1 Introduction

A wireless body area network(WBAN) is a wireless sensor network comprising wearable devices capable of sensing specific physiological parameters and performing computation. The wearable devices may be embedded inside the human body or placed in a specific position on the body to sense its vital parameters [12]. WBAN finds its application in sports and the military to monitor an athlete’s and soldier’s physical conditions; in security to secure a particular device using certain vital parameters; in healthcare to monitor human health conditions or to provide interfaces between devices and disabled people. WBAN can also be used to provide input to computer interfaces like a mouse, keyboards, etc. These inputs are used to control the device or to perform certain actions [3,4,5,6].

Due to the advances in wireless communication, low-power integrated circuits, and sensor technologies, the sensor can monitor and record biometric data remotely. By constantly monitoring the patient’s health condition, prevention and early detection of threats are possible, which helps enhance the quality of life. WBAN addresses some of the challenging issues, such as device standardization [7], Quality of service (QoS), power supply, data security, and data privacy concerns. Among all the issues, security and privacy of the data transmitted are essential and require special attention in WBANs for health care applications.

Figure 1 [8] indicates the typical wireless body area network communication for healthcare applications. In WBANs, the measured physiological parameters are transmitted to the monitoring station using intermediate devices over the internet or a cellular network. With a patient’s private health information moving in a wireless medium to reach the intermediate devices and then to the health care server, safeguarding this information becomes essential [9]. Suppose the data being communicated was captured by an unauthorized person and modified; it could prove fatal to the patient since critical medical decisions are to be taken looking into the information received. Therefore a significant focus on research in the area of security of the data in WBANs [10] is required. Security can be provided by encrypting the data before transmitting.

In the proposed work, Keys are generated, which can be used for encryption purposes to obtain security for the medical data transmitted. Since encryption should use as few computations as possible, unique key generation becomes critical. Hence, the uniqueness and distinctiveness of the key generated are proved using hamming distance, and hence the technique of key generation is indicated as efficient.

The functional requirements of WBANs are discussed in the paper in Sect. 2. Section 3 indicates the literature survey performed for the generation of the security keys. In Sect. 4, the methodology used for the key generation is explained. Section 5 indicates the results and analysis of the work. In Sect. 6, the conclusion for the work is indicated.

Fig. 1
figure 1

Typical wireless body area network communication

Full size image

2 The Functional Requirements of WBAN

The advanced encryption algorithms used for wireless network security do not find their application in WBANs. This is because wearable devices are small devices placed on the body of a person, and due to this, they have extreme power and memory constraints [1110]. Thus, it becomes essential to use encryption and decryption algorithms and key generation schemes that have fewer computation requirements and utilize fewer resources to achieve the required security. The following are the functional requirements in a wearable communication environment [1213].

  • Low communication cost: In a WBAN, wearable devices use limited resources. Therefore, messages transmitted during communication among the various devices involved should be kept to a minimum.

  • Low computation cost: WBAN requires lightweight operations such as symmetric key cryptographic operations, bitwise XOR, one-way hash, etc., to design a lightweight security protocol as there is a requirement to reduce the computation cost of the wearable devices.

  • Low storage cost: As the human body is attached to wearable devices, it should be as light as possible. It is desirable to have a memory capable of storing only a minimum but sufficient amount of information.

3 Literature Survey

The following literature survey was performed to identify the algorithm that can be used for detecting R peak from the ECG signal and also to identify the best-suited random number generation algorithm. The existing key generation methods used in wireless body area networks are discussed.

Raul Alonso Alvarez et al. [14] have compared three QRS detection algorithms: the Pan and Tompkins algorithm, the Phasor-based algorithm, and the Hamilton and Tompkins algorithm, to identify which gives better performance. The three algorithms were compared based on sensitivity, predictivity, and RR error, and it has been shown that the Pan-Tompkins algorithm gave the best result.

Arefin M. Riadh et al. [15] proposed in the paper based on the dual-slope technique, a QRS complex detection algorithm. This algorithm is appropriate for wearable ECG applications. The proposed algorithm was compared with the Afonso and Pan Tompkins QRS detection algorithms. The results demonstrate that the positive predictivity and sensitivity of R peaks are more for the Pan Tompkins algorithm when compared to the other two algorithms.

Ding et al. [16] proposed in the paper the comparison between 13 random number generators to obtain their influence on the optimization performance by applying it to particle swarm optimization(PSO) [17], which is an intelligent optimization algorithm. It is observed in the paper that the most efficient random number generator is the Mersenne Twister algorithm.

Kamalika Bhattacharjee et al. [18] proposed verifying various random number generators and ranking the existing generators. The pseudo-random number generators are classified into three categories: linear feedback shift register, linear congruential generator, and cellular automata. From each category, pseudo-random number generators have been selected for empirical testing. For each pseudo-random number generator, two forms of empirical testing have been done: blind statistical tests and the other is graphical tests. After this, the selected PRNGs are ranked based on their performance in all the empirical tests. According to the tests conducted in the paper, among all the selected PRNGs, the SFMT-64 bit generator is shown to be the best pseudo-random number generator.

Rohit Khokher and Ram Chandra Singh [19] proposed a system made up of two phases: the registration phase and the authentication phase. A biometric security key is produced during the registration phase using the modified triple DES algorithm and Hamming Distance. The generation of a security key, verifying, authentication, and performance have been calculated for the R-R interval in the ECG signal, which is obtained from the MIT-BIH database. The performance of the security key produced has been verified based on factors like false acceptance ratio (FAR), false rejection ratio (FRR), accuracy and genuine acceptance ratio (GAR). The simulation results for various length biometric security keys like 64-bit, 128-bit, and 256-bit are calculated. In work, the operations used for generating the key are addition and XOR operations.

Garcia-Baleon et al. [20] proposed in the paper a 128-bit key generator that is wavelet-based using electrocardiogram (ECG) signals. The security key generator includes two independent phases: the enrollment phase and the verification phase. In the centralized database, a collection of samples from various ECG signals are registered. Then the ECG sample is matched with the records that are available in the centralised database. The 128-bit key is calculated if there is a match. Once the verification step is over, 32 coefficients are created. These coefficients are 128-bit vectors obtained by representing each coefficient using 4 bits. Three temporal keys are generated and added to get the last 128-bit key. The performance of the security key generator is evaluated using ECG values taken from the MIT-BIH database. The simulation outcomes indicate a false reject rate (FRR) of 18.1% and a false accept rate (FAR) of 22.3%. In work, the operations used for the key generation are addition and XOR.

Karimian et al. [21] proposed in the paper a key generation approach in which keys are generated from ECG features. On ECG signals, an interval-optimized mapping bit allocation (IOMBA) technique is used for key generation, with feature extraction performed using the wavelet transform. It has been shown in the paper that 38-bit, 100-bit, and 217-bit keys can be extracted from ECG signals with 97.4, 95, and 99.9% average reliability and high entropy.

Sampangi et al. [10] proposed two security suites, IAMKeys and KEMESIS, for the Wireless body area network. Five reference data frames are stored on the sender and receiver sides during the WBAN deployment period. The two security suites make use of two keys, K1 and K2. Randomly, one of the five reference frames is selected, and from the randomly selected reference frame, a random field is selected to generate a random Key K1. The key, K2, is the logical inversion of the key K1. The concept of stream and block ciphers are combined in the encryption process. For IAMKeys, it makes use of both the keys K1 and K2. However, for KEMESIS, it uses one of the keys. These schemes depend on the system to create randomness in the first reference data frames for the key generation. The key is generated at both the sender and the receiver, and all sensors use the same key.

M. V. Karthikeyan et al. [22] presented in the paper, the key generation method from ECG signal using an ECG signal based key generation scheme called secure force (SF) algorithm. It is analyzed and shown that theoretically the scheme is unbreakable. The scheme generates four distinct keys, using which encryption is performed. In work, the key generated uses OR, AND, NOR, XNOR, SWAPPING, and SHIFTING operations.

Sanaz Rahimi Moosavi et al. [23] proposed two different cryptographic key generation approaches using ECG signal. The first method performs feature extraction after preprocessing the ECG signals. An interpulse interval is calculated for the extracted feature. Later, a 128-bit binary sequence is obtained using pulse code modulation, which is XORed with the randomly generated number. The second method generates a 128-bit cryptographic key using the AES-128-bit block cipher. The series of two 128-bit binary are produced and given as the inputs(seeds) to the AES algorithm. Initially, the seed generated is taken as input data to the AES block cipher, and for representing encryption or decryption key, the seed generated later is used. The output of the block is the cryptographic key. In the work, the key is generated using Shifting and XOR operations and uses the AES algorithm for the key generation.

Table 1 Analysis of literature survey
Full size table

Table 1 indicates an analysis of the literature survey performed to identify the operations carried out by the wearable devices for the generation of keys. Also, identify the input given to the key generation algorithm. In addition, in the works discussed, the wearable devices in WBAN are given the same session key for data encryption. Suppose one of the devices compromises itself with the attacker; it is equivalent to all the wearable devices compromising with the attacker as the keys of all the devices are known to the attacker. Hence, there is a requirement to maintain different session keys for securing the data for wearable devices. Also, these session keys must be generated with minimum computations. The keys generated should be unique, random, and use the minimum computation that makes it efficient. Therefore, the work aims to design and implement efficient key generation techniques for wireless body area networks.

4 Methodology

In the proposed work, the body area network consists of one wearable device controller and multiple wearable devices. All the wearable devices will have a device ID and a wearable device controller ID. The wearable device controller has all the wearable device IDs. Since the body area network should use minimum resources, the key for encrypting the data to be communicated between wearable devices and the wearable device controller is generated using minimum computations. In work, a symmetric key is obtained which can be used to encrypt the data.

While considering the functional requirements of WBAN when performing encryption and decryption, obtaining a unique and efficient key for encryption becomes important. If the key generated is strong, then the encryption becomes efficient. There are different ways in which keys can be generated. In the work, a biometric way of key generation is performed. A biometric system automatically recognizes an individual based on the person\('\)s biometric characteristics [26]. The biometric data consists of iris, face, DNA, ECG, palm print, fingerprint and behavioral features such as signature and voice. A biometric-based key generation method considers the physiological and behavioral parameters of the patient in the key generation process. These keys generated are called biometric keys, and as they are unique, their effectiveness in the key generation scheme increases. The advantages of biometric keys are that they need not be remembered, are extremely hard to replicate, and cannot be easily guessed [27].

In this work, the ECG signal is used for a key generation as it is unique for a given person. Also ECG signal indicates the vitality of the person when compared with the other biometric parameters. The ECG is a time-varying signal that is formed due to the electrical movement of the heart over period, indicating the complete rhythm of the heart. The frequency of an ECG signal varies from 0.5 to 150 Hz [28] and can be obtained from surface electrodes. The frequency ranges 0.5–40 Hz carries most information about the ECG signal. It comprises of various segments, of which the QRS interval is the most important. Due to the electrical depolarization of the ventricular muscles, the QRS complex is produced. The cardiac cell will be in a polarized state with a negative charge present within the cell during normal conditions. During the time of depolarization, the negative charge will be dispersed and will result in a signal that will spread the depolarization from one cell to another. The variation in potential is sensed and is then noted by making use of a surface ECG electrode. The ECG signal is made up of different peaks like P, Q, R, S, T, U, and V out of which, the R peak is the one with the highest magnitude. A typical ECG waveform is represented in Fig. 2 [28].

Fig. 2
figure 2

ECG signal represented in time domain

Full size image

The proposed work generates four levels of keys that can be used to provide the confidentiality of sensor data. The keys generated are K\(_{\text {ecg}}\), K\(_{\text {master}}\), K\(_{\text {s}}\), and K\(_{\text {si}}\). K\(_{\text {ecg}}\) is the key generated and stored in the wearable device controller during the device’s inception. Key K\(_{\text {ecg}}\) is generated using ECG data of the person to whom the wearable device will be attached.

Using the key K\(_{\text {ecg}}\), the next level key K\(_{\text {master}}\) is generated. Using the key K\(_{\text {master}}\), K\(_{\text {s}}\), a common session key is generated and can be distributed to wearable devices. Using the session key K\(_{\text {s}}\), the session key K\(_{\text {si}}\) for individual wearable devices attached is calculated.

ECG information from MIT-BIH Arrhythmia Database is passed through a Pan Tompkins QRS detector to obtain R peaks. The database contains 48 half-hour ECG recordings obtained from 47 subjects. The recordings were converted to digital values considering 360 samples per second per channel and taking 11-bit resolution over a 10 mV range [29].

The block diagram of the Pan Tompkins QRS detection algorithm is presented in Fig. 3. The algorithm comprises of three steps. The first step is linear digital filtering, where a bandpass filter, a derivative filter, and a moving window integrator are used. In the second step, a nonlinear transformation is performed where the signal amplitude is squared. The third step is to use a decision rule algorithm where adaptive thresholds and techniques for discriminating T waves are used.

The ECG signal is initially sent through the bandpass filter, which comprises a low-pass filter and a high-pass filter [30]. The bandpass filter is used to decrease the effect of noise. Next, the signal is made to pass through the derivative filter, where the signal is differentiated to get the QRS segment. After performing differentiation, the signal is squared point by point to make all the points in the signal positive and perform nonlinear amplification of the signal coming out of the derivative filter. It also helps to limit false positives produced by the T waves. Feature information about the waveform, like the width of the QRS complex and the R wave’s slope, is obtained using moving window integration.

Fig. 3
figure 3

Block diagram of Pan Tompkins algorithm

Full size image

Figure 4 represents a block diagram for the generation of different keys from ECG data in the projected work.

Fig. 4
figure 4

Generation of various keys

Full size image

4.1 Generation of Key K\(_{\text {ecg}}\)

Using the SFMT random number generator, the R peak is randomly selected from the R peaks obtained using the Pan Tompkins algorithm. There are three different varieties of random number generators [16]: Quasi-random number generators (QRNGs), True random number generators (TRNGs), and Pseudorandom number generators (PRNGs). The design of QRNGs involves filling n-dimensional space uniformly with points. Although they are very useful in optimization, they are not widely used. TRNGs make use of physical components to generate strictly unpredictable numbers. These types of generators generally need the support of hardware and are usually unrepeatable and slow. A PRNGs is a deterministic algorithm that generates a series of pseudorandom numbers that satisfy most of the statistical properties of a truly random sequence. The most widely used RNG of the three random number generators is PRNGs.

Mersenne Twister algorithm is used in the work as it is shown as the most efficient random number generator in the paper [16]. The Mersenne Twister (MT) is a variant of a pseudorandom number generator. The period length of the Mersenne Twister is a Mersenne prime [31]. Figure 5 shows the block diagram of Mersenne Twister, which uses two steps to generate the Pseudo-random number: recurring and tempering. In recurring, the linear feedback shift register (LFSR) is used to generate each state bit using recursion. The shift register is made up of 624 elements. Each element size is 32-bit. The tempering parameters are chosen to satisfy the k-distribution test.

The Mersenne Twister algorithm produces a series of word vectors that indicate even pseudo-random integers and lie between 0 and \(2^{w}\) − 1 where, w is the width of a word vector [32]. \(2^{nw-r}\) − 1 is a Mersenne prime where n is the degree of recurrence. For a word y having width w, the recurrence relation is defined as:

$$\begin{aligned} y_{k+n} = y_{k+m} \oplus (y_{k}^{u} \vert \vert y_{k+1}^{l})A k=0,1,... \end{aligned}$$
(1)

Where \(\vert \vert\) is the concatenation of bits and \(\oplus\) is bitwise XOR,\(y_{k+1}^{l}\), \(y_{k}^{u}\) are lower r bits and upper (w-r) bits of \(y_{k+1}\) and \(y_{k}\) respectively. Matrix A which is the twist transformation is defined as:

$$\begin{aligned} A=\begin{bmatrix} 0 &{} I_{n-1}\\ a_{n-1} &{} (a_{n-2,...a_{0}})\\ \end{bmatrix} \end{aligned}$$
(2)

\(I_{n-1}\) is the (n − 1) * (n − 1) identity matrix (where addition is replaced with bitwise XOR). The rational normal form can be expressed as:

$$\begin{aligned} yA = {\left\{ \begin{array}{ll} shiftright(y) by 1 &{} \text {if}\, y_{0}=0\\ shiftright(y) by 1 \oplus a&{} \text {if}\, y_{0}=1 \end{array}\right. } \end{aligned}$$
(3)

where

$$\begin{aligned} y=(y_{k}^{u} \vert \vert y_{k+1}^{l}) k=0,1,... \end{aligned}$$
(4)

where a = (\(a_{w-1}\), \(a_{w-2}\), ..., \(a_{0}\)), y=(\(y_{w-1}\), \(y_{w-2}\), \(...\) \(y_{0}\)).

To improve v-bit accuracy from k-distribution, every word produced is multiplied by invertible matrix T (with size w x w) from the right. For tempering the matrix y to z = yT, the following conversions are considered:

$$\begin{aligned}{} & {} q=y \oplus (y>>u) \end{aligned}$$
(5)
$$\begin{aligned}{} & {} q=q \oplus (q<< s) \& b \end{aligned}$$
(6)
$$\begin{aligned}{} & {} q=q \oplus (q<< t) \& c \end{aligned}$$
(7)
$$\begin{aligned}{} & {} p=q \oplus (q>> l) \end{aligned}$$
(8)

where \(>>\), \(<<\) are bitwise right and left shifts, respectively, & is bitwise AND, and u, d, s, b, t, c and l are the coefficients for mersenne twister. Inorder to increase the lower bit equidistribution, addition is performed between the first and the last transforms.

Fig. 5
figure 5

Block diagram of mersenne twister

Full size image

Single instruction multiple data-oriented fast mersenne twister (SFMT) is the 128-bit modified version of the Mersenne twister where parallel processing can be carried out like multi-stage pipelines and single instruction multiple data (SIMD). It is two times faster than the original Mersenne twister as it uses block-generation functions and SIMD operations, using which 32-bit integer arrays are filled at a time. It supports various periods from \(2^{607}\) − 1 to \(2^{216091}\) − 1 with a better dimensional equidistribution property of accuracy when compared with Mersenne Twister.

As shown in Fig. 6, 16 samples between the randomly selected R peak using an SFMT random number generator and the immediate next R peak are obtained. Each sample is represented using 8-bits to form a 128-bit value K\(_{\text {ecg1}}\).

The process is repeated by randomly selecting R peaks to obtain two more sets of 128-bit values, K\(_{\text {ecg2}}\) and K\(_{\text {ecg3}}\). All the three 128-bit values are then XORed to obtain the Key K\(_{\text {ecg}}\), which is a 128-bit key to randomize the generation of the key.

$$\begin{aligned} K_{\text {ecg}} = K_{\text {ecg1}} \oplus K_{\text {ecg2}} \oplus K_{\text {ecg3}} \end{aligned}$$
(9)
Fig. 6
figure 6

ECG key generation

Full size image

4.2 Generation of Key K\(_{\text {master}}\)

The key K\(_{\text {master}}\) is generated and is present only at the wearable device controller. It is a 128-bit key that is generated using the key K\(_{\text {ecg}}\). As shown in Fig. 4, to obtain the key K\(_{\text {master}}\), K\(_{\text {ecg}}\) is XORed with the random number generated using SFMT random number generator. For generating a 128-bit random number, randomly, a byte from the key K\(_{\text {ecg}}\) is selected and is given as the seed to the SFMT random number generator.

$$\begin{aligned}{} & {} Random number = SFMTPRNG(K_{\text {ecg}(8 bits seed)}) \end{aligned}$$
(10)
$$\begin{aligned}{} & {} K_{\text {master}} = K_{\text {ecg}} \oplus Randomnumber \end{aligned}$$
(11)

4.3 Generation of Session Key K\(_{\text {s}}\)

Common session key K\(_{\text {s}}\) is generated at the wearable device controller and is a 128-bit key that is produced using the key K\(_{\text {master}}\). It is the key that is distributed to all the wearable devices that are connected to the wearable device controller.

To obtain the key K\(_{\text {s}}\), as shown in Fig. 4, K\(_{\text {master}}\) is XORed with the 128-bit random number generated using SFMT random number generator. A randomly selected byte from K\(_{\text {master}}\) is used as the seed by the random number generator for generating the random value.

$$\begin{aligned}{} & {} Random number = SMFTPRNG(K_{\text {master}(8 bits seed)}) \end{aligned}$$
(12)
$$\begin{aligned}{} & {} K_{\text {s}} = K_{\text {master}} \oplus Random number \end{aligned}$$
(13)

4.4 Generation of Session Key K\(_{\text {si}}\) for Device i

Wearable devices generate the key K\(_{\text {si}}\). Each wearable device has a session key generated using the key K\(_{\text {s}}\). As shown in Fig. 7, the Session key K\(_{\text {s}}\) is XORed with the Device ID to obtain the key K\(_{\text {si}}\), which is a 128-bit session key for the device i.

Fig. 7
figure 7

K\(_{\text {si}}\) key generation

Full size image

The device ID is a 128-bit value obtained by taking 16 samples between a randomly selected R peak and the immediate next R peak of the ECG data. Each sample is represented using 8 bits. The device ID is generated during the inception of the device.

$$\begin{aligned} K_{\text {si}} = K_{\text {s}} \oplus Wearable device ID \end{aligned}$$
(14)

The novelty of the work lies in generating ECG Key by XORing the samples obtained from the randomly selected R-peaks. Also, by generating different session keys for different wearable devices with minimum computations which is not indicated in any of the literature surveys performed.

5 Results and Analysis

An ECG signal indicates the mortality of the person, i.e., it indicates that the person was alive at the time of the inception of the device. This, in turn, avoids the false entry of the ECG data into the devices. The ECG signal is unique, and since ECG is used for key generation, the key generated is also unique for a given ECG signal. In this section, an analysis of all the four keys generated is performed.

5.1 Random Selection of R Peaks

For K\(_{\text {ecg}}\) key generation, the three R peaks are selected randomly. If an unauthorized person tries to obtain the R peaks, this makes predicting R peaks for key generation difficult.

Also, for the calculation of wearable device ID, a random R peak is selected. Due to this, the prediction of device ID becomes difficult. Also, the device ID is required for the calculation of the key K\(_{\text {si}}\), which is used for encryption of the patient information. Therefore, predicting the key K\(_{\text {si}}\) becomes difficult for the attacker.

5.2 Complexity Analysis of the Proposed Work

R peaks used for the key generation, samples taken between the R peaks, the number of operations performed, and the size of the keys generated are constant. Therefore, the time required for all the key generation algorithms is O(1), a constant time duration.

5.3 Comparison Between the K\(_{\text {ecg}}\) Keys Generated from the Same ECG Data

For analysis of the K\(_{\text {ecg}}\) generated, various K\(_{\text {ecg}}\) keys are generated from the same ECG data taken from the MIT-BIH Arrhythmia Database. Generation of the key is performed using MatLab. Figure 8 represents the comparison result between ten K\(_{\text {ecg}}\) keys produced from the same ECG data. In the figure, the X axis indicates various K\(_{\text {ecg}}\) keys generated. All the ECG keys generated are compared with one another. While comparing, if the keys generated are different along the Y axis, zero (False) is indicated. Else, one (True) is indicated. It is observed from the figure that the keys generated are different and, therefore, unique.

Fig. 8
figure 8

Comparison of keys generated from ECG signal

Full size image

5.4 Comparison Between the K\(_{\text {ecg}}\) Keys Generated from Different ECG Data

Various K\(_{\text {ecg}}\) keys are generated for different ECG data for analysis. Figure 9 represents the comparison result of K\(_{\text {ecg}}\) keys that are generated from three different ECG datasets. For comparison, ten keys are generated from the ECG data. All the ECG keys generated are compared with one another.

The keys generated are represented along the X axis; if the keys generated are different along the Y axis, zero (False) is indicated. Else one (True) is indicated. It is observed from the figure that the keys generated are different and, therefore, unique.

Fig. 9
figure 9

Comparison of keys generated from different ECG signals

Full size image

5.5 Comparison Between the Session Keys Generated K\(_{\text {si}}\) for Individual Wearable Devices

Various K\(_{\text {si}}\) keys are generated for different devices. Figure 10 represents the comparison result of K\(_{\text {si}}\) keys generated for five devices attached to a wearable device controller. The keys generated are represented along the X axis, and if the keys generated are different along the Y axis, zero (False) is indicated. Else one (True) is indicated. It is observed that the keys generated are different and, therefore, unique.

Fig. 10
figure 10

Comparison of Keys K\(_{\text {si}}\) generated for various devices

Full size image

5.6 The Distinctiveness of the Key K\(_{\text {ecg}}\) Generated

The distinctiveness of the 128-bit K\(_{\text {ecg}}\) keys in the proposed work is compared with IPIAES and IPI-PRNG generated in [23]. Hamming distance (HD) is computed among the keys produced from different ECG signals to evaluate the distinctiveness. The Hamming Distance equation applied for calculating the distinctiveness of the produced keys can be written as [23]:

$$\begin{aligned} HD_d = \sum _{P_1 \ne P_2}( \mid Key_{P1} - Key_{P2} \mid )/ \mid sig \mid ^2 \end{aligned}$$
(15)

where HD\(_d\) indicates the hamming distance computed among the generated ECG keys using different ECG signals, sig indicates the length of the physiological signal set used, and P1 and P2 define the two different ECG signals. The results from the calculation indicates that the average HD among the ECG keys produced from the ECG signal of two different ECG signals is 62.5% ( \(\approx\) 80 bits), and in paper [23], it is 49.89% ( \(\approx\) 64 bits), and 49.22% ( \(\approx\) 63 bits), respectively. The proposed work presents a better result compared to [23].

5.7 Test for Randomness

The randomness of the K\(_{\text {ecg}}\) and K\(_{\text {si}}\) keys generated was checked using two methods: Frequency Test within a Block and Runs Test.

5.7.1 Frequency Test Within a Block

To check if the frequency of ones in a block consisting of M- bits is approximately M/2, a frequency test is performed. The input series is partitioned into N = n/M non-overlapping blocks, and unused bits are discarded.

For example, if n = 11, M = 3 and E= 0,010,111,011, 3 blocks (N = 3) would be produced, comprising of 001, 011 and 101. The last two bits are discarded.

The proportion \(\pi\)i of ones is determined in each M-bit block using the below equations:

Compute \(\chi\)2 statistic:

$$\begin{aligned} \chi 2(obs)=4M \sum _{i=1}^{N} (\pi i-\dfrac{1}{2})^2 \end{aligned}$$
(16)

Compute P-value:

$$\begin{aligned} P-value= igamc (N/2, \chi 2(obs)/2) \end{aligned}$$
(17)

where igamc indicates the incomplete gamma function for Q(a,x), Q(a,x) = 1 − P(a,x).

Using the test statistic, a P-value is calculated, which indicates the strength of the proof in contradiction to the null hypothesis. It is concluded that the generated series is random if the obtained P-value is greater than 0.01. Else, it indicates that the sequence is not random.

Figure 11 shows the plot of the P-value for different K\(_{\text {ecg}}\) keys. It is observed in all the cases that the P-value is greater than 0.01. Therefore, it can be concluded that K\(_{\text {ecg}}\) generated has the property of a random number.

Figure 12 shows the plot of the P-value for different K\(_{\text {si}}\) keys. It is observed in all the cases that P-value is greater than 0.01. Therefore it can be concluded that K\(_{\text {si}}\) generated has the property of a random number.

Fig. 11
figure 11

Frequency test within a block for key K\(_{\text {ecg}}\)

Full size image
Fig. 12
figure 12

Frequency test within a block for key K\(_{\text {si}}\)

Full size image

5.7.2 Runs Test

A continuous sequence of similar bits is called a run. Identical K bits bounded with a bit of opposite value constitute run length k. The Runs test indicates if the total runs of zeros and ones of various lengths is as likely for a random order.

The equation to calculate the pre-test proportion \(\pi\) of ones in the input sequence:

$$\begin{aligned} \pi = \sum _{j}^{} E_j / n \end{aligned}$$
(18)

For example, if E = 1,001,101,010, then n = 10 and \(\pi\) = 5/10 = 1/5.

Calculate the test statistic,

$$\begin{aligned} V (obs) = \sum _{k=1}^{n-1}r(k )+ 1, \end{aligned}$$
(19)

where r(k)=0 if E\(_{k}\)=E\(_{k}\)+1, and r(k)=1 otherwise.

Compute P-value:

$$\begin{aligned} P-value= erfc (V_{n}(obs)-2n\pi (1-\pi )/2 \sqrt{2n} \pi (1- \pi ) \end{aligned}$$
(20)

The proof against the null hypothesis is summarized using the test statistic to obtain a P-value. If the obtained P-value is greater than 0.01, the sequence is random. Else, it indicates that the sequence is not random.

Figure 13 shows the plot of the P-value for different K\(_{\text {ecg}}\) keys. It is observed in all the cases that P-value is greater than 0.01. Therefore, it can be concluded that K\(_{\text {ecg}}\) generated has the random number property.

Figure 14 shows the plot of the P-value for different K\(_{\text {si}}\) keys. It is observed in all the cases that the P-value is greater than 0.01. Therefore, it can be concluded that K\(_{\text {si}}\) generated has the property of a random number.

Fig. 13
figure 13

Runs test for key K\(_{\text {ecg}}\)

Full size image
Fig. 14
figure 14

Runs test for key K\(_{\text {si}}\)

Full size image

6 Conclusions and Future Work

Since ECG data is used for the K\(_{\text {ecg}}\) key generation, the key generated is considered unique. For K\(_{\text {ecg}}\) key generation, since randomly selected R peaks are used, guessing the R peak becomes difficult. Key K\(_{\text {ecg}}\) is obtained by performing logical XOR operations on three randomly selected samples from ECG data, and no complex operations are involved. As the method used for obtaining the key generates a unique key and takes fewer operations, it is efficient. For generating the K\(_{\text {master}}\), an XOR operation is performed on a random number and K\(_{\text {ecg}}\) key.

The Mersenne Shifter is used for random number generation. It is faster than other random number generators because it only performs shifting and XOR operations.

The device ID, which is derived from ECG data, is used to generate key K\(_{\text {si}}\). Therefore, K\(_{\text {si}}\) is also unique. An offline password guessing attack can be avoided as the ECG signal is unique and guessing the key by the attacker becomes difficult.

The randomness of the key K\(_{\text {ecg}}\) and key K\(_{\text {si}}\) was verified using the Frequency Test within a Block and Runs Test. By calculating the average Hamming Distance between K\(_{\text {ecg}}\) generated from different ECG data, the distinctiveness of the key is proved. The average hamming distance is 62.5% ( \(\approx\) 80-bits), which is greater than that obtained in paper [23].

The strength of the proposed method lies in the amount of processing to be performed for key generation. The proposed method requires only XOR operation. Also, since ECG data was selected for key generation, obtaining distinct keys becomes easy.

In the proposed work, keys are generated. However, these generated keys cannot be used for a long time for encrypting the data because the attacker can decrypt if the key is obtained. Therefore, as part of future work, the keys K\(_{\text {master}}\) and K\(_{\text {s}}\) can be refreshed to avoid the key compromise attack.