Secure new node ID assignment for internet integrated wireless body area networks

Internet integrated sensor networks have gained much importance and exponential growth in wireless body area networks (WBAN) over the last few years. These networks are used in health services to remotely monitor the health of patients and send/receive sensitive, time critical medical data. Because of the wireless and broadcast nature of WBAN, it is easy for an adversary to get, inject, or update the information transmitted in the medium or launch many security attacks. To protect the sensitive data of the patient, we propose a secure communication strategy for different sensors to form a WBAN. Here, a new node ID is assigned for sensors by using public key cryptography to communicate in the network. An energy utilization and communication cost analysis show that our approach incurs less communication overhead as compared with the recently proposed secure solutions in WBAN. The complexity analysis show that the proposed model works efficiently for secure communication in WBAN.


Introduction
The sensor network continuously provide services to various life changing application such as healthcare, agriculture, nuclear power plant monitoring, water monitoring, air pollution monitoring, weather prediction monitoring and earth sensing monitoring. As the critical applications adopt sensor network and tools, information must be protected, authenticated and secure [1].
One aspect of upcoming Internet is that everything having sensors and actuators have linked and incorporated in a bundle called Internet of Things (IoTs) [2]. Wireless Body Area Networks (WBAN) having sensors attached with the human body and an environment (such as rooms, operation table etc.) and forming WBAN have sensing, transmitting and processing capabilities and are integrated with Internet for immediate and fast healthcare services [3]. Due to security threats, data transferred from sensors should be shielded by an end-to-end (E2E) secured channel between the sensors and any communication object from the world. The establishment of secure channel needs to be authenticated. A strong key management schemes can permit two communication devices mutually authenticated and negotiated with secure keys which are used to protect the data from internal and external security attacks [4].

EAI Endorsed Transactions on Scalable Information Systems
Research Article

Figure 1. Data analysis of various security attacks on WBAN
In the healthcare industry, various types of data such as electronic medical records, patient identification, biomedical information, patient accounts and doctor prescriptions are present. These records must be confidential and generated from an authenticated source. The security solutions must adopt the new techniques and methods to provide security against intruders, sniffers, malevolent devices, hackers, ransomwares and most importantly human errors. Initially, human errors are not include as a threat for network. But in today's scenarios there are special provision for handling human errors in its security design. The risk attached with healthcare network can cause abdominal changes in reports of patient, mistreatment by doctors, breaching the account of patient, loss of human life and degradation of reputation service providers. Some common network related threats are as follows [5][6][7][8].
• Packet Sniffers: The malicious users or hackers can analyse the captured message by any legitimate management tool. They can sniff the user id and passwords and uses against the patient or healthcare management. • IP Spoofing: This type of attacks occurs when a malicious user from inside or outside the network can mimics aa a trusted communication device to get access of network information. • Data modification: The malicious user can modify, delete, add and replace confidential and sensitive data and replace with any malicious script on server. As the health data changed, it may result disaster for a person. • Denial of Service (DoS): The services can be prohibited by malicious user through malicious program or script. This is most widely publicized form of attack which causes exhausting resources, blocked processes and services of operating system or applications.
• Eavesdropping: Due to broadcast nature of wireless channel, any malicious user can interrupt the radio transmissions among sensor nodes. The stolen data can be used to harm the healthcare users or network. • Node Capture: Resilience against node capture attack is major threat which poses by any adversary in wireless sensor network. In real time WBAN the medical sensors are placed on body and an environment (such as rooms, operation table etc.). So, these sensors are easily accessible by any adversaries. By capturing the node they can access the cryptographic information and posses to big threats for WBAN [9-10] .
The motivation, contribution and organization of the proposed work are as follows.
The healthcare services through internet can offer various facility for patient and medical service providers. It can also invite many attackers and malicious activities to harm the healthcare networks. According to the report published [11] by IBM the hackers and cybercriminals can produce various type of attacks in recent years. According to the data analysis, various security attacks are identified, and their share are depicted in Figure 1. Most of the attacks called injection of malicious code or script which are 47 percent from total attacks can affect healthcare organizations. Other type of security attacks which are affected healthcare network are mainly system hijacking, passive attackers, traffic analysis, Distributed deniel of service (DDoS), phishing and many more. Figure 1 depicted the percentage of various security attacks on WBAN. This data analysis also suggest that organizations must take back up of their data and keep identifying internal threats [11]. The new node might come with new threat and needs to identify that threat to secure the network. WBAN have heterogeneity, domain information, heavy and complex protocol are key challenges to produce a secure solution. The major contributions of the paper are as follows:

Amit Kumar Gautam and Rakesh Kumar
• The existing security method of WBAN have studied and given their significant characteristics, advantages and disadvantages in a Table 1.
• Design and proposed a new security approach for new node joining in WBAN with the help of access node.
• We present a design requirement analysis, energy utilization and computation cost analysis to prove privacy and security properties of security of WBAN.
• Proposed scheme give cryptographic approach to make sure authenticity, confidentiality and integrity of new node joining in WBAN.
The other part of this paper is systematized as follows. Section 2 presented the background. Section 3 gives system model, adversary model, and design requirements. Section 4 gives a related work and summarize the various recent articles proposed for node joining schemes. Section 5 explains the proposed approaches with schematic analysis. In section 6 various security analysis had given. In section 7 conclusion and future scope has explained.

Background
This section explained the effects of poor security measures. Here we also explained the various security and privacy requirements to provide security of WBAN. The basic structure of WBAN are also presents in this section.

Cost of poor security network
The poor security measures is threatable for loss of important, private, sensible data of patient and healthcare staff. It is also causing loss of patient confidence towards healthcare organization and doctors. In worst case scenario, uncoverable damages can happen due to loss or altered patient information and it can causes sometimes death. The other effects of poor security is as follows.
• High network congestion and busy server • Loose confidence of patient toward healthcare organizations • The recovering or financial cost is more 2.2. Benefits of secure healthcare network Figure 2 depicted the functionality of secure healthcare system. The secure healthcare environment can protect patient data, communication channel and messages from outsider of the network. The secure healthcare environment are able to provide following benefits: • Anytime, anywhere, anyone can take consultation from doctors and monitored by doctors. • It can support mobility which provide by labs, tests and prescriptions. • Easy connection of people from remote area to metro city doctors. • Reduce cost of consultation by patients. • Improvised the caring and safety of patients.
The following are the security and privacy requirements of WBAN [6].
• Confidentiality: The data confidentiality represents the security of data during transmission among healthcare devices. The data which include private information, status of patient current status, card details must protect which causes hazardous to patient's health and wealth. The confidentiality can be achieved by using encryption and key management. devices. Data integrity implies to the procedures applied to secure content of data. The modification in data or

Figure 3. Wireless body area networks
messages through injection some content or modifying content of data. This can be misguided to healthcare service provider and mislead to right prescription and advice through doctors to the patient. • Data Freshness: Data freshness is used to support confidentiality and integrity of data. The old data cannot be used as a new. Data freshness can achieve through monitoring delay, duty cycle, timeliness and synchronization of bits. • Authentication: Every communication device in healthcare application need to be authenticated. So, the receiver of the message trust on sender device. The authentication of the node or device can achieve through cryptographic keys or encryption techniques. • Dependability: The communication devices must be reliable and trustworthy. The correct data need to retrieve from these communication devices, and it fail to deliver correct data then dangerous for human life. • Privacy: Privacy of the patient information is primary concern and private health information is global concern to secure healthcare environment. The access of private data and medical information should be limited, and it is given to authenticated person or devices. • Data availability: Attackers may launch DoS attack on medical cloud and caused medical services inaccessible. Therefore, the WBAN must detect and survive from DoS attacks.

Overview of WBAN
A WBAN is a collection of various type of body sensors and environment sensors which monitors different activity of body functions and may communicate with each other and connected with different access points. The structure of WBAN is depicted in Figure 3 [12]. These access points work as a mediator between local servers and body sensors and environmental sensors. The body sensors are either fixed or movable. There are various types of body sensor are used to monitor physiological signal detection such as blood pressure, Electrocardiograms (ECG), temperature, heart rate and Electroencephelogram (EEG). These sensors monitor physiological signal continuously and send the data to the remote server for further analysis. The analyzed data checks by the doctors or medical specialist and prescribed medicine for the patient. So, with the help of WBAN the continuous health monitoring in timely manner and the users can access medical history or records anytime from anywhere. The emergency situation can be handled by sending alarm or messages to medical staff or ambulance during any abnormally is found by the sensors.

Related Work
In 1996, the concept of WBAN was firstly proposed by Zimmerman [13].  [26][27][28] which uses elliptic curve cryptography (ECC), RSA, MD5 and many cryptographic schemes. Cherukuri et al. [12] one of the first researchers which uses the physiological signals and their feature for randomness and distinctiveness. The features of physiological signals are used to secure WBAN. Many other researchers also use the physiological signals for key management to make secure, energy efficient solution. Some other researchers also use fuzzy vault scheme, bloom filter and steganography with the physiological signals to deal with security issues in WBAN. Xu et al. [14] proposed a method which are using XOR operation and hash function to provide mutual authentication and key management for WBAN. In this method it is using improved fuzzy vault scheme to secure generation of cryptographic keys. Using XOR operation, four hash function and fuzzy vault scheme make this method is lightweight and protect from various security attacks such as eavesdropping, impersonation, replay, capture, man in middle and jamming attack.
Zhang et al. [15] proposed a physiological signal-based cryptography scheme for key agreement. In this scheme uses's ECG signals is used to generate cryptographic keys. It follows plug and play architecture. So, no previous key distribution is required. Kasyokaa et al. [22] Uses Elliptic curve cryptography (ECC) to provide pairing free authentication for healthcare management system.

Hash function and ECC
Supported resource constrained environments, Low power consumption Replacement of old keys is an issue of this scheme.
The cryptographic keys are unique because of every human have different ECG signals. The ECG signals based cryptographic keys are unique and fulfil the requirement of key management such as longer length of key, dynamic, randomness and time variant. This method takes less energy and time to compute keys. When two nodes want to securely communicate then each node separately measured ECG signals at four seconds and perform feature extraction. In feature extraction phase collect ECG data at interval of four seconds and resample at 120 hz. After taking 512 points of Fast Fourier Transform (FFT) data collect 256 coefficients. After that detect local peak coefficients which uses to generate cryptographic keys.
If the patient's information or medical records is altered or stolen by an adversary, the patient could possibly get the wrong diagnosis or will not get timely treatment.
Shanthapriya and Vaithianathan [17] proposed a steganography technique to fulfil the security requirement such as confidentiality and authentication without altering the privacy of the node. The higher order polynomial curve hides the data and securely transfer from one node to another. The performance of this healthcare network is evaluated by using Wavelet and Fourier transform. The polynomial is generated by ECG signals feature detection. The ECG signals changed in time and frequency domain feature selection. After quantization detect peak points which changed into binary form. The higher order of polynomial generated using feature selection of ECG signals. This is a lightweight method to secure BAN.
Yao et al. [18] proposed an interpulse-intervals based key agreement protocol which can uses randomness, variance, uniqueness and distinct features of electrocardiograms (EKG) signals. It is using Bloom filter to recover problems provider set the public and private key with each other. In authentication part the client node and application provider authenticate each other. This approach fulfil the in physiological signals like uncertainty or inconsistency. By using bloom filter, the high security is gain with low cost.
Here the bio features of EKG signals are shared among nodes.
The traditional method of healthcare system data are stores in a central database. When the central databases are compromised then the whole network is compromised. So, Wang et al [19] proposed a security framework based on blockchain called eHealthcare system. It is following the distributed storage structure of data. All participants on medical system can add data as a ledger which append only and distributed. Modifying records needs tendering a modification transaction which are nonrepudiation assets of the blockchain, means each transaction is cryptographically signed and protected. All the transactions will be added by ensuring that it will follow rules and policies of medical system. Introducing the blockchain in WBAN security can enhance the protection, reduce the resource utilization and improve the performance.
Sayed Ashraf Mamun [20] proposed a protocol based on Bluetooth low energy which provide lightweight anonymous authentication and mutual authentication. It is energy efficient scheme for internet integrated healthcare system. This method can add 3.8% power overhead from basic protocol.
Another physiological signal and biometric features and fuzzy algorithm based key agreement and distribution protocols are proposed by Reshan et al [16]. In this method, first the sender node initiates communication by generating random secret key by using prestored biometric and fuzzy algorithm. After that features of physiological signals uses to protect secret key by using fuzzy vault scheme. The secure secret key with authenticator is send by sender node to receiver node. Where authenticator contains ID of sender and receiver node, timestamp value and lifetime of key. After receiving this message, receiver node opens the fuzzy vault by using their own physiological signals and biometric to unlock the key. After that receiver can authenticates messages and user and establishes secure session between sender and receiver. In summary, this scheme provides high security, reliability, flexibility in key management scheme.
Ostad-Sharif et al. [21] proposed a lightweight method for authentication and key management protocol to protect WBAN. In this method, there are three phases initialization, registration and verification. In the verification phase the sensor node authenticate user by using information of hub node. In this paper the author review Li et al's protocol and points out some limitations. In their proposed method limitations are overcome by author. This method guaranteed the privacy of user and secure against various attacks such as session hijack attacks, man in middle attack, replay attack, eavesdropping and modification attack.
Kasyokaa et al. [22] has proposed a key management and secure method in WBAN. This method using ECC and provide pairing free authentication in healthcare management. This method has three part initialize, register and authenticate. In first part, network manager initializes the parameters of system and cryptographic hash function to generate public and secret key. In register part a smartphone controls all sensors used in WBAN. The client node and the application requirement of resource constraint environment of WSN.

WBAN Model
A WBAN is collection of smart body sensors and environment sensors which are implanted, attached or worn in human body. These biosensors are collected bio signals generated from body in real time. These information's are collected by the body sensors and send to the access points through wireless medium. The access points are that node who have more resources like energy, collect data from different body sensors and send to the local servers. The physiological signals are analysed and monitored by medical staff, doctors or specialist. Any problem diagnosed by medical specialist according to data collected then immediately treatment can start. It is depicted in Figure 4.

Figure 4. WBAN model
Our scheme uses network model 802.15.6 standard which was proposed by IEEE for body area networks in 2012. It is mainly using two hop central architecture [23] [24]. In our scheme mainly three types of nodes, ie, body sensor node (NS), access point (NAP) and head node/local server (NH). NS are the resource constraint sensors which are attached to body and receive physiological signals and transmitted to NAP. NAP and NH are more resource efficient than NS. All the data collected by NAP send to the NH which works as a local server and have rich resources. Figure 4 depicted the network model of our scheme.

Threat model
We assume that adversary is able to get data which are exchanged. He can insert malicious script or data, update the data and delete data and replace new data from old. In this threat model we assume that two parties or sensors want to communicate in insecure medium. Therefore, the sensors are not trusted, and medium is not secure. When any sensor node is compromised then adversary can extract all information from sensor node. Consider the following assumption in our approach are as follows.
• The head node and access points are trusted and will not be captured by any adversary. • All the new body sensor nodes are not trusted.
• The malicious node measured to be a probabilistic polynomial time which are given in previous cryptographic mechanisms. The adversary wants to generate multiple fake identification (ID) to perform various attack on sensor network. • The node is physically access by an attacker. The aim of attacker to recover keys and other cryptographic material which had used for Encryption/Decryption. • Some of adversaries might observe the traffic of communication. This threats main aim to observe the factors (routing information, frequency etc.) of traffic, communication contents and finding the information's about the nodes.

Proposed approach
WBAN is the essential part of any healthcare network. We want that any node joins the network securely and it is not dangerous for the network. Therefore, the basic idea behind proposed method is that any new node joins a WBAN with the help of any access point. The access point forwarded the join request of new node to head node/ local server. The head node generates a new ID for newly join sensor node which can securely communicates in WBAN. Figure 5 shows the schematic diagram of the proposed approach.

Specification
When any new node joins WBAN then our approach produces a secure node ID for newly joining node (NS) with the help of a access point node (NAP) and head node/local server (NH). The approach mainly works in three phases; initial phase, joining request phase and the endorsement phase. Table 2 explain the symbol used in our scheme.

Initialization phase
Assume that there is a group (GP) of large prime number of order P where G is a primitive element of GP. The parameters G and GP are available for all the nodes in the network. When any NAP and NH which already exist in the WBAN, then both NAP and NH select PRAP and PRH as their private key respectively which belongs to GP. The public keys of AP and NH are calculated as follows: PUAP = PRAP . G and PUH = PRH . G

Request phase
A new joining node NS which wants to join the cluster, it must have the public parameters and the ID of at least one known node. The public parameters should be known by installing the overlay code.
Here the new node selects a random number PRS which is the private key. And the public key of new node NS is calculated as: PUS = PRS . G Then, NS request by following steps.
Step 1 NS request to NAP for joining the cluster by sending their public key and unique ID by encrypting public key of known node.

PUAP {IPS|| PUS}
Step 2 The access point node NAP receives the joining node request from NS. After extracting IPS and PUS, the NAP calculates α = PRAP . PUS then NAP sends the following message to head node NH. The message is encrypted with the public key of NH . PUH{IPS||PUS|| α }

Figure 5. Schematic diagram of our prposed approach
Step 3 The NH receives the message from NAP for joining of node NS. After, extracting the content of the message, NH computes the following:

Step 4
The node NK verifies the IDS by using private key and compute following. γ1 = (PRAP . β2) and γ2 = PRH . PRAP . G After that, known node NAP calculates the following I = H(IPS || PUS|| γ1) After that NAP verifies I=IDS If the verification is successful, then Nk sends (IDS ||TN || γ2) the following message to node NS.

Endorsement phase
The NS receive the message from NAP the NS calculates the following Ө= (PUnew . γ2) and I'=H(IPS || PUS || Ө) After that it checks I' = IDS then It checks the token TN to use it for further communication inside the network.

Result and Analysis
This segment represent the theoretical and analytical analysis to evaluate performance of proposed secure new node joining scheme. The design requirement analysis, computation complexity analysis, storage overhead analysis, and communication overhead analysis also present.

Design requirement analysis
There are mainly two types of attacks that an adversary node can perform, e.g., active and passive attacks. In passive attack, an adversary analyzes the traffic by overhearing and get some information about the key without any physical access to the node. However, in active attack, an adversary Head node/ Local server (NH) obtains some information of key that leaked through the physical access of a node. The proposed scheme can provide defense against node various attacks.

Security against eavesdropping attack
The adversary can get messages from transmitted medium. It means that the adversary can get the content of transmitted information which are transferred from sensor node to access node and access node to the sensor node. These messages are following. NK to NB : PUb{IPnew||PUnew|| α } And NB returns the signed token to NK which is signed by private key of Nb. TN = Sign (PRB){ IPnew , IDnew , PUnew, IDk, IDb, Ts } First of all, in both cases all messages are encrypted with public key of receiving node. The public key of node is calculated from large prime number. Secondly, the adversary not able to get parameters α, β and γ and IDnew because it is encrypted with strong public keys.

Sensor node anonymity
The generated ID of newly join sensor node never transmitted directly to sensor by access node. It has always wrapped by public key of sensor node. An adversary will not get the ID by eavesdropping attack. And the parameters such as TN, α, β and γ are refreshed each time. These variables are also random and not guessable by any adversaries. The generated ID is hashed with the strong hash function. So, it is not possible to get ID of the new node. And guaranteed for sensor node anonymity.

Impersonation attack
It is assume that any adversary obtain the information IDnew = H(IPnew||PUnew|| β1) by capturing the message then it also not get the ID of new node. Each message is encrypted with one way hash function therefore, adversary hijack the message but not get the useful information. Also, the token (TN) is produced and confirmed by the base node.

Traceability
Our proposed method tracks any node by all the parameters of the token TN. The TN which is defined as TN = Sign (PRB){ IPnew , IDnew , PUnew, IDk, IDb, Ts }. In the protocol specification steps, the verification of real identity which are collaborated by node ID and validity checks with the issuing time.

Unique
In our proposed approach, initially we have assigned temporary ID of each sensor which want to join the network.
With the help of access node, the permanent node ID assigned to sensor node. This ID is unique and not same as another node ID because every time the node ID is assign with the help of public key cryptography. Every ID is wrapped with its temporary ID and the token generated by access node. Each token can be verified by corresponding pair node. So, the generate ID is assumed to be unique.

Secure Joining
The access point node can generate hash value of public key of new node and permanent ID of new node with the help of strong hash function like SHA1.

Scalability
Our proposed approach is easily applied on any size of network. It will support either static or dynamic structure of sensor network.

Stability
Our proposed approach collaborates the cluster head and any previously existing node to offer stability. So, no other node can change the ID of node.

DoS attack
Our proposed scheme offers unique node ID assignment where every node gets their ID by using secure public key cryptographic approach. So, by this approach we protect body sensor from message injection in network.

Communication cost analysis
Below we analyze the efficiency, attack model, re-keying for a member leaving and safety of nodes of the proposed scheme.

Energy utilization analysis
The energy constrained sensor nodes consume more energy during transmission of data packet rather than node process or generating data packets. This work analyses consumption of energy during joining of new node in the network. The energy consumption mainly calculated with the number of packets transferred and received among nodes. In our proposed approach, the total energy consumed during previous approach. Our proposed scheme can aggregate of energy consumed by single node, cluster head node and known node. E`Total = EN + ECH + EK So, no need to new node communication with the base station. So, our approach takes lesser energy than previous approach.

Communication cost analysis
The computation cost analysis mainly focuses on cryptographic operations such as scalar point multiplication, hash operations, key generation, addition and inverse operation performed by our approach and various other cryptographic approach. The computations complexity of hash function is lesser than the public and private key calculation time which means that TPU > TH and TPR > TH. The computation time of TH takes linear and at worst case it takes quadratic time. Computation cost TSN, when any sensor node wants to join the WBAN with the help of access node. TSN = TPR+TPU Computation cost TKN, when any sensor node request to known node. TKN = 3 Tadd + 4 Tmul + Tinv + TPR + TPU +TH Computation cost TBN, at base node level. TBN = 6 Tadd + 6 Tmul + Tinv + TPR + TPU +TH For a 32-bit Cortex-M3 microcontroller with 72 MHz, SHA-1 hash function takes 0.06 ms. During the request of ID for newly join node with the help of known node and communications with base node it will take TKN = 37.479ms and TBN =75.54 ms. The following Table 3 shows the result analysis our proposed approach.

Conclusion and future direction
The acceptance of internet integrated wearable medical devices is trending in the field of healthcare. WBAN can monitor real-time data collected from patient and provide immediate prescription from medical service providers. It also reduces burden from the medical service providers. Due to the wireless and broadcast nature of communication in healthcare services, it is always vulnerable to privacy breach, eavesdropping, DoS, malicious data injection, node compromised, and many attacks made by adversary. For securing the healthcare networks, we proposed a public key cryptography based new node joining approach to provide unique node ID for newly join node.