A Lightweight Security Scheme for Wireless Body Area Networks: Design, Energy Evaluation and Proposed Microprocessor Design

In order for wireless body area networks to meet widespread adoption, a number of security implications must be explored to promote and maintain fundamental medical ethical principles and social expectations. As a result, integration of security functionality to sensor nodes is required. Integrating security functionality to a wireless sensor node increases the size of the stored software program in program memory, the required time that the sensor's microprocessor needs to process the data and the wireless network traffic which is exchanged among sensors. This security overhead has dominant impact on the energy dissipation which is strongly related to the lifetime of the sensor, a critical aspect in wireless sensor network (WSN) technology. Strict definition of the security functionality, complete hardware model (microprocessor and radio), WBAN topology and the structure of the medium access control (MAC) frame are required for an accurate estimation of the energy that security introduces into the WBAN. In this work, we define a lightweight security scheme for WBAN, we estimate the additional energy consumption that the security scheme introduces to WBAN based on commercial available off-the-shelf hardware components (microprocessor and radio), the network topology and the MAC frame. Furthermore, we propose a new microcontroller design in order to reduce the energy consumption of the system. Experimental results and comparisons with other works are given.     

基于分簇的动态协同算法在无线传感器网络中的应用

为降低无线传感器网络中的能量开销,减少存储和网络资源,采用了一种新的信息融合机制。根据目标的当前地理位置,将无线传感器网络中的节点动态分簇,建立分布式的跟踪机制。利用一种基于信息矩阵加权的卡尔曼算法在该机制下进行目标跟踪,与无分簇机制下的信息矩阵融合算法进行性能比较,仿真实验结果表明该方法具有较高的有效性和可靠性。同时,在网络存在丢包情况下,基于Grubbs准则进行改进,能有效地提高精度。     

一种基于RSSI距离比的传感器节点定位算法

随着无线传感器网络的应用与发展,WSN作为一种全新的信息获取和处理技术已得到广泛应用。如何对传感器网络节点进行快速、精确的定位,已成为WSN系统急需解决的问题。为此,提出了一种基于RSSI距离比的MDS定位算法。该算法巧用RSSI距离比,结合Euclidean测距技术计算节点间距离矩阵,运用MDS算法建立相应的全局坐标系统。根据已知锚节点物理位置,通过坐标变换（旋转与平移）最终确定未知节点的物理位置。实验结果表明：该方法能有效地提高定位的精度,对开发高精度定位系统具有重要的参考价值。     

A Mutual Authentication Framework for Wireless Medical Sensor Networks

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient’s data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient’s medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients’ vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.     

基于能量均衡的WSN多跳非均匀分簇路由算法

在无线传感器网络路由协议中采用多跳通信的方式能够减少通讯距离、增强网络通讯的稳定性并提高网络能量利用效率,但是,由于靠近汇聚节点的簇头需要转发大量数据,容易导致能量快速衰竭而失效,造成“能量空洞”现象。提出了一种新型的基于能量均衡的多跳非均匀分簇路由算法（MUCRA）,采用逐层成簇的策略,簇头以一定的半径广播分层信号,划分下一层网络区域非均匀层次,普通的传感器节点和簇头根据分层信息选择合适的网络路径。仿真实验结果表明：与经典的LEACH协议及EEUC协议相比,该算法能有效平衡网络负载,缓解“能量空洞”问题     

An Improved Two-Layer Authentication Scheme for Wireless Body Area Networks

Wireless body area networks (WBANs) comprises a number of sensor nodes and the portable mobile device such as smartphone. It is used to monitor the physical condition and provide a reliable healthcare system. Utilizing the wireless communication network, sensor nodes collect the physiological data of one patient to the portable mobile device and the latter analyzes and transmits them to the application providers. Therefore, the personal data confidentiality and user privacy are cores of WBANs. Recently, Shen et al. presented a multi-layer authentication protocol for WBANs, which is lightweight and much easier to implement. However, we observe that their authentication between sensor nodes and the portable mobile device could ensure the forward security property only when the sensor nodes are changed (add or delete). When the sensor nodes are constant, the security property is not satisfied. Meanwhile, the authentication between the portable mobile device and application provider is prone to mutual impersonation attack, so the critical goal of mutual authentication can not be achieved. In this paper, an improved two-layer authentication scheme is proposed to remove the flaws. The analysis shows that our method is more secure and could withstand various attacks.     

Heart Motion Uncertainty Compensation Prediction Method for Robot Assisted Beating Heart Surgery – Master–slave Kalman Filters Approach

Information and communication technologies have thrived over the last few years. Healthcare systems have also benefited from this progression. A wireless body area network (WBAN) consists of small, low-power sensors used to monitor human physiological values remotely, which enables physicians to remotely monitor the health of patients. Communication security in WBANs is essential because it involves human physiological data. Key agreement and authentication are the primary issues in the security of WBANs. To agree upon a common key, the nodes exchange information with each other using wireless communication. This information exchange process must be secure enough or the information exchange should be minimized to a certain level so that if information leak occurs, it does not affect the overall system. Most of the existing solutions for this problem exchange too much information for the sake of key agreement; getting this information is sufficient for an attacker to reproduce the key. Set reconciliation is a technique used to reconcile two similar sets held by two different hosts with minimal communication complexity. This paper presents a broadcast-based key agreement scheme using set reconciliation for secure communication in WBANs. The proposed scheme allows the neighboring nodes to agree upon a common key with the personal server (PS), generated from the electrocardiogram (EKG) feature set of the host body. Minimal information is exchanged in a broadcast manner, and even if every node is missing a different subset, by reconciling these feature sets, the whole network will still agree upon a single common key. Because of the limited information exchange, if an attacker gets the information in any way, he/she will not be able to reproduce the key. The proposed scheme mitigates replay, selective forwarding, and denial of service attacks using a challenge-response authentication mechanism. The simulation results show that the proposed scheme has a great deal of adoptability in terms of security, communication overhead, and running time complexity, as compared to the existing EKG-based key agreement scheme.     

Improved Particle Swarm Optimization Algorithm for Android Medical Care IOT using Modified Parameters

This study examines wireless sensor network with real-time remote identification using the Android study of things (HCIOT) platform in community healthcare. An improved particle swarm optimization (PSO) method is proposed to efficiently enhance physiological multi-sensors data fusion measurement precision in the Internet of Things (IOT) system. Improved PSO (IPSO) includes: inertia weight factor design, shrinkage factor adjustment to allow improved PSO algorithm data fusion performance. The Android platform is employed to build multi-physiological signal processing and timely medical care of things analysis. Wireless sensor network signal transmission and Internet links allow community or family members to have timely medical care network services.     

基于BA无标度网络的WSNs拓扑优化模型

由于无线传感器能量受限,最大化网络生命周期成为优化网络拓扑首要考虑的问题。基于BA无标度理论,提出了一种WSNs拓扑优化模型（WTOM）。在网络中引入超级节点,结合粒子群算法合理地划分整个网络;在节点间建立多因素为导向的虚拟力场,利用虚拟力调整超级节点的部署位置,实现网络能量的均衡消耗,通过对关键节点的保护,提高网络的抗毁鲁棒性。经理论分析和实验证明,该网络不仅继承了BA无标度网络的特征还具有小世界特性;同时该动态拓扑延长了网络的生命周期,提高了网络面向数据收集的节能性。     

A Provably-Secure Transmission Scheme for Wireless Body Area Networks

Wireless body area network (WBANs) is composed of sensors that collect and transmit a person’s physiological data to health-care providers in real-time. In order to guarantee security of this data over open networks, a secure data transmission mechanism between WBAN and application provider’s servers is of necessity. Modified medical data does not provide a true reflection of an individuals state of health and its subsequent use for diagnosis could lead to an irreversible medical condition. In this paper, we propose a lightweight certificateless signcryption scheme for secure transmission of data between WBAN and servers. Our proposed scheme not only provides confidentiality of data and authentication in a single logical step, it is lightweight and resistant to key escrow attacks. We further provide security proof that our scheme provides indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model. Compared with two other Diffie-Hellman based signcryption schemes proposed by Barbosa and Farshim (BF) and another by Yin and Liang (YL), our scheme consumes 46 % and 8 % less energy during signcryption than BF and YL scheme respectively.     

Cooperative wireless network control based health and activity monitoring system

A real-time cooperative communication based wireless network is presented for monitoring health and activity of an end-user in their environment. The cooperative communication offers better energy consumption and also an opportunity to aware the current location of a user non-intrusively. The link between mobile sensor node and relay node is dynamically established by using Received Signal Strength Indicator (RSSI) and Link Quality Indicator (LQI) based on adaptive relay selection scheme. The study proposes a Linear Acceleration based Transmission Power Decision Control (LA-TPDC) algorithm to further enhance the energy efficiency of cooperative communication. Further, the occurrences of false alarms are carefully prevented by introducing three stages of sequential warning system. The real-time experiments are carried-out by using the nodes, namely mobile sensor node, relay nodes and a destination node which are indigenously developed by using a CC430 microcontroller integrated with an in-built transceiver at 868 MHz. The wireless node performance characteristics, such as energy consumption, Signal-Noise ratio (SNR), Bit Error Rate (BER), Packet Delivery Ratio (PDR) and transmission offset are evaluated for all the participated nodes. The experimental results observed that the proposed linear acceleration based transmission power decision control algorithm almost doubles the battery life time than energy efficient conventional cooperative communication.     

Network Coded Cooperative Communication in a Real-Time Wireless Hospital Sensor Network

The paper presents a network coded cooperative communication (NC-CC) enabled wireless hospital sensor network architecture for monitoring health as well as postural activities of a patient. A wearable device, referred as a smartband is interfaced with pulse rate, body temperature sensors and an accelerometer along with wireless protocol services, such as Bluetooth and Radio-Frequency transceiver and Wi-Fi. The energy efficiency of wearable device is improved by embedding a linear acceleration based transmission duty cycling algorithm (NC-DRDC). The real-time demonstration is carried-out in a hospital environment to evaluate the performance characteristics, such as power spectral density, energy consumption, signal to noise ratio, packet delivery ratio and transmission offset. The resource sharing and energy efficiency features of network coding technique are improved by proposing an algorithm referred as network coding based dynamic retransmit/rebroadcast decision control (LA-TDC). From the experimental results, it is observed that the proposed LA-TDC algorithm reduces network traffic and end-to-end delay by an average of 27.8% and 21.6%, respectively than traditional network coded wireless transmission. The wireless architecture is deployed in a hospital environment and results are then successfully validated.     

ICASME: An Improved Cloud-Based Authentication Scheme for Medical Environment

Unlike the traditional medical system, telecare medicine information system (TMIS) ensures that patients can get health-care services via the Internet at home. Authenticated key agreement protocol is very important for protecting the security in TMIS. Recently scholars have proposed a lot of authenticated key agreement protocols. In 2016, Chiou et al. demonstrated that Chen et al.’s authentication scheme fails to provide user’s anonymity and message authentication and then proposed an enhanced scheme (Chiou et al., J. Med. Syst. 40(4):1–15, 2006) to overcome these drawbacks. In this paper, we demonstrate that Chiou et al.’s scheme is defenseless against key compromise impersonation (KCI) attack and also fails to provide forward security. Moreover, we propose a novel authentication scheme namely ICASME to overcome the mentioned weaknesses in this paper. Security analyses show that ICASME achieves the forward security and KCI attack resistance. In addition, it is proved that the time taken to implement the ICASME is not intolerable compared to the original protocol.     

人羊膜上皮细胞通过抑制中性粒细胞胞外诱捕网促进糖尿病创面愈合

软件定义网络（software defined network,SDN）作为一种新型网络架构,其转控分离及集中控制的架构思想为网络带来了显著的灵活性,同时为感知全局网络状态提供了便利。分布式拒绝服务攻击（distributed denial of service,DDoS）是一种典型的网络攻击方式。针对SDN网络中进行DDoS攻击检测的问题,提出了一种基于条件熵和决策树的DDoS攻击检测方法,利用条件熵判断当前网络状态,通过分析SDN中DDoS攻击特点,提取用于流量检测的6项重要特征,使用C4.5决策树算法进行网络流量分类,实现对SDN中的DDoS攻击的检测。实验表明,相比于其它研究方法,文中提出的方法不仅具有较高检测精确率和召回率,而且明显缩短了检测时间。     

Ubiquitous Healthcare Computing with Sensor Grid Enhancement with Data Management System (SEGEDMA)

Wireless Sensor Network (WSN) can be deployed to monitor the health of patients suffering from critical diseases. Also a wireless network consisting of biomedical sensors can be implanted into the patient’s body and can monitor the patients’ conditions. These sensor devices, apart from having an enormous capability of collecting data from their physical surroundings, are also resource constraint in nature with a limited processing and communication ability. Therefore we have to integrate them with the Grid technology in order to process and store the collected data by the sensor nodes. In this paper, we proposed the SEnsor Grid Enhancement Data Management system, called SEGEDMA ensuring the integration of different network technologies and the continuous data access to system users. The main contribution of this work is to achieve the interoperability of both technologies through a novel network architecture ensuring also the interoperability of Open Geospatial Consortium (OGC) and HL7 standards. According to the results, SEGEDMA can be applied successfully in a decentralized healthcare environment.     

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.     

Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications

The use of wireless sensor networks (WSN) in healthcare applications is growing in a fast pace. Numerous applications such as heart rate monitor, blood pressure monitor and endoscopic capsule are already in use. To address the growing use of sensor technology in this area, a new field known as wireless body area networks (WBAN or simply BAN) has emerged. As most devices and their applications are wireless in nature, security and privacy concerns are among major areas of concern. Due to direct involvement of humans also increases the sensitivity. Whether the data gathered from patients or individuals are obtained with the consent of the person or without it due to the need by the system, misuse or privacy concerns may restrict people from taking advantage of the full benefits from the system. People may not see these devices safe for daily use. There may also possibility of serious social unrest due to the fear that such devices may be used for monitoring and tracking individuals by government agencies or other private organizations. In this paper we discuss these issues and analyze in detail the problems and their possible measures.     

Secure Communication of Medical Information Using Mobile Agents

Recently several efficient schemes are proposed to provide security of e-medicine systems. Almost all of these schemes have tried to achieve the highest security level in transmission of patients' medical information to medical institutions through a heterogeneous network like Internet. In this paper, we explain the insecurity of these schemes against "man-in-the-middle" attack. Furthermore, a dynamic mobile agent system based on hybrid cryptosystem is proposed that is both secure and also efficient in computation cost. Analyzing the security criteria confirms suitability of the proposed scheme for e-medicine systems.     

An Efficient Mutual Authentication Framework for Healthcare System in Cloud Computing

The increasing role of Telecare Medicine Information Systems (TMIS) makes its accessibility for patients to explore medical treatment, accumulate and approach medical data through internet connectivity. Security and privacy preservation is necessary for medical data of the patient in TMIS because of the very perceptive purpose. Recently, Mohit et al.’s proposed a mutual authentication protocol for TMIS in the cloud computing environment. In this work, we reviewed their protocol and found that it is not secure against stolen verifier attack, many logged in patient attack, patient anonymity, impersonation attack, and fails to protect session key. For enhancement of security level, we proposed a new mutual authentication protocol for the similar environment. The presented framework is also more capable in terms of computation cost. In addition, the security evaluation of the protocol protects resilience of all possible security attributes, and we also explored formal security evaluation based on random oracle model. The performance of the proposed protocol is much better in comparison to the existing protocol.     

A Wavelet Transform Based Feature Extraction and Classification of Cardiac Disorder

Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.’s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.’s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.’s scheme. In this paper, we found that both Lee’s and Jiang et al.’s authentication schemes have a serious security problem in that a registered user’s secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee’s scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee’s and Jiang et al.’s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.