Secure and efficient WBANs algorithm with authentication mechanism

Abstract

Due to the rapid growth in sensor technology and embedded technology, wireless body area network WBANs plays a vital role in monitoring the human body system and the surrounding environment. It supports many healthcare applications on the one hand and are very much help full in pandemic scenarios. It has become the most innovative health care area, which is intriguing to many researchers because of its vast future prospective and potential. Data collected by different wireless sensors or nodes is very personal, critical, and important because of human life involvement. WBANs can minimize human to human contact, which helps stop the spread of severe infectious diseases. The biggest concern is the maintenance of privacy and accuracy of data is still a hot area of research due to nature of attacks, which are changing day by day and increasing, as well as for the sake of better performance. A suitable security mechanism is a way to address above issues, for achieving data security, it is expedient to propose a mechanism. It is essential to update the patient’s regular data. WBANs help to deliver truthful reports related to the patient’s health regularly and individually. This paper proposes an algorithm that shows a better result than the existing algorithm in their previous works. This work is all about proposing a mechanism which needs comparatively less resource. Only authentic entities can interact with the server, which has become obligatory for both sides, keeping data safe. Several authentication schemes have been proposed or discussed by different researchers. This paper has proposed a Secure and Efficient WBANs Authentication Mechanism (SEAM). This security framework will take care of the authentication and the security of transmitted data.

Keywords

WBANs wearable sensors eHealth privacy & security threat WSN security

1 Introduction

WBANs are very useful and the latest technology to secure the patient’s data by storing them into the data sets, which have been received from wearable devices. WBAN can detect important signs and provide real-time data related to the user as well as medical personnel. This has become the most challenging field to monitor and update the data of human health, that too in real-time with the help of very tiny wearable sensors. These wireless sensors play an important role in the mundane life to estimate their regular health issues. It helps you to update the human’s health to get it monitored regularly. Wearable wireless sensors are using a lot in the medical field, such as Electrocardiogram (ECG) to monitor the heart health; a smartphone with many apps to detect the mundane task has been done for the day/week/month, PDA, smartwatches, and so on. Several resources help detect the human body’s health through the sensor nodes included in devices.

It is visible in Fig. 1 that how WBAN can be represented and could work in the human body. In this diagram, the three-tier of WBAN’s general architecture has been represented. It has shown the process of how data goes from a person to the machine. It helps to take input about the person’s health, and then it processes through the technology to the system to access the real-time data. The work has shown the reliable model of WBAN, which will be helpful to secure the data on a real-time basis so that they could save the crucial patient’s data from the intruders being attacked.

Fig. 1

General Three Tier Architecture of WBAN.

On the other hand, it is visible in Fig. 2 that shows wearable sensors’ placement in the physical body of human beings. The crucial data related to the patients and doctors during treatment is important to be in knowledge of doctors, patients, nurses, scientists, support staff, insurance companies, and researchers. Using the WBANs devices makes the user report real-time data so that it will be easiest and convenient to track the information related to the user on their real-time mobile location, making it easier and more convenient than ever for the users. Wireless system’s openness has become the most crucial concern to data prone related to the patient.

Fig. 2

Placements of wearable wireless sensors into the body.

Figure 3 has shown the vulnerability of WBAN; it is not safe because of the distance of sending and receiving data. Many intruders can attack the various sides of WBAN. The patient system to the doctor’s device carries crucial data, which is important to be secured. The number of architecture is there to secure the data, but still, it requires more security to prevent the data from being accessed by the intruder. As we all know about the advantages of WBANs, similarly, it is very vulnerable to receive an attack from any intruders. Many prototypes secure the data within the WBANs, as proposed by many researchers [1 , 25], and still ongoing to make it more secure. The most important part of the scheme is to secure the stored as well as transferred data, to maintain the privacy of data that meant to be accessed only by their authorized users [1]. Many issues such as data confidentiality, integrity as well as dependability are the most important needs to maintain the distributed data storage in the WBANs. In such cases, the prevention of patient data that is important and confidential at a local server or in a node. All the apps are running on smart devices as well as on smartphones by using the internet connections, the capability to store in the cloud, and using offload computing, which has been suggested in terms of overcoming the scarcity of wearable devices [2, 3]. It has been scaling too many servers, central nodes as well as a system.

Fig. 3

Vulnerability of WBAN.

These days various types of variants you may find out in wearable sensors, as shown in Fig. 4, the pattern to put the wearable device into the body than help any device to get tracked the human body through its advanced technology is helping people to maintain their health.

Fig. 4

Wearable sensors.

In Fig. 5 shows the interfacing between the human and the device through the wearable device. Wearable devices, as well as the other interfacing devices, are helping people. They are easy to place and easy to track if you fulfill the required requirements of those devices where it needs to locate in the human body to track their health reports as per the Transparency Market Research, which has been made by the work done in the paper [4].

Fig. 5

Interfacing in between human and any WBAN device.

Wearable devices help a person to track their real-time data of working as well as to help in figuring out about their body illness, which has become easier through the help of such technologies. Many developments were there that made remarkable enhancement in scientific research as well as practical experience in the field of BAN and WBAN serves pervasive wireless communication services [5]. The objective of this paper is to develop a framework that proposes an authentication mechanism followed by securing client’s data in WBAN. This novel framework objective is to provide.

an authentication mechanism to confirm the integrity of the two communicating entities.

Another objective is to secure (transform/encrypt) the clients (patient’s) data.

Next is to perform computation (patient’s data analysis or any other basic operations) on the transformed data (without re-transformation/decryption).

The final objective is to validate the results obtained after performing the operations on the transformed data.

2 Related work

There are very intruders, so the system needs more security over the threats. WBAN is already divided into categories, some of them depend on the external devices [2 , 6–8], and some do not depend on the external devices [3 , 9–13]. The major drawback of using the external device is the requirement of the device for all the time to wearing it. It may be stolen or lost; then, personal data may suffer during the time of unavailability of using external devices. The architecture [14] represents the major challenges of the network; it tells about how to make data encrypted and how to make data accessible to the users. Barus et al. [10] have been introduced a scheme that helps to control the access of patient’s crucial information related to their health by using several levels of their privacy. There is also an analogous protocol introduced by Akinyele et al. [8]; the protocol introduces in it is using Attribute-based Encryption (ABE) to produce self-protecting EHRs that help data to get stored in the storage of either user’s cellphones or in cloud servers. Bourbakis et al. [15] proposed a platform to relate healthcare by using their mobiles that help to secure their required information through the wearable devices to monitor via their systems. Yi et al. [13] proposed a new protocol that has sensors that store three different keys in each sensor. It helps to provide authentication of various three data servers. In which, if any third party has the desire to access the data of the patient, then it requires to get the authorization from the three servers which have stored data. Correspondingly, the use of a cloud server helps to reduce the decrypted computational data, which involves IBE, which is assisted by the Cloud-Assisted mHealth Monitoring System (CAM), introduced by Lin, Fang, et al. [3]. Such schemes have four major components: patient, cloud server, trust authority, and the company which provides the monitoring services for mHealth. Diallo, Rodrigues, Sene, and Niu [16] proposed the work that protects the account by stopping any energy sensor’s constraints and the real-time data required for such applications. Most of the work focuses on controlling access to explicit data and assign rights to the authenticated authorized user [9 , and 17]. All of these papers concern about the access of an authenticated user, which has the authorized access to any system where data has been stored in the cloud or any server. It is similar to work-related and resembles the same kind of work, which focuses on securing the BAN sensors’ communication with external users who use the CP-ABE. In contradiction of the architecture, as shown in work [18], it takes an approach that is related to the data-centric, in which the data-sink has received data from all the existing BAN sensors. Moreover, the sensors can be encryptions, and because of this, it cannot be able to access the data produced by the other sensor. Lounis, Hadjidj, Bouabdllah, and Challal [11], designed the WBAN that proposes a huge amount of data that has been generated by the networks of the medical sensor. This system makes a scalable infrastructure, which is completely based on the cloud that helps to store the data from intruders by generating an accessible way to data through a secure way. Many works have attained the symmetric methods for encryptions and CP-ABE, which help users to achieve the fine-grained accomplishment with low overhead of computation. A likewise concept has been proposed by another researcher in [19]; in this paper, authors introduce the concept of sharing devices as an alternative of data, which has been shown in [11]. The propagation of WBAN medical devices which is in-network pretends the research on efficient cryptographic services’ architecture such as shown in work [20], which has been proposed the system architecture for those devices which is implantable, where medical functionalities security are decoupled by making them running on two different separated cores. The cryptosystem of CP-ABE has been used in the paper [21], establishes another example of the scheme designed in terms of lightweight schemes, on-purpose to being embedded in the mobiles as well as in the wearable devices. Many other works have been shown in this world, which helps to advance the BAN sensors environment in this technical world of wireless sensors. There is one more SCAN secure processor has been presented in the paper [22]; it supports the authentication by using biometric expressions as well as numerous primitives of symmetric encryption. Many works are there, which is based on the Cipher-text Policy Attribute Set Based Encryption (CP-ASBE), as shown in [12]. In the paper [9], Li et al. have introduced the ABE system for multi-authority attributed to revocation method; it helps to condense the key management’s overheads. It shows the system has been split into the domains of multiple securities, in which each user subset is manageable. Though this methodology has two major issues as shown in the paperwork [23], one is suitable to the KP-ABE systems only and the other one in which each patient must generate and distribute their keys of security which has been authorized to the users, according to the paper [11]. Truong et al. [30] found that Yeh’s [29] previous scheme has been failing to provide key agreement and mutual authentication, which are the requirements for basic security that has been needed for an authentication scheme. Further, they have been introduced a new scheme to take measures for security pitfalls. Their scheme has been built upon the cryptography of an elliptic curve and has been taking credit to provide security against various known-unknown cyber-attacks. Unfortunately, in this paper, we are demonstrating that the scheme made by Truong et al.’s [30] cannot resist offline password guessing attacks as well as impersonation attacks, which is a real, very serious threat against these kinds of authentication schemes. We also put forward an authentication scheme for smart card-based as well as security-enhanced password in the environment of multi-server. The security analysis, as well as its performance’s discussion, is indicating that our scheme has several benefits in terms of both computation efficiency and security property. Thus are more desirable for practical applications.

3 Mathematical model

3.1 Authentication mechanism

The process needs to identify which entity is accessing the information and whether the accessing entity is authorized to access the client information associated with the nodes involved in WBANs. The authentication is a process in which any entity, whether node of WBANs accessing or server, requires proving their claim first before accessing information from the server. The proposed mechanism takes care of the entire authentication process, which lightweight in nature and provides significantly better authentication.

Authentication Phase: Authentication will take place by exchanging just three messages M1, M2, and M3. The propagation of all three messages is shown in Fig. 6. Message M1 and M3 are sent from client to server, while message M2 is sent from server to client. All three messages are secure by SHA-2, i.e., SHA-512 function. SHA-512 has a bit strength of 256 bits, which is thrice more than the bit strength of SHA-1 or RSA-1024 or ECC-192, which has a bit strength of 80 bits. The authentication phase is only to authenticate for any external entity who wants to access the information whether he is authentic or not then if any entity exchanging the data with another whether first authenticate or not the detail of symbol used for authentication is given in Table 1.

Fig. 6

Proposed Authentication Mechanism.

Table 1

Symbol Table

Symbol	Description
C _i	Client
S _v	Server
Pwd	Clients Password
W1	Secure hash function SHA-2
W2	Secure hash function SHA-2
P _i	Random Integer
Q _j	Random Integer
T_c, T_iT_j	Timestamp
C _red	Clients Identity
S _ved	Server Identity
q _j	Random Integer
SScK	The secret key of the server
K_i,j & K_j,i	Shared Session Key
∥	Concatenate symbol
⊕	XOR operator
$pi, {riZ}_{q}^{*}$	Random number ri and pi
S_v’	Encrypted server identity
RPwd	Random password
M1, M2, M3	Encrypted Messages via SHA-2
M1’, M2’, M3’	Decrypted Messages
$Q_{j}^{'}$	Random Integer
$P_{i}^{'^{'}}$	Random Integer

Authentication between a client C_i and a Server S_v, they can establish a secure channel. Authentication is performed as follows:

The Client C_i enters his credentials C_red and the password Pwd.

Client first computes.

RPwd = W1 (PwdC_redri) and S_v = S_vi, j ⊕ RPwd .

Then, a random integer is generated $pi \in Z_{q}^{*}$ $\begin{matrix} P_{i} = pi \cdot g \\ P_{i}^{'} = pi + W 2 (S_{v} i, j) \\ M 1 = W 1 (C_{red}, S_{ved}, P_{i}^{'}, T_{i}) \end{matrix}$

Where timestamp is T_i, next, the client C_i sends the request message ${C_{red}, P_{i}^{'}, Ti, M 1}$ to server S v for authentication.

After receiving a message from C_i (Client), the server S_v determines the integrity of C_red and Ti by confirming if |Tc - Ti| ⩽ ΔT, where Tc is the timestamp (current). Client authentication request will be rejected if the condition fails to meet.

Server S_v computes $M 1 = W 1 (C_{red} S_{ved} P_{i}^{'} T_{i})$ and confirms whether M’1 = M1. If the condition fails to meet, the server S_v aborts the authentication process; else, a random integer is generated q $j \in Z_{q}^{*}$ and computes $\begin{matrix} S_{v} i = W 1 (SScK ∥ C_{red}) \\ P_{i}^{'^{'}} = P_{i}^{'} - W 2 (S_{v} i . j), \\ Q_{j} = q_{j} \cdot g \\ Q_{j}^{'} = P_{i}^{'^{'}} + Q_{j}, \\ Kj = qj \cdot P \end{matrix}$ $M 2 = W 1 C_{red}, S_{ved}, P^{'} i, Q^{'} j, Kj,)$

Where Tj is the timestamp (current), Server S_v sends the message {M2, Q′j, Tj} to the client C_i.

After receiving a message from S_v (server), the client C_i first validates the cogency of Tj by confirming if |Tc - Tj| ⩽ ΔT, where Tc is the timestamp (current). After that, it computes

$\begin{matrix} Q j = Q^{'} j - P i, \\ Ki, = p i \cdot Q, \\ M^{'} 2 = W 1 (Cred ∥ S_{ved} ∥ P^{'} i ∥ Q j ∥ Ki, j ∥ Tj) \end{matrix}$ Then, the client validates if M’2 = M2. If the condition fails to meet the authentication process aborts; else, the client successfully authenticates the server S_v and sends M3 = W1 (Pi ∥ Qj ∥ Ki, j ∥ T′i) to server S_v, where T’i is the timestamp (current).

When the server S_v receiving the message M3 from the client Ci, the server S_v first validates the cogency of T’i by confirming if |Tc - T′i|| ⩽ ΔT, where Tc is the timestamp (current). Then, server S_v recomputes M′3 = W1 (Pi ∥ Qj ∥ Ki, j ∥ T′i) and validates if M’3 = M3. If the condition fails to meet, Server S_v aborts the authentication process; else, the client C_i is authenticated by the server S_v.

The server S_v and the client C_i computes a key for the session: S es Ky = W1 (Ki, j ∥ Cred ∥ S_ved) = W1 (Kj, i ∥ Cred ∥ S_ved).

This authentication process is now completed. The detailed registration phase and exchange of information between user and server shown in Fig. 6.

3.2 Proposed algorithm for secure WBAN

The proposed algorithm aims to improve the security aspects of the existing algorithm [24], [25] while retaining all the merits of the algorithm. We have proposed a sparse matrix-based security key for the secure outsourcing of the SLE algorithm with certain modifications. The details of the algorithm discussed in the following section, and notation of the symbol is given in Table 2.

Table 2
List of Symbols

Symbol Meaning

k_left (i, j) Key Matrix Left

k_right (i, j) Key Matrix Right

(i₁,i₂,i₃) Random Rows

(j₁, j₂, j₃) Random Columns

ProbTrans (φ, k) Problem Transformation

A Coefficient Matrix

x Solution Vector

φ (A, x) SLE input

φ_k (A′, x′) Transformed SLE

b Vector of constants

Symbol	Meaning
k_left (i, j)	Key Matrix Left
k_right (i, j)	Key Matrix Right
(i₁,i₂,i₃)	Random Rows
(j₁, j₂, j₃)	Random Columns
ProbTrans (φ, k)	Problem Transformation
A	Coefficient Matrix
x	Solution Vector
φ (A, x)	SLE input
φ_k (A′, x′)	Transformed SLE
b	Vector of constants

3.2.1 SLE: System of linear equations

SLE Problem is denoted as Ax = b.

Transformed SLE Problem is denoted as A′x′ = b′.

Transformed Coefficient Matrix $A^{'} = k_{1} \times A \times k_{2}^{- 1}$ .

Transformed vector constant b′ = k₁ × b.

Solution vector x’ produced by cloud server $x^{'} = (k_{1} \times A \times k_{2}^{- 1})^{- 1} \times b^{'} \to k_{2} \times A^{- 1} \times b$ .

Retransformed solution vector x is calculated as $x^{'} = k_{2} \times A^{- 1} \times b \to k_{2} * xx = k_{2}^{- 1} x^{'}$ .

3.2.2 Sructure-preserving key generation in WBAN

In this algorithm, we have denoted the key pair as (k_left, k_right). As in the previous transformations, the structure of the secure key matrices (k₁, k₂)) are similar. The definition of (k_left, k_right) differs from each other. Here the generation of k_left and k_right will take place. For generating the k_left, the client will select the three random columns j1, j2, and j3, and it will ensure that the final output of the problem generation algorithm will remain a random dense structure as shown in Key generation Left. While generating the k_right, the client randomizes the three rows i1, i2, i3 as shown in Key Generation Right.

Key Generation Left:k_left (i, j) , ∀ i, j ∈ { 1, 2, …, n },

Step-1: The client selects 3 random columnsrandom (j₁), random (j₂), random (j₃) where (j₁, j₂, j₃) ∈ j, ∀j∈ { 1, 2, …, n } and j₁ ≠ j₂ ≠ j₃.

Step-2: k_left (i, j₁) , ≠ 0, k_left (i, j₂) ≠ 0 and k_left (i, j₃)≠ 0 ∀ i ∈ { 1, 2, …, n }.

Step-3: Additionally, ∀i = j, ∀i, j∈ { 1, 2, …, n }, k_left (i, j) ≠ 0.

Step-4: Even if one can generate non-zero right diagonally, the final output of problem generation algorithm will remain a random dense structure i = n - (j - 1), k_left (i, j)≠ 0 ∀ i, j ∈ { 1, 2, …, n }, where the non-zero random number is generated using the cryptographically strong Mersenne Twister PRNG [26].

Key Generation Right: k_right (i, j) , ∀ j, i ∈ { 1, 2, …, n },

Step-1: The client selects 3 random rows random (i₁), random (i₂), random (i₃), where (i₁, i₂, i₃) ∈ i, ∀i∈ { 1, 2, …, n } and i₁ ≠ i₂ ≠ i₃.

Step-2: k_right (i₁, j) , ≠ 0, k_right (i₂, j) ≠ 0 and k_right (i₃, j)≠ 0 ∀ j ∈ { 1, 2, …, n }.

Step-3: Additionally, ∀i = j, ∀i, j∈ { 1, 2, …, n }, k_right (i, j) ≠ 0.

Step-4: Even if one can generate non-zero right diagonally, the final output of problem generation algorithm will remain a random dense structure j = n - (i - 1), k_right (i, j)≠ 0 ∀ i, j ∈ { 1, 2, …, n }, where the non-zero random number is generated using the cryptographically strong Mersenne Twister PRNG [26].

Additionally, in the final key matrix i₁ = j₁, i₂ = j₂ and i₃ = j₃.

3.2.3 Structure-preserving problem transformation in WBAN

As discussed in the previous section, the objective is to secure (transform/encrypt) the client’s data so that even if the data is mishandled, SEAM will make sure that no meaningful information can be traced. Also, the operation (computation) on data will be performed on the transformed data (without re-transformation/decryption of data), followed by the results verification. This section discusses the structure-preserving problem transformation in WBANs; this is a lightweight transformation mechanism.

ProbTrans (φ, k): Unlike the previous ProbTrans (φ, k) algorithm, this ProbTrans (φ, k) algorithm is adjusted as per the structure of the coefficient matrix.

Step-1: The coefficient matrix A is transformed as T = k_left × A,

Step-2: as the key matrix k_left (i, j₁) , ≠ 0, k_left (i, j₂) ≠ 0 and k_left (i, j₃)∀ j ∈ { 1, 2, …, n }.

Step-3: T (i_{j
₁}, j₁), T (i_{j
₂}, j₂)., T (i_{j
₃}, j₃) can be determined.

Step-4: The following adjustment can perform on the output

T (* , j₁) ↔ T (* , i_{j
₁}), T (* , j₂) ↔ T (* , i_{j
₂}). T (i_{j
₁}, *) ↔ T (j₁, *) and T (i_{j
₂}, *) ↔ T (j₂, *).

3.3 Comparison

In this section, the proposed algorithmScheme (SEAM) has been segment-wise compared to the existing work, as shown in Table 3. The proposed scheme has two segments. One is the authentication part of the scheme, and the other part of the scheme is to propose a mechanism for securing client’s data in WBANs named Wireless System of Linear Equation (WSLE). First, the comparison of the authentication phase is compared with other proposed mechanisms. Then a second comparison of the proposed algorithm with the existing state of art algorithms. The Truong [30] authentication mechanism uses elliptic curve cryptography, and the proposed authentication mechanism uses the SHA-2 hash function. Truong authentication mechanism fails to handle impersonating attacks and guessing password attacks offline. These are very convincing & solemn kinds of threats. Here we have used SHA-512 (an SHA-2 hash function), providing a bit strength of 256 bits as compared to the other existing authentication mechanism using ECC and RSA, which provides the bit strength of 80 bit-128 bits most of the time.

Table 3
Comparisons of Computation Efficiency

Computation Side X. Li et al. [32] Truong et al. [30] K H Yeh [29] Pippal et al. [31] Proposed Authentication scheme

Client Side 6T_XOR + 10T_h 2T_m + 5T_h + 2T_p 2T_e + 4T_h 3T_e + 4T_h 4T_h + 1.5T_p + 1.5T_m

Server Side 15T_XOR + 18T_h 2T_p + 6T_h + 3T_m 4T_e + 4T_h 4T_e + 3T_h 4T_h + 1.5T_p + 1.5T_m

Total 21T_XOR + 28T_h 4T_p + 11T_h + 5T_m 6T_e + 8T_h 7T_e + 7T_h 9T_h + 3T_p + 3T_m

Computation Side	X. Li et al. [32]	Truong et al. [30]	K H Yeh [29]	Pippal et al. [31]	Proposed Authentication scheme
Client Side	6T_XOR + 10T_h	2T_m + 5T_h + 2T_p	2T_e + 4T_h	3T_e + 4T_h	4T_h + 1.5T_p + 1.5T_m
Server Side	15T_XOR + 18T_h	2T_p + 6T_h + 3T_m	4T_e + 4T_h	4T_e + 3T_h	4T_h + 1.5T_p + 1.5T_m
Total	21T_XOR + 28T_h	4T_p + 11T_h + 5T_m	6T_e + 8T_h	7T_e + 7T_h	9T_h + 3T_p + 3T_m

3.3.1 Efficiency analysis

The work done by Wang et al. [27] proposes an algorithm for secure outsourcing. In the first step, an encryption key is generated by the Paillier method and a safe randomized encryption vector. After this, the transformation of the problem requires the multiplication of three matrix-vectors. The comparison of the complexity of (SEAM) with other suggested algorithm/scheme is given in Table 4.

Table 4
Theoretical Analysis of Complexities for SLE Problem

Sub -Algorithms Wang et al. [27] Chen et al. [24] Chen et al. [25] SPSLE and GPSLE Proposed WSLE

ProbTrans O (n²) O (n²) (n² + n) M O (n²) O (n²)

Compute O (n³) O (n³) O (n³) O (n³) O (n³)

Retransform O (Ln * dec) O (n²) O (n²) O (n) O (n)

Verify O (n²), (l ⩽ L ⩽ n) O (n²) O (M) O (n²) O (n²)

Sub -Algorithms	Wang et al. [27]	Chen et al. [24]	Chen et al. [25]	SPSLE and GPSLE	Proposed WSLE
ProbTrans	O (n²)	O (n²)	(n² + n) M	O (n²)	O (n²)
Compute	O (n³)	O (n³)	O (n³)	O (n³)	O (n³)
Retransform	O (Ln * dec)	O (n²)	O (n²)	O (n)	O (n)
Verify	O (n²), (l ⩽ L ⩽ n)	O (n²)	O (M)	O (n²)	O (n²)

3.4 Experimental evaluation and result analysis of algorithm

Abbreviations used in the proposed Wireless System of Linear Equation (WSLE) algorithm are listed in Table 5.

Table 5
Terms and Notations for SLE Algorithm

Notations Meaning

Problem Size Matrix Dimension (A, b)

T _{SLE
_o
rg} The execution time required by the SLE without any security

T _{SLE
_e
nc} The execution time required by the SLE with encryption

T _{SLE
_c
lient} Key Gen + Problem Transform + Verification + Re-transform

(η) $E fficiency (η) = \frac{T_{{SLE}_{org}}}{T_{{SLE}_{enc}}}$

PG PG = T_{SLE
_org}/T_{SLE
_client}

REC $REC = \frac{(T_{{SLE}_{client}} + T_{{SLE}_{enc}} - T_{{SLE}_{org}})}{(T_{{SLE}_{org}})}$

Notations	Meaning
Problem Size	Matrix Dimension (A, b)
T _{SLE _o rg}	The execution time required by the SLE without any security
T _{SLE _e nc}	The execution time required by the SLE with encryption
T _{SLE _c lient}	Key Gen + Problem Transform + Verification + Re-transform
(η)	$E fficiency (η) = \frac{T_{{SLE}_{org}}}{T_{{SLE}_{enc}}}$
PG	PG = T_{SLE _org}/T_{SLE _client}
REC	$REC = \frac{(T_{{SLE}_{client}} + T_{{SLE}_{enc}} - T_{{SLE}_{org}})}{(T_{{SLE}_{org}})}$

T_e = time required by mod exponent; T_h = time required by hash process; T_m = time required by addition over ECC; T_XOR = time required by XOR process; T_p = time required by multiplication over ECC.

Next, a case study is considered to ensure that the objective# 2, 3 & 4, i.e., lightweight data transformation, followed by performing computation on the transformed data and finally the results verification is achieved successfully by the proposed WSLE algorithm. The data matrices generated are equal to the size (matrix dimension) of the problem. Performance Analysis for Proposed WSLE Algorithm is given in Table 6. Comparison of Performance Gain for the proposed wireless SLE Algorithm is shown in Fig. 7.

Table 6

Performance Analysis for Proposed WSLE Algorithm

Problem -Dimension	T _{SLE _org}	T _{SLE _enc}	T _{SLE _client}	PG	Efficiency	REC
1000	0.6595	0.6672	0.0403	16.36476	0.988459	0.072782
2000	6.6312	6.4758	0.2192	30.25182	1.023997	0.009621
3000	17.9862	18.5634	0.5023	35.80768	0.968907	0.060018
4000	40.8957	41.4489	0.8952	45.68331	0.986653	0.035417
5000	81.8481	81.9359	1.4383	56.90614	0.998928	0.018646

Fig. 7

Comparison of Performance Gain for SLE Algorithm.

The comparative analysis of different possible attacks that can be handled by the proposed algorithm is given in Table 7, which is not addressed by studies given in Table 7.

Table 7

Comparisons of security’s parameters

Security Parameter	X. Li et al. [32]	Truong et al. [30]	K H Yeh [29]	Pippal et al. [31]	Proposed Authentication scheme
Offline password guessing attack	DNH	DNH	DNH	DNH	HNDL
User impersonation attack	DNH	DNH	DNH	DNH	HNDL
Perfect forward secrecy	DNH	HNDL	HNDL	HNDL	HNDL
Mutual authentication	HNDL	HNDL	DNH	HNDL	HNDL
Replay attack	HNDL	HNDL	HNDL	HNDL	HNDL
Insider attack	DNH	HNDL	HNDL	HNDL	HNDL

^*DNH: Does not handle HNDL: Handles.

4 Conclusion

This work proposes a novel framework that provides data security in WBAN with an authentication mechanism. This proposed WSLE algorithm, which provides authentication between the communicating entities and data security by using a lightweight transformation mechanism, has been proposed for the first time for WBANs. The work proposed provides security and is capable of handling the following attacks, namely, COA: Cipher-Text Only Attack, KPA: Known-Pain Text Attack, CCA: Chosen-Cipher Text Attack. Known-Pain Text attacks are handled by using different keys, and this holds true for Chosen-Cipher Text attack. Random results are generated by transforming the problem for every matrix passed as input. So, the unauthorized user is never able to detect the raw input by the transformed input. Also, the WBAN server is not able to recover/detect the raw input from the transformed input, and an unauthorized user is not able to distinguish between the two transformed inputs. So, the proposed WSLE algorithm can handle the attack. There are various kinds of attacks that need to be secured for future work. WBAN is an open network, which makes it more vulnerable to every type of intruders. The proposed work (SEAM) has tried to secure the WBAN from CCA, KPA, as well as COA. The authentication mechanism uses the SHA-2 function that provides the property of one-way and collision resistance. The property of being one-way ensures that no one can learn anything meaningful about the input from the output of the hash function. The second property of being collision resistant ensures that the same hash cannot be produced again for any given input. At the same time hash functions are primarily used to ensure integrity.

Footnotes

Acknowledgment

This work is carried out in Secure and Computing Laboratory, SC and SS, JNU, New Delhi, India, and sponsored by the project entitled “Development of Intelligent Device for Security Enhancement (iEYE),” PID-DST/TDT/DDP12/2017-G.

References

, Lou

and Ren

, Data security and privacy in wireless body area networks, IEEE Wireless Communications17(1) (2010), 51–58.

Bourouis

, Feham

and Bouchachia

, A new architecture of a ubiquitous health monitoring system: a prototype of cloud mobile health monitoring system, arXiv preprint arXiv:1205.6910 (2012).

Lin

, et al., CAM: cloud-assisted privacy-preserving mobile health monitoring, IEEE Transactions on Information Forensics and Security8(6) (2013), 985–997.

Transparency Market Research, Implantable Medical Devices Market (Reconstructive Joint Replacement, Spinal Implants, Cardiovascular Implants, Dental Implants, Intraocular Lens and Breast Implants)—US, Industry Analysis, Size, Share, Trends, Growth And Forecast 2012–2018; Technical Report; Transparency Market Research: Albany, NY, USA, (2013).

Alemdar

and Ersoy

, Wireless sensor networks for healthcare: A survey, Computer Networks54(15) (2010), 2688–2710.

, et al., IMDGuard: Securing implantable medical devices with the external wearable guardian, 2011 Proceedings IEEE INFOCOM. IEEE, (2011).

Gollakota

, et al., They can hear your heartbeats: non-invasive security for implantable medical devices, Proceedings of the ACM SIGCOMM 2011 conference (2011).

Akinyele

J.A.

, et al., Securing electronic medical records using attribute-based encryption on mobile devices, Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. (2011).

, et al., Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption, IEEE transactions on parallel and distributed systems24(1) (2012), 131–143.

10.

Barua

, et al., Peace: An efficient and secure patient-centric access control scheme for e-health care system, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, (2011).

11.

Lounis

, et al., Secure and scalable cloud-based architecture for e-health wireless sensor networks, 2012 21st International Conference on Computer Communications and Networks (ICCCN). IEEE, (2012).

12.

Ragesh

G.K.

and Baskaran

, CRYPE: towards cryptographically enforced and privacy-enhanced WBANs, Proceedings of the First International Conference on Security of Internet of Things (2012).

13.

, Willemson

and Nait-Abdesselam

, Privacy-preserving wireless medical sensor network, 2013 12th IEEE international conference on trust, security, and privacy in computing and communications. IEEE, (2013).

14.

Alam

M.M.

and Hamida

E.B.

, Surveying wearable human assistive technology for life and safety-critical applications: Standards, challenges, and opportunities, Sensors14(5) (2014), 9153–9209.

15.

Bourbakis

, et al., Security and privacy in biomedical telemetry: Mobile health platform for secure information exchange, Handbook of Biomedical Telemetry; Wiley-IEEE: Hoboken, NJ, USA (2014), 382–418.

16.

Diallo

, et al., Real-time query processing optimization for cloud-based wireless body area networks, Information Sciences284 (2014), 84–94.

17.

, Ren

and Wenjing

, FDAC: Toward fine-grained distributed data access control in wireless sensor networks, IEEE Transactions on Parallel and Distributed Systems22(4) (2010), 673–686.

18.

Sahai

and Waters

, Fuzzy identity-based encryption, Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, (2005).

19.

Kliem

and Kao

, Cosemed-cooperative and secure medical device cloud, 2013 IEEE 15th International Conference on e-Health Networking, Applications, and Services (Healthcom 2013). IEEE, (2013).

20.

Strydis

, et al., A system architecture, processor, and communication protocol for secure implants, ACM Transactions on Architecture and Code Optimization (TACO)10(4) (2013), 1–23.

21.

Guo

, et al., CP-ABE with constant-size keys for lightweight devices, IEEE transactions on information forensics and security9(5) (2014), 763–771.

22.

Kannavara

, Mertoguno

and Bourbakis

N.G.

, SCAN secure processor and its biometric capabilities, Journal of Electronic Imaging20(2) (2011), 023014.

23.

Yang

, et al., DAC-MACS: Effective data access control for multi-authority cloud storage systems, IEEE Transactions on Information Forensics and Security8(11) (2013), 1790–1801.

24.

Chen

, Xiang

and Yang

, Privacy-preserving and verifiable protocols for scientific computation outsourcing to the cloud, Journal of Parallel and Distributed Computing74(3) (2014), 2141–2151.

25.

Chen

, et al., New algorithms for secure outsourcing of large-scale systems of linear equations, IEEE transactions on information forensics and security10(1) (2014), 69–78.

26.

Matsumoto

and Nishimura

, Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator, ACM Transactions on Modeling and Computer Simulation (TOMACS)8(1) (1998), 3–30.

27.

Wang

, et al., Harnessing the cloud for securely outsourcing large-scale systems of linear equations, IEEE Transactions on Parallel and Distributed Systems24(6) (2012), 1172–1181.

28.

Saha

M.S.

and Anvekar

D.D.K.

, State of the art in WBAN security and open research issues, International Journal on Recent and Innovation Trends in Computing and Communication2(7) (2014), 1958–1964.

29.

Yeh

K.-H.

, A provably secure multi-server based authentication scheme, Wireless Personal Communications79(3) (2014), 1621–1634.

30.

Truong

T.-T.

, et al., Provable identity-based user authentication scheme on ECC in a multi-server environment, Wireless Personal Communications95(3) (2017), 2785–2801.

31.

Pippal

R.S.

, Jaidhar

C.D.

and Tapaswi

, Robust smart card authentication scheme for multi-server architecture, Wireless Personal Communications72(1) (2013), 729–745.

32.

, et al., An efficient and security dynamic identity-based authentication protocol for multi-server architecture using smart cards, Journal of Network and Computer Applications35(2) (2012), 763–769.