Abstract
This paper describes a security protocol and proof-of-concept implementation for wearable medical sensor devices that are deployed in hospitals. The sensor device measures the patient’s vital sign parameters and sends them to the hospital server, such that the data can be processed and stored in the EMR (Electronic Medical Record) of the patient. The proposed security protocol is based on symmetric-key cryptography and addresses the challenges of anonymity, unlinkability, mutual authentication and perfect forward secrecy. Moreover, it relies on decentralised authentication, avoiding an authentication server to be the single point of attack. Besides offering strong security features, the proposed protocol and implementation take into account that sensor devices are typically constrained with respect to communication bandwidth and computation power. Therefore, these parameters are evaluated in addition to the security analysis of the presented protocol. Our solution gives stronger security guarantees than related work, while featuring a comparable computation overhead and the lowest communication overhead.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs12553-021-00527-9/MediaObjects/12553_2021_527_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs12553-021-00527-9/MediaObjects/12553_2021_527_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs12553-021-00527-9/MediaObjects/12553_2021_527_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs12553-021-00527-9/MediaObjects/12553_2021_527_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs12553-021-00527-9/MediaObjects/12553_2021_527_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs12553-021-00527-9/MediaObjects/12553_2021_527_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs12553-021-00527-9/MediaObjects/12553_2021_527_Fig7_HTML.png)
Similar content being viewed by others
References
Parliament E. Regulation (eu) 2016/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation). Off J Eur Union. 2016;(679):88. https://eur-lex.europa.eu/eli/reg/2016/679/oj.
Kumar P, Braeken A, Gurtov A, Iinatti J, Ha PH. Anonymous Secure Framework in Connected Smart Home Environments. IEEE Trans Inf Forensics Secur. 2017;12(4):968–79. https://doi.org/10.1109/TIFS.2016.2647225. http://ieeexplore.ieee.org/document/7803595/.
M. Shuai, B. Liu, N. Yu, and L. Xiong. Lightweight and Secure Three-Factor Authentication Scheme for Remote Patient Monitoring Using On-Body Wireless Networks. Security and Communication Networks, 2019:1–14, June 2019. https://doi.org/10.1155/2019/8145087. https://www.hindawi.com/journals/scn/2019/8145087.
Gupta A, Tripathi M, Shaikh TJ, Sharma A. A lightweight anonymous user authentication and key establishment scheme for wearable devices. Comput Netw. 2019;149:29–422. https://doi.org/10.1016/j.comnet.2018.11.021. https://doi.org/10.1016/j.comnet.2018.11.021.
Chen CM, Xiang B, Wu T-Y, Wang K-H. An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks. Appl Sci. 2018;8(7):1074. https://doi.org/10.3390/app8071074. http://www.mdpi.com/2076-3417/8/7/1074.
Winderickx J, Bellier P, Duflot P, Coppieters D, and Mentens N. WiP: Communication and security trade-offs for wearable medical sensor systems in hospitals. In Proceedings of The ACM SIGBED International Conference on Embedded Software (EMSOFT), New York, NY, USA, ACM. 2019. p. 2.
Dolev D, Yao A. On the security of public key protocols. IEEE Trans Inf Theory. 1983;29(2):198–208. https://doi.org/10.1109/TIT.1983.1056650. http://ieeexplore.ieee.org/document/1056650/.
Braeken A, Liyanage M, Kumar P, Murphy J. Novel 5G Authentication Protocol to Improve the Resistance Against Active Attacks and Malicious Serving Networks. IEEE Access. 2019;7:64040–522. https://doi.org/10.1109/ACCESS.2019.2914941. https://ieeexplore.ieee.org/document/8706883/.
Rubin A, Honeyman P, Nonmonotonic cryptographic protocols. In Proceedings The Computer Security Foundations Workshop VII, pp. 100–116, Franconia, NH, USA, IEEE Comput. Soc: Press; 1994. http://ieeexplore.ieee.org/document/315943/.
Xu Y, and Xie X. Analysis of Authentication Protocols Based on Rubin Logic. In 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing, Dalian, China, IEEE, 2008:1-5. https://doi.org/10.1109/WiCom.2008.1120. http://ieeexplore.ieee.org/document/4679028/.
Texas Instruments Incorporated. Msp432p4011: Simplelink ultra-low-power 32-bit arm cortex-m4f mcu with precision adc, 2mb flash and 256kb ram, 2019. http://www.ti.com/product/MSP432P4011.
Texas Instruments. CC3120 SimpleLink Wi-Fi Wireless Network Processor, Internet-of-Things Solution for MCU Applications, 2017. http://www.ti.com/lit/ds/swas034/swas034.pdf.
Winderickx J. Energy-efficient and secure implementations for the IoT, 2020. https://lirias.kuleuven.be/retrieve/567362.
Funding
This work was funded by the WearIT4Health project which is carried out under Interreg V-A Euregio Meuse-Rhine and is supported by the European Union and the European Regional Development Fund and with financial support of the province of Limburg - Belgium. This work was also supported by CyberSecurity Research Flanders with reference number VR20192203.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
The authors declare that they have no conflict of interest.
Rights and permissions
About this article
Cite this article
Winderickx, J., Braeken, A. & Mentens, N. Enhanced end-to-end security through symmetric-key cryptography in wearable medical sensor networks. Health Technol. 11, 511–523 (2021). https://doi.org/10.1007/s12553-021-00527-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12553-021-00527-9