DMASK-BAN: Improving the security of body area networks
TL;DR: Body area networks (BANs) are formed to collect the healthcare data of a person for diagnosis and the provision of treatments and these procedures are vulnerable to many attacks, especially denial of service (DoS).
About: This article is published in Computer Fraud & Security.The article was published on 2020-05-01. It has received 5 citations till now. The article focuses on the topics: Body area network & Authentication.
Citations
More filters
TL;DR: A comprehensive investigation of WBANs, from the sensor technology for the collection to the wireless transmissiontechnology for the transmission process, such as frequency bands, channel models, medium access control (MAC) and networking protocols are conducted.
Abstract: With the rapid growth in healthcare demand, an emergent, novel technology called wireless body area networks (WBANs) have become promising and have been widely used in the field of human health monitoring. A WBAN can collect human physical parameters through the medical sensors in or around the patient’s body to realize real-time continuous remote monitoring. Compared to other wireless transmission technologies, a WBAN has more stringent technical requirements and challenges in terms of power efficiency, security and privacy, quality of service and other specifications. In this paper, we review the recent WBAN medical applications, existing requirements and challenges and their solutions. We conducted a comprehensive investigation of WBANs, from the sensor technology for the collection to the wireless transmission technology for the transmission process, such as frequency bands, channel models, medium access control (MAC) and networking protocols. Then we reviewed its unique safety and energy consumption issues. In particular, an application-specific integrated circuit (ASIC)-based WBAN scheme is presented to improve its security and privacy and achieve ultra-low energy consumption.
12 citations
28 Apr 2021
TL;DR: In this article, the authors proposed a novel encryption technique named Dynamic Matrix Encryption (DME), which uses the concept of primary and secondary key concept where the primary key is actually a system-generated verifier and the secondary key will be provided by the medical assistance to whom we want to send our personal medical data or by the user who wants their personal report back.
Abstract: In order to secure the precious data and make a secure communication way between the user and their health assistance, the authors of this paper are going to suggest a novel encryption technique named Dynamic Matrix Encryption (DME). This method uses the concept of primary and secondary key concept where the primary key is actually a system-generated verifier and the secondary key will be provided by the medical assistance to whom we want to send our personal medical data or by the user who wants their personal report back. Here the authors explain the suggested encryption technique with a suitable example. In the suggested model every bit of data, including keys, will be in encrypted mode while traveling in the network.
11 citations
08 Apr 2021
TL;DR: In this paper, the authors discuss the concept of HIoT and present a survey on different types of privacy techniques already existed for securing the data in the Body Sensor Network, which can be used to track human health.
Abstract: The use of sensors to track human health will be at its height in the coming decade. The use of smartwatches for health assistance is now very common. Cloud Concepts, Internet of Things, and Wireless Sensor Networks stimulate the use of sensors. However, on the one hand, where human health information is efficiently processed to revert any recommendations, input, or messages, on the other hand, the information gathered by sensors is often revolving into an open network, making it open to everyone. This will be hazardous as if some intruders access anyone's data then the intruder knows all the health information of the person and can misguide him in various ways. Although such data is in small amounts still it is always precious for everyone and wants to keep them secret. This paper will first discuss the concept of HIoT and finally, present a survey on different types of privacy techniques already existed for securing the data in the Body Sensor Network.
9 citations
TL;DR: In this paper, a review examines and summarizes methodological approaches in WBAN relating to security, safety, reliability, and the fastest transmission, and recommends flying body area networks (FBAN) utilizing unmanned aerial vehicles for data transmission.
Abstract: Body area network (BAN) connects sensors and actuators to the human body in order to collect patient’s information and transmitting it to doctors in a confined space with limited users. wireless body area network (WBAN) is derived from wireless sensor networks (WSN) and enables to transfer of the patient's information with a wide range of communication due to the limitations of the wired body area network. It plays a vital role in healthcare monitoring, healthcare systems, medical field, sports field, and multimedia communication. Sensors and actuators lead to high energy consumption due to their tiny size. WBAN facilitates in securely storing patient information and transmitting it to the doctor without data loss at a specific time. This review examines and summarizes methodological approaches in WBAN relating to security, safety, reliability, and the fastest transmission. Flying body area networks (FBAN) utilizing unmanned aerial vehicles for data transmission are recommended to promote rapid and secure communication in WBAN. FBAN improve the security, scalability, and speed in order to transmit patient’s information to the doctor due to high mobility.
9 citations
TL;DR: In this article , the authors provide a holistic view of cybersecurity in healthcare, enumerating the main stakeholders and architecture implemented in the healthcare environment, as well as the main security issues (threats, attacks, etc.) produced in healthcare.
Abstract: Currently, healthcare is critical environment in our society, which attracts attention to malicious activities and has caused an important number of damaging attacks. In parallel, the recent advancements in technologies, computing systems, and wireless communications are changing healthcare environment by adding different improvements and complexity to it. This article reviews the current state of the literature and provides a holistic view of cybersecurity in healthcare. With this purpose in mind, the article enumerates the main stakeholders and architecture implemented in the healthcare environment, as well as the main security issues (threats, attacks, etc.) produced in healthcare. In this context, this work maps the threats collected with a widely used knowledge-based framework, MITRE ATT&CK, building a contribution not seen so far. This article also enumerates the security mechanisms created to protect healthcare, identifying the principal research lines addressed in the literature, and listing the available public security-focused datasets used in machine-learning to provide security in the medical domain. To conclude, the research challenges that need to be addressed for future research works in this area are presented.
6 citations
References
More filters
18 Nov 2002
TL;DR: A key-management scheme designed to satisfy both operational and security requirements of DSNs is presented, which relies on probabilistic key sharing among the nodes of a random graph and uses simple protocols for shared-key discovery and path-key establishment, and for key revocation, re-keying, and incremental addition of nodes.
Abstract: Distributed Sensor Networks (DSNs) are ad-hoc mobile networks that include sensor nodes with limited computation and communication capabilities. DSNs are dynamic in the sense that they allow addition and deletion of sensor nodes after deployment to grow the network or replace failing and unreliable nodes. DSNs may be deployed in hostile areas where communication is monitored and nodes are subject to capture and surreptitious use by an adversary. Hence DSNs require cryptographic protection of communications, sensor-capture detection, key revocation and sensor disabling. In this paper, we present a key-management scheme designed to satisfy both operational and security requirements of DSNs. The scheme includes selective distribution and revocation of keys to sensor nodes as well as node re-keying without substantial computation and communication capabilities. It relies on probabilistic key sharing among the nodes of a random graph and uses simple protocols for shared-key discovery and path-key establishment, and for key revocation, re-keying, and incremental addition of nodes. The security and network connectivity characteristics supported by the key-management scheme are discussed and simulation experiments presented.
3,900 citations
TL;DR: A group-based deployment model is developed to improve key predistribution; this model, sensor nodes are only required to be deployed in groups, and the critical observation is that the sensor nodes in the same group are usually close to each other after deployment.
Abstract: Many key predistribution techniques have been developed recently to establish pairwise keys between sensor nodes in wireless sensor networks. To further improve these schemes, researchers have also proposed to take advantage of the sensors' expected locations and discovered locations to help the predistribution of the keying materials. However, in many cases, it is very difficult to deploy sensor nodes at their expected locations or guarantee the correct location discovery at sensor nodes in hostile environments. In this article, a group-based deployment model is developed to improve key predistribution. In this model, sensor nodes are only required to be deployed in groups. The critical observation in the article is that the sensor nodes in the same group are usually close to each other after deployment. This deployment model is practical; it greatly simplifies the deployment of sensor nodes, while still providing an opportunity to improve key predistribution. Specifically, the article presents a novel framework for improving key predistribution using the group-based deployment knowledge. This framework does not require the knowledge of the sensors' expected or discovered locations and is thus suitable for applications where it is difficult to deploy the sensor nodes at their expected locations or correctly estimate the sensors' locations after deployment. To seek practical key predistribution schemes, the article presents two efficient instantiations of this framework, a hash key-based scheme and a polynomial-based scheme. The evaluation shows that these two schemes are efficient and effective for pairwise key establishment in sensor networks; they can achieve much better performance than the previous key predistribution schemes when the sensor nodes are deployed in groups.
144 citations
16 Apr 2012
TL;DR: For the first time, a lightweight body area network authentication scheme BANA is proposed, which does not depend on prior-trust among nodes and can be efficiently realized on commercial off-the-shelf low-end sensors.
Abstract: Wireless body area network (BAN) is a promising technology for real-time monitoring of physiological signals to support medical applications. In order to ensure the trustworthy and reliable gathering of patient's critical health information, it is essential to provide node authentication service in a BAN, which prevents an attacker from impersonation and false data/command injection. Although quite fundamental, the authentication in BAN still remains a challenging issue. On one hand, traditional authentication solutions depend on prior trust among nodes whose establishment would require either key pre-distribution or non-intuitive participation by inexperienced users, while they are vulnerable to key compromise. On the other hand, most existing non-cryptographic authentication schemes require advanced hardware capabilities or significant modifications to the system software, which are impractical for BANs. In this paper, for the first time, we propose a lightweight body area network authentication scheme (BANA) that does not depend on prior-trust among the nodes and can be efficiently realized on commercial off-the-shelf low-end sensor devices. This is achieved by exploiting physical layer characteristics unique to a BAN, namely, the distinct received signal strength (RSS) variation behaviors between an on-body communication channel and an off-body channel. Our main finding is that the latter is more unpredictable over time, especially under various body motion scenarios. This unique channel characteristic naturally arises from the multi-path environment surrounding a BAN, and cannot be easily forged by attackers. We then adopt clustering analysis to differentiate the signals from an attacker and a legitimate node. The effectiveness of BANA is validated through extensive real-world experiments under various scenarios. It is shown that BANA can accurately identify multiple attackers with minimal amount of overhead.
108 citations
17 Apr 2013
TL;DR: ASK-BAN is proposed, a lightweight fast authenticated secret key extraction scheme for intra- BAN communication that achieves authentication through multi-hop stable channels, which greatly reduces the false positive rate as compared to existing work.
Abstract: Recently there has been an increasing interest on bootstrapping security for wireless networks merely using physical layer characteristics. In particular, the focus has been on two fundamental security issues - device authentication and secret key extraction. While most existing works emphasize on tackling the two issues separately, it remains an open problem to simultaneously achieve device authentication and fast secret key extraction merely using wireless physical layer characteristics, without the help of advanced hardware or out-of-band channel.In this paper, for the first time, we answer this open problem in the setting of Wireless Body Area Networks (BANs). We propose ASK-BAN, a lightweight fast authenticated secret key extraction scheme for intra-BAN communication. Our scheme neither introduces any advanced hardware nor relies on out-of-band channels. To perform device authentication and fast secret key extraction at the same time, we exploit the heterogeneous channel characteristics among the collection of on-body channels during body motion. Specifically, with simple body movements, channel variations between line-of-sight on-body devices are relatively stable while those for non-line-of-sight devices are unstable. ASK-BAN utilizes the relatively static channels for device authentication and the dynamic ones for secret key generation. On one hand, ASK-BAN achieves authentication through multi-hop stable channels, which greatly reduces the false positive rate as compared to existing work. On the other hand, based on dynamic channels, the key extraction process between two on-body devices with multi-hop relay nodes is modeled as a max-flow problem, and a novel collaborative secret key generation algorithm is introduced to maximize the key generation rate. Extensive real-world experiments on low-end COTS sensor devices validate that ASK-BAN has a high secret key generation rate while being able to authenticate body devices effectively.
80 citations
10 Oct 2005
TL;DR: An architecture and implementation of a high performance Gaussian random number generator (GRNG) is described and the resulting system can generate 169 million normally distributed random numbers per second on a Xilinx XC2VP3O-6 device.
Abstract: An architecture and implementation of a high performance Gaussian random number generator (GRNG) is described. The GRNG uses the Ziggurat algorithm which divides the area under the probability density function into three regions (rectangular, wedge and tail). The rejection method is then used and this amounts to determining whether a random point falls into one of the three regions. The vast majority of points lie in the rectangular region and are accepted to directly produce a random variate. For the nonrectangular regions, which occur 1.5% of the time, the exponential or logarithm functions must be computed and an iterative fixed point operation unit is used. Computation of the rectangular region is heavily pipelined and a buffering scheme is used to allow the processing of rectangular regions to continue to operate in parallel with evaluation of the wedge and tail computation. The resulting system can generate 169 million normally distributed random numbers per second on a Xilinx XC2VP3O-6 device.
77 citations