Efficient Key Agreement and Nodes Authentication Scheme for Body Sensor Networks

Technological evolvement of Wireless Sensor Networks (WSNs) gave birth to an attractive research area for health monitoring called Body Sensor Network (BSN). In BSN tiny sensor nodes sense physiological data of patients under medical health care and transmit this data to Base Station (BS) and then forward to Medical Server (MS). BSN is exposed to security threats due to vulnerable wireless channel. Protection of human physiological data against adversaries is a major addressable issue while keeping constrained resources of BSN under consideration. Our proposed scheme consists of three stages. In first stage deployment of initial secret key by the ward Medical Officer (MO), in second stage secure key exchange and node authentication, in third stage secure data communication are performed. We have compared our proposed scheme with three existing schemes. Our scheme is efficient in computation cost, communication overhead and storage as compared to existing schemes while providing enough security against the adversaries. Keywords—Body sensor network; hash function; node authentication; key agreement; session key


I. INTRODUCTION
The WSN applications in various fields like natural disasters, habitat monitoring, battle field, and other emergency services got the attention of the researchers [1], and WSN evolved to BSN for medical applications. In 1996 T.G. Zimmerman proposed the idea of Wireless Body Sensor Networks (WBSNs) for the first time. These networks were initially called Wireless Personal Area Network (WPANs). A typical sensor node's hardware consist on processor and memory, wireless communication stack, analog to digital converter and sensing [2]. BSN network comprised of low power, low processing, small size, light weight body sensors deployed on patient body which constantly monitor Electroencephalogram (EEG), respiratory rate, heart rate, Blood Pressure (BP) through by sensing then forward the real time sensed patient data to BS outside the body for onward transmitting to MS. After receiving patient data by MS, the ward physician gives feedback for the patient health care [3].The bandwidth for transmission in BSN is 10Kbps to 10Mbps [2]. BSN being challenging area of research have a number of research directions such as its security, energy, memory and data management. We accept the challenge of secure and authentic transmission of patient physiological data to the legal user (MO) of the network while keeping adversary attacks and overall efficiency of BSN. For secure communication between communicating parties it is essential to confidentially share secret keys. Our proposed scheme addresses the efficient key management and authentication to encounter the possible attacks on the system and reduce the human life risk. The three stages scheme is proposed where in first stage the ward MO deploy initial master secret keys in BSN equipments and stores the IDs of all sensor nodes in BS for further establishing secure link, in second stage legal nodes are authenticated and secure keys are established for the transmission of the next stage data, in third stage secure transmission of physiological data is performed. We compare the efficiency of our scheme with existing schemes and obtained results show that our proposed scheme is efficient in communication overhead, computation cost and storage requirement while provide protection against the attackers.
The rest of the paper is organized in sections. In Section II "Related Work" the background and related security schemes are critically discussed. In Section III "Network Model", Section IV "Radio Model", Section V "Attack Model", Section VI "Proposed Protocol", Section VII "Security Analysis", Section VIII "Performance Analysis" and Section IX "Conclusion" are elaborated.

II. RELATED WORK
In scheme [4], [5] the proposed protocols sensor association and key management have considered while in [4] public key based authentication is used for the secure association of sensor nodes with the controller, however sensor with patient authentication is not considered that leads to security lapse and an illegal node may join the network and pick the patient data. Association between sensor nodes and controller is tedious and high in computation cost. In [5] group keys establishment and authentication is performed by group device pairing where for obtaining group keys each sensor has [7] is that each received packet on each node is decrypted and hash function is applied which clearly increase computational cost and can't suitable for BSN environment. Scheme [1] is suitable for WSN but bulky for BSN as RSA public cryptosystem is used. In scheme [8], a hybrid approach is used where RSA is used for key agreement and symmetric cipher for session data transmission. As RSA is a public cryptosystem using 1024 bit key which is infeasible for the resource constrained sensor nodes and has high computation cost similarly it lacks node authentication. In [9] ECC is used for Key agreement instead of RSA which somehow reduced computation cost and memory requirement as ECC use 160 bits key but still costly due to hybrid (asymmetric and symmetric) approach and no mechanism for node authentication. Scheme [10] uses biometric technique for key agreement using electrocardiogram. The generated session key is used for secure transmission of patient data between sensors and base station.
The keys generated through electrocardiogram are long and random. Identical ECG signals generate non linkable keys. Although this scheme provides security but obtaining two signals from accurate similar random biological signals is hard [11]. In scheme [12] asymmetric cryptosystem is used for key establishment and rekeying by utilizing DHECC and RSA. Specific routing algorithm is used for efficiency purposes. However, this scheme has unavoidable problems of high computation cost and storage requirement due to PKC, RSA and DHECC and inconvenient for tiny sensor nodes of BSN. Scheme [13] uses smart card and password based user authentication for patients' health care with two stages of registration and login and authentication. Before to access BSN each user has to be registered with the gateway first and then the gateway issue smart card to the system user which is used for accessing patient data. Smart card contains login information to network. After authentication a session for information communication is generated between communicating parties. This technique suffers from security flaws. In scheme [14] a preloaded secret key is shared amongst all node of the network. Then another secret session key for a specific session is generated by the cryptographic protocol. This scheme can be used for a large dynamic nature network. In proposed scheme [15] asymmetric mechanism is applied for sharing secret key amongst nodes. Then that key is used for the session data transmission securely using symmetric cryptosystem. This seems to be hybrid scheme where public key infrastructure is used for key establishment and symmetric for secure communication. This scheme is expensive in computational cost while using asymmetric technique for key establishment. Scheme [16] introduced a WBANs security suite; IAMKeys technique for WBAN key management and KEMESIS for inter-sensors transmission, random keys generation and ensuring security by eliminating exchange of keys between body sensors. Inter sensor communication over burden network overhead. To avoid inter sensors communication over all network overhead can be reduced. In scheme [17] AES based encryption which is supported by CC2420 where all nodes involved in communication receive share secret key through by a specific server. MAC, CCM and CBC are used for encryption and authentication. This is a platform dependency scheme. In scheme [18] generation of 128 bits key is performed using IPI and time difference is calculated by the peaks of the ECG/PPG. Hamming distance error correction scheme is used. The limitation of the scheme is that by a minute difference in calculating IPI at sensor error correction code should be applied for balancing keys. Calculating of IPI values require enough time which slows down the BSN. In scheme [19] SCK and ECC is used for authentication using pair of keys. Sensor nodes are loaded with confidential data through KDC for this identity of each sensor. Various parameters of EEC are used for association of every patient in BSN. Association patients and sensors is very difficult so the scheme is impractical for large hospitals with hundreds of patients. In scheme [20] pair of keys is established using ECC amongst sensors and BS. Patients of BSN are authenticated using biometric device attached to every sensor node. Attachment of biometric device leads to more energy consumption and memory requirement of the sensor. In scheme [21], a three tier architecture is presented for health care application i.e. patients authentication through by biometric, ECC for key agreement and symmetric encryption for confidential session data transmission with integrity. Each sensor is connected with a small scanner for finger print for ID of patients. This is a secure scheme but expensive with respect to computation cost and energy overhead.

III. NETWORK MODEL
The network model comprises of low power sensors, base station and medical server. Low power biosensor nodes are deployed on patient body for sensing vital signs data. This data is forwarded to a device called BS or Access Point (AP) which acts as a controller. All BSN sensors access the base station directly to avoid inter sensor communication and reduce the BSN traffic. Base station is resourceful equipment with no limits of storage, processing and energy. BS forward health status received from sensing sensors to medical server. MS stores health status record which is received by the ward physician for speedy treatment. For interoperability Zigbee/802.15.6 standards are preferred to be used and all nodes are accessible at maximum up to two hopes. Fig. 1 represents the architecture of BSNs. We would prefer to use first order radio model for the estimation of energy consumption by transmitting patient data wirelessly in BSN. The basic parameters of the model are for energy transmission, packet length and transmission distance. Equation (1) for data transmission [22]: Where ( ) is the ratio of consumed power by a sensor node in data transmission, power consumed is directly proportional to the packet length and distance. Power consumption depends upon the communication distance, long distance more energy consumption and short distance less energy consumption. (2) is used to measure the consumed energy on patient data receiving where ( ) Energy required for receiving data by a sensor node, is packet length and Energy consumption per bit as: The distance in our scheme < so we use free space model = =10 pJ/bit/ is the free space model amplifier energy factor.

V. ATTACK MODEL
It is assumed that the BSN equipment are in reach of the attacker and may launch attacks like replay, eavesdropping, masquerading etc. BSN communicate patient physiological data which are the top personal secrets of the patient and should be protected from illegal use to safe the human life risk. For this purpose a cost effective and secure technique should be developed to tackle these issues. Preloading of initial secrets keys by the ward physician has to be done securely. Legal and illegal nodes should be differentiated through nodes authentication to protect the network from unauthorized access of patents personal diseases information and avoid masquerading attack. Secure exchange of secret keys for the session data communication is the requirement of our proposed scheme. As asymmetric cryptosystem is costly so we would prefer to use symmetric cryptosystem for the confidential communication of the patient data and avoid eavesdropping, chosen cipher and plain text attacks.

VI. PROPOSED SCHEME
Our proposed scheme comprised on three stages, deployment stage, node authentication stage and secure data communication stage. The notations used throughout this paper are listed in Table 1.

A. Deployment Stage
Deployment stage is the first stage in which initially required information are loaded to BSN devices. The corresponding ward MO generates a master secret key and deploys that key on MS, BS and sensor nodes.

B. Node Authentication Stage
Node authentication is important in a situation where two or more biosensor nodes want to authenticate each other's identity or BS want to authenticate the identity of a legal node in a data communication networks. In this stage, biosensor nodes send encrypted data to BS for authentication. BS decrypts the received data and authenticates biosensor nodes . If authentication granted node will start secure communication using session key otherwise node is black listed and isolated from the network. Authentication is required to ensure that only authorized nodes can join the network. Each sensor node has a default Pseudo Random Number Generator (PRNG) which generates a random number R called session key and then generate . Sensor node concatenate , session key , its own unique ID and encrypt on pre loaded master secret key then transmit to BS. At other end BS decrypt the received information by master secret key compare the received sensor node ID with its pre stored ID if matched, node is legal and authentication is granted and otherwise the node is from intruder and black listed. After a node is authenticated BS increment the received by 1 then encrypt it using session key and sends to corresponding sensor node which decrypt the received message by its own . Moreover, BS encrypts the session keys of authenticated nodes using and forward to MS and MO for onward secure communication. The overall scenario of proposed scheme is presented in Fig. 2.

MS MO
PRNG pre install on sensor: Generate random number (R) called pre session key 184 | P a g e www.ijacsa.thesai.org

C. Secure Data Communication Stage
Secure communication of the sensed physiological data of vital signs is performed inside the ward of a hospital so the range of BSN in our proposed scheme is limited to a ward. Sensor nodes deployed on patients are directly connected with BS and the sensed patient data is forwarded to MS for quick response of the physician. Each node has its own Session key and all these keys are also stored on BS and MS as in stage 2 which are further used for secure communication as when a message patient vital signs data packet is required to be sent to MO by a sensor node. This data packet will be encrypted by the session key of that node and will be transmitted to medical server through BS. Similarly the integrity of patient data is gained by hash collision resistive Message Digest (MD5) as hash of patient data (patient data) is taken and hash value is obtained then to obtain secure patient data and is encrypted by session key and is transmitted to MS through BS. Now MS decrypt the received by , and patient data is obtained if ( hash taken of received patient data by MS) is compared with if found same then the received message is original and not changed otherwise changed by the attacker. Security is depending upon two major parts. One as data security and the second is data privacy. In data security we study how data can be securely transmitted and stored and the second part only authorized users can access the patient personal information. In below Fig. 3 is represented the flow chart of secure data communication.

VII. SECURITY ANALYSIS
The analysis to validate security features of our proposed scheme is represented here. Our proposed scheme provides the essentials security requirements of authentication, confidentiality and integrity.

A. Node Authentication
Upon receiving the request from a node for becoming the part of the network BS compare the ID of that sensor node with its pre installed IDs, if both of the IDs i.e. the received ID and the pre-stored ID are matched then that sensor node is authenticated otherwise rejected and thrown out from network by black listing that ID.

B. Data Confidentiality
In our proposed scheme, Master secret key is used for confidentially and sharing the session key ( ). Session key is used to make sure vital signs data transmission of patients between sensor nodes with base station and medical server. Confidentiality of patient is maintained through DES cipher which encrypt the sensed session data before to be communicated to the BS and MS so that to protect this personal data from the illegal reading .MS forward it to MO for quick health care.

C. Patient Data Integrity
Data integrity is that feature of our scheme which obstructs the alteration of the patient precious personal data from illegal use for any bad intention. Integrity in our scheme is achieved using hash collision resistive Message Digest (MD5) in such a way that the received hash is compared with computed hash ( ) is similar then data is safe and not changed otherwise incorrect data is received.

D. Scalability
Scalability is the property of our proposed scheme as whenever a sensor node is required to be added to the network or a sensor is to be removed from the network or a sensor is needed to be changed due to low battery power or any other fault by any of these activities the normal functionality of the network is not affected. www.ijacsa.thesai.org VIII. PERFORMANCE ANALYSIS Performance analysis of our proposed scheme and two existing schemes with respect to computational cost, communication overhead, storage and energy consumption in term of efficiency is given below.

A. Computational cost
No expensive and major operations like ECPM and M-Exp are involved in our proposed scheme. In designed scheme [12], four ECPM and two M-Exp operations and in scheme [8] two M-Exp are used. Graph in Fig. 4 shows that our scheme is efficient in computation cost as compare to [12], as compare to [8] and as compare to [23]. In our scheme we implement the experiment done in [24] on MICA2 sensor that is operational with low power ATmega128 8-bit micro-controller at 7.3728 MHz, 128 KB nonvolatile memory ( ROM) and 4 KB volatile memory ( RAM). One major operation ECPM uses 0.81s using 160 bits elliptic curve [25] and RSA 1024 bits M-Exp takes 22 seconds [26]. DES encryption and decryption execution time [27] is same which 4.543859 seconds. We calculate the computation cost of our scheme in comparison with the [8], [12] on the basis of the results of [23], [24], [26]- [28].
According to scheme [28] the 3rd generation MICA2 needs 2.66s for pairing computation. The computational time of our proposed scheme is negligible as compared with others existing schemes [8], [12] because we used symmetric algorithm for encryption and decryption as well as our scheme is more suitable for resource constraint environment of BSN. One ECPM operation consumes 19.1Mj and one pairing computation operation consumes 62.73mJ energy [24], [28]. Our scheme have no major operation so energy consumption as compared to others existing schemes is negligible.

B. Communication Overhead
The proposed scheme communication overhead as compared with other existing schemes [8], [12], [23] and the computed values are shown in Tables 3, 4 and 5 and then design graph according to these computed values which are shown in Fig. 5.

C. Memory Requirement for Key Storage
The proposed scheme memory for key storage as compared with other existing schemes [8], [12], [23] and the computed values are shown in Tables 6, 7 and 8 and then design graph according to these computed values which is shown in Fig. 6.
The NIST standard key size for algorithms AES, DES, RSA, ECC is given in Table 2. Fig. 6 represent analysis of memory requirement our proposed scheme with schemes [8], [12], [23]. Our proposed scheme reduces 75% as compare to scheme [8], 80% memory requirements as compare to scheme [12] and 28.57 than [23].

D. Key Agreement and Authentication Delay
The delay in authentication and key agreement of the proposed scheme in comparison with existing schemes [8], [12], [23] is shown in graph Fig. 7 where the delay of our proposed scheme is very less and negligible.

E. Energy Consumption for Authentication and key Agreement
The communication distance of our proposed scheme is less than 100 meters as per the standard size of the ward as the distance in our scheme d < so we use free space model www.ijacsa.thesai.org = =10 pJ/bit/ where is the amplifier energy factor of the free space model. Graph in Fig. 8 shows that our scheme is quite better than the existing schemes [8], [12], [23].

IX. CONCLUSION
In this paper, an efficient key agreement and nodes authentication scheme is presented which is compared with other solutions to prove the efficiency of our proposed scheme. Our proposed three stages solution not only protects patient data from unauthorized elements but also overcome the weaknesses of the existing schemes and thus proves its suitability for the resource constrained environment of BSNs. The comparison of the existing three schemes and our scheme has shown that our scheme leads in efficiency as 90.