Wearable medical devices rely on the human body to form a small LAN around the human body, called body area network (BAN). Users can use these devices to monitor the changes of various body indicators in real time. The physiological data involved in this process belongs to personal privacy. Therefore, the security requirements of BAN are relatively high, and its current research focus is on authentication mechanisms. To meet the requirements of security and resource consumption of BAN, this paper proposes a lightweight identity authentication mechanism that meets the characteristics of BAN resource constraints. Based on the characteristics of BAN, a simple and mature star topology structure is applied to establish the network model of BAN. For the human body in normal situations and emergencies, the corresponding authentication mechanism and encryption and decryption method of physiological data are designed by using the physical unclonable function (PUF) and cloud database, physiological data, and cross-correlation algorithm. Furthermore, the formal and informal security analysis of the designed authentication mechanism proves that the authentication mechanism designed in this paper has certain security, and the lightweight authentication mechanism is simulated and evaluated. The experimental results show that compared with the benchmarking mechanism, the authentication mechanism designed in this paper solves more security problems and has certain advantages in terms of calculation cost, communication cost, and energy cost.
In recent years, wearable devices are developing at an amazing speed, followed by intelligent and interconnected medical sensor devices and the popularization of medical sensor networks [
Therefore, based on the highly secure and limited resource requirements of the BAN, a lightweight authentication mechanism is constructed. (1) Under normal conditions, design the authentication mechanism and encryption and decryption method of physiological data using PUF and cloud database. (2) Design the authentication mechanism in emergencies using physiological data and cross-correlation algorithm. (3) Carry out formal and informal security analysis for the designed authentication mechanism. (4) Simulate and evaluate the lightweight authentication mechanism.
The emergence of BAN brings new opportunities and challenges to human health care. The network connection of wearable devices and implantable medical devices has been quite advanced, but its system security problem has not been effectively solved, and its security mechanism is relatively weak, which has been attacked within the scope of the network, resulting in device security problems [
Singla and Sachdeva [
Some authentication mechanisms shield sensor nodes and ensure their security by adding proxy devices between sensor nodes and control nodes. Denning et al. [
Other authentication mechanisms are designed using PUF. Lee et al. [
Some use the characteristics of physiological signals to design authentication mechanisms. Steffen et al. [
The medical sensor equipment in the BAN collects the physiological data of the human body in real time, which leads to the existence of a large amount of data on the local side. The storage of these data needs to consume a lot of local resources. Therefore, some scholars propose that the BAN and cloud should be integrated. Wan et al. [
To sum up, at present, there are a lot of research studies on the authentication mechanism of BAN, but many designs do not meet the requirements of resource limitation and high security of BAN at the same time.
At present, two kinds of topology structure are widely used in BAN. One is two-layer star topology, that is, some sensor nodes need two hops to send data to the control node, and the other is star topology, that is, sensor nodes only need one hop to send data to control nodes. BAN is a network with very limited resources. If one node interacts with the master node, it will consume a lot of resources. If it needs to interact with other nodes in the same network, it will consume resources faster. Moreover, even if the data of one node is transmitted to another node, the data is meaningless to this node at present because this node cannot process the data. This paper uses a mature, simple, and representative star topology. Figure
Star topology.
In the design of normal authentication protocol, this paper uses the physical unclonable function and cloud database to achieve. Once the authentication mechanism is used on the device, it will last for a lifetime until the device is not available. It can be imagined that if the authentication mechanism is designed by using PUF, a large number of challenge-response pairs are needed, and the relationship between these challenge-response pairs is one-to-one. In order to avoid unnecessary waste of local resources due to the storage of a large number of challenge-response pairs, these challenge-response pairs are stored in the cloud database.
In authentication protocol, some data need to be transmitted between two entities, so the freshness, integrity, and nonrepudiation of data should be guaranteed in the process of transmission. Among them, freshness refers to the guarantee that the data used is up-to-date rather than has been used; integrity refers to ensuring that the messages in transmission are not partially missing due to malicious attacks by attackers; nonrepudiation means that if an entity has sent the message, it must ensure that the entity has no reason to deny this fact.
In order to authenticate both parties as trustworthy entities to each other, this paper designs a two-way authentication protocol, that is, the sensor node should prove to the control node
Authentication protocol under normal circumstances.
Symbol description.
Symbol | Description |
---|---|
Challenge | |
Response generated by sensor nodes | |
Response when reading from cloud database | |
Key of sensor node | |
Key of | |
Seed | |
Critical value |
//INPUT: The excitation response pairs generated by PUF //OUTPUT: Authentication success/failure message BEGIN Execute butterfly seed generation algorithm to generate The sensor node calculates the value of IF the error between THEN ELSE send authentication failure message, END IF IF the error between THEN the sensor node authenticates ELSE send authentication failure message, END IF END
After the sensor node and the control node prove that they are honest and trustworthy entities through the authentication protocol, the sensor node sends the collected human physiological data to the control node. In this process, the transmitted information needs to be encrypted to ensure its security. Figure
Encryption and decryption process.
Because the cloud database also has unsafe factors, two steps need to be done here. First, the challenge-response pairs generated by PUF are stored in the cloud database by the XOR encryption method. In order to prevent security problems in data transmission, the data in the transmission process is encrypted by the XOR method, and the cloud database also stores the data after XOR. Second, doctors obtain cloud database data through traditional encryption methods (such as AES). Therefore, after obtaining XOR encrypted data, cloud database uses traditional encryption methods for stronger security. The details are shown in Figure
Data encryption and decryption in the cloud database.
(1) Security guarantee of authentication protocol: freshness. A large number of challenge-response pairs are needed in the designed authentication mechanism. The use principle of these challenge-response pairs is to use up one and then discard it, and there will be no use of two duplicate challenge-response pairs. This method ensures that the challenge-response pairs used in each certification are fresh.
(2) Security guarantee of authentication protocol: nonrepudiation
(3) Security guarantee of authentication protocol: integrity. Because of the limited resources of the BAN, a critical value is used to judge whether the authentication is successful or not. In addition, the frequency and times of the implementation of the authentication mechanism should be considered. Therefore, in the authentication mechanism, it is necessary to design a method to check the integrity rather than to ensure the integrity [
Integrity test.
(4) Security assurance of encryption and decryption: freshness. The challenges used in the encryption process are not like the challenge-response pairs used in the above authentication mechanism, which are discarded once, but need to be saved to the cloud database so that the collected physiological data can be decrypted. The challenge response here can be reused. Therefore, the freshness can be guaranteed by adding time variables into the formula as
(5) Security assurance of encryption and decryption: nonrepudiation. The guarantee of nonrepudiation is realized by
(6) Security assurance of encryption and decryption: confidentiality
(7) Security assurance of encryption and decryption: integrity. Because the data encryption and decryption process require higher integrity, we cannot use the method of integrity checking to determine whether the message has been tampered with, but use the method to ensure the integrity of the message [
Message structure.
Formal and informal security analysis methods are mainly used to analyze the security of the designed authentication mechanism under normal conditions. The formal security analysis method is BAN logic. Through the analysis, it can be proved that the authentication mechanism has certain security.
The purpose of mutual authentication between the control node and sensor node is to ensure that both sides receive the data from the trusted entity. If the authentication purpose is expressed by expressions, the expressions are as follows:
The initialization assumptions for the authentication protocol are as follows:
The ideal model of the authentication protocol is shown as follows:
The analysis process of the authentication protocol is as follows.
According to the above initialization assumption and idealized model of the authentication protocol designed in this paper, the formal security analysis of the protocol is given below. First,
Combined with the hypothesis
If there is
In the BAN, an urgent problem to be solved is that, in case of emergency, medical staff can access the medical equipment worn by patients, without authentication or simplified authentication, so as to know the patient’s physical condition in time, reconfigure the equipment parameters, and timely treat the patients. At the same time, due to the sensitivity and complexity of patients’ electronic health records and physiological data, the access rights of medical staff to patients’ data should be limited in a specific range [
Now many heart patients have implanted the cardiac pacemaker, if the human body has a pacemaker, then the physiological signal will choose the ECG signal. If the human body does not wear a pacemaker, then the heart rate signal can be selected as the physiological signal. Now the bracelet, wristwatch, and so on can measure the human body’s heart rate signal, this signal is related to the heart beat, easy to find the human body’s health problems. The physiological signal used in this paper is the ECG signal. In an emergency, the reasons for choosing signals like this are as follows: first, most of the sensor nodes deployed on the human body will contact the blood vessels of the human body, and most sensor nodes can monitor the heart rate signal; second, in an emergency, the patient’s pulse changes obviously, and using this signal will be easier and faster to detect human health problems than other signals.
The ECG signal of normal people is shown in Figure
Electrocardiogram signal.
According to the use environment and purpose, this paper improves the cross-correlation algorithm to determine whether the current human body is in an emergency. As shown in Figure
In the process of execution, if the selected ECG signal cycle is as shown in Figure
Time period.
According to the choice of segment and period of the ECG signal, we can assume that the duration of a cycle is 800 ms, then the
The control node is responsible for executing the cross-correlation algorithm to get the correlation number. The control node receives the ECG signal sent at
Among them,
After getting the results of the cross-correlation algorithm, it is necessary to normalize the results in order to judge whether it is an emergency.
The average value of the signal
The calculation of the variance value of the signal
The calculation of the correlation number is as follows:
The pseudocode of the cross-correlation algorithm is described as follows. (Algorithm
//INPUT: ECG signals at //OUTPUT: in normal/abnormal condition BEGIN IF the result of Select the ECG signal at Use equation ( Use equation ( ELSE the result of Select the ECG signal at Use equation ( Use equation ( IF the error between The human body is in normal condition, the certification under normal condition shall be carried out; ELSE the error between The human body is in an emergency, and the certification under emergency shall be carried out; END IF END IF END
The correlation coefficient is determined according to each person’s physical condition. Because each person’s physical condition is different, the possible disease situation is not the same, and the correlation degree between normal ECG and abnormal ECG is also different. For example, for patient A, when the similarity value is 0.8, it belongs to an abnormal condition, while for patient B, it may be normal. According to the different situations of each person, we plan to set the critical value of each person according to the characteristics of each person so that it can be closer to the real situation of patients and get more accurate final results. According to the above description, it is necessary to set the unique critical value of the patient in each control node, judge whether the patient is in an emergency according to the critical value, and then perform the corresponding operation.
The formal security analysis of the mechanism’s resistance to attack in an emergency mainly includes long-range attack, close attack, false signal attack, and misjudgment during movement.
The application of medical sensor equipment in the human body is more and more common. There may be several or even more than ten medical sensor equipment in a person’s body, including heart beat measurement, blood pressure measurement, and blood glucose measurement; each medical sensor equipment has different requirements for safety. The risk level of medical sensor equipment is divided into three categories, and the greater the category number, the higher the risk [
Process of information access.
The pseudocode of the information access process based on the security level of the sensor node is given below. (Algorithm
//INPUT: request access to information. //OUTPUT: physiological information collected by nodes. BEGIN Doctors send request message IF the certification is successful, judge the safety level of medical sensor equipment according to IF ELSE After receiving the END IF IF the human body is in the normal state, execute Algorithm IF the authentication is successful, ELSE Authentication failed; END IF ELSE the human body is in an emergency; Send physiological information to END IF ELSE Authentication failed. No message will be sent. END IF END
In order to evaluate and verify the authentication mechanism designed in this paper, the simulation is carried out based on OMNET++ in Windows [
In this paper, the network includes three roles: sensor node,
Network model.
In OMNET++, messages are represented by the cMessage class and cPacket class, where cPacket is a subclass of cMessge. In this experiment, messages are mainly used for data transmission. Table
Message files in the simulation.
Message files | Description |
---|---|
Authentication message | |
Authentication message | |
endRxEvent | Self-information |
MessagePhysical.msg | Physiological information |
MessageEmergency.msg | Emergency information |
MessageAuth.msg | Confirmation message |
MessageMerger.msg | Merged message |
Table
Statistical signal.
Statistical signal | Function |
---|---|
endToEndDelaySignal | End-to-end delay |
packetLossRate | Packet loss rate |
pkCount | Packets received |
pkNumber | Packets sent |
pkTime | Packet transfer time |
compTime | Computing time |
Table
The setting simulation parameters.
Parameters | Values |
---|---|
Simulation time | 300 s |
Scene size | 3 m∗3 m |
Network scenarios | I:5 sensor nodes |
II:10 sensor nodes | |
III:15 sensor nodes | |
Transmission speed | 40 kbps |
Interval time | Exponential 2 s |
Packet size | 640 bits |
Delay time | 10 ms |
ECG signal of wfdbdemo.m.
Comparison figure of weighted 100 and 100 and unweighted 100 and 100.
Comparison figure of weighted 100 and 100 and weighted 100 and exception 100.
Comparison figure of weighted 100 and 100 and weighted 100 and 105.
The ECG signals selected in Figure
The ECG signals selected in Figure
The selected ECG signals in Figure
One of the benchmark mechanisms selected in this paper is the effective anonymous authentication mechanism based on the elliptic encryption algorithm (ECC-based) [
In this mechanism, there are three roles: control node (client), third-party entity (nm), and sensor node (AP). The sensor node collects and sends the physiological data of the human body; the control node can obtain the collected physiological data and send it to the doctor for treatment; the main task of the third-party entity is to generate the required private key.
The mechanism is divided into three phases: initialization phase, registration phase, and authentication phase. In the initialization phase, the third party is responsible for generating the required system parameters. In the registration stage, the control node and the third party establish a legal relationship through certain measures so that the control node becomes a legal node. When the control node operates again next time, it can be known that it is a legal node that has passed the authentication. In the authentication stage, the control node can obtain the service it needs from the common node after passing the authentication. The running process of the ECC mechanism is shown in Figure
The operation process of the ECC mechanism.
Another benchmark mechanism selected in this paper is based on simple cryptographic primitives (HASH-BASED) [
Through the performance analysis of the authentication mechanism in an emergency, we can see that the authentication mechanism designed in this paper can make a good response when the emergency needs to be handled. The performance of the improved cross-correlation algorithm is better, the cross-correlation coefficient calculated by the improved algorithm is more accurate, and the probability of misjudgment is reduced. Most of the previous studies do not consider the emergency, but the design of this paper comprehensively considers each situation so that it can make different responses to different situations so that the BAN can play a better role.
By comparing the performance of PUF-BASED in terms of resource consumption and security with the benchmark mechanisms, Table
Resource consumption of different authentication mechanisms.
Communication overhead (bits) | Computational overhead (ms) | Energy consumption (mJ) | ||
---|---|---|---|---|
PUF-BASED | Control nodes | 1472 | 2.91 | 0.379 |
Sensor nodes | 0.28 | |||
HASH-BASED | Control nodes | 1120 | 0.48 | 0.093 |
Sensor nodes | 0.3 | |||
ECC-BASED | Control nodes | 1856 | 26.46 | 4.73 |
Sensor nodes | 13.35 |
Table
Safety performance of different authentication mechanisms.
Eavesdropping tampering attack | Replay attack | Forward/backward security | Nonclonability | Middleman attack | Simulation attack | Elastic recovery ability | |
---|---|---|---|---|---|---|---|
PUF-BASED | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — |
HASH-BASED | ✓ | ✓ | ✓ | — | ✓ | ✓ | ✓ |
ECC-BASED | ✓ | ✓ | — | — | ✓ | — | ✓ |
From the above analysis, it can be seen that the mechanism of this paper has certain advantages over the improved traditional security methods in terms of both resource consumption and security performance. In this paper, the design does not use symmetric encryption or asymmetric encryption method; nor does it make use of the characteristics of large numerical value, large quantity, and difficult calculation to ensure security, such as the elliptic curve encryption algorithm takes advantage of the difficulty of numerical calculation; and, there is no particularly tedious calculation, so the effect of resource consumption is better. In addition, the authentication mechanism designed in this paper comprehensively considers the security problems in various situations, so it has good security performance. However, the mechanism designed in this paper is not as good as the mechanism designed with simple cryptographic primitives in terms of total computing cost and energy consumption. This is because this paper introduces the cloud database to store a large amount of data, so as to reduce the consumption of local resources. Therefore, there are operations of reading and writing data, which will increase the computing cost of the control node and then increase the energy consumption. However, the computational cost of the mechanism designed in this paper is slightly lower than that of the authentication mechanism designed with cryptographic primitives, so it can reduce the resource consumption of the sensor node and prolong its service life. In terms of security performance, the mechanism designed in this paper is similar to that designed with cryptographic primitives.
In the process of its implementation, there may be the following challenges and limitations. In terms of possible challenges, firstly, this paper mentions that, in an emergency, a certain characteristic signal of each individual is used as a way to judge whether it is safe. Because there is no personal data in the early stage or there may be a lack of data due to various reasons such as the network, the use in the early stage and when the network is poor may not reach the ideal state. Second, it is mentioned in the article that the cloud database is used to store a large amount of data, and the data should be kept confidential. At present, this kind of cloud database needs to pay, so how to effectively reduce the cost is a certain challenge. In terms of possible limitations, one is that the network topology of this scheme is limited to star topology, and other topologies have not been considered. Although star topology is widely used at present, other topologies have been studied in some papers. Second, the current emergency use of the ECG signal as a method of using instructions; in real cases, there will be other physiological characteristics of data; for different physiological characteristics of data, we can further select its data feature points as function parameters.
By analyzing the communication model, security and performance requirements, as well as various existing authentication methods, this paper explains the importance of a lightweight authentication mechanism for BAN. As for the design of the authentication mechanism under normal conditions, according to the characteristics of PUF, the mutual authentication mechanism between the sensor node and control node is designed by using the challenge response generated by the function. In case of emergency, patients need timely treatment, and the demand for timely treatment is much higher than safety. Given this situation, the improved cross-correlation algorithm is used to judge whether the human body is in an emergency; if so, broadcast the data to get timely and effective treatment. Different data access methods are designed according to the security level of medical sensor devices, and the designed authentication mechanism is simulated by using the OMNET++ simulation platform, and the results are compared and analyzed with the comparison mechanism. The experimental results show that the authentication mechanism designed in this paper has good effects in four aspects: computing cost, communication cost, energy consumption, and security.
The lightweight identity authentication mechanism proposed in this paper mainly includes two parts: one is to design the authentication mechanism under normal circumstances; the other is to design the authentication mechanism in an emergency, and according to the authentication, the information access method based on the node level is designed, but there are still some shortcomings. This paper uses the mature and representative star topology. This topology can be further studied in the future. In the aspect of simulation, the simulation of BAN should use real sensors with a simulation platform to achieve so that the simulation results will be more accurate. In the evaluation of security and resource consumption, this paper analyses these two aspects separately and then compares them with other methods. BAN requires high security performance and low resource consumption, so as to achieve a balance between them. In the future, we will further consider the comprehensive analysis of security and resource consumption.
No data were used to support this study.
The authors declare that there are no conflicts of interest regarding the publication of this paper.
This study was supported by the Beijing Social Science Foundation Key Project (18GLA009), Beijing The Great Wall Scholars’ Program (no. CIT & TCD20170317), and Beijing Intelligent Logistics System Collaborative Innovation Center Open Topic (no. BILSCIC-2019KF-03) and funded by the Graduate Science and Technology Innovation Project of Capital University of Economics and Business.