secure key agreement and authentication can make secure

transmission of information possible while keeping constrained resources of . To

cope with security challenges we proposed a secure and light weight authentication

with key agreement for , this scheme is designed for monitoring patients of a

ward in a medical centre and consists of two phases first is authentication and key

agreement phase where is used for node authentication and round session key

update. It also provide patient sensor tracking system that tracks existence of

patients/sensors in the transmission range of , tracks dead/defective sensors as

well. When a sensor has no emergency data to sense, then the normal data is discarded.

This technique leads to computation cost and communication overhead reduction. Our

proposed scheme provides biosensor nodes authentication and secure key agreement,

patients data confidentiality, integrity, forward secrecy and backward secrecy,

42

scalability along with data freshness and provides enough resistance against threats and

shields the from the attacks of the adversaries with minimal computational,

communication cost and energy overhead. utilize the received real time vital

organs data for timely decisions regarding the treatment of patients. acts as switch

or central coordinator receive the patient’s data and transmits to receivers out of the

human body (Schwiebert, Gupta, & Weinmann, 2001). Stores registered patients’

record in database, their disease status, and treatment record for future reference and

grants authentications to the legal biosensor nodes.

Our proposed nonce based authentication and key agreement scheme is based on the

following phases.

4.1.1 Registration and Key Preloading Phase

Before deployment, each patient account is created with on and each patient

biosensor nodes are loaded with a unique patient master secret key depicted in

algorithm 4.1.

4.1.2 Authentication and key agreement Phase

Once biosensor nodes deployed, each node sends a massage to , further

forward it to which generates a , encrypts it with and sends

encrypted i.e. to the biosensor as . Biosensor decrypts

to obtain then is updated as and encrypted by master secret

key , encrypted updated is formed and sensor sends it back to , to

check the validity of received either from legal node or illegal. So for this purpose

server decrypts and “ ” is computed as given in algorithm . If

grant authentication otherwise biosensor node is considered as illegal and

black listed. Now round session keys are generated using of and as

both at biosensor nodes and for secure communication of

physiological patients’ data between biosensors and . Each round is a specific time

interval that starts if and ends when .

43

ALGORITHM 4.1: Authentication and Key Agreement

1. Preload Patient Master secret key

2. Biosensor

a. Broadcast to Server

3. Server

a. Generate

b.

c. Sends back to Biosensor

4. Biosensor

a. Computes

b. Computes

c. Sends back to Server

5. Server

a. Computes

b. If

Grant Authentication

Else

c. Blacklist the body sensor

6. Biosensor

a. Computes

7. Server

a. Computes

End

44

Fig.4. 1. Flow Chart

4.1.3 Confidential Data Transmission

Biosensors transmits the encrypted critical data when sensed otherwise sensors discard

the non-critical data, it obviously reduces the communication cost and saving energy

along with maintaining confidentiality of critical data during transmission on wireless

channel. Algorithm (4.2) is used to encrypt patient critical data before transmitting to

the corresponding recipient.

45

ALGORITHM 4.2: Data Encryption and Forwarding

1. for each biosensor node

2. if sensed data = critical

{

a. Computes

b. Computes

c. Computes

d. Sends

}

Else

e. Discard

End if

End for

The above algorithm (4.2) is event driven where biosensor start sensing of a patient

after deployment of body sensors. In case biosensor sense non-critical data then

the sensed data is not critical or emergent nature and should not be forwarded to the

recipient of . If data sensed by is found critical then hash of the

critical data is computed then compressed hash ( ) is formed. is light variant of

function that maintains the integrity of patient’s physiological data. The hash

value of keyed is 160 bits which is not optimal for use in BANs due to its

limited resources. To reduce communication cost we propose compressed hash function

, we split the hash into two equal parts Left hash bits and right hash

bits as Take repeated of and to generate light

weight compressed hash as: . In this technique the value of

is decreased which not only reduce communication cost but also provide integrity

of physiological data.

46

Sensed critical data and round is encrypted along with using round

session key , the confidential physiological patient data is forwarded to

corresponding ward via and for urgent decision-making.

Fig.4. 2. Flow Chart for Confidential Data Forwarding

The encrypted physiological data is received by and forwarded to the

corresponding ward and a copy of this encrypted data is stored in the patient’s

database for future reference or medical history record. decrypts the received

patient status data for immediate medical response. The following algorithm 4.3 is used

for decryption.

ALGORITHM 4.3: Decryption


2. Computes

3. Computes

47

4. Computes

5. Accept if else

6. End for

4.1.4 Key Updating Phase

Keys updating are much more important because keeping of same keys for longer time

may be open gate for cryptanalyst attacks so round wise updating of keys is necessary

as in design of our scheme.

Updating individual keys guarantee forward and backward secrecy of keys. This light

weight algorithm update individual round session keys on both sides biosensors and

in such a way that biosensors record the round last data , apply hash

function to this data , last round session key is XORed with hashed round last

data in this way round session key is updated and the

same key updating process is applied on side. Session keys for confidential flow of

patient data are updated at both server and sensor nodes so it is infeasible for the

attacker to get session keys and break the security of .

ALGORITHM 4.4: Key Update

1. Biosensor

a. Record round last data

b. Computes

c. Computes

2. Server

a. Receive last round last data

b. Computes

c. Computes

End

48

4.1.5 Physical Security

Tracking of body sensors and patient body itself is important within the communication

range of to protect them from harming/stealing and kidnapping or detecting

dead/faulty sensor nodes. To achieve this goal we propose algorithm 4.5 where

broadcast packet to all sensor nodes within the communication range of

in random time intervals, body sensors reply to and forward to . The

packet of the functional sensors and present patients with in the range of

is received to the server. If did not receive then there may be two reasons either

problem with sensors or with patients and in this case warning is forwarded to

for emergency response. The proposed algorithm 4.5 will be applied for all

forthcoming schemes as well.

ALGORITHM 4.5:

1. Base Station

a. After a random time interval broadcast message to all

body nodes

2. Biosensor

a. Reply to and forward to

3. Server

a. If receives from all registered patients/ sensors

Presence of patients and functional sensors ensured

b. Else

{

Case-1: sensor dead/faulty

Case-2: patient/sensor out of Range

Generate warning and forward to

}

End

49

4.1.6 Security Analysis

Security of is of prime importance since this is the question of human life

sustainability through by efficient security schemes complete in all respects. Our

proposed scheme has the potential to safe guard from adversaries and has the

capability to transmit human physiological data securely from biosensors to . The

essential security parameters and prevention of possible attacks addressed in our

scheme are presented below.

4.1.6.1 Node Authentication

Proposed scheme provides node “ ” based node authentication and grant

permission to become part of the network. Medical server checks nonce for granting

authentication or denying authentication/blacklisted. It prevents impersonation attack.

4.1.6.2 Key agreement

The proposed scheme establishes and updates a session key between patient and

medical server and medical officer using master secret key and symmetric

encryption.

4.1.6.3 Key Update

Our proposed scheme session keys are updated round wise in such a way that is

taken of the ( ) of most recently sent patient data with previous round session key

, the adversary would not be able to guess the key for next round.

4.1.6.4 Node Tracking

The proposed scheme runs PST algorithm using and packets and check

whether the sensor is functional and within transmission range or not.

50

4.1.6.5 Message Confidentiality

A unique patient round session key for confidential transmission of patient vital

signs data between sensor nodes and using algorithm to encrypt message

, that also prevent chosen cipher text attack.

4.1.6.6 Message Integrity

Proposed scheme used one-way collision resistive hash function and for efficiency

compressed hash ( ) function is computed which maintains the integrity of data

packets in the way from sensor nodes to .

4.1.6.7 Key Revocation

This scheme has keys revocation/update algorithm and after new node join or

previous leave or time out keys are revoked to ensure key freshness.

4.1.6.8 Forward Secrecy and Backward Secrecy

This scheme offers rekeying or keys updating which guarantees forward and backward

secrecy. Session keys are updated round wise in such a way that is taken of the

( ) of most recently sent patient data with previous round session key , the

adversary would not be able to guess the key for next round or if join the previous

round key.

4.1.6.7 Data Freshness

The proposed scheme using time stamp that ensures the data received by

the is fresh and prevent the attacker to launch replay attack.

4.1.6.8 Denial of Service

This scheme prevents denial of service attack as each sensor communicates with

that ensure node authentication resist illegal sensor to join the network. If a node joins,

it is not allowed to send bulky data as only critical data is forwarded and can detect

unwanted data forwarding.

51

4.1.6.9 Masquerade Prevention

Before deployment, each patient account is created with on and each patient

biosensor nodes are loaded with a unique patient master secret key . Therefore, the

attacker cannot hijack the identity of a legal node for illegal use.

4.1.6.10 Scalability

Addition of a new sensor or replacement of old sensor or removal of an existing

biosensor node is independent on each other and managed by a powerful medical

server, that insure scalability.

Table 4. 1 Comparison of Security Functions of Proposed and Existing Schemes

Schemes

Proposed Scheme 1st Y Y Y Y Y Y Y Y Y Y Y Y

IEEE 802.15.6 Protocol I N Y Y N Y Y Y N N N N Y

IEEE 802.15.6 Protocol II (2012) Y Y Y N Y Y Y N N N N Y

IEEE 802.15.6 Protocol III (2012) Y Y Y N Y Y Y N N N N Y

IEEE 802.15.6 Protocol IV (2012) Y Y Y N Y Y Y N N N N Y

(Drira et al 2012) Y Y N N Y Y N N Y Y Y N

Lee et al (2014) Y Y N N Y Y N N Y N Y N

(Daojing et al 2014) Y Y Y N Y Y Y Y Y Y Y N

4.1.7 Performance Analysis

The efficiency of our proposed scheme is based on the measurement of computational

cost and communication overhead/cost.

4.1.7.1 Computational Cost

Major and expensive operations like and are not used in our

proposed scheme. Symmetric cipher significantly decrease computational cost as

compare to schemes using asymmetric ciphers.

52

Table 4. 2 Comparison of Computation Cost of Existing and Proposed Schemes

Scheme Computation Cost at Biosensor Side

Proposed Scheme 1st

IEEE 802.15.6 Protocol I (2012)

IEEE 802.15.6 Protocol II (2012)

IEEE 802.15.6 Protocol III (2012)

IEEE 802.15.6 Protocol IV (2012)

(Drira et 2012)

(Lee et al 2014)

(Daojing et al 2014)

Table 4. 3 Computation Cost Comparison at Biosensor Side

Proposed Scheme Efficiency on the basis of Computation Cost at Biosensor Side

Existing Schemes Percent Efficiency of the Proposed Scheme

IEEE 802.15.6 Protocol I, II, III (2012)


(Drira et al 2012)

(Lee et al 2014)


0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

3500

4000

4500

(Com

puta

tiona

l Cos

t in

ms)

(Number of nodes)

Proposed Schme 1st

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 3. Graph Representation of Comparison of Computation Cost at Biosensor Side

53

Table 4.4 Comparison of Computation Cost of Existing and Proposed Scheme

Scheme Computation Cost at Medical at Sever Side

Proposed Scheme 1st





(Drira et al 2012) 2

(Lee et al 2014) 2


Table 4. 5 Computation Cost Comparison at MS Side

Computation Cost Efficiency of the Proposed Scheme at MS Side

Scheme Percent efficiency of the proposed scheme



(Drira et al 2012)

(Lee et al 2014)


54

0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

3500

4000

4500(C

ompu

tatio

nal C

ost i

n m

s)

(Number of nodes)

Proposed Schme 1st

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 4. Graph Representation of Comparison of Computation Cost at Base Station Side

4.1.7.2. Communication Overhead Analysis

Bandwidth is a major issue in BANs so communication cost should be as less as

possible.

Table 4. 6 Comparison of Communication Overhead of Proposed and Existing Schemes

Existing Schemes Total Number of Messages

Exchanged Total Number of Bits Exchanged

Proposed Scheme 1st 3 (|Ack=16 bits|)



IEEE 802.15.6 Protocol III


(Drira et al 2012)

(Lee et al 2014)


55

Table 4. 7 Communication Cost on the basis of Nodes

Proposed Scheme Efficiency on the basis of Communication Cost

Schemes Percent Efficiency of the Proposed Scheme IEEE 802.15.6 Protocol I, II, III,IV

(Drira et al 2012)

(Lee et al 2014)


0 2 4 6 8 10

0

5000

10000

15000

20000

(Num

ber o

f Bits

in c

omm

unic

atio

n)

(Number of nodes)

Proposed Scheme 1st

Standard I,II,III,IV

Drira et al

Lee et al

Daojing et al

Fig.4. 5. Graph Representation of Comparison of Communication Overhead

4.1.8 Conclusion

Secure and lightweight authentication and key agreement scheme is proposed for the

security of where encrypted is applied for secure node authentication that

blocks illegal nodes. Cost effective symmetric cipher is used for confidentiality of

physiological data rather than costly asymmetric cipher. The value of one-way collision

resistive hash function is decreased and the resultant lightweight compressed hash

function is obtained for maintaining integrity. Forward and backward secrecy is

achieved by updating session keys round-wise where is taken of the previous

round last data with previous round last session key in this way adversary

would not be able to guess the key for next round. Physical security feature of our

56

scheme is used for tracking patients/biosensors and detecting dead or faulty

biosensors within the transmission range of . Our scheme is computationally

efficient 60.05-89.81% at biosensor side, 60.05-92.61% at MS side and efficient in

communication overhead 83.92-92.99% as compared to other schemes. Thus, this

scheme provides improved security features mentioned in Table 4.1 with minimal cost

which make this scheme well fit for the resource constrained environment of .

4.2 Authenticated Key Agreement for SBANs Based on Hybrid Cryptosystem

In this scheme, we have proposed a hybrid authenticated key agreement with rekeying

for . Our scheme is based on symmetric crypto system and .

We assume that and have enough processing capability, energy and memory.

Routing table is constructed for every node by in accordance to (Lewis, Foukia, &

Govan, 2008) (Yang, Lim, Li, Fang, & Agrawal, 2008) depending on the knowledge of

deployment, saved formation of cluster scenario using protocol for the selection of

optimized route.

Fig.4. 6. System Design of BANs

Our scheme is based on symmetric cryptography and for key agreement. This

scheme comprised of five phases:

a) Registration and Key Preloading Phase

b) Node Authentication Phase

57

c) Session Key Establishment Phase

d) Secure Data Transmission Phase

e) Key Updating Phase

4.2.1 Registration and Key Preloading Phase

In key preloading phase, each biosensor is preloaded with public key .

are preloaded with its own private and public keys ( ) and each sensor .

4.2.2 Node Authentication and Key Agreement Phase

Algorithm 4.6 is designed to block malicious nodes and authenticate only the legitimate

nodes. compares the received sensor with pre stored after decrypting, if

accept, network access will be granted otherwise the node is blacklisted and discarded

from the network and pointed out as malicious node.

Algorithm 4.6: Node Authentication and Key Agreement

Biosensor

For each biosensor node

a. Generate

b. Computes

c. Encode message to point

d. Computes

e. Computes

f. Computes

g. Computes

Transmit to

End for

4.2.3 Session Key Establishment Phase

The following algorithm 4.7 is used for the establishment of session keys

in where session key is generated by taking the of two random

numbers belong to the same cluster. The obtained session key along with other

58

concatenated parameters is encrypted using symmetric cipher and sent to the

biosensor confidentially.

Medical Server

Algorithm 4.7 Decrypt ( )


a. Computes

b. Extract

c. Extract

d. Computes

If accept the session key , otherwise

End for


a. randomly selects two belong to same cluster

b. Compute session key

c. Computes

d. Send to biosensor node

End for

In above algorithm 4.7 biosensor node received encrypted message and decrypted to

get the session key that is further used for onward secure session data communication.

Biosensor

Algorithm 4.8: Biosensor Decrypt

for each body sensor node

59

a. Computes

b. Session key used for secure communication

End for

4.2.4 Secure Data Transmission Phase

The integrity is maintained through by taking the hash of patient sensed physical status

data to compute then are encrypted and cipher text is

obtained and forwarded to medical server.

Algorithm 4.26: Secure Session Data Transmission

Biosensor Node

for each biosensor node

a. Sense data

b. Computes

c. Computes

d. Sends to

End for

Medical Server

Using algorithm 4.27 medical server decrypts the using round session key for

each body sensor encrypted data and then compare the computed and received

hash of , if matched accept otherwise discard the data packet.

Algorithm 4.27: Medical Server ( )


a. Computes ( )

b. Computes

c. Accept if Save data to patient record otherwise

60

End for

4.2.5 Key Updating Phase

Keys updating are much more important because keeping of same keys for longer time

may be open gate for cryptanalyst attacks so round wise updating of keys is necessary

as in design of our scheme.

Updating individual keys guarantee forward and backward secrecy of keys. This light

weight algorithm updates individual round session keys on both sides biosensors and

in such a way that biosensors record the round last data , apply hash

function to this data , last round session key is XORed with hashed round last

data in this way round session key is updated and the

same key updating process is applied on side. Session keys for confidential flow of

patient data are updated at both server and sensor nodes so it is infeasible for the

attacker to get session keys and break the security of .


1. Biosensor

a. Record round last data

b. Computes

c. Computes

2. Server

a. Receive last round last data

b. Computes

c. Computes

End

61


Following are the security requirements for . Our propose scheme fulfills these

requirements using the analysis.


In registration phase each biosensor authentication is made offline and preloaded with

public key and are preloaded with its own private and public keys. are preloaded

with its own private and public keys ( ) and each sensor . Algorithm 4.6

ensure designed to block malicious nodes and authenticate only the legitimate nodes.

4.2.6.2 Key Agreement Phase

To ensure efficient and secure data dissemination proposed scheme establish session

key using algorithm (4.6) between biosensor and medical server.

4.2.6.3 Key Update

When a sensor node joins, leaves the network or capturing is detected, the rekeying

technique is performed to update key.


In our proposed scheme medical server run PST algorithm provides enriched resilience

track the sensor node.


We use symmetric cryptography and for exchanging session key and information

with standard key size that achieve message confidentiality. Therefore, our proposed

scheme has strong resistance against chosen plaintext and cipher attackers.

4.2.6.6 Message Integrity

In our proposed scheme when decryption is performed then received and stored

of sensor nodes are compared by the . And received , stored of is

62

compared by the sensor nodes. Symmetric cryptosystem and have avalanche effect

where through integrity is maintained.


When a sensor node joins, leaves the network or time period expires; the previous key

is revoked and rekeying is performed in the corresponding cluster.

4.2.6.8 Forward Secrecy and Backward Secrecy

When a sensor node joins, leaves the network or time period expire; the rekeying

technique is performed in the corresponding cluster that guarantees forward and

backward secrecy of session key.


This scheme ensures that the data received by the is always new using time

stamp as and prevents the attacker to launch replay.


This scheme makes an offline registration and prevents denial of service attack as it

does not accept any outsider requests online.


This scheme makes an offline registration and prevents an attacker who cannot hijack

the identity of a legal node.


Our proposed solution has the capability to support an extensive growth in the network

size after deployment as nodes are independent from each other and managed by

power full base station and server.

63

Table 4. 8 Comparison of Security Function of Proposed and Existing Schemes

Schemes

Proposed 2nd Y Y Y Y Y Y Y Y Y Y Y Y






(Lee et al 2014) Y Y N N Y Y N N Y N Y N



In our proposed technique, it is assumed that both and gateway is rich in resources

and we concentrate only on the performance of the biosensors.

4.2.7.1 Computation Cost Analysis

Elliptic Curve Point scalar Multiplication ( ) and Modular Exponentiations

( ) are the major and most expensive operation in session key exchange.

The computational cost comparison of the existing schemes and proposed scheme is

shown in the table 4.9.



Proposed Scheme 2nd





(Drira et al 2012)

(Lee et al 2014)

(Daojing et al 2014) 4 1 3

64



Schemes Percent Efficiency of the Proposed Scheme IEEE 802.15.6 Protocol I, II, III (2012)

IEEE 802.15.6 Protocol IV

(Drira et al 2012)

(Lee et al 2014)



Scheme Computation Cost at MS Side

Proposed Scheme 2nd





(Drira et al 2012)

(Lee et al 2014)


Table 4. 12 Computation Cost Efficiency at MS Side

Proposed Scheme efficiency at MS Side

Scheme (From which Proposed Scheme efficient )

Percent efficiency of the proposed scheme



(Drira et al 2012)

(Lee et al 2014)


65

0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

3500

4000

4500

(Com

puta

tiona

l Cos

t in

ms)

(Number of nodes)

Proposed Scheme 2nd

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 7. Computational Cost Comparison

4.2.7.2 Communication Overhead Analysis

Bandwidth is a major issue in BANs so communication cost should be as less as

possible.


Existing Schemes Total Number of Messages


Proposed Scheme 2nd 3 (320 + 192) bits





(Drira et al 2012)

(Lee et al 2014)


66




IEEE 802.15.6 Protocol I, II, III,IV

(Drira et al 2012)

(Lee et al 2014)


0 2 4 6 8 10

0

5000

10000

15000

20000

(Com

mun

icat

ion

Cos

t in

Bits

)

% (Number of nodes)

Proposed Scheme 2nd


Drira et al

Lee et al

Daojing et al

Fig.4. 8. Communication Cost on the basis of Nodes

Table 4. 15 Communication Cost on the basis of Security Levels

Proposed Scheme Efficiency on the basis of Security Levels


Security Level 1 Security Level 2 Security Level 3 IEEE 802.15.6 Protocol I, II, III,IV

(Drira et al 2012)

(Lee et al 2014)


67

Level 1 Level 2 Level 3

0

2000

4000

6000

8000

10000

12000

14000

(Com

mun

icat

ion

Cos

t in

Bits

)

(Security Level)

Proposed Scheme 2nd


Drira et al

Lee et al

Daojing et al

Fig.4. 9. Communication Cost on the basis of Security Level

4.2.8 Conclusion

Lightweight cryptographic techniques and key management schemes in BANs are of

great interest for the researchers due to its constrained nature. In this scheme, we have

proposed hybrid approach for authenticated key agreement with rekeying for secure

BANs. Our scheme is based on and symmetric cryptography. The proposed

scheme is efficient in computation cost at biosensor side 40.37-84.79% and at MS side

40.37-88.96% efficient in communication cost based on number of nodes 81.69-92.02%

and security level 43.25-94.11%, while fulfilling the entire security requirement of

BANs.

4.3 A Signcryption based Key Agreement and Cluster Head Selection for

BANs

In order to protect the sensor data there is not only a need for the secure and

lightweight cryptosystem but also a need for secured and energy efficient key

agreement scheme which will guarantee the secure communication of patient data.

68

Traditional security solutions are not directly applicable to these networks due to their

constrained nature there by providing copious avenues for researchers.

In this section, a secure hybrid key establishment scheme for based on

signcryption and symmetric cryptography. The session key and cluster head selection is

performed in a single step. The proposed scheme would significantly reduce the

computation cost as well as traffic overhead. The focus of this scheme is to design a key

agreement scheme with high security strength, computationally less expensive, low

communication cost and energy efficient. This scheme uses signcryption for key

establishment and symmetric cryptography for session data transmission in . The

topological structure of the proposed network consists of biosensors, base station and

centralized medical server as is shown in figure 4.10. We assume that the biosensor

have limited resources while BS and MS have high.

Fig.4. 10. Proposed Scheme Structure for BANs

Our proposed scheme has the following phases.

System Initialization Phase

Session Key Establishment and Cluster Head Selection Phase

Secure Session Data Forwarding

Cluster Head Rotation Phase

Rekeying Phase

69

4.3.1 System Initialization Phase

Medical server MS is preloaded with his private and public keys respectively.

Before biosensor deployment on patient body each biosensor is preloaded with its

private key , public key and corresponding medical server public key .

Each deployed sensor public key is also forwarded to MS as well.

4.3.2 Session Key Establishment and Cluster Head Selection Phase

In this phase secure session key is established between each biosensor and

corresponding medical server using signcryption coupled with cluster head selection on

the base of energy level. To accomplish the above task following steps are performed:

Biosensor

Algorithm 4.10: Session Key Signcryption

1. Each biosensor on patient generates a random number

2. Each biosensor on patient has energy level

3. Signcryption

a. Select an integer randomly

b. Computes

c. Computes =

d. Compute

e. Compute

f. Compute

Send signcrypted text to

Medical Server

Algorithm 4.11 Signcryption and Cluster Head Selection

1. Unsigncryption

a. Computes

b. Computes

70

c. Computes

d. Check if accept else

e. Select random and compute

f. Select Max ( )

g. Compute

End

Biosensor

Algorithm 4.12: Session Key Decryption

1. Each biosensor receives and decrypts the encrypted text by using

symmetric cipher and key as:

a.

b. Cluster member send join request to cluster head .

End

4.3.3 Secure Session Data Forwarding

Biosensors sense patient information (vital sign) encrypt with session key using

symmetric cipher. The encrypted data is forward to cluster head and further forwarded

to via BS.

ALGORITHM 4.2: Session Data Encryption and Forwarding


2. if sensed data = critical

{

a. Computes

b. Computes

c. Computes

d. Sends

71

}

Else

e. Discard

End if

End for

The encrypted physiological data is received to via BS and forwarded to the

corresponding ward and a copy of this encrypted data is stored in the patient’s

database for future reference or medical history record. Decrypt the received

patient status data for immediate medical response. The following algorithm 4.3 is used

for decryption.

ALGORITHM 4.3: Session Data Decryption


2. Computes

3. Computes

4. Computes

5. Accept if else

6. End for

4.3.4 Cluster Head Rotation Phase

In this phase, cluster head is rotated, when the cluster head energy level reaches to a

threshold value.

Biosensor

Algorithm 4.13 Energy Level Encryption

a. Each sensor sends energy level in encrypted form to

b.

c. Send encrypted text to

End

Medical Server

72

Reselect cluster head with maximum energy as:

Algorithm 4.14: Energy Level Decryption

a. Compute

b. Select one biosensor as cluster head having maximum energy

from those biosensor installed on same patient by comparing their

energy levels ( ), the remaining biosensors become

member of that cluster. Where is address of cluster head ,

and is address of cluster member

c. Compute

Send encrypted text to biosensor

Biosensor

Each biosensor receives and decrypts the encrypted text by using symmetric

cipher and key as:

Algorithm 4.15: Updated Session Key Decryption

a.

b. Cluster member sends join request to cluster head

End

4.3.5 Rekeying Phase

To ensure forward secrecy in case of node leaves, backward secrecy in case new node

joins and key freshness after a threshold amount of time rekeying is performed as:

Biosensor

Algorithm 4.16: Rekeying

1. Each biosensor on patient generates a random number

73

2. Each biosensor on patient has energy level

3. Signcryption

a. Select an integer randomly

b. Computes

c. Computes =

d. Compute

e. Compute

f. Compute

Send Signcrypted text to

Medical Server

Algorithm 4.17: Unsigncryption

4. unsigncrypts the signcrypted text received from each sensor

5. Unsigncryption ,

a. Computes

b. Computes

c. Computes

d. Check , if satisfied accept the random number

and

otherwise

6. computes session key for patient by selecting two from those

biosensor installed on same patient as:

a.

7. selects cluster head for data forwarding from biosensor to installed

on patient as:

74

8. Encrypt session key to each biosensor using symmetric cipher and

encryption key as:

a.

b. Send encrypted text to biosensor

Biosensor

Algorithm 4.18: Decrypt Session Key

Each biosensor receives and decrypts the encrypted text ) by using

symmetric cipher and key as:


Our scheme fulfills the following security requirements.


In proposed scheme, signcryption a public key primitive and public key certificate of

node ensure node authenticity, therefore in session key establishment authenticity of

each sensor and session key establishment is confirmed.

4.3.6.2 Key Agreement

To insure efficient and secure message dissemination, session key for symmetric cipher

is established using signcryption that ensure authenticated session key agreement.

4.3.6.3 Key Update

In proposed scheme, rekeying is performed to update and ensure freshness of session

key.

75


In proposed scheme algorithm, PST is used to track the patient and biosensors, that use

and mechanism as defined in algorithm named .


In order to achieve confidential session key exchange, we use signcryption based on

and symmetric encryption with standard parameters, which ensure confidentiality

of session key that lead to confidential session information dissemination.

4.3.6.6 Integrity

In session key establishment, integrity is confirmed by signcryption routine and session

data is by function.


In proposed scheme when a node leaves or joins, after a specific interval of time

rekeying is performed, thus, key is refreshed. Moreover, the can directly revoke

and blacklist a node as well.

4.3.6.8 Backward and Forward Secrecy

To ensure forward secrecy, in case a node leaves, backward secrecy in case new node

joins and for key freshness after a specific interval of time rekeying is performed which

ensure forward as well as backward secrecy.


Proposed scheme ensures that received data are not replayed and fresh by using time

stamp appended with encrypted data and thus avoid replay attack and confirm

data freshness.

76


The proposed framework allows only the authenticated nodes to send the data while it

may be infeasible for an attacker to join the network and launch the denial of service

attack on the powerful medical server.


The nodes are authenticated using public key certificate, which is hard for an attacker to

launch masquerade attack.


Our proposed scheme for has the ability to maintain considerable increase in

size of network after deployment as nodes in the network are independent from each

other.

Table 4. 16 Comparison of Security Function of Proposed and Existing Schemes

Schemes

Proposed scheme 3rd Y Y Y Y Y Y Y Y Y Y Y Y









Comprehensive analysis of the proposed secure key establishment and cluster head

selection scheme in term of performance efficiency is given:

77

4.3.7.1 Computation Cost Analysis

In our proposed secure key establishment technique, the expensive operations are

and . Table 4.17 shows the processing cost analysis of our scheme with

existing schemes.


Schemes Computation Cost at Biosensor Side

Proposed Scheme 3rd





(Drira et al 2012)

(Lee et al 2014)




Schemes

Percent Efficiency of the Proposed Scheme



(Drira et al 2012)

(Lee et al 2014)


78

0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

(Co

mp

uta

tion

al C

ost

in m

s)

(Number of nodes)

Proposed Scheme 3rd

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 11. Comparison of Computation Cost at Biosensor Side


Scheme Computation Cost MS Side

Proposed Scheme


IEEE 802.15.6 Protocol II



(Drira et al 2012) 2

(Lee et al 2014) 2



Proposed Scheme Efficiency on the basis of Computation Cost at MS Side

Scheme Percent efficiency of the proposed scheme



(Drira et al 2012)

(Lee et al 2014)


79

0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

3500

4000

4500

(Co

mp

uta

tion

al C

ost

in m

s)

(Number of nodes)

Proposed Scheme 3rd

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 12. Comparison of Computation Cost at MS Side


As in BANs, speed of link usage is a main issue so we need smart cryptosystem for less

communication cost. Table 4.21 shows the communication overhead analysis of

proposed key establishment and existing schemes. Bandwidth is a major issue in BANs

so communication cost should be as less as possible.


Schemes Total Number of Messages


Proposed Scheme 3rd 2





(Drira et al 2012)

(Lee et al 2014)


80


Proposed Scheme efficiency on the basis of Communication Cost

Schemes Percent Efficiency of the Proposed

Scheme IEEE 802.15.6 Protocol I, II, III,IV

(Drira et al 2012)

(Lee et al 2014)


0 2 4 6 8 10

0

2000

4000

6000

8000

10000

12000

14000

16000

18000

20000

22000

(Com

mun

icat

ion

Cos

t in

Bits

)

(Number of nodes)

Proposed Scheme 3rd


Drira et al

Lee et al

Daojing et al

Fig.4. 13. Communication Cost on the basis of Nodes





(Drira et al 2012)

(Lee et al 2014)


81


0

2000

4000

6000

8000

10000

12000

14000

(Com

mun

icat

ion

Cos

t in

Bits

)

(Security Level)

Proposed Scheme 3rd


Drira et al

Lee et al

Daojing et al

Fig.4. 14. Communication Cost on the basis of Security Levels

4.3.8 Conclusion

Signcryption based on elliptic curve cryptography ( ) in is the unique feature

of this scheme. Life of the network is increased by cluster rotation among the sensors.

Forward and backward secrecy is maintained by rekeying. The proposed scheme is

favorable due to significant reduction in computation cost as well as communication

overhead for over other existing schemes while fulfilling essential security

parameters. The percent efficiency comparison of our proposed scheme with the

existing scheme is depicted in tables.

4.4 Efficient Key Agreement for Wireless BANs Based on Hyper Elliptic

Curves

Koblitz coined which can be a better choice in replacement of for the

resource constraint environment of . To achieve efficiency in our scheme we use

due to its shorter key size as compare to other crypto systems, the 80 bits base

field provides equivalent security as that with 180 bits and 1024 bits. Our

efficient key agreement scheme uses for resource constraint environment of

82

.This scheme will provide security with improved cost efficiency in a hospital

ward.

The proposed design architecture consists of four stages. Stage first include

initialization , stage second key establishment, stage third secure data transmission and

stage fourth session key updating stage.

4.4.1 Initialization Stage

In this stage, each sensor node is preloaded with public key , private key

and public key of medical server prior on the body of patients. Public key ,

Private Key and public keys of all sensor nodes are preloaded to medical server.

4.4.2 Key Establishment Stage

In this stage, round wise session key is generated then exchanged in secure manner

among sensor nodes and medical server using for onward transmission of

patient data securely. Sensor node runs probabilistic encryption algorithm (4.24).

Encrypt to generate encrypted text for session key .

Algorithm 4.24: Encrypt

Select a integer

a. Computes

b. Encode message to divisor

c. Computes

d. Computes

e. Computes

f. Computes

Transmit to

83

Obtains sensor node public key from certificate authority, decrypts encrypted

session key using deterministic decryption algorithm (4.25) Decrypt to obtain

session key from encrypted text .

Algorithm 4.25: Decrypt

e. Computes

f. Extract

g. Extract

h. Computes

if accept the session key , otherwise

4.4.3 Secure Data Transmission Stage

The integrity is maintained through by taking the hash of patient health status data

to compute then are encrypted and cipher text is obtained and

forwarded to medical server.


Body Sensor Node


e. Sense data

f. Computes

g. Computes

h. Sends to

End for

84

Medical Server

Using algorithm 4.27 medical server decrypts the using round session key for

each body sensor encrypted data and then compare the computed and received

hash of , if matched accept otherwise discard the data packet.

Algorithm 4.27: Medical Server ( )


d. Computes ( )

e. Computes

f. Accept if Save data to patient record otherwise

End for

4.4.4 Key Updating Stage

Round wise updating of keys is the essential feature of our proposed scheme for

prevention from the attack of cryptanalyst using old keys and guessing new keys. In

this way forward and backward secrecy is maintained.

Biosensors update the session key using algorithm 4.28 rounds wise. The last round

data is computed by taking its hash and is taken with the session key of

last round. Fresh session key is computed by taking the last round data with

the last round session key .

Algorithm 4.28: Biosensor Key Update


a. Computes where is last round data

b. Computes

End for

Medical server updates the session key using algorithm 4.29 as biosensor round wise.

The last round data is computed by taking its hash and is taken with the

85

session key of last round. Fresh session key is computed by taking the last round

data with the last round session key .

Algorithm 4.29: Medical Server Key Update


c. Computes

d. Computes

End for


The secure dissemination of patient information from body sensors to the MS is of

prime importance. Our proposed scheme ensures the necessary prominent security

notions of confidentiality, Integrity, authenticity, Un-forgeability and non-repudiation

of patient information. Security function is dependent on Hyper Elliptic Curve Discrete

Log Problem ( ), which is a hard problem (Computationally infeasible) (Ch et

al., 2014).

4.4.5.1 Node and Message Authentication

Proposed scheme signcryption a public key primitive and the public key certificate of


information received from each sensor at is achieved. Authenticity of information

received at sensor is achieved by and function.

4.4.5.2 Key agreement

For session key establishment, signcryption that ensure authenticated and confidential

session key agreement.

4.4.5.3 Key Update

In proposed scheme, rekeying is performed to update/refresh the previous session key

established.

86


In proposed scheme algorithm, that use and mechanism to ensure

track the patient and biosensors.


In proposed scheme the has authority to revoke key of a node and blacklist.

Moreover, when a node joins or leaves the previous key is revoked.

4.4.5.6 Message and Session Key Confidentiality

The privacy of patient health information is crucial and it should not be eavesdropped

( ). To assure privacy, proposed system confidentially exchanges the session key

and communicates the session data using symmetric cipher . The possible attacks

are demonstrated in session key agreement and secure data transmission and it is

concluded that the proposed scheme provides confidentiality.

Case 1: An can compute patient session keys from Equation (1) if he

gets from Equation (2), while computing from Equation (2) is Equivalent to

solve one computationally infeasible

Case 2: An can compute patient session keys from Equation (3) and (4),

if he gets from Equation (5), while computing from Equation (5) is Equivalent to

solve one computationally infeasible .

87

Case 3: An wants to obtain patient session information from ciphertext .

is used as encryption algorithm so computing from is computationally

infeasible as resists and .

4.4.5.7 Message and Session Key Integrity

Proposed scheme ensures that the patient data have not been altered by received at

. In key exchange phase, patient computes using one-way

function. If changes the original information as , is changed to

. Similarly, patient encrypted information is computed as It is

infeasible for an attacker to modify as such that due to

collision resistive property of hash function.

4.4.5.8 Unforgeability

The cannot forge valid without private key of the biosensor. Let an

attempts to forge, he must generate from Equation (4) for . For computing

valid signature , he has to compute biosensor private key from Equation (5)

which is equivalent to solve .

4.4.5.9 Non repudiation

Non-repudiation warrants that both of the patients cannot deny their sent information

in BANs. In case of dispute, judge/ third party can decide that whether the message is

sent by the claimed biosensor or not.

4.4.5.10 Forward and Backward Secrecy

The key updating property of our scheme blocks the passive adversary from guessing

the session key through using old keys.

88


Proposed scheme ensures data freshness by using time stamp . It ensures that

received data are not replayed and should be fresh and created newly. In a structure,

where session key strategies are employed, data freshness plays a significant role.


The proposed scheme authenticate the node using public key certificate and allowed

only the authenticated nodes to send the data while it may be infeasible for an attacker

to join the network and launch the denial of service attack on medical server.


The nodes are authenticated using public key certificate, which is hard for an attacker to

launch masquerade attack.


The design architecture is scalable and a node can be added or removed as per the

requirement of the network without changing the structure of the network.

Table 4. 24 Security Analysis of Proposed and Existing Schemes

Schemes

Proposed Scheme 4th Y Y Y Y Y Y Y Y Y Y Y Y









Biosensors have limited memory, processing capability and energy. Based on these

parameters we analyze our scheme with existing schemes presented in the literature.

89

The advantage of proposed scheme is obvious from its efficiency compared to existing

schemes.

4.4.6.1 Computational Cost Analysis

In established public key cryptosystem, the expensive and major operations are

Modular Exponentiation ( ), ECC Point multiplication ( ) and HEC

Divisor Scalar Multiplication ( ). A single scalar multiplication is observed to

have been consuming 469.96 ms for ( ) and 316.6 ms for ( ) on ARM @

50MHz processor. Analysis shows that our scheme is cost efficient and best suitable for

the resource constraint environment of BANs. The result is presented in tables.



Proposed Scheme 4th





(Drira et al 2012)

(Lee et al 2014)


Table 4. 26 Computation Cost Comparison on Biosensor Side


Existing Schemes Percent Efficiency of the Proposed Scheme IEEE 802.15.6 Protocol I, II, III (2012)


(Drira et al 2012)

(Lee et al 2014)


90

0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

(Com

puta

tion

Cos

t in

ms)

(Number of nodes)

Proposed Scheme 4th

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 15. Computation Cost at Biosensor Side


Schemes Computation Cost Base Station Side

Proposed Scheme 4th





(Drira et al 2012)

(Lee et al 2014)


91

Table 4. 28 Computation Cost Comparison on MS Side




(Drira et al 2012)

(Lee et al 2014)


0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

3500

4000

4500

(Com

puta

tion

Cos

t in

ms)

(Number of nodes)

Proposed Scheme 4th

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 16. Computation Cost at MS Side


Energy consumption of transmission is proximately 1000 time high than computation

cost. The communication efficiency of our solution depends on the shorter key size and

parameters of HECC. Based on NIST standard choice of parameters, our scheme is cost

efficient in bandwidth utilization than existing schemes as shown in Table 4.29.


Schemes Total Number of Messages


Proposed Scheme 4th



92



(Drira et al 2012)

(Lee et al 2014)




Existing Schemes Percent Efficiency of the Proposed Scheme IEEE 802.15.6 Protocol I, II, III,IV

(Drira et al 2012)

(Lee et al 2014)


0 2 4 6 8 10

0

2000

4000

6000

8000

10000

12000

14000

16000

18000

20000

22000

(Com

mun

icat

ion

Cos

t in

Bits

)

(Number of nodes)

Proposed Scheme 4th


Drira et al

Lee et al

Daojing et al

Fig.4. 17. Communication Cost on the Base of Nodes





(Drira et al 2012)

(Lee et al 2014)


93


0

2000

4000

6000

8000

10000

12000

14000

(Com

mun

icat

ion

Cos

t in

Bits

)

(Security Level)

Proposed Scheme 4th


Drira et al

Lee et al

Daojing et al

Fig.4. 18. Communication Cost on the Base of Security Level

4.4.7 Conclusion

This scheme is lightweight as compare to other schemes due to the shorter parameters

of . The proposed scheme is efficient at biosensor side 7.10-76.31% and MS side

53.55-91.40%. Communication overhead efficiency on the basis of number of nodes is

81.69-92.02% and 43.25-94.11% in security levels. The significant cost reduction along

with integrity, confidentiality, authenticity and key updating can make this scheme a

better choice for the resource-constrained set up of BANs.

4.5 Novel Key Agreement Scheme for BANs Based on Hyper Elliptic Curve

Signcryption

Symmetric ciphers are fast but suffers with secure key distribution problem while

asymmetric solve the secure key distribution problem but are costly. Hybrid techniques

are somehow balanced but still needs cost efficiency to be best fit in resource

constraint environment. The security feature of signature for authentication and

94

encryption for achieving confidentiality were combined logically into single operation

called signcryption. Koblitz first time introduced Hyper Elliptic Curve Cryptosystem

( ) as alternative of Elliptic Curve Cryptosystem ( ), feasible to achieve high

security for resource constraint environment. Nizamuddin et al. (Nizamuddin, Ch., &

Amin, 2011) proposed signcryption scheme based on and reduced significant

computation and communication compared to base schemes.

is prioritizing over other cryptographic solutions because its shorter parameters

provide the same security level. 80 bits base filed offer the same security with

that of 180 bits and 1024 bits of . In our novel secure key agreement scheme

designed for a hospital ward, we apply based signcryption for which will

provide the same security level with enough lower computation and communication

cost/overhead and one hop reduction due to avoidance of cluster head will increase the

overall performance of the network.

4.5.1 Hyper Elliptic Curve Cryptosystem

Shorter key size and high efficiency of hyper elliptic curve cryptosystem proves

its suitability over other crypto systems. Our proposed scheme using can attain

the same security in comparison to other schemes having larger key sizes as shown in

table 4.32 .Smaller communication bandwidth, low overhead and less memory space of

make it ideal to be applied for the resource constraint environment of .

Table 4. 32 NIST Recommended Key Size

Symmetric Cryptosystem RSA and Diffie-Hellman Elliptic Curve Hyper Elliptic Curve 80 1024 160 80

112 2048 224 112

128 3072 256 128

192 7680 384 192

256 15360 512 256

The topological structure of the proposed network consists of biosensors, and .

Our proposed scheme has the following phases.

95

Initialization Phase

Session Key Establishment Phase

Secure Session Data Transmission Phase

Key Update Phase

4.5.2 BAN Initialization Phase

In this phase, each body sensor is preloaded with private key , and public

key prior to deployment on patient’s body. Private Key and public keys are

preloaded to along with public keys of all biosensors.

4.5.3 Session Key Establishment Phase

In this phase, session key is generated round wise and exchanged securely between

body sensors and using cost effective primitive signcryption for onward secure

patient’s data communication. Probabilistic signcryption algorithm 4.19 is

used to generate signcrypted text for session key .

Algorithm 4.19: Signcryption


a. Select a integer

b. Computes

c. Computes

d. Generate session key

e. Computes

f. Computes

g. Compute

Transmit Signcrypted text to

End for

obtain biosensor public key from certificate authority. Deterministic

unsigncryption algorithm (4.20) is used to obtain session key

from signcrypted text .

96

Algorithm 4.20: Unsigncryption


a. Computes

b. Computes

c. Computes

d. Computes

Check , if satisfied accept the , otherwise

End for

Theorem: The proposed scheme signcryption / unsigncryption is correct if

Proof:

4.5.4 Secure Session Data Transmission Phase

The hash of patient’s physiological data sensed by body sensors is taken for

computing hash value then the hash value and sensed data are encrypted to

compute cipher text for sending to medical officer via BS and MS for hurried

treatment. Algorithm (4.21) is used for the secure transmission of patient’s data.

97


Biosensor Node


a. sense data

b. Computes

c. Computes

d. Sends to

End for

Medical Server

Algorithm 4.22: Session Data Decryption

for each biosensor encrypted data

e. ( )

f.

g. Accept if Save data to patient record otherwise

End for

4.5.5 Key Update Phase

The important feature of our solution is round wise updating of session keys to block

cryptanalyst attack while getting advantage of old keys. Fresh keys guarantee forward

and backward secrecy of information that significantly reduce the chance of misuse of

patient personnel data from biosensors to the decision maker . The proposed

algorithm 4.23 updates session key at the end of each round both on body sensors and

in such a way that the hash of last data of a round is computed and then

of the last round secret session key and last data of a round is taken

to compute fresh secret session key , where three rounds are taken in twenty four

hour each of eight hours. Round ( ) starts if = 11 and ends on =00.

98


3. Biosensor

for each biosensor encrypted data

a. Computes where is last round data

b. Computes

4. Medical Server

c. Computes

a. Computes

End for


The secure communication of collected patient health status data from biosensors to the

intended recipient (medical specialist) is the key addressable issue of BANs. Our

scheme is based on computationally infeasible hard problem using Hyper Elliptic

Curve Discrete Log Problem ( ) (Boukerche & Ren, 2008).This scheme is

protected against expected threats and fulfills all basic security parameters described

below:


Proposed scheme signcryption a public key primitive and the public key certificate of


information received from each sensor at is achieved. Authenticity of information

received at sensor is achieved by and function.

4.5.6.2 Key Agreement

To ensure efficient and secure confidential message dissemination using symmetric

cipher, session key is established using signcryption that ensure authenticated session

key agreement.

99

4.5.6.3 Key Update

In proposed scheme rekeying is perform to update the previous session key established

that ensure key freshness.


In proposed scheme use of algorithm PST having and functionality

used to track the patient and biosensors.

4.5.6.5 Message and Session Key Confidentiality

The confidential transmission of patient physiological data from the source to target is

essential, for this purpose symmetric algorithm is used to protect patient data from

reading of illegal users. In our scheme, confidential transmission of session key is

performed using .

4.5.6.6 Message and Session Key Integrity

Integrity is an important property of our proposed scheme where patient data is

protected from modification. Integrity is achieved using one-way hash collision

resistive function .


In proposed scheme, has the authority to blacklist the node and revoke the key.

Moreover, rekeying is performed to update the previous session key established.

4.5.6.8 Forward and Backward Secrecy

In proposed scheme when a node joins or leaves the network, rekeying is performed

that ensure forward and backward secrecy.


Proposed scheme ensures data freshness by using time stamp . It ensures that

received data are not replayed and fresh enough.

100

4.5.6.10 Denial of service

In the proposed scheme, nodes are authenticated using public key certificate and only

critical data is disseminated. If an attacker wants to send bulk of data that will be

blacklisted, it may be infeasible for an attacker to join the network and launch the denial

of service attack.


The patient is registered and nodes are authenticated using public key certificate, which

is hard for an attacker to launch masquerade attack.


The design architecture is scalable and a node can be added or removed as per the

requirement of the network without changing the structure of the network.

Table 4. 33 Security Comparisons of Proposed and Existing Schemes

Schemes

Proposed Scheme 5th Y Y Y Y Y Y Y Y Y Y Y Y


IEEE 802.15.6 Protocol II Y Y Y N Y Y Y N N N N Y







The parameters for the evaluation of our scheme are cost and overhead. We have

analyzed our scheme with other existing schemes on the basis of these parameters. The

efficiency of our proposed scheme is prominent than the other schemes.

101

4.5.7.1 Computational Cost Analysis

In our proposed scheme the major operation is . In (Drira et al) scheme one

and one , one paring and one modular multiplication (Mul) and in (

Lee et al) two and one hash are used while in our proposed scheme two

is used. The analysis is shown in Fig 4.34.



Pairing Proposed Scheme 5th





(Drira et al 2012)

(Lee et al 2014)

(Daojing et al 2014) 3 3 2

Table 4. 32 Computation Cost Comparison on Biosensor Side




(Drira et al 2012)

(Lee et al 2014)


102

0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

(Com

puta

tion

Cos

t in

ms)

(Number of nodes)

Proposed Scheme 5th

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 19. Computational Cost at Biosensor Side


Scheme Computation Cost at MS Side

Proposed Scheme 5th





(Drira et al 2012)

(Lee et al 2014)




Existing Schemes Percent Efficiency of the Proposed scheme IEEE 802.15.6 Protocol I, II, III (2012)


(Drira et al 2012)

(Lee et al 2014)


103

0 2 4 6 8 10

0

500

1000

1500

2000

2500

3000

3500

4000

4500

(Com

puta

tion

Cos

t in

ms)

(Number of nodes)

Proposed Scheme 5th

Standard I,II,III

Standard IV

Drira et al

Lee et al

Daojing et al

Fig.4. 20. Computational Cost at Base Station Side


The maximum energy is consumed on transmission of patients data which depends

upon the packet size and distance between source to target. Due to use of smaller key

size, our proposed scheme is efficient in communication overhead as compare to other

schemes. The analysis is shown in Table. 4.38.

Table 4. 38 Cost Comparison of Existing and Proposed Scheme

Schemes Total Number of Messages Exchanged

Total Number of Bits Exchanged

Proposed Scheme 5th





(Drira et al 2012)

(Lee et al 2014)


104



Existing Schemes



(Drira et al 2012)

(Lee et al 2014)


0 2 4 6 8 10

0

5000

10000

15000

20000

(Com

mun

icat

ion

Cos

t in

Bits

)

(Number of nodes)

Proposed Scheme 5th


Drira et al

Lee et al

Daojing et al

Fig.4. 21. Communication Cost on the Base of Number Nodes



Existing Schemes


Security Level 1 Security Level 2 Security Level 3


(Drira et al 2012)

(Lee et al 2014)


105


0

2000

4000

6000

8000

10000

12000

14000

(Com

mun

icat

ion

Cos

t in

Bits

)

(Security Level)

Proposed Scheme 5th


Drira et al

Lee et al

Daojing et al

Fig.4. 22. Communication Cost on the Base of Security Levels

4.5.8 Conclusion

This scheme addresses the key issue of BANs security while using HECC based

signcryption, which significantly out performs as compare to other cryptographic

solutions. In our novel key agreement frame work HECC 80 bits base filed offer the

same security level with enough lower computation, communication and storage cost.

One hop reduction due to avoidance of cluster head increases overall performance of

the network. The proposed scheme computationally efficient at biosensor side 21.12-

79.88% and at MS side 34.30-87.83%. Communication efficiency is 3.57-57.97% while in

security 21.67% efficient than (IEEE 802.15.6 protocol) and 80.14 efficient than ((Daojing

et al 2014)). The average percentage of (Drira et al) and (Lee et al) are -15.91% and -43

respectively. However our scheme provides enhanced security with five additional

features as compared to (Drira et al) and our scheme provides enhanced

security with six additional features as compared to (Lee et al). The

performance analysis of our proposed scheme with others depicted in graphs clearly

proves the appropriateness of our scheme for the resource constrained environment of

BANs.

106

Chapter 05

CONCLUSION AND FUTURE WORK

5.1 Conclusion

Probing the relevant literature and identifying the research gapes we have proposed a

secure and efficient framework incorporating five schemes. The existing schemes are

either high in cost or deficient in security parameters and are not feasible for the

constrained environment of BANs. Our proposed framework is addressing both the

issues of high cost and low security effectively by providing significant decrease in cost

and improvement in security. The enhanced security features are the countable

advantages of this frame work over existing, these are node authentication, key

agreement, key update, node tracking, message confidentiality, message integrity, key

revocation, forward secrecy and backward secrecy, data freshness, denial of service and

masquerade prevention along with scalability. Secure and light weight authentication

and key agreement scheme one is proposed for the security of where encrypted

is applied for secure node authentication that blocks illegal nodes. Cost effective

symmetric cipher is used for confidentiality of physiological data rather than costly

asymmetric cipher. The value of one way collision resistive hash function is decreased

and the resultant light weight compressed hash function is obtained for

maintaining integrity. Forward and backward secrecy is achieved by updating session

keys round-wise where is taken of the previous round last data with previous

round last session key in this way adversary would not be able to guess the key

for next round. Physical security feature of our scheme is used for tracking

patients/ biosensors and detecting dead or faulty biosensors within the transmission

range of . Our scheme is computationally efficient 60.05-89.81% at biosensor side,

60.05-92.61% at MS side and efficient in communication overhead from 83.92-92.99% as

compared to other schemes. Thus, this scheme provides improved security features

107

mentioned in Table 4.1 with minimal cost which make this scheme well fit for the

resource constrained environment of .

In scheme two we have proposed hybrid approach for authenticated key agreement

with rekeying for secure BANs. Our scheme is based on and symmetric

cryptography. The proposed scheme is efficient in computation cost at biosensor side

40.37-84.79% and at MS side 40.37-88.96% efficient in communication cost based on

number of nodes from 81.69-92.02% and security level 43.25-94.11%, fulfills the entire

security requirement of BANs.

Signcryption based on elliptic curve cryptography ( ) in is the unique feature

of scheme three. Life of the network is increased by cluster rotation among the sensors.

Forward and backward secrecy is maintained by rekeying. The proposed scheme is

favorable due to significant reduction in computation cost as well as communication

overhead for over other existing schemes while fulfilling essential security

parameters. The percent efficiency comparison of our proposed scheme with the

existing scheme is depicted in tables.

The scheme four is light weight as compare to other schemes due to the shorter

parameters of . The proposed scheme is efficient at biosensor side 7.10-76.31% and

MS side 53.55-91.40%. Communication overhead efficiency on the basis of number of

nodes is 81.69-92.02% and 43.25-94.11% in security levels. The significant cost reduction

along with integrity, confidentiality, authenticity and key updating can make this

scheme a better choice for the resource constrained set up of BANs.

Scheme five addresses the key issue of BANs security while using HECC based

signcryption which significantly out performs as compare to other cryptographic

solutions. In our novel key agreement technique HECC 80 bits base filed offer the same

security level with enough lower computation, communication and storage cost. One

hop reduction due to avoidance of cluster head increases overall performance of the

network. The proposed scheme is computationally efficient at biosensor side 21.12-

79.88% and at MS side 34.30-87.83%. Communication efficiency is 3.57-57.97% while in

108

security 21.67% efficient than (IEEE 802.15.6 protocol) and 80.14 efficient than ((Daojing

et al 2014)). The average percentage of (Drira et al) and (Lee et al) are -15.91% and -43

respectively. However, there is security trade-off between cost and security and our

scheme provides enhanced security with five additional features as

compared to (Drira et al) and provides enhanced security with six additional features

as compared to (Lee et al).

The performance and security analysis of our proposed framework with others

depicted in graphs and tables clearly proves the appropriateness of our framework for

the resource constrained environment of BANs.

Table 5. 1 Average Percent Efficiency of the Proposed Schemes on the basis of Computation Cost

Existing Scheme Scheme 1 Scheme 2 Scheme 3 Scheme 4 Scheme 5

IEEE 802.15.6 Protocol I, II, III 71.43% 56.94% 43.051% 43.05% 32.92%

IEEE 802.15.6 Protocol IV 77.43% 66.31% 55.43% 55.43% 47.51%

(Drira et al 2012) 82.59% 74.02% 65.63% 64.48% 59.52%

(Lee et al 2014) 60.05% 40.37% 21.12% 21.12% 7.10%

(Daojing et al 2014) 89.81% 84.79% 79.88% 79.88% 76.31%

Table 5. 2 Average Percent Efficiency of the Proposed Schemes on the basis of Communication Cost

Existing Scheme Scheme 1 Scheme 2 Scheme 3 Scheme 4 Scheme 5

IEEE 802.15.6 Protocol I, II, III 92.99% 92.02% 57.97% 57.97% 92.02%

IEEE 802.15.6 Protocol IV 87.5% 85.76% 25% 25% 85.76%

(Drira et al 2012) 86.15% 86.51% 28.94% 28.94% 86.51%

(Lee et al 2014) 83.92% 81.69% 3.5% 3.57% 81.69%

(Daojing et al 2014) 92.99% 92.02% 57.97% 57.97% 92.02%

109

Table 5. 3 Proposed Framework Security Improvement

Schemes Existing Work Security Our proposed work

Security Improvement

IEEE 802.15.6 Protocol I


(2012)

,


(2012)

,


(2012) (2012)

,

(Drira et al 2012) , ,

(Lee et al 2014) ,

(Daojing et al 2014) ,

5.2 Future Work

The transmission of normal status data is not necessary to be considered for the

decision making by the medical officers this can be just the wastage of resources with

degradation of network efficiency. We have used the critical data as the essential point

of communication to be recorded and utilized for quick decision making. In the future

all schemes/frameworks/protocols to be designed for BANs/BSNs should only focus

on the critical data in contrast to transmit normal status data for improving the

efficiency and prolonging the network life. This work can be enhanced using fuzzy

techniques by defining the data sets of different diseases and fuzzy based framework

for BANs can be developed. This framework can also be further extended by using the

110

lattice-valued fuzzy logic, the intuitionist fuzzy logic, bipolar fuzzy sets and fuzzy

attribute based secure framework for BANs.

111

References

Ali, A., Irum, S., Kausar, F., & Khan, F. A. (2013). A cluster-based key agreement scheme using keyed hashing for Body Area Networks. Multimedia Tools and Applications, 66(2), 201–214. http://doi.org/10.1007/s11042-011-0791-4.

Ali, A., & Khan, F. A. (2010). An improved EKG-based key agreement scheme for body area networks. In Information Security and Assurance, Springer Berlin Heidelberg, 298–308. http://doi.org/10.1007/978-3-642-13365-7_29.

Amin, N. U., Asad, M., & Chaudhry, S. A. (2012). An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. Networking, Sensing and Control (ICNSC), 2012 9th IEEE International Conference, 118–121. http://doi.org/10.1109/ICNSC.2012.6204902.

Amin, R. (2013). Cryptanalysis and An Efficient Secure ID-Based Remote User Authentication Scheme Using Smart, 75(13), 43–48.

Amin, R., Bengal-, W., & Rana, S. P. (2013). An Improvement of Wang . et . al .’ s Remote User Authentication Scheme Against Smart Card Security Breach, 75(13), 37–42.

Amin, R., & Biswas, G. P. (2015). A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS. Journal of Medical Systems, 39(3). http://doi.org/10.1007/s10916-015-0217-3.

Amin, R., Maitra, T., & Giri, D. (2013). An improved efficient remote user authentication scheme in multi-server environment using smart card. International Journal of Computer Applications, 69(22), 1–6. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.403.4667&rep=rep1&type=pdf.

Approved IEEE Draft Revision for IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Specific Requirements-Part 15.4B: Wireless Medium Access Control (MAC) and Physical . (2006). Retrieved from http://ieeexplore.ieee.org/articleDetails.jsp?arnumber=4040981.

Association, T.I.S.: IEEE P802.15.6-2012 Standard for Wireless Body Area Networks. http://standards.ieee.org/findstds/standard/802.15.6-2012.html. (n.d.).

Bao, S. Di, Poon, C. C. Y., Zhang, Y. T., & Shen, L. F. (2008). Using the timing information of heartbeats as an entity identifier to secure body sensor network. IEEE Transactions on Information Technology in Biomedicine, 12(6), 772–779. http://doi.org/10.1109/TITB.2008.926434.

Bhargav-Spantzel, A., Squicciarini, A. C., Modi, S., Young, M., Bertino, E., & Elliott, S. J. (2007). Privacy preserving multi-factor authentication with biometrics. Proceedings of the Second ACM Workshop on Digital Identity Management, 63–72. http://doi.org/10.1145/1179529.1179540.

112

Borger, C., Smith, S., Truffer, C., Keehan, S., Sisko, A., Poisal, J., & Clemens, M. K. (2006). Trends health spending projections through 2015: Changes on the horizon. Health Affairs, 25(2), 61–73. http://doi.org/10.1377/hlthaff.25.w61.

Boukerche, A., & Ren, Y. (2008). The design of a secure key management system for mobile ad hoc networks. 2008 33rd IEEE Conference on Local Computer Networks (LCN), 320–327. http://doi.org/10.1109/LCN.2008.4664186.

Cao, T., & Zhai, J. (2013). Improved dynamic ID-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2). http://doi.org/10.1007/s10916-012-9912-5.

Ch, S. A., Uddin, N., Sher, M., Ghani, A., Naqvi, H., & Irshad, A. (2014). An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography,. Multimedia Tools and Applications, 74(5), 1711–1723. http://doi.org/10.1007/s11042-014-2283-9.

Challa, N., Çam, H., & Sikri, M. (2008). Secure and Efficient Data Transmission over Body Sensor and Wireless Networks. EURASIP Journal on Wireless Communications and Networking, 14(1), 60–68. http://doi.org/10.1155/2008/291365.

Chen, H.-M., Lo, J.-W., & Yeh, C.-K. (2012). An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems. Journal of Medical Systems, 36(6), 3907–3915. http://doi.org/10.1007/s10916-012-9862-y.

Chen, M., Gonzalez, S., Vasilakos, A., Cao, H., & Leung, V. C. M. (2011). Body area networks: A survey. Mobile Networks and Applications, 16(2), 171–193. http://doi.org/10.1007/s11036-010-0260-8.

Cherukuri, S., Venkatasubramanian, K. K., & Gupta, S. K. S. (2003). Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. International Conference on Parallel Processing Workshops, 2003. Proceedings., 432–439. http://doi.org/10.1109/ICPPW.2003.1240399.

Cleland, J. G. F., Swedberg, K., Follath, F., Komajda, M., Cohen-Solal, a., Aguilar, J. C., … Mason, J. (2003). The EuroHeart Failure survey programme - A survey on the quality of care among patients with heart failure in Europe. Part 1: Patient characteristics and diagnosis. European Heart Journal, 24(5), 442–463. http://doi.org/10.1016/S0195-668X(02)00823-0.

Crosby, G., Ghosh, T., Murimi, R., & Chin, C. (2012). Wireless body area networks for healthcare: a survey. International Journal of Ad Hoc, Sensor & Ubiquitous Computing (IJASUC), 3(10). Retrieved from https://scholar.google.com.pk/scholar?hl=en&q=Wireless+Body+Area+Networks+for+Healthcare%3A+A+Survey&btnG=&as_sdt=1%2C5&as_sdtp=#0.

Darwish, A., & Hassanien, A. (2011). Wearable and implantable wireless sensor network solutions for healthcare monitoring. Sensors, 11(6), 5561–5595. Retrieved from http://www.mdpi.com/1424-8220/11/6/5561/htm.

113

Das, A. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145. http://doi.org/10.1049/iet-ifs.2010.0125.

Das, A., & Goswami, A. (2013). A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 1–16. Retrieved from http://link.springer.com/article/10.1007/s10916-013-9948-1.

Das, A. K., & Bruhadeshwar, B. (2013). An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System. Journal of Medical Systems, 37(5), 1–17. http://doi.org/10.1007/s10916-013-9969-9.

Debiao, H., Jianhua, C., & Rui, Z. (2011). A More Secure Authentication Scheme for Telecare Medicine Information Systems. Journal of Medical Systems, 36(3), 1989–1995. http://doi.org/10.1007/s10916-011-9658-5.

Disease, H., Every, K., & News, F. (2015). Heart Disease Kills Every 34 Seconds in U . S ., 7–8.

Domenicali, D., & Benedetto, M.-G. Di. (2007). Performance Analysis for a Body Area Network composed of IEEE 802.15.4a devices. 4th Workshop on Positioning, Navigation and Communication, 2007, 273–276. http://doi.org/10.1109/WPNC.2007.353645.

Dong, J., & Smith, D. (2012). Cooperative body-area-communications: Enhancing coexistence without coordination between networks. IEEE 23rd International Symposium on Personal Indoor and Mobile Radio Communications (PIMRC), 2269–2274. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6362733.

Drira, W., Renault, É., & Zeghlache, D. (2012). A hybrid authentication and key establishment scheme for WBAN. Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012, 78–83. http://doi.org/10.1109/TrustCom.2012.31.

Du, W. (2005). A Pairwise Key Pre-distribution Scheme for Wireless Sensor Networks. ACM Trans. Inf. Syst. Security, 8(2), 228–258.

Eldefrawy, M. H., Khan, M. K., & Alghathbar, K. (2010). A key agreement algorithm with rekeying for wireless sensor networks using public key cryptography. Anti-Counterfeiting Security and Identification in Communication (ASID), 2010 International Conference on, 1–6. http://doi.org/10.1109/ICASID.2010.5551480.

Eschenauer, L., & Gligor, V. D. (2002). A key-management scheme for distributed sensor networks. 9th ACM Conference on Computer and Communications Security, 41–47.

Garnaut, J. (2012). Wireless Medium Access Control (MAC) and Physical Layer (PHY)

114

Specification for Low-Rate Wireless Personal Area Networks. Smh. Retrieved from http://www.smh.com.au/world/philippines-and-china-clash-as-tensions-rise-over-oilrich-seas-20120411-1ws5q.html#ixzz2246vAQlQ.

Grabbe, J. (1992). The DES algorithm illustrated. Laissez Faire City Times, 2(28), 1–15. Retrieved from http://www.orlingrabbe.com/des.htm.

Guo, C., & Chang, C. C. (2013). Chaotic maps-based password-authenticated key agreement using smart cards. Communications in Nonlinear Science and Numerical Simulation, 18(6), 1433–1440. http://doi.org/10.1016/j.cnsns.2012.09.032.

H. Cam, S. Ozdemir, P. Nair, D. M. and H. O. S. (1999). LAW OF THE PEOPLE’S REPUBLIC OF CHINA ON MEDICAL PRACTITIONERS. Retrieved April 8, 2015, from http://www.asianlii.org/cn/legis/cen/laws/lotprocomp511/.

Halteren, V. (2004). Mobile Patient Monitoring: The MobiHealth System. The Journal on Information Technology in Healthcare, 2(5), 365–373. http://doi.org/10.3233/978-1-60750-946-2-307.

Hash, J., Bowen, P., Johnson, A., Smith, D., Smith, C. D., & Steinberg, D. I. (2005). An introductory resource guide for implementing the health insurance portability and accountability act (HIPAA) security rule, (NIST Special Publication., pp. 800–866,).

He, D., Chan, S., & Tang, S. (2014). A novel and lightweight system to secure wireless medical sensor networks. IEEE Journal of Biomedical and Health Informatics, 18(1), 316–326. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6541953.

He, D., Chan, S., Zhang, Y., & Yang, H. (2014). Lightweight and confidential data discovery and dissemination for wireless body area networks. IEEE Journal of Biomedical and Health Informatics, 18(2), 440–448. http://doi.org/10.1109/JBHI.2013.2293620.

He, W., Huang, Y., Sathyam, R., Nahrstedt, K., & Lee, W. C. (2009). SMOCK: A scalable method of cryptographic key management for mission-critical wireless ad-hoc networks. IEEE Transactions on Information Forensics and Security, 4(1), 140–150. http://doi.org/10.1109/TIFS.2008.2009601.

Healey, J., & Picard, R. (2005). Detecting stress during real-world driving tasks using physiological sensors. IEEE Transactions on Intelligent Transportation Systems, 6(2), 156–166. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1438384.

Heart Failure Fact Sheet|Data & Statistics|DHDSP|CDC. (n.d.). Retrieved August 7, 2015, from http://www.cdc.gov/dhdsp/data_statistics/fact_sheets/fs_heart_failure.htm.

IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements. Part 15.3: Wireless Medium Access Control (MAC) and Physical

115

Layer (PHY) Specifications. (2009). http://doi.org/10.1109/IEEESTD.2009.5284444.

IEEE Standard for Information technology--Telecommunications and information exchange between systems Local and metropolitan area networks--Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. (2012). http://doi.org/10.1109/IEEESTD.2012.6178212.

IEEE Standards Association - Documents. (n.d.). Retrieved August 7, 2015, from https://mentor.ieee.org/802.15/documents.

Information, F. (2001). Announcing the ADVANCED ENCRYPTION STANDARD ( AES ).

Iqbal, J., Amin, N. U., & Umar, A. I. (2013). Authenticated key agreement and cluster head selection for Wireless Body Area Networks. 2nd National Conference on Information Assurance (NCIA), 113–117. http://doi.org/10.1109/NCIA.2013.6725334.

Iqbal, J., Amin, N., Umar, A. I., & Waheed, A. (n.d.). Enhanced Key Agreement and Authentication Protocol for Body Sensor Network.

Irum, S., Ali, A., Khan, F. A., & Abbas, H. (2013). A hybrid security mechanism for intra-wban and inter-WBAN communications. International Journal of Distributed Sensor Networks. http://doi.org/10.1155/2013/842608.

Islam, S. H., & Biswas, G. P. (2011). A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84(11), 1892–1898. http://doi.org/10.1016/j.jss.2011.06.061.

Jiang, Q., Ma, J., Ma, Z., & Li, G. (2013). A privacy enhanced authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(1). http://doi.org/10.1007/s10916-012-9897-0.

Juels, A., & Sudan, M. (2006). A fuzzy vault scheme. Designs, Codes, and Cryptography, 38(2), 237–257. http://doi.org/10.1007/s10623-005-6343-z.

Khan. (2009). Medical Applications of Wireless Body Area Networks. International Journal of Digital Content Technology and Its Applications, 3(3), 185–193. http://doi.org/10.4156/jdcta.vol3.issue3.23.

Khan, M. K., Kumari, S., & Gupta, M. K. (2014). More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing, 96(9), 793–816. http://doi.org/10.1007/s00607-013-0308-2.

Khan, M. K., & Zhang, J. (2007). Improving the security of “a flexible biometrics remote user authentication scheme.” Computer Standards & Interfaces, 29(1), 82–85. http://doi.org/10.1016/j.csi.2006.01.002.

Ko, J., Lu, C., & Srivastava, M. (2010). Wireless sensor networks for healthcare. IEEE Proceedings, 98(11), 1947–1960. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5570866.

116

Koblitz, N. (1989). Hyperelliptic cryptosystems. Journal of Cryptology, 1(3), 139–150. http://doi.org/10.1007/BF02252872.

Korhonen, I., & Bardram, J. E. (2004). Guest Editorial Introduction to the Special Section on Pervasive Healthcare. IEEE Transactions on Information Technology in Biomedicine, 8(3), 405–414. http://doi.org/10.1109/TITB.2004.835337.

Kumar, M., Gupta, M. K., & Kumari, S. (2011). An Improved Efficient Remote Password Authentication Scheme with Smart Card over Insecure Networks, 13(3), 167–177.

Kumari, S., & Gupta, M. (2014). An improved timestamp based password authentication scheme: comments, cryptanalysis, and improvement. Security and Communication Networks, 7(11), 1921–1932. Retrieved from http://onlinelibrary.wiley.com/doi/10.1002/sec.906/full.

Kumari, S., & Khan, M. (2014a). Cryptanalysis and improvement of “a robust smart‐ card‐ based remote user password authentication scheme.” International Journal of Communication …. Retrieved from http://onlinelibrary.wiley.com/doi/10.1002/dac.2590/full.

Kumari, S., & Khan, M. (2014b). More secure smart card based remote user password authentication scheme with user anonymity. Security and Communication Networks, 7(11), 2039–2053. Retrieved from http://onlinelibrary.wiley.com/doi/10.1002/sec.916/full.

Kumari, S., Khan, M. K., & Kumar, R. (2013). Cryptanalysis and Improvement of “A Privacy Enhanced Scheme for Telecare Medical Information Systems.” Journal of Medical Systems, 37(4), 1–11. http://doi.org/10.1007/s10916-013-9952-5.

Kumari, S., Khan, M. K., & Li, X. (2014). An improved remote user authentication scheme with key agreement. Computers & Electrical Engineering, 40(6), 1997–2012. http://doi.org/10.1016/j.compeleceng.2014.05.007.

Kumari, S., Khan, M., Li, X., & Wu, F. (2014). Design of a user anonymous password authentication scheme without smart card. International Journal of Communication Systems. Retrieved from http://onlinelibrary.wiley.com/doi/10.1002/dac.2853/full.

Kurs, A., Karalis, A., Moffatt, R., & Joannopoulos, J. (2007). Wireless power transfer via strongly coupled magnetic resonances. Science, 317(5834), 83–86. Retrieved from http://www.sciencemag.org/content/317/5834/83.short.

Kwak, K., Ullah, S., & Ullah, N. (2010). An overview of IEEE 802.15. 6 standard. IEEE 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL), 1–6. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5702867.

Latré, B., Braem, B., Moerman, I., Blondia, C., & Demeester, P. (2011). A survey on wireless body area networks. Wireless Networks, 17(1), 1–18. http://doi.org/10.1007/s11276-010-0252-4.

117

Le, X. H., Khalid, M., Sankar, R., & Lee, S. (2011). An Efficient Mutual Authentication and Access Control Scheme for Wireless Sensor Networks in Healthcare. Journal of Networks, 6(3), 355–364. http://doi.org/10.4304/jnw.6.3.355-364.

Lee, T. F., & Liu, C. M. (2013). A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 37(3), 2–8. http://doi.org/10.1007/s10916-013-9933-8.

Lee, T.-F. (2013). An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems. Journal of Medical Systems, 37(6), 1–9. http://doi.org/10.1007/s10916-013-9985-9.

Lee, Y. S., Alasaarela, E., & Lee, H. J. (2014). An efficient encryption scheme using elliptic curve cryptography (ECC) with symmetric algorithm for healthcare system. International Journal of Security and Its Applications, 8(3), 63–70. http://doi.org/10.14257/ijsia.2014.8.3.07.

Lewis, N., Foukia, N., & Govan, D. G. (2008). Using trust for key distribution and route selection in wireless sensor networks. 2008 Ieee Network Operations and Management Symposium, Vols 1 and 2, 787–790 1078. Retrieved from <Go\nto\nISI>://000259262400102.

Li, C.-T., & Hwang, M.-S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5. http://doi.org/10.1016/j.jnca.2009.08.001.

Li, X., Niu, J.-W., Ma, J., Wang, W.-D., & Liu, C.-L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79. http://doi.org/10.1016/j.jnca.2010.09.003.

Lin, H. Y. (2013). On the security of a dynamic ID-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2). http://doi.org/10.1007/s10916-013-9929-4.

Liu, A., & Ning, P. (2008). TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. Proceedings - 2008 International Conference on Information Processing in Sensor Networks, IPSN 2008, 245–256. http://doi.org/10.1109/IPSN.2008.47.

Liu, D., Ning, P., & Li, R. (2005). Establishing pairwise keys in distributed sensor networks. ACM Transactions on Information and System Security, 8(1), 41–77. http://doi.org/10.1145/1053283.1053287.

Liu, J., Zhang, Z., Chen, X., & Kwak, K. S. (2014). Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Transactions on Parallel and Distributed Systems, 25(2), 332–342. http://doi.org/10.1109/TPDS.2013.145.

Malan, D., Fulford-Jones, T., Welsh, M., & Moulton, S. (2004). CodeBlue: An ad hoc

118

sensor network infrastructure for emergency medical care. In International Workshop on Wearable and Implantable Body Sensor Networks, 5, 12–14.

Malan, D. J., Welsh, M., & Smith, M. D. (2004). A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography. Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004. 2004 First Annual IEEE Communications Society Conference On. IEEE, 71–80. http://doi.org/10.1109/SAHCN.2004.1381904.

Malasri, K., & Wang, L. (2007). Addressing security in medical sensor networks. Proceedings of the 1st ACM SIGMOBILE International Workshop on Systems and Networking Support for Healthcare and Assisted Living Environments. ACM, 7–12. http://doi.org/10.1145/1248054.1248058.

Malasri, K., & Wang, L. (2009). Design and Implementation of a SecureWireless Mote-Based Medical Sensor Network. Sensors, 9(8), 6273–6297. http://doi.org/10.3390/s90806273..

Mehmood, Z., Nizamuddin, Ashraf Ch., S., Nasar, W., & Ghani, A. (2012). An efficient key agreement with rekeying for secured body sensor networks. 2012 2nd International Conference on Digital Information Processing and Communications, ICDIPC 2012, 164–167. http://doi.org/10.1109/ICDIPC.2012.6257295.

Misra, S., & Islam, N. (2014). Green wireless body area nanonetworks: Energy management and the game of survival. IEEE Journal ofBiomedical and Health, 18(2), 467–475. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6678203.

Movassaghi, S., Abolhasan, M., Lipman, J., Smith, D., & Jamalipour, A. (2014). Wireless Body Area Networks: A Survey. IEEE Communications Surveys & Tutorials, 16(3), 1658–1686. http://doi.org/10.1109/SURV.2013.121313.00064.

Nizamuddin, Ch., S. A., & Amin, N. (2011). Signcryption schemes with forward secrecy based on hyperelliptic curve cryptosystem. In 8th International Conference on High-capacity Optical Networks and Emerging Technologies (pp. 244–247). IEEE. http://doi.org/10.1109/HONET.2011.6149826.

Oliveira, L. B., Dahab, R., Lopez, J., Daguano, F., & Loureiro, A. A. F. (2007). Identity-based Encryption For Sensor Networks. Percom, 290–294.

Orlitsky, a. (1991). Worst-case interactive communication. II. Two messages are not optimal. IEEE Transactions on Information Theory, 37(4), 995–1005. http://doi.org/10.1109/18.86993.

Otto, C., & Milenkovic, A. (2006). System architecture of a wireless body area sensor network for ubiquitous health monitoring. Journal of Mobile Multimedia, 1(4), 307–3261. Retrieved from http://doktora.kirbas.com/Eng Makaleler/system architecture of a wireless body area sensor network for ubiquitous health monitoring.pdf.

119

Parliament., E. (n.d.). DIRECTIVE 2002/58/EC of the European Parliament and Council of concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

Pdf, T. P., Journal, E., Communications, W., Ali, A., Khan, F. A., Article, I., … Wcn, E. (2013). Energy-efficient cluster-based security mechanism for intra-WBAN and inter-WBAN communications for healthcare applications, 1–19. http://doi.org/10.1186/1687-1499-2013-216.

Perring, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J. D., Perrig, A., & Szewczyk, R. (2002). SPINS: Security Protocols for Sensor Networks. Wirless Networks, 8(5), 521–534.

Poon, C., & Zhang, Y. T. (2008). Perspectives on high technologies for low-cost healthcare: The Chinese scenario. IEEE Engineering in Medicine and Biology Magazine, 27(5), 42–47. http://doi.org/10.1109/MEMB.2008.923955.

Qadri, S., Awan, S., Amjad, M., Anwar, M., & Shehzad, S. (2013). APPLICATIONS, CHALLENGES, SECURITY OF WIRELESS BODY AREA NETWORKS (WBANS) AND FUNCTIONALITY OF IEEE 802.15. 4/ZIGBEE. Retrieved from http://www.sci-int.com/pdf/519309293-697-702-Furqan Gillani-FSD- composed 25-3-13.pdf.

Qadri, S. F., Awan, S. A., Amjad, M., Anwar, M., & Shehzad, S. (2013). Applications , Challenges , Security of Wireless Body Area Networks ( Wbans ) and Functionality of, 25(4), 697–702.

Sankaran, S., Husain, M., & Sridhar, R. (2009). IDKEYMAN: An Identity-Based Key Management Scheme for Wireless Ad Hoc Body Area Networks. 5th Annual Symposium on Information Assurance (ASIA’09). Retrieved from http://www.albany.edu/iasymposium/proceedings/2009/ASIA09FinalProceedings.pdf#page=32.

Sastry, N., & Wagner, D. (2004). Security considerations for IEEE 802.15.4 networks. In Proceedings of the 3rd ACM Workshop on Wireless Security, 32–42. http://doi.org/10.1145/1023646.1023654.

Schwiebert, L., Gupta, S. K. S., & Weinmann, J. (2001). Research challenges in wireless networks of biomedical sensors. In Proceedings of the 7th annual international conference on Mobile computing and networking - MobiCom ’01 (pp. 151–165). New York, New York, USA: ACM Press. http://doi.org/10.1145/381677.381692.

Selimis, G., Huang, L., Massé, F., Tsekoura, I., Ashouei, M., Catthoor, F., … De Groot, H. (2011). A lightweight security scheme for wireless body area networks: Design, energy evaluation and proposed microprocessor design. Journal of Medical Systems, 35(5), 1289–1298. http://doi.org/10.1007/s10916-011-9669-2.

Seyedi, M., Kibret, B., Lai, D. T. H., & Faulkner, M. (2013). A survey on intrabody communications for body area network applications. IEEE Transactions on

120

Biomedical Engineering, 60(8), 2067–2079. http://doi.org/10.1109/TBME.2013.2254714.

Shi, J., Lam, K., Gu, M., & Li, H. (2010). BodySec: synchronized key distribution using biometric slots for wireless body sensor networks. ACM SIGMOBILE Mobile Computing and Communications Review, 14(1), 22–24. Retrieved from http://dl.acm.org/citation.cfm?id=1837197.

Shi, J., Lam, K. Y., Gu, M., Li, M., & Chung, S. L. (2011). Energy-efficient key distribution using electrocardiograph biometric set for secure communications in wireless body healthcare networks. Journal of Medical Systems, 35(5), 745–753. http://doi.org/10.1007/s10916-010-9467-2.

Shi, L., Li, M., Yu, S., & Yuan, J. (2013). BANA  : Body Area Network Authentication, 31(9), 1803–1816. http://doi.org/10.1145/2185448.2185454.

Shnayder, V., Chen, B., Lorincz, K., Jones, T., & Welsh, M. (2005). Sensor networks for medical care. In SenSys, 5, 314–314. Retrieved from http://www.brchen.com/papers/codeblue-techrept05.pdf.

Singelée, D., Latré, B., & Braem, B. (2008). A secure cross-layer protocol for multi-hop wireless body area networks. Ad-Hoc, Mobile and Wireless Networks. Springer Berlin Heidelberg, 94–107. Retrieved from http://link.springer.com/chapter/10.1007/978-3-540-85209-48.

Singh, K., & Muthukkumarasamy, V. (2011). Using physiological signals for authentication in a group key agreement protocol. 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 720–725. http://doi.org/10.1109/INFCOMW.2011.5928906.

Staderini, E. (2002). UWB radars in medicine. IEEE Aerospace and Electronic Systems Magazine, 17(1), 13 – 18. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=978359.

Szczechowiak, P., Oliveira, L., & Scott, M. (2008). NanoECC: Testing the limits of elliptic curve cryptography in sensor networks. Ewsn, 305–320. http://doi.org/10.1007/978-3-540-77690-1_19.

Uhsadel, L., Poschmann, A., & Paar, C. (2007). Enabling Full-Size Public-Key Algorithms on 8-Bit Sensor Nodes. In Security and Privacy in Ad-Hoc and Sensor Networks,Springer Berlin Heidelberg, 73–86.

Ullah, S., Higgins, H., Braem, B., Latre, B., Blondia, C., Moerman, I., … Kwak, K. S. (2012). A comprehensive survey of wireless body area networks on PHY, MAC, and network layers solutions. Journal of Medical Systems, 36(3), 1065–1094. http://doi.org/10.1007/s10916-010-9571-3.

Ullah, S., Higgins, H., Shen, B., & Kwak, S. (2010). On the implant communication andMAC protocols forWBAN. International Journal of Communication Systems, 23, 982–999. http://doi.org/10.1002/dac.

121

Ullah, S., Khan, P., Ullah, N., Saleem, S., Higgins, H., & Kwak, K. S. (2009). A Review of Wireless Body Area Networks for Medical Applications. International J. of Communications, Network and System Sciences (IJCNS), 2(8), 797–803. http://doi.org/10.4236/ijcns.2009.28093.

Varshney, U. (2007). Pervasive healthcare and wireless health monitoring. Mobile Networks and Applications, 12(2-3), 113–127. Retrieved from http://dl.acm.org/citation.cfm?id=1295207.

Venkatasubramanian, K. K., Banerjee, A., & Gupta, S. K. S. (2010). PSKA: Usable and secure key agreement scheme for body area networks. EURASIP Journal on Wireless Communications and Networking, 14(1), 60–68. http://doi.org/10.1109/TITB.2009.2037617.

Venkatasubramanian, K. K., & Gupta, S. K. S. (2006). Security for Pervasive Health Monitoring Sensor Applications. Fourth International Conference on Intelligent Sensing and Information Processing, 197–202. http://doi.org/10.1109/ICISIP.2006.4286096.

Venkatasubramanian, K. K., & Gupta, S. K. S. (2010). Physiological value-based efficient usable security solutions for body sensor networks. ACM Transactions on Sensor Networks, 6(4), 1–36. http://doi.org/10.1145/1777406.1777410.

Venkatasubramanian, K. K., Venkatasubramanian, V., Banerjee, A., & Gupta, S. K. S. (2008). EKG-based key agreement in Body Sensor Networks. IEEE INFOCOM Workshops 2008, 1–6. http://doi.org/10.1109/INFOCOM.2008.4544608.

Virone, G., Wood, A., & Selavo, L. (2006). An advanced wireless sensor network for health monitoring. In Transdisciplinary Conference on Distributed Diagnosis and Home Healthcare, 2–4. Retrieved from http://faculty.kfupm.edu.sa/COE/mayez/ps-coe541/sample-projects/Medical-Applications-Wireless-Sensor Networks/10.1.1.64.7346.pdf.

Wang, W., Wang, C., & Zhao, M. (2014). Resource optimized ttsh-ura for multimedia stream authentication in swallowable-capsule-based wireless body sensor networks. Biomedical and Health Informatics, …. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6675829.

Warren, S., Lebak, J., Yao, J., Creekmore, J., Milenkovic, A., & Jovanov, E. (2005). Interoperability and security in wireless body area network infrastructures. Conference Proceedings  : ... 27 Annual International Conference of the IEEE Engineering in Medicine and Biology Society. IEEE Engineering in Medicine and Biology Society. Conference, 3837–3840. http://doi.org/10.1109/IEMBS.2005.1615297.

Wei, J., Hu, X., & Liu, W. (2012). An Improved Authentication Scheme for Telecare Medicine Information Systems. Journal of Medical Systems, 36(6), 3597–3604. http://doi.org/10.1007/s10916-012-9835-1.

Welsh, M., & Berkeley, T. U. C. (2005). CodeBlue  : A Wireless Sensor Network for Medical Care and Disaster Response Introduction  : Sensor Networks. Telos.

122

Wheeler, A. (2007). Commercial applications of wireless sensor networks using ZigBee. IEEE Communications Magazine, 45(4), 70–77. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4149662.

William, C., Tan, C. C., & Wang, H. (2008). Body Sensor Network Security: An Identity-Based Cryptography Approach. In Proceedings of the 1st ACM Conference on Wireless Network Security (WiSec ’08),Virginia, USA, 148–153. http://doi.org/10.1145/1352533.1352557.

Wood, a., Virone, G., Doan, T., & Cao, Q. (2006). ALARM-NET: Wireless sensor networks for assisted-living and residential monitoring. University of Virginia Computer Science Department Technical Report 2, 1–14. http://doi.org/10.1109/MNET.2008.4579768.

Wu, G., Yao, L., Liu, B., Yao, K., & Wang, J. (2011). A biometric key establishment protocol for body area networks. International Journal of Distributed Sensor Networks. http://doi.org/10.1155/2011/282986.

Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., & Chung, Y. (2012). A secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1529–1535. http://doi.org/10.1007/s10916-010-9614-9.

Xie, Q., Zhang, J., & Dong, N. (2013). Robust anonymous authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2). http://doi.org/10.1007/s10916-012-9911-6.

Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., & He, L. (2013). A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems. Journal of Medical Systems, 38(1), 1–7. http://doi.org/10.1007/s10916-013-9994-8.

Yang, Q., Lim, A., Li, S., Fang, J., & Agrawal, P. (2008). ACAR: Adaptive Connectivity Aware Routing Protocol for Vehicular Ad Hoc Networks. 2008 Proceedings of 17th International Conference on Computer Communications and Networks, 1–6. http://doi.org/10.1109/ICCCN.2008.ECP.107.

Yuce, M., & Khan, J. (2011). Wireless body area networks: technology, implementation, and applications. CRC Press. Retrieved from https://books.google.com.pk/books?hl=en&lr=&id=_NvMBQAAQBAJ&oi=fnd&pg=PP1&dq=Wireless+Body+Area+Networks:+Technology,+Implementation,+and+applications&ots=m3ZP2_MxUi&sig=SkGjZPVz_Rc_MKGa8l1sAp3IgAo.

Yuce, M. R., Ng, S. W. P., Myo, N. L., Khan, J. Y., & Liu, W. (2007). Wireless body sensor network using medical implant band. Journal of Medical Systems, 31(6), 467–474. http://doi.org/10.1007/s10916-007-9086-8.

Zhao, S., Aggarwal, A., Frost, R., & Bai, X. (2012). A survey of applications of identity-based cryptography in mobile ad-hoc networks. IEEE Communications Surveys and Tutorials, 14(2), 380–399. http://doi.org/10.1109/SURV.2011.020211.00045.

123

Zhao, X., Fei, D., & Doarn, C. (2004). A telemedicine system for wireless home healthcare based on bluetoothTM and the internet. Telemedicine and E-Health, 10(supplement 2), 573–590. Retrieved from http://online.liebertpub.com/doi/abs/10.1089/tmj.2004.10.S-110.

Zhen, B., Kohno, R., & Li, H. (2007). Body Area Network and Its Standardization at IEEE 802.15. MBAN. 16th IST Mobile and Wireless Communications Summit, 1–5.

Zheng, Y. (1997). Digital signcryption or how to achieve cost (signature & encryption) cost (signature)+ cost (encryption). Advances in Cryptology — Crypto ’97, (March), 165–179. http://doi.org/10.1007/BFb0052234.

Zhu, Z. (2012). An Efficient Authentication Scheme for Telecare Medicine Information Systems. Journal of Medical Systems, 36(6), 3833–3838. http://doi.org/10.1007/s10916-012-9856-9.

Zimmerman, T. G., & Benton, S. a. (1995). Personal Area Networks ( PAN ): Near-Field Intra-Body Communication by Personal Area Networks ( PAN ): Near-Field Intra-Body Communication by. IBM Systems Journal, 35(3.4), 609–617.