A Biometrics Based Security Solution for Encryption and Authentication in Tele-Healthcare Systems G. H. Zhang1, 2, 3, 5 Carmen C. Y. Poon4 1
Institute of Computing Technology, CAS Graduate University of Chinese Academy of Sciences 3 CAS/CUHK Research Center for Biosensors and Medical Instruments, IBHE, SIAT, CAS Shenzhen, China 2
Abstract—Security and privacy are among the most crucial issues for data transmission in tele-healthcare applications. The paper proposes a biometrics based solution, combining encryption and authentication for wireless communication within a body sensor network (BSN), as well as between a BSN and a remote server (RS) of a tele-healthcare system. The method aims to use static and dynamic biometric traits to generate authentication and encryption keys respectively. Keys of 64 and 128 bits were generated from electrocardiogram and photoplethysmogram of 9 subjects and fingerprint images of 20 subjects. The entropy of the keys ranged from 0.662 to 1 and the hamming distances between them were all non-zero. The results of this study found that random and distinctive keys can be generated by a biometric approach for encrypting and authenticating data in telehealthcare systems. Keywords-tele-healthcare; body sensor network; biometrics; encryption; authentication
I.
INTRODUCTION
The concept of tele-healthcare can be defined as using various telecommunications to provide health care or medical information and services to patients by physicians and healthcare institutions [1, 2]. Body sensor networks (BSNs), consisting of a master node (MN) and several intelligent sensor nodes (SN) are emerging as one of the most important research trends in tele-healthcare to facilitate the collection and joint processing of biological data at the point-of-care for remote diagnosis [3, 4]. Data transmission in a tele-healthcare system can therefore be classified into three levels: 1) between MN and different sensors of a BSN, 2) between the MN of a BSN and the remote server (RS) and 3) between the RS and the physicians. As mandated by privacy laws and regulations, such as the Health Information and Portability Accountability Act (HIPAA) [5] and the European Union Directive 2002/58/EC [6], tele-healthcare applications should have a high level of security to guarantee the quality of patient care and the privacy of healthcare in the process of data transmission via wired and wireless network. Therefore, the security of data transmission for tele-healthcare must be considered at all three networking levels. Traditional network security can be divided roughly into four closely intertwined areas: encryption, authentication, nonrepudiation, and integrity control. Amongst them, encryption
Y. T. Zhang3, 4, 5 4
Joint Research Centre for Biomedical Engineering, The Chinese University of Hong Kong, Hong Kong 5 Key Laboratory for Biomedical Informatics and Health Engineering, CAS, China
[email protected]
and authentication are two important aspects that help to keep information out of the hands of unauthorized users and determine who the user is before allowing him or her to assess the secret information respectively. Differ from conventional face-to-face diagnosis, patient data are insecure in tele-healthcare. Authentication of the patient and encryption of these data have to be performed over the network. Without an authentication procedure, the remote physicians will not know who transmits the physiological signals. An attacker can pretend to be a user and transmit false data to the RS, leading possibly to a wrong diagnosis. Without data encryption, attackers can capture the data during transmission, tamper these data and then transmit to the RS, leading to undesirable consequences. Therefore, combining authentication and encryption for data transmission in telehealthcare instead of considering either authentication or encryption, is an unsolved challenge. Passwords or personal identification number (PIN) are often used in traditional cryptosystems for user authentication or data encryption but the drawbacks are that they can be forgotten, lost, or stolen. On the other hand, security solutions that are based on biometrics inherently solve many of these problems and may replace traditional secret keys [7]. Therefore, in this paper, we focus on a biometrics approach that combines encryption and authentication within the BSN and between the BSN and the RS. II.
BACKGROUND
A. Biometrics Biometrics refers to the authentication or identification of individuals by measuring their physiological or behavioral characteristics. Conventional characteristics such as fingerprints, retina and iris patterns are static biometrics that are designed to supervise and restrict access to authentication systems since they are relatively universal, distinct, permanent, easy to collect, acceptable, difficult to circumvent, and can yield good performance system [7]. A novel kind of biometric traits, such as heart rate variability (HRV) [8], interpulse interval (IPI) [9] and other features of electrocardiogram (ECG) [10] and photoplethysmogram (PPG) [11] have been recently studied to be used as a approach of personal identification or confidentiality. Compared with the conventional characteristics, these dynamic biometric traits are
978-1-4244-4641-4/09/$25.00 ©2009 IEEE
good for generating keys for encryption because of their randomness and time-variance. B. Related work As we mentioned above, both static and dynamic biometrics can be used for authentication or encryption. We have previously proposed using HRV or IPIs extracted from dynamic biometrics as biometric characteristics to generate identity for authentication and encryption in [8, 9, 12, 13]. Several other data encryption schemes have been proposed based on ECG [10, 14, 15] , PPG [11] and multiple physiological signals [16]. Regarding static biometrics, Clancy et al. [17] showed that fingerprint can be used to generate keys for cryptosystems. III.
Fig.3. Converting fingerprint image into binary matrix and using the matrix to generate 128 and 64 bits Kau by HashF
B. Key Pre-distribution The key pre-distribution is comprised of the following four steps, as shown in Fig.4:
SECURITY SOLUTION
Security solution includes key generation and key predistribution for authentication and encryption within a BSN and between BSNs and the RS. A. Key Generation There are three kinds of keys in the proposed security solution, i.e. Kinit, Ken and Kau. Kinit is a predefined initial symmetric key between a SN and MN, Ken and Kau are symmetric keys for encryption and authentication in data transmission, respectively. They are generated as follows: 1) Kinit can be generated by a pseudo-random generator and calculated by a one-way hash function (HashF), which is used to avoid attacker analyzing the random number generator, as shown in Fig.1.
Fig. 1. Using pseudo-random generator for random number generation and HashF for Kinit
2) In our solution, MN need not collect PPG or ECG directly. The SN initiates and sends physiological data to the MN, MN will generate Ken by using these physiological data, e.g. from PPG and ECG, as illustrated in Fig. 2.
Fig. 2. Extraction IPI feature from ECG and PPG signals and using HashF to generate 128 and 64 bits Ken
3) Kau is generated from traditional biometric traits by the MN preferably before the MN distributes Ken. As depicted in Fig. 3, the fingerprint image will be converted into a binary matrix and inputted into a HashF for normalization and generation of Kau. A fingerprint sensor should be required for collecting fingerprint in our solution. It can be equipped on MN or SN in BSN based on specific applications. The disadvantage is extra cost of the fingerprint sensor, yet it is an efficient authentication method compared with password.
Fig.4. Key pre-distribution scheme: 1) Distribution of Kinit from MN to SN; 2) Distribution of Kau from MN to SN under the protection of Kinit; 3) Distribution of Ken from MN to SN under the protection of Kinit and Kau; and 4) Distribution of Kau and Ken by asymmetric method.
In the above description, DATA is physiological data captured by the SNs, E(DATA, K) represents an encryption function of DATA by a key K, and MAC(DATA) denotes the computation of the message authentication code (MAC). Although using the same key to encrypt and authenticate is feasible in theory, it is not a good idea in practice because attacking one key is easier than two keys in terms of both time and computational complexity. Moreover, in the proposed scheme, data are first authenticated and then encrypted before transmitting through the network. This can avoid tampering with authentication and protect the authentication key. IV.
FEASIBILITY STUDY
In this section, we will calculate the time and cost of bruteforce attack in theory. We then analyze the randomness and distinctiveness of encryption keys generated from two dynamic biometric traits: PPG and ECG. The randomness and distinctiveness of authentication keys generated from traditional biometric trait, i.e. fingerprint, will also be studied. A. The Time and Cost Estimates for Brute-force Attack We assumed that the brute-force attack is the most efficient attack against an algorithm. Table I shows the time that this machine required revealing keys of different lengths by bruteforce attack. Furthermore, based on Moore’s Law and the fact that a brute-force DES-cracking (56-bit) machine which can reveal a key in an average of 3.5 hours cost $1 million in 1993 [18], we calculated the attacking time for keys of different lengths using machines of different costs as of 2009, as shown in Table II.
TABLE I THE ATTACKING TIME ESTIMATION OF DIFFERENT KEY LENGTHS Key length (bit)
Attack time (day)
8 16 32 64 128 256
2.96 × 10-15 7.58 × 10-13 4.97 × 10-8 2.13 × 102 3.94 × 1021 1.34 × 1060
Assume using a machine that consisted of a million chips, each capable of testing a million keys per second, i.e. it could test 256 keys in 20 hours. The key length less than 64 bits is obviously insecure.
TABLE II THE COSTS OF REVEALING KEYS OF DIFFERENT LENGTHS IN 2009 KEY LENGTH (BIT)
Cost $103 $104 $105 $106 $107 $108
32 7.44 ×10-4 second 8.05 × 10-5 second 7.54 × 10-6 second 8.38 × 10-7 second 7.54 × 10-8 second 7.45 × 10-9 second
64 37 days 4 days 9 hours 1 hour 5.4 minutes 32 seconds
128 1018 years 1017 years 1016 years 1015 years 1014 years 1013 years
Fig. 6. The entropy of 128 and 64 bits keys that generated by using IPI feature of PPG and ECG of 9 subjects.
C. Randomness and Distinctiveness of Kau Lastly, we converted the fingerprint images into binary matrix and produced 128 and 64 bits authentication keys, respectively. The entropy of these 128 and 64 bits keys ranges from 0.928 to 1 in Fig.7.
From this table, we can know a machine that costs $1 million requires 1 hour getting a 64 bits key. Therefore, to maintain a high security level, a 32 bits key should not be considered in the applications; a 64 bits key may have to be changed every half an hour to resist brute-force attack.
0.4 0.35 0.3 0.25 0.2 0.15 0.1 0.05 0
Fig.7. The entropy of 128 and 64 bits keys generated from the fingerprints of the different subjects (20 subjects and each subject with 5 fingerprints in different time of one finger) and having perfect randomness.
The normalized hamming distance of 128 and 64 bits keys generated from different subjects is shown in Fig.8. The results confirmed that a distinctive authentication key can be generated from the fingerprint image to represent the identity of the user of a BSN. Normalized probability
Normalized probability
B. Randomness and Distinctiveness of Ken We then randomly selected 9 subjects from one of our previous study [19] and used their ECG and PPG collected from that study for the generation of the encryption key Ken. These data were sampled at 1000 Hz. Five datasets were collected for each subject and the first 32 IPIs of each dataset were used to generate a key. We calculated the normalized hamming distance between two different keys of the same length and generated from the same kind of signal. As displayed in Fig.5, the results of this study found that these 128 and 64 bits keys generated from PPG and ECG of different subjects or at different time are distinct. In other words, even if an attacker were able to reveal a key generated at a specific time, the key will not carry extra information for him to reveal other encryption keys. Furthermore, the entropy of a binary sequence should be 1.000 bits per bit if it is random. Fig.6 shows the entropy of the encryptions keys ranged from 0.662 to 1, which means that the keys have a relative uniform distribution of 1’s and 0’s.
ECG-128 ECG-64 PPG-128 PPG-64
0.6 128-bit 64-bit
0.5 0.4 0.3 0.2 0.1 0 0
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 Normalized hamming distance
1
Fig.5. The hamming distance of 128 and 64 bits keys generated from PPG and ECG of different subjects or at different time.
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Normalized hamming distance of different subjects
Fig.8. The normalized hamming distance of 128 and 64 bits keys generated from the fingerprints of different subjects (20 subjects and each subject has 5 fingerprints, 364*360 size.) and normalized probability.
V.
DISCUSSION AND CONCLUSION
Encryption and authentication are two important aspects of the security considerations of tele-healthcare communication. Therefore, in this paper we proposed a security solution that combined both of them for tele-healthcare systems. We also discussed the benefits of combining static and dynamic biometrics for simultaneous authentication and encryption based on the randomness and distinctiveness of traditional physiological characteristics and the chaotic and exclusive nature of dynamic physiological signals. Although IEEE 802.15.1 [20] and IEEE 802.15.4 [21] proposed 128-bit key to secure data transmission in wireless personal area network, it is found in this study that a 64-bit key is also acceptable for BSN to prevent brute-force attacks provided that the key is changed every half an hour. Compared to the generation of network security keys by MD5 [22] and SHA-1 [23] methods, our proposed method is faster since it does not require complex computation operations but at the expense of including a fingerprint sensor in BSN. The fingerprint sensor can serve two purposes: verification of the identity of the user of a BSN as well as the generation of authentication keys for data transmission in a tele-healthcare system. ACKNOWLEDGMENT This work was supported in part by the Hong Kong Innovation and Technology Fund (ITF). The authors are grateful to Standard Telecommunication Ltd., Jetfly Technology Ltd., Golden Meditech Company Ltd., Bird International Ltd. and Bright Steps Corporation for their supports to the ITF projects.
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
REFERENCES [1]
[2] [3]
[4] [5]
[6]
R.L. Bashshur, T.G. Reardon, and G.W. Shannon, "Telemedicine: A new health care delivery system." Annual Review of Public Health. 21: pp. 613-637, 2000. T.L. Huston and J.L. Huston, "Is telemedicine a practical reality?." Commun. ACM. 43(6): pp. 91-95, 2000. R.S.H. Istepanian, E. Jovanov, and Y.T. Zhang, "Guest editorial introduction to the special section on m-health: Beyond seamless mobility and global wireless health-care connectivity." Information Technology in Biomedicine, IEEE Transactions on. 8(4): pp. 405-414, 2004. G.Z. Yang, "Body sensor networks." pp. 4-13, 2006. J. Hash, P. Bowen, A. Johnson, C.D. Smith, and D.I. Steinberg, "An introductory resource guide for implementing the health insurance portability and accountability act (hipaa) security rule." Nat. Inst. Stand. Technol., NIST Spec. Publ. Gaithersburg, MD,: pp. 800-866, 2005. T.E.P.a.t.C.o.T.E. Union, "Directive 2002/58/ec concerning the processing of personal data and the protection of privacy in the
[18] [19]
[20]
[21]
[22] [23]
electronic communications sector." Official J. Eur. Communities: pp. L201/37-47, 2002. U. Uludag, S. Pankanti, S. Prabhakar, and A.K. Jain, "Biometric cryptosystems: Issues and challenges." Proceedings of the IEEE. 92(6): pp. 948-960, 2004. S.D. Bao, Y.T. Zhang, and L.F. Shen. "Physiological signal based entity authentication for body area sensor networks and mobile healthcare systems." in Engineering in Medicine and Biology Society, 2005. IEEEEMBS 2005. 27th Annual International Conference of the. 2005: pp. 2455-2458. C.C.Y. Poon, Y.-T. Zhang, and S.-D. Bao, "A novel biometrics method to secure wireless body area sensor networks for telemedicine and mhealth." Communications Magazine, IEEE. 44(4): pp. 73-81, 2006. K.K. Venkatasubramanian, Venkatasubramanian, A. Banerjee, and S.K.S. Gupta. "Ekg-based key agreement in body sensor networks." in INFOCOM Workshops 2008, IEEE. 2008: pp. 1-6. K.K. Venkatasubramanian, A. Banerjee, and S. Gupta. "Plethysmogrambased secure inter-sensor communication in body area networks." in Military Communications Conference, 2008. MILCOM 2008. IEEE. 2008: pp. 1-7. S.D. Bao, C.C.Y. Poon, L.F. Shen, and Y.T. Zhang, "Using the timing information of heartbeats as an entity identifier to secure body sensor network." Information Technology in Biomedicine, IEEE Transactions on. 12(6): pp. 772-779, 2008. S.D. Bao, L.F. Shen, and Y.T. Zhang. "A novel key distribution of body area networks for telemedicine." in Biomedical Circuits and Systems, 2004 IEEE International Workshop on. 2004: pp. 1-17-20a. F.M. Bui and D. Hatzinakos, "Biometric methods for secure communications in body sensor networks: Resource-efficient key management and signal-level data scrambling." Eurasip Journal on Advances in Signal Processing, 2008. N. Challa, H. Cam, and M. Sikri, "Secure and efficient data transmission over body sensor and wireless networks." Eurasip Journal on Wireless Communications and Networking, 2008. S. Cherukuri, K.K. Venkatasubramanian, and S.K.S. Gupta. "Biosec: A biometric based approach for securing communication in wireless networks of biosensors implanted in the human body." in Parallel Processing Workshops, 2003. Proceedings. 2003 International Conference on. 2003: pp. 432-439. T.C. Clancy, N. Kiyavash, and D.J. Lin, Secure smartcardbased fingerprint authentication, in Proceedings of the 2003 ACM SIGMM workshop on Biometrics methods and applications. 2003, ACM: Berkley, California. B. Schneier, Applied cryptography, second edition. 1996: John Wiley & Sons. C.C.Y. Poon and Y.T. Zhang. "Cuff-less and noninvasive measurements of arterial blood pressure by pulse transit time." in Engineering in Medicine and Biology Society, 2005. IEEE-EMBS 2005. 27th Annual International Conference of the. 2005: pp. 5877-5880. IEEE-SA, "Part 15.1: Wireless medium access control(mac) and physical layer (phy) specifications for wireless personal area networks (wpans)." pp. 123-148, 2002. IEEE-SA, "Part 15.4: Wireless medium access control (mac) and physical layer (phy) specifications for low-rate wireless personal area networks (lr-wpans)." pp. 206-216, 2006. R. Rivest, The md5 message-digest algorithm, in RFC 1321. 1992. D.E. 3rd and P. Jones, Us secure hash algorithm 1 (sha1), in RFC 3174. 2001.
