Security Analysis in Body Area Networks using Attribute-based Ring Signcryption Scheme

At present, Body Area Networks (BANs) are budding as one of the major research interests, predominantly in the field of personal health monitoring. In view of the fact that health data are extremely private and includes sensitive details, the security of data transmission inside a BAN turns out to be a critical issue that needs instant attention. In this study, Attribute-based Ring Signcryption Scheme (ARSS) is proposed for body area network security. The initial process of proposed system is preprocessed the patient’s dataset using Independent Component Analysis (ICA). Then interoperability is defined by semantics and the semantic interoperability among body area sensor networks is used Ant Colony Optimization based Fuzzy Ontology (ACO-FO). The ACO-FO is used to improve the interoperability of BAN system. Then the proposed ARSS is simultaneously providing the characteristics of message confidentiality, authentication, integrity, remembrance, non-repudiation, verifiability in public and forward secrecy of message confidentiality. ARSS can make use of any speedy and safe symmetric algorithm for the encryption of messages, it offers huge benefits in order to be employed in establishments involving security in the fields of health monitoring and while managing with resource constrained devices. Theoretically it proves that ARSS is efficient and feasible. And also its security level is analyzed and compared to existing Elliptic Curve Cryptography with Fuzzy Ontology (ECC with FO) signcryption and Fuzzy Attribute-Based Signcryption Schemes.


INTRODUCTION
Body Area Networks (BANs) can be used to continuously or remotely monitor patients' health, which have the tremendous capability for revolutionizing the acquisition, processing and the communication of significant data for e-healthcare systems. As we know, the modern e-healthcare systems can provide new ways of hospitalization with quality health care. Wirelessly connected medical sensor nodes placed in, on and around the body form a BAN for continuous, automated and remote monitoring of physiological signs to support medical applications (Patel and Wang, 2010;Lorincz et al., 2004). In addition, a Patient Controller (PC) is needed to perform a multitude of functions in BANs. A PC (such as a PDA or smart phone) can sense and fuse data from sensors across the body, serve as a user interface and bridge BANs to higher-level infrastructures. The primary applications of BANs are seen in the domain of healthcare, especially for continuous monitoring and logging vital parameters of patients suffering from chronic diseases such as diabetes, asthma and heart attacks. Moreover, BAN technology is able to support other personalized applications, such as sports, gaming, entertainment, military and so on (Hanson et al., 2009;Li et al., 2010;Jovanov et al., 2005). A wide range of applications make BANs have a promising future.
A continuous development of wireless sensor network application is observed in BANs. Every BAN instrument is connected to the body of a human and observes the condition of that corresponding body. In the field of health care, application of BAN gives constant monitoring regarding the patient's critical signs, permitting for quicker medical help with no difficulty of being made to physically reside in the hospital stringed with wired monitoring devices and inperson supervision. In addition, BAN can make possible a better experience with respect to exercise by means of providing feedback and measurements regarding the body's response to physical activities. In comparison with traditional sensor networks, the most important difference of BANs is that a BAN needs to deal with more important medical information. Data confidentiality and integrity are the most important requirements in BANs, since wireless medium is susceptible to lots of security attacks. In this research work, the security provided by a BAN in opposition to an outsider is majorly concentrated. In view of the fact that a BAN comprises of all entities in touch with the body, the aim is securing the communication of these devices opposed to outsider devices which do not make physical contact with the body.
In BANs, sensor association that is secure is a not a small issue, because a healthcare worker must check whether a set of sensors are securely and correctly in association with a patient intended prior to any data communication. Lots of previous works focus only on group key agreement in sensor nodes (Tan et al., 2009;Morchon et al., 2006;O'Donovan et al., 2009;Malasri and Wang, 2007). BANs output the same data bits that are independent of the application domain, though the purpose of this data can be different in different domains. For instance, heartbeat can indicate about health in the care domain or it can be synonymous with performance ability in the sports or entertainment domains. This example exhibits that semantic interoperability needs sharing of data and concepts, along with placing them for the particular application purpose for the sake of for their suitable usage. Ontologies have been accepted in the literature as a way for achieving interoperability at semantic level between systems (Ouksel and Sheth, 1999). Ontology is a conceptualization of real-world phenomena (Guizzardi, 2005), hence there is a necessity to examine which concepts has to be also included in ontology for the achievement of semantic interoperability between the sensor networks and sensor applications and what is needed for directing towards their usage that will be appropriate for them.
In this study, Attribute-based Ring Signcryption Scheme (ARSS) is proposed for body area network security. The initial process of proposed system is preprocessed the patient's dataset using Independent Component Analysis (ICA). Then interoperability is defined by semantics and the semantic interoperability among body area sensor networks is used Ant Colony Optimization based Fuzzy Ontology (ACO-FO). The ACO-FO is used to improve the interoperability of BAN system. If the interpretability of communication failure is occurs means BAN interaction does not progress as the external users. Once the problem has been identified and fixed, communication is then resumed using the updated ontologies. Then the proposed ARSS is simultaneously provides the attributes of message confidentiality, authentication, integrity, unforgetability, non-repudiation, public verifiability and forward secrecy of message confidentiality. As it is on the basis of ARSS, it can employ any speedy and safe symmetric algorithm for the encryption of messages; it offers huge benefits in order to be employed in establishments involving security in the fields of health monitoring and while managing with resource constrained devices.

BACKGROUND STUDY AND SYSTEM MODEL
In this section, the most related research that still exists is summarized. And system model of proposed system is explained. A certificate less remote anonymous (Liu et al., 2012) authentication protocol proposed. Even doctors do not have the authority of disclosing the private information regarding the patient. This approach makes use of an account index that is anonymous. Three resources that are employed in this protocol are the network manager, WBAN client and Application Provider (AP). The WBAN client makes the request for service from the application provider, then the network manager takes the responsibility of managing the network and authenticity and the application provider offers the services in the network. This protocol is in accordance with the CL-PKC means Certificate less Public key cryptography. The three steps involved in this protocol are initialization, registration and remote anonymous authentication. The impersonation of the client cannot be done by the network as it is capable of generating only a part of the key.
The physiological value could be heart rate, pulse rate, electrocardiography etc. A (Sampangi et al., 2012) security suite has been introduced for BAN that uses IAM (Independent and Adaptive Key Management) and KEMESIS (Key Management Scheme for security in Inter Sensor communication), mechanisms for security. In these kind of schemes, the usage of keys that are randomly generated is applied for the purpose of encryption and decryption at the sender and receiver side in an independent manner and no key distribution or exchange of keys among sensors is required. There are multiple means for the distribution of the key. The keys distribution to the sensors could be prior to deployment. But this approach is not very flexible. The keys can also be distributed with the support of bio channels such as Inter Pulse Interval (IPI) etc. A security suite has been presented for BAN that employs a new key agreement scheme which permits the nodes in the neighborhood in BAN to be able to share a common key that is generated by ECG signal . The IJS (Improved Jules Sudan) is introduced for the authentication of message. The ECG-IJS key agreement can perform the secure data communication over BAN in the absence of any kind of key distribution overhead. The newly introduced key generated form is actually a universally measurable physiological stimulus (ECG) which is unique and distinct for every person.
A secure and effective Ordered Physiological Feature based Key Agreement (OPFKA) for use in BAN is introduced in Hu et al. (2013a). Two sensors accept over a symmetric cryptographic key generated from the physiological signal characteristics that are overlapping. This approach requires no pre distribution of keys. The secret characteristics that are computed from the identical physiological signal observed at various parts of the body by means of sensors with some overlapping though not the same entirely. The OPFKA is evolved for transferring the secret features of one sensor to another so that two sensors can be able to recognize the ones that are overlapping. It is a secure, resourceful and practical protocol. The features by each sensor generated are ordered in order to create a feature vector. The sender transmits the secret features in addition with the data with noise to the receiver. The receiver then generates a key in accordance with the features that are common. The sender recognizes the common characteristics present in its own feature vector and accordingly does the key computation. The aim of OPFKA is enabling a secure inter-sensor communication within a BAN. A security system based on biometric (Ramli et al., 2013) is introduced for the purpose of data authentication in the BAN. The ECG feature of the sender is chosen as the biometric key for authentication of data in BAN. Hence there is no risk of one patient's record getting mixed up with another patient.
In Liu and Kwak (2010) a hybrid security protocol for BAN is presented for supporting to secure a communication wireless channel. This protocol has a better tradeoff among security and resource restraints. A hybrid kind of key management methodology (Alsadhan and Khan, 2013) is introduced which is actually a combination of the physiological values along with the preloaded keys. The Local Binary Pattern (LBP) is employed by ECG based agreement for generating common keys which are to be agreed upon for the purpose of encryption and decryption with the goal of making the inter sensor communication far more secure. The two important concepts of this approach constitute feature generation and key agreement. Master key is basically preloaded in the medical server of the BAN present remotely for authenticating personal server. In case, an adversary happens to compromise a personal server, medical server cancels the existing key belonging to the personal server. Then the recovery of the Personal server is performed by making use of the master secret key.

System model and preliminaries network model:
A health-care system network model is considered. There are two most important present in this system: The BAN of a patient and also the external user(s). In specific, the BAN comprises one BAN controller with several (implantable or wearable) devices. The devices are typically sensors that observe critical body parameters or their movements and manage the human body by means of yielding life support, visual/audio feedback, etc. These BAN devices keep in touch with the BAN controller either directly or by means of multihop communications. The BAN controller not only communicates with the BAN devices however evens the Internet. Furthermore, BAN controllers in that are in the neighborhood possibly will generate an ad hoc network along with Wireless Personal Area Network (WPAN) techniques.
Here, the presence of a trusted third party KS -i.e., a key distribution server is presumed-which is capable of verifying the identity corresponding to a legal external user (e.g., a doctor) and distributes credentials for use to the external user. The identity pertaining to the external user is a collection of features that describe the essential user details. It must be noted that KS is hence not necessary to be connected online while an emergency-room doctor requires communicating with the BAN a patient is present in-i.e., it therefore cannot develop into the form of a single point-of-failure for the system.

Adversary model:
Here, both categories of adversaries are taken into account:  Adversaries that are passive and which do message eavesdropping sent (wirelessly) within the BAN or among the BAN and the external user.  Active adversaries which control the sent messages. Moreover, the multiple adversary collusion case is also considered. It must be noted that an adversary might be either an external user having no authorized access permission to the BAN, or an "insider" which intends to manipulate/retrieve the medical information that it has no authorization to access.

PROPOSED METHODOLOGY
This section introduces the chief idea behind the proposed access control structure which imposes various access rights for various kinds of users. It improves the security of patient's information for health care in BAN. Subsequently, the four algorithms of ARSS are explained. And the overall performance of proposed system also explained.
System overview: System overview is illustrated in Fig. 1. It shows the overall architecture of proposed system. In this proposed system, Attribute-based Ring Signcryption Scheme is used for body area network security. The initial process of proposed system is preprocessed the patient's dataset using Independent Component Analysis. Then interoperability is defined by semantics and the semantic interoperability among body area sensor networks is used Ant Colony Optimization based Fuzzy Ontology (ACO-FO). In order to safe-guard against the exposure of information because of theft or a loss of the BAN controller, the personnel identification must be authenticated when they get connected with the controller. In order to have access control to the controller, the attribute-based signencryption over ARSS will be examined. In case of attribute-based encryption, a ciphertext is tagged with a collection of attributes in addition to a private key is related to an access structure which has the control over the ciphertext that person is capable of decrypting in the same way, access structures are utilized for controlling the access rights of several users of the BAN controller.
Data preprocessing using ICA: Data preprocessing is frequently advantageous for reducing the data dimensionality using ICA. It is a technique to present the patient's data in a more detailed manner by exposing the structure that is hidden in the data and often reduces the dimensionality pertaining to the representation. It can also be considered as a technique of reducing the dimensionality as a highly minimized representation of the data is found.
Dimensionality reduction is not the first and foremost goal of ICA and factually, many of the ICA algorithms are in favor of reasonable dimensionalities of data. The major concept with respect to the ICA presumes that the data are linearly combined through a collection of separate autonomous sources and thereafter demix those signal sources according to their statistical independency measure obtained through mutual information. For the purpose of validating its approach, basically it is assumed that at the most only one source in the mixture model can be permitted to be as a Gaussian source. This is because of the fact that a linearly mixing Gaussian sources is yet a Gaussian source. The main aim of ICA is to reduce the dimensionality of data. In ICA, the high dimensionality data are considered as irrelevant data and it all removed from data set. Provided a collection of n-dimensional data vectors x , x , . . , x , the directions (vectors) in the direction of where the projections statistics of the data vectors are independent of one another comprise the independent elements. It means, when A represents a change from the reference frame given to the independent component reference frame, at that moment: x Ae (1) In order that p e π et . Where pa . represents the marginal distribution and p e stands for the joint distribution on the n-dimensional vector e. Generally, the scheme for carrying out Independent Component Analysis (ICA) is observed as the scheme for the purpose of deriving one particular W: In order that every component of (i.e., each yi) goes on to become independent of one another. When the individual marginal distributions are seen to be non-Gaussian, subsequently the marginal densities that are derived result in a scaled permutation of the actual density functions when one W such as this can be got. One general learning scheme (Ouksel and Sheth, 1999) for finding one W (as derived from the normal gradient descent of Kullback-Leibler divergence among joint density and the product of marginal densities) is: Where f y represents a nonlinear function with respect to the output vector y (like a cubic polynomial or a polynomial having odd degree, or a summation of polynomials with odd degrees, or a sigmoidal function). The preprocessed data is stored and maintained in BAN controller database. Based on this data information, the encryption and signcryption methods key information is discussed.
Access control structure: The proposed system's main concept is about designing a security scheme based on attribute that sees the identities (of external users) in the form of groups of attributes and imposes a lower limit on the amount of attributes common among a user's distinctiveness and the access rights specifications of the sensitive data. Consider an identity includes n attributes and every attribute could be regarded as a string having length that can be arbitrary. Instances of identities of patients include Ipd = {doctor, Identity, department, title}, Ipd = {Name, title, Dept.}, etc. This further allows to indicate access privileges of users in accordance with attributes. The access structure of a user in the form:' d out of n attributes', that permits the user to get hold of the information from the BAN controller. Especially, a collection of attributes for every user from the access control structure is defined since a BAN that is personal generally does not possess a large number of users.

ACO-FO based approach for improving semantic interoperability:
The proposed system adopted the ACO based fuzzy rule ontology-approach to support the semantic interoperability of the platform. The Fuzzy Rule Learning (FRL) is big problem in Fuzzy ontology.
To solve this problem using ACO and it's improved the fuzzy rules.

Ant colony optimization algorithms for learning fuzzy rules:
To apply ACO algorithms to a FRL problem, the following steps have to be carried out: Step 1: A FRL problem is Obtained ant it is represented as a graph or a comparable structure simply covered by ants. In order to build the graph, the following steps are taken:  Conclude the rules: A rule 1, … defined by means of an antecedent combination, is and is will be included in the graph if and only if: ∃ , … , , ∈ in order that … 0. Specifically, there is at the least one example positioned in the fuzzy input subspace characterized by the antecedents considered in the rule.  Link the rules to consequents: The rule R will be connected to the consequent B -j 1. . , N -(taken from the collection of labels of the output fuzzy partition) if and only if it satisfies the following condition: e x , … , x , y ∈ E in order that μA x … μA x . μB y 0. Specifically, there is not less than one example placed in the fuzzy input subspace which gets covered by such a result.
Step 2: Determine the way of allocating a heuristic preference to every choice that the ant has to take in each step to produce the solution. Construct the set ′ composed of the input-output data pairs that are placed in the input subspace defined by E ′ e x , … , x , y ∈ E such that μA x … μA x . μB y 0 .
Step 3: Set up a suitable way of initializing the pheromone. Pheromone value of every assignment is obtained as given below: Step 4: Determine a fitness function which has to be optimized. The fitness function sets up the quality of a solution. The measure taken will be the function called Mean Square Error (MSE), which defined as: Step 5: Choose an ACO algorithm and execute it to the FRL problem.
The collection of nodes attainable from Ri (set of possible neighborhood of node Ri) will be J i j such that η 0 in the transition rules taken by both ACO schemes when constructing the solution.
The amount of pheromone that the ant k applies on the couplings which belongs to the solution created by it will equate to 1/MSE RB , with RB being the RB produced by ant k.
In case of the local pheromone trail update rule of the ACO scheme, the most common manner of computing∆Τ , ∆Τ Τ , will be used, as a result considering the simple-ACO scheme.
Subsequently, from knowledge base, the system will retry all the ACO based fuzzy rules defined in the context. Fuzzy ontology calculates membership degree (ranging from 0 to 1) for each ontology class and applies a label with its degree. At this step, fuzzy ontology used for matching semantic words from search patients details to fuzzy linguistic variables and terms. Finally, the system is ready to generate OWL descriptors and make them machine-readable data and improving the semantic interoperability.
Attribute-based ring signcryption scheme: In this scheme proposed, the external user's controller is able to perform a message signcrypting on the part of d attributes, where d will get defined in the Setup algorithm. Then the Lagrange interpolation is reviewed as follows. Given d points q 1 , . . , q d on a d 1 degree polynomial, q i for any i ∈ Zp can be calculated by means of following the Lagrange interpolation technique. Consider S to be a set in Z with d-elements and the Lagrange coefficient ∆ , be defined for i ∈ Zp as below: Setup (k): Assume a security parameter k, the trusted private key generator (PKG) primarily defines the group of universal attributes U in Z , where |U| l. Further after, a d 1 default attributes set from Z can be expressed as Ω Ω , … , Ω . Moreover, PKG chooses a pairing e ∶ G1 G1 → G2 in which the order of G and G is prime p 2 and also a generator g of G . PKG then chooses t , . . , t , t , … , t ∈ z at random and calculates T g where 1 i l d 1. PKG also selects α ∈ Z randomly and computes Y e g, g α . Finally, PKG selects three cryptographic hash functions: H ∶ G → 0,1 | | Z * G , H : 0,1 * → Z * and H ∶ 0,1 | | Z * → Z * , where |M| represents the length of the ciphertexst. The public parameters PK are expressed as follows: PK G , G , e, g, T , Y, H , H , H The master secret key MK is represented as MK α, t .

Key Extract (MK, ):
With the user provided with a set of attributes, ω ⊆ u, the PKG does the private key generation for ω in the following manner:  A 1 degree polynomial q(x) is selected randomly so that 0 .  a new attribute set ∪ Ω is generated and is computed for every ∈ .  Consequent is the private key for each ∈ .
Signcryption ( , , ): In order to signcrypt a message m to a receiver R, the sender S performs the steps that follow:  Selects a subset ′ having d elements from (in which f attributes , … , are selected from for message signcryption and attributes are selected from default attributes set Ω).  The sender S then picks up ∈ * randomly and set , , and , . . S then calculates for every ∈ ′ and for each ∈ .  Let ′ 1, … , and selects ∈ ′ randomly. Define the elements present in set ′ ∪ to form the ring. For ∈ ′ ∪ , selects ∈ * randomly and , , , ′ ∪ , is computed, where ′ ∪ . For l = k, selects from * at random and then computes: . . ∏ . . .
 Computes: And retrieves m ′ , r ′ , V′ as m ′ ′ V ′ y ⊕ H X′ : is computed and hence verified if , ∏ . . ′ . ′ , ′ satisfies or not. If yes, then R acknowledges CT in the form of the valid ring signcryption on the message ′; R rejects otherwise.

EXPERIMENTAL RESULT AND DISCUSSION
The experimental simulations are carried out in MATLAB 2012. In this section, the performance of proposed Ring Signcryption Scheme (ARSS) is evaluated and the results are compares with the existing Attribute-based Eliptic Curve Cryptography Signcryption (ECCS) and Fuzzy Attribute-Based Signcryption (FABS) (Sahai and Waters, 2005) Attribute-Based Encryption (ABE) (Hu et al., 2013b).

Performance analysis:
In this subsection, a quantitative performance study is presented.

Message size:
In the scheme proposed, the computation of the total message size corresponding to a ciphertext can be done as below. The ciphertext is the joining of attributes, message and time. Figure 2 illustrates the relationship that exists between the total message size and the number of users at various security levels. It specifies that the message size is not dependent on the number of users. Figure 3 demonstrates the functional relationship present between the message size and the security level. From Fig. 3, it can be observed that there is a linear relationship of the message size with the security level. Figure 4 exhibits the relationship observed between the communication overhead and the security level. The communication  Figure 5 exhibits the relationship existing between the Energy consumption over the communication and the number of users. ARSS has a less power computation than ECCS, FABS and ABE schemes. The reduction technique reduced the energy consumption in ARSS.

Impact of energy consumption on communications:
Computational cost: Figure 6 illustrates the computation cost of ARSS and also the other schemes. ARSS is achieved less computation cost compare than existing ECCS, FABS and ABE schemes. The energy consumption of ARSS is less and it reduces the communication cost. Security analysis: The security analysis is studied with regard to the security features which the protocol proposed has to satisfy. If sender sends similar messages exceptionally with the random number r that are same to multiple receivers, the Signcrypted message will be different for each Signcryption, since for each message the identifiers value will be different. The main advantage of ARSS over ECC with FO and Fuzzy signcryption is that the best algorithm known for solving the fundamental hard mathematical problem s. This proves that considerably smaller parameters can be used in ARSS than in other systems such as ECC with FO and Fuzzy signcryption, but with comparable levels of security.

Efficiency:
The computational costs and also the communication overheads of this signcryption approach is extremely smaller in comparison to those of the wellknown signature-then-encryption approaches with the same kind of functionalities provided.
Security: Proposed signcryption approach concurrently fulfills the security attributes contained in an encryption scheme and digital signature. And many additional properties: Confidentiality, Unforgeability, Integrity and Non-repudiation, Public verifiability and Forward secrecy of message confidentiality

Confidentiality:
The proposed algorithm is based on ARSS which most difficult to crack in the presently available techniques. Confidentiality is provided using receivers public key so without the receivers private key, message can't be disclosed to anyone. Unforgeability: This is not possible for an attacker who is adaptive for masquerading a truthful sender in generating an authenticated signcrypted text which can be recognized by means of the unsigncryption scheme. Because of the reason that any attacker doesn't know what all parameters are involved in signcrypting a text.
Public verifiability: Any kind of third party or judge can do the verification that the text which is signcrypted is valid or not, without any requirement for the sender's private key or recipient because signature is calculated over encrypted message, so no need of decrypting the actual message for verification.

CONCLUSION
The secure communication within the BAN is required to keep the patient's privacy and security. In this study, Attribute-based Ring Signcryption Scheme (ARSS) is presented. The patient's dataset is preprocessed using Independent Component Analysis (ICA). Then interoperability is defined by semantics and the semantic interoperability among body area sensor networks is used Ant Colony Optimization based Fuzzy Ontology (ACO-FO). Then the proposed ARSS is simultaneously provides the attributes of message confidentiality, authentication, integrity, unforgeability, Sign then encryption fuzzy sign encryption ECC with FO sign encryption ARSS non-repudiation, public verifiability and forward secrecy of message confidentiality. Proposed studies show that the ARSS scheme is a light weight and energy efficient scheme compare than existing ECCS, FABS and ABE schemes. And the detailed discussion on privacy and security in health care applications also provided. On a futuristic perspective, there is a necessity of a signcryption scheme that is more effective and much more secure compared to the already available signcryption schemes for Body Area Network.