130 likes | 274 Views
Plethysmogram-based Secure Inter-Sensor Communication in Body Area Networks. Krishna Venkatasubramanian, Ayan Banerjee, Sandeep Gupta Dept. of Computer Science and Engineering School of Computing and Informatics Arizona State University Tempe, Arizona. Body Area Network. EEG. Definition:
E N D
Plethysmogram-based Secure Inter-Sensor Communication in Body Area Networks Krishna Venkatasubramanian, Ayan Banerjee, Sandeep Gupta Dept. of Computer Science and Engineering School of Computing and Informatics Arizona State University Tempe, Arizona
Body Area Network EEG Definition: • BAN - A network of health & environmental monitoring sensors deployed on a person managing their health. Principal Features: • Continuous real time monitoring • Remove time & space restrictions on care • Improved deployability Ideal for life-saving scenarios: • Enables caregivers on field to make informed decisions about treatment of soldiers in time-constrained scenarios. Sensors EKG BP SpO2 Base Station Base Station Environmental sensors Physiological sensors Activity sensors Motion Sensor
Security in Body Area Networks Need: • BANs collect sensitive medical data • Legal Requirement (HIPAA) • Potential for exploitation • Loss of privacy • Physical harm • Security Requirements: • Integrity • Confidentiality • Authentication • Plug-n-Play • Possible Attacks: • Fake warnings & resource wastage • Prevent legitimate warnings. • Unnecessary Actuations. Primary issue Secure Inter- Sensor Communication in BAN
Traditional Approach • Key Distribution + Secure Communication. • Pre-deployment based • Pair-wise, Network-wise, Group-wise • Pre-deployed Master Key • Domain parameters for ECC based Diffie-Helman. • Problems • Requires securesetup and initialization process • Re-keying and network wide adjustments – node addition, moving – difficult Encrypted traffic Sender Receiver
Plethysmogram based Key Agreement • Photoplethysmogram (PPG) based Key Agreement (PKA) • PPG – volumetric change in the distention of arteries due to the perfusion of blood through them during a cardiac cycle • Properties • Easy to Measure – oximeter : finger, ear lobe • Universal - measurable in everyone • Distinctive – cardiac cycle unique for each person at a give time • Low Latency – requires minimal measurements for key agreement • Time Variant – varies with time • Advantages • Plug-n-Play – deployment is enough to have secure communication • Efficiency – no additional keying material required • Automatic Rekeying – Key agreed based on current value of PPG cannot be known from knowledge of past values. System Model • BAN: • Sensors worn or implanted on subject • Use wireless medium to communicate • All sensors can measure PPG • Threats: • Active adversaries – replay, spoof, introduce messages • Passive adversaries – eavesdrop only • Tamper – physical compromise UNLIKELY • Trust: • Wireless medium not trusted • Physical layer attacks such as jamming not addressed
Details Feature Generation • Extraction: • Obtaining frequency domain features from PPG • Quantization: • For representation of features for key agreement Key Agreement • Fuzzy Vault: • Cryptographic construct used for secure exchange of data • Vault Exchange: • Key agreement between sensors using the vault construct
PPG Feature Generation 8 bit quantize 5 bit quantize 8 bit quantize 5 bit quantize Peak Index Peak Values Quantization [(kx1, ky1) (kx2, ky2) …. (kxn, fyn)] Windowed - 256 Point FFT (First 32 values of each window) Fs = [fs1 fss2 …….. fsn] 5 seconds 5 seconds Quantization Feature Extraction Windowed - 256 Point FFT (First 32 values of each window) Fr = [fr1 fr2 …….. frn] [(kx1, ky1) (kx2, ky2) …. (kxn, fyn)] Quantization Peak Value Peak Index
Key Agreement Sensors use PPG features as a basis for agreeing upon keys. Features cannot be directly used a keys as they might not be identical – due to the topographic specificity of the human body. Technique: Generate a key at one sensor Hide it using PPG features Transport it to other sensor Unhide it at the receiver We use Fuzzy Vault construct to hide/un-hide the keys as it allows hiding and un-hiding even without identical “secrets” Hide key Unhide key f f 10001001 10001001 Receiver Sender Feature exchange
Fuzzy Vault • Locks secrets S using a set of values A and can be unlocked with another set B, only if A B > • The construction and locking of the vault is done by: • Generating a vth order polynomial p over the variable x that encodes the secret S, • Computing the value of the polynomial at different values of x from set A and creating a set R = {ai, p(ai)}, where 1 i |A| • Adding randomly generated points called chaff to R which do not lie on the polynomial. • Unlocking of the vault can be done by: • Identifying a set B with significant overlap with A • Build a set Q = {(u, v)|(u, v) R, u B} • Polynomial reconstructed using points in Q using Lagrangian interpolation - Knowledge of v+1 points on a polynomial {(x0,y0),(x1,y1)….(xn,yn)} can reconstruct vth order polynomial
cfi,di Vault Locking & Unlocking Sender Receiver PPG Feature Generation Polynomial Choice Fr = [fr1 fr2 …….. frn] Fs = [fs1 fs2 …….. fsn] R p(x) PPG Feature Generation Receiving Vault p(fs1) Projection of Features On Polynomial p(fs2) p(fsn) Find common features in Fr fs1 fsn fs2 Adding Chaff Q Reconstruct p(x) p(x) Vault Unlocking Vault Locking R Send Acknowledgement Sending Vault
Security Analysis Security of the Vault for different Polynomial Order and Vault Sizes • Security of the vault depends upon number of points (R) and order of polynomial (v). • Number of combinations needed for: • Adversary = RC(v+1) • Receiver = QC(v+1) • Choose v such that: • v less than # common features between sender and receiver of same person • v greater than #common features between sender and receiver of different person • Choose R such that • Required amount of security available • Computation within manageable limits for the receiver 160 Vault Size = 300 Vault Size = 600 140 Vault Size = 1000 Vault Size = 2000 Vault Size = 5000 120 Security o Vault (Bits) 100 80 60 40 6 8 10 12 14 Order of Polynomial
False Positive vs. False Negative 0.4 False Negative False Positive 0.35 0.3 0.25 0.2 False Positive or False Negative (%) 0.15 0.1 0.05 0 1 2 3 4 5 6 7 8 9 10 11 Polynomial order Performance Analysis • Based on actual PPG data collected from 10 volunteers at IMPACT lab. • Smith-Medical oximeter used – 60Hz sampling, 5 minutes data collected. • Properties evaluated: • Distinctiveness • Needed for setting polynomial order • Total features per person = 30 • Common features same person = 12 (average) • Common features different person = 2 (average) • Time Variance • Compare common features in PPG collected at different measurement start-times for executing PKA. • If greater than polynomial order (v) then violation
Conclusion • Implemented PKA in Matlab • Use of PPG for cryptographic keys agreement proposed & results are promising. • Previous work on using physiological values based on: • Inter-Pulse-Interval (IPI) – was useful for authentication only • EKG – was too tedious to measure reducing usability • Future Work: • Implementation of PKA on actual sensors • Reduce Vault unlocking overhead for receiver. Screen Shot