Literature Database Entry

ali2011security


Taha Ali, "Security Mechanisms for Body Sensor Networks," PhD Thesis, School of Electrical Engineering and Telecommunications, University of New South Wales, November 2011. (Advisor: Vijay Sivaraman; Referee: Falko Dressler)

Abstract

Body sensor networks are a key component in the emerging trend towards personalised healthcare monitoring and the mobile health paradigm. These networks consist of miniaturized devices, mounted on the human body that continuously monitor and communicate the subject's vital signs to a basestation device for real time viewing, sharing, and remote diagnosis by health professionals. Security is a stringent requirement as these devices communicate personal medical data, and mishandling can result in serious ethical implications and massive liabilities. Traditional security mechanisms, however, are not suited to the resource constraints of these small devices, or the fundamental limitations of their operating environment. Adapting and devising new solutions to satisfactorily encrypt and authenticate the communication of these devices is an open research area. In this thesis, we present three mechanisms to address specific and realistic security concerns of body sensor networks: First, we propose a secret-key generation mechanism that uses reciprocal and unique properties of the wireless channel between two communicating devices to generate secret-key bits to encrypt communications. Existing schemes of this type frequently yield mismatching key bits, thereby requiring reconciliation schemes with high implementation and energy costs. In our work, we identify and address the root cause of bit mismatch, and restrict bit generation to dynamic periods when bit agreement is high. As a result, we eliminate the need for reconciliation itself. Our mechanism is extremely lightweight and generates perfectly matching secret key bits at a rate suited to the typical needs of bodyworn devices. Second, we suggest an enhancement to secure broadcast communication for bodyworn devices. The literature proposes the use of time-varying secret keys to encrypt group communications. However, packet loss is very common for bodyworn devices, and key updates may not be received by all parties, rendering them unable to participate in subsequent broadcasts. We devise a mechanism to allow receivers to recover from key loss in a secure, efficient, and scalable manner. Our analysis allows for operator-specified control of recovery probability to configure the scheme for different environments, and we deduce fundamental asymptotic bounds on recovery. Finally, we address the issue of data authentication. We note that proposed healthcare networks consist of disparate devices (such as sensors, mobile phones, databases), have multiple points of access, and therefore, the integrity of the data that is collected by the sensor device is of critical importance. Traditional security mechanisms do not suffice: secret key solutions are vulnerable to insider attacks, and digital signatures are not robust to packet loss and are too resource intensive for frequent application. We develop an authentication solution by amortizing the cost of a digital signature over a very large data set and apply coding for robustness to loss. Furthermore, we provide a framework for optimizing performance for different environments and overhead constraints. We show that our scheme can satisfactorily authenticate the source and integrity of almost all the received data with minimal overhead. In each of these instances, we validate our solutions and results via experimentation with real bodyworn devices in typical everyday operating environments. It is hoped that this work is a positive step towards widespread adoption and integration of bodyworn sensing devices in healthcare.

Quick access

BibTeX BibTeX

Contact

Taha Ali

BibTeX reference

@phdthesis{ali2011security,
    author = {Ali, Taha},
    referee = {Dressler, Falko},
    advisor = {Sivaraman, Vijay},
    title = {{Security Mechanisms for Body Sensor Networks}},
    institution = {School of Electrical Engineering and Telecommunications},
    year = {2011},
    month = {November},
    location = {Sydney, Australia},
    school = {University of New South Wales},
    type = {PhD Thesis},
   }
   
   

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.