Sage Journals: Discover world-class research

Abstract

We present two approaches that exploit biometric data to address security problems in the body sensor networks: a new key negotiation scheme based on the fuzzy extractor technology and an improved linear interpolation encryption method. The first approach designs two attack games to give the formal definition of fuzzy negotiation that forms a new key negotiation scheme based on fuzzy extractor technology. According to the definition, we further define a concrete structure of fuzzy negotiation that can enlarge the types of biometric data used to negotiate shared keys between biosensor nodes. The second approach includes a detailed key sampling method that uses shared secrets to generate linear interpolation factors and an improved linear interpolation encryption scheme based on linear equation group. Security analyses show that these two approaches are secure and can resist attacks launched by Ultra-Wide Band (UWB) technology, which has not received due attention in the existing studies.

1. Introduction

Body sensor networks (BSNs) are an important branch of wireless sensor networks (WSNs) [1, 2]. A BSN is a medical information system in the field of e-health, and it consists of some biosensor nodes that form a wireless micronetwork on the human body. These biosensor nodes are microscale equipment integrated with biosensors and transceivers [3], and they can provide a capability of automated and continuous human monitoring when they are worn on or implanted in the human body. At present, various biosensors have been designed to measure diverse physiological signals, such as blood pressure (systolic and diastolic), electrocardiogram (ECG), blood oxygen level (SpO2), and activity recognition. These sensors are available in many different forms, including wrist wearable devices, implantable devices, and biomedical smart clothes [4–7]. Based on the functions of biosensors, BSNs cannot only monitor body health, but also perform complete intelligent treatment, such as accurate insulin injection. Applications of BSNs will greatly improve the society's medical conditions and promote living qualities of people.

In order to realize exchanging of medical information among biosensor nodes in a BSN, physiological signals should be transformed into biometric data. Since these data are sensitive medical information, they must be protected. Otherwise, the leaked biometric data could divulge personal privacy, and the tampered biometric data could cause serious medical accident and even threaten a patient's life [8–11]. National regulations are being established to ensure the privacy and security of healthcare data from data generation, transmission, storage, and usage. For example, the HIPAA (the Health Insurance Portability and Accountability Act) has set a benchmark [8]. However, the computational and bandwidth limitations of BSNs are on a par with those found in the so-called microsensor networks, which make traditional security paradigms [12–17] designed for conventional WSNs not directly applicable to BSNs. Thus, there are great challenges in designing security schemes for BSNs. One of the core problems is how to establish shared keys among biosensor nodes and how to encrypt biometric data efficiently. Note that biometric data themselves have an advantage over conventional cryptography in authenticating genuine users [18, 19]; a natural solution of protecting biometric data will be the combination of conventional cryptography and biometric security method, for example, as discussed in biocryptography [20, 21].

Due to physiological noise and errors of biosensors, the same kind of biometric data collected by various biosensors may not have the exact same value, which causes these data to be not suitable to be used in key negotiation directly. To solve the problem, a common method is to use error-correcting codes [17, 22]. In addition, linear interpolation encryption method has great advantages over conventional encryption methods in protecting biometric data [23]. However, both of the methods have drawbacks, respectively. In the former method, common keys only can be derived from error-correcting codes, which stringently limits the size of key space. In addition, the method only can use high-entropy physiological signals to negotiate common keys, but at present people only recognize a few kinds of high-entropy physiological signals in the human body, which means that the method has not a good application prospect. Also the latter method does not provide idea on how to sample interpolation factors from the physiological signals, and it cannot resist the attack of remotely collecting physiological signals launched by the Ultra-Wide Band (UWB) technology. In order to address the above problems, we introduce predeployed keys technology and fuzzy extractor to build key negotiation scheme and propose a new biometric data encryption scheme. Our contributions include the following: (i) we design a fuzzy-extractor-based key negotiation scheme using error-correcting codes and predistributed keys, and the scheme has stronger security and is easier to use in practice; (ii) to remedy the drawbacks in the linear interpolation encryption shown in [23], we give a concrete method of sampling interpolation factors from physiological signals and propose a more secure encryption method for biometric data.

The rest of the paper is organized as follows. Section 2 presents the existing research results related to key negotiation and biometric data encryption in BSNs and analyzes the known security problems. Section 3 proposes a new key negotiation scheme based on fuzzy extractor technology and analyzes security of the new scheme. A detailed method of sampling linear interpolation factors and an improved linear interpolation encryption scheme are developed and their security analyses are given in Section 4. Finally, in Section 5 conclusions are drawn.

2. Related Work

2.1. Fuzzy Commitment Technology

In a human body, some biometric data have a high level randomness and can be viewed as pseudorandom numbers, and thus, these data can be used to build key negotiation schemes in BSNs. Reference [24] proposed using a group of similar random numbers generated from these biometric data at different sites of the human body to encrypt and decrypt a symmetric key for secured distribution. Since the same biometric data captured at different locations of the body have slight differences, they employed a fuzzy commitment technology [22] to ensure that errors in a recovered encryption key can be removed by a certain error-correcting code C. At the transmission terminal, a high-entropy biometric value x is used by a biosensor node A to commit the key $k_{shared}$ that is an element of C, say, using $F (k_{shared}, x) = h (k_{shared}) ∥ (x \oplus k_{shared})$ , where $h (\cdot)$ is a hash function, ⊕ is the bitwise XOR operation, and ∥ means concatenation. At the receiving terminal, if the same kind of biometric value $x^{'}$ collected by the other biosensor node B is similar to x, and the difference between them is tolerable to C, B can use $x^{'}$ and C to decommit the key $k_{shared}$ . Compared with traditional key negotiation schemes, the noninteractive fuzzy commitment scheme has less energy consumption in messages transmission and is suitable for BSNs. Next, various algorithms have been developed following the work of [24]. In [23], a method was proposed, which only transfers commitments to complete keys negotiation. The method is conductive in reducing messages transferred for negotiation of shared keys and is suitable to negotiate shared keys among more than two biosensor nodes. Reference [25] used a hybrid topology that combines two topologies, star and mesh, to establish shared keys. In the scheme, identities of biosensor nodes are used to authenticate shared keys, and a mechanism of changing cluster heads according to energy is proposed to maximize the lifetime of BSNs. Reference [26] proposed a method that uses time slots to solve synchronization problem of high-entropy biometric data between biosensors. Reference [27] pointed out by experiment that the timing information of heartbeats has high-entropy characteristic and can be used to negotiate shared keys in BSNs. Reference [28] proposed an energy efficient key management for BSNs based on fuzzy commitment where a weak time synchronization mechanism and an energy-based multi-hop-route-choice method are advanced to decrease the energy of key management in BSNs.

Although many achievements have been made on this topic, several challenging security problems remain. (1) Only variable and high-entropy biometric data in the human body are considered for negotiating keys. Up to now, only the timing information of heartbeats has been proved to satisfy the requirement [27], which greatly limits applications of the technology in practice. (2) Shared keys are only generated from the set of error-correcting codes, which restrict the choice space of keys. Furthermore, some researchers argue that the generation may cause security problems for the reason that error-correcting codes should be public, and adversaries could easily get $k_{shared}$ by its hash value [29]. (3) Shared keys are vulnerable to a new developing RCB (remotely capturing biometric data) attack that uses UWB (Ultra-Wide Band Radar) technology to remotely capture some kinds of biometric data [27]. That is, when an adversary remotely captures a biometric value x that is used to negotiate shared keys and eavesdrops the corresponding commitment: $p = x \oplus k_{shared}$ , he can easily get the shared key by: $p \oplus x = x \oplus k_{shared} \oplus x = k_{shared}$ .

2.2. Fuzzy Extractor Technology

Following the development of the fuzzy commitment technology, another biometric cryptography, fuzzy extractor technology, was proposed in [30]. A fuzzy extractor is composed of two procedures (Gen, Rep) that operate as follows. Suppose W is a variable and w and $w^{'}$ are two values of W. The first procedure (Gen) in the transmission terminal holds w, if it wants to establish a shared secret R with the second procedure (Rep) in the receiving terminal, it computes $(R, P) = Gen (w)$ and sends P to Rep; Rep holds $w^{'}$ , and when it receives P, it computes $R^{'} = Rep (w^{'}, P)$ . A fuzzy extractor satisfies correctness if $R = R^{'}$ when the distance between $w^{'}$ and w is tolerable to a selected error-correcting code and satisfies security if R is uniformly distributed even given P when the entropy of W is high. The main difference between fuzzy commitment and fuzzy extractor lies in the fact that the former's goal is to recover the original key of transmission terminal at the receiving terminal, and the latter's goal is realize the reproduction of a secret R from $w^{'}$ close to w at the receiving terminal after the transmission terminal generates R from w.

When w is looked at as a biometric template, fuzzy extractor can be used widely in the fields of secure authentication and key reproduction, which cause it to be well studied. Reference [31] pointed out that an improper sketch construction and a biased error-correcting code are both the source of leaking secret biometric data; they make a fuzzy extractor not adequate for multiple use of the same secret biometric data. And then, it proposed two concepts, “outsider chosen perturbation security” and “insider chosen perturbation security,” to address the security problem. Reference [32] pointed out that fuzzy extractor cannot resist active attack, and when commitments are tampered, the authentication service provided by fuzzy extractor will be invalid. And then, it used ideal hash function to build a robust extractor to resist this kind of active attack. Reference [33] showed that some of more popular constructions that have been shown before have serious security weaknesses in presence of even very weak adversaries. And then, it proposed two concepts, indistinguishability and irreversibility, and designed two attack games to define the security of fuzzy extractor. Reference [34] explained the root of vulnerability of fuzzy extractor; that is, because the key derived from biometric data must be indistinguishable to uniform random distribution, the leakage of information associated with the biometric data is unavoidable. And following the work of [33], it further divided the concept of indistinguishability into two security levels, “weak biometric privacy” and “strong biometric privacy,” and according to the two security levels, it advanced a method to improve the security of fuzzy extractor. Following the above researches [35], proposed a robust fuzzy extractor structure and an authenticated key agreement from close biometric data. The research considered both keyless case and keyed case of building shared keys and gave solutions to reduce the loss of entropies in the negotiation of shared keys.

Fuzzy extractor has advantages over fuzzy commitment in terms of key space and option of biometric data, while it cannot be used directly to negotiate shared keys in BSNs scenario. That is, due to real-time physiological noise and errors of biosensors, the distance between the template of biometric data and the same kind of biometric data collected in real time by other biosensors always is out of toleration of the selected error-collecting code. In addition, the existing key management schemes based on fuzzy extractor technology are always not suitable to practical BSNs; for instance, key agreement scheme in [35] cannot resist the new developing RCB attack, and furthermore it only uses biometric data with high entropy to negotiate shared keys.

2.3. INTRAS Encryption

In order to improve the efficiency of encrypting biometric data in BSNs, [23] proposed a set of linear interpolation encryption schemes, called INTRAS, which are effectively a combination of interpolation and random sampling. The simplest scheme of INTRAS is summarized as follows.

(1) In a BSN context, the shared encryption key k is used to generate a vector of sampling instants $d = 〈d [1], d [2], \dots, d [n]〉$ by both the sender and the receiver.

(2) For the sender, on input sequence $x = 〈x [1], x [2], \dots, x [n]〉$ , an interpolation filter outputs a sequence of concrete interpolated signals $x_{c} = 〈x_{c} [1], x_{c} [2], \dots, x_{c} [n]〉$ .

(3) At each instant i, the resampling block simply resamples the interpolated signal $x [i]$ using a delay $d [i]$ to produce the scramble output $x_{c} [i]$ by

\begin{matrix} x_{c} [i] = d [i] \cdot x [i] + (1 - d [i]) \cdot x [i - 1], \end{matrix}

(1)

where

1 \leq i \leq n

and

x [0]

is an initial value.

Here, security is achieved from the fact that the input cannot be recovered from the scrambled output $x_{c} [i]$ , without knowledge of the delay vector d.

(4) For the receiver, on input sequence $x_{c}$ and d, he can recover the sequence x.

The simplest INTRAS encryption has two problems. One is that [23] does not give the concrete method to generate interpolation factors, and the problem exists in all of the other forms of INTRAS encryption schemes; the other one is that knowing the input data and encrypted output is equivalent to knowing the key, which is vulnerable to the RCB attack. Though other forms of INTRAS encryption do not have the latter problem, their procedures are too complicated to realize.

From the above analyses, it can be seen that existing researches cannot secure BSNs effectively, so in the rest of the paper, we first combine the technologies of predeployed keys and fuzzy extractor to design a new key negotiation method, called fuzzy negotiation. And then, we propose a detailed method to generate interpolation factors sequence from shared secrets and further advance an improved INTRAS encryption method.

3. Proposed Fuzzy Negotiation Technology for Key Negotiation

In this section, we make use of predeployed keys technology and fuzzy extractor technology to propose a new key negotiation method. Our goal is threefold, (i) to enlarge the key space by combing predeployed keys and physiological signals; (ii) to use physiological signals with any entropies to negotiate common keys; (iii) to resist the RCB attack.

3.1. Definition of Fuzzy Negotiation

Like fuzzy commitment and fuzzy extractor, fuzzy negotiation makes use of error-correcting codes to negotiate keys. Let M be a space of messages with distance function $dist (\cdot)$ ; more formally an error-correcting code C is a subset of K number of distinct codewords ${c_{0}, \dots, c_{k - 1}}$ of M. The Hamming distance of C is the smallest d such that $dist (c_{i}, c_{j}) \geq d$ for all $i \neq j$ , which means that C can detect up to $d - 1$ errors, and the error-correcting distance is $t = ⌊(d - 1) / 2⌋$ [17].

As our work is in the computational setting, we use κ to denote the security parameter. All algorithms are assumed to be a polynomial time in κ. Then a function $ε (κ)$ is negligible if for all positive polynomial $p (\cdot)$ and sufficiently large $κ, ε (κ) \leq 1 / p (κ)$ .

In a BSNs, let K denote the preloaded secret of all biosensor nodes, W is a variable of M with length $| W | = l$ , w and $w^{'}$ are values of W, r is a random value with length l, and t is the error-correcting distance of a selected public error-collecting code C, where the length of each codeword c is l. Then, we give a formal definition of fuzzy negotiation as follows.

Definition 1.

A structure of fuzzy negotiation is a pair of randomized procedures, “Trans” and “Rec,” with the following properties. (1)

On input w, K, r, and c, the generation procedure “Trans” outputs an extracted secure string $R \in {0,1}^{l}$ and a public string $P \in {\{0,1\}}^{*}$ to commit R.

(2)

Correction. The reproduction production “Rec” takes an element $w^{'}$ and a public string $P \in {\{0,1\}}^{*}$ as inputs. The correctness property of fuzzy negotiation guarantees that if $dist (w, w^{'}) \leq t$ , and R, P are generated by $(R, P) \leftarrow Trans (K, w, r, c)$ , then $Rec (K, w^{'}, P, C) = R$ . If $dist (w, w^{'}) > t$ , then no guarantee is provided about the output of “Rec.”

(3)

Security. Any adversary wins the adaptively chosen biometric data attack game and adaptively chosen commitment attack game defined as follows with negligible possibilities.

Adaptively Chosen Biometric Data Attack Game. We define an adaptively chosen biometric data attack game against fuzzy negotiation as the following game between a challenger and an adversary. In the initialization, the challenger is assigned with a secret K.

Preparation. The adversary chooses a kind of physiological signal and describes it as a biometric variable $W \in M$ . Then, the adversary gives the specification of W (such as the kind of the physiological signal) to the challenger.

Queries. The adversary makes up to q possibly adaptive queries. To form adaptive query i, the adversary produces a value $w_{i}$ of W, a random value r, and a codeword c from C and then sends all of them to the challenger. The challenger produces $(P_{i}, R_{i}) \leftarrow Trans (K, w_{i}, r, c)$ and sends $P_{i}$ to the adversary.

Challenge. The adversary produces a value w of W, a random value $w^{'}$ with length $| w |$ , and a random value r and selects a codeword c from C and then sends all of them to the challenger. The challenger randomly produces a bit b; if $b = 1$ , the challenger computes $(P^{*}, R^{*}) \leftarrow Trans (K, w, r, c)$ , and if $b = 0$ , the challenger computes $(P^{*}, R^{*}) \leftarrow Trans (K, w^{'}, r, c)$ instead. Finally, the challenger sends $P^{*}$ to the adversary.

More Queries. The adversary runs additional queries as described in step “Queries.”

Response. The adversary eventually produces a bit $b^{'}$ and wins if $b^{'} = b$ .

Let $adversary (P^{*})$ be the output of the adversary when it gets $P^{*}$ and $w | w^{'}$ an alternative choice with a probability of 1/2. Then, the adversary's advantage in this game is defined as ${adv}^{A c b} (κ) = |\Pr [b \leftarrow adversary (P^{*})| P^{*} = Trans (K, w| w^{'}, r, c)] - 1 / 2|$ .

Theorem 2.

The fuzzy negotiation can withstand an adaptively chosen biometric data attack, if for any PPT (probability polynomial time) adversary, it holds that ${a d v}^{A c b} (κ) \leq ε (κ)$ for a negligible small $ε (κ)$ .

Proof.

The attack game simulates adaptive attack to the “Trans” procedure of fuzzy negotiation in practice: an adversary can adaptively capture some kind of biometric value w (such as timing information of heartbeats) by RCB (remote capturing biometric data) attack and get the corresponding commitment P by eavesdropping method. In such way, the adversary can do enough adaptive exercises to analyze the relationships between biometric data and corresponding commitments. If in such attacks, the adversary's advantage is negligible in step “Challenge,” it means that the adversary cannot find the relationships between them, and then, the attacker cannot make use of commitments to compute biometric data, which cannot be captured remotely.

Adaptively Chosen Commitments Attack Game. Let Δ be the set of perturbation functions over a messages space M; that is, $Δ = {δ : M \to M}$ , where $dist (w, δ (w))$ can be greater than t. We define an adaptively chosen commitments attack game against a fuzzy negotiation as the following game between a challenger and an adversary. In the initialization, the challenger is assigned with an error-correcting code C and a secret K.

Preparation. The adversary points a kind of physiological signal as a biometric variable $W \in M$ . And then, the adversary gives the specification of W (such as the kind of the physiological signal) to the challenger.

Public Queries. The adversary makes up to q possibly adaptive queries: to form adaptive query i, the adversary produces a value $w_{i}$ of W, a random value r, and chooses a codeword c from C and then sends all of them to the challenger. The challenger produces $(P_{i}, R_{i}) \leftarrow Trans (K, w_{i}, r, c)$ and sends $P_{i}$ to the adversary.

Keys Queries. The adversary makes up to $q^{'}$ possible adaptive reproduction queries that can be interspersed with public queries as follows. To form query i, the adversary chooses $δ_{i}^{'} \in Δ$ , a biometric value $w^{'}$ , and $P^{'}$ that is generated from $w^{'}$ in the “public queries” step and then sends them to the challenger. The challenger computes $R_{i}^{'} = Rec (K, δ_{i}^{'} (w^{'}), P_{i}^{'}, C)$ and returns $R_{i}^{'}$ to the adversary. In order to let the adversary do enough exercises, the procedure “Rec” will return the adversary a value, such as a fault $R_{i}^{'}$ ; even $δ_{i}^{'}$ satisfies $dist (w^{'}, δ_{i}^{'} (w^{'})) > t$ .

Challenge. The adversary chooses $P^{*} \in {P_{1}, \dots, P_{q}}$ from strings returned by the challenger in a public query and in any key query $(δ_{i}^{'}, w^{'}, P^{*})$ the distance has $dist (w^{'}, δ_{i}^{'} (w^{'})) > t$ . The adversary sends $P^{*}$ to the challenger. The challenger randomly produces a bit b; if $b = 1$ , the challenger computes $R^{'} = Rec (K, w^{'}, P^{*}, C)$ with unperturbed $w^{'}$ and gives it to the adversary. Otherwise, if $b = 0$ , it chooses a random string with length of $| R^{'} |$ and gives it to the adversary instead.

More Queries. The adversary runs additional queries as described in step “Public Queries.”

Response. The adversary eventually produces a bit $b^{'}$ and wins if $b^{'} = b$ .

The adversary's advantage in this game is defined as ${adv}^{A c c} (κ) = |\Pr [b \leftarrow adversary (k e y)| R = Rec (K, w^{'}, P^{*}, C)] - 1 / 2|$ .

Theorem 3.

The fuzzy negotiation can withstand the adaptively chosen commitments attack in Δ, if, for any PPT adversary, it holds that ${a d v}^{A c c} (κ) \leq ε (κ)$ for a negligible small $ε (κ)$ .

Proof.

The attack simulates the adaptively chosen commitments attack to the “Rec” procedure of fuzzy negotiation in practice. Before a user uses a BSN product, an adversary can get the BSN product by some means (e.g., the adversary unpacks the BSN product unauthorizedly in the transportation) to launch adaptively chosen commitments attack where, for a pair of biometric value and commitment adaptively chosen, the adversary can get corresponding shared key. So, the adversary can do enough adaptive exercises to analyze the relationships between commitments and corresponding shared keys.

3.2. The Characteristics of Definition of Fuzzy Negotiation

The definition of fuzzy negotiation is similar to that of fuzzy extractor, and the main difference lies in that the security in fuzzy negotiation is in the computational setting and is defined by two attack games. The reason is that fuzzy negotiation is used in key negotiation of BSNs, and the two attack games can emulate real attacks well on BSNs where the new RCB attack is included. In addition, we explicitly point out that error-correcting code C is public, and its codewords can be known by the adversary, which meets the common usages of error-correcting code and is in accordance with the opinion in [29].

Our adaptively chosen biometric data attack game looks similar to the “weak biometric privacy” game introduced in [33]. However, their applications are different in essence. The “weak biometric privacy” game is used to describe the attack to biometric data based authentication that uses fuzzy extractor technology. In order to launch such an attack, the adversary needs to obtain the same kind of biometric trait that is already used as an authentication template. Due to differences in sampling biometric data each time from the human body, the game introduces a set of perturbation functions to simulate the differences, whereas our adaptively chosen biometric data attack game is used to describe the adversary's ability to analyze the relationships between biometric data and their commitments. When designing the game, it is observed that the RCB attack can contain some kinds of biometric data from the human body, which can pose serious threat to the security of BSNs. Our game does not need perturbation functions because the adversary is allowed to know the biometric data that are used to produce commitments. In step “Challenge,” the adversary in former game does not know the perturbation function selected by the challenger and the biometric data which he wants to challenge. These restrictive conditions will decrease adversary's attacking ability. Whereas the adversary in our game knows the biometric data, the random value r and the codeword c, all of them, are used to generate the challenge in step “Challenge.” Furthermore, our adaptively chosen biometric data attack game implies that the adversary could analyze the relationship between biometric data and their commitments in “Queries,” “Challenge,” and “More Queries” steps. Thus, our adaptively chosen biometric data attack game is not only suitable for describing the attacks to BSNs, but also a stronger attack model.

In addition, our adaptively chosen commitments attack game is similar to the “strong biometric privacy” game specified in [33]. However, unlike the “strong biometric privacy” game, our adaptively chosen commitments attack game does not do any “key queries” in step “More Queries,” which follows the fact that when BSN product is deployed on the user's body, the BSN is under surveillance all the time. The adversary has no chance to do “key queries” exercises. Furthermore, our adaptively chosen commitments attack game implies that the adversary could use c to analyze the relationship between biometric data and their commitments and between commitments and corresponding shared keys in “Public Queries,” “Private Queries,” “Challenge,” and “More Queries” steps.

3.3. Structure of Fuzzy Negotiation

According to the definition in Section 3.1 we design a fuzzy negotiation structure as follows. The structure consists of a pair of procedures: “Trans” and “Rec.” As mentioned in Section 3.1, in the initialization of the structure, each biosensor node is preloaded with a secret K that is divided into two keys, $k_{0}$ and $k_{1}$ , with $| k_{0} | = | k_{1} | = l$ . In addition, each biosensor node is assigned with a keyed one-way pseudorandom function $F_{k} (\cdot) : {0,1}^{l} \to {0,1}^{l}$ with $| k | = l$ , an error-correcting function $Dec (\cdot)$ belonging to a selected error-correcting code C and a function $f (\cdot) : {0,1}^{l} \times {0,1}^{l} \to {0,1}^{l}$ that satisfies $z = f (x, y) \Rightarrow y = f (x, z) \Rightarrow x = f (z, y)$ . (1)

Procedure “Trans”:

(i)

collecting a biometric value from a pointed physiological signal and encoding it into a binary value w with $| w | = l$ ;

(ii)

selecting a codeword c from the error-correcting code C and computing the relationship between c and $w : v = f (w, c)$ ;

(iii)

generating an open random value r with $| r | = l$ and then using $F (\cdot)$ to hide $v : u = v \oplus F_{k_{0}} (r)$ ;

(iv)

finally, deriving the shared key: $k_{shared} = F_{k_{0}} (F_{k_{1}} (w \oplus r))$ (⊕ is bitwise XOR operation) and outputting the commitment corresponding $w : P = 〈u, r, F_{k_{0}} (u ∥ r ∥ c)〉$ (“∥” denotes connection of messages).

(2)

Procedure “Rec”:

(i)

collecting the same kind of biometric value and encoding it into a binary value $w^{'}$ with $| w^{'} | = l$ ;

(ii)

using the predeployed key $k_{0}$ to recover the relationship $v : v = u \oplus F_{k_{0}} (r)$ ;

(iii)

encoding $w^{'}$ and v into $c^{*} : c^{*} = f (w^{'}, v)$ which is a fuzzy version of c;

(iv)

using $Dec (\cdot)$ to correct $c^{*} : c^{'} = Dec (c^{*})$ . If $F_{k_{0}} (u ∥ r ∥ c) = F_{k_{0}} (u ∥ r ∥ c^{'})$ , the correction is successful, and w can be recovered as $w = f (v, c)$ . And then, the shared key can be reproduced as $k_{s hared} = F_{k_{0}} (F_{k_{1}} (w \oplus r))$ . Otherwise, if $F_{k_{0}} (u ∥ r ∥ c) \neq F_{k_{0}} (u ∥ r ∥ c^{'})$ , it means the failure of shared keys’ negotiation.

The structure of fuzzy negotiation is shown in Figure 1.

Figure 1

Structure of fuzzy negotiation.

In hospital applications, many BSNs on various patients’ bodies may overlap in their wireless range. If biometric data collected by two biosensor nodes that have been placed on two adjacent patients’ bodies, respectively, are similar, the two biosensor nodes belonging to two different subjects can negotiate a shared key, which will cause serious medical accidents. However, many existing schemes [22–27] have ignored this problem. In our scheme, the preloaded $k_{0}$ and $k_{1}$ in a BSN are different from the ones in other BSNs, which ensures that a biosensor node can only negotiate shared keys with the biosensor nodes in the same BSN.

3.4. Correction Analysis of Fuzzy Negotiation

For simplicity, we define $f (\cdot)$ as bitwise XOR operation ⊕, and then in procedure “Trans” v and u can be defined as $v = w \oplus c$ and $u = w \oplus c \oplus F_{k_{0}} (r)$ , respectively. Accordingly, P can be defined as $〈w \oplus c \oplus F_{k_{0}} (r), r, F_{k_{0}} (w \oplus c \oplus F_{k_{0}} (r) ∥ r ∥ c)〉$ , and the shared key can be defined as $k_{shared} = F_{k_{0}} (F_{k_{1}} (w \oplus r))$ .

In procedure “Rec,” $c^{*}$ can be defined as $c^{*} = f (v, w^{'}) = u \oplus F_{k_{0}} (r) \oplus w^{'} = w \oplus c \oplus w^{'} = e \oplus c$ , where e is the difference between w and $w^{'}$ . If $e \leq t$ , procedure “Rec” can recover c by the error-correcting function $Dec (\cdot)$ which causes $F_{k_{0}} (u ∥ r ∥ c) = F_{k_{0}} (u ∥ r ∥ c^{'})$ . And then, procedure “Rec” can recover w by $w = f (v, c)$ to generate $k_{shared} = F_{k_{0}} (F_{k_{1}} (w \oplus r))$ which is shared with procedure “Trans.” If $e > t$ , procedure “Rec” cannot recover c effectively, and the key negotiation fails.

3.5. Security Analysis of Fuzzy Negotiation

Here we also define $f (\cdot)$ as bitwise XOR operation ⊕. Let $l = 128$ bits, $f (\cdot) : {0,1}^{128} \times {0,1}^{128} \to {0,1}^{128}$ , and $F_{k_{0}} (\cdot) : {0,1}^{128} \to {0,1}^{128}$ . In the following, we analyze security of fuzzy negotiation according to the two attack games: adaptively chosen biometric data attack game and adaptively chosen commitments attack game. Firstly, we suppose that a 128-bit value is secure to the exhaustive attack, the adversary can get biometric value w by RCB attack, and the error-correcting code C is open.

In the former attack game, when the adversary gets commitment $P = 〈w \oplus c \oplus F_{k_{0}} (r), r, F_{k_{0}} (w \oplus c \oplus F_{k_{0}} (r) ∥ r ∥ c)〉$ , it can compute $F_{k_{0}} (r)$ . Since $F_{k_{0}} (\cdot)$ is a keyed one-way function, the adversary can only guess the right $k_{0}$ from $F_{k_{0}} (r)$ and r with a negligible probability. Then, we can say that although the adversary can get a biometric value by RCB attack and its commitment by eavesdropping, it hardly finds the relationship between them with a negligible probability. In other words, the adversary can win the former attack game with a negligible probability. In the situation, the adversary cannot launch RCB attack to a biometric value which he cannot capture remotely as he cannot deduce the biometric value by its public commitment. This can protect these biometric data from being known by the adversary.

In the latter attack game, the adversary can obtain enough pairs of w and $Rec (K, δ (w), P, C) = F_{k_{0}} (F_{k_{1}} (w \oplus r))$ . Although w, r, and $F_{k_{0}} (F_{k_{1}} (w \oplus r))$ are known to the adversary, it will search the key space of $2^{128} \times 2^{128}$ before obtaining the right $k_{0}$ and $k_{1}$ , which is an infeasible task. Then, without $k_{0}$ and $k_{1}$ , the adversary can hardly compute the relationship between the commitment of w and the shared key $k_{shared}$ , even given w, $δ (w)$ , and C. Thus, we can say that the adversary wins the latter attack game with a negligible probability.

It is worth noting that, in fuzzy negotiation, we do not require that w must be a high-entropy biometric value. The reason is that, in the equation $k_{shared} = F_{k_{0}} (F_{k 1} (w \oplus r))$ , r is a random value and $F_{k} (\cdot)$ is a keyed pseudorandom function, which causes the input of $F_{k_{0}} (\cdot)$ to be a secret value that is computing-indistinguishable from a uniformly random value even w is a constant value. Thus, in the “Key Queries” step of the adaptively chosen commitments attack game, the adversary cannot obtain any knowledge of $k_{shared}$ from w. So, in our fuzzy negotiation structure, biometric values with any entropy can be used to establish shared keys.

We summarize the advantages of our fuzzy negotiation technology as follows. (1) Shared keys are produced by biometric nodes themselves, rather than delivering shared keys from one biosensor node to others, which reduces the messages that need to be delivered in key negotiation. With the help of broadcast mechanism, the method is suitable to establish shared keys among biosensors with more than two nodes. (2) Using two predeployed keys, $k_{0}$ and $k_{1}$ to generate shared keys, it helps the key negotiation scheme to withstand the RCB attack with little extra storage cost. (3) Breaking the limit that only high-entropy biometric data could be used to negotiate shared keys and widening the choice of the kinds of biometric data used in the practical negotiation of keys in BSNs.

4. Efficient Linear Interpolation Encryption with Keys Sampling Method

In [23], the linear interpolation operation is iteratively executed with interpolation factors and physiological signals to produce cipher text, and the cipher text can hide the physiological signals if interpolation factors keep confidential. However, the scheme does not give the detail on how to generate linear interpolation factors and only claims that these factors can be derived from the session key, which makes INTRAS lacking of operational guidance. In addition, if we use the method in [22] to produce the session keys, the keys may be easily captured by RCB attack according to the description in Section 2.1, which will cause the divulgation of interpolation factors and furthermore the divulgation of physiological signals. To address the problems, in this section we propose a concrete sampling method to generate interpolation factors and then design an efficient INTRAS encryption scheme that can resist RCB attack.

4.1. The Key Sampling Method

In this subsection, we propose a key sampling method that can produce a sequence of linear interpolation factors with enough length from the shared key to be used to encrypt biometric data. And the method is described as follows.

Before generating the sequence of interpolation factors, the two parts, A (the sender) and B (the receiver), extend their shared key $k_{shared}$ to a secret sequence S, respectively, using an open hash function $H (\cdot) : S = H (k_{shared} ∥ “ 1 ”) ∥ H (k_{shared} ∥ “ 2 ”) ∥ \dots ∥ H (k_{shared} ∥ “ n ”) ∥ \dots$ . We assume S has enough length to encrypt biometric data transferred between A and B.

We call some consecutive bits of S as a sampling window, and before extract interpolation factors from the shared key $k_{shared}$ , we let the sender A produce two secret parameters: open ℓ and secret $w n$ ; therein ℓ is the size of sample window; $w n$ is a secret vector: $w n = 〈w n_{1}, \dots, w n_{z}〉$ , where $w n_{i} (1 \leq i \leq z)$ denotes the start position of a sampling window and z is the number of interpolation factors required by encrypting biometric data.

When A needs to extract a sequence of interpolation factors D from S, it denotes each interpolation factor $d_{i}$ by the value of a S's fragment that is with a length of ℓ bits and starts from the $w n_{i}$ bit of S. Security here is achieved from the fact that the adversary does not know the distribution of S, which renders it infeasible to computer each interpolation factor $d_{i}$ . After producing D, A sends ℓ and $E_{k_{shared}} (w n)$ to B, therein $E_{k_{shared}} (w n)$ means using $k_{shared}$ to encrypt $w n$ in a symmetric encryption algorithm (such as AES). And then, B can produce the same sequence of interpolation factors.

4.2. An Improved INTRAS Encryption Scheme

Using the sequence of interpolation factors D, we combine the traditional encryption and signal encryption to propose an improved INTRAS encryption scheme. In the improved scheme, we first encode raw biometric data into a sequence X by PCM (pulse code modulation) encoding, and we then encrypt a fragment of biometric data sequence X using a fragment of D by iterative linear interpolation method. More specifically, we denote a fragment of biometric data $〈x_{[n - M + 1]}, \dots, x_{[n]}〉$ ( $n \geq M \geq 2$ ) as $X_{[n]}$ , and we define the two parts of a communication as A and B, where A is the sender and B is the receiver. In addition, assume that M is the number of biometric values in a biometric data fragment, and T is the number of fragments encrypted by a fragment of interpolation factors sequences. If $X_{[n]}$ corresponds to a fragment of $D : D_{i} = 〈d_{i - M + 1}, \dots, d_{i}〉$ ( $i \geq M \geq 2$ ), the iterative linear interpolation encryption of $X_{[n]}$ is defined by $x_{[n]}^{c} = \sum_{j = 0}^{M - 1} d_{i - j} \cdot x_{[n - j]}$ . In addition, when $1 \leq n < M$ , we need a secret initiation vector $V = 〈v_{1}, \dots, v_{M - 1}〉$ that is preshared by A and B to encrypt the fragment $X_{[n]} = 〈v_{n}, v_{n + 1}, \dots, v_{M - 1}, x_{1}, \dots, x_{[n]}〉$ , and the encryption is defined as $x_{[n]}^{c} = \sum_{o = n, i = 1}^{M - 1, M - n} v_{o} d_{i} + \sum_{j = 1}^{n} x_{[j]} d_{M - n + j}$ . For instance, when $n = 1$ , $X_{[1]} = 〈v_{1}, v_{2}, \dots, v_{M - 1}, x_{1}〉$ can be encrypted as $x_{[1]}^{c} = \sum_{i = 1}^{M - 1} d_{i} v_{i} + x_{[1]} d_{M}$ ( $M \geq 2$ ). In the encryption process, if $D_{i}$ has been used to encrypt T number of biometric data fragments, $X_{n - T + 1}, \dots, X_{n - 1}, X_{n} (T \leq n - M + 1)$ , we will use the next fragment of D, $〈d_{i + 1}, \dots, d_{i + M}〉$ , to encrypt the next T number of biometric data sequences $X_{n + 1}, \dots, X_{n + T}$ . In order to protect the integrity of biometric data transferred from A to B, A should use a keyed pseudorandom hash function $H_{k_{0}} (\cdot)$ to produce a commitment: $H_{k_{0}} (x_{[n - T + 1]}^{c} ∥ \dots ∥ x_{[n - 1]}^{c} ∥ x_{[n]}^{c})$ .

Before B decrypts the encrypted messages that is received from A, A must send ℓ, $E_{k_{shared}} (w n)$ , and $H_{k_{0}} (ℓ ∥ E_{k_{shared}} (w n))$ to B; therein $H_{k_{0}} (ℓ ∥ E_{k_{shared}} (w n))$ is used to commit the integrity of ℓ and $E_{k_{shared}} (w n)$ . When B wants to decrypt biometric data, at first, it checks the integrity of ℓ and $E_{k_{shared}} (w n)$ ; if the integrity is valid, it will use ℓ and $w n$ to produce the same interpolation factors sequence D as A. Next, B will check the integrity of encrypted biometric data, and if the integrity is valid, it will use D and V to decrypt the received encrypted messages by iterative decryption method.

For simplicity, Figure 2 only shows the sender part of the improved INTRAS encryption scheme.

Figure 2

An improved INTRAS encryption.

4.3. Security Analysis

INTRAS encryption is different from the traditional encryption scheme, and it adopts a simple addition operation and a multiplication operation to hide biometric data, which results in a piece of ciphertext exposing some valuable information about corresponding biometric value. Here we take our improved INTRAS encryption scheme as an example. Suppose in an improved INTRAS encryption scheme $ℓ = 10$ , $M = 3$ , and the range of the biometric values needed to be encrypted was studied in [10, 21]. Thus, if an interpolation factor is 1023 (the maximum value when $ℓ = 10$ ) in a fragment of D, the encrypted biometric values produced by the fragment should be between 10230 and 61410. In other words, if an adversary receives an encrypted value between 10230 and 61410, and it also knows M and the range of biometric values, it will induce the value of ℓ easily. Thus, in our improved INTRAS encryption scheme, ℓ does not need to be encrypted.

Though ℓ is open, we argue that the improved INTRAS encryption scheme is still a secure scheme. Below, we will explain this in terms of security of interpolation factors and biometric data, respectively.

(1) Security of Interpolation Factors. In the analysis, we consider the worst case where all of biometric values encrypted by a fragment of D are captured by the adversary using RCB attack. And in this context, the adversary will get the following equations set:

\begin{array}{l} x_{o}^{c} = x_{[o + 1 - M]} d_{u} + x_{[o + 2 - M]} d_{u + 1} + \dots + x_{[o]} d_{u + M - 1}, \\ x_{o + 1}^{c} = x_{[o + 2 - M]} d_{u} + x_{[o + 3 - M]} d_{u + 1} + \dots + x_{[o + 1]} d_{u + M - 1}, \\ ⋮ \\ x_{o + T - 1}^{c} = x_{[o + T - M]} d_{u} + x_{[o + T + 1 - M]} d_{u + 1} \\ + \dots + x_{[o + T - 1]} d_{u + M - 1} . \end{array}

(2)

The above equations set is a linear equation group, where

x_{[o + 1 - M]}, \dots, x_{[o + T - 1]}

(

o + 1 \geq M \geq T

) are known to the adversary. And by simple calculation, the adversary can get the following equation:

\begin{matrix} Z^{c} = Z_{u} d_{u} + \dots + Z_{u + M - T} d_{u + M - T} . \end{matrix}

(3)

In the equation,

Z_{c}

and the coefficients

Z_{u}, \dots, Z_{u + M - T}

are known by the adversary. Because the length of each interpolation factor is ℓ bits, the search space of adversary is

2^{ℓ \times (M - T - 1)}

before he guesses the right values of

〈d_{u}, \dots, d_{u + M - T}〉

. When

ℓ \times (M - T - 1) \geq 128

, the adversary hardly guesses the right fragment of D. For instance, if

ℓ = 10

and

T = 2

, then M must be 16. That is, the sender should execute the following encryption:

\begin{matrix} x_{o}^{c} = x_{[o - 15]} d_{u} + x_{[o - 14]} d_{u + 1} + \dots + x_{[o]} d_{u + 15}, \\ x_{o + 1}^{c} = x_{[o - 14]} d_{u} + x_{[o - 13]} d_{u + 1} + \dots + x_{[o + 1]} d_{u + 15} . \end{matrix}

(4)

Next, the sender will use

〈d_{[u + 16]}, \dots, d_{[u + 31]}〉

to encrypt

〈x_{[o - 13]}, x_{[o - 12]} \dots, x_{[o + 2]}〉

and

〈x_{[o - 12]}, x_{[o - 12]} \dots, x_{[o + 3]}〉

Thus, it can be seen that, in the worst case, the improved scheme still can maintain the security of interpolation factors as long as we give suitable values to ℓ, M, and T.

(2) Security of INTRAS Encryption. Due to existence of RCB attack, we hardly can resist an adversary to capture some kinds of biometric data remotely, while we should take measures to prevent the adversary from obtaining biometric data which it cannot capture remotely using the information which it can obtain by RCB attack. In the following, we show that the improved INTRAS encryption scheme can maintain the security of biometric data that cannot be captured by RCB attack.

In this analysis, we suppose the interpolation factors sequence D is secure, and then the worst case is that when a fragment of D is used to encrypt T fragments of biometric data, the former $T - 1$ numbers of fragments in the T fragments are known to the adversary; then we analyze whether the last value of the Tth fragment is secure.

According to the above assumption, ciphertext $x_{o}^{c}, \dots, x_{o + T - 1}^{c}$ and biometric data $x_{[o + 1 - M]}, x_{[o + 2 - M]}, \dots, x_{[o + T - 2]}$ in the above equations set are known to the adversary. Then, the adversary can get the following equation by calculation:

\begin{matrix} Z^{c} = Z_{u + T - 1} d_{u + T - 1} + \dots + Z_{u + M - 2} d_{u + M - 2} + Z_{u + M - 1} d_{u + M - 1}, \end{matrix}

(5)

where

Z^{c}, Z_{u + T - 1}, \dots, Z_{u + M - 2}

are known to the adversary,

Z_{u + M - 1}

can be defined as

Z_{u + M - 1} = Z_{a} + Z_{b} x_{[o + T - 1]}

, and

Z_{a}

and

Z_{b}

are also known to the adversary.

Then, $x_{[o + T - 1]} = ((Z^{c} - (Z_{u + T - 1} d_{u + T - 1} + \dots + Z_{u + M - 2} d_{u + M - 2})) / d_{u + M - 1} - Z_{a}) / Z_{b}$ .

Because $d_{u + T - 1}, \dots, d_{u + M - 2}, d_{u + M - 1}$ are unknown to the adversary, which means the space the adversary needs to search is $2^{ℓ (M - T + 1)}$ , and when $ℓ (M - T + 1) \geq 128$ , the biometric data which the adversary cannot capture by RCB attack are secure.

In other respects, due to the randomness of interpolation factors, the curve of encrypted data made by the improved INTRAS will hide the original curve of biometric data.

For instance, if $ℓ = 10$ , $M = 16$ , $T = 2$ , we use the Matlab tool to simulate the encryption, where initialization vector is randomly produced from range [1, 1023]; the fragment of the biometric data sequence is [11 13 15 17 11 13 15 17 11 13 15 17 11 13 15 17], the interpolation factors are randomly produced from range [1, 1023], and each fragment of interpolation factors sequence is used to encrypt two fragments of biometric data sequence. For instance, the first fragment of interpolation factors sequence is used to encrypt $〈v_{1}, \dots, v_{15}, 11〉$ and $〈v_{2}, \dots, v_{15}, 11,13〉$ , and then, we use next fragment of interpolation factors sequence to encrypt $〈v_{3}, \dots, v_{15}, 11,13,15〉$ and $〈v_{4}, \dots, v_{15}, 11,13,15,17〉$ as shown in Figure 3.

Figure 3

Comparison of original biometric values and encrypted biometric values.

From Figure 3 we can see that the improved INTRAS encryption scheme not only can hide the values of biometric values, but also can hide the changing trend of biometric values.

5. Conclusion

In order to improve the security of BSNs and provide BSNs with maximum protection from RCB attacks, we propose two improved approaches in this paper. One approach proposes a fuzzy negotiation structure that can use biometric data with any entropy to negotiate shared keys between biosensor nodes. Furthermore, when some shared keys are generated from biometric data that can be threatened by RCB attacks, the structure can secure these keys and also other biometric data that cannot be captured remotely. The second approach firstly proposed a key sampling method, which was not studied in the original INTRAS encryption, and it can be used to produce interpolation factors. We also proposed an improved INTRAS encryption scheme that can effectively resist the RCB attacks. Security analyses show our approaches are adequate for being used to secure BSNs.

Footnotes

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This work was supported in part by the Open Research Fund from Shandong Provincial Key Laboratory of Computer Network, Grant No. SDKL-2013-05; Jinan Independent Innovation Project (201303013); Shandong Provincial Natural Science Foundation (ZR2011FL027, ZR2012FM005); National Natural Science Foundation (61101162∖61101085∖60873041∖71171122); and “Strategic Priority Research Program” of the Chinese Academy of Sciences (XDA06010701).

References

Liu

Xiao

A secure data transmission scheme for body sensor network

Journal of Communications 2013 8 5 307 314

10.12720/jcm.8.5.307-314

2-s2.0-84878433038

Wang

Zhao

Resource optimized TTSH-URA for multimedia stream authentication in swallowable-capsule-based wireless body sensor networks

IEEE Journal of Biomedical and Health Informatics 2014 18 2 404 410

10.1109/JBHI.2013.2292883

2-s2.0-84896454577

Otto

Milenkovic

Sanders

Jovanov

System Architecture of a wireless Body Area Sensor Network for Ubiquitous Health Monitoring

Journal of Mobile Multimedia 2005 1 4 307 326

Cheng

S. H.

Huang

C. Y.

Coloring-based inter-WBAN scheduling for mobile wireless body area networks

IEEE Transactions on Parallel and Distributed Systems 2013 24 2 250 259

10.1109/TPDS.2012.133

2-s2.0-84871766194

Shi

Yuan

ASK-BAN: authenticated secret key extraction utilizing channel characteristics for Body Area Networks

Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ′13)

April 2013

Budapest, Hungary

155 166

10.1145/2462096.2462123

2-s2.0-84879516937

Jovanov

Milenkovic

Otto

De Groen

P. C.

A wireless body area network of intelligent motion sensors for computer assisted physical rehabilitation

Journal of NeuroEngineering and Rehabilitation 2005 2 6 1 10

10.1186/1743-0003-2-6

2-s2.0-18244373181

Yang

G. Z.

Body Sensor Networks 2006 1st

London, UK

Springer

Chen

H.-H.

Hou

T.-W.

A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations

Computer Standards & Interfaces 2010 32 5-6 274 280

10.1016/j.csi.2009.04.005

2-s2.0-77955333989

W. D.

Chekhanovskiy

M. A.

An electronic health record content protection system using SmartCard and PMR

Proceedings of the 9th International Conference on e-Health Networking, Application and Services

June 2007

11 18

10.1109/HEALTH.2007.381595

2-s2.0-34748921195

10.

HIMSS Reports

Systemic Interoperability Commission Releases Report to Congress and Administration

2005, http://www.himss.org/ASP/topicsNewsitem.asp?cid=65448&tid=3

11.

Lee

W. B.

Lee

C. D.

A cryptographic key management solution for HIPAA privacy/security regulations

IEEE Transactions on Information Technology in Biomedicine 2008 12 1 34 41

10.1109/TITB.2007.906101

2-s2.0-39449106296

12.

Kwon

Hong

Secure and efficient broadcast authentication in wireless sensor networks

IEEE Transactions on Computers 2010 59 8 1120 1133

10.1109/TC.2009.171

MR2757207

2-s2.0-77954163084

13.

di Pietro

Mancini

L. V.

Soriente

Spognardi

Tsudik

Data security in unattended wireless sensor networks

IEEE Transactions on Computers 2009 58 11 1500 1511

10.1109/TC.2009.109

MR2751572

2-s2.0-70449419951

14.

Uluagac

A. S.

Beyah

R. A.

Copeland

J. A.

Secure SOurce-BAsed Loose Synchronization (SOBAS) for wireless sensor networks

IEEE Transactions on Parallel and Distributed Systems 2013 24 4 803 813

10.1109/TPDS.2012.170

2-s2.0-84874904238

15.

Rasheed

Mahapatra

R. N.

The three-tier security scheme in wireless sensor networks with mobile sinks

IEEE Transactions on Parallel and Distributed Systems 2012 23 5 958 965

2-s2.0-84859722160

10.1109/TPDS.2010.185

16.

Shu

Krunz

Liu

Secure data collection in wireless sensor networks using randomized dispersive routes

IEEE Transactions on Mobile Computing 2010 9 7 941 954

10.1109/TMC.2010.36

2-s2.0-77952986444

17.

Chen

Tsai

W. T.

Service-Oriented Computing and Web Software Integration 2014 4th

Kendall Hunt

18.

Wang

Philip

A fingerprint orientation model based on 2D Fourier Expansion (FOMFE) and its application to singular-point detection and fingerprint Indexing

IEEE Transactions on Pattern Analysis and Machine Intelligence 2007 29 4 573 585

19.

Sufi

Khalil

ECG based biometric identifications

Springer Handbook of Information and Communication Security 2010

New York, NY, USA

Springer

10.1007/978-3-642-04117-4

20.

Bio-cryptography

Handbook of Information and Communication Security 2010

Berlin, Germany

Springer

129 157

10.1007/978-3-642-04117-4_7

21.

Ahmad

Han

A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment

Journal of Security and Communication Networks 2011 4 5 487 499

10.1002/sec.225

2-s2.0-78649321231

22.

Juels

Wattenberg

A fuzzy commitment scheme

Proceedings of the 6th ACM Conference on Computer and Communication Security (CSS ′99)

November 1999

28 36

10.1145/319709.319714

23.

Bui

F. M.

Hatzinakos

Biometric methods for secure communications in body sensor networks: Resource-efficient key management and signal-level data scrambling

Eurasip Journal on Advances in Signal Processing 2008 2008

529879

10.1155/2008/529879

2-s2.0-43949140900

24.

Cherukuri

Venkatasubramanian

K. K.

Gupta

S. K. S.

Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body

Proceedings of the 32nd International Conference on Parallel Processing (ICPP ’03)

October 2003

432 439

10.1109/ICPPW.2003.1240399

25.

Mesmoudi

Feham

BSK-WBSN: biometric symmetric keys to secure wireless body sensors networks

International Journal of Security and Its Applications 2011 3 5 155 166

10.5121/ijnsa.2011.3512

26.

Venkatasubramanian

K. K.

Gupta

S. K. S.

Security for pervasive health monitoring sensor applications

Proceedings of the 4th International Conference on Intelligent Sensing and Information Processing (ICISIP ′06)

December 2006

197 202

10.1109/ICISIP.2006.4286096

2-s2.0-43949092250

27.

Bao

S. D.

Shen

L. F.

Zhang

Y. T.

A novel key distribution of body area networks for telemedicine

Proceedings of the IEEE International Workshop on Biomedical Circuits and Systems

December 2004

1 11

10.1109/BIOCAS.2004.1454091

28.

Zhao

Qin

An energy efficient key management scheme for body sensor networks

IEEE Transactions on Parallel and Distributed Systems 2013 24 11 2202 2210

10.1109/TPDS.2012.320

2-s2.0-84885111766

29.

Cho

Lee

D. H.

Biometric based secure communications without pre-deployed key for biosensor implanted in body sensor networks

Lecture Notes in Computer Science 2012 7115 203 218

10.1007/978-3-642-27890-7_17

2-s2.0-84863288241

30.

Dodis

Reyzin

Smith

Fuzzy extractors: how to generate strong keys from biometrics and other noisy data

Advances in Cryptology—EUROCRYPT 2004 2004

Berlin, Germany

Springer

523 540

10.1007/978-3-540-24676-3_31

31.

Boyen

Reusable cryptographic fuzzy extractors

Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS ′04)

October 2004

82 91

2-s2.0-14844335721

32.

Dodis

Reyzin

Smith

Fuzzy extractor: a brief survey of results from 2004 to 2006

Security with Noisy Data 2007 chapter 5

Heidelberg, Germany

Springer

33.

Simoens

Tuyls

Preneel

Privacy weaknesses in biometric sketches

Proceedings of the 30th IEEE Symposium on Security and Privacy

May 2009

Berkeley, Calif, USA

188 203

10.1109/SP.2009.24

2-s2.0-70449640064

34.

Blanton

Aliasgari

On the (non-)reusability of fuzzy sketches and extractors and security in the computational setting

Proceedings of the International Conference on Security and Cryptography (SECRYPT ′11)

July 2011

68 77

2-s2.0-80052437032

35.

Dodis

Kanukurthi

Katz

Reyzin

Smith

Robust fuzzy extractors and authenticated key agreement from close secrets

IEEE Transactions on Information Theory 2012 58 9 6207 6222

10.1109/TIT.2012.2200290

MR2966087

2-s2.0-84865393678

Securing Body Sensor Networks with Biometric Methods: A New Key Negotiation Method and a Key Sampling Method for Linear Interpolation Encryption

Abstract

1. Introduction

2. Related Work

2.1. Fuzzy Commitment Technology

2.2. Fuzzy Extractor Technology

2.3. INTRAS Encryption

3. Proposed Fuzzy Negotiation Technology for Key Negotiation

3.1. Definition of Fuzzy Negotiation

Definition 1.

Theorem 2.

Proof.

Theorem 3.

Proof.

3.2. The Characteristics of Definition of Fuzzy Negotiation

3.3. Structure of Fuzzy Negotiation

3.4. Correction Analysis of Fuzzy Negotiation

3.5. Security Analysis of Fuzzy Negotiation

4. Efficient Linear Interpolation Encryption with Keys Sampling Method

4.1. The Key Sampling Method

4.2. An Improved INTRAS Encryption Scheme

4.3. Security Analysis

5. Conclusion

Footnotes

Conflict of Interests

Acknowledgments

References