Title: Mission Critical Networks Workshop (MCN
1EKG-Based Key Agreement in Body Sensor Networks
- Krishna Venkatasubramanian, Ayan Banerjee, and
Sandeep Gupta - IMPACT Lab
- Department of Computer Science and Engineering
- School of Computing and Informatics
- Ira A. Fulton School of Engineering
- Arizona State University
- Tempe, Arizona
2Outline
- Body Sensor Networks
- Need for Security in BSN
- EKG-based Key Agreement
- Performance Analysis
- Security Analysis
- Conclusions
3Body Sensor Networks
- Definition
- A network of health environmental monitoring
sensors deployed on a person managing their
health. - Principal Features
- Continuous real time monitoring
- Remove time space restrictions on care
- Improved deployability
- Ideal for life-saving scenarios
- Enables caregivers to make informed decisions
about treatment in time-constrained scenarios - Disasters
- Battlefield
- Individual emergencies
Sensors
BSN
Wireless links
Sink
Usage Scenario
Critical Infrastructure
4Security in BSN
- Need
- Collect sensitive medical data
- Legal Requirement (HIPAA)
- Potential for exploitation
Primary issue Secure Inter- Sensor
Communication in BSN
- Security Requirements
- Integrity
- Confidentiality
- Authentication
- Minimal setup time
- Possible Attacks
- Fake warnings resource wastage
- Prevent legitimate warnings.
- Unnecessary Actuations.
- Example Recent ICD hacking
Our Approach Physiological Value based Security
5Physiological Values for Security
- Aim
- Use of the physiological values (PV) from the
body as a means of generating (symmetric
)cryptographic keys
Why?
- Dynamic nature of human body
- Signals represent physiology of the subject at
that time and therefore unique
Properties
- Universal Should be measurable in everyone
- Distinctively collectable Should be different
for different persons at any given time - Low Latency Should be able to generate keys with
minimal duration of measurement - Time variant If broken, the next set of values
should not be guessable.
- Advantages
- Plug-n-Play capability with BSN
- Efficient as no additional keying material or
initialization steps required - Automatic re-keying as a persons physiology
changes over time
6Related Work
- Traditional Sensor Network Security
- Key Distribution Secure Communication.
- Key Distribution requires pre-deployment
- Network-wide keys, Pair-wise keys
- Pre-deployed Master Key
- Domain parameters for ECC based Diffie-Helman.
- Issues
- Requires setup time- problematic in emergency
deployment - Re-keying and network wide adjustments node
addition, moving difficult - May require large key storage space for dense
network.
- Using Physiological Values for Security
- Proposed in CV03 as a means an alternative to
key distribution. - PZ06 proposed use of Inter-pulse-interval
(IPI) data derived from EKG and PPG data as
possible PV. - Collect IPI data from time difference between EKG
and PPG peaks - Encode (67 values) into keys
- Issues
- For a subject, keys obtained were similar but not
the same. Ideal as Authentication signatures. - High Latency - 1 value every 500msec, 67 values
will take 0.5 minutes to collect
Choice Electrocardiogram Features Low latency,
Frequency domain features Goal To show the
viability of using EKG for generating (symmetric)
cryptographic keys for securing inter-sensor
communication in a BSN.
CV03 S. Cherukuri, K. Venkatasubramanian, and
S. K. S. Gupta. BioSec a biometric based
approach for securing communication in wireless
networks of biosensors implanted in the human
body. pages 432439, October 2003. In Proc. of
Wireless Security and Privacy Workshop
2003. PZ06 C. C. Y. Poon, Yuan-Ting Zhang, and
Shu-Di Bao. A novel biometrics method to secure
wireless body area sensor networks for
telemedicine and m-health. IEEE Communications
Magazine, 44(4)7381, 2006.
7System Model
- BSN
- Sensors worn or implanted on subject
- Use wireless medium to communicate
- All sensors can measure EKG
- Threats
- Active adversaries replay, spoof, introduce
messages - Passive adversaries eavesdrop only
- Tamper physical compromise UNLIKELY
- Trust
- Wireless medium not trusted
- Physical layer attacks such as jamming not
addressed
8Overview of Solution
- Feature Generation
- Extraction
- Obtaining frequency domain features from EKG
- Quantization
- For efficient representation of features for
generating common keys - Key Agreement
- Feature Exchange
- Exchange the features generated at each sensor to
identify the common ones - Generate Keys
- Choose common features and form key
- Verification
- Verification of the key
9Feature Generation Extraction
10Feature Generation Quantization
Feature Vector (320 coefficient values)
Block 1 Values 1-16
Block 2 Values 17-32
Block 20 Values 304-320
64 bits
Quantizer/ Encoding
Quantizer/ Encoding
Quantizer/ Encoding
EKG Feature Blocks
64 bits
64 bits
20 blocks
- Process
- Divide the Feature Vector into 20 blocks each
containing 16 values - Each of the block is then quantized (exponential
quantization, 12 levels) - The quantized values are encoded into 4
bits/coefficient. - The 20, 64 bit blocks represent the features
11Key Agreement Feature Exchange
Sensor 1
Sensor 2
Key Verification
12Key Agreement Key Generation
Send Hashes
Feature Blocks (Q)
- At each Sensor Node
- V is hash of received feature blocks
- U is hash of local feature blocks with received
salt - Compute matrix W where W(i,j) is the hamming
distance between block i of U and block j of V.
Here 1 ? (i,j) ? 20 - For each W(i,j) 0, concatenate Q(i) to form
KeyMat. - KeyMat it passed through a one way hash function
to produce the final key.
hash
V
Receive Hashes
Hash w/ Received nonce
U
Extract concatenate
indices
KeyMat
W
Hash
Key
13Key Agreement Verification
Sensor 1
Sensor 2
Feature Exchange
Key Generation
Key Verification
14Performance Analysis
- Purpose
- Test keys generated by EKA
- Data Properties
- Source MIT PhysioBank database, 1 hour 2 lead
EKG data from 31 patients Sampling Rate 125Hz,
each sample is time stamped. - Experiments
- For each subject, EKA executed at 100 random
start-times - Mutual Hamming distance computed between the keys
generated to evaluate distinctiveness - Computed Runs-test and Average Entropy for each
key generated to evaluate randomness. - For each subject, EKA executed at 100 consecutive
5 second intervals - Computed Hamming distance between keys generated
to evaluate temporal variance.
15Results
- At each time-stamp, 2 keys (say KeyA and KeyB)
generated at every subject. - Distinctiveness
- Each square is the distance between Key A and Key
B - Anti-diagonal indicates KeyA and KeyB of same
person are identical. - Average difference between keys of 2 different
subjects at a given start-time 49.9 - Randomness
- Average Entropy
- Computed based on keys generated for each of the
31 patients at 100 start-times. - Results indicate 1s and 0s are uniformly
distributed. - Runs test
- Tests runs of 0s and 1s in the key.
- 2 tailed, confidence interval 5
- Failed in less than 2 of the cases (31 patients,
100 start-times 3100 cases) - Temporal Variance
- Average difference between keys of same subject
at a two consecutive start-times is 49.0
16Security Analysis
Attacks EKA
Blocks exchanged only 64 bits long. Susceptible to brute-force. Perform key strengthening by repeatedly hashing the blocks 2n times before transmitting them. On going work to increase feature block length. Possible avenue is to use higher sampling frequencies and longer FFTs.
Key compromise from messages exchanged Key compromise is not possible as KeyA / KeyB and KeyR / KeyR are random.
Message tampering and replay Tampering the blocks will result in no key being formed between sensors and key agreement process will be repeated. Message replay does not give any advantage to the adversary as the keys are never revealed and value of KeyR/KeyR and KeyA/KeyB change with every run of the protocol. If EKA used for authentication only, replay might succeed if the keys do not change between two measurements, but the presence of MAC in Step1 ensures that such replay are caught.
KeyA and KeyB compromised by some means Loss will be temporary as keys changed with every new EKG measurement.
17Conclusions
- BSN provides life-saving services.
- Security essential in BSN to preserve patient
privacy. - Use of EKG for generating cryptographic keys
proposed and early results are promising. - Potential Applications
- Pervasive health monitoring
- Fitness and performance monitoring
- Future Work
- Increasing the length of blocks exchanged
- Implementation of EKA on real sensing devices
- Experiment with more diverse EKG data people
with ailments, EKG measured different activities
sleeping, eating etc. - Identify new PVs - not all sensors in a BSN can
measure EKG