INTERNATIONAL JOURNAL FOR RESEARCH IN EMERGING SCIENCE AND TECHNOLOGY
E-ISSN: 2349-7610
Data Authentication in Wireless Body Area Network (WBAN) Using A Biometric-Based Security Shreyas S. Tote1, Sameer M. Khupse2 and Kunal S. Bhutwani3 Computer science & Engineering, JDIET, Aanand Nagar, Yavatmal,
[email protected] Computer science & Engineering, JDIET, Datt Nagar, Kalamb,
[email protected] Computer science & Engineering, JDIET, Sindhi Colony,Yavatmal,
[email protected]
ABSTRACT The empowerments in wireless communication technologies and sensors have developed the Wireless Body Area Network (WBAN). The rapid growth in physiological sensors, low-power integrated circuits, and wireless communication has enabled a new invention of wireless sensor networks, now used for purposes such as monitoring traffic and health etc. Wireless body area network (BAN) is a promising technology for real-time monitoring of physiological signals to support medical applications. A security system is to secure medical information communications using biometric features of the body in WBAN. In order to ensure the trustworthy and reliable gathering of patient’s critical health information, it is essential to provide node authentication servicing a BAN, which prevents an attacker from impersonation and false data/command injection. Biometrics refers to or metrics) related to human characteristics and traits. Biometric identification (or biometric authentication) is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are unique to individuals, they are more reliable in verifying identity than other method like token. Many different aspects of human physiology, chemistry or behavior can be used for biometric authentication.
Keywords: Wireless Body Area Network (WBAN), biometric, authentication, security
1. INTRODUCTION
acts as a sink for data of the sensor nodes and transmits them
The body area network (BAN) is a smart biomedical sensor
to the healthcare professional for health monitoring. The
platform, which provides the ability to measure a wide range
progression of WBAN is vital in modern telemedicine and m-
of signals, such as heart rate (ECG), activity, temperature or
health, but security remains a formidable challenge yet to be
muscle activity (EMG).Applying Wireless Sensor Network
resolved. As nodes of WBAN are expected to interconnect
(WSN) technology for various applications has been increased
between each other, the body itself can form an inherently
rapidly in the past few years, One of its innovative
secure communication pathway that is unavailable to all other
deployments is in the form of wireless biomedical sensor
kinds of wireless networks. It is believed that if it is used
network for measuring physiological signals, Wireless Body
properly, the system can naturally secure the information
Area Network (WBAN) is a wireless network used for
transmission within WBAN, where other 1techniques use
communication among sensor nodes operating on, in or
hardware and software to achieve the same purpose. In other
around the human body in order to monitor vital body
words, the biometric information collected from the human
parameters and movements, These monitoring signals are then
body can uniquely represent an individual, which is hard to be
gathered by a personal device, like PDA or smart phone that
deprived by suspicious intruders.
VOLUME-2, SPECIAL ISSUE-1, MARCH-2015
COPYRIGHT © 2015 IJREST, ALL RIGHT RESERVED
136
INTERNATIONAL JOURNAL FOR RESEARCH IN EMERGING SCIENCE AND TECHNOLOGY
E-ISSN: 2349-7610
In this paper, a security system to secure medical information
devices may be embedded inside the body, implants, may be
communications using biometric features of the body in
surface-mounted on the body in a fixed position Wearable
WBAN
sender's
technology or may be accompanied devices which humans can
electrocardiogram (ECG) feature is selected as the biometric
carry in different positions, in clothes pockets, by hand or in
key for data authentication mechanism within WBAN system.
various bags. Whilst, there is a trend towards the militarization
Therefore, patient's records can only be sensed and derived
of devices, in particular, networks consisting of several
personally by this patient's dedicated WBAN system and will
miniaturized body sensor units (BSUs) together with a single
not be mixed with other patients. For accurate authentication,
body central unit (BCU).larger decimeter sized (tab and pad)
the statistical result is needed to prove the uniqueness of each
sized smart devices, accompanied devices, still play an
ECG signals. Besides, an encryption will be included by
important role in terms of acting as a data hub, data gateway
extracting
and providing a user interface to view and manage BAN
is
proposed.
biometric
Specifically,
feature
as
a
the
secret
key
for
communications within WBAN. But, it is not a major concern
applications, in-situ. The development of WBAN technology started around 1995 around the idea of using wireless personal
2. WHAT IS BIOMETRIC SECURITY? Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization. The dictionary meaning of security is The state of being free from danger or threat or The safety of a state or organization against
area
network
(WPAN)
technologies
to
implement
communications on, near, and around the human body. About six years later, the term "BAN" came to refer systems where communication is entirely within, on, and in the immediate proximity of a human body. A WBAN system can use WPAN wireless technologies as gateways to reach longer ranges.
criminal activity such as terrorism, theft, or espionage. Then the question arise what is mean by BIOMETRIC SECURITY?
3.1 Concept
For that first describe the term BIOMETRIC. A biometric
The rapid growth in physiological sensors, low-power
characteristic is a general term used to describe a measurable
integrated circuits, and wireless communication has enabled a
physiological and/or behavioral characteristic that can be used
new generation of wireless sensor networks ,now used for
for automated recognition. A biometric system provides an
purposes such as monitoring traffic, crops, infrastructure, and
automated method of recognizing an individual based on the
health. The body area network field is an interdisciplinary area
individual's biometric characteristics. Biometric modalities
which could allow inexpensive and continuous health
commonly implemented or studied include fingerprint, face,
monitoring with real-time updates of medical records through
iris, voice, signature, vein pattern, and hand geometry. Many
the Internet. A number of intelligent physiological sensors can
other modalities are in various stages of development and
be integrated into a wearable wireless body area network,
assessment. Biometric systems are commonly used to control
which can be used for computer-assisted rehabilitation or early
access to physical assets (laboratories, buildings, cash from
detection of medical conditions. This area relies on the
ATMs, etc.) or logical information (personal computer
feasibility of implanting very small biosensors inside the
accounts, secure electronic documents, etc). Biometric
human body that are comfortable and that don't impair normal
systems can also be used to determine whether or not a person
activities. The implanted sensors in the human body will
is already in a database, such as for social service or national
collect various physiological changes in order to monitor the
ID applications.
patient's health status no matter their location. The information will be transmitted wirelessly to an external processing unit.
3. WHAT IS WIRELESS BODY AREA
This device will instantly transmit all information in real time
NETWORK (WBAN)?
to the doctors throughout the world. If an emergency is
A body area network (BAN), also referred to as a wireless
detected, the physicians will immediately inform the patient
body area network (WBAN) or a body sensor network (BSN),
through the computer system by sending appropriate messages
is a wireless network of wearable computing devices.BAN
or alarms. Currently the level of information provided and
VOLUME-2, SPECIAL ISSUE-1, MARCH-2015
COPYRIGHT © 2015 IJREST, ALL RIGHT RESERVED
137
INTERNATIONAL JOURNAL FOR RESEARCH IN EMERGING SCIENCE AND TECHNOLOGY
E-ISSN: 2349-7610
energy resources capable of powering the sensors are limiting.
sensor networks and uses several symmetric keys to encrypt
While the technology is still in its primitive stage it is being
the data as well as compute the Message Authentication Code
widely researched and once adopted, is expected to be a
(MAC). However, SPINS is only considered in general sensor
breakthrough invention in healthcare.
networks, so it is inadequate to be applied in WBAN as it has environmental features like the human body and limited
3.2 Applications
computing resources. Recently, WBAN security schemes have
Initial applications of BANs are expected to appear primarily
been introduced progressively using symmetric cryptosystem.
in the healthcare domain, especially for continuous monitoring
They concern with the limited resource issues of WBAN
and logging vital parameters of patients suffering from chronic
sensors, but have problems like delaying the disclosure of the
diseases such as diabetes, asthma and heart attacks. A BAN
symmetric keys and providing weak security relatively since it
network in place on a patient can alert the hospital, even
is not resilient against physical compromise. Furthermore, the
before they have a heart attack, through measuring changes in
complexity of sensor node’s key managements in WBAN
their vital signs. A BAN network on a diabetic patient could
makes each component overload. Due to these issues, some
auto inject insulin through a pump, as soon as their insulin
researchers believe that the sensors have to make use of
level declines.
Other applications of this technology include
symmetric cryptographic algorithms to encrypt the data they
sports, military or security. Extending the technology to new
send to control node and the random number that is used in
areas could also assist communication by seamless exchanges
security protocols can be generated by biometrics. They also
of information between individuals, or between individual and
believe that biometric is suitable for securing WBAN because
machines
its higher security level that can be achieved with less computation and memory requirement, when compared to the generic cryptosystems. On the contrary, some researches utilize the asymmetric cryptosystem in mobile and ad hoc networks and also try to examine the unique characteristics of WBAN. One concern about the asymmetric cryptosystem is a resource constraint problem but recent work has shown that performing ECC consumes a lot less of memory and computing power. These researches deal with a scope of limited WBAN but they exclude the implanted sensor
Fig 1 Wireless Body Area Network and its Working
networks. The objective of WBAN is also the implementation of body area network that can contact with everywhere in, on,
4. SECURITY ISSUES IN WIRELESS BODY
and out the human body. By comparison, each approach has several issues to be
AREA NETWORK
considered in terms of the security
services in WBAN.
At the initial stage, several research groups have contributed the substantial efforts on developing WBAN systems.
Further, there is a trade-off between performance and security.
However, these researchers mainly focused on building
Related to these, another research group has proposed these
system architectures and in lesser extent on evolving network
two heterogeneous cryptosystems in their research, which
protocols. Besides, it is difficult to discover solutions'
provides security and privacy to WBAN. They believe that
providing strong security system for WBAN and security has
these two cryptosystems can be applied in the authentication
generally been covered separately. Extending the scope of
of WBAN depleting each weak point of them at once. So their
technology, there are several security protocols in general
focus is on
sensor networks. Security protocols for Sensor Networks
utilized appropriately and partly in WBAN. However, all the
(SPINS) is a set of protocols for achieving security
above research works have focused on secret key distribution
requirements like confidentiality, integrity and authenticity in
issues and require time synchronization when biometric
VOLUME-2, SPECIAL ISSUE-1, MARCH-2015
the method on how two cryptosystems can be
COPYRIGHT © 2015 IJREST, ALL RIGHT RESERVED
138
INTERNATIONAL JOURNAL FOR RESEARCH IN EMERGING SCIENCE AND TECHNOLOGY
information of the same human body cannot be available simultaneously. Consequently, they introduce a biometric-
E-ISSN: 2349-7610
Universal
population.
based security framework using wavelet-domain Hidden Markov Model. The aim is to achieve accurate authentication performance among body sensors without extra requirements
Distinctive
Sufficiently different in any two individuals
Permanent
Sufficiently invariant. With respect to the matching criterion. Over reasonable period
of key distribution and strict time synchronization. In this
of time
proposed approach, low cost authentication challenges is addressed by extracting statistically biometric information
Collectable
Easily
collected
and
measured
quantitatively.
from patient' s data and authenticate message signatures among WBAN communications with high accuracy. Thus, it
Possessed by the majority, if not the entire
Effective
Sufficiently invariant with respect to the matching criterion over a reasonable period
will certainly save resources while adequate security measures
of time.
are employed.
Yield a biometric system with good
5. WHY BIOMETRIC BASED SECURITY
Acceptable
performance that is given limited resources in
APPROACHES FOR DATA
terms
of
computation
power
complexity
consumption, and
memory
AUTHENTICATION?
storage, the characteristic should be able to
Biometric is a technique commonly known as the automatic
be processed at a fast speed with recognized
identification or verification of an individual by his or her
accuracy
physiological
or
behavioral
characteristics.
Biometric
approach uses an intrinsic characteristic of the human body as
Invulnerabl
Relatively difficult to reproduce such that
e
the biometric system would not be easily circumvented by fraudulent acts.
the authentication identity to secure the distribution of a cipher key within WBAN communications. Because of the data that are detected, collected and transmitted in WBAN is comparatively sensitive, an ideal biometric trait should present
5.1 Heart Rate Varianlity (HRV) Heart rate variability (HRV) signals
100% reliability, user friendly, fast operation and low cost.
characteristics and chaotic nature, which put up random
Besides, it is postulated that the utilized biometric should
characteristics
satisfy the following properties indicated in TABLE
communications. Additionally, unlike traditional biometric
and
thus
can
be
have
utilized
in
unique
secure
cryptosystems in generic networks such as fingerprint, iris pattern, palm print, hand geometry and facial pattern, the blood circulation system in a human body forms a unique secure communication path specifically available for WBAN. HRV is a physiological phenomenon where the time interval between heartbeats varies. The measurement of HRV provides a non-invasive measurement of the autonomic nervous system (ANS) activity, which comprises two basic components: the sympathetic and parasympathetic. The heart rate may be increased by acting sympathetic activity or decreased by acting parasympathetic activity. Changes in the balance of sympathetic/parasympathetic control of heart rate will result in measurable changes in HRV. The analysis has been applied TABLE1. BIOMETRIC PROPERTIES
widely to many clinical studies including sudden death, cardiovascular diseases, hypertension and diabetes HRV can be obtained using the variations of heartbeat-to heart beat
VOLUME-2, SPECIAL ISSUE-1, MARCH-2015
COPYRIGHT © 2015 IJREST, ALL RIGHT RESERVED
139
INTERNATIONAL JOURNAL FOR RESEARCH IN EMERGING SCIENCE AND TECHNOLOGY
E-ISSN: 2349-7610
intervals that can be measured by any cardiac related signal.
of interval differences of successive normal-beat-to-normal-
However, the current, ECG is preferred compared traditional
beat intervals greater than 50milliseconds.
biometric. It is because of the following reasons
6. R-PEAK DETECTION
• Universality: ECG is inherent and natural, and can be
In order to avoid erroneous conclusions, it will be better if
collected from any living human subject.
only sinus rhythms are present in the tacho gram. Therefore,
• Permanence: ECG is stable over a large period of time. Even
pre-processing of the RR interval time series is very necessary
though certain localized characteristics of the pulses might get
.A normal ECG trace consists of a P wave, a QRS complex
distorted, the overall diacritical waves are still observable.
and a T wave. The P wave is the electrical signature of the
• Uniqueness: The inter-individual variability of ECG is a result of several parameters that control the waveforms. • Robustness: Because of the uniqueness and the person's own characteristics, it is extremely difficult to steal and use someone' s ECG, and it is equally difficult for an individual to mimic someone else's heart signals as they are the outcome of a combination of several sympathetic and parasympathetic factors of the human body. • Liveness detection:
current that causes atrial contraction, the QRS complex corresponds to the current that causes contraction of the left and right ventricles, and the T wave represents the repolarization of the Ventricles. The QRS complex is the most characteristic waveform of the signal with higher amplitudes. The R peaks have the largest amplitudes among all the waves making them easiest detect. However, QRS detection is difficult. It is not only because of the physiological variability of the QRS complex , but also
unlike other biometric technologies,
because of the various types of noise that can be present in the
ECG is collected from the living legitimate subject without
ECG signal. Noise sources include muscle noise, arte facts
requiring extra computational effort.
due to electrode motion, power-line interference, baseline
HRV can be analyzed by using two major techniques .One is
wander, and T waves with
statistically analyzing a sequence of RR intervals of ECG in
similar to QRS complex. Figure 2 shows a noisy ECG signal
time domain. The other one is analyzing the spectrum of the
(the upper part) and the output of QRS detection after pre-
same RR intervals of ECG data in frequency domain. In this
processing (the lower part). The peak amplitudes show the R
study, HRV will be analyzed in time domain since ECG
peaks of ECG signal
high frequency characteristics
signals are recorded in time series. Therefore, it can reduce computational complexity and save more resources. Time domain measures of HRV based on the data of the intervals between adjacent normal QRS complex have two major approaches. One is derived from direct measurements of normal beat to normal beat, NN intervals, which consist primarily of SDNN, the standard deviation of NN intervals. The standard deviation reflects all the cyclic components
Fig 2. Before and After the Pre-processing of ECG signal
responsible for variability in the period of recording. It can be calculated for 24 hours long-term recordings or for short term,
7. DATA AUTHENTICATION MODEL
five minutes recordings. In most heart rhythms, NN interval is
In the proposed model, the message authentication code
equivalent to the R-R interval. Another is derived from the
(MAC) can be generated with the input of biometric feature
difference between NN intervals and most commonly used
and hashes that are calculated based on the original message
measures include RMSSD and pNN50. The RMSSD is the
as shown in Figure 3 . Then, the message will be sent to the
square root of the mean squared differences of successive
destination. At the destination point, if the received signal
difference NN intervals. The pNN50 represents the proportion
matches statistically, it will be accepted and authenticated. Otherwise, the message is denied and discarded. The key point
VOLUME-2, SPECIAL ISSUE-1, MARCH-2015
COPYRIGHT © 2015 IJREST, ALL RIGHT RESERVED
140
INTERNATIONAL JOURNAL FOR RESEARCH IN EMERGING SCIENCE AND TECHNOLOGY
E-ISSN: 2349-7610
of this technique is to utilize the statistically same biometric
ID cards or passwords. Human trait recognition and
information at both ends without any synchronization to
identification based on who you are, that is, biometrics is far
secure data distribution within WBAN. Figure 4 shows the
less susceptible to:
proposed biometric-based security for data authentication in
Duplication
WBAN.
Error
Mistakes
Fraud,
Forgery
7.2 Disadvantages Biometric technologies apply to human beings, they are affected and are limited by many situations that may affect the individual. For example, fingerprint technology may not be effective if the subject has dirty, deformed, or cut hands; iris Fig 3 Biometric Feature Used to Calculate MAC
technology may not be effective if the subject has a bad eye; and voice technology may be affected by infections. Also background noise can interfere with voice recognition systems. Affordability: Because biometric technologies are new technologies, they tend to be rather expensive without widespread use. For example, facial and voice recognition and iris technologies are still not yet affordable.
8. CONCLUSION Fig 4. Proposed Biometric-based Security for Data
In this paper, a biometric-based security framework proposed for data authentication within WBAN. Secure communications
Authentication
in BANs are strongly required to preserve a person‟s health
Authentication, itself, is used to simultaneously verify both the
privacy and safety. Especially, in some applications, security
data integrity and the authenticity of a message. Nevertheless,
attacks could even threaten the lives of people. Specifically,
encryption is also needed to protect data in transit especially
the sender's electrocardiogram (ECG) feature is selected as the
for data being transferred via networks. Therefore, encryption
biometric key for data authentication mechanism within
approaches in WBAN must be designed with low cost.
WBAN system. Therefore, patient's records can only be
However, the key distribution and management are difficult
sensed and derived personally from this patient's dedicated
and challenging in resource limited sensor nodes, especially in
WBAN system and cannot be mixed with other patients. The
biomedical sensor nodes. In this work, the biomedical signals
security system in WBAN must be implemented with low
are encrypted by using biometric feature as a cipher key to
computational complexity and high power efficiency. In this
remove the need for key distribution in WBAN
proposed approach, a low cost authentication challenge is addressed specifically by using biometric information instead
7. ADVANTAGES & DISADVANTAGES OF
of cryptographic key distribution. Thus, it will certainly save
BIOMETRICS
resources while adequate security measures are employed. The
7.1 Advantages
future work is to build experiment based on the proposed
The advantages of biometrics are that it is based on who you
system and to improve the system if needed.
are as opposed to what you have and what you know, such as VOLUME-2, SPECIAL ISSUE-1, MARCH-2015
COPYRIGHT © 2015 IJREST, ALL RIGHT RESERVED
141
INTERNATIONAL JOURNAL FOR RESEARCH IN EMERGING SCIENCE AND TECHNOLOGY
E-ISSN: 2349-7610
REFERENCES [1]
P.Abina, K Dhivyakala, L.Suganya, S.Mary Praveena “Biometric Authentication System for
Body Area
Network Vol. 3, Issue 3, International Journal of Advanced Research in Electrical, Electronics and Instrumentation Engineering, Coimbatore, India March 2014 [2]
Sofia Najwa Ramlil, Rabiah Ahmad, Mohd Faizal Abdollah,
Eryk
Dutkiewicz4
“A
Biometric-based
Security for Data Authentication in Wireless Body Area NetworK(WBAN),ICACT January 27 ,2013 [3]
Systems and Network Analysis Center Information Assurance
Directorate
by
National
Security
Agency,United states of America,2013 [4]
Lin Yao, Bing Liu, GuoweiWu, Kai Yao and JiaWang1,” A Biometric Key Establishment Protocol for Body Area Networks”, IJDSN, vol 2011
[5]
L. Eschenauer and V. D. Gligor, ‘A Key-Management Scheme forDistributed Sensor Networks’, Version: pp. 41–47, November 18–22, 2002
[6]
H. Wang. H. Fang. L. Xing. and M. Chen. "An Integrated Biometric-Based Security Framework Using Wavelet-Domain Networks
HMM
(WBAN)."
in 2011
Wireless IEEE
Body
Area
International
Conference on Communications (ICC). pp. 1-5. Jun 2011. [7]
S.-D. Bao, L.-F. Shen, and Y.-T. Zhang, "A novel key distribution of body area networks for telemedicine ," in 2004 IEEE International Workshop on Biomedical Circuits Systems, 2004, pp. 2-5.
[8]
A. Jovic and N. Bogunovic, "Feature set extension for heart rate variability analysis by using non-linear, statistical and geometric measures," Proceedings of the ITI 2009 31st International Conference on Information Technology Interfaces, pp. 35-40, Jun.
VOLUME-2, SPECIAL ISSUE-1, MARCH-2015
2009.
COPYRIGHT © 2015 IJREST, ALL RIGHT RESERVED
142