A Lightweight Symmetric Key based Cryptographic System for Wireless Body Sensor Network

Of late, E-health monitoring is gaining its limelight because of its flexibility of service. This methodology makes it possible to monitor a patient in a remote area, by exploiting wireless biosensors attached in the patient’s body. These biosensors collect different physiological signals from the human body and forward all the collected information to the server or to the doctors. This data transmission is vulnerable to several security attacks. It is necessary to provide security and hence a three layered lightweight symmetric key based cryptographic system is proposed. This system ensures several security measures such as access control, data confidentiality and integrity etc. Finally, the proposed system is analyzed with several performance metrics. The system proves its efficiency and is shown in graphical results.


INTRODUCTION
Of late, E-health monitoring is gaining its limelight because of its flexibility of service.This methodology makes it possible to monitor a patient in a remote area, by exploiting wireless biosensors attached in the patient's body.These biosensors collect different physiological signals from the human body and forward all the collected information to the server or to the doctors (Miao et al., 2012).In case of any dangerous situation, the patient is alarmed with messages through the monitoring system.These remote monitoring systems are fruitful in places where scarcity of physicians is observed.
All the detected information is passed into a powerful node attached in the human body.Thus, the transmission of collected information from the human body to the physician involves three levels of transmission.They are data transmission between biosensors and sensor head, data transmission between the sensor head and the base station and data transmission between the base station and the physician (Lin et al., 2011).
As this network deals with very confidential medical information, a strict security and privacy policy has to be enforced.If the security policy is not up to the mark, the patient's medical data can be gained access by the intruder and this may result in wrong diagnosis, Venkatasubramanian et al. (2008).This is a serious issue needed to be addressed (Fig. 1).
This study proposes an approach that securely transmits medical information, in all the three levels of data transfer.The biosensor detects the rate of heart beat and ECG is generated.This ECG is converted to data and the QRS positions of signals are analyzed, as they are the most important information for analysis, as done by Kohler et al. (2002), Lee and Buckley (1999) and Zhang and Lian (2007).This extracted important information is encrypted by using symmetric key based cryptography Fig. 2.
This study provides security in all the three stages of data transmission.Initially, in the first stage, every bio-sensor registers it with the sensor head to ensure the identity and to avoid miscommunication.Bio-sensors detect the QRS peaks of the ECG signal.The detected QRS peaks are transferred to the sensor head with the sensor ID and timestamp.In the second phase of the system, the sensor head registers itself to the base station and authentication is performed.Symmetric key encryption is performed and then the encrypted data is hidden within a cover image.Sensor head then forwards the encrypted and embedded data to the base station.
Finally in the last phase, the physician can access the medical data after clearing the access control step.If the physician needs to access the data, then ˓II is sent to the base station.The base station then sends the decryption key which is encrypted by the Jℎ˳ .The physician has to decrypt the key, in order to gain access to the data.In this study, we focus on extracting QRS

LITERATURE REVIEW
Several works have been proposed to enforce security policies for wireless body sensor networks and are studied below.Already proposed security schemes for Mobile Ad hoc Networks and Wireless Sensor Networks do not suit Body Sensor Networks, owing to its communication abilities and battery backup.
Several systems concentrating over encryption, key management and access control mechanisms can be studied in the works proposed by Hu et al. (2013), Keoh et al. (2009), Law et al. (2011), Li et al. (2013), (2010), Malan et al. (2004), Tan et al. (2008Tan et al. ( ), (2009) ) and Xu et al. (2011).The physiological signals were introduced by Venkatasubramanian and Gupta (2006), in order to carry out a secure inter-sensor communication.In the work proposed by Poon et al. (2006), the Inter-Pulse Interval is used to produce cryptographic keys.
A Sensor Network for Assessment of patients is presented by Poon et al. (2006), which provides privacy, authenticity and integrity of medical data.Malasri and Wang (2009) use symmetric keys are generated by ECC ad RC5 block cipher is employed to assure data confidentiality and integrity, but this system is inefficient because of its computational overhead.A lightweight trust based model is proposed by He et al. (2012), in order to deal with the security breaches.
In the work proposed by Upmanyu et al. (2010), a secure and a blind biometric authentication protocol is presented.This protocol assures user's privacy, template protection and trust issues.A secure and a novel lightweight network admission and transmission protocol is presented by Daojing et al. (2013).ECG is manipulated by morphological schemes in the works proposed by Chen and Duan (2005), Chu et al. (1989),   Hu and Bao (2010), Trahanias (1993), Zhang and Lian  (2009) and Zhang et al. (2007).
Motivated by the aforementioned works, we propose a system that extracts QRS signals and are encrypted by a lightweight symmetric key based protocol.This system provides user access control, privacy and authentication, which are the important attributes of security.

PROPOSED METHODOLOGY
This study aims to arrive at a secure system that provides privacy, authenticity, access control, confidentiality and integrity.Privacy is guaranteed by keeping the data private such that the unintended users cannot use or tamper the data by any means.Every communication can turn its leaf out, only when the authentication procedure gets over.Access control mechanisms sieve through the users such that it determines who can access what.Confidentiality ensures that only the intended users can gain access to the data (usage of decryption key).Integrity is achieved such that illegitimate alteration over the data should not be possible.
This study concentrates on three stages of data transmission and they are data transmission between biosensors and sensor head, data transmission between the sensor head and the base station and data transmission between the base station and the physician.A short summary of every stage is presented below.

Data transmission between biosensors and sensor head:
• Each bio-sensor registers it with the sensor head to ensure the identity and to avoid miscommunication.
• Bio-sensors detect the QRS peaks of the ECG signal.• The detected QRS peaks are transferred to the sensor head with the sensor ID and timestamp.

Data transmission between the sensor head and the base station:
• The sensor head registers itself to the base station and authentication is performed.• Symmetric key encryption is performed and then the encrypted data is hidden within a cover image.
• Sensor head then forwards the encrypted and embedded data to the base station.

Data transmission between the base station and the physician:
• The physician can access the medical data after passing the access control step.Sensor registration with the sensor head: In this phase, all the bio-sensors present in the human body are needed to get registered with the sensor head, in order to perform data transmission.Initially, the bio-sensors present in the human body sends a H along with the bio-sensor ID to the sensor head.This is to avoid misconception of bio-sensors.The sensor head verifies the bio-sensor ID and accepts the H , if it belongs to the concerned human body.This process is then followed by transmitting the encrypted QRS peaks to the sensor head.The encryption is carried out by the symmetric keys and is explained below.

Detection of QRS peaks in ECG signal:
Several morphological operators such as dilate, erode, open and close, in order to extract the QRS peaks of the signal.The dilation operation enlarges the input object, whereas the erode operator reduces or shrinks the input object.The open operator makes the edges or outline of the input object in even fashion.The close operator fills the gap between the edges and also the tiny holes are excluded.This study exploits dilate and erode operators.

Steps to detect QRS peaks:
Step 1: Dilate and erode the input signal ˟ and ˟ respectively.
Step 2: Calculate the average av of ˟ IJˤ ˟ .
Step 3: Calculate the difference between the average and the input signal.
Step 4: Apply modulus operation to improve the quality of filtered ECG signal.
Step 5: Choose an adaptive threshold as the deciding function.
The adaptive threshold depends on the signal, so that it can adapts to the changing behavior of the signal.The threshold can be selected by the following: (1) In ( 1), M is derived from the signal that is within the range of millivolts.Thus, the QRS peaks are detected.

Data transfer from bio-sensor to sensor head:
The detected QRS peaks are then transferred by the biosensors to the sensor head.This transmission consists of the detected QRS peaks, bio-sensors' ID and the timestamp.The sensor head verifies and accepts the data that has been sent:

Sensor head registration:
The unique identifier of the sensor head is shared with the base station.Upon verification, the master key is issued for the sensor head by the base station.When a sensor head node needs to transfer data to the base station, the sensor head sends a ˖ along with the Jℎ and timestamp to the base station.The ˖ is verified by the base station and the randomly generated key for data transmission ˫ along with the ˫ is provided.˫ is recycled for every period of time: The symmetric key is generated by: is the pseudo-random number generator that randomly generates prime numbers, ˫ is the key supplied by the base station after handshaking procedure, ˫ is the randomly generated key for data transmission by the base station and Jℎ is the sensor head id.The encrypted data is embedded within the cover image and is explained below.

Hiding the encrypted data into a cover image:
In order to improve the security, this system exploits watermarking concept also.Any image can be chosen as the cover medium for the encrypted signal.This study applies Lifting Wavelet Transform (LWT) over the cover image and approximation band alone is considered.This is followed by the determination of the size of encrypted data and the space required to accommodate the encrypted data is figured out.All the encrypted data bits are embedded within the approximation band, based on an embedding sequence.The pixels of the approximation band are added with the data bits.This process is continued until all the data bits are embedded.
Data transfer from sensor head to base station: On successful registration of sensor head with the base station, the base station issues the master key.When a sensor head wants to transfer data, it raises the ˖ and is sent along with the Jℎ and timestamp to the base station.The ˖ is verified by the base station and the randomly generated key for data transmission ˫ along with the ˫ is provided.Encryption is carried out by this way and the encrypted data is embedded into the cover image and sent to the base station as mentioned in Eq. ( 3) and ( 4).

Data transmission between the base station and the physician:
Every physician in a healthcare centre is provided with the user name and password.The base station verifies the identity of the physician by certain security questions, which were initially answered by the physician.The physician can gain access to the data that has been sent only after successful decryption.
Every physician will be provided with a unique id, Jℎ˳ .If the physician needs to access the data, then the physician sends ˓II to the base station.The base station then sends the decryption key which is encrypted by the Jℎ˳ .The physician has to decrypt the key, in order to gain access to the data.Initially, the encrypted data bits which are embedded in the cover image are needed to be extracted and is discussed in below section: Data extraction: Embedded data can be extracted by the application of LWT and consider the approximation band alone.Every pixel pair is processed so as to extract the data bits.The pixels of the approximation band are subtracted from the data bits.Thus, the data bits are obtained from the cover image.

Decryption:
After the successful extraction of the encrypted data, it is necessary to decrypt the data for gaining access to the data.The decryption key can be obtained from the base station, on request.When the base station receives ˓II from the physician, it sends the decryption key that is encrypted by the Jℎ˳ .The physician decrypts the key and obtains the decryption key for gaining access to the QRS peaks.

RESULT ANALYSIS
This study is analyzed by performance metrics such as false acceptance and rejection rate, half total error, message passing ability and key generation time.The proposed work is compared with the existing works such as LDAE proposed by Daojing et al. (2013), SPOC proposed by Zhang and Lian (2009) and BSGE proposed by Hu and Bao (2010).MATLAB is utilized to carry out this research work.This study is evaluated with MIT/BIH standard ECG database provided by Goldberger et al. (2013) and the least false acceptance and rejection rate is achieved.

False acceptance and rejection rate:
All the sensors transmit the messages to the sensor head, which is the most powerful node.Suppose, many patients are in and around with implanted sensors, then the messages passed by the bio-sensor must reach the corresponding sensor head.In case, if a sensor from patient P1 reaches the sensor head of patient P2, the sensor head must reject the request.False acceptance rate is the rate at which the sensor head accepts messages wrongly from the attached bio-sensors.False rejection rate is the rate at which the sensor head rejects the message of the biosensors of the same patient Fig. 3 and 4.
Half total error rate: Half total error rate is calculated by subtracting Balanced Classification Rate (BCR) from 1.The experimental result is shown in Fig. 5: Message passing ability analysis: The message passing ability of different systems are compared and the proposed system outperforms all the other systems.The message passing ability is measured by total number of messages sent successfully, without any complexity and the results are shown in Fig. 6.

Key generation time analysis:
The time it takes to generate the key can be given by the Fig. 7 and is compared with several existing systems.Our proposed work takes lesser time to generate the key.
On analyzing the experimental results, it is evident that the system works well for several performance measures.The proposed work is very fast in key generation.The false acceptance and rejection rates along with half total error rate are considerably low.

CONCLUSION
This study considers three different stages of data transmission.They are data transmission between biosensors and sensor head, data transmission between the sensor head and the base station and data transmission between the base station and the physician.In every stage, we enforce a security constraint and thereby the data is transmitted securely to the physician.Initially, the QRS signals are detected by the morphological operations such as erosion and dilation.A lightweight symmetric key based encryption along with watermarking is exploited to arrive at a reasonable security of the system.This study ensures privacy, access control, data confidentiality and integrity to the system.

Fig. 1 :
Fig. 1: Processes involved in the system identifier of the bio-sensor ˮJ = The timestamp Data transmission between the sensor head and the base station: This phase focuses on several aspects of security issues.Keys are generated and the encryption is carried out.The encrypted QRS peaks are hidden within a cover image, by exploiting watermarking concept.The QRS peaks embedded cover image is sent to the base station.

Ӣ
˟H → ˔˟: {Jℎ } Hˤ˥Jˮ˩˦˩˥J JℎIJ˩J˧; ˔˟ → ˟H : {˭˫} HIJˮ˥J ˫˥˳ ˮJIJJ˭˩JJ˩JJ ˟H → ˔˟: {˖ ÉJℎ ÉˮJ} ˖IˮI J˥J˯˥Jˮ ˮJIJJ˭˩JJ˩JJ sensor head ˔˟ = The base station Jℎ = The unique identifier of sensor head ˭˫ = The master key ˮJ = The timestamp ˫ = Recycled for every minute Symmetric key encryption: Symmetric key systems rely on a single key for both encryption and decryption process.Symmetric key systems are faster and simple to implement.Due to the resource restriction of biosensors, symmetric keys are exploited by this system.After the detection of QRS peaks, encryption is performed by the symmetric key.When a sensor head needs to transfer data to the base station, a ˖ along with the Jℎ and timestamp is sent to the base station.The ˖ is verified by the base station and the randomly generated key for data transmission ˫ along with the ˫ is provided back to the sensor head.Data transfer format is provided below:

•
If the physician needs to access the data, then ˓II is sent to the base station.The base station then sends the decryption key which is encrypted by the Jℎ˳ .The physician has to decrypt the key, in order to gain access to the data.
Zhang and Tae-Wuk (2012).The main merit of morphological operators is that it works over spatial domain and not over frequency.These operations work on the basis of mathematical formulation and are simple to implement.