Mission Critical Networks Workshop (MCN

1
EKG-Based Key Agreement in Body Sensor Networks

• Krishna Venkatasubramanian, Ayan Banerjee, and
  Sandeep Gupta
• IMPACT Lab
• Department of Computer Science and Engineering
• School of Computing and Informatics
• Ira A. Fulton School of Engineering
• Arizona State University
• Tempe, Arizona

2
Outline

• Body Sensor Networks
• Need for Security in BSN
• EKG-based Key Agreement
• Performance Analysis
• Security Analysis
• Conclusions

3
Body Sensor Networks

• Definition
• A network of health environmental monitoring
  sensors deployed on a person managing their
  health.
• Principal Features
• Continuous real time monitoring
• Remove time space restrictions on care
• Improved deployability
• Ideal for life-saving scenarios
• Enables caregivers to make informed decisions
  about treatment in time-constrained scenarios
• Disasters
• Battlefield
• Individual emergencies

Sensors
BSN
Wireless links
Sink
Usage Scenario
Critical Infrastructure
4
Security in BSN

• Need
• Collect sensitive medical data
• Legal Requirement (HIPAA)
• Potential for exploitation

Primary issue Secure Inter- Sensor
Communication in BSN

• Security Requirements
• Integrity
• Confidentiality
• Authentication
• Minimal setup time

• Possible Attacks
• Fake warnings resource wastage
• Prevent legitimate warnings.
• Unnecessary Actuations.
• Example Recent ICD hacking

Our Approach Physiological Value based Security
5
Physiological Values for Security

• Aim
• Use of the physiological values (PV) from the
  body as a means of generating (symmetric
  )cryptographic keys

Why?

• Dynamic nature of human body
• Signals represent physiology of the subject at
  that time and therefore unique

Properties

• Universal Should be measurable in everyone
• Distinctively collectable Should be different
  for different persons at any given time
• Low Latency Should be able to generate keys with
  minimal duration of measurement
• Time variant If broken, the next set of values
  should not be guessable.

• Advantages
• Plug-n-Play capability with BSN
• Efficient as no additional keying material or
  initialization steps required
• Automatic re-keying as a persons physiology
  changes over time

6
Related Work

• Traditional Sensor Network Security
• Key Distribution Secure Communication.
• Key Distribution requires pre-deployment
• Network-wide keys, Pair-wise keys
• Pre-deployed Master Key
• Domain parameters for ECC based Diffie-Helman.
• Issues
• Requires setup time- problematic in emergency
  deployment
• Re-keying and network wide adjustments node
  addition, moving difficult
• May require large key storage space for dense
  network.

• Using Physiological Values for Security
• Proposed in CV03 as a means an alternative to
  key distribution.
• PZ06 proposed use of Inter-pulse-interval
  (IPI) data derived from EKG and PPG data as
  possible PV.
• Collect IPI data from time difference between EKG
  and PPG peaks
• Encode (67 values) into keys
• Issues
• For a subject, keys obtained were similar but not
  the same. Ideal as Authentication signatures.
• High Latency - 1 value every 500msec, 67 values
  will take 0.5 minutes to collect

Choice Electrocardiogram Features Low latency,
Frequency domain features Goal To show the
viability of using EKG for generating (symmetric)
cryptographic keys for securing inter-sensor
communication in a BSN.
CV03 S. Cherukuri, K. Venkatasubramanian, and
S. K. S. Gupta. BioSec a biometric based
approach for securing communication in wireless
networks of biosensors implanted in the human
body. pages 432439, October 2003. In Proc. of
Wireless Security and Privacy Workshop
2003. PZ06 C. C. Y. Poon, Yuan-Ting Zhang, and
Shu-Di Bao. A novel biometrics method to secure
wireless body area sensor networks for
telemedicine and m-health. IEEE Communications
Magazine, 44(4)7381, 2006.
7
System Model

• BSN
• Sensors worn or implanted on subject
• Use wireless medium to communicate
• All sensors can measure EKG
• Threats
• Active adversaries replay, spoof, introduce
  messages
• Passive adversaries eavesdrop only
• Tamper physical compromise UNLIKELY
• Trust
• Wireless medium not trusted
• Physical layer attacks such as jamming not
  addressed

8
Overview of Solution

• Feature Generation
• Extraction
• Obtaining frequency domain features from EKG
• Quantization
• For efficient representation of features for
  generating common keys
• Key Agreement
• Feature Exchange
• Exchange the features generated at each sensor to
  identify the common ones
• Generate Keys
• Choose common features and form key
• Verification
• Verification of the key

9
Feature Generation Extraction
10
Feature Generation Quantization
Feature Vector (320 coefficient values)
Block 1 Values 1-16
Block 2 Values 17-32
Block 20 Values 304-320

64 bits
Quantizer/ Encoding
Quantizer/ Encoding
Quantizer/ Encoding
EKG Feature Blocks
64 bits
64 bits
20 blocks

• Process
• Divide the Feature Vector into 20 blocks each
  containing 16 values
• Each of the block is then quantized (exponential
  quantization, 12 levels)
• The quantized values are encoded into 4
  bits/coefficient.
• The 20, 64 bit blocks represent the features

11
Key Agreement Feature Exchange
Sensor 1
Sensor 2
Key Verification
12
Key Agreement Key Generation
Send Hashes
Feature Blocks (Q)

• At each Sensor Node
• V is hash of received feature blocks
• U is hash of local feature blocks with received
  salt
• Compute matrix W where W(i,j) is the hamming
  distance between block i of U and block j of V.
  Here 1 ? (i,j) ? 20
• For each W(i,j) 0, concatenate Q(i) to form
  KeyMat.
• KeyMat it passed through a one way hash function
  to produce the final key.

hash
V
Receive Hashes
Hash w/ Received nonce
U
Extract concatenate
indices
KeyMat
W
Hash
Key
13
Key Agreement Verification
Sensor 1
Sensor 2
Feature Exchange
Key Generation
Key Verification
14
Performance Analysis

• Purpose
• Test keys generated by EKA
• Data Properties
• Source MIT PhysioBank database, 1 hour 2 lead
  EKG data from 31 patients Sampling Rate 125Hz,
  each sample is time stamped.
• Experiments
• For each subject, EKA executed at 100 random
  start-times
• Mutual Hamming distance computed between the keys
  generated to evaluate distinctiveness
• Computed Runs-test and Average Entropy for each
  key generated to evaluate randomness.
• For each subject, EKA executed at 100 consecutive
  5 second intervals
• Computed Hamming distance between keys generated
  to evaluate temporal variance.

15
Results

• At each time-stamp, 2 keys (say KeyA and KeyB)
  generated at every subject.
• Distinctiveness
• Each square is the distance between Key A and Key
  B
• Anti-diagonal indicates KeyA and KeyB of same
  person are identical.
• Average difference between keys of 2 different
  subjects at a given start-time 49.9
• Randomness
• Average Entropy
• Computed based on keys generated for each of the
  31 patients at 100 start-times.
• Results indicate 1s and 0s are uniformly
  distributed.
• Runs test
• Tests runs of 0s and 1s in the key.
• 2 tailed, confidence interval 5
• Failed in less than 2 of the cases (31 patients,
  100 start-times 3100 cases)
• Temporal Variance
• Average difference between keys of same subject
  at a two consecutive start-times is 49.0

16
Security Analysis
Attacks EKA
Blocks exchanged only 64 bits long. Susceptible to brute-force. Perform key strengthening by repeatedly hashing the blocks 2n times before transmitting them. On going work to increase feature block length. Possible avenue is to use higher sampling frequencies and longer FFTs.
Key compromise from messages exchanged Key compromise is not possible as KeyA / KeyB and KeyR / KeyR are random.
Message tampering and replay Tampering the blocks will result in no key being formed between sensors and key agreement process will be repeated. Message replay does not give any advantage to the adversary as the keys are never revealed and value of KeyR/KeyR and KeyA/KeyB change with every run of the protocol. If EKA used for authentication only, replay might succeed if the keys do not change between two measurements, but the presence of MAC in Step1 ensures that such replay are caught.
KeyA and KeyB compromised by some means Loss will be temporary as keys changed with every new EKG measurement.
17
Conclusions

• BSN provides life-saving services.
• Security essential in BSN to preserve patient
  privacy.
• Use of EKG for generating cryptographic keys
  proposed and early results are promising.
• Potential Applications
• Pervasive health monitoring
• Fitness and performance monitoring
• Future Work
• Increasing the length of blocks exchanged
• Implementation of EKA on real sensing devices
• Experiment with more diverse EKG data people
  with ailments, EKG measured different activities
  sleeping, eating etc.
• Identify new PVs - not all sensors in a BSN can
  measure EKG