You are on page 1of 7


Data Authentication in Wireless Body Area Network

(WBAN) Using A Biometric-Based Security
Shreyas S. Tote1, Sameer M. Khupse2 and Kunal S. Bhutwani3
Computer science & Engineering, JDIET, Aanand Nagar, Yavatmal,
Computer science & Engineering, JDIET, Datt Nagar, Kalamb,
Computer science & Engineering, JDIET, Sindhi Colony,Yavatmal,

The empowerments in wireless communication technologies and sensors have developed the Wireless Body Area Network
(WBAN). The rapid growth in physiological sensors, low-power integrated circuits, and wireless communication has enabled a
new invention of wireless sensor networks, now used for purposes such as monitoring traffic and health etc. Wireless body area
network (BAN) is a promising technology for real-time monitoring of physiological signals to support medical applications. A
security system is to secure medical information communications using biometric features of the body in WBAN. In order to
ensure the trustworthy and reliable gathering of patients critical health information, it is essential to provide node authentication
servicing a BAN, which prevents an attacker from impersonation and false data/command injection. Biometrics refers to or
metrics) related to human characteristics and traits. Biometric identification (or biometric authentication) is used in computer
science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.
Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are
unique to individuals, they are more reliable in verifying identity than other method like token. Many different aspects of human
physiology, chemistry or behavior can be used for biometric authentication.

Keywords: Wireless Body Area Network (WBAN), biometric, authentication, security

1. INTRODUCTION acts as a sink for data of the sensor nodes and transmits them

The body area network (BAN) is a smart biomedical sensor to the healthcare professional for health monitoring. The

platform, which provides the ability to measure a wide range progression of WBAN is vital in modern telemedicine and m-

of signals, such as heart rate (ECG), activity, temperature or health, but security remains a formidable challenge yet to be

muscle activity (EMG).Applying Wireless Sensor Network resolved. As nodes of WBAN are expected to interconnect

(WSN) technology for various applications has been increased between each other, the body itself can form an inherently

rapidly in the past few years, One of its innovative secure communication pathway that is unavailable to all other

deployments is in the form of wireless biomedical sensor kinds of wireless networks. It is believed that if it is used

network for measuring physiological signals, Wireless Body properly, the system can naturally secure the information

Area Network (WBAN) is a wireless network used for transmission within WBAN, where other 1techniques use

communication among sensor nodes operating on, in or hardware and software to achieve the same purpose. In other

around the human body in order to monitor vital body words, the biometric information collected from the human

parameters and movements, These monitoring signals are then body can uniquely represent an individual, which is hard to be

gathered by a personal device, like PDA or smart phone that deprived by suspicious intruders.


In this paper, a security system to secure medical information devices may be embedded inside the body, implants, may be
communications using biometric features of the body in surface-mounted on the body in a fixed position Wearable
WBAN is proposed. Specifically, the sender's technology or may be accompanied devices which humans can
electrocardiogram (ECG) feature is selected as the biometric carry in different positions, in clothes pockets, by hand or in
key for data authentication mechanism within WBAN system. various bags. Whilst, there is a trend towards the militarization
Therefore, patient's records can only be sensed and derived of devices, in particular, networks consisting of several
personally by this patient's dedicated WBAN system and will miniaturized body sensor units (BSUs) together with a single
not be mixed with other patients. For accurate authentication, body central unit (BCU).larger decimeter sized (tab and pad)
the statistical result is needed to prove the uniqueness of each sized smart devices, accompanied devices, still play an
ECG signals. Besides, an encryption will be included by important role in terms of acting as a data hub, data gateway
extracting biometric feature as a secret key for and providing a user interface to view and manage BAN
communications within WBAN. But, it is not a major concern applications, in-situ. The development of WBAN technology
started around 1995 around the idea of using wireless personal

2. WHAT IS BIOMETRIC SECURITY? area network (WPAN) technologies to implement

communications on, near, and around the human body. About
Security is the degree of resistance to, or protection from,
six years later, the term "BAN" came to refer systems where
harm. It applies to any vulnerable and valuable asset, such as a
communication is entirely within, on, and in the immediate
person, dwelling, community, nation, or organization. The
proximity of a human body. A WBAN system can use WPAN
dictionary meaning of security is The state of being free from
wireless technologies as gateways to reach longer ranges.
danger or threat or The safety of a state or organization against
criminal activity such as terrorism, theft, or espionage. Then
the question arise what is mean by BIOMETRIC SECURITY? 3.1 Concept
For that first describe the term BIOMETRIC. A biometric The rapid growth in physiological sensors, low-power

characteristic is a general term used to describe a measurable integrated circuits, and wireless communication has enabled a

physiological and/or behavioral characteristic that can be used new generation of wireless sensor networks ,now used for

for automated recognition. A biometric system provides an purposes such as monitoring traffic, crops, infrastructure, and

automated method of recognizing an individual based on the health. The body area network field is an interdisciplinary area

individual's biometric characteristics. Biometric modalities which could allow inexpensive and continuous health

commonly implemented or studied include fingerprint, face, monitoring with real-time updates of medical records through

iris, voice, signature, vein pattern, and hand geometry. Many the Internet. A number of intelligent physiological sensors can

other modalities are in various stages of development and be integrated into a wearable wireless body area network,

assessment. Biometric systems are commonly used to control which can be used for computer-assisted rehabilitation or early

access to physical assets (laboratories, buildings, cash from detection of medical conditions. This area relies on the

ATMs, etc.) or logical information (personal computer feasibility of implanting very small biosensors inside the

accounts, secure electronic documents, etc). Biometric human body that are comfortable and that don't impair normal

systems can also be used to determine whether or not a person activities. The implanted sensors in the human body will

is already in a database, such as for social service or national collect various physiological changes in order to monitor the

ID applications. patient's health status no matter their location. The information

will be transmitted wirelessly to an external processing unit.
3. WHAT IS WIRELESS BODY AREA This device will instantly transmit all information in real time
NETWORK (WBAN)? to the doctors throughout the world. If an emergency is
A body area network (BAN), also referred to as a wireless detected, the physicians will immediately inform the patient
body area network (WBAN) or a body sensor network (BSN), through the computer system by sending appropriate messages
is a wireless network of wearable computing devices.BAN or alarms. Currently the level of information provided and


energy resources capable of powering the sensors are limiting. sensor networks and uses several symmetric keys to encrypt
While the technology is still in its primitive stage it is being the data as well as compute the Message Authentication Code
widely researched and once adopted, is expected to be a (MAC). However, SPINS is only considered in general sensor
breakthrough invention in healthcare. networks, so it is inadequate to be applied in WBAN as it has
environmental features like the human body and limited
3.2 Applications computing resources. Recently, WBAN security schemes have
Initial applications of BANs are expected to appear primarily been introduced progressively using symmetric cryptosystem.
in the healthcare domain, especially for continuous monitoring They concern with the limited resource issues of WBAN
and logging vital parameters of patients suffering from chronic sensors, but have problems like delaying the disclosure of the
diseases such as diabetes, asthma and heart attacks. A BAN symmetric keys and providing weak security relatively since it
network in place on a patient can alert the hospital, even is not resilient against physical compromise. Furthermore, the
before they have a heart attack, through measuring changes in complexity of sensor nodes key managements in WBAN
their vital signs. A BAN network on a diabetic patient could makes each component overload. Due to these issues, some
auto inject insulin through a pump, as soon as their insulin researchers believe that the sensors have to make use of
level declines. Other applications of this technology include symmetric cryptographic algorithms to encrypt the data they
sports, military or security. Extending the technology to new send to control node and the random number that is used in
areas could also assist communication by seamless exchanges security protocols can be generated by biometrics. They also
of information between individuals, or between individual and believe that biometric is suitable for securing WBAN because
machines its higher security level that can be achieved with less
computation and memory requirement, when compared to the
generic cryptosystems. On the contrary, some researches
utilize the asymmetric cryptosystem in mobile and ad hoc
networks and also try to examine the unique characteristics of
WBAN. One concern about the asymmetric cryptosystem is a
resource constraint problem but recent work has shown that
performing ECC consumes a lot less of memory and
computing power. These researches deal with a scope of
limited WBAN but they exclude the implanted sensor
networks. The objective of WBAN is also the implementation
Fig 1 Wireless Body Area Network and its Working
of body area network that can contact with everywhere in, on,
and out the human body. By comparison, each approach has
several issues to be considered in terms of the security
services in WBAN.
At the initial stage, several research groups have contributed
the substantial efforts on developing WBAN systems. Further, there is a trade-off between performance and security.

However, these researchers mainly focused on building Related to these, another research group has proposed these

system architectures and in lesser extent on evolving network two heterogeneous cryptosystems in their research, which

protocols. Besides, it is difficult to discover solutions' provides security and privacy to WBAN. They believe that

providing strong security system for WBAN and security has these two cryptosystems can be applied in the authentication

generally been covered separately. Extending the scope of of WBAN depleting each weak point of them at once. So their

technology, there are several security protocols in general focus is on the method on how two cryptosystems can be

sensor networks. Security protocols for Sensor Networks utilized appropriately and partly in WBAN. However, all the

(SPINS) is a set of protocols for achieving security above research works have focused on secret key distribution

requirements like confidentiality, integrity and authenticity in issues and require time synchronization when biometric


information of the same human body cannot be available

Universal Possessed by the majority, if not the entire
simultaneously. Consequently, they introduce a biometric-
based security framework using wavelet-domain Hidden
Distinctive Sufficiently different in any two individuals
Markov Model. The aim is to achieve accurate authentication
Permanent Sufficiently invariant. With respect to the
performance among body sensors without extra requirements
matching criterion. Over reasonable period
of key distribution and strict time synchronization. In this
of time
proposed approach, low cost authentication challenges is
Collectable Easily collected and measured
addressed by extracting statistically biometric information
from patient' s data and authenticate message signatures
Effective Sufficiently invariant with respect to the
among WBAN communications with high accuracy. Thus, it
matching criterion over a reasonable period
will certainly save resources while adequate security measures
of time.
are employed.
Yield a biometric system with good
Acceptable performance that is given limited resources
in terms of power consumption,
APPROACHES FOR DATA computation complexity and memory
AUTHENTICATION? storage, the characteristic should be able to
Biometric is a technique commonly known as the automatic be processed at a fast speed with recognized
identification or verification of an individual by his or her accuracy
physiological or behavioral characteristics. Biometric Invulnerabl Relatively difficult to reproduce such that
approach uses an intrinsic characteristic of the human body as e the biometric system would not be easily
the authentication identity to secure the distribution of a cipher circumvented by fraudulent acts.
key within WBAN communications. Because of the data that
are detected, collected and transmitted in WBAN is 5.1 Heart Rate Varianlity (HRV)
comparatively sensitive, an ideal biometric trait should present Heart rate variability (HRV) signals have unique
100% reliability, user friendly, fast operation and low cost. characteristics and chaotic nature, which put up random
Besides, it is postulated that the utilized biometric should characteristics and thus can be utilized in secure
satisfy the following properties indicated in TABLE communications. Additionally, unlike traditional biometric
cryptosystems in generic networks such as fingerprint, iris
pattern, palm print, hand geometry and facial pattern, the
blood circulation system in a human body forms a unique
secure communication path specifically available for WBAN.
HRV is a physiological phenomenon where the time interval
between heartbeats varies. The measurement of HRV provides
a non-invasive measurement of the autonomic nervous system
(ANS) activity, which comprises two basic components: the
sympathetic and parasympathetic. The heart rate may be
increased by acting sympathetic activity or decreased by
acting parasympathetic activity. Changes in the balance of
sympathetic/parasympathetic control of heart rate will result in
measurable changes in HRV. The analysis has been applied
widely to many clinical studies including sudden death,
cardiovascular diseases, hypertension and diabetes HRV can
be obtained using the variations of heartbeat-to heart beat


intervals that can be measured by any cardiac related signal. of interval differences of successive normal-beat-to-normal-
However, the current, ECG is preferred compared traditional beat intervals greater than 50milliseconds.
biometric. It is because of the following reasons
Universality: ECG is inherent and natural, and can be In order to avoid erroneous conclusions, it will be better if
collected from any living human subject. only sinus rhythms are present in the tacho gram. Therefore,

Permanence: ECG is stable over a large period of time. Even pre-processing of the RR interval time series is very necessary

though certain localized characteristics of the pulses might get .A normal ECG trace consists of a P wave, a QRS complex

distorted, the overall diacritical waves are still observable. and a T wave. The P wave is the electrical signature of the
current that causes atrial contraction, the QRS complex
Uniqueness: The inter-individual variability of ECG is a
corresponds to the current that causes contraction of the left
result of several parameters that control the waveforms.
and right ventricles, and the T wave represents the
Robustness: Because of the uniqueness and the person's own repolarization of the Ventricles.
characteristics, it is extremely difficult to steal and use
The QRS complex is the most characteristic waveform of the
someone' s ECG, and it is equally difficult for an individual to
signal with higher amplitudes. The R peaks have the largest
mimic someone else's heart signals as they are the outcome of
amplitudes among all the waves making them easiest detect.
a combination of several sympathetic and parasympathetic
However, QRS detection is difficult. It is not only because of
factors of the human body.
the physiological variability of the QRS complex , but also
Liveness detection: unlike other biometric technologies, because of the various types of noise that can be present in the
ECG is collected from the living legitimate subject without ECG signal. Noise sources include muscle noise, arte facts
requiring extra computational effort. due to electrode motion, power-line interference, baseline

HRV can be analyzed by using two major techniques .One is wander, and T waves with high frequency characteristics

statistically analyzing a sequence of RR intervals of ECG in similar to QRS complex. Figure 2 shows a noisy ECG signal

time domain. The other one is analyzing the spectrum of the (the upper part) and the output of QRS detection after pre-

same RR intervals of ECG data in frequency domain. In this processing (the lower part). The peak amplitudes show the R

study, HRV will be analyzed in time domain since ECG peaks of ECG signal

signals are recorded in time series. Therefore, it can reduce

computational complexity and save more resources.

Time domain measures of HRV based on the data of the

intervals between adjacent normal QRS complex have two
major approaches. One is derived from direct measurements of
normal beat to normal beat, NN intervals, which consist
primarily of SDNN, the standard deviation of NN intervals.
Fig 2. Before and After the Pre-processing of ECG signal
The standard deviation reflects all the cyclic components
responsible for variability in the period of recording. It can be
calculated for 24 hours long-term recordings or for short term, 7. DATA AUTHENTICATION MODEL
five minutes recordings. In most heart rhythms, NN interval is In the proposed model, the message authentication code
equivalent to the R-R interval. Another is derived from the (MAC) can be generated with the input of biometric feature
difference between NN intervals and most commonly used and hashes that are calculated based on the original message
measures include RMSSD and pNN50. The RMSSD is the as shown in Figure 3 . Then, the message will be sent to the
square root of the mean squared differences of successive destination. At the destination point, if the received signal
difference NN intervals. The pNN50 represents the proportion matches statistically, it will be accepted and authenticated.
Otherwise, the message is denied and discarded. The key point


of this technique is to utilize the statistically same biometric ID cards or passwords. Human trait recognition and
information at both ends without any synchronization to identification based on who you are, that is, biometrics is far
secure data distribution within WBAN. Figure 4 shows the less susceptible to:
proposed biometric-based security for data authentication in Duplication
WBAN. Error

7.2 Disadvantages
Biometric technologies apply to human beings, they are
affected and are limited by many situations that may affect the
individual. For example, fingerprint technology may not be
effective if the subject has dirty, deformed, or cut hands; iris
Fig 3 Biometric Feature Used to Calculate MAC technology may not be effective if the subject has a bad eye;
and voice technology may be affected by infections. Also
background noise can interfere with voice recognition
Affordability: Because biometric technologies are new
technologies, they tend to be rather expensive without
widespread use. For example, facial and voice recognition and
iris technologies are still not yet affordable.

In this paper, a biometric-based security framework proposed
Fig 4. Proposed Biometric-based Security for Data
for data authentication within WBAN. Secure communications
in BANs are strongly required to preserve a persons health
Authentication, itself, is used to simultaneously verify both the privacy and safety. Especially, in some applications, security
data integrity and the authenticity of a message. Nevertheless, attacks could even threaten the lives of people. Specifically,
encryption is also needed to protect data in transit especially the sender's electrocardiogram (ECG) feature is selected as the
for data being transferred via networks. Therefore, encryption biometric key for data authentication mechanism within
approaches in WBAN must be designed with low cost. WBAN system. Therefore, patient's records can only be
However, the key distribution and management are difficult sensed and derived personally from this patient's dedicated
and challenging in resource limited sensor nodes, especially in WBAN system and cannot be mixed with other patients. The
biomedical sensor nodes. In this work, the biomedical signals security system in WBAN must be implemented with low
are encrypted by using biometric feature as a cipher key to computational complexity and high power efficiency. In this
remove the need for key distribution in WBAN proposed approach, a low cost authentication challenge is
addressed specifically by using biometric information instead
7. ADVANTAGES & DISADVANTAGES OF of cryptographic key distribution. Thus, it will certainly save
BIOMETRICS resources while adequate security measures are employed. The
7.1 Advantages future work is to build experiment based on the proposed
The advantages of biometrics are that it is based on who you system and to improve the system if needed.
are as opposed to what you have and what you know, such as


[1] P.Abina, K Dhivyakala, L.Suganya, S.Mary Praveena
Biometric Authentication System for Body Area
Network Vol. 3, Issue 3, International Journal of
Advanced Research in Electrical, Electronics and
Instrumentation Engineering, Coimbatore, India March

[2] Sofia Najwa Ramlil, Rabiah Ahmad, Mohd Faizal

Abdollah, Eryk Dutkiewicz4 A Biometric-based
Security for Data Authentication in Wireless Body Area
NetworK(WBAN),ICACT January 27 ,2013

[3] Systems and Network Analysis Center Information

Assurance Directorate by National Security
Agency,United states of America,2013

[4] Lin Yao, Bing Liu, GuoweiWu, Kai Yao and

JiaWang1, A Biometric Key Establishment Protocol for
Body Area Networks, IJDSN, vol 2011

[5] L. Eschenauer and V. D. Gligor, A Key-Management

Scheme forDistributed Sensor Networks, Version: pp.
4147, November 1822, 2002

[6] H. Wang. H. Fang. L. Xing. and M. Chen. "An

Integrated Biometric-Based Security Framework Using
Wavelet-Domain HMM in Wireless Body Area
Networks (WBAN)." 2011 IEEE International
Conference on Communications (ICC). pp. 1-5. Jun

[7] S.-D. Bao, L.-F. Shen, and Y.-T. Zhang, "A novel key
distribution of body area networks for telemedicine ," in
2004 IEEE International Workshop on Biomedical
Circuits Systems, 2004, pp. 2-5.

[8] A. Jovic and N. Bogunovic, "Feature set extension for

heart rate variability analysis by using non-linear,
statistical and geometric measures," Proceedings of the
ITI 2009 31st International Conference on Information
Technology Interfaces, pp. 35-40, Jun. 2009.