Krishna Venkatasubramanian, Ayan Banerjee, Sandeep Gupta

1
Plethysmogram-based Secure Inter-Sensor
Communication in Body Area Networks

• Krishna Venkatasubramanian, Ayan Banerjee,
  Sandeep Gupta
• Dept. of Computer Science and Engineering
• School of Computing and Informatics
• Arizona State University
• Tempe, Arizona

2
Body Area Network

• Definition
• BAN - A network of health environmental
  monitoring sensors deployed on a person managing
  their health.
• Principal Features
• Continuous real time monitoring
• Remove time space restrictions on care
• Improved deployability
• Ideal for life-saving scenarios
• Enables caregivers on field to make informed
  decisions about treatment of soldiers in
  time-constrained scenarios.

3
Security in Body Area Networks

• Need
• BANs collect sensitive medical data
• Legal Requirement (HIPAA)
• Potential for exploitation
• Loss of privacy
• Physical harm

• Security Requirements
• Integrity
• Confidentiality
• Authentication
• Plug-n-Play

• Possible Attacks
• Fake warnings resource wastage
• Prevent legitimate warnings.
• Unnecessary Actuations.

Primary issue Secure Inter- Sensor Communication
in BAN
4
Traditional Approach

• Key Distribution Secure Communication.
• Pre-deployment based
• Pair-wise, Network-wise, Group-wise
• Pre-deployed Master Key
• Domain parameters for ECC based Diffie-Helman.
• Problems
• Requires secure setup and initialization process
• Re-keying and network wide adjustments node
  addition, moving difficult

5
Plethysmogram based Key Agreement

• Photoplethysmogram (PPG) based Key Agreement
  (PKA)
• PPG volumetric change in the distention of
  arteries due to the perfusion of blood through
  them during a cardiac cycle
• Properties
• Easy to Measure oximeter finger, ear lobe
• Universal - measurable in everyone
• Distinctive cardiac cycle unique for each
  person at a give time
• Low Latency requires minimal measurements for
  key agreement
• Time Variant varies with time
• Advantages
• Plug-n-Play deployment is enough to have secure
  communication
• Efficiency no additional keying material
  required
• Automatic Rekeying Key agreed based on current
  value of PPG cannot be known from knowledge of
  past values.

• System Model
• BAN
• Sensors worn or implanted on subject
• Use wireless medium to communicate
• All sensors can measure PPG
• Threats
• Active adversaries replay, spoof, introduce
  messages
• Passive adversaries eavesdrop only
• Tamper physical compromise UNLIKELY
• Trust
• Wireless medium not trusted
• Physical layer attacks such as jamming not
  addressed

6
Details

• Feature Generation
• Extraction
• Obtaining frequency domain features from PPG
• Quantization
• For representation of features for key agreement
• Key Agreement
• Fuzzy Vault
• Cryptographic construct used for secure exchange
  of data
• Vault Exchange
• Key agreement between sensors using the vault
  construct

7
PPG Feature Generation
8
Key Agreement

• Sensors use PPG features as a basis for agreeing
  upon keys.
• Features cannot be directly used a keys as they
  might not be identical due to the topographic
  specificity of the human body.
• Technique
• Generate a key at one sensor
• Hide it using PPG features
• Transport it to other sensor
• Unhide it at the receiver
• We use Fuzzy Vault construct to hide/un-hide the
  keys as it allows hiding and un-hiding even
  without identical secrets

9
Fuzzy Vault

• Locks secrets S using a set of values A and can
  be unlocked with another set B, only if A ? B gt ?
• The construction and locking of the vault is done
  by
• Generating a vth order polynomial p over the
  variable x that encodes the secret S,
• Computing the value of the polynomial at
  different values of x from set A and creating a
  set R ai, p(ai), where 1 ? i ? A
• Adding randomly generated points called chaff to
  R which do not lie on the polynomial.
• Unlocking of the vault can be done by
• Identifying a set B with significant overlap with
  A
• Build a set Q (u, v)(u, v) ? R, u ? B
• Polynomial reconstructed using points in Q using
  Lagrangian interpolation - Knowledge of v1
  points on a polynomial (x0,y0),(x1,y1).(xn,yn)
  can reconstruct vth order polynomial

10
Vault Locking Unlocking
Sender
Receiver
11
Security Analysis

• Security of the vault depends upon number of
  points (R) and order of polynomial (v).
• Number of combinations needed for
• Adversary RC(v1)
• Receiver QC(v1)
• Choose v such that
• v less than common features between sender and
  receiver of same person
• v greater than common features between sender
  and receiver of different person
• Choose R such that
• Required amount of security available
• Computation within manageable limits for the
  receiver

12
Performance Analysis

• Based on actual PPG data collected from 10
  volunteers at IMPACT lab.
• Smith-Medical oximeter used 60Hz sampling, 5
  minutes data collected.
• Properties evaluated
• Distinctiveness
• Needed for setting polynomial order
• Total features per person 30
• Common features same person 12 (average)
• Common features different person 2 (average)
• Time Variance
• Compare common features in PPG collected at
  different measurement start-times for executing
  PKA.
• If greater than polynomial order (v) then
  violation

13
Conclusion

• Implemented PKA in Matlab
• Use of PPG for cryptographic keys agreement
  proposed results are promising.
• Previous work on using physiological values based
  on
• Inter-Pulse-Interval (IPI) was useful for
  authentication only
• EKG was too tedious to measure reducing
  usability
• Future Work
• Implementation of PKA on actual sensors
• Reduce Vault unlocking overhead for receiver.

Screen Shot