Secret key generation and distribution schemes for wearable devices

Abstract

One of the remarkable outcomes of rapid development in wireless technology is the emergence of a new paradigm for personalized healthcare, sports and fitness applications, known as Wireless Body Area Networks (WBANs). Secure communication in WBANs is of major concern as the sensitive health information and control commands are transmitted in wireless medium. As WBAN devices are resource constrained, the complex traditional cryptographic key establishment schemes are not feasible. Additionally, the secret keys used to encrypt the data must be generated dynamically and renewed periodically to avoid the threat of compromise and privacy leakage. Hence, the devices need lightweight, fast, and reliable security mechanisms. Recent studies have exploited wireless channel characteristics, e.g., received signal strength indicator (RSSI) to derive the shared secret key during random body movement of subject wearing the devices. However, in the absence of node mobility and also during slow fading channel conditions, these schemes have very low bit rate and entropy, which is a big threat for security. Additionally, in a practical scenario where multiple devices are carried by a person, a common secret key is essential for secure group communication. Motivated by the above security challenges, in this dissertation, we propose novel security mechanisms for WBANs. Our specific contributions are: (1) We present iARC, a lightweight RSSI-based scheme which induces artificial channel randomness by employing dual antennas and frequency diversity for generating keys with good entropy in the absence of node mobility. (2) We propose DLINK, an RSSI-based secret key generation scheme for dual-antenna architecture devices that dynamically identifies suitable multipath links connecting the WBAN devices for improving entropy and bit rate in fast as well as slow fading channels. (3) We present a group secret key generation and distribution scheme that leverages on-board accelerometer sensor to generate high entropy keys and employs a cryptographic construct - fuzzy vault and acceleration due to gait, a common characteristic extracted on all wearable devices to share the secret key without using pre-shared secret. We implement our solutions on real off-the-shelf devices and conduct extensive experiments. Our results reveal that the proposed schemes are suitable for practical applications.