Guanglou Zheng

Multiple ECG Fiducial Points-Based Random Binary Sequence Generation for Securing Wireless Body Area Networks

Generating random binary sequences (BSes) is a fundamental requirement in cryptography. A BS is a sequence of

Encryption for Implantable Medical Devices Using Modified One-Time Pads

N

Ideas and Challenges for Securing Wireless Implantable Medical Devices: A Review

bits, and each bit has a value of 0 or 1. For securing sensors within wireless body area networks (WBANs), electrocardiogram (ECG)-based BS generation methods have been widely investigated in which interpulse intervals (IPIs) from each heartbeat cycle are processed to produce BSes. Using these IPI-based methods to generate a 128-bit BS in real time normally takes around half a minute. In order to improve the time efficiency of such methods, this paper presents an ECG multiple fiducial-points based binary sequence generation (MFBSG) algorithm. The technique of discrete wavelet transforms is employed to detect arrival time of these fiducial points, such as P, Q, R, S, and T peaks. Time intervals between them, including RR, RQ, RS, RP, and RT intervals, are then calculated based on this arrival time, and are used as ECG features to generate random BSes with low latency. According to our analysis on real ECG data, these ECG feature values exhibit the property of randomness and, thus, can be utilized to generate random BSes. Compared with the schemes that solely rely on IPIs to generate BSes, this MFBSG algorithm uses five feature values from one heart beat cycle, and can be up to five times faster than the solely IPI-based methods. So, it achieves a design goal of low latency. According to our analysis, the complexity of the algorithm is comparable to that of fast Fourier transforms. These randomly generated ECG BSes can be used as security keys for encryption or authentication in a WBAN system.

A non-key based security scheme supporting emergency treatment of wireless implants

We present an electrocardiogram (ECG)-based data encryption (EDE) scheme for implantable medical devices (IMDs). IMDs, including pacemakers and cardiac defibrillators, perform therapeutic or even life-saving functions and store sensitive data; therefore, it is important to prevent adversaries from having access to them. The EDE is designed with the ability to provide information-theoretically unbreakable encryption where two well-known techniques of classic one-time pads (OTPs) and error correcting codes are combined to achieve a cryptographic primitive for IMDs. Unlike other ECG-based key agreement schemes where ECG features are used to facilitate a key distribution, in the EDE scheme, random binary strings generated from ECG signals are directly used as keys for encryption. OTP keys are generated by the IMD and the programmer, respectively, before each encryption attempt; thus, the EDE does not require a cryptographic infrastructure to support a key distribution, storage, revocation, and refreshment. Protected by the EDE, IMDs could not be accessed by adversaries; however, medical personnel can have access to them by measuring real-time ECG data in emergencies. Therefore, the EDE design achieves a balance of high security and high accessibility for the IMD. Our data and security analysis shows that the EDE is a viable scheme for protecting IMDs.

Truthful Channel Sharing for Self Coexistence of Overlapping Medical Body Area Networks.

Implantable medical devices (IMDs) are normally used for monitoring and treating various medical conditions. These days, wireless modules have become an intrinsic part of many modern IMDs. So, doctors can use device programmers wirelessly to configure parameters in the IMDs. However, such a wireless technology exposes the IMDs to security attacks. In this paper, we analyze potential threats faced by the IMDs and discuss security solutions proposed in the existing literature to counter these threats. Securing an IMD involves three design tradeoffs that require a careful consideration. The first one is security versus accessibility in an emergency situation. We compare the IMD security schemes in the literature in terms of their merits and disadvantages. The second one is the tradeoff between the security schemes for supporting emergency access and those for supporting normal check-up access to the IMDs. This normal check-up access to the IMDs should avoid extra resource consumptions, which is different from the requirement in the emergency access. The third one is between the requirements of strong security and limited resources. The IMD, as a tiny wireless device used for medical purposes, has very limited resources when compared with a generic wireless sensor device/node. We analyze various schemes that aim to conserve the underlying resources of an IMD and also counter battery denial of service attacks from different perspectives. Based on the literature review, we analyze general concerns in the IMD security design from the system engineering point of view, and discuss possible future research directions.

Securing wireless medical implants using an ECG-based secret data sharing scheme

The security of wireless communication module for Implantable Medical Devices (IMDs) poses a unique challenge that doctors in any qualified hospital should have the access to the IMDs for an emergency treatment while the IMD should be protected from adversaries during a patients daily life. In this paper, we present a non-key based security scheme for the emergency treatment of IMDs, named the BodyDouble. This scheme employs an external authentication proxy embedded in a gateway to authenticate the identity of a programmer. The gateway here employs a transmitting antenna to send data and jamming signals. When an adversary launches attacks, the gateway jams the request signal to the IMD and authenticates its identity. The gateway will also pretend to be the wireless module of the IMD by establishing a communication link with the adversary so that the adversary is spoofed to communicate with the gateway instead of the IMD. For the emergency situation, the IMD can be accessed without using any cryptographic keys by simply powering off or removing the gateway. Simulation results show that this security scheme can protect the IMD from the adversarys attacks successfully, and resist the potential repeated attacks to prevent the battery depletion of the IMD.

A comparison of key distribution schemes using fuzzy commitment and fuzzy vault within wireless body area networks

As defined by IEEE 802.15.6 standard, channel sharing is a potential method to coordinate inter-network interference among Medical Body Area Networks (MBANs) that are close to one another. However, channel sharing opens up new vulnerabilities as selfish MBANs may manipulate their online channel requests to gain unfair advantage over others. In this paper, we address this issue by proposing a truthful online channel sharing algorithm and a companion protocol that allocates channel efficiently and truthfully by punishing MBANs for misreporting their channel request parameters such as time, duration and bid for the channel. We first present an online channel sharing scheme for unit-length channel requests and prove that it is truthful. We then generalize our model to settings with variable-length channel requests, where we propose a critical value based channel pricing and preemption scheme. A bid adjustment procedure prevents unbeneficial preemption by artificially raising the ongoing winner’s bid controlled by a penalty factor λ. Our scheme can efficiently detect selfish behaviors by monitoring a trust parameter α of each MBAN and punish MBANs from cheating by suspending their requests. Our extensive simulation results show our scheme can achieve a total profit that is more than 85% of the offline optimum method in the typical MBAN settings.

A fingerprint and finger-vein based cancelable multi-biometric system

Wireless Implantable Medical Devices (IMDs), including pacemakers and cardiac defibrillators, often have built-in wireless modules in order to facilitate non-invasive programming and data read-out; however, most IMDs lack a security mechanism. The unique challenge is that IMDs should be able to be accessed by doctors at any legitimate hospital for emergency purposes, but conventional security mechanisms using keys or credentials cannot guarantee that doctors could obtain keys timely in emergency situations. To address this unique challenge, we present an ECG-based Secret Data Sharing (ESDS) scheme for securing wireless IMDs which does not require pre-deployed keys or credentials. The ESDS scheme makes use of electrocardiograph (ECG) features to hide a secret within the IMD before transmission, and then reveal the secret with simultaneously measured ECG features by an external programmer. This scheme can protect IMDs against eavesdropping and other active attacks. In addition, the scheme uses an improved fuzzy vault scheme in which hash functions are substituted for chaff points to hide genuine points on a polynomial. This improvement saves IMD resources in terms of memory and communications, making the ESDS scheme lightweight. Performance analysis shows that the ESDS scheme meets our design goal of security.

An Improved Binary Sequence Generation for Securing Wireless Body Area Networks

The fuzzy commitment scheme and the fuzzy vault scheme have been widely investigated by researchers in the distribution of symmetric keys within a Wireless Body Area Network (WBAN) for security purposes. Both schemes could use the same physiological signal (Electrocardiogram) for the same purpose (key distribution). To provide guidance to researchers, this paper conducts a comparative analysis of these two schemes to identify their similarities and differences, and contrast their relative merits and demerits. In the paper, we present their mathematical models first, and then compare the models step by step together with an analysis of their simulation performance. According to our analysis, we find that both the techniques follow common workflows to conceal a symmetric key in a transmitter and reveal the key in a receiver, respectively. On the other hand, the fuzzy commitment scheme has a more complicated process in obtaining ECG measurements than the fuzzy vault scheme; by contrast, its key concealing and revealing process is much simpler when compared to the fuzzy vault scheme. Besides a superior False Acceptance Rate (FAR) performance of the fuzzy commitment scheme, their False Rejection Rate (FRR) performance is comparable. Since the polynomial calculation and reconstruction are utilized in the fuzzy vault scheme, from the perspective of the computational complexity, the fuzzy commitment scheme is recommended for lightweight WBAN sensors.

Muscle Activity-Driven Green-Oriented Random Number Generation Mechanism to Secure WBSN Wearable Device Communications

Fingerprint and finger-vein based cancelable multi-biometric template design.Flexible feature-level fusion strategy with three fusion options.Enhanced partial discrete Fourier transform based non-invertible transformation.High-performing cancelable multi-biometric templates with strong security. Compared to uni-biometric systems, multi-biometric systems, which fuse multiple biometric features, can improve recognition accuracy and security. However, due to the challenging issues such as feature fusion and biometric template security, there is little research on cancelable multi-biometric systems. In this paper, we propose a fingerprint and finger-vein based cancelable multi-biometric system, which provides template protection and revocability. The proposed multi-biometric system combines the minutia-based fingerprint feature set and image-based finger-vein feature set. We develop a feature-level fusion strategy with three fusion options. Matching performance and security strength using these different fusion options are thoroughly evaluated and analyzed. Moreover, compared with the original partial discrete Fourier transform (P-DFT), security of the proposed multi-biometric system is strengthened, thanks to the enhanced partial discrete Fourier transform (EP-DFT) based non-invertible transformation.