BAN-GZKP: Optimal Zero Knowledge Proof based Scheme for Wireless Body Area Networks

BANZKP is the best to date Zero Knowledge Proof (ZKP) based secure lightweight and energy efficient authentication scheme designed for Wireless Area Network (WBAN). It is vulnerable to several security attacks such as the replay attack, Distributed Denial-of-Service (DDoS) attacks at sink and redundancy information crack. However, BANZKP needs an end-to-end authentication which is not compliant with the human body postural mobility. We propose a new scheme BAN-GZKP. Our scheme improves both the security and postural mobility resilience of BANZKP. Moreover, BAN-GZKP uses only a three-phase authentication which is optimal in the class of ZKP protocols. To fix the security vulnerabilities of BANZKP, BAN-GZKP uses a novel random key allocation and a Hop-by-Hop authentication definition. We further prove the reliability of our scheme to various attacks including those to which BANZKP is vulnerable. Furthermore, via extensive simulations we prove that our scheme, BAN-GZKP, outperforms BANZKP in terms of reliability to human body postural mobility for various network parameters (end-to-end delay, number of packets exchanged in the network, number of transmissions). We compared both schemes using representative convergecast strategies with various transmission rates and human postural mobility. Finally, it is important to mention that BAN-GZKP has no additional cost compared to BANZKP in terms memory, computational complexity or energy consumption

REISCH: incorporating lightweight and reliable algorithms into healthcare applications of WSNs

Healthcare institutions require advanced technology to collect patients' data accurately and continuously. The tradition technologies still suffer from two problems: performance and security efficiency. The existing research has serious drawbacks when using public-key mechanisms such as digital signature algorithms. In this paper, we propose Reliable and Efficient Integrity Scheme for Data Collection in HWSN (REISCH) to alleviate these problems by using secure and lightweight signature algorithms. The results of the performance analysis indicate that our scheme provides high efficiency in data integration between sensors and server (saves more than 24% of alive sensors compared to traditional algorithms). Additionally, we use Automated Validation of Internet Security Protocols and Applications (AVISPA) to validate the security procedures in our scheme. Security analysis results confirm that REISCH is safe against some well-known attacks

Securing the Internet of Things Infrastructure - Standards and Techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

A Study of IEEE 802.15.4 Security Framework for Wireless Body Area Network

A Wireless Body Area Network (WBAN) is a collection of low-power and lightweight wireless sensor nodes that are used to monitor the human body functions and the surrounding environment. It supports a number of innovative and interesting applications, including ubiquitous healthcare and Consumer Electronics (CE) applications. Since WBAN nodes are used to collect sensitive (life-critical) information and may operate in hostile environments, they require strict security mechanisms to prevent malicious interaction with the system. In this paper, we first highlight major security requirements and Denial of Service (DoS) attacks in WBAN at Physical, Medium Access Control (MAC), Network, and Transport layers. Then we discuss the IEEE 802.15.4 security framework and identify the security vulnerabilities and major attacks in the context of WBAN. Different types of attacks on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the superframe are analyzed and discussed. It is observed that a smart attacker can successfully corrupt an increasing number of GTS slots in the CFP period and can considerably affect the Quality of Service (QoS) in WBAN (since most of the data is carried in CFP period). As we increase the number of smart attackers the corrupted GTS slots are eventually increased, which prevents the legitimate nodes to utilize the bandwidth efficiently. This means that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not totally secure for certain WBAN applications. New solutions are required to integrate high level security in WBAN.Comment: 14 pages, 7 figures, 2 table

An efficient MAC-based scheme against pollution attacks in XOR network coding-enabled WBANs for remote patient monitoring systems

Wireless Body Area Networks (WBANs) play a pivotal role to remote patient monitoring which is one of the main applications of m-Health. However, WBANs comprise a subset of Wireless Sensor Networks (WSNs), and thus, they inherit the limitations of WSNs in terms of communication bandwidth, reliability and power consumption that should be addressed so that WBANs can reach their full potential. Towards this direction, XOR Network Coding (NC) is a promising solution for WBANs. Nevertheless, XOR NC is vulnerable to pollution attacks, where adversaries (i.e., compromised intermediate nodes) inject into the network corrupted packets that prevent the destination nodes from decoding correctly. This has as a result not only network resource waste but also energy waste at the intermediate nodes. In this sense, pollution attacks comprise a serious threat against WBANs (i.e., resource-constrained wireless networks), that should be addressed so that WBANs can reap the benefits of XOR NC. Therefore, in this paper, we propose an efficient Message Authentication Code (MAC)-based scheme providing resistance against pollution attacks in XOR NC-enabled WBANs for remote patient monitoring systems. Our proposed scheme makes use of a number of MACs which are appended to the end of each native packet. Our results show that the proposed MAC-based scheme is more efficient compared to other competitive schemes for securing XOR NC against pollution attacks in resource-constrained wireless networks, in terms of communication bandwidth and computational complexity

KALwEN: a new practical and interoperable key management scheme for body sensor networks

Key management is the pillar of a security architecture. Body sensor networks (BSNs) pose several challenges–some inherited from wireless sensor networks (WSNs), some unique to themselves–that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new parameterized key management scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports secure global broadcast, local broadcast, and local (neighbor-to-neighbor) unicast, while preserving past key secrecy and future key secrecy (FKS). The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case. With both formal verification and experimental evaluation, our results should appeal to theorists and practitioners alike