Zhaoyang Zhang,Honggang Wang,Athanasios V. Vasilakos,Hua Fang

DOI: https://doi.org/10.4108/icst.bodynets.2013.253689

2013-01-01

Abstract:Wireless Body Area Networks (WBANs) are the core of components of future m-Health system and is playing a crucial role in healthcare applications. A key requirement for such applications is secure communications between body sensors. This paper presents a novel key agreement scheme which allows wireless body sensors in WBANs to share a common key generated using wireless channel information. Unlike traditional biometric based security approach, the proposed key agreement does not need extra hardware, which can secure data communications in a plug-n-play manner. Our experimental results show that the proposed scheme is feasible for WBANs.

Zhaoyang Zhang,Honggang Wang,Athanasios V. Vasilakos,Hua Fang

DOI: https://doi.org/10.1109/titb.2012.2206115

2012-01-01

IEEE Transactions on Information Technology in Biomedicine

Abstract:Wireless body area networks (BANs) have drawn much attention from research community and industry in recent years. Multimedia healthcare services provided by BANs can be available to anyone, anywhere, and anytime seamlessly. A critical issue in BANs is how to preserve the integrity and privacy of a person's medical data over wireless environments in a resource efficient manner. This paper presents a novel key agreement scheme that allows neighboring nodes in BANs to share a common key generated by electrocardiogram (ECG) signals. The improved Jules Sudan (IJS) algorithm is proposed to set up the key agreement for the message authentication. The proposed ECG-IJS key agreement can secure data commnications over BANs in a plug-n-play manner without any key distribution overheads. Both the simulation and experimental results are presented, which demonstrate that the proposed ECG-IJS scheme can achieve better security performance in terms of serval performance metrics such as false acceptance rate (FAR) and false rejection rate (FRR) than other existing approaches. In addition, the power consumption analysis also shows that the proposed ECG-IJS scheme can achieve energy efficiency for BANs.

Liping Xie,Weichao Wang,Tuanfa Qin

DOI: https://doi.org/10.1109/chase.2016.29

2016-01-01

Abstract:In the past few years mobile healthcare has attracted a lot of attention from both industry and academia. Medical sensors are usually attached to or implanted inside patient body. Since sensing results of BAN can directly impact the control of medical equipment, the authenticity and integrity of sensing data is essential for safety of patients. Existing research focuses on differentiating on-body sensors from off-the-body impersonators with the help from a control unit. In this paper, we propose to exploit wireless channel characteristics to detect on-body impersonators in BAN networks. Depending on whether or not the sensors have line-of-sight connections with the off-the-body control unit, their communication channels demonstrate different properties. For an attacker who demonstrates similar channel characteristics as the victim, a user-configurable challenge-response mechanism is designed to expose the conflicting information submitted by the two nodes. Our simulation results show that with a small increase in communication and computation overhead, we can effectively detect the on-body impersonators.

Mengxia Shuai,Bin Liu,Nenghai Yu,Ling Xiong

DOI: https://doi.org/10.1155/2019/8145087

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:On-body wireless networks (oBWNs) play a crucial role in improving the ubiquitous healthcare services. Using oBWNs, the vital physiological information of the patient can be gathered from the wearable sensor nodes and accessed by the authorized user like the health professional or the doctor. Since the open nature of wireless communication and the sensitivity of physiological information, secure communication has always been the vital issue in oBWNs-based systems. In recent years, several authentication schemes have been proposed for remote patient monitoring. However, most of these schemes are so susceptible to security threats and not suitable for practical use. Specifically, all these schemes using lightweight cryptographic primitives fail to provide forward secrecy and suffer from the desynchronization attack. To overcome the historical security problems, in this paper, we present a lightweight and secure three-factor authentication scheme for remote patient monitoring using oBWNs. The proposed scheme adopts one-time hash chain technique to ensure forward secrecy, and the pseudonym identity method is employed to provide user anonymity and resist against desynchronization attack. The formal and informal security analyses demonstrate that the proposed scheme not only overcomes the security weaknesses in previous schemes but also provides more excellent security and functional features. The comparisons with six state-of-the-art schemes indicate that the proposed scheme is practical with acceptable computational and communication efficiency.

Yan Zhuang,Chen Song,Feng Lin,Yiran Li,Changzhi Li,Wenyao Xu

DOI: https://doi.org/10.1109/rws.2016.7444405

2016-01-01

Abstract:Cryptographic security is of great importance. Biometrics play a vital role in modern authentication systems. Among all emerging biometrics, heart-based biometrics are promising because they are unique and hard to counterfeit. The current solutions on cardiac motion detection are either obtrusive or incapable of providing comprehensive cardiac motion information. To this end, we present Non-contact Cardiac Motion Sensing (NCMS), an end-to-end hardware and software solution, to sense and characterize the cardiac motion in a continuous, unobtrusive and user-friendly manner. We evaluate the performance of NCMS and compare the cardiac motion cycle on human subjects. Experimental results indicate the feasibility of NCMS to detect the cardiac motion and show the concept of a new modality in emerging heart-based biometrics.

Jianxiang Peng,Zhanjun Hao,Zhenyi Zhang,Ruidong Wang,Mengqiao Li,Xiaochao Dang

DOI: https://doi.org/10.1109/jsen.2024.3353256

IF: 4.3

2024-03-15

IEEE Sensors Journal

Abstract:User authentication is crucial for privacy and security. In daily life, personalized intelligent devices are frequently used; however, these devices are vulnerable to unauthorized access, which can result in serious privacy breaches. To address this problem, this article proposes a user security authentication method that uses millimeter-wave radar to perceive human life signals for verification. First, the millimeter-wave radar is used to perceive the user's breathing and heartbeat signals. Second, to eliminate the influence of breath-holding on the verification result, this article adopts the method of recognizing breathing patterns and establishing two channels: one for other breathing signals when not holding breath and another for heartbeat signals when holding breath. Finally, the wavelet packet decomposition (WPD) and Mel-frequency cepstral coefficients (MFCC) features of the user's breathing signals, as well as the MFCC features of the heartbeat signals, are extracted. A lightweight neural network, ShuffleNet V2, is used for security authentication. Through a large number of experiments, the verification accuracy is 93.7%.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Liping Xie,Weichao Wang,Xinghua Shi,Tuanfa Qin

DOI: https://doi.org/10.1109/icc.2017.7996735

2017-01-01

Abstract:Medical sensors are usually attached to or implanted inside patient body. Since sensing results of Body Area Networks (BAN) can directly impact the control of medical equipment, the authenticity and integrity of sensing data is essential for safety of patients. Restricted by the limited resources available to BAN sensors, researchers have referred to Physical Unclonable Function of the nodes to achieve authentication. Existing approaches focus on the authentication between control unit and sensors. Mutual authentication among body sensors has not been carefully studied. In this paper, we propose to design a lightweight mutual authentication mechanism for BAN sensors with physical unclonable functions (PUF). Using control unit as a middle point, a pair of body sensors can establish shared secrets so that authenticity of exchanged data can be protected. The proposed approach does not require sensors to conduct any encryption operations, which suits the restricted resources available to BAN nodes. The analysis shows that the proposed approach has very low overhead and does not introduce new vulnerabilities into the system.

Bahaa Hussein Taher,Muhammad Yasir,Abraham Isiaho,Judith N. Nyakanga

DOI: https://doi.org/10.30564/jcsr.v4i3.4258

2022-07-13

Journal of Computer Science Research

Abstract:Wireless sensor networks process and exchange mission-critical data relating to patients’ health status. Obviously, any leakages of the sensed data can have serious consequences which can endanger the lives of patients. As such, there is need for strong security and privacy protection of the data in storage as well as the data in transit. Over the recent past, researchers have developed numerous security protocols based on digital signatures, advanced encryption standard, digital certificates and elliptic curve cryptography among other approaches. However, previous studies have shown the existence of many security and privacy gaps that can be exploited by attackers to cause some harm in these networks. In addition, some techniques such as digital certificates have high storage and computation complexities occasioned by certificate and public key management issues. In this paper, a certificateless algorithm is developed for authenticating the body sensors and remote medical server units. Security analysis has shown that it offers data privacy, secure session key agreement, untraceability and anonymity. It can also withstand typical wireless sensor networks attacks such as impersonation, packet replay and man-in-the-middle. On the other hand, it is demonstrated to have the least execution time and bandwidth requirements.

Waqas Aman,Muhammad Mahboob Ur Rahman,Hasan T Abbas,Muhammad Arslan Khalid,Muhammad A Imran,Akram Alomainy,Qammer H Abbasi

DOI: https://doi.org/10.3390/s21103534

2021-05-19

Abstract:This manuscript presents a novel mechanism (at the physical layer) for authentication and transmitter identification in a body-centric nanoscale communication system operating in the terahertz (THz) band. The unique characteristics of the propagation medium in the THz band renders the existing techniques (say for impersonation detection in cellular networks) not applicable. In this work, we considered a body-centric network with multiple on-body nano-senor nodes (of which some nano-sensors have been compromised) who communicate their sensed data to a nearby gateway node. We proposed to protect the transmissions on the link between the legitimate nano-sensor nodes and the gateway by exploiting the path loss of the THz propagation medium as the fingerprint/feature of the sender node to carry out authentication at the gateway. Specifically, we proposed a two-step hypothesis testing mechanism at the gateway to counter the impersonation (false data injection) attacks by malicious nano-sensors. To this end, we computed the path loss of the THz link under consideration using the high-resolution transmission molecular absorption (HITRAN) database. Furthermore, to refine the outcome of the two-step hypothesis testing device, we modeled the impersonation attack detection problem as a hidden Markov model (HMM), which was then solved by the classical Viterbi algorithm. As a bye-product of the authentication problem, we performed transmitter identification (when the two-step hypothesis testing device decides no impersonation) using (i) the maximum likelihood (ML) method and (ii) the Gaussian mixture model (GMM), whose parameters are learned via the expectation-maximization algorithm. Our simulation results showed that the two error probabilities (missed detection and false alarm) were decreasing functions of the signal-to-noise ratio (SNR). Specifically, at an SNR of 10 dB with a pre-specified false alarm rate of 0.2, the probability of correct detection was almost one. We further noticed that the HMM method outperformed the two-step hypothesis testing method at low SNRs (e.g., a 10% increase in accuracy was recorded at SNR = -5 dB), as expected. Finally, it was observed that the GMM method was useful when the ground truths (the true path loss values for all the legitimate THz links) were noisy.

Zhitao Guan,Tingting Yang,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.48550/arXiv.1811.07864

2018-10-25

Cryptography and Security

Abstract:Recently, with the support of mobile cloud computing, a large number of health related data collected from various body sensor networks can be managed efficiently. However, to ensure data security and data privacy in cloud-integrated body sensor networks is an important and challenging issue. In this paper, we present a novel secure access control mechanism Mask Certificate Attribute Based Encryption for cloud integrated body sensor networks. A specific signature is designed to mask the plaintext, then the masked data can be securely outsourced to cloud severs. An authorization certificate composing of the signature and related privilege items is constructed that is used to grant privileges to data receivers. To ensure security, a unique value is chosen to mask the certificate for each data receiver. The analysis shows that the proposed scheme has less computational cost and storage cost compared with other popular models.

Chunqiang Hu,Fan Zhang,Xiuzhen Cheng,Xiaofeng Liao,Dechang Chen

DOI: https://doi.org/10.1145/2463183.2463191

2013-01-01

Abstract:Wireless Body Area Networks (BANs) are expected to play a crucial role in patient-health monitoring in the near future. Establishing secure communications between BAN sensors and external users is key to addressing the prevalent security and privacy concerns. In this paper, we propose the primitive functions to implement a secret-sharing based Ciphertext-Policy Attribute-Based Encryption (CP_ABE) scheme, which encrypts the data based on an access structure specified by the data source. We also design two protocols to securely retrieve the sensitive patient data from a BAN and instruct the sensors in a BAN. Our analysis indicates that the proposed scheme is feasible, can provide message authenticity, and can counter possible major attacks such as collusion attacks and battery-draining attacks.

Chunqiang Hu,Xiuzhen Cheng,Fan Zhang,Dengyuan Wu,Xiaofeng Liao,Dechang Chen

DOI: https://doi.org/10.1109/infcom.2013.6567031

2013-01-01

Abstract:Body Area Networks (BANs) are expected to play a major role in patient health monitoring in the near future. Providing an efficient key agreement with the prosperities of plug-n-play and transparency to support secure inter-sensor communications is critical especially during the stages of network initialization and reconfiguration. In this paper, we present a novel key agreement scheme termed Ordered-Physiological-Feature-based Key Agreement (OPFKA), which allows two sensors belonging to the same BAN to agree on a symmetric cryptographic key generated from the overlapping physiological signal features, thus avoiding the pre-distribution of keying materials among the sensors embedded in the same human body. The secret features computed from the same physiological signal at different parts of the body by different sensors exhibit some overlap but they are not completely identical. To overcome this challenge, we detail a computationally efficient protocol to securely transfer the secret features of one sensor to another such that two sensors can easily identify the overlapping ones. This protocol possesses many nice features such as the resistance against brute force attacks. Experimental results indicate that OPFKA is secure, efficient, and feasible. Compared with the state-of-the-art PSKA protocol, OPFKA achieves a higher level of security at a lower computational overhead.

Huaizheng Mu,Liangqi Yuan,Jia Li

DOI: https://doi.org/10.1109/OJIM.2023.3311053

2023-06-28

Abstract:Human sensing is significantly improving our lifestyle in many fields such as elderly healthcare and public safety. Research has demonstrated that human activity can alter the passive radio frequency (PRF) spectrum, which represents the passive reception of RF signals in the surrounding environment without actively transmitting a target signal. This paper proposes a novel passive human sensing method that utilizes PRF spectrum alteration as a biometrics modality for human authentication, localization, and activity recognition. The proposed method uses software-defined radio (SDR) technology to acquire the PRF in the frequency band sensitive to human signature. Additionally, the PRF spectrum signatures are classified and regressed by five machine learning (ML) algorithms based on different human sensing tasks. The proposed Sensing Humans among Passive Radio Frequency (SHAPR) method was tested in several environments and scenarios, including a laboratory, a living room, a classroom, and a vehicle, to verify its extensiveness. The experimental results show that the SHAPR method achieved more than 95% accuracy in the four scenarios for the three human sensing tasks, with a localization error of less than 0.8 m. These results indicate that the SHAPR technique can be considered a new human signature modality with high accuracy, robustness, and general applicability.

Human-Computer Interaction,Signal Processing

Xiaonan Hui,Edwin C. Kan

DOI: https://doi.org/10.1109/BSN.2018.8329682

2018-01-01

Abstract:Users of wearable devices often hope to collect continuous personal vital signs such as heartrates, blood pressures, respiration rates and breath efforts with comfort and free movement. Current approaches are however hindered by their accuracy, comfort, convenience, power consumptions and sensing capabilities. The requirement of direct skin contacts in electrocardiogram (ECG) and acoustic methods limits their sensation of comfort, wearing convenience, body motion and hence long-term use. Photo-plethysmography (PPG) in wrist watches and finger clamps do not require immediate skin touch but its signal can be severely degraded by relative movement. In this paper, we introduce a new method modulating the external and internal motion of the wearer body directly onto multiplexed radio frequency (RF) signals by near-field coherent sensing (NCS). To minimize the deployment and maintenance cost of NCS vital-sign monitoring, passive (battery-free) RF identification (RFID) tags can be integrated into garments at the chest and wrist areas as laundry-ready wearable devices. NCS utilizes both amplitude and phase of the RF signals to sense and isolate the vital signs, which significantly increases the signal quality in comparison to methods based solely on signal strength. The high frequency components of the NCS signal is employed to mitigate the body movement interference to obtain more accurate heartrates.

Jingwei Liu,Zonghua Zhang,Xiaofeng Chen,Kyung Sup Kwak

DOI: https://doi.org/10.1109/tpds.2013.145

IF: 5.3

2014-02-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Wireless body area network (WBAN) has been recognized as one of the promising wireless sensor technologies for improving healthcare service, thanks to its capability of seamlessly and continuously exchanging medical information in real time. However, the lack of a clear in-depth defense line in such a new networking paradigm would make its potential users worry about the leakage of their private information, especially to those unauthenticated or even malicious adversaries. In this paper, we present a pair of efficient and light-weight authentication protocols to enable remote WBAN users to anonymously enjoy healthcare service. In particular, our authentication protocols are rooted with a novel certificateless signature (CLS) scheme, which is computational, efficient, and provably secure against existential forgery on adaptively chosen message attack in the random oracle model. Also, our designs ensure that application or service providers have no privilege to disclose the real identities of users. Even the network manager, which serves as private key generator in the authentication protocols, is prevented from impersonating legitimate users. The performance of our designs is evaluated through both theoretic analysis and experimental simulations, and the comparative studies demonstrate that they outperform the existing schemes in terms of better trade-off between desirable security properties and computational overhead, nicely meeting the needs of WBANs.

computer science, theory & methods,engineering, electrical & electronic

Zhiqing Luo,Wei Wang,Jiang Xiao,Qianyi Huang,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.48550/arXiv.1808.06322

2018-08-20

Abstract:The vision of battery-free communication has made backscatter a compelling technology for on-body wearable and implantable devices. Recent advances have facilitated the communication between backscatter tags and on-body smart devices. These studies have focused on the communication dimension, while the security dimension remains vulnerable. It has been demonstrated that wireless connectivity can be exploited to send unauthorized commands or fake messages that result in device malfunctioning. The key challenge in defending these attacks stems from the minimalist design in backscatter. Thus, in this paper, we explore the feasibility of authenticating an on-body backscatter tag without modifying its signal or protocol. We present SecureScatter, a physical-layer solution that delegates the security of backscatter to an on-body smart device. To this end, we profile the on-body propagation paths of backscatter links, and construct highly sensitive propagation signatures to identify on-body backscatter links. We implement our design in a software radio and evaluate it with different backscatter tags that work at 2.4 GHz and 900 MHz. Results show that our system can identify on-body devices at 93.23% average true positive rate and 3.18% average false positive rate.

Human-Computer Interaction

Yong Huang,Wei Wang,Hao Wang,Tao Jiang,Qian Zhang

DOI: https://doi.org/10.1109/twc.2020.2991111

IF: 10.4

2020-08-01

IEEE Transactions on Wireless Communications

Abstract:By adding users as a new dimension to connectivity, on-body Internet-of-Things (IoT) devices have gained considerable momentum in recent years, while raising serious privacy and safety issues. Existing approaches to authenticate these devices limit themselves to dedicated sensors or specified user motions, undermining their widespread acceptance. This paper overcomes these limitations with a general authentication solution by integrating wireless physical layer (PHY) signatures with upper-layer protocols. The key enabling techniques are constructing representative radio propagation profiles from received signals, and developing an adversarial multi-player neural network to accurately recognize underlying radio propagation patterns and facilitate on-body device authentication. Once hearing a suspicious transmission, our system triggers a PHY-based challenge-response protocol to defend in depth against active attacks. We prove that at equilibrium, our adversarial model can extract all information about propagation patterns and eliminate any irrelevant information caused by motion variances and environment changes. We build a prototype of our system using Universal Software Radio Peripheral (USRP) devices and conduct extensive experiments with various static and dynamic body motions in typical indoor and outdoor environments. The experimental results show that our system achieves an average authentication accuracy of 91.6%, with a high area under the receiver operating characteristic curve (AUROC) of 0.96 and a better generalization performance compared with the conventional non-adversarial approach.

telecommunications,engineering, electrical & electronic

Jingyi Ning,Lei Xie,Chuyu Wang,Yanling Bu,Fengyuan Xu,Da-Wei Zhou,Sanglu Lu,Baoliu Ye

DOI: https://doi.org/10.1109/tmc.2021.3097912

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Nowadays, authentication systems are usually required to provide continuous, contactless, and non-intrusive services. In this paper, we propose RF-Badge, a vital sign-based authentication scheme on human subjects to meet the above requirements by using RFID technology. We consider two biometric features with individual diversity to characterize the vital sign of users, including the movement effect from respiration and the reflection effect from organs, especially the heart. To derive the movement effect from respiration, we build a phase-based geometric model to restore the fine-grained badge moving trace as the feature. To derive the reflection effect from human internal organs, we extract the reflection signal from the original signal and generate the spectrum as the feature. Besides, to deal with the feature deviation in different physical conditions of users, we propose a multi-condition network (MCNet) to further guarantee the generalization of RF-Badge. We implement a prototype system and evaluate the performance in real environments. The experiment results show that our system achieves the average false positive rate (FPR) of 3.9 percent and false negative rate (FNR) of 3.3 percent for continuous authentication within four signal cycles.

Xiaonan Hui,Edwin C. Kan

DOI: https://doi.org/10.1038/s41928-017-0001-0

IF: 33.255

2017-01-01

Nature Electronics

Abstract:Monitoring the heart rate, blood pressure, respiration rate and breath effort of a patient is critical to managing their care, but current approaches are limited in terms of sensing capabilities and sampling rates. The measurement process can also be uncomfortable due to the need for direct skin contact, which can disrupt the circadian rhythm and restrict the motion of the patient. Here we show that the external and internal mechanical motion of a person can be directly modulated onto multiplexed radiofrequency signals integrated with unique digital identification using near-field coherent sensing. The approach, which does not require direct skin contact, offers two possible implementations: passive and active radiofrequency identification tags. To minimize deployment and maintenance cost, passive tags can be integrated into garments at the chest and wrist areas, where the two multiplexed far-field backscattering waveforms are collected at the reader to retrieve the heart rate, blood pressure, respiration rate and breath effort. To maximize reading range and immunity to multipath interference caused by indoor occupant motion, active tags could be placed in the front pocket and in the wrist cuff to measure the antenna reflection due to near-field coherent sensing and then the vital signals sampled and transmitted entirely in digital format. Our system is capable of monitoring multiple people simultaneously and could lead to the cost-effective automation of vital sign monitoring in care facilities.

Yao Wang,Tao Gu,Tom H. Luan,Minjie Lyu,Yue Li

DOI: https://doi.org/10.1109/jiot.2022.3196143

IF: 10.6

2022-12-10

IEEE Internet of Things Journal

Abstract:Continuous authentication is crucial for protecting user's privacy throughout their login session. Existing studies employ wireless sensing technologies to provide device-free and unobtrusive authentication; the user's behavior is continually assessed without their direct involvement until it deviates from their normal pattern. However, these works primarily concentrate on single-user authentication, which poses challenges in multiuser scenarios, such as smart homes and offices, where more than one user usually exists. In this article, we propose HeartPrint, a continuous multiuser authentication system, that employs a single commodity mmWave radar to capture the unique self-driving heartbeat motions from multiple users. Specifically, HeartPrint leverages the effect of skin surface vibrations caused by heartbeat on radio frequency (RF) transmissions. To profile individual heartbeat signals from the entangled components that are induced by multiple users, we first use a clustering method to position each user in the environment, then focus on the signal reflected from each position separately. The irrelevant body movements are eliminated from the RF signal by using a proposed signal energy comparison method for preserving fine-grained heartbeat traits. We then develop a pipeline to extract the most informative features for characterizing each user and feed them to an elaborated classifier for user authentication. We evaluate HeartPrint with 54 participants and demonstrate that it achieves an average authentication accuracy of over 95%. Additionally, we show that it is resilient against spoofing attacks, with an average attack success rate of less than 3%.

computer science, information systems,telecommunications,engineering, electrical & electronic