chapter ii literature survey 2.1...
TRANSCRIPT
13
CHAPTER II
LITERATURE SURVEY
2.1 Introduction
Latest developments in VLSI, wireless communications, and
biomedical sensing devices, allow very small, lightweight, low power,
intelligent sensing devices called biosensors.
A set of these devices can be integrated into a Wireless Biomedical
Sensor Network (WBSN), a new breakthrough technology used in
telemedicine for monitoring the physiological condition of an individual.
Considering the sensitivity of information in WBSN, security and patient
data privacy is provided as it is an important issue in the design of such
systems. The deployment of security mechanism may require more
amount of resources in terms of memory capacity and battery power.
But the biomedical sensor nodes in WBAN has got resource limitations
in terms of battery lifetime, CPU processing capability, and memory
capacity. Replacement or recharging of batteries in biomedical sensor
nodes is quiet difficult or too costly. Hence an energy efficient security
protocol for WBAN is proposed in this work. In this chapter several
ongoing projects in WBSN and the security architectures used in these
projects have been discussed. And also existing security protocols for
14
authentication of patient to the hospital server is discussed in this
chapter.
2.2 Security in Wireless Sensor Networks
Mohamed Youssef et al [18] has given research vs. reality design and
deployment issues of wireless sensor networks. In this, the author has
also given the security challenges in WSN. As WSNs are deployed for
monitoring, data gathering, collaborative communication and computing,
these networks must be able to provide authentic information. But the
wireless networks and their flexibility to form ad hoc networks with
minimal or no prior infrastructure is vulnerable to unwanted
eavesdropping and other attacks such as wormholes.
John Paul Walters et al in their book [19] on “Wireless Sensor
Network” Security explain the obstacles and the requirements in the
sensor security, classify many of the current attacks, and finally list their
corresponding defensive measures. As wireless sensor networks continue
to grow, the need for effective security mechanisms also grows. Because
sensor networks may interact with sensitive data and/or operate in
hostile unattended environments, it is important that these security
concerns be addressed from the beginning of the system design.
However, due to inherent resource and computing constraints, the
security in sensor networks poses different challenges than traditional
network security. A wireless sensor network is a special network which
has many constraints compared to a traditional computer network. Due
15
to these constraints it is difficult to directly employ the existing security
approaches to Wireless Sensor Networks(WSN). Dimitriou [16] et al.
discuss the security issues in wireless biomedical sensor networks which
is a special purpose WSN used in telemedicine applications and the
network for which a biometric based security architecture is proposed in
this research work. The existing security architectures for WBSN are the
given in section 2.3.
2.3. Related work
2.3.1 Cryptographic Security Mechanisms
Several security solutions have been proposed in protecting
biomedical sensor network‟s link layer communication, which constitutes
the bottom layer of the sensor network protocol stack. More attention
has been given to robust and efficient key management schemes, which
serve as the fundamental requirement in encryption and authentication.
The different types of security protocols using cryptographic mechanisms
are the following.
2.3.1.1 TinySec
Karlof et al.[ ] designed the replacement for the unfinished SNEP[21],
of WSN is known as TinySec [15][16]. TinySec is proposed as a solution
to achieve link-layer encryption and authentication of data in biomedical
sensor networks as part of Tiny OS release. Inherently it also provides
security services like message integrity and replay protection. A major
difference between TinySec and SNEP is that there are no counters used
16
in TinySec. For encryption, it uses CBC mode with cipher text stealing,
and for authentication, CBC-MAC is used. TinySec XORs the encryption
of the message length with the first plaintext block in order to make the
CBC-MAC secure for variably sized messages. There are two packet
formats defined by TinySec. These are TinySec-Auth, for authenticated
messages, and TinySec-AE, for authenticated and encrypted messages.
For the TinySec-AE packet, a payload of up to 29 Bytes is specified, with
a packet header of 8 Bytes in length. Encryption of the payload is
necessary to provide confidentiality security service, but the MAC is
computed over the payload and also the header. The TinySec-Auth
packet can carry up to 29 Bytes of payload. The MAC is computed over
the payload and the packet header, which is 4 Bytes long. Generally, the
security of CBC-MAC is directly related to the length of the MAC. TinySec
specifies a MAC of 4 Bytes, much less than the conventional 8 or 16
Bytes of WSN security protocols.
The drawbacks in this security architecture are: By default relies on a
single key manually programmed into the sensor nodes before
deployment. This network-wide shared key provides only a baseline level
of security. It cannot protect the network against node capture attacks. If
an adversary compromises a single node or learns the secret key, he/she
can gain access on the information anywhere in the network, as well as
inject his/her own packets. This is a major disadvantage in Tinysec
security protocol for WBAN.
17
2.3.1.2 Hardware Encryption
As an alternative to TinySec, hardware encryption[16] supported by
the ChipCon 2420 ZigBee complaint RF transceiver based on AES
encryption using 128-bit keys has been designed. The CC2420 can
perform IEEE 802.15.4 MAC security operations, including counter (CTR)
mode encryption and decryption, CBC-MAC authentication and
encryption with authentication.
One limitation of this method is that AES decryption is not allowed in
the sensor nodes, so transmitted information cannot be accessed by
intermediate nodes if needed (e.g. for aggregation purposes). Any
decryption can be performed only at the base station. Another drawback
of the method is that it is highly dependent on the specific platform.
Other sensor node hardware do not offer hardware encryption support,
so a different approach has to be taken in this case.
2.3.1.3 Elliptic Curve Cryptography
Recently, elliptic curve cryptography (ECC)[16] has emerged as a
promising alternative to RSA-based algorithms, as the typical size of ECC
keys is much shorter for the same level of security. Uhsadel et al. [22]
propose an efficient implementation of ECC and Liu et al. [23] developed
TinyECC, an ECC library that provides elliptic curve arithmetic over
18
prime fields and uses inline assembly code to speed up critical
operations on the ATmega128 processor of sensor node.
Also lately, Szczechowiak et al. presented NanoECC [24], which is
relatively fast compared with other existing ECC implementations,
although it requires a heavy amount of ROM and RAM sizes. Even
though elliptic curve cryptography is feasible on sensor nodes, its energy
requirements are still orders of magnitude higher compared to that of
symmetric cryptosystems. Due to the strength ECC can be used for
operations, like key establishment during the initial configuration of the
wireless biomedical sensor network [25][26].
2.3.2. Biometric Based Security Mechanisms
Recently the key establishment method to secure communications in
biomedical sensor networks has emerged to be biometrics[27]. It
advocates the use of the body itself as a means of managing
cryptographic keys for symmetric cryptography. For sensors attached on
the same body, if they measure a previously agreed physiological value
simultaneously and use this value to generate a pseudo-random number,
this number will be the same if they are generated simultaneously. Then
it can be used to encrypt and decrypt the symmetric key or data.
The physiological value to be used should be chosen carefully, as it
exhibits proper time variance and randomness. For example, blood
glucose, blood pressure or heart rate are not appropriate. On the other
hand, ECG (electrocardiogram) has been shown to be appropriate and is
19
used for resource efficient key management system in WBSN[28] The
electrocardiogram (ECG) is a technique of recording bioelectric currents
generated by the heart. Clinicians can evaluate the conditions of a
patient's heart from the ECG and perform further diagnosis. ECG records
are obtained by sampling the bioelectric currents sensed by several
electrodes, known as leads. Shu dio et al[4] has proposed the usage of
PPG for entity authentication of sensor nodes.
.
2.4 Ongoing Projects In WBSN
The architecture and design of biomedical sensor networks depend
greatly on the specific application and deployment environment. In this
section some of the latest projects done in such networks. Code Blue [29]
is a sensor network based medical research project being developed at
Harvard. It is mainly developed for usage in pre-hospital and in-hospital
emergency care, disaster response and stroke patient rehabilitation. The
sensor nodes collects heart rate (HR), oxygen saturation (SpO2), and ECG
data from the patient. These data are then relayed over a short-range
wireless network to any number of base stations like PDAs, laptops, or
ambulance-based terminals. The hardware platform used for this project
is Mica2 and the security scheme used are ECC and Tinysec.
ALARM-NET [30] is a wireless sensor network that consists of
biomedical and environmental sensors to form a heterogeneous
architecture. This project is mainly developed for pervasive, adaptive
health care applications. For data aggregation a query protocol is used.
20
This protocol allows real-time collection and processing of sensor data for
authorized care providers. And this data can be given to analysis
programs for real time analysis. The hardware platform used for this
project is Tmote Sky and the security scheme used is Hardware
encryption.
SNAP [31] is an architecture for wireless biomedical sensor networks
that focuses mainly on security. This approach does not address routing,
mobility or congestion problems in the network. In this architecture, one
or more biomedical sensors are attached to each patient. The transmitted
data are forwarded by a number of wireless relay nodes throughout the
hospital area. These nodes are categorized into unlimited-powered and
limited powered nodes. The hardware platform used for this project is
Tmote Sky and the security scheme used is TinyECC.
Another WBSN project is a Nordic project BWSN[32] that was
developed, implemented and tested at the Norwegian National Hospital.
The hardware platform used is Tmote Sky with integrated sensors, like
invasive arterial blood pressure, ECG, epicardial accelerometer and a
digital intra pleural drainage system. This system does not address
security.
Finally, the WBAN group [33] is developing wearable health
monitoring systems using off-the-shelf ZigBee wireless sensor platforms,
custom signal conditioning boards, with the TinyOS software
environment. Sensor nodes are strategically placed on the users body
21
and sample, process, and store information about users physiological
signals. The hardware platform used for this project is Tmote Sky and
the security scheme used is Hardware encryption. During session
initialization the personal server shares the encryption key with all of the
sensors.
TABLE 2.1
Security schemes used in different WBAN architectures
Name of the
System
Architecture
Hardware
platform
Security
scheme
Overhea
d
MAC
Used
Key
Agreement
CodeBlue Mica2 ECC &
Tinysec
8 Bytes Yes Predeployed
variable
ALARM-NET Tmote
Sky
Hardware
Encrytpio
n
Variable Yes Predeployed
Variable
SNAP Tmote
Sky
TinyECC Variable Yes Predeployed
Variable
BWSN Tmote
Sky
None 0 Bytes No ----
WBAN Tmote
Sky
Hardware
Encrytpio
n
4,8,16
Bytes
Yes Predeployed
Variable
22
The other security related issues like key generation and distribution
are focused on two major things. First one is for providing higher end
hardware support which can allow strong cryptographical algorithms to
run efficiently on these tiny devices. Next is to develop good random key
distribution protocols which can maximize the associated link
probabilities.
2.5 Security issues in WBSN
When designing a new security architecture for WBSN, the threats to
WBSN security, its security requirements and constraints in the network
for providing security mechanisms must be taken into account. All these
issues are discussed below.
2.5.1 Security attacks
The security threats[16] in the WBSN can be put under two major
categories (i) insider attack and (ii)outsider attack.
2.5.1.1 Insider attack
In this kind of attack[16] an attacker will try to capture the node
physically and read its memory contents get the key material and forge
node messages. After getting the keys the attacker can easily launch the
following kinds of attacks
Unauthorized access to the physiological data.
False data injection
Selective reporting
Modification of data leading to wrong diagnosis.
23
2.5.1.2 Outsider Attack
Outsider attack [16] is also called as intruder node attack where
the attacker node is an unauthorized participant of the sensor network.
In this kind of attack the adversary is able to launch only the following
type of passive attacks.
Eavesdropping
Denial of service attacks
Replay attacks
2.5.2 Security requirements
A sensor network is a special purpose network. The security
requirements are similar to common network. In biomedical sensor
networks there may be multiple base stations like mobile phone, PDA or
PC that communicates with the IP network. Hence base station act as a
gateway. Base stations are said to be trustworthy because they are
physically protected or they must be of tamper resistant hardware. The
following are the security requirements in wireless biomedical sensor
network.
2.5.2.1 Data Confidentiality
Data confidentiality[15] is the most important security requirement in
WBSN. In sensor networks, the confidentiality relates to the following.
24
Sensor readings in a sensor network should not be leaked to
its neighbor sensors. Especially in a medical application, the
data stored in the sensor node may be highly sensitive,
hence confidentiality security service is vital in WBAN.
In many security protocols highly sensitive data like key is
transmitted, therefore it is extremely important to build a
secure channel in a wireless sensor network.
Public sensor information, such as sensor identities and
public keys, should also be encrypted to some extent to
protect against traffic analysis attacks.
The common approach to provide confidentiality security service is to
encrypt the data with a session key that only intended receiver possess,
thereby achieving confidentiality.
2.5.2.2 Data Integrity
By providing confidentiality the data in a sensor network can be
protected against traffic analysis kind of attacks. But it does not ensure
that the data transmitted is received by the receiver as such. For
example, an attacker may be a malicious node that may insert some data
fragments. This modified packet will be sent to the receiver. Data
integrity[15] may also be lost due to the damage of packets. Thus, data
integrity ensures that any received data has not been altered in transit.
This requirement ensures that no data packet has undergone data
modification attack.
25
2.5.2.3 Data Freshness
Even if confidentiality and data integrity are achieved, the
freshness[15] of each message in WBSN need to be ensured. Data
freshness tells us that the physiological data is recent so that proper
analysis is done, and it ensures that no old messages have been
replayed. This security requirement is important when WSN makes use
of shared-key strategies . Typically shared keys are changed periodically
over time. However, new shared keys that need to be propagated will take
some time interval. During this time it will be easy for an attacker to
perform replay attack. To overcome this problem a nonce which may be a
time related counter, can be included into the packet to ensure data
freshness.
2.5.2.4 Availability
The implementation of traditional cryptographic algorithms in WBSN
have high operational costs. But the approaches weaken the availability
of a sensor and sensor network for the following reasons:
Additional computation consumes additional energy. If no more
energy exists, the data will no longer be available.
Additional communication also consumes more energy. Conflict
may also occur if there is more additional communication.
26
A single point failure will be introduced if the central point
management is used. This greatly threatens the availability of the
network. The requirement of security not only affects the operation
of the network, but is also highly important in maintaining the
availability of the whole network.
Availability ensures that the DoS attack is overcome.
2.5.2.5 Authentication
An adversary is not just limited to modifying the data packet.
He/she can change the whole packet stream by injecting additional
unwanted packets. So the receiver needs to ensure that the data used in
any decision-making process originates from the intended source. The
message authentication is important for many applications in sensor
networks. Informally, data authentication allows a receiver to verify that
the data really is sent by the claimed sender. In the case of two-party
communication, data authentication can be achieved through a purely
symmetric mechanism: the sender and the receiver share a secret key to
compute the Message Authentication Code(MAC)[15] of all communicated
data.
2.5.2.6 Self-Organization
A wireless sensor network is typically an ad hoc network, which
requires every sensor node be independent and flexible enough to be self-
organizing and self-healing according to different situations. There is no
fixed infrastructure available for the purpose of network management in
27
a sensor network. This inherent feature brings a great challenge to
wireless sensor network security. The dynamics of the whole network
inhibits the idea of pre-installation of a shared key between the base
station and all sensors. Several random key pre distribution schemes
have been proposed[18][19] in the context of symmetric encryption
techniques. In the context of applying public-key cryptography
techniques in sensor networks, an efficient mechanism for public-key
distribution is necessary.
2.5.2.7 Other Security Requirements for WBSN
When designing security mechanisms that address the above
security requirements, the specific factors that are related to WBSN,
which are not required for other kinds of wireless sensor networks need
to be considered. Hence WBSN has some additional requirements that
are given below.
Multiple users in different roles i.e) the user may be a
patient/doctor/nurse/other clinicians must be supported where
each user has different privacy interests and decision making
power.
Mobility of the patient must be supported, therefore security
mechanisms should adapt quickly to dynamic topologies.
The proposed security protocol must add a low communication
overhead to the existing, since throughput is very important for such
networks. Medical data are of higher data rates, e.g. ECG data are
28
normally sampled at 250 Hz and blood pressure at 100 Hz[20].
Since the physiological data are continuously monitored, the traffic
in WBSN is also more.
Hence these security requirements must be addressed with a tradeoff
between the security of physiological data and the computational
complexity. Usage of public key (Asymmetric) cryptography is
computationally expensive and cannot be used much in the WBSN for
providing security. If applied, their computational complexity need to be
reduced. Instead of public key cryptographic algorithms, symmetric
encryption/decryption algorithms and hash functions can be used in
WBSN for providing security. However, symmetric key cryptography can
complicate the design of security architectures because they are not as
versatile as public key cryptography.
2.5.3 Security Constraints in WBSN
A typical Mica sensor node[18] processor is of 4-8 MHz, having 4KB of
RAM, 128KB flash and ideally 916 MHz of radio frequency.
Heterogeneous nature of sensor nodes is an additional limitation which
prevents one common security solution to all the nodes. In the case of
deployment nature, sensor nodes would be deployed in environments
where they would be highly prone to physical attacks. Beside node
limitations, sensor networks bring all the limitations of a mobile ad hoc
network where they lack physical infrastructure, and they rely on
insecure wireless media.
29
2.5.3.1 Very Limited Resources
All kinds of security mechanisms require a certain amount of
computer resources for their implementation. The resources include
data and program memory, and battery power of the sensor. However,
currently these resources are very limited in a tiny wireless sensor.
2.5.3.1.1 Limited Memory and Storage Space
A sensor is a tiny device with only a small amount of memory and
storage space for the code. A Berkeley Mica2 sensor Mote[15] has a tiny
Atmega Microprocessor and 128 KB of programmable flash memory.
Hence, implementation of computationally intensive cryptographic
algorithms over sensor node with limited resources is infeasible. Hence
computationally intensive public key cryptographic algorithms cannot be
used for serving security in WBSNs. In order to build an effective security
mechanism, it is necessary to have a cryptographic algorithm with less
code space providing greater security.
2.5.3.1.2 Power Limitation Energy
This is the major constraint in the wireless sensor network. Since the
sensor nodes are deployed remotely, they cannot be easily replaced or
recharged because of the high operating cost. Therefore, the battery
charge taken with them to the field must be conserved to extend the life
of the individual sensor node and the entire sensor network. When
implementing a cryptographic function or protocol within a sensor node,
the energy impact of the added security code must also be considered.
30
When providing security to a sensor node, the mechanism should take
care of the battery life of the sensor. The extra power in a secured sensor
node is consumed by security functions like encryption, decryption,
digital signature generation and its verification. The additional energy
required in a secured WSN is the energy required to transmit the
security related data e.g., initialization vectors needed for
encryption/decryption, and the energy required to store security
parameters in a secure manner (e.g., cryptographic key storage).
2.5.3.2 Unreliable Communication
Since the mode of transmission in WSN is wireless, the
communication in WSN is said to be unreliable. Unreliable
communication is another threat to wireless sensor network security.
The security of the network is finally incorporated on a defined protocol,
which in turn depends on communication.
2.5.3.2.1 Unreliable Transfer
WSN does packet based connectionless routing which is unreliable.
The packets may be lost at congested nodes or get damaged because of
channel errors. The protocol in the network should have error detection
and correction mechanisms that may include a cryptographic key.
2.5.3.2.2 Conflicts
Due to the broadcast nature of the wireless sensor network the
channel may be still unreliable. Conflicts will occur if the transmitted
31
packets meet in the middle. This may be a common problem in a WSN
consisting of densely deployed sensor nodes.
2.5.3.2.3 Latency
Latency is also one of the major problems in the WSN due to
processing in the node level, congestion and multihop routing. Hence
synchronization becomes very difficult in the case of WSN.
Synchronization in WSN is very important as it is needed for secure key
management in providing the security service.
2.5.3.3 Unattended Operation
Most of the time sensor nodes are deployed in remote fields. The
sensor nodes are unattended for a long period of time which may lead to
a physical attack.
2.5.3.3.1 Exposure to Physical Attacks
The sensor may be deployed in an environment open to
adversaries, bad weather, and so on. The likelihood that a sensor suffers
a physical attack in such an environment is therefore much higher than
the typical PCs, which is located in a secure place and mainly faces
attacks from a network.
2.5.3.3.2 Managed Remotely
Since the sensor nodes are deployed in remote fields they are
managed remotely. This makes it very difficult to detect physical attacks
32
like physical tampering which is done through tamperproof seals and if
the battery goes down it cannot be replaced with greater ease.
2.5.3.3.3 No Central Management Point
A sensor network is a kind of distributed network without a central
management point. This will increase the vitality of the sensor network.
However, if designed correctly, it will make the organization of the
network robust and efficient.
2.6 Security Issues In Authentication Of The Patient To The
Hospital Server.
In a distributed computing environment, the services are dynamically
made available from the servers to the clients. In the distributed
environment every service to be provided by the server is not exposed to
the client. Instead a service agent is used to keep track of clients and to
direct the clients to get the service from the respective server. For doing
this client initially contacts the service agent by using a purchase
protocol[34]. This protocol performs the required mutual authentication
before granting the ticket to access the corresponding server to get the
service. After this step the client uses the ticket to redeem services from
the actual server using a redemption protocol[34]. Authentication
performed by the purchase protocol is the same as the peer to peer
authentication protocol. But in the redemption protocol authentication is
33
based upon possession of a ticket and knowledge of some information
recorded in the ticket. Such a ticket contains the names of the client and
the server, a key and a timestamp to indicate lifetime (similar to a login
certificate). A ticket can be used only between the specified client and
server. An example of this approach is the Kerberos [34] authentication
which makes use of password.
2.6.1 Password Based Authentication
Password based authentication is a simple and easy way of doing
authentication, but the use of password has an intrinsic weakness[7].
i.e) The human-user-chosen passwords are inherently weak owing to the
fact that most users choose short and easy to remember passwords. In
particular passwords are normally drawn from a relatively small
dictionary, so it is prone to dictionary attack. There are two types of
dictionary attacks known as online and offline[8]. In an online dictionary
attack the attackers try to login into the server by trying all possible
passwords from the dictionary until they find a correct one. In an offline
dictionary attack the attacker record a past successful login session
between a user and a server and then check all the passwords in the
dictionary against the login transcript. Offline dictionary attacks are very
difficult to deal with. As a result, tremendous effort has been dedicated to
countering offline dictionary attacks in password systems.
It has been proved that the public key techniques are absolutely
necessary to make password systems secure against offline dictionary
34
attacks, whereas the involvement of public key cryptosystems under a
PKI is not essential. This observation differentiates two separate
approaches to the development of secure password systems, one is
combined use of a password and public key cryptosystem under a PKI,
and the other is password only approach. The former takes into account
the asymmetry of capabilities between users and servers, so a user only
uses a password while the server has a public/private key pair at its
disposal. Most of the existing password systems were designed over a
single authentication server. These systems are essentially intended to
defeat offline dictionary attacks by outside attackers and assume that
the server is completely trusted in protecting the user password
database. Once this single authentication server is compromised, all the
user passwords fall into the hands of the attackers, who are definitively
effective in offline dictionary attacks against the user passwords. To
eliminate this single point of vulnerability inherent in the single server
systems, password systems based on multiple servers were proposed. In
this system the password is distributed among the multiple servers and
the attacker needs to compromise the multiple servers to be successful
in offline dictionary attacks. Brainard et al.[9] proposed a two-server
password system in which one server exposes itself to users and the
other is hidden from the public. While this two server setting is
interesting, it is not a password only system. Both servers need to have
35
public keys to protect the communication channels from users to servers
which makes it difficult to fully enjoy the benefits of a password system.
2.6.1.1 Password Based Single Server Authentication
In the single server model, as shown in figure 2.1, only one server is
involved and it keeps a database of users passwords. Most of the existing
systems make use of single server model, but the single server results in
single point of vulnerability in terms of offline dictionary attacks.
Pointcheval et al [35] has proposed a security for the systems that make
use of password authentication by a single server to overcome offline
dictionary attacks.
Fig 2.1 Single Server Password Authentication
In this a mobile user, who wish to access a network from a client
terminal, is authenticated by an authentication server using a password.
After authentication the user is provided with a secure environment for
accessing the network. However, the conventional authentication server
User 1
User n
Server
Passwd DBS
36
designs are vulnerable to password guessing attack at the server side.
Hence Ford et al.[36] proposed a new authentication server model and a
security protocol that withstands the password guessing attack. The
protocol deals with securely generating a strong secret from a password
which is considered to be a weak secret. The same authors have
proposed a new protocol called as password hardening protocol. Using
this protocol a server can interact with the user and the user‟s password
is hardened into a strong secret. Here the user‟s password or hardened
result are not exposed to the outsiders. Additional strong secrets can be
generated from the hardened passwords and these additional strong
secrets cannot be determined by a single server. The advantage of this
password hardening protocol is that a possible attacker cannot feasibly
compute the strong secret. Even if he or she has access to all information
and has control over some of the servers, but will unable to have a
control over all the servers. The drawback of this protocol is that if the
attacker comes to know the algorithm for generation of hardened
password, he or she could very well mount an offline dictionary attacks
on the server.
Pointcheval et. al [35] has proposed an Authenticated Key Exchange
System secure against dictionary attacks. Normally passwords are drawn
from a small space and the attacker could offline try to enumerate all
possible passwords. AKE is designed in such a way that it works even in
the above environment. The type of authentication used in AKE is
37
implicit authentication. The correctness of AKE is proved with the
Encrypted Key-Exchange (EKE) protocol of Bellovin and Merritt[8].
2.6.1.2 Password Based Two server and Multi Server Authentication
Fig 2.2 Two Server Password Authentication Model
In the two-server model, proposed by Yang et al.[10] consists of two
servers at the server side, one of which is a public server exposing itself
to users and the other is a back-end server as shown in figure 2.2. The
users contact only the front end server. In this model the user ends up
establishing a session key only with the public server, and the role of the
back-end server as shown in figure 2.2 is merely to assist the public
server in user authentication, wherein multi server model the user
establishes a session key with each of the servers. In the multi server
model the servers are equally exposed to outside attackers thereby the
attackers can do offline dictionary attack, while in the two-server
model[10], only the public sever is exposed to outsiders. In the two-server
User 1
User n
Service
Server SS Control
Server CS
SS
DBS
CS
DBS
38
model proposed by Yang[10], completely removes the usage of PKI to
authenticate the user. In this system the password is transformed into
two long secrets, and are stored into the front-end server known as
service server and in the back-end server known as control server. In this
system in order to uncover the passwords by offline dictionary attack
the adversary has to compromise both the control server and the service
server which is almost impossible.
In plain multi server model, the server side comprises of multiple
servers as shown in figure 2.3. Hence the single point of vulnerability is
removed by having multiple servers. In this model all the servers are
equally exposed to users and the user has to communicate in parallel
with several or all servers take part in authentication. The disadvantage
of this approach is the demand on communication bandwidth.
Fig 2.3 Multi Server Password Authentication
The gateway augmented multi server model [36] [37] is a variation on
multi server model where a gateway is kept as a relaying point between
User 1
User n
Server 1
Password
dBS Server i
Server m
39
servers and the user only needs to contact the gateway. The
disadvantage of this model is the augmented gateway which is a
overhead that just relays the messages between users and servers. This
augmented gateway does not provide any service or does not do
authentication. In the case of security architecture if there are more
components involved in the security architecture, that will be more
vulnerable points of security attacks.
2.6.2 Biometric Based Authentication
2.6.2.1 Using Single Modal Biometrics
Many of the drawbacks of the password based authentication can be
overcome by incorporation of better methods of user authentication. The
interest in biometrics [11][38] for providing authentication and
information assurance has never been greater than as it is today.
Increasingly public and private sectors are choosing biometrics to secure
their physical facilities, electronic data and computer networks.
Biometric technology is being used in a wide variety of applications
including access control, forensic investigation, identity verification,
information protection and security monitoring. Biometric solutions
identify or verify an individual‟s identity by measuring either
physiological or behavioral characteristics. In traditional cryptosystems
for providing security, user authentication is based on possession of
secret keys, which fails if the keys are not kept as secret. Further keys
40
can be stolen or forgotten or lost and thus cannot provide non-
repudiation.
Current biometric authentication systems based on physiological and
behavioral characteristics of persons (known as biometrics) such as
fingerprints, provide solutions to many of the above problems and
replace the authentication component of the traditional cryptosystems.
In providing authentication in the traditional cryptosystems the
decrypting key is sufficient to establish user authenticity. Since
cryptographic keys used in the current symmetric cryptographic
algorithms like AES[39] are long and random i.e)128 bits, hence they are
difficult to memorize. Biometrics are extremely difficult to copy, share
and distribute and require the person being authenticated to be present
at the time and point of authentication. It is very difficult to forge
biometrics and it is unlikely for an user to repudiate having accessed the
digital content using biometrics. Thus biometric based authentication is
a potential candidate to replace password based authentication either by
providing complete authentication mechanism by using pattern matching
technique or by generating traditional cryptographic keys from the
biometric.
TABLE 2.2
Comparison Of Various Biometrics [14]
Biometric Identifier Un Di Pm Co Pf Ac Ci
41
Face H L M H L H H
Finger print M H H M H M M
Hand Geometry M M M H M M M
Iris H H H M H L L
Key stroke L L L M L M M
Signature L L L M L H H
Un- Universality Pf – Performance Di– Distinct
Ci– Circumvention Pm– Permanence L – Low
Co – Collectability M – Medium H- High
There are many kinds of biometrics that are used in various types of
applications. Each biometric has its own strengths and weaknesses, and
the selection of biometric is done based on the requirement of specific
application. The comparison between various biometric features[14] is
shown in table 2.2. The basic idea behind biometric based security is
that the biometric component performs user authentication. Biometric
based authentication are of two types. In the first type of biometric based
authentication, the biometric matching is done. If a legitimate user wants
to access the digital content the user offers his biometric sample to the
system. The biometric matcher tries to match this sample with the
registered biometric template. If the sample successfully matches the
42
biometric template of user then a cryptographic key is released as shown
in the figure 2.4. This key can be used in an digital signature algorithm
to provide authentication security service. In the second type, the feature
that is extracted from the biometric can be used for generating keys[22]
which could be used in a digital signature generation algorithm for
providing authentication security service. This is shown in figure 2.5. For
example the minutia that can be extracted from the fingerprint biometric
[40] are put in the form of a template and can be used as a private key
to generate the digital signature[41] [42] using Diffie-Hellman [41]
algorithm.
Fig 2.4 Biometric Based Key Release
Biometric
Sensor
Featur
e Extrac
tor
Matcher Decision
Rejected if
no match
Key
release if matches
Biometric
sensor
Feature
Extracto
r
Key
generation
Digital
signature
algorithm
Digital
signatur
e
43
Figure 2.5 Biometric Based Digital Signature
2.6.2.2 Using Multimodal Biometrics
Since the biometrics are available in the form of signals, variations
can occur due to background noise, signal distortion, feature changes,
and environment variations. For example facial biometric can vary with
changes in facial expressions and ambient light, and fingerprint
biometrics can vary with pressure and moisture. Hence the recognition
based on a single biometric is not sufficient to provide authentication.
Hence more than one biometric can be fused to form multimodal
biometrics[38] to provide proper authentication. In multimodal
biometrics the samples are taken from multiple biometric traits using
multiple sensor technologies and are combined using fusion technology
to obtain a more reliable and accurate result. This is shown in figure 2.8.
Biometric systems are designed to make binary decisions accepting the
authorized personnel and rejecting the impostors. Two types of errors
accompany biometric systems[38] false acceptance (FA) errors, letting the
impostor in, and false rejection (FR) errors, keeping the authorized
personnel out.
Biometric
Sensor1
Feature
Extractor1 Matcher1 Decision1
Sensor
Fusion
Feature
fusion
Matcher
fusion
Decision
Fusion
44
Fig 2.6 Multimodal Biometric Fusion
The disadvantages of password based systems can be overcome by
means of biometric based security.
2.6.2.3 Biometric Based Authentication and Key Exchange
Biometrics are automated methods of identity verification or
identification based on the principle of measurable physiological or
behavioral characteristics such as a fingerprint, an iris pattern or a voice
sample. Biometric characteristics are unique and not duplicable or
transferable. Because of robust and efficient authentication biometric
information for mutual authentication and key generation is proposed.
The biometric based key generation is unforgeable to a certain extent as
biometric identities like finger print are unique to each and every
individual. This system is a biometric-only system in the sense that it
requires no users key cryptosystem and, thus, no Public Key
Infrastructure(PKI). This makes the proposed system very attractive
considering PKIs are proven notoriously expensive to deploy in real
45
world. Moreover, the proposed system is particularly suitable for online
web applications due to its efficiency in terms of both computation and
communication.
2.7 Conclusion
The security issues in wireless biomedical sensor networks and
different types of authentication and key exchange systems have been
discussed in detail in this chapter.
CHAPTER III
Energy efficient ECG based BAKE protocol for Wireless Body Area
Networks
3.1 Introduction
To make wireless biomedical sensor network infrastructure ubiquitous
and affordable, a number of challenging issues in the security of
biomedical sensors, and privacy of physiological data in the network
should be resolved. In the resource constrained WBSN the base station
collect the physiological data from the mobile patients through
biomedical sensors and then transmit it to the healthcare provider for
health monitoring [4]. This data is subjected to security attacks both at
the sensor side and also in the transit when the data is transmitted from
the sensor node to the base station. To overcome the attacks this work