Towards Security in Wireless Body Area Networks (WBANs)
The emerging Wireless Body Area Networks (WBANs) have great potential to revolutionize the future of ubiquitous health technologies. They provide unprecedented opportunities to monitor the patient's health status with real-time updates to the physician. Since WBAN devices are used to collect sensitive (life-critical) information and may operate in hostile environments, they require strict security mechanisms to prevent the malicious interaction with the system. However, unlike Wireless Sensor Network (WSN) devices, these devices are limited in terms of power efficiency and communication, and therefore pose numerous security challenges than traditional WSNs. In this paper, we first highlight major security requirements and Denial of Service (DoS) attacks in a WBAN. Then we discuss different security modes (originally proposed for IEEE 802.15.4) for a WBAN that include AES-CTR, AES-CBC-MAC, and AES-CCM modes.
Keyword: WBAN, security, DoS, threats, AES-CTR, AES-CBC-MAC, AES-CCM
Wireless body area networks (WBANs) are becoming increasingly important for healthcare systems, sporting activities, and members of emergency as well as military services. They consist of implants and wearable sensors that offer unprecedented opportunities to monitor state of health during normal daily activities for prolonged periods of time. They can be used to develop a smart and affordable health care system and can be a part of diagnostics procedure, maintenance of chronic condition, and supervised recovery from a surgical procedure. The communication in a
WBAN is classified into Off-body, On-body, and In-body communication. Off-body communication is the communication from the base station to the transceiver on a human side. On-body communication is the communication within on-body networks. In-body communication is the communication between invasive or implantable devices and external monitoring equipment. WBANs use Wireless Medical Telemetry Services (WMTS), unlicensed Industrial, Scientific, and Medical (ISM), Ultra-wideband (UWB), and Medical Implant Communications Service (MICS) bands for data transmission. WMTS is a licensed band used for medical telemetry system. Federal Communication Commission (FCC) urges the use of WMTS for medical applications due to fewer interfering sources. However, only authorized users such as physicians and trained technicians are eligible to use this band. Furthermore, the restricted WMTS (14 MHz) bandwidth cannot support video and voice transmissions. The alternative spectrum for medical applications is to use 2.4 GHz ISM band that includes guard bands to protect adjacent channel interference. A licensed MICS band (402-405 MHz) is dedicated to the implant communication. WBANs have enabled new classes of medical and non-medical applications that include smart healthcare services, wearable technology to monitor vital signs, smart nursing homes, emergency communication and patient's data maintenance.
The deployment of WBANs for medical and non-medical applications must satisfy the stringent security and privacy requirements. These requirements are based on different applications ranging from medical (heart monitoring) to non-medical (listening to MP4) applications. In case of medical applications, the security threats may lead a patient to a dangerous condition, and sometimes to a death. Thus, a strict and scalable security mechanism is required to prevent malicious interaction with a WBAN. A secure WBAN should include confidentiality and privacy,
integrity and authentication, key establishment and trust set-up, secure group management and data aggregation. However, the integration of a high-level security mechanism in a low-power and resource-constrained sensor increases the computational, communication and management costs. In a WBAN, both security and system performance are equally important, and thus, designing a low-power and secure WBAN system is a fundamental challenge to the designers.
The rest of the paper is organized into five sections. Section 2 presents a WBAN architecture. Section 3 and 4 present the WBAN security requirements and possible attacks. Section 5 discusses different solutions for a WBAN. The final section concludes our work.
2. WBAN Architecture
Figure 1 shows a secure 3-level WBAN architecture for medical and non-medical applications. Level 1 contains in-body and on-body BAN Nodes (BNs) such as Electrocardiogram (ECG) - used to monitor electrical activity of heart, Oxygen saturation sensor (SpO2) - used to measure the level of oxygen, and Electromyography (EMG) - used to monitor muscle activity. Level 2 contains a BAN Network Coordinator (BNC) that gathers patient's vital information from the BNs and communicates with the base-station. Level 3 contains a number of remote base-stations that keep patient's medical/non-medical records and provides relevant (diagnostic) recommendations. The traffic is categorized into on-demand, emergency, and normal traffic. On-demand traffic is initiated by the BNC to acquire certain information. Emergency traffic is initiated by the BNs when they exceed a predefined threshold. Normal traffic is the data traffic in a normal condition with no time critical and on-demand events. The normal data is collected and processed by the BNC. The BNC contains a wakeup circuit, a main radio, and a security circuit, all of them connected to a data interface. The wakeup circuit is used to accommodate on-demand and emergency traffic. The security circuit is used to prevent malicious interaction with a WBAN.
3. WBAN Security requirements
It is essential to understand the security requirements in a WBAN before integrating appropriate security mechanisms. By knowing the nature of the applications, we can develop a comprehensive and strong security technique to protect the system from possible security threats. In the following sections, we analyze fundamental security requirements in a WBAN.
3.1 Data Confidentiality
Data confidentiality is required to protect data from a disclosure. In medical applications, the BNs send sensitive information about the patient's health status. An adversary can eavesdrop on the communication, and can overhear the critical information. This eavesdropping may cause severe damage to the patient since the adversary can use the acquired data for many illegal purposes. The confidentiality is achieved by encrypting the patient's data with a secret key that is shared on a secure communication channel between the BN and the BNC.
3.2 Data Authentication
Data authentication is necessary for both medical and non-medical applications. It is essential for each BN and BNC to verify that the data was sent by the trusted sensor and not by an adversary that tricked the BN or the BNC into accepting false data. In a WBAN, data authentication can be achieved by using symmetric techniques. The BN and BNC share a secret key that is used to compute a Message Authentication Code (MAC) of all data. When data arrives with correct MAC, the BNC knows that it has been sent by the trusted BNs.
3.3 Data Integrity
The patient's information could be altered by an adversary when transmitted over an insecure WBAN. Lack of data integrity allows the adversary to modify the patient's information before it reaches to the BNC. This is very dangerous in case of life-critical events. Proper data integrity mechanisms at the BN and the BNC ensure that the received data is not altered by an adversary. This can be achieved through data authentication protocols.
3.4 Data Freshness
Guaranteeing data confidentiality and integrity is not always enough unless supported by data freshness techniques. The adversary may capture data in a transit and replay them later to confuse the BNC. Data freshness ensures that the data is fresh, i.e., the data frames are in order and are not reused. There are two types of data freshness: weak freshness, which guarantees partial data frames ordering but does not guarantee delay, and strong freshness, which guarantees data frames ordering as well as delay. Weak freshness is required by low-duty cycle BNs such as Blood Pressure (BP), while strong freshness is required during synchronization, e.g., when a beacon is transmitted by the BNC.
3.5 Secure Management
Secure management is required at the BNC since it provides key distribution to the BNs in order to allow encryption and decryption operation. In case of association and disassociation, the BNC adds and removes the BNs in a secure manner.
Availability ensures that the patient's information is always available to the physician. The adversary may target the availability of a WBAN by capturing or disabling an ECG node, which may result in loss of life. Thus, it is required to maintain the operation of the BNs and switch the operation to another BN in case of loss of availability.
4. WBAN Security Threats
Denial of Service (DoS) attacks affect the capacity and the performance of a WBAN. The following sections present DoS vulnerabilities to the physical, data link, network, and transport layers of the Open System Interconnection (OSI) protocol stack and are summarized in Table 1.
4.1 Physical Layer Attacks
The most common attacks on the physical layer are jamming and tampering. Jamming refers to interference with the radio frequencies of the BNs. The adversary can use few nodes to block the entire network. This method cannot block larger networks. Since the WBAN is a small network, there are high chances of network blocking. Sometimes the BNs are physically tampered by an adversary. Such condition is called tampering. A tampering attacker may damage, replace, and electronically interrogate the BNs to acquire patient's information. However, the BNs in a WBAN are always in close proximity to the human body, and hence reduce the chances of physical tempering.
4.2 Data Link Layer Attacks
These kinds of attacks are categorized into collision, unfairness, and exhaustion attacks. Collision refers to the link-layer jamming where an adversary corrupts the frame header such that a checksum mismatch occurs. This discards the data frame at the receiving side. Unfairness degrades the network performance by interrupting the Medium Access Control (MAC) priority schemes. Exhaustion of battery resources may occur when a self-sacrificing node always keeps the channel busy.
4.3 Network Layer Attacks
The BNs are not used to forward the routing packets to remote BNs (another WBAN) since they are connected to the BNC in a star topology. Routing is possible when multiple WBANs communicate with each other through the BNCs. The most common routing attacks are spoofing, where an adversary complicates the network by creating routing loops, selective forwarding, where an adversary includes a node in a data flow path in order to stop packet forwarding, and hello flood attacks, where a node with a high powered antenna convinces the BNs that it is in their neighbor. Other attacks include sinkhole, Sybil, worm holes, and hello flood attacks, and are discussed in .
4.4 Transport Layer Attacks
The main threats to the transport layer are flooding and desynchronisation attacks. Flooding is used to exhaust memory resources by sending control information repeatedly. In desynchronisation, the adversary forges messages between BNs, which leads the WBAN to an infinite cycle.
5. WBAN Security Solutions
There are many security schemes proposed for a traditional Wireless Sensor Network (WSN) but few of them can be embedded in a WBAN. For example, Security Protocols for Sensor Networks (SPINS) provide data confidentiality, two-party authentication and data freshness , which can be implemented in BNs with low-power computation. Table 2 lists possible solutions (originally proposed for WSN in ) to the security threats discussed in the previous section.
Generally, the application layer is used to explicitly enable the security by adjusting certain control parameters. For example, in IEEE 802.15.4 the application has a choice of security modes that control the different security levels . Each security mode has different security properties, protection levels, and frame formats. The IEEE 802.15.4-based security modes can be improved for a WBAN according to the application requirements. Table 3 lists different security modes defined in the IEEE 802.15.4 standard, broadly classified into no security, encryption only (AES-CTR), authentication only (AES-CBC-MAC), and encryption and authentication (AES-CCM) modes.
The security depends on the size of the MAC frame that can be 32, 64, or 128 bits long. In case of a WBAN, the MAC frame size varies from few bytes (implant) to hundreds of bytes (wearable), depends on the application. A longer MAC frame reduces the chances blind forging. For example, with a 128 bit MAC, an adversary has 2-128 chance of forging the MAC. The application layer selects a security mode using an Access Control List (ACL) that controls security and keying information. Figure 2 shows the ACL format defined in the IEEE 802.15.4. The destination address of an outgoing packet is matched with address field in the ACL entry. If there is a match, the security mode, key, and nonce1 specified in the ACL entry are used to process the packet.
The Counter (CTR) (also known as Integer Counter Mode) mode is used by the BNs to encrypt the data. It breaks the cleartext into 16-byte blocks and computes, where is the cipher text, is the data block, and is the encryption of the counter .The BNC recovers the plaintext by computing . Figure 3 shows the CTR encryption and decryption process.
A secure message authentication is also required in a WBAN. In a Cipher-block Chaining (CBC-MAC) mode, the plaintext is XORed with the previous cipher text until the final encryption is achieved. This mode provides authentication and message integrity by allowing the BNs to compute either a 32, 64, or 128 bits MAC. The BNC computes its own MAC and compares it with the BN's MAC. The BNC accepts the packet if both MACs are equal. The mathematical representation of the CBC-MAC is given by: for generating ciphertexts and for generating plaintexts. Figure 4 shows the block diagram of a CBC-MAC operation.
The Counter with CBC-MAC (CCM) mode combines the CTR and CBC modes in order ensure high-level security that includes both data integrity and encryption. The BNs first apply the integrity protection to the MAC frames using CBC-MAC mode and then encrypts the frames using CTR mode. This mode can be used to send or receive sensitive information such as updating programs in pacemakers and implantable cardiac defibrillators.
Generally, the addition of security protocols to a WBAN consumes extra energy due to overhead transmission required by the protocols, as given in Figure 5 . The best way is to use a stream cipher for encryption, where the size of the ciphertext is exactly the same as the plaintext. In this case, the MAC uses 16 bytes of 60 bytes data frame. Moreover, the Cyclic Redundancy Check (CRC) is not required since the MAC itself achieves data integrity. Y.law et.al concluded that the most energy efficient cipher is Rijndael . They examined the number of CPU cycles during key setup and encryption/decryption procedures. The summary of different ciphers is given in the appendix.
In this paper, we outlined major security requirements and DoS threats in a WBAN. These threats can lead a WBAN to serious security vulnerabilities and affect its performance at physical, data link, network, and transport layers. We further discussed different security modes, i.e., AES-CTR, AES-CBC-MAC, and AES-CCM, for a WBAN. The selection of each security mode is controlled at the application layer. For example, it selects AES-CCM mode when sending or receiving life-critical information. In addition, to reduce the extra overhead transmission required by the protocols, it is convenient to use a stream cipher for encryption because of the same size of the ciphertext and the plaintext.
We provided a comprehensive overview of existing security protocols for a WBAN. However, more efforts are required to introduce and implement new security levels that will satisfy the stringent security and privacy requirements of heterogeneous WBAN applications.
 A. D.Wood and J. A. Stankovic, "Denial of service in sensor networks," Computer, Vol. 35, No. 10, pp. 54-62, 2002.
 A. Perrig, R. Szewczyk, V. Wen, D. Culler, J. D. Tygar, SPINS: Security Protocols for Sensor Networks, ACM Guide to Computing Literature, Vol. 8, No 5, pp. 521-534, 2002.
 H. S. Ng, M. L. Sim and C. M. Tan, Security issues of wireless sensor networks in healthcare applications, BT Technology Journal, Vol 24, No.2,pp. 138-144, 2006
 IEEE Std.802.15.4: Wireless medium access control (MAC) and physical layer (PHY) specifications for low data rate wireless personal area networks (WPAN), 2006
 Y. Law, J. Doumen, and P. Hartel. Survey and benchmark of block ciphers for wireless sensor networks. Technical Report TR-CTIT-04-07, Centre for Telematics and Information Technology, University of Twente, The Netherlands, 2004.