16-02-2013, 04:54 PM
DATA SECURITY AND PRIVACY IN WIRELESS BODY AREA NETWORKS
[attachment=51238]
ABSTRACT
The wireless body area network has emerged
as a new technology for e-healthcare that allows
the data of a patient’s vital body parameters and
movements to be collected by small wearable or
implantable sensors and communicated using
short-range wireless communication techniques.
WBAN has shown great potential in improving
healthcare quality, and thus has found a wide
range of applications from ubiquitous health
monitoring and computer assisted rehabilitation
to emergency medical response systems. The
security and privacy protection of the data collected
from a WBAN, either while stored inside
the WBAN or during their transmission outside
of the WBAN, is a major unsolved concern, with
challenges coming from stringent resource constraints
of WBAN devices, and the high demand
for both security/privacy and practicality/usability.
In this article we look into two important
data security issues: secure and dependable distributed
data storage, and fine-grained distributed
data access control for sensitive and private
patient medical data. We discuss various practical
issues that need to be taken into account
while fulfilling the security and privacy requirements.
Relevant solutions in sensor networks
and WBANs are surveyed, and their applicability
is analyzed.
INTRODUCTION
Recently, with the rapid development in wearable
medical sensors and wireless communication,
wireless body area networks (WBANs)
have emerged as a promising technique that will
revolutionalize the way of seeking healthcare
[1–3], which is often termed e-healthcare. Instead
of being measured face-to-face, with WBANs
patients’ health-related parameters can be monitored
remotely, continuously, and in real time,
and then processed and transferred to medical
databases. This medical information is shared
among and accessed by various users such as
healthcare staff, researchers, government agencies,
and insurance companies. In this way
healthcare processes, such as clinical diagnosis
and emergency medical response, will be facilitated
and expedited, thereby greatly increase the
efficiency of healthcare.
Based on the WBAN, a wide range of novel
applications are enabled, such as ubiquitous
health monitoring (UHM), computer-assisted
rehabilitation, emergency medical response system
(EMRS), and even promoting healthy living
styles. Specifically, in UHM the WBAN frees
people from visiting the hospital frequently, and
eases the heavy dependence on a specialized
workforce in healthcare. Thus, it is a desirable
technique to quickly build cost-effective healthcare
systems, especially for countries that are
short of medical infrastructure and well trained
staff. In addition, in an EMRS temporary
WBANs can be rapidly deployed with minimum
human effort at a disaster scene so that the vital
signs of injured patients can be monitored and
reported to the remote health center in time,
which is potentially capable of saving the lives of
numerous people.
APPLICATION SCENARIO
We exemplify the security needs in WBANs by a
distributed healthcare application scenario.
Suppose Peter is injured when traveling far
away from his hometown. At first, the emergency
paramedic reads Peter’s implanted RFID
tag to obtain his profile and medical records,
and a WBAN consisting of wearable medical
sensors is established and associated with
Peter. Later, various healthcare workers can
directly access the vital sign readings from the
WBAN in real time, in order to provide better
medical care. For instance, a nurse inquires on
Peter’s health status from his WBAN and
uploads an electronic report to the local server
in Peter’s room.
Peter’s PDA has been configured with an initial
access policy (AP) that controls who has
access to his medical data within his WBAN.
The AP automatically adapts to contexts, such as
accommodating the reception staff, doctor, and
nurse. Peter can also modify the AP at his own
will; for example, his sensitive AIDS record is
only allowed to be shared with his nurses but not
doctors.
Note that medical data is often stored and
accessed distributively. Different types of monitoring
data may be stored in different sensor
nodes; before Peter arrives at a place with wireless
Internet coverage, those data can only be
stored locally in his WBAN. Direct local access
to cached data in Peter’s WBAN and local
servers allows freshly generated data to be
viewed immediately without delay to facilitate
in-time diagnosis.
Here, a natural question is how to ensure the
security of the distributively stored patient-related
data from its storage through transfer to
access. Before we discuss the security of distributed
data storage and access, we first analyze
the threats faced by the distributively stored data
in the WBAN.
THREATS FACED BY THE
DATA STORED WITHIN WBAN
The WBAN often operates in environments with
open access by various people (e.g., hospital
staff), which also accommodates attackers. The
open wireless channel makes the data prone to
being eavesdropped, modified, and injected.
These threats have already been extensively analyzed
in the literature. Since in this article we
mainly focus on data storage and access, we
illustrate the threats from the device point of
view.
Threats from device compromise: The sensor
nodes in a WBAN are subjected to compromise,
as they are usually easy to capture and not tamper-
proof. If a whole piece of data is directly
encrypted and stored in a node along with its
encryption key, the compromise of this node will
lead to the disclosure of data.
Also, local servers may not be trustworthy,
since there are malicious people trying to break
into them to obtain patients’ privacy information.
They can either carry out the attack from
the Internet, or simply go to the room where a
patient is and wait for the chance to physically
compromise a local server.
Threats from network dynamics: The WBAN is
highly dynamic in nature. Due to accidental failure
or malicious activities, nodes may join or
leave the network frequently. Nodes may die out
due to lack of power. Attackers may easily place
faked sensors in order to masquerade authentic
ones, and could take away legitimate nodes
deliberately. The patient-related data, if not well
kept in more than one node, could be lost easily
due to the network dynamics. Also, false data
could be injected or treated as legitimate due to
lack of authentication.