Physiological Values for Security for Body Sensor Network

Department of Computer Science and Engineering, Arizona State University

Faculty Advisor

Sandeep K.S. Gupta
Department of Computer Science and Engineering
Arizona State University

Present Students



BSN is a critical cyber physical system. The critical nature of BSN accounts from their application in life saving infrastructures as in medical monitoring of victims in emergency scenarios as well as in long term monitoring of diseased patients. As BSNs deal with personal health data, securing them, especially their communication over the wireless link, is equally critical. Lack of adequate security features may not only lead to a breach of patient privacy but also potentially allow adversaries to modify actual data resulting in wrong diagnosis and treatment. Again since BSN is a critical infrastructure its deployment should be easy and fast. In other ways its operation should be plug_and_play. In this research we endeavor to secure inter-sensor communication in a BSN using physiological values as key source. We propose that Physiological Values based Security (PVS) must have the following properties to ensure effective operation

We envision Ayushman to meet the following set of goals:

  • The physiological value used to generate the keys must be universally measurable.
  • The keys generated should be random (high entropy)
  • The keys should be time invariant
  • The physiological values chosen must generate long enough keys with high entropy so that they cannot be easily brute forced.
  • Keys generated from a physiological value should be distinctive for different people.


The scheme that we propose is called EKG based Key Agreement protocol (EKA) and it consists of 2 parts:

  • Feature Generation
  • Key Agreement

Feature Generation: We perform a frequency domain analysis of EKG signals for generating the features. This is because the frequency components of physiological signals, at any given time, have similar values irrespective of where they are measured on the body. A time domain analysis showed that the values of two EKG signals measured at different parts of the body (at different leads) have similar trend but diverse values. The feature generation is executed by the two sensors, by sampling the EKG signal simultaneously, at a specific sampling rate for a fixed duration of time (250Hz and 5 seconds, respectively in our case). In order to remove measurement artifacts the signal is smoothed by removing the frequency components that do not contribute much to the overall power of the signal. The five second sample of the EKG signal (producing 1250 samples) is then divided into 5 parts of 250 samples each. A 256 point Fast Fourier Transform (FFT) is then performed on each of these parts. The first 128 FFT coefficients (due to the symmetric nature of the spectrum) of each of the 5 parts are concatenated to form a feature vector F of 640 coefficients. The process is illustrated in the figure below. Each sensor divides the feature vector into 20 blocks of 32 coefficients each. Then these 32 coefficients are quantized to 12 levels and converted to 4 bit binary numbers. Thus at the end of the Feature Generation phase each sensor has 20 blocks of 128 bit binary stream generated from their frequency domain EKG features.

Key Agreement: The Key agreement process consists of 3 parts:

  • Commitment Phase
  • Processing Phase
  • De-commitment Phase
In the commitment phase each node hashes its blocks and sends it to the other sensor for key generation. This process of block exchange is secured by using a one way hash function such as SHA 256. The complete protocol for key exchange is depicted in the figure. In the processing phase on each sensor node the block received are compared with each other to extract common blocks between the 2 sensors. This is done by constructing a matrix W where each element W(i,j) of the matrix is the hamming distance between the ith block of sensor 1 and the jth block of sensor 2.In the De-commitment phase each sensor hash the KeyMat and use it as the key for further communication. The sensors first verify the MAC in the messages received in de-commitment phase using the keys generated at both end. If the MAC verification occurs successfully then the sensors use the keys for communication. Figure below shows the process.

Key Generation Process


Results: For testing our EKA scheme we used long term EKG data of 10 normal patients from the MIT Physio-bank database.

  • Length of the keys generated. : KeyMat is the source of the keys for both the communicating sensors. Now the sensors hash KeyMat and use it as the key. The hashing function used in our experiments was the SHA-256. Hence the size of the key is 256 bit. However to brute force the key one only need to brute force the individual blocks. Hence the effective length of the key is equal to the length of each block. Since one block contains 32 coefficient values and each coefficient gets quantized into 4 bit binary number hence the effective length of the key is 128 bit. Hence our algorithm generates a 128 bit key.
  • Distinctiveness of the keys: Distinctiveness of the keys were tested by running the EKA algorithm on EKG signals from 2 leads over 31 patients data at 100 random time stamps. We found out the hamming distance between the keys generated from lead 1 of patient i and lead 2 of patient j for all pairs of patients. With this data we generated a 31 by 31 matrix whose color map represents the hamming distance between the keys.
  • Difference between Keys Generation between different People

    This shows that for the same person sensor 1 and sensor 2 generates equal keys however for 2 different persons the key generated from a sensor in person 1 and a sensor in person 2 are different by almost 50%.
  • Randomness of the keys: To evaluate the randomness of the keys we calculated the entropy of each key generated and also carried out the Runs test. The average entropy of the keys was 0.98 which signifies that 1 s and 0s are uniformly distributed in the key. While performing Runs test only 2% of the keys failed Runs test which suggests that most of the time the keys were free of long Runs of any particular sequence.
  • Average Entropy of Keys Generated Each Subject


  • K. Venkatasubramanian, A. Banerjee, S. K. S. Gupta, Green and Sustainable Cyber Physical Security Solutions for Body Area Networks In Proc. of 6th Workshop on Body Sensor Networks (BSN'09), Berkeley, CA, June 2009. (Accepted for Publication) [PDF|PPT]

  • A. Banerjee, K. Venkatasubramanian, S. K. S. Gupta, Challenges of Implementing Cyber-Physical Security Solutions in Body Area Networks In Proc of International Conference on Body Area Networks (BodyNets'09), Los Angeles, CA, April 2009.[PDF|PPT]

  • Krishna K. Venkatasubramanian, Ayan Banerjee, Sandeep K. S. Gupta, Plethysmogram-based Secure Inter-Sensor Communication in Body Area Networks In Proc of IEEE Military Communications Conference (MILCOM'08), San Diego, CA, November 2008.[PDF|PPT]

  • Krishna Kumar Venkatasubramanian, Ayan Banerjee, Sandeep Gupta, EKG-based Key Agreement in Body Sensor Networks, In Proc. of 2nd Mission Critical Networks Workshop, IEEE Infocom Workshops, Phoenix, AZ, April 2008. [PDF| PPT]

  • K. Venkatasubramanian, S. K. S. Gupta, Security For Pervasive Health Monitoring Sensor Applications In Proc. of 4th International Conference on Intelligent Sensing and Information Processing (ICISIP'06), Bangalore, India, December 2006, pp 197-202 [PDF| PPT] (Received Best Paper Award)
  • Sriram Cherukuri, Krishna K. Venkatasubramanian, Sandeep K. S. Gupta, BioSec: A Biometric Based Approach for Securing Communication in Wireless Networks of Biosensors Implanted in the Human Body, In Proc. of International Conference on Parallel Processing Workshops, 2003, October 6-9, 2003, Kaohsiung, Taiwan. [PDF]

Home | Projects | People | Publications | Courses | Resources | Books | News & Visitors | Contact

Last Updated: 12th May 2008