Security Solution For Data Integrity In Wireless ... - Computer Science

Security Solution For Data Integrity In Wireless BioSensor Networks Vidya Bharrgavi Balasubramanyn, Geethapriya Thamilarasu and Ramalingam Sridhar University at Buffalo, Buffalo, NY 14260-2000 {vbb,gt7,rsridhar}@cse.buffalo.edu 1 Abstract—In this work, we propose energy-efficient security mechanisms for data integrity in body biosensor networks which are a specialized type of ad hoc networks. In such a resource constrained network of embedded sensors, it is a challenge to ensure the authenticity and freshness of collected data. In this paper, we construct a security scheme to identify attacks on data freshness and preserve message integrity in these networks. We use a message authentication code algorithm and permissible round trip time thresholds to detect network intrusions. We define the security goals in the specific application of biosensor networks and provide a robust security solution while achieving energy conservation. We have implemented a prototype framework in GloMoSim to assess and evaluate the robustness of our detection mechanism. Index Terms—Ad hoc wireless networks, biosensor, security, authentication, data freshness

I. I NTRODUCTION Recent advances in wireless communication and microsensor technology, have increased interest in the field of intrabody wireless biosensor networks. A body biosensor network is a group of wireless sensor nodes used to measure biological parameters which can provide valuable medical information. The microsensors placed within the body constitute a special kind of wireless ad hoc network. These sensors may communicate among themselves without a centralized infrastructure managed by a base station. They are, however, constrained in their network size, computation and communication abilities. The energy dissipated must be kept low, as they are embedded within a body. The node population in the network cannot be too high in order not to obstruct the body’s normal functions. Body biosensor networks can prove very valuable in medical applications where constant, accurate and ubiquitous measuring is required on a human body. Areas and parameters that may not be reachable by normal probes may easily be monitored with these networks. They can be used for various applications such as rehabilitation, athlete training, disease monitoring [3] and post-operative support for internal organs [2]. These networks can be used in the battlefield, space stations, high radiation areas and biomedical facilities. 1 Corresponding Author : Ramalingam Sridhar, Department of Computer Science and Engineering, 201 Bell Hall University at Buffalo,The State University of New York, Buffalo , NY 14260-2000 U.S.A. Phone: (716) 645-3180 ext. 136. Fax: (716) 645-3464 Email: [email protected]

An important application is in the domain of health care and patient monitoring. Due to the inherent limitations and unique characteristics of these networks, common sensor network security protocols may not satisfy all requirements or be adaptable to the specific environment. The nature of data in medical applications necessitates that every body sensor network must satisfy certain security requirements. The vital medical information must maintain its integrity and freshness to ensure correct and timely response to the data collected. If the information is tampered with by an unfriendly entity, it may prove dangerous to the patient and may be fatal during critical condition monitoring. Data freshness and message integrity are hence important properties to be maintained in body area networks especially in the case of rapidly spreading infectious diseases or radiation effects. Most of the prior research on these topics have already dealt with some resource constraints of sensor networks. But the limitations are more severe in the case of biosensor networks. The security solutions proposed for generic wireless sensor networks, will hence prove unsuitable for body biosensor networks [4]. Also, these solutions are not tailored for a specific application in terms of network model and characteristics. In this work, we propose an application specific protocol for biosensor ad hoc networks to ensure that the data communicated is not altered or tampered, using hashed message authentication algorithms. We also propose a solution to prevent delay attacks and maintain the data freshness in this network. Our solution conforms with the resource limitations of a body area network. The remainder of this paper is organized as follows. In section II, we summarize the related work in security solutions for sensor networks. In Section III, we discuss the security challenges to body biosensor networks and explain their importance. In Section IV, we present our system model and assumptions for our solution. We introduce an attack model for biosensor networks in section V. In section VI, we describe our proposed solution and its design. We also discuss the cost evaluation of the proposed message authentication scheme. Finally, we present our conclusions and substantiate our argument with simulation results in section VII. II. R ELATED W ORK Prior work in the field of security for biosensor networks, has been in the area of key cryptosystems using some variation

of the body metrics to generate the secret keys. S. Cherukuri et al [4] improvised on the key management scheme for a sensor network using biometrics obtained from the host body. The pseudo-random number required for the cryptosystem is generated from the properties of the body itself. Shu-Di Baa et al [5] [6], propose a security scheme for body area networks using symmetric cryptosystem where the body’s physiological signals are used for secure key distribution. In their work, heart rate was used a parameter in experimental analysis. S.K.S. Gupta [7] and S. Warren et al [8] discuss the platforms and system structure that may be used to measure the security and feasibility of body area networks. A number of researchers have adapted security protocols for resource constrained environments. Deng, Han and Mishra [9] propose to isolate a malicious node by updating the forwarding tables at each node using one way hash sequences. SPINS [10] uses the TESLA and SNEP protocols [11] to provide authentication and security against delay attacks. It uses asymmetric key encryption using delayed disclosure of key and one way hash sequences. While this mechanism may be applicable and efficient in other networks, it does not specifically address the constraints in a body biosensor network. ARIADNE [12] uses one way hash chains against route request flood attacks for ad hoc sensor networks. However, this solution requires significant computation and is hence not suitable for resource constrained biosensor networks. The issues of message authenticity and time delay introduced by a malicious entity are serious problems in a biosensor network. The security solution devised for these challenges must ensure minimal overhead expenses. Since our scheme does not increase the communication costs or the byte overhead in the network, it proves to be an energy efficient solution. By using a heterogenous network model to suit our biosensor application, we distribute the computation costs over the network. This reduces the overall processing expense at the nodes. III. S ECURITY C HALLENGES Security is an important aspect in any network. Specifically in the applications of body biosensor networks, it is critical to maintain the confidentiality and privacy of sensitive medical data. Malicious capture of the private data affects its genuineness and may cause harm to the patient. Similarly interference from other machines or networks may also pose a security threat. Securing a network includes the important issues of Authentication (identity verification of communicating device), Confidentiality (compromise of private information), Integrity (the data/message must be genuine and error- free) and Availability (loss of energy and other resources). This network however, poses greater importance and challenge to ensure data and node authentication, data confidentiality and freshness. Since we consider a network of minute motes implanted within the body - mobility and physical capture are lesser threats. Availability of nodes is another important issue but is beyond the scope of this work.

We explain these security challenges specific to the case of biosensor networks. A. Authentication Authentication is a property which enables a node to verify the identity of other nodes in the network. Posing as an authenticated member of the network, an adversary can affect the trust between the nodes and disrupt the network communication. A malicious node may masquerade as an authentic node and obtain access to all confidential and sensitive data in the network. In a biosensor network, it is essential to ensure the identity of the node from which data is gathered, as information obtained from a compromised node might affect a patient’s treatment. Also, it is important that the data collected from a genuine node must not be ignored. B. Confidentiality, Privacy Confidentiality ensures that vital information is disclosed only to privileged entities in the network. The data is not accessible to other nodes that do not possess the required credentials. In biosensor networks, the nodes transmit highly sensitive medical data. This information is protected by the HIPAA act and must be protected from unauthorized entities. The patient’s individual privacy also necessitates that the data be transmitted securely and safely. C. Freshness Data freshness guarantees that the information obtained from a node is recent and not a replay of old packets. In most cases, the validity of the sensed data elapses after a certain time period. An adversary can delay the transmission of a packet and replay the message at a later time interval, thus affecting the freshness of the collected data. In many applications the measured data is often useful only if it is fresh. In the case of biomedical patient monitoring, the data collected must be new and as recent as possible. For example, in the case of infectious diseases, the extent of spread must be gauged accurately and in a timely manner. The information available to the doctors must be current. Hence we must ensure that there is no replay of messages. D. Message integrity Message Integrity assures that the data received at a destination node is not corrupted. It must be certified that the data remains unaltered maliciously or accidentally from the time of measurement till it is used for decision making. An unauthorized node might modify or tamper the message. Message integrity is thus a very important requirement in biosensor networks due to the sensitive nature of data recorded and transmitted. False or modified data may result in incorrect treatment and harm the patient. IV. S YSTEM M ODEL AND A SSUMPTIONS We classify body biosensor networks as an application specific type of ad hoc network. Our network model is illustrated in Fig. 1. We visualize these biosensor networks as a group of member nodes that is implanted inside the body previously. We

assume a monitoring device such as a data aggregating node or instrument outside the body which may be a base station. The sensor nodes in our network communicate with each other and with the base station. These nodes communicate with the base station through a request-response mechanism. The base station then transmits data to the information processing device that aids in medical decision making.

V. T HREAT M ODEL In this section, we introduce the security threats that may be targeted at a wireless biosensor network. In this work, we focus on the threats compromising data freshness and message integrity. A. Data Freshness Attack In data freshness attack, an adversary deliberately introduces a delay in the packet transmission or replays old messages to cause disruption in data aggregation [10].

X Node A

X Malicious node M X Node B

X X Fig. 2.

Fig. 1.

Network Model

In our application, we use multi hop communication to forward the message packets between the source and destination nodes. The base station is responsible for message authentication and detecting malicious nodes in the network. We assume the following properties in our network: 1) The biosensor nodes in this network are mostly stationary. 2) Pre-determined static routes are primarily used for node communication. 3) Base station possesses higher energy and computation resources than other nodes. Computational abilities of the individual sensor nodes however are limited. Some of the limitations of the network are that the sensors are small in size as they are embedded within the human body. Also since these sensors are resource constrained, the network energy dissipation must be minimal.

Base Station

Example of a malicious node

We give an example scenario of data freshness attack in Fig. 2. When a genuine node B receives a request, it transmits the response within a permissible time delay. Also in a normal network scenario, the message packets are transmitted in a sequence to aid in the data collection at the Base Station. The malicious node M can overhear this communication and capture the data packets. It may then cause a replay attack by introducing a packet forwarding delay. Such delayed packets reach the destination after a tolerable time delay and mislead the destination node about the time of transmission. The receiver may be deceived by the adversary to accept obsolete data packets. This attack thus prevents data freshness with severe consequences in body area networks. B. Authentication Attack A malicious node may sometimes tamper with an authentic message before sending it to the receiver in order to misguide the network node. It could also inject unauthenticated message packets into the network [13]. Such altered and corrupted data packets might be a serious problem in a body sensor network as any kind of misinformation may lead to imprecise treatment and results in fatalities. During communication, a node relaying a message generates an authentication code for its transmission. A receiving node, with the knowledge of the sender’s identity expects a certain authentication code in order to accept a message. A malicious node interrupts this communication and alters the message being forwarded. It may inject spurious data into the packet, remove some authentic data or simply corrupt the message blocks. This kind of attack is an impediment to the integrity

of information. It deludes the receiver about the authenticity of messages from the sender. VI. P ROPOSED S OLUTION In this section, we propose a security solution to achieve data freshness and message authentication in body area biosensor networks. Our security design consists of two mechanisms as described below.

Figure 3 shows the expected, as well as abnormal packet transmission delays. By periodically calculating the estimated RTT values, the base station can detect stale packets. This figure demonstrates the ability of the base station to identify the data freshness attack. We observe varying packet delays by monitoring the network over different time intervals. The graph shows that the base station identifies abnormalities when the delay values peak beyond the acceptable threshold.

A. Data Freshness

100

∆t < γ

(1)

where the network delay threshold (γ) is the threshold value beyond which there is network failure. Let the base station send a request to the node at time t. The base station operates on the criteria that it expects a response from the node within the specified interval of time t + ∆t. The time interval ∆t accounts for request time, response time, sensing and measuring time and all other network delays. ∆t = tRq + tRs + tmd + ∆L

(2)

where tRq = Request transmission including hops; tRs = Response transmission including hops; tmd = Time for sensing and measurement and ∆L is the sum of possible lags before the desired response reaches the base station. This includes communication delay (delays in transmission and propagation), encryption delays and look-up delays. An uninterrupted node communication ensures that the data response is sent within the time period t + ∆t, including the sum of all delays ∆L. When a destination fails to receive a response in time period t + ∆t, we suspect network abnormality or irregularity.

% detecn with our protocol % detecn with other protocol 90 80 70

% detection

We provide a solution to maintain data freshness by periodically calculating the round trip time (RTT) delay of a packet. In our scheme, the base station relays a permissible RTT delay value (∆t) to other nodes in the time field in its request packet. We ensure that

60 50 40 30 20 10 0 10

15

20

25

30

35

40

45

50

55

60

% of malicious nodes

Fig. 4.

Detection with Delay Algorithm

Figure 4 shows the detection performance of our algorithm in the case of delay or replay attacks. We simulate malicious nodes in the network and use our security mechanism to detect the attacks. The malicious nodes capture the packets and forward it to the receiver after a time delay that is more than the permissible network lag. We vary the percentage of malicious nodes in the network from 10 to 60 and note the ratio of successful detection in the network. We also simulate the case without incorporating our detection scheme and examine the difference in performance. We can see that our security design has a higher detection ratio even when there are a large number of malicious nodes in the network. Given the specific application of biosensor networks, this algorithm is well suited and also accomplishes greater resilience to delay attacks. B. Message Authentication

12 ’delay.dat’

Delay of Packets (sec)

10

8

6

4

2

0 8

10

12

14

16

18

Time Period

Fig. 3.

Time period Vs Packet Delay

20

22

We authenticate the communication between node and the base station using message authentication code (MAC) algorithms. We develop cryptographic functions using a string sequence of numbers to calculate the MAC keys. During the network initialization phase, we bootstrap the authentic nodes with a sequence of numbers (X1, X2 ... Xn). Each number in the sequence is used to calculate the key for a single communication session. This number represents a single block of messages sent i.e. an individual communication session. The sender node computes the message authentication code using the MAC key over the data packet which serves to verify the content. The sender then authenticates the packet with the shared encryption key and the same MAC algorithm as it has knowledge of the key used.

We choose a cryptographic hash function such as MD5 [14] which is a message digest algorithms meant for digital signature applications for messages before encrypting with a secret key. MD5 is slower, but more secure than other algorithms for sensor network security and is easier to implement [15]. Each node in the network is identified with a node address n. To generate the MAC key, the sender performs a one-way hash function n number of times on a value from the number sequence x1. Hence the first packet is verified with a MAC key of K1 = Fn (x1)

(3)

Fn (x1) = F (F (F (x1)..ntimes.

(4)

session uses different values for the cryptographic function, it is not easy for an adversary to decrypt the packets with the possession of previously captured packets. We simulate the authentication attack and detection mechanism using GloMoSim [1] network simulator. The MAC layer protocol used is incorporated using IEEE 802.11. CBR sessions are used to generate data traffic in our network. All the data packets are constant at 512 bytes and at a speed of four packets per second. We vary the number of authentic and malicious nodes present and simulate the network. We vary the total number of nodes in the network from 10 to 50.

where

Authentication Protocol 100 ’auth.dat’ 90

M = M AC(Kmac , M SG).

(5)

Once the authentication code has been calculated and appended to the message packet, it must be encrypted with the shared key between the sender and receiver. Using the key encryption algorithm, we obtain the encrypted text. This encrypted text is now ready to be communicated to the receiver. Menc = M SG(Ken , DAT A).

(6)

where Ken is the shared secret key between the node and the base station. Since the receiver possesses knowledge of the hash function used, the sequence values and the node address, it can verify the authenticity of the MAC key by performing the same calculations. Some security protocols such the TESLA and those that use their authentication mechanism [12] disclose their authentication key after a time delay. We do not disclose the authentication key at any point of time in the network. This makes it more difficult for an eavesdropper or adversary to try and guess the key sequence used. Even if the adversary captures some of the packets transmitted, without knowledge of the algorithm and key sequence, the captured packets will serve no purpose and cannot pose a danger to the network. Also, since the next communication

80 70

% detection

The second MAC key value generated is K2 = F (K1) and the consequent MAC key values are generated by applying the function on the previous MAC key. For the subsequent transmission sessions, we perform the same process, but begin with the next sequence value x2 instead of x1. This is an added security measure to ensure authentication even if x1 of the previous session has been compromised by an adversary. The communication session blocks for a bio-medical sensor network are relatively shorter than for a normal network. This gives us an advantage in limiting the time available to the adversary to breach the security. After the sender computes the secret key for each packet, it is used to calculate the message authentication code on the data to be transmitted. The algorithm we use is as follows:

60 50 40 30 20 10 0 0

10

20

30

40

50

60

70

% of malicious nodes

Fig. 5.

Authentication Protocol

Figure 5 measures the performance statistics of our detection scheme. We vary the percentage of malicious nodes in the network from 10 to 60. These malicious nodes tamper with the message packets and forward them to the receiver as genuine data. The receiver node calculates the message authentication code over the packet using our algorithm. Hence, it identifies the false data by comparing the calculated value with the MAC value received from the sender. Our scheme differs from other message authentication code algorithms in the key assignment mechanism. The method we use to initializing the MAC keys is effective and less energy consuming. With varying percentage of malicious nodes in the network, we find a high measure of detection capability. C. Cost Evaluation of Authentication Scheme Biosensor type ad hoc networks are extremely stringent in their resources and computational capability. Hence, it is essential to provide a low cost security mechanism to detect authentication attacks. Conventional security protocols such as SPINS consume energy for route discovery and route table updating and are thus more expensive. Static routes are more suitable for small sized sensor networks for biomedical networks. We do not require the nodes in our network to be necessarily time synchronized with other nodes and the base station. This may be difficult to maintain in body area networks especially if repeated adjusting or checking is performed. Our scheme

relies only on the time stamps on message packets that do not demand additional computation or energy. Most algorithms generate the key chain sequences continuously. This provides good security, but is expensive in the case of a biosensor network. Our scheme generates the MAC key only according to the number of message packets and blocks on demand. We have thus proposed a security solution to overcome the attacks on data freshness and data authentication. Our scheme however, adapts itself to the specific resource constrained environment of a medical biosensor network, unlike other generic sensor network solutions. Most of the energy costs in a network are from additional transmission required by the protocols. Our message integrity check algorithm does not have any overhead costs such as delayed key disclosure, route requests and separate authenticating packets. The integrity checksums calculated by our algorithm is added onto the data payload and does not occupy large blocks. VII. C ONCLUSION In this work, we have designed a security protocol for wireless biomedical sensor network applications. Our scheme overcomes the challenges of attacks on message integrity and data freshness. We adapt our scheme to the resource constraints of a body biosensor network. Our solution effectively reduces the computation and communication energy costs. The cryptographic algorithm we use also consumes less memory space. Using simulations, we have proved the efficiency of our protocol for this specific application of ad hoc networks. R EFERENCES [1]

GloMoSim -Global Mobile Information Systems Simulation Library, http://pcl.cs.ucla.edu/projects/glomosim/, [2] O. Aziz, B. Lo, R. King, G. Z. Yang, A. Darzi Pervasive Body Sensor Network: An Approach to Monitoring the Post-operative Surgical Patient, International Workshop on Wearable and Implantable Body Sensor Networks, Apr. 2006, pp.1318 [3] C. Glaros, D.I. Fotiadis, A. Likas, A. Stafylopatis A Wearable Intelligent System For Monitoring Health Condition and Rehabilitation of Running Athletes, Proc of the 4th Annual IEEE Conf on Information Technology Applications in Biomedicine, UK, 2003 [4] S. Cherukuri, K. K. Venkatasubramanian and S. K. S. Gupta A Biometric Based Approach for Securing Communication in Wireless Networks of Biosensors Implanted in the Human Body, Proceedings of the 2003 International Conference on Parallel Processing Workshops (ICPPW03) [5] S.D. Bao, L.F. Shen, Y.T. Zhang A novel key distribution of body area networks for telemedicine, Proc. IEEE International Workshop on Biomedical Circuits and Systems, 2004, pp.S2.1 17-20 [6] S.D. Bao, Y.T. Zhang, L.F. Shen, Physiological Signal Based Entity Authentication for Body Area Sensor Networks and Mobile Healthcare Systems, Proc.27th IEEE Int’l. Conf. Eng. Med. and Bio. Soc., Shanghai, China, Sept. 2005 [7] imPact Mobile Computing , http://impact.asu.edu/Ayushman.html, [8] S. Warren, J. Lebak , J. Yao , J. Creekmore , A. Milenkovic , and E. Jovanov Interoperability and Security in Wireless Body Area Network Infrastructures, EMBC, Shanghai China, September 2005. [9] J. Deng, R. Han, S. Mishra INSENS: INtrusion-tolerant routing in wireless SEnsor NetworkS Technical Report CUCS-939-02, Department of Computer Science, University of Colorado, Nov. 2002. [10] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. Tygar Spins: Security protocols for sensor networks, Wireless Networks Journal(WINET), 8(5):521534, September 2002 [11] A. Perrig, R. Canetti, J. D. Tygar, D. Song The TESLA Broadcast Authentication Protocol, CryptoBytes, 5:2, Summer/Fall 2002, pp. 2-13

[12] Y. C. Hu , A. Perrig, D. B. Johnson Ariadne: A Secure OnDemand Routing Protocol for Ad Hoc Networks, MobiCom’02, September 2326, 2002 [13] A. Perrig, J. Stankovic, D.Wagner Security in Wireless Sensor Network: Issues and Challenges, Communications Of The ACM June 2004,Vol. 47, No. 6 [14] R. Rivest The MD5 message-digest algorithm. RFC 1321 Internet Engineering Task Force (1992). [15] RSA Security Laboratories, http://www.rsasecurity.com/rsalabs/node.asp?id=2253