On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard

  • Mohsen Toorani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8976)


Wireless Body Area Networks (WBAN) support a variety of real-time health monitoring and consumer electronics applications. The latest international standard for WBAN is the IEEE 802.15.6. The security association in this standard includes four elliptic curve-based key agreement protocols that are used for generating a master key. In this paper, we challenge the security of the IEEE 802.15.6 standard by showing vulnerabilities of those four protocols to several attacks. We perform a security analysis on the protocols, and show that they all have security problems, and are vulnerable to different attacks.


Wearable security Cryptographic protocols Authenticated Key Exchange Elliptic curves Attacks 



The author would like to thank Øyvind Ytrehus and the anonymous reviewers for their comments.


  1. 1.
    Chen, M., Gonzalez, S., Vasilakos, A., Cao, H., Leung, V.C.: Body area networks: a survey. Mob. Netw. Appl. 16(2), 171–193 (2011)CrossRefGoogle Scholar
  2. 2.
    Movassaghi, S., Abolhasan, M., Lipman, J., Smith, D., Jamalipour, A.: Wireless body area networks: a survey. Commun. Surv. Tutorials, IEEE 16(3), 1658–1686 (2014)CrossRefGoogle Scholar
  3. 3.
    Association, T.I.S.: IEEE P802.15.6-2012 Standard for Wireless Body Area Networks (2012).
  4. 4.
    Krawczyk, H.: HMQV: a high-performance secure diffie-hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  5. 5.
    Menezes, A.: Another look at HMQV. Math. Cryptology JMC 1(1), 47–64 (2007)zbMATHMathSciNetGoogle Scholar
  6. 6.
    Toorani, M.: On continuous after-the-fact leakage-resilient key exchange. In: Proceedings of the 2nd Workshop on Cryptography and Security in Computing Systems (CS2 2015), ACM (January 2015)Google Scholar
  7. 7.
    Toorani, M.: Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy. Secur. Commun. Netw. 8(4), 694–701 (2015)CrossRefGoogle Scholar
  8. 8.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  9. 9.
    Toorani, M., Beheshti, A.: A directly public verifiable signcryption scheme based on elliptic curves. In: Proceedings of the 14th IEEE Symposium on Computers and Communications (ISCC 2009), pp. 713–716 (2009)Google Scholar
  10. 10.
    Hankerson, D., Vanstone, S., Menezes, A.J.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004) zbMATHGoogle Scholar
  11. 11.
    Misra, S., Goswami, S., Taneja, C., Mukherjee, A.: Design and implementation analysis of a public key infrastructure-enabled security framework for ZigBee sensor networks. International Journal of Communication Systems (2014)Google Scholar
  12. 12.
    LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  13. 13.
    Toorani, M., Beheshti, A.: Cryptanalysis of an elliptic curve-based signcryption scheme. Int. J. Netw. Secur. 10(1), 51–56 (2010)Google Scholar
  14. 14.
    Toorani, M., Beheshti, A.: LPKI-a lightweight public key Infrastructure for the mobile environments. In: Proceedings of the 11th IEEE International Conference on Communication Systems(ICCS 2008), pp. 162–166, November 2008. doi: 10.1109/ICCS.2008.4737164

Copyright information

© International Financial Cryptography Association 2015

Authors and Affiliations

  1. 1.Department of InformaticsUniversity of BergenBergenNorway

Personalised recommendations