Presented by Meghana Ananth Gad and Archita Pathak BSN-Care : A Secure IoT-Based Modern Healthcare System Using Body Sensor Network Prosanta Gope and Tzonelih Hwang Presented by Meghana Ananth Gad and Archita Pathak

What is BSN-Care? A secure IoT based healthcare system using BSN (Body Sensor Network) The components of IoT and BSN have the ability to collect and transfer data over network with requiring any assistance. BSN-Care addresses the security concerns associated with transmission of sensitive (life-critical) data over the network.

Why do we need BSN-Care? A recent report from the United Nations [2] predicted that there will be 2 billion (22% of the world population) older people by 2050. 89% of these elderly people are expected to live independently. Medical research surveys suggest that 80% of people older than 65 suffers from at least one chronic disease.

Related Work and Motivation Alarm-net – heterogeneous network architecture (consisting of body sensor and environment sensor networks) designed at University of Virginia. Median – patient monitoring system designed at Johns Hopkins University.

Components of BSN-Care

Example of action table using BP data

Security requirements in IoT based healthcare system using BSN Data Privacy Data Integrity Data Freshness Authentication Anonymity Secure Localization

Enforcement of security in BSN-Care System Network Security – Lightweight Anonymous Authentication Protocol Data Security – OCB authenticated encryption mode

Phase 1 – Registration

Phase 2 – Lightweight anonymous authentication protocol

Data Security in BSN-Care Authenticated encryption scheme called OCB OCB stands for offset codebook. OCB is a block-cipher mode of operation. It can be used with any block-cipher. But the obvious choice is AES. In simple terms, for most message blocks, one offsets the block, applies the block cipher, and then offsets the result once again.

Features of OCB OCB is fully parallelizable. OCB makes a nearly optimal number of block-cipher calls: |M|/n + 2. OCB avoids the need for a random IV (a nonce is enough). OCB can encrypt messages of any bit length. Messages don't have to be a multiple of the block length, and no separate padding regime is needed. OCB is nearly endian-neutral: the scheme can be implemented just as fast on a big-endian machine or a little-endian machine

Generic Composition Alternative This approach has been around forever, and it is versatile and clean. Using separated keys, you should encrypt the plaintext and then MAC the resulting ciphertext. OCB needs only (n+1) encryption to support both privacy and integrity. Also OCB ensures the freshness of the received data using an incremental interface, which provides a new incremental value like a counter (through an incrementing function).

Security Analysis SR1: Accomplishment of the Mutual Authentication SR2: Accomplishment of the Anonymity SR3: Accomplishment of the Secure Localization SR4: Resistance to Replay and Forgery Attacks SR5: Accomplishment of the Data Security

SR1: Accomplishment of the Mutual Authentication The BSN-Care server authenticates the LPU by verifying the one-time- alias identity AIDL , the track sequence number TrSeq, and the parameter V1 in the request message of MA1 , where only a legitimate LPU can form a valid request message MA1 . In case of loss of synchronization the shadow identity sid along with parameters V1 and V2 can be used for mutual authentication.

SR2: Accomplishment of the Anonymity In the proposed scheme, both the shadow identity with the emergency key pair and one-time-alias identity with track sequence number ensure anonymity and untraceability. The shadow-ID and emergency key pairs are used only in situations of de-synchronization. All the parameters in the request message MA1 will be unique in every iteration making it difficult for an eavesdropper to identify the source of the message.

SR3: Accomplishment of the Secure Localization In real-time applications, a lack of smart tracking approach may allow an attacker to send the incorrect location by using false signals. When the BSN-Care server wants to know the patient location, then it will use the encoded location area identity i.e. EL, then computes LAI = EL ⊕ h(Kls ||Nl ). The sever then requests the base station for LAI and compares it with the value of LAI in EL.

SR4: Resistance to Replay and Forgery Attacks In the proposed model, none of the parameters in the request message MA1 can be sent twice. Hence, if the attacker tries to intercept and resend the same request message, then by using the most recent track sequence number or a valid shadow identity, the server can easily detect it. In case of the response message MA2, the value of the parameter V2 will not be equal to the h(Tr||Kls ||I DL ||Nl ).

SR5: Accomplishment of the Data Security OCB based data encryption can satisfy all the three properties of the data security, where any alternation of data and any replay attempt by an adversary can easily be detected using tag, which is unforgeable.

Performance Analysis and Comparison

Performance Analysis and Comparison Alarm-net uses the AES-CBC encryption mode and CBC-MAC in order to ensure data privacy and the data integrity, respectively. It is still unknown how the Median checks the authenticity of the received data and which crypto-system has been used for data confidentiality Data D, divided into n blocks, OCB based data security approach needs |D|/n + 1 block cipher calls Whereas for the same purpose AES-CBC encryption and CBC-MAC, used in Alarm-net requires 2 * |D|/n + 1 and 2 * |D|/n + 4 block cipher calls

Performance Analysis and Comparison

References P. Gope and T. Hwang, ``BSN-care: A secure IoT-based modern healthcare system using body sensor network,'' IEEE Sensors J., vol. 16, no. 5, pp. 1368-1376, Mar. 2016. http://web.cs.ucdavis.edu/~rogaway/ocb/ocb-back.htm#what-is-ocb