Wireless Body Area Networks (WBAN) is a special kind of Wireless Sensors Networks (WSN). In WBAN, networked body sensors collect user’s physiological data and transmit them to a sink node. There is a tremendous difference between WBAN and classical WSN. In WBAN nodes are distributed on/in human body and, similar to the Delay-Tolerance Networks (DTN), move with the human postural mobility latre2011survey, hayajneh2014survey. Because of that, the network topology in Intra-WBAN dynamically changes following the postural body mobility. In a recent work related to channel modes for WBAN IEEEexample:naganawa2015simulation the authors advocate for the use of multi-hops communication in WBAN.
Multi-hop WBAN communication schemes easily adapt to postural mobility where nodes and links are highly dynamic IEEEexample:naganawa2015simulation. Also, multi-hop communications need lower transmission power compared to one-hop direct communication where source nodes have to use enough transmission power in order to make sure that their messages can reach the sink directly. Moreover, lower transmission powers automatically reduce the radio radiation of the human body, which became an important issue today IEEEexample:naganawa2015simulation.
However, multi-hop communication in WBAN is vulnerable to security and privacy attacks. Any medical data error, leakage or imitation may lead to a wrong medical treatment. The disclosure of critical health information can also have irreversible consequences on the patients daily life. Security mechanisms are thus needed in WBAN to protect user’s data from malicious eavesdropping, tampering or abu- se.
Recently, the literature investigated Inter-WBANs security. As examples, ibrahim2016secure, omala2017efficient and bellekens2016pervasive discuss the security mechanism for communications from the sink to the remote Health Centre (hospitals or online doctors). In this context the security of the Intra-WBAN communication should also be carefully considered: date leakage or tampering of source nodes from Intra-WBAN area leads to a meaningless subsequent Inter-WBAN security protection.
The challenges of Intra-WBAN security are threefold:
The computing capacity of WBAN devices is limited. Traditional encryption and decryption algorithms used for personal computers or mobile phones may be not applicable as they are to the WBAN devices.
Poor storage of WBAN devices may not be able to store too much shared content to make effective the recent complex authentication and security protocols.
Control message exchanges may lead to poor applicative performances.
The most basic encryption mechanism, symmetric encryption, uses the same secret key to encrypt and decrypt data. As symmetric key can be directly used in Stream cipher or Block cipher, the coding speed and its efficiency are very competitive. However, in symmetric encryption, by using the all-networks-widely fixed key, if one node has been compromised, the secret key will be known by adversary who can then monitor the entire networks. Also, symmetric encryption suffers from replay attack due to the use of the same encryption key. Some improvement solutions come out to solve the replay attack problem. One example is MiniSec luk2007minisec. Without using the same key, MiniSec uses data sequence as a part of encryption key. However, MiniSec needs to synchronize sequences of packets when the number of missing messages is important. This is often the case in a WBAN environment. Also MiniSec suffers from DDoS attack at the sink, since MiniSec doesn’t force a hop-by-hop authentication, malicious message traffic from adversary can deliver to all the network. Other solutions li2013secure, rushanan2014sok and rehman2015ecc come with specified Key Agreement Mechanism to ensure the key will change periodically. However, most of works do not mention the networks performance impact when applied in a real WBAN environment.
Public Key Infrastructure (PKI) is a widely-used asymmetric encryption, authentication and access co-ntrol mechanism (watro2004tinypk, sahebi2016seecc). Especially after the introduction of elliptic curve encryption (ECC) mechanism wang2011public, which is proved more efficient than traditional PKI. However, this kind of mechanism needs an additional Certification Authority (CA) to generate user certification. ID-based (shamir1984identity, qin2016security) or certificateless based (al2003certificateless, liu2014certificateless) mechanisms need also the Networks Manager (NM) to achieve this security function, which are not well suitable for Intra-WBAN communication. Complex parameter assignment and key management are also the major challenges for asymmetric encryption in WBAN.
Another trend is the security scheme based on the physiological signal or channel quality introduced in ramakrishnan2015switch, sampangi2012iamkeys, choudhary2016robust and peter2016design. The nodes can use the collected physiological signals to encrypt and decrypt messages. However, the processing of these physiological signals needs additional powerful elements to handle. Because in this case, sensor nodes don’t only need to store physiological signals as Data, but also need a further treating of these signals as a part of encryption process. These elements are expensive and consume additional energy. For example, in ramakrishnan2015switch, to use Electrocardiography (ECG) signals, it needs additional device to do Discrete Meyer Wavelet transform (DWT). Also, the distance, the changing of temperature or the human body mobility can make the collected physiological signals different at two different nodes.
More recently, in order to respond to the three challenges of WBAN security, BANZKP chaudet2016banzkp and Tin-yZKP ma2014tinyzkp where specifically designed for WBAN and use ZKP based authentication mechanism.
The best to date ZKP-based scheme, BANZKP chaudet2016banzkp, uses less memory to store private secrets and requires less computing capacity than TinyZKP ma2014tinyzkp and the Elliptic Curve Encryption Based Public Key Authentication scheme wang2011public. BANZKP is also resilient to a wide range of attacks. However, BANZKP still suffers from some specific malicious attacks such as Data Replay attack, DDoS Attack at sink and Redundancy Information Crack. Moreover, the resilience of BANZKP to human body postural mobility in WBAN environment was left as open question.
In this paper, based on an extensive analyze of the security weakness of BANZKP we propose a new ZKP-based scheme that outperforms BANZKP from both security and networking point of view. An extended abstract of this paper appear in bu2017ban. Our scheme BAN-GZKP is resilient to Data Redundancy Cracking, Data Replay Attack and DDoS Attack at the sink and optimizes the ZKP exchanging scheme. Furthermore, we stress both BAN-GZKP and BANZKP schemes face to human body postural mobility. When these schemes are plugged to convergecast protocols we prove via extensive simulations that for strategies that use BAN-GZKP scheme outperforms with respect to the case when BANZKP is used. Additionally, our BAN-GZKP scheme presen-ts better computational complexity and less energy consumption than BANZKP while it has the same memory complexity.
The paper is organised as follows. Section 2 presents and overview of the BANZKP scheme and discusses its vulnerabilities. Then, Section 3 presents our new BAN-GZKP, and its security analysis. The resilience of BANZKP and BAN-GZKP face to human body postural mobility when BANZKP and
BAN-GZKP are combined with known convergecast strategies, and theirs performances comparison analysis are shown in Section 4. We present, finally, a summary and conclude our work in the Section 5.
2 BANZKP vs Security Attacks
In this section we recall briefly BANZKP chaudet2016banzkp (the best to date ZKP-based scheme designed for WBAN), then we analyze its vulnerabilities in terms of resilience to security attacks.
2.1 BANZKP Overview
BANZKP chaudet2016banzkp combines a Zero knowledge Proof and a Commitment Scheme.
The Zero knowledge Proof scheme ensures bidirectional authentication between two parties (a sender and a verifier). The idea is by exchanging challenge and response messages between two parties, they can finally trust each other that they hold the same secret information, but none of them sent this secret information into the channel during the challenge and response phase. The security level is guaranteed by the fact that it is practically impossible to solve the discrete logarithms for numbers represented on hundreds of bits ma2014tinyzkp. In BANZKP the two parties exchange five challenge/response messages and never disclose the shared secret.
The Commitment Scheme ensures that a sender transmits an encrypted message to a receiver who does not have the decryption key yet. The key is transmitted later as soon as the identity of the receiver is confirmed. In BANZKP, the Commitment Scheme is transmitted directly in plaintext. Because, this key is only used to verifier the identity of the sender and will be used only once per authentication session. So this key is useless after this session and will not give any secret information to anyone.
BANZKP between two nodes and executes the following five steps:
and are identities of and respectively; is the shared secret number; and are two random values generated by and , respectively; is a shared key between and ; is a random key generated by for the Commitment Scheme and the function means encrypt with key . is the indicator of the beginning of an interval value of , represented by . In BANZKP, the size of this interval is 200 bits.
Notice that, should be a number big enough, and and should also randomly chosen to be big enough. So that we can make sure the has minimal 1096 bits to randomly chose a interval of 200 bits chaudet2016banzkp.
During the initialization phase, both participant nodes store locally a shared secret number and a shared key by operator (user) manually. Considering the limited number of the nodes in WBAN, manual operations is feasible.
During the authentication phase, when a source node has Data packet to send, an authentication session is initiated:
initiates the authentication session. It choses a random value and computes . It then encrypts his and by and sends the whole message to .
Upon reception of , generates a random value and computes and . then generates a random indicator and choses a 200 bits interval value of the from the indicator , as (see Figure 1). sends back to : (1) , and encrypted by ; (2) encrypted by a random chosen session key .
Upon reception of response of , computes and uses the received to compute . then sends his and encrypted by to . also keeps from and waits the sent later to verify the legitimacy of .
Upon reception of , compares this value with his own value, . If these two values are equal, then is sure that has the same shared secret . Then it confirms the authentication by sending the to . Otherwise, discards the message and closes the session.
Upon reception of , decrypts
and compares this value with its own value, . If these two values are equal, is sure that has the same secret , and sends and encrypted by to . Otherwise, discards the message and closes the session.
BANZKP copes with the following attacks:
Forge Nodes chaudet2016banzkp: Thanks to the bidirectional authentication, any forge node attempting to disguise itself in a legitimate node cannot be certified. This is due to the fact that forge node has no information on the shared secret. Hence, it cannot compute the correct authentication response.
Replay Attack chaudet2016banzkp: Adversary could intercept previous exchanged messages and try to use them to make other nodes in the networks trust its identity and finish the bidirectional authentication. The use of randomly chosen and makes each authentication session different with respect to the previous ones. Hence, old messages cannot help to correctly execute the authentication.
Man in the Middle Attack chaudet2016banzkp: In this attack, the adversary listens channels and try to steal the shared secret. BANZKP does not send directly secret information.
Guessing Attack chaudet2016banzkp: The use of random values for , and makes practically impossible for the adversary to guess the shared secret value from or .
Privacy Attack chaudet2016banzkp: The adversary may try to eavesdrop. BANZKP prevents this attack by encrypting exchanged Data message with .
2.2 BANZKP vulnerabilities
In this section we analyze the BANZKP vulnerabilities.
Data Replay Attack: BANZKP scheme can prevent malicious authentication message replay by using the random values , and . However, for encrypting Data message, a constant key is used for all Data message. A conscious adversary may launch a Data Replay Attack by observing the pattern of the exchanges. For example, two nodes are exchanging the authentication messages; an adversary, who holds a captured previous Data message encrypted by from in previous authentication session between and , is listening the channel. In the phase 4) of BANZKP, sends the random key, to
. The adversary can also receive this key. At this particular moment, the adversary knows thatis, from now on, waiting for an encrypted Data. The adversary thus sends immediately the previous captured Data message to to pretend this expired Data message as a fresh one. The consequence is that treats the expired Data message as the right one and ignores the right message from and allows the adversary to inject invalid Data into the network.
Redundancy Information Crack: The encryption in BANZKP uses the stream cipher mechanism where each bit of collected Data does the exclusive or with each bit of the encryption key. Since the key used for Data encryption is always the same at the end of each authentication session, Data messages sent by source nodes have the following format: xor , xor … By capturing and , the adversary can do the of them to get redundancy information: xor xor . After getting enough redundancy information, encrypted Data could be cracked and from the Data, then will be no longer a secret.
DDoS Attack at Sink: BANZKP was designed to work for both single-hop and multi-hop WBAN networks. In multi-hop WBAN environment, BANZKP uses relay nodes to forward the source messages to the sink. From the original BANZKP design, the bidirectional authentication is an end-to-end authentication between the source node and the sink. Relay nodes will just forward the messages. Hence all the authentication or Data information is transparent to them. If an adversary sends continuous invalid authentication request messages (phase 1 of the BANZKP scheme), relay nodes will forward these messages to the sink. The sink will then suffer from a DDoS attack if the amount of the authentication requests is high. The network resources will be consumed by these invalid authentication requests and the real authentication messages get thus less chance to reach the sink.
Potential Adaptation Problem: Intra-WBAN co-mmunication is affected by high nodes mobility, the important channel attenuation given by the signal absorption and the reflection of human body. An end-to-end authentication may not be efficient when facing the unstable and high dynamic environments due to packets loss during the multi-hops transmission from sources to the sink. Any loss of timeout during the transmission will lead to the fail of the whole authentication phase.
Original BANZKP scheme shows vulnerabilities in terms of security and reliable communications. In this section we present our new BAN-GZKP scheme that improves over BANZKP in several ways. BAN-GZKP is resilient to all the attacks supported by BANZKP plus the Data Replay Attack, Redundancy Information Crack and DDoS attack at sink. Moreover, BAN-GZKP presents better performances in terms of percentage of packets received at the sink, end-to-end delay and the number of transmissions. BAN-GZKP needs only three phase exchanges which is optimal in the ZKP class of schemes.
We first present the ingredients that compose our new BAN-GZKP scheme and analyze its resilience attack and its complexity in terms of memory and computation.
3.1 BAN-GZKP Ingredients
In order to tolerate Data Replay Attack, Redundancy Information Crack and DDoS attack at sink BAN-GZKP uses three ingredients: a random key allocation, a hop-by-hop authentication and the ZKP Exchanging Schemes Optimization.
3.1.1 Random Key Allocation
Data Replay Attack and Redundancy Information Crack are possible in BANZKP because a constant key is used to encrypt all Data messages.
An effective and well adapted key management mechanism is necessary to generate different encryption keys for Data messages per session.
The idea of Random Key Allocation is as follows: when nodes authenticate, the shared secret value will be obligatory computed for each authentication session. Since and are randomly chosen, is also random. During the authentication Phase 4 in the original BANZKP, will send the random session key to to decrypt previous information. Notice that, even though is random, this key should not be used to encrypt Data messages because it has been sent on clear text. Our idea is to use as a random pointer that will point to a bit in the binary representation of the random value . Then we chose an interval in the binary representation of that starts with the bit pointed by the random pointer . This interval, of length can be seen as a random key, , to encrypt Data message for the current session (see Figure 2).
Our Random Key Allocation does not require additional keys at the initialization and does not need the send of additional fields.
3.1.2 Hop-by-Hop Scheme
Note that Sink-Side DDoS Attack happens in the end-to-end authentication scheme because relay nodes cannot detect whether the authentication message is legal or not. Only the sink can do. To solve this problem and prevent Sink-Side DDoS Attack, we need to provide relay nodes with the capacity to detect invalid authentications.
The idea is as follows, instead of doing the authentication between the pair source-sink, we let source nodes to initiate authentication directly with their one-hop neighbours. After this authentication phase finishes with success, a source is allowed to send Data messages to the authenticated neighbour. The neighbour who receives Data messages can then initiate authentication with its neighbours until Data reaches to the sink.
An adversary who wants to initiate a large number of invalid authentication requests to block the network will be detected directly by its one-hop neighbours and the DDoS Attack can thus be limited in a local range.
3.1.3 ZKP Exchanging Scheme Optimization
Original ZKP schemes need five-times continuously message exchanging to achieve a bidirectional authentication. This scheme could be optimised to three-times continuously message exchanging under certain conditions. The reduction of the exchanged messages could save network resources, and further improve the total Intra-WBAN performance. The idea of the optimization proposed for BAN-GZKP is as follows:
A) For any authentication exchanging between two nodes who never be authenticated to each other before, we take exactly the same scheme as the original BANZKP to do the bidirectional authentication.
B) When a source node initiates authentication with another node that previously authenticated with and that recognizes the identity of , we can then optimise the total authentication scheme to the following:
When a source node has Data packet to send, an authentication session is initiated:
initiates the authentication session. It choses a random value and computes . It then encrypts its and by and sends the whole message to .
recognizes the identity of , then instead of sending back , where is encrypted with (as in original BANZKP scheme), it sends back directly encrypted with the initial key . In our BAN-GZKP needs just to send a random pointer for the Random Key Allocation. Hence, the final message sent back to is: .
After receiving the response of , finishes the authentication using the same mechanism, and choses a random key, , from the pointer of Random Key Allocation and encrypt Data by then sends the message to , if and are equal. We thus can complete the authentication session after the first successful authentication between these two nodes. If not, discards the message and closes the session.
3.2 BAN-GZKP Security Analysis
BAN-GZKP reduces the number of authentication messages and also tolerates the attacks tolerated by BANZKP scheme. Additionally it tolerates Data Replay Attack and Redundancy Information Crack. As for the case of BANZKP, BAN-GZKP can be implemented either end-to-end or hop-by-hop. Note that BAN-GZKP hop-by-hop scheme is also resilient to Sink-Side DDoS Attack.
Inspired by dolev1983security, we propose formal security proof of BAN-GZKP. We first define a node hold as node known information is:
Let the operation of sending a message including as content of the message from node to node at th authentication phase is:
In BAN-GZKP, for the first time of the authentication, we need total five authentication phases (each authentication message exchange is seen as a authentication phase), but form the second time of the authentication between these two nodes, it’s need only three authentication phases. Let the Checking operation of a legitimate (honest) node to verifier a received message from is legal or not is:
If message can not be decryption correctly or can not is not the correct response of previous challenge, then the Checking operation failed, node drop the received message. If not, Checking succeeded, then node continues the next authentication exchange.
Let’s define a node as a smart adversary, who apply operations as following:
can intercept the message sent form to at any authentication phase.
can initiate an authentication message: where and can be any nodes in the network, and X can be anything belonging to .
can don’t check any message and confirm arbitrarily that checking failed or succeeded.
can update , when intercepting message.
can try to decrypt encrypted message by using information from at any time.
In the following, we prove that BAN-GZKP is tolerant to the adversary defined above.
BAN-GZKP is resistant to Forge
Proof Let is a Forge Nodes attempting to disguise itself in a legitimate node to authenticate with . The initial information of and is:
And following the operations shown below, can not authentication succeed with .
As has only information about the ID of and itself, Z can not pretend to be a legitimate node, because the message encryption key is chosen arbitrarily, can not decrypted correctly, the checking will fail. As the sender node will always do the authentication with the receiver node; the receiver node does also the authentication with sender node only the first time. In this case, even though the adversary can disguise itself in a legal node who previously finished the authentication with the receiver . Because this message sent by this adversary cannot be decrypted correctly.
BAN-GZKP is resistant to Authentication Replay Attack.
Proof The proof decomposes in two parts. In the first parts, let intercept a message . Then can replay directly this message to disguise itself in a the node who previously finished the authentication with . The initial information of and are:
Following the operations shown below, can detected the message is a replay message.
Even though trusts the replay message, the Data message encrypted with the wrong encryption key will be detected by at the end of the authentication phase.
In the second part, we assume that the adversary tries to replay the message sent by in phase 2, and try to get information from , the initial information of and are:
Following the operations shown below, this message will directly drop since chosen by are different random values for each session, a replay message can not pass the checking at .
Notice that, we cannot simplify the authentication at . Otherwise, the adversary can replay the same message from , to force to use the same key to encrypt the Data message. Hence, the adversary can later initiate a Redundancy Information Crack.
BAN-GZKP is resistant to Man in the Middle Attack and Guessing Attack.
Proof can intercept messages exchanged between and as a Man in the Middle to try Guessing secret value hold in and , The initial information of is:
Following the operations shown below, can not get any useful information to decrypt message and Guess the content of Data message.
The attempting of decryption will fail because none of information in = contain the secret number .
BAN-GZKP is resistant to Data Replay Attack.
Proof can replay a Data messages from and , and make think the replay message is correctly message. The initial information of and are:
Following the operations shown below, the replay message will directly drop. Since in each session, is different, message encrypted by computed from other session can not be decrypted correctly by :
BAN-GZKP is resistant to Redundancy Information Crack.
Proof can intercept encrypted Data messages sent from and , and make try to decrypt Data message. The initial information of is:
Following the operations shown below, can not get Data information from collecting Redundancy Information of encrypted Data messages.
As is the Data information encrypted by and in each authentication session, change randomly. can not get Data information from Redundancy Information of encrypted Data message.
BAN-GZKP is resistant to DDoS attack at sink.
Proof a may continue send message into its neighbour node to lance a DDoS attack at the sink by let neighbour node forwarding these message to the sink. The initial information of and is:
Following the operations shown below, all the useless transmission initialed from will be blocked at .
As failed the checking at , this message will be dropped directly. thus prevent the DDoS broadcasting into the whole network.
3.3 Memory and Computational Complexity and Energy Consumption
In chaudet2016banzkp, authors prove that BANZKP improves over existing similar schemes in terms of memory requirements, computation complexity and energy consumption. In the following we study the costs of BAN-GZKP compared to BANZKP. In terms of the parameters required to be stored by each node for the initial phase, both the end-to-end and hop-by-hop BAN-GZKP need that source nodes and the sink store the shared value and the initial key . Hence, BAN-GZKP has the same memory complexity as the original BANZKP.
In terms of computational complexity, a complete authentication phase in the original BANZKP require-s four times big number multiplications and five times encryption/decryption. Our BAN-GZKP scheme requires four times big number multiplications, but only three times encryption/decryption. Our scheme pres-ents a better computation complexity for each complete authentication phase.
In terms of energy consumption, the original
BANZKP needs five transmission phases for a complete authentication. Even though our optimal scheme sends an additional field, as a random pointer in exchange phase number 2), BAN-GZKP needs only three transmission phases instead of five. The energy needed to send the value is hence negligible compared to two complete transmissions of BANZKP.
To sum up, the new BAN-GZKP scheme optimizes BANZKP by adding a Random Key Allocation mechanisms and a Hop-By-Hop authentication. Moreover BAN-GZKP has better computational complexity and energy consumption than BANZKP.
4 Analysis of Resilience to Postural Mobility
In the following we analyze the effectiveness of BANZKP and BAN-GZKP schemes face to postural mobility. We therefore consider as case study the convergecast problem where Data messages sent by source nodes are collected by a specific node in the network called sink. We enrich representative convergecast strategies specifically designed for multi-hop WBAN mentioned in badreddine2017convergecast and bu2017total with BANZKP and BAN-GZKP schemes, respectively. Note that the original BANZKP scheme requires an end-to-end authentication where all the authentication messages are transparent to relay nodes. Only the source and the sink can understand these messages; BAN-GZKP is a Hop-By-Hop authentication scheme, where source nodes initiate authentication with their one hop neighbours. If these nodes are chosen to relay Data messages then before relaying these messages they apply the hop-by-hop authentication with their neighbours.
We evaluate the performances of both BANZKP and BAN-GZKP when these schemes are used in a secure convergecast process. Our evaluation focuses the percentage of packets received at sink for various rates of transmissions and various postural mobilities.
In the next section we briefly present the convergecast strategies we evaluate and the way we plugg-ed the BANZKP and BAN-GZKP schemes to these strategies. Then we discuss our simulation results.
4.1 Convergecast Strategies
In badreddine2017convergecast and bu2017total
, authors classify existing convergecast strategies for WBAN into five classes: Multi-Paths based Strategies, Tree-based Strategy, Dynamic Path Strategies, Gossip-based Strategies and
Attenuation-based Strategies. In our study we plug the BANZKP scheme on five different convergecast strategies (one representative per class).
Multi-Paths based Strategies: are based on pre-determined paths and use these overlay paths as a reliability mechanism. An example is All Parents to All Parents (APAP) strategy badreddine2017convergecast. In APAP, each source node sends a message to maximum two pre-determined parents. Each parent then forwards received messages to maximum two of their parents.
Tree-based Strategy: bu2017total pre-constructs seven Best-Path Trees for different human postures shown in Figure 3. Source nodes send messages through these paths to the sink. The pre-constructed Best-Path Trees are computed according to random attenuation distribution of each links.
Dynamic Path Strategies: construct and update a tree-based overlay. The Collection Tree Protocol (CTP) colesanti2011collection is an example of this class. In CTP each node sends additional BEACON messages to update the overlay route from each source to the sink.
Gossip-based Strategies: use flooding. In this class we choose FloodToSink badreddine2017convergecast, where a source diffuses messages to all its neighbours, then continue to forward messages to all their neighbours and so on. In this case, every packet has a parameter, Time to Life (TTL), to limit the number of forwarding.
these strategies are based on the negotiation of the channel attenuation. When a source has packets to send, it broadcasts first a Request (REQ) to ask an estimate attenuation from the receiver to the sink. The receiver of the Request will then send back a Reply (REP) with the required estimate attenuation value. The source will chose the next hop among replying nodes and sends data packets to the chosen one. In this class we investigate strategy MiniAttbadreddine2017convergecast. This strategy choses one node who has the minimal estimate attenuation to the sink; if no Reply has been received for a while, the source will re-send the Request.
In our simulations we use five strategies to represent each class of convergecast strategies: APAP for Multi-Paths based Strategies; FloodToSink for Gossip-based Strategies; MiniAtt for Attenuation-ba-sed Strategies; CTP for Dynamic Path Strategies and Tree-based Strategy to represent itself.
4.2 How BANZKP and BAN-GZKP plugg to convergecast strategies
We explain in Section 4.2.1 and 4.2.2, how BANZ-KP and BAN-GZKP schemes can be plugged to the WBAN convergecast strategies, respectively. The general idea is that before each source node sends any Data packet, it needs to do the authentication with the sink in the BANZKP or with the next hop in the BAN-GZKP, respectively.
4.2.1 Convergecast with BANZKP
In the authentication phase of BANZKP, source nodes need to exchange an authentication message with the sink. However as original convergecase strategies care about only how to flow authentication messages and Data messages from source to the sink (up stream), we need to define how messages flow from the sink down to the source (down stream). In APAP, CTP and Tree-based strategies, messages generated by the sink will follow the opposite route with respect to the up stream exchanges. That is, parents forward messages to their sons until messages reach the sources.
For MiniAtt strategy, for both up stream and down stream, nodes always need from their neighbours attenuation information in order to chose the next hop. The difference is that for up stream, nodes ask the attenuation between the receiver and the sink; for down stream, nodes ask the attenuation information between the receiver and the initial source.
For FloodToSink there is no difference between the up stream and the down stream.
4.2.2 Convergecast with BAN-GZKP
In BAN-GZKP, there is only up stream for Data from the source to the sink, since nodes only authenticate with their one hop neighbours. After the authentication, nodes send Data messages to the authenticated neighbour. So there is no authentication flow during the transmission, only the Data message will be forwarded from the source to the sink as up stream.
Note that, for APAP and FloodToSink, there is always a multi-receiver when a source initiates the authentication. Receivers will reply to the source, the source then continue the authentication exchanging with all of them. But only the neighbour who finished the authentication phase firstly can be chosen as the legal next hop to avoid additional Data message and to respect the original convergecast strategy.
For MiniAtt strategy, the BAN-GZKP scheme can be integrated into the original Attenuation Require-Response scheme as follows: after a source chooses the next hop it begins to initiate the authentication directly with the chosen node.
For CTP and Tree-based strategies, there is only one parent to forward messages. Hence, the authentication is initiated by nodes with their parents.
4.3 Channel and Human Mobility Model
The WBAN model we used in our research is proposed in badreddine2015broadcast. They implement the realistic channel model proposed in IEEEexample:naganawa2015simulation over the physical layer implementation provided by the Mixim framework kopke2008simulating, who provides several extensions of existing simulation frameworks specified for wireless and mobility simulation. This channel model of an on-body channel between nodes, that belong to the same WBAN, uses small directional antennas modeled as if they were away from the body. Nodes are assumed to be attached to the human body on the head, chest, upper arm, wrist, navel thigh, and ankle. In the convergecast strategies we consider six source nodes to send Data as follows: 0) navel, 2) head, 3) upper arm, 4) ankle, 5) thigh and 6) wrist, and one sink node that collects Data, node 1) chest.
Nodes positions are calculated in postures: walking (walk), running (run), walking weakly (weak), sitting down (sit), wearing a jacket (wear), sleeping (sleep), and lying down (lie). Figure 3 shows the positions of sensor nodes change with human mobility human postures within a time period in different postures model IEEEexample:naganawa2015simulation. In each posture, a continuous human action has been device into many frames. Each single human body picture with a corresponding frame number, , in a posture is a screenshot of this continuous human action at the th frame. For example, in posture 1 Walking, the continuous action takes 30 frame, and in the Figure 3, it shows four screenshots at 1st frame, 10th frame, 20th frame and the 30th frame, respectively. The red diamonds in the figures represent sensors on the human body moving with the human mobility.
Channel attenuations are calculated between each couple of nodes for each of these positions as the average attenuation (in dB) and the standard deviation (in dBm). The model takes into account: the shadowing, reflection, diffraction, and scattering by body parts. Naganawa et al.IEEEexample:naganawa2015simulation
studied a cooperative transmission scheme: two-hop relaying scheme. Using the simulated path loss, the performance of such scheme were evaluated by comparing the outage probability using different relay nodes against a direct link between a source and a destination. They advocate for the use of multi-hops communication which has the additional feature that it significantly decreases the transmission power. We thus interested in the network performance when applying BANZKP and BAN-GZKP in different multi-hops on-human communications.
4.4 Simulation Results
In order to evaluate the strategies described above in a realistic WBAN scenario, we implemented them under the OMNeT++ simulator enriched with the Mixim project kopke2008simulating that specifically models the lower network WBAN layers.
We use standard IEEE 802.15.4 protocol as MAC layer. Note that the most recent standard
IEEE 802.15.6 proposed for WBAN considers a star network topology (one hop) and does not take into account the human body postural mobility. As stressed in the introduction we focus multi-hop networks and human body postural mobility.
We consider the following packet rates at the application layer: 1 packet/second, 5 packets/second and 10 packets/second. These values are commonly used in WBAN khan2010wireless. The sensibility of WBAN devices is -100dBm and the transmission power has been set to -60dBm. We stress the studied strategies under a realistic channel model and postural mobility as described above.
We evaluated WBAN performance for each studied convergecast strategy under all seven mobility postures, in term of ratio of packet reception rate, data end-to-end delay and also numbers of transmissions plugged with BANZKP and BAN-GZKP, respectively. Figures from 4 to 93
show network performance in different strategies. In each figure, the red columns represent the original convergecast strategies without applying any authentication scheme; the white columns represent original strategies applying BANZKP; and the blue columns original strategies applying BAN-GZKP. The vertical bars of each column in figures refer to the confidence intervals. Results computed from 200 runs of simulations observation samples. The confidence intervalsis calculated as:
where is 0.005, means the confidence level is 95%, is the number of observation samples and the is the standard deviation of observation samples.
For APAP strategy (see Figures from 4 to 24, a example for posture 1 Walking), by plugging ZKP scheme into the original APAP strategy, the WBAN performance decreases in general: lower ratio of packets reception, higher end-to-end delay and number of the transmissions, due to the additional ZKP authentication scheme added to the original one. When focusing on the comparison between BANZKP and BAN-GZKP, we noticed that BAN-GZKP has higher ratio of reception, lower end-to-end delay and number of transmissions in all the postures except the number of transmissions in the Posture 6 Sleeping, see Figure 23, where BANZKP has fewer number of transmissions than BAN-GZKP. In Posture 6, links between the nearby nodes to the sink may have important channel attenuations due to the obstruction and reflection of human body when sleeping bu2017total. Links who are far away from the sink affected by lower attenuations comparing with links who are close to the sink. In the case of the hop-by-hop BAN-GZKP, data packet has a big chance to be lost when reaching these links close to the sink. That means BAN-GZKP may waste all transmissions of hop-by-hop authentication before the data is finally lost. However in the BANZKP case, there is no transmission wasted, since once the authentication packet is lost, after the timeout, the source node will notice the loss and close this transmission session. The BANZKP thus is better in terms of number of transmissions in Posture 6 Sleeping.
For CTP strategy (see Figures from 25 to 45, a example for posture 1 Walking), we noticed that the performance parameters have the same behaviour as shown in strategy APAP. BAN-GZKP has better performances than BANZKP in terms of ratio of packets reception, end-to-end delay and number of transmissions except the number of transmissions in Posture 6 Sleeping, see Figure 44. The reason is the same as for the strategy APAP: BAN-GZKP may waste more transmissions than BANZKP before a packet gets lost if the link error occurs near the sink. The reason why BANZKP and BAN-GZKP have the same behaviour in both CTP and APAP, respectively is as follows: CTP constructs a tree from each source node to the sink at the initial phase and keeps updating the tree during the transmission; APAP on the other side uses and keeps pre-setted multiple-reception paths. The common point is that both CTP and APAP tend to maintain good routes from sources to the sink. When a node has a packet to send, it can directly send the packets to an already-keep-in-mid next hop.
For MiniAtt strategy (see Figures from 46 to 66, a example for posture 1 Walking), we get lower end-to-end delay and number of transmissions when using BANZKP and BAN-GZKP than the original MiniAtt strategy. That is due to the negotiation nature of MiniAtt strategy: before any transmission, sender has to ask around its neighbours, who could have the smallest attenuation to the sink. That makes data packets generated by nodes far away from sink need more time and more transmissions to reach the sink than data packets generated by nodes close to the sink. The reception of distant packets extends the average of end-to-end delay and the average of number of transmissions comparing with the original strategy. When plugged with the BANZKP and BAN-GZKP, the additional ZKP message exchange makes it harder for distant packets to reach the sink. As the distant packets occurs fewer percentage of the total packets reception, the average of end-to-end delay and number of transmissions can thus reduce. When comparing BANZKP and BAN-GZKP, in the case of MiniAtt, BAN-GZKP always has better ratio of packets reception and number of transmissions. Additionally it has comparable end-to-end delay in all the postures.
For FloodToSink strategy (see Figures from 67 to 87, a example for posture 1 Walking), in general, BAN-GZKP is better than BANZKP, even better than original FloodToSink strategy in terms of number of transmissions. That is because the hop-by-hop BAN-GZKP can limit the flooding transmissions all over the network. In terms of end-to-end delay, BANZKP and the original FloodToSink has varying behaviours in different postures, see Figures 74 and 76
: big variance of end-to-end delay, due to its broadcast nature. In terms of ratio of packets reception, original FloodToSink is better when using any ZKP scheme. However the ratio of the packets receptions decreases much faster in the case of BANZKP and original FloodToSink than in BAN-GZKP who is relatively stable. That is because with the increase of the packets generation rate, the number of the packets sent to the network will increase exponentially and lead to the network congestion.
For TreeBased strategy (see Figures from 88 to 108, a example for posture 1 Walking), where packets will be re-sent several times according the links quality. The fast increase of end-to-end delay in case of original TreeBased strategy in postures 6 and 7 (see Figure 100 for example). That because the general networks links quality are not good in posture 6 and 7 bu2017total, the number of the retransmissions in these two postures are important, which lead to important collisions and backoffs with the increase of the packets generation rate. In general, BAN-GZKP has the lower end-to-end delay and number of transmissions in all the postures. In terms of ratio of packets reception, in posture 1, 2, 4 and 7 (see Figure 88 for example), both BAN-GZKP and BANZKP are stable, and BAN-ZKP is better than BANZKP. However in postures 3 and 5 (see Figure 90 for example), BANZKP is better when the packets generation rate is lower than 5 packets per second and 1 packet per second for postures 3 and 5, respectively ; when the packets generation rate is higher than 5 packets per second and 1 packet per second for postures 3 and 5, respectively, the performance of BANZKP decreases fast. And in posture 6, see Figure 93, both BANZKP and BAN-GZKP decrease fast when the packets generation rate is high. That is due to the retransmission mechanism of the TreeBased strategy, which lead to a high network burden. A flawed link not only lead to a decrease of the ratio of packets reception, but also an important number of retransmissions: that consumes the networks resource. If flawed links appear at the edge of the networks, like in postures 1,2 and 7 (see bu2017total), a hop-by-hop BAN-GZKP will limit the waste of the local retransmissions. But if the flawed links appear close to the sink, like in postures 3, 5 and 6, the BAN-GZKP could waste an important number of transmissions, according to the analyze for strategy APAP and CTP. For the end to end BANZKP, the flawed links do not have an important influence. The defects will be enlarged by the retransmission mechanism of TreeBased strategy. The performance of the BAN-GZKP has important variance in defects-enlarged links (by retransmission mechanism) if links defects occur close to the sink.
In this paper we proposed a new ZKP-based security scheme specifically designed for WBAN networks. Our scheme, BAN-GZKP uses three ingredients: a novel random key allocation which makes it resilient to the replay attack and redundancy information crack, a hop-by-hop authentication scheme which makes it resilient to DDoS attacks at sink and a ZKP exchanging optimisation to further reduce the number of transmissions. Our BAN-GZKP improves, without any additional cost, the security level of the best ZKP scheme designed so far for WBAN networks. Moreover, when BAN-GZKP is used in order to secure existing convergecast protocols their performances are drastically improved compared to the case when BANZKP is used.