A Review of Security Protocols in mHealth Wireless Body Area Networks (WBAN)

  • James KangEmail author
  • Sasan Adibi
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 523)


The popularity of smartphones has led to an increasing demand for health apps. As a result, the healthcare industry is embracing mobile technology and the security of mHealth is essential in protecting patient’s user data and WBAN in a clinical setting. Breaches of security can potentially be life-threatening as someone with malicious intentions could misuse mHealth devices and user information. In this article, threats to security for mHealth networks are discussed in a layered approach addressing gaps in this emerging field of research. Suite B and Suite E, which are utilized in many security systems, including in mHealth applications, are also discussed. In this paper, the support for mHealth security will follow two approaches; protecting patient-centric systems and associated link technologies. Therefore this article is focused on the security provisioning of the communication path between the patient terminal (PT; e.g., sensors) and the monitoring devices (e.g., smartphone, data-collector).


Wireless Sensor Network Medium Access Control Security Protocol Advance Encryption Standard Wireless Body Area Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
  3. 3.
    Adibi, S.: Link technologies and blackberry mobile health (mHealth) solutions: a review. IEEE Trans. Inf. Technol. Biomed. 16(4), 586–597 (2012)CrossRefGoogle Scholar
  4. 4.
    Rushanan, M., Rubin, A.D., Kune, D.F., Swanson, C.M.: SoK: security and privacy in implantable medical devices and body area networks. In: 2014 IEEE Symposium on Security and Privacy, pp. 524–539, May 2014Google Scholar
  5. 5.
    Citrix. Mobile Analytics report (2015)Google Scholar
  6. 6.
    Android Central. How to use the Heart Rate Monitor on the Galaxy S5. Accessed 11 Feb 2015
  7. 7.
    mHealth news. Are you ready for sensors in healthcare? Accessed 11 Feb 2015
  8. 8.
    FierceMobileHealthcare. mHealth devices must auto-collect data from cloud, sensors (2014). Accessed 11 Feb 2015
  9. 9.
    Keeping valuable algorithms secret. Accessed 13 Jan 2015
  10. 10.
    Attack (computing). Accessed 20 Jan 2015
  11. 11.
    FIPS 140-2. Accessed 20 Jan 2015
  12. 12.
    Project Ubertooth. Accessed 23 Dec 2014
  13. 13.
    Ubertooth Schedule. Accessed 24 Dec 2014
  14. 14.
    Adibi, S., et al.: A multilayer non - repudiation system: a suite-B approachGoogle Scholar
  15. 15.
    Saleem, S., Ullah, S., Kwak, K.S.: A study of IEEE 802.15.4 security framework for wireless body area networks. Sensors (Basel) 11(2), 1383–1395 (2011)CrossRefGoogle Scholar
  16. 16.
    Gagandeep, G., Aashima, A.: Study on Sinkhole attacks in wireless Ad hoc networks. Int. J. Comput. Sci. Eng. 4(6), 1078–1085 (2012)Google Scholar
  17. 17.
    PalSingh, V., Anand Ukey, A.S., Jain, S.: Signal strength based hello flood attack detection and prevention in wireless sensor networks. Int. J. Comput. Appl. 62(15), 1–6 (2013)Google Scholar
  18. 18.
    X.800: Security architecture for Open Systems Interconnection for CCITT applications. Accessed 20 Jan 2015
  19. 19.
    Confidentiality, Integrity, Availability: The three components of the CIA Triad. Accessed 19 Jan 2015
  20. 20.
    Uluagac, A.S., Lee, C.P., Beyah, R.A., Copeland, J.A.: Designing secure protocols for wireless sensor networks. In: Li, Y., Huynh, D.T., Das, S.K., Du, D.-Z. (eds.) WASA 2008. LNCS, vol. 5258, pp. 503–514. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    X.805: Security architecture for systems providing end-to-end communications. Accessed 20 Jan 2015
  22. 22.
    Sunyaev, A., Dehling, T., Taylor, P.L., Mandl, K.D.: Availability and quality of mobile health app privacy policies. J. Am. Med. Inform. Assoc. 1–4 (2014)Google Scholar
  23. 23.
    Crytographic Protocol. Accessed 12 Jan 2015
  24. 24.
    Garloff, K.; Symmetric vs. asymmetric algorithms (2000). Accessed 11 Feb 2015
  25. 25.
    Jarmusz, S.: Symmetric vs. Asymmetric Encryption: Which Way is Better? Accessed 11 Feb 2015
  26. 26.
    Irum, S., Ali, A., Khan, F.A., Abbas, H.: A hybrid security mechanism for intra-WBAN and inter-WBAN communications. Int. J. Distrib. Sens. Netw. 2013, 1–11 (2013)CrossRefGoogle Scholar
  27. 27.
    Faisal, M., Al-Muhtadi, J., Al-Dhelaan, A.: Integrated protocols to ensure security services in wireless sensor networks. Int. J. Distrib. Sens. Netw. 2013, 1–13 (2013)CrossRefGoogle Scholar
  28. 28.
    Krohn, R., Metcalf, D.: mHealth Innovation: Best Practices from The Mobile Frontier, p. 204. HIMSS, Chicago (2014)Google Scholar
  29. 29.
    Ullah, S., Mohaisen, M., Alnuem, M.A.: A review of IEEE 802.15.6 MAC, PHY, and security specifications. IJDSN 2013 (2013)Google Scholar
  30. 30.
    IEEE Standards Association. 802.15.6 - IEEE Standard for Local and metropolitan area networks - Part 15.6: Wireless Body Area Networks (2012)Google Scholar
  31. 31.
    Toorani, M.: On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard, Jan 2015Google Scholar
  32. 32.
    Zheng, J., Jamalipour, A.: Wireless Sensor Networks: A Networking Perspective, pp. 1–489. Wiley, Hoboken (2008)Google Scholar
  33. 33.
    Toorani, M., Shirazi, A.A.B.: LPKI - a lightweight public key infrastructure for the mobile environments. In: 2008 11th IEEE Singapore International Conference on Communication Systems, ICCS 2008, pp. 162–166 (2008)Google Scholar
  34. 34.
    Sahoo, P.K.: Efficient security mechanisms for mHealth applications using wireless body sensor networks. Sensors (Basel) 12(9), 12606–12633 (2012)CrossRefGoogle Scholar
  35. 35.
    Nasser, N., Chen, Y.: SEEM: secure and energy-efficient multipath routing protocol for wireless sensor networks. Comput. Commun. 30(11–12), 2401–2412 (2007)CrossRefGoogle Scholar
  36. 36.
    Australian Government Department of Defence. DSD approval for the use of Suite B cryptography for CONFIDENTIAL and above. Accessed 31 Dec 2014
  37. 37.
    Sanderson, R.: Trusted Computing Using IPsec Minimum Essential Interoperability Protocols (2011)Google Scholar
  38. 38.
    NSA Suite B Cryptography. Accessed 31 Dec 2014
  39. 39.
    Cisco Next-Generation Cryptography: Enable Secure Communications and CollaborationGoogle Scholar
  40. 40.
    Zaverucha, G.; ECQV Implicit Certificates and the Cryptographic Suite for Embedded Systems (Suite E)Google Scholar
  41. 41.
    Cryptographic Suite for Embedded Systems (Suite E). Accessed 03 Feb 2015
  42. 42.
    Vanstone, S., Campagna, M.: A cryptographic suite for embedded systems suite E. In: 6th ETSI Security WorkshopGoogle Scholar
  43. 43.
    Security service (telecommunication). Accessed 20 Jan 2015
  44. 44.
    ANT+. Accessed 18 Dec 2014
  45. 45.
    ANT (network). Accessed 11 Feb 2015
  46. 46.
    What is ZigBee? Accessed 24 Dec 2014
  47. 47.
    Crosby, G.V., Ghosh, T., Murimi, R., Chin, C.A.: Wireless body area networks for healthcare: a survey. IJASUC 3(3) (2012)Google Scholar
  48. 48.
    Bluetooth Low Energy Technology Makes New Applications Possible. Accessed 13 Jan 2015
  49. 49.
    How Bluetooth Works. Accessed 24 Dec 2014
  50. 50.
    Nilsson, R., Saltzstein, B.: Bluetooth Low Energy vs. Classic Bluetooth: Choose the Best Wireless Technology for Your Application. Medical Electronics Design (2012)Google Scholar
  51. 51.
    Bluetooth vs. Bluetooth Low Energy: What’s the Difference? Accessed 24 Dec 2014
  52. 52.
    ISO/IEEE_11073. Accessed 01 Feb 2015
  53. 53.
    IEEE. IEEE Std 11073-00103 Section 5.4 (2012)Google Scholar
  54. 54.
    Portilla, J., Otero, A., de la Torre, E., Riesgo, T., Stecklina, O., Peter, S., Langendörfer, P.: Adaptable security in wireless sensor networks by using reconfigurable ECC hardware coprocessors. Int. J. Distrib. Sens. Netw. 2010, 1–12 (2010)CrossRefGoogle Scholar
  55. 55.
    Inductive Charging. Accessed 05 Jan 2015

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Information TechnologyDeakin UniversityBurwoodAustralia

Personalised recommendations