Combining tiny sensors and wireless communication technology, wireless body area network (WBAN) is one of the most promising fields. Wearable and implantable sensors are utilized for collecting the physiological data to achieve continuously monitoring of people’s physical conditions. However, due to the openness of wireless environment and the significance and privacy of people’s physiological data, WBAN is vulnerable to various attacks; thus, strict security mechanisms are required to enable a secure WBAN. In this article, we mainly focus on a survey on the security issues in WBAN, including securing internal communication in WBAN and securing communication between WBAN and external users. For each part, we discuss and identify the security goals to be achieved. Meanwhile, relevant security solutions in existing research on WBAN are presented and their applicability is analyzed.
Recently, there is an emerging interest in wireless body area networks (WBAN) since it enables real-time and continuous monitoring in various fields including telemedicine, entertainment, sports, and military training, especially benefits for chronic diseases early detection and treatment. WBAN is defined as a kind of ultra-short-range wireless networking technology. Tiny sensors are attached to, implanted in, or implanted around human body, communicating wirelessly among themselves and with processors within two meters to form a body-centered system. With a WBAN-based e-healthcare system, patients medical information can be automatically collected by various sensor nodes and then accessed and processed by the local or remote medical personnel through the network or fixed infrastructure. Consequently, this enables early release of patients from hospital as their conditions can be monitored at home. Medical personnel can also be alerted to provide assistance if the patients condition deteriorates.
A general communication architecture of a typical WBAN-based healthcare monitoring system.
To present the security issues we mentioned above more explicitly, we simplify the WBAN communication architecture as shown in Figure
A partition for data transmitting and user involved in a WBAN-based e-healthcare system.
As shown in Figure
Major security requirements for securing internal communication in WBAN.
Security requirements | Description |
---|---|
Data authenticity | Attackers may place malicious nodes in non-line-of-sight (NLOS) places and inject bogus data into the WBAN; thus the communication entities must verify who they claim to be. |
|
|
Data confidentiality | Due to the openness of WBAN wireless channel, passive attackers can eavesdrop on radio communication between the nodes freely and easily, leading to information disclosure to unauthorized individuals. Therefore data must be encrypted during communication. |
|
|
Data integrity | Attackers are able to tamper the eavesdropped information and send it back to original receiver to achieve some illegal purpose, which may result in system failure and cause disaster to the patient. Therefore, data must be verified for its integrity. |
|
|
Data availability | Attackers may launch denial-of-service (Dos) attacks to the medical cloud or BCU, leading to the medical services inaccessible. Therefore, the WBAN must detect and survive from DOS attacks. |
In this section we investigate the solution space for securing internal communication in WBAN. To achieve the goals we summarized above, we lay more emphasis on data confidentiality, authenticity, and integrity. Data availability is not our focus in this article, since Dos attack resistance is very tough and there may not be a good solution for this issue, so we may only mention it when necessary. Therefore, the section is separated into three subsections and we discuss the existing solution on session key agreement, node, and message authentication.
In order to prevent the sensitive information from disclosure to unauthorized individuals, the data must be transmitted in encrypted frames. Previously key agreement has been a main focus of many researchers [
Hu et al. used Inter-Pulse-Interval (IPI) as session key in [
Session key agreement based on Juels and Sudan (JS) algorithm.
The authors in [ Both sides of the communication channel have a set of similar data, which is derived from the patients biometrics data. Biometrics data is hard to be directly obtained by the NLOS malicious tapping person. The data difference between the two sides is minor. Therefore, the data can be used as the encryption key. One side only sends few of check symbols of the data rather than the whole data to the other side; this will be enough for the other side to eliminate the data difference and then conclude the key. Because less data is exchanged, which is subject to exposure, high security and efficiency are achieved. It is hard for the NLOS malicious tapping person to conclude the key from the check symbols.
The IJS algorithm adopted by [
Figure
Fault rejection rate of IJS algorithm.
Other algorithms may also be used to generate the check symbols, if they are proved to have high efficiency, for example, Reed-Solomon Encoding.
In [
In [
In [
Achieving authenticity means that data must be sent from legitimate entities and both parties involved are who they claim to be. To ensure data authenticity in WBAN, lightweight and plug-n-play authentication protocol is essential.
To authenticate the data integrity, MAC (Message Authentication Code) or hashed MAC is a common method to protect messages from malicious manipulation in WBAN. As in [
In [
In a WBAN-based healthcare system, users attempting to communicate with WBAN can be various types, as shown in Figure
Major security requirements for securing communication between WBAN and external users.
Security requirements | Description |
---|---|
Data confidentiality, authenticity, integrity, and availability | Data must be transmitted in encrypted frames and measures have to be provided against message modification, privacy disclosure, and Dos attack. |
|
|
Access control | Besides identifying attackers, differences in professional knowledge among the patient, doctor, and nurses may have influence on the patients treatment; thus fine-grained access control policy has to be enforced to define the users access privileges. |
|
|
Nonrepudiation | The origin of data (i.e., patient or medical personnel) cannot be denied for having sent or received the messages. |
In this section we investigate the solution space for securing communication between WBAN and external users. We do not pay much attention on solutions to data authenticity, confidentiality, integrity, and availability since such problems have been discussed enough in traditional communication networks. Considering the user diversity, we mainly focus our attention on access control. The section is separated into two parts, first we introduce a few existing research on access control, discuss their implementation mechanism, and give an analysis for security and efficiency. Then a brief introduction to a novel end-to-end security protocol for WBAN-based healthcare system followed.
Access control is the primary concern in all multiuser systems. Taking both privacy and safety for patients into account, fine-grained access control policies must be enforced among different users based on their legitimacy and roles. External attackers should be prevented from accessing the patient-related data. Patients access privileges on device operation should be least since they are unprofessional. For medical personnel including patients, primary doctors, nurses, interns, and pharmacist, their privileges should also be differentiated, since differences in professional level may lead to inaccurate medical commands.
Access control structure-based ABE in [
To minimize the user involvement, the research in [
Despite the transparency and usability for session key distribution, the solutions security relies on the computational complexity of the vault, which may not be suitable for resource-constraint sensor nodes, although it is quite lightweight for medical cloud with massive computation capability.
The popularity of wearable devices is leading a revolution in traditional medical models. WBAN can not only free people from traditional hospitals and clinics but also reduce the burden of disease management for those with chronic diseases such as diabetes and hypertension especially. In this article, we mainly focus on the security issues in WBAN, solutions for securing internal communication, and securing communication between WBAN and external users which are surveyed and analyzed. For internal communication security, channel characteristic-based scheme seems to be a better solution. Meanwhile, being extensible, collusion-resistant, and fine-grained, ABE-based scheme is very suitable for ensuring user security. Future solutions need to make a tradeoff among security, efficiency, flexibility, and usability.
As a future trend, medical sensors tend be smaller and smarter with the development of microsensor technology, embedded technology, and low-power wireless communication technology. For nanoscale or implanted nodes, the resource-constraint issues may be tougher. Moreover, we envision such a situation that people can wear sensors like clothes and buy sensors from stores or using 3D printing; this may require higher compatibility and flexibility when designing security protocols for them. Consequently, there still remains many challenges towards achieving a safe, unobtrusive, and user-friendly WBAN system. This article could provide a reference for researchers aiming at a secure WBAN, promoting WBAN medical application for being widely used in people’s daily life.
The authors declare that they have no conflicts of interest.
This work is supported by the National Key Research and Development Program of China (2016YFF0204001) and the CICAEET fund and National High-Technology Program (863) of China (no. 2014AA01A701).