In this chapter, we present a comprehensive survey of the state of the art research in the field of body sensor networks security and privacy. We identify the main security challenges introduced by body sensor networks by thoroughly analyzing the specifics of this category of wireless sensor networks and present the prominent security and privacy architectures available to protect body sensor infrastructures. The presented protocols are categorized based on the security services they provide. Moreover, the chapter studies two main challenges that we believe are the most critical in the body sensor network security and privacy context: (1) achieving the correct balance between the complexity of the protocol security operations employed and the energy consumption they incur, and (2) attaining the right tradeoff between privacy and safety by utilizing the patient’s vital signals and other context-related information to minimize the amount of private data released. To provide a practical insight into the presented concepts, this chapter presents an overview of the main cryptographic APIs available in popular sensor networks operating systems such as TinyOS and recommends a collection of best practices and usage patterns for developing secure sensor health care applications and services. We conclude by presenting a blueprint body sensor network security framework employing a secure combination of the technical building blocks described in the chapter sections. Recommendations on the advantages and drawbacks of each building block are suggested whenever the latter is added to the security framework.
TopIntroduction
The field of implantable medical devices (IMDs) has witnessed a rapid proliferation and increased success in the past ten years. Building on the technological advancements in the fields of embedded computing, processor design, and wireless radio communications, these devices are now capable of performing vital monitoring and control activities inside the human body. Most of today’s sophisticated human implantable devices, such as drug delivery systems, neurological stimulators, cardiac defibrillators, and pacemakers, are equipped with dedicated computing power resources and supported with wireless radio transmission capabilities. Such advanced computing and network communication capabilities allow these devices to deliver critical telemetric remote monitoring services in real time over the Internet. A recent study shows that over 25 million US residents depend on human IMDs in delivering crucial and life-supporting monitoring and treatment functionalities in their bodies (Maisel, 2005).
This noticeable success in the field of IMDs and the major advancements in wireless sensor network algorithms and applications, have stimulated the emergence of specialized biological networks termed as Body Sensor Networks (BSNs) or Body Area Networks (BANs). BSNs are specialized wireless sensor networks whose nodes are deployed on the human body either in the form of attached/embedded electrode-like patches, or wearable as part of the human clothing. In both cases BSNs consist of a collection of sensor nodes situated at strategic locations in the human body and capable of extracting and wirelessly communicating vital body signals and other context-specific environmental measurements to centralized servers in hospitals and health care units. Some of the vital body signals that can be monitored by a BSN are: Systolic and Diastolic blood pressure, heart rate, ElectroCardioGram (ECG), ElectroMyoGram (EMG), ElectoEncephaloGram (EEG) records, breathing rate, Galvanic Skin Response (GSR), temperature, proximity, etc.
A typical BSN is presented in Figure 1. The body sensor nodes extract a predefined set of physiological body signals and wirelessly transmit the measured values in a hop-by-hop fashion to a BSN controller attached to the human body. The BSN controller relays the collected signal values to a nearby Internet base station or router which in turn delivers the BSN physiological data to a backend enterprise server for analysis and storage.
Figure 1. A typical body sensor network architecture
Employing BSNs in a health care environment will certainly enhance the quality of the health care service provided by supporting the ubiquitous and pervasive monitoring of the patient. With BSNs deployed on the patient’s body, medical personnel can examine and assess the patient medical conditions in real time, anywhere, and at anytime without requiring the patient to be bounded to a specific location or physically connected to monitoring equipment.
Despite all the technical and technological advances in this field, considerable concerns are raised about the security and privacy of the BSN operation and the data it conveys from the human body. This concern is highly elevated with systems that transmit life-vital monitoring data to specialized hospital workstations and servers over wireless network links and the Internet. Consider the life-critical risk resulting from any intentional malicious modification to the monitoring data travelling over the wireless links or the Internet. This is not to mention the patient’s privacy violation that may result from any form of data capturing or sniffing on the wireless communication links or from the interaction with misbehaving and untrustworthy medical staff. In fact, today many industrial regulations and policies are being implemented and enforced to guarantee the privacy of medical electronic information and to prevent any form of identity theft. Of these regulations we can mention the Health Insurance Portability and Accountability Act (HIPAA) (Annas, 2003) for securing medical records and patient information against theft, disclosure, or modification.
The main security risks that may be encountered in a BSN environment are: