190 likes | 276 Views
Secure Cluster Formation in BSN using Physiological Values. Krishna Venkatasubramanian IMPACT Lab CSE 591 Embedded Networks Final Presentation. Overview. Pervasive Healthcare Biomedical Sensors and Stimuli Physiological Value-based Security Secure Cluster Formation Security Analysis
E N D
Secure Cluster Formation in BSN using Physiological Values Krishna Venkatasubramanian IMPACT Lab CSE 591 Embedded Networks Final Presentation
Overview • Pervasive Healthcare • Biomedical Sensors and Stimuli • Physiological Value-based Security • Secure Cluster Formation • Security Analysis • Prototyping Results
Camera EEG EKG BP SpO2 GPS Mp3 PDA/ Gateway Feedback for Adaptation Medical Sensor Plane Motion Sensor Actuation (drug-delivery) Management Plane Knowledge Generation Plane Doctor Physiological Data Knowledge Patient • Collect Medical Data • Local Processing • Medical Actuation • Storage Management • Sensor Management • Generate Context Generate Knowledge Pervasive Computing & Healthcare Pervasive Computing Pervasive Healthcare Use Pervasive Computing for day-to-day healthcare management (monitoring + treatment), made possible by development of biomedical sensors Personalized computing power available everywhere, by embedding computing in user’s environment. BSN • Features: • Merger of Physical and Virtual Space • Uses computing entities which are: - tiny/ cheap - specialized - unsupervised - interconnected • Features: • Extends BSN with embedded medical sensors • No time & space restrictions for healthcare • Better coverage and quality of care to all. Overview Some Applications Sports Health Management Assisted Living Disaster Relief Management Medical Facility Management GOAL:Enable independent living, general wellness and disease management.
Biomedical Sensors (Biosensors) Inter-Pulse-Interval (V’1) Inter-Pulse-Interval (V1) EKG EKG Inter-Pulse-Interval (V2) = = Inter-Pulse-Interval (V’2) PPG PPG • Physiological Values (PV): Measure Stimuli from bodye.g. EKG, PPG(Photoplethysymograph) • PVs are universally collectable, vary with time and can have similar values in one human being • Biomedical Sensor Platforms • In-vivo sensors • Are primarily at experimental stage • Measure one stimuli • Wearable sensors • Groups of sensors packaged together • Products available • Have wireless capability • Generic Sensors • Measure environmental stimuli • Can perform wireless communication • Used in medical monitoring projects, Code Blue @ Harvard • Mica2, MicaZ, TelosB Nano-scale Blood Glucose level detector Developed @ UIUC Mica2 based EKG sensor AMON Wearable Health Monitor • Properties • Small form factor • Limited processor, memory, communication capabilities • Form large networks within body for energy- efficiency Life Shirt Ambulatory Monitoring
Base Station Leader Node (LN) Cluster Sensor Nodes (SN) Biosensor Net: Security & Energy-Efficiency • Security • Healthcare systems collect sensitivemedical data from a patient. • Patient’s privacy is a legal requirement (HIPAA). • Health information of a person can be taken advantage of. • Attacks • Fake emergency warnings. • Prevent legitimate emergency warnings • Battery power depletion • Tissue heating • Energy-Efficient Topologies • Biosensors have limited capabilities • Topological formations helps in reducing energy consumption • Many topologies possible: Cluster, Tree … • Cluster is one of the most energy-efficient topologies. • Security and Topology • Topology formation • Not traditionally secured • Open systems toattacks during topology formation. Example: Sinkholes • Securing topology formation a must
PVS: Physiological Value based Security ECG, Heart/Pulse Rate • Principle Idea: Use PVs as security primitives in biomedical sensor networks: • Hide cryptographic keys • Authenticate and secure biosensor communication • Examples: • Blood Pressure, Heart Rate, Glucose level • Temporal variations in different PVs. • Combination of multiple PV • PVs values at two location slightly different • Use Error Correction Codes like Majority Encoding for correction Blood Pressure + Blood Glucose Easier and safe key generation • Cheaper key distribution Sensors
Value Time Aspects of Physiological Values Required Properties of Physiological Values FOUND: Inter-Pulse-Interval (IPI), Heart Rate Variation (HPV) FUTURE QUEST: Find Others… • Universal • Should be measurable in everyone • Distinctive • Should be able to differentiate 2 individuals • Random • To prevent brute-force attacks • Timevariant • If broken, the next set of values should not be guessable. Physiological Certificate • Cert = MAC (Key, Data), γ Where γ = Key PV • hides the actual Key used for computing the Message Authentication Code (MAC) over the data for integrity protection.
PV Based Communication Measure Pre-defined PV @ Sender PVs & Receiver PVr Generate Random Key @ sender Randkey Cert = MAC(Randkey, Data) , γ where γ = PVs Randkey Compute Physiological Certificate with Key Rand on Data Send Message <Data, Cert, γ> Receiver message Unhide RandKeyusing PVr and γ from the Cert RandKey’= PVr Cert. γ Correct RandKey, verify certificate by computing MAC RandKey’’ = ECC(RandKey’) Cert == MAC (RandKey’’, Data) ? Error Correction Code used Majority Encoding [Juels99,CVG03]
Communication Scheduling for PVS • PVs unpredictable vary with time • At a given time PVs measured at co-located sensors are similar Time-slot • At MT, both sender & receiver measure a pre-decided PV • At TT, sender and receiver communicate using the PV measured in the MT before Sender Sequence 1 3 7 Receiver Sequence 6,9 7 * Measurement Time (MT) Transmission Time (TT) Broadcast (used for solicitations) • Schedule is computed apriori by BS, based on network topology and communication requirements, and distributed to sensors • Duration of time-slot variable, can be chosen based on PV strength and estimated time to compromise it. • Once PV newly measured, old values are NEVER reused
Choosing Physiological Values PV1 PV0 • Identified PVs • Inter-Pulse-Interval (IPI) [PZ06]. • Heart Rate Variation (HRV) [BZZ05] • PV Distinctiveness Testing • Performanceevaluation criteria: • False Rejection Rate (FRR) • False Acceptance Rate (FAR) • FAR and FRR increased if two PVs lack synchronicity. • Randomness of PVs verified using Chi-Square Test. • Interference possible: • Drastic difference between PVs of two people will prevent un-wanted communication HRV HRV Encoder Encoder I1 Io 128 bits Hamming Distance 128 bits < 22 bits (same person) 90 bits (different person) Radio-range for Intended communication Interference
Advantage of Using PV Based Security Traditional Secure Biosensor Network Communication S R BS Topology Formation Key Distribution Secure Communication • Unsecured • Cluster • Linear • Use distributed keys • Diffie Hellman (ECC) • Pre-deployed Keys • Master Key based Assignment… PV based Secure Biosensor Network Communication S R BS Secure Topology Formation Secure Communication • PV based security • Centralized Cluster Formation • Distributed Cluster Formation • Use PV for sensor-sensor secure communication Key Distribution Completely Eliminated VERY EFFICIENT
Cluster formation & Security Flaws LN3 LN1 LN2 Hello-Flood Attack • Leads to the formation of Sinkholes • The sinkhole can now mount selective forwarding attacks on the sensor in its “cluster”. Reason • All solicitations supposed to be from LN only. • Each LN is assumed to be trustworthy. Traditional Cluster Formation Technique SN1 SN2 SN3 SN4 SN5 SN6 Weaker signal Flaws in Traditional Cluster Formation Malicious Node LN1 LN2 SN1 SN3 SN2 • Problem: • Traditional cluster formation protocol is not secure.
Secure Cluster Formation • PV based inter-sensor communication • NO explicit key distribution Assumptions • Wireless Medium NOTTrusted • Base Station Trustworthy • Physical compromise of sensors difficult (ambulatory patient) • Jamming not considered • Leader Nodes identified apriori cluster formation • Clusters are temporary topologies. • Leader Nodes rotated at regular intervals.
Centralized Cluster Formation Base Station Nc NA NB Nc NA NB NC N4 N3 N1 N2 Solicitation (N3 *) :N3, Cert [N3] Relay (NC BS): N3, NC, SS, Cert( N3, NC , SS) Relay (NB BS): N3, NB, SS, Cert( N3, NC , SS) Reply (BS N3) : NC, Cert(NC)
Distributed Cluster Formation NC NA NB N1 N3 N2 N4 Solicitation (NB * ):NB, Cert [NB] Reply (N3 NB): N3, Cert[ N3, NB] Reply (N2 NB): N3, Cert[ N3, NB]
Security Analysis Centralized Protocol Vulnerability Distributed Protocol • Relayed messages cannot be authenticated as no Cert as spoofed LN cannot measure PV • Spoofed LN cannot measure PV, so no valid Cert Spoof LN Spoof Sensor Nodes • Adversary cannot measure PV, illegal Cert appended to reply • Adversary cannot measure PV, illegal Cert appended in solicitation Compromise Physiological Values Will FAIL to protect Will FAIL to protect Very Important to Choose good PVs
Entity Centralized Distributed Base Station 15.2KB --- Leader Node 12.8KB 12.5KB Sensor Node 13.5KB 13.9KB Prototype Implementation Promiscuous Listener Logical Setup: BS LN • Implementation on Mica2 motes. • Promiscuous listener used to see workings of the protocol. • Attacked the setup, • Spoofed LN • Spoof SN • Attacks Thwarted LN Spoofed LN SN SN Distributed Spoofed SN Centralized Actual Setup: File Sizes: Clusters SN LN LN LN LN Base Station
Conclusions and Future Work • Use of Physiological Values for establishing session keys between biosensors, for example: Inter-Pulse Interval and Heart-Rate Variation. • Prototyped protocol using Mica2 motes and tested resiliency by actively attacking it. • Future Work • Expand the set of Physiological Values used for securing biosensor communication. • Incorporate PVs into the implementation
Feasibility • Single PV for all sensors ? • All sensors cannot be expected to measure same PV. • Need enough PVs to allow senders and receivers to choose the one they have in common. • Multiple stimuli Measurement • Multi-modal wearable monitoring devices available • Vivago WristCare (Wrist Wearable) – patient activity, skin temperature, skin conductivity (http://www.istsec.fi/eng/Etuotteet.htm) • AMON (Wrist Wearable) – EKG, Blood Pressure, SpO2 [LA02] • Life Shirt (Smart Clothes)- EKG, perspiration, posture, SpO2 (http://www.vivometric.com) • For in-vivo sensors, such capabilities are not yet available to the best of our knowledge. • Powering sources: • Power-paper cells which can be printed (http://www.powerpaper.com) • Battery made of fiber that can be woven [AGS05] • Body movement and heat [ASG05] • Flexile solar cells, textile coils, even Bike dynamo [ASG05]