On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard
Wireless Body Area Networks (WBAN) support a variety of real-time health monitoring and consumer electronics applications. The latest international standard for WBAN is the IEEE 802.15.6. The security association in this standard includes four elliptic curve-based key agreement protocols that are used for generating a master key. In this paper, we challenge the security of the IEEE 802.15.6 standard by showing vulnerabilities of those four protocols to several attacks. We perform a security analysis on the protocols, and show that they all have security problems, and are vulnerable to different attacks.
KeywordsWearable security Cryptographic protocols Authenticated Key Exchange Elliptic curves Attacks
The author would like to thank Øyvind Ytrehus and the anonymous reviewers for their comments.
- 3.Association, T.I.S.: IEEE P802.15.6-2012 Standard for Wireless Body Area Networks (2012). http://standards.ieee.org/findstds/standard/802.15.6-2012.html
- 6.Toorani, M.: On continuous after-the-fact leakage-resilient key exchange. In: Proceedings of the 2nd Workshop on Cryptography and Security in Computing Systems (CS2 2015), ACM (January 2015)Google Scholar
- 9.Toorani, M., Beheshti, A.: A directly public verifiable signcryption scheme based on elliptic curves. In: Proceedings of the 14th IEEE Symposium on Computers and Communications (ISCC 2009), pp. 713–716 (2009)Google Scholar
- 11.Misra, S., Goswami, S., Taneja, C., Mukherjee, A.: Design and implementation analysis of a public key infrastructure-enabled security framework for ZigBee sensor networks. International Journal of Communication Systems (2014)Google Scholar
- 13.Toorani, M., Beheshti, A.: Cryptanalysis of an elliptic curve-based signcryption scheme. Int. J. Netw. Secur. 10(1), 51–56 (2010)Google Scholar
- 14.Toorani, M., Beheshti, A.: LPKI-a lightweight public key Infrastructure for the mobile environments. In: Proceedings of the 11th IEEE International Conference on Communication Systems(ICCS 2008), pp. 162–166, November 2008. doi: 10.1109/ICCS.2008.4737164