CN103888943A - Wireless body area network key agreement method for medical monitoring - Google Patents

Wireless body area network key agreement method for medical monitoring Download PDF

Info

Publication number
CN103888943A
CN103888943A CN201410140435.6A CN201410140435A CN103888943A CN 103888943 A CN103888943 A CN 103888943A CN 201410140435 A CN201410140435 A CN 201410140435A CN 103888943 A CN103888943 A CN 103888943A
Authority
CN
China
Prior art keywords
node
index table
key
element index
received signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410140435.6A
Other languages
Chinese (zh)
Other versions
CN103888943B (en
Inventor
吴莉莉
同鸣
郑翔
陈玉炎
姚有哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201410140435.6A priority Critical patent/CN103888943B/en
Publication of CN103888943A publication Critical patent/CN103888943A/en
Application granted granted Critical
Publication of CN103888943B publication Critical patent/CN103888943B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a wireless body area network key agreement method for medical monitoring. The method comprises the steps that two nodes carry out self-adaptation threshold mapping on receiving signal intensity sequences of the two nodes respectively, and state sequences are obtained; the nodes use difference sample index tables for recording the position of a receiving signal intensity value between the self-adaptation thresholds; the two nodes use biology bit sequences generated by electrocardio signals for signing the difference sample index tables of the nodes, the signed difference sample index tables are sent through a common channel, and mutual identity authentication is carried out; the nodes delete elements indexed by the difference sample index tables from local and legally-sent nodes in the state sequences of the nodes, and a common bit sequence is obtained; and the common bit sequence is subjected to Hash operation, and a key is obtained. According to the method, consumption on node resources from key agreement is lowered, fake attack based on identity can be effectively resisted, key production speed is improved, and the method can be used for establishing symmetrical keys between a pair of nodes in a wireless body area network.

Description

For the wireless body area network cryptographic key negotiation method of medical monitoring
Technical field
The invention belongs to wireless network secure technical field, be specifically related to wireless body area network cryptographic key negotiation method, can be used for the symmetric key between wireless body area network sensor node in medical monitoring and set up.
Background technology
Along with the surge year by year of China's aging population process acceleration and family not living home's number, the problem that China's medical resource is in short supply is more outstanding, and the aged's medical treatment & health nursing has become a great society difficult problem.As how cheaply mode the elderly's health status carried out to real-time long distance monitoring have the huge market demand.Wireless body area network technology is for the good approach that provides is provided.Wireless body area network is by being attached to biosensor in human body surface or body, physiology sign data to children under guardianship carries out Real-time Collection, and being transferred to remote medical monitor center, medical personnel utilize these physiology sign datas to carry out real time remote diagnosis, and take necessary rescue measure.These are light, size is little, the wearable transducer of ultra low power has advantages of wireless body area network not limit wearer activity, expanded children under guardianship's scope of activities, even if also can effectively guard out of doors.Although wireless body area network becomes a reality intelligence, the service of remote health diagnosis and treatment easily; but because patient's physiological data is transmitted and processed by wireless mode; if lack enough safeguard protections, will cause individual privacy leakage, the life security that even also can threaten patient.In August, 2011, a hacker, in the situation that only learning insulin pump sequence number, just successfully controls the insulin pump of implant into body, indiscriminately ad. as one wishes the quantity delivered of regulating agent.In the same year, in the health data management conference of holding in Washington, there is expert to point out that existing medical network lacks information safety protection, the risk that ubiquity data are revealed.On the other hand, once the public worries the medical data of oneself to give wireless body area network, will cause individual privacy leakage.In view of above reason, the public holds the attitude of suspecting and conflicting to wireless body area network, the safety of wireless body area network has become the bottleneck problem of restriction wireless body area network application, and research institution and the enterprise of trying hard to promote wireless body area network technology need wireless body area network security solution urgently.Because existing security mechanism and method are all based on key, therefore, the generation of key is the foundation stone that builds wireless body area network security system.
Traditional cryptographic key negotiation method is based on public key system, and this can cause larger computation burden and energy consumption, is not suitable for this resource-constrained application scenarios of wireless body area network.And internet security depends on shared in advance secret largely, this secret exists in pre-stored mode conventionally, in actual applications, once sensor node is captured by physics, the secret that causes sharing is in advance revealed, cause all security protection inefficacies.In addition, traditional Key Establishing mechanism has determined that key management need to rely on believable KMC, and the renewal of key is accompanied by huge resource consumption, and is unpractical in wireless body area network deployment secure infrastructure.In sum, from consumption and the safety perspective of resource, traditional key generation method is not suitable for this resource-constrained sensor network of wireless body area network.Under this background, do not adopt the new type key Negotiation Technology of public key system just receiving people's concern.
Due to the intrinsic randomness of wireless channel self, space uniqueness, reciprocity, make wireless channel can be used as the shared secret between any a pair of node in wireless network.The time variation of wireless channel makes the renewal of key break away from the dependence to KMC, the computing cost of having avoided key updating to bring.Utilize radio channel characteristic to produce key and there is low computation complexity, low energy consumption, be highly suitable for resource-constrained wireless network scenario.
2011, the people such as Qian.Wang, Hai Su of Illinois, Chicago Polytechnics utilizes wireless channel phase place to obey equally distributed feature, the angular region of 0~360 degree is divided into some regions, thereby encode and produce key bit according to the region at the phase place place of the channel response of measuring, this method can be carried out the foundation of point-to-point and group key, it is higher that key produces speed, but the method is owing to will realizing high-precision phase estimation, to having relatively high expectations of hardware, there is no at present the directly device of commercialization.
The people such as Suhas Mathur, Wade Trappe of state university of Rutgers New Jersey utilizes received signal strength information to carry out cipher key-extraction, the average of their statistical process sample and variance, determine upper and lower thresholding, to be mapped as a key bit higher than Upper threshold or lower than several continuous samples of Lower Threshold, adopt the bit coordination system to correct the inconsistent of key bit, and part key bit is used for carrying out data in key bit coordination process and traces to the source.Because current commercial wireless network card nearly all possesses the function of measuring received signal strength, therefore, Mathur method does not need existing hardware to make an amendment, and is easily smoothly transplanted to existing platform.But the method has only been utilized sub-fraction Sample producing key bit in numerous observation samples, and trace to the source in order to carry out data, lost again part key bit, it is very low that above two factors make the key of the method produce speed.
Above-mentioned two kinds are utilized the method for radio channel characteristic generation key all without the function of authentication, cannot resist the impersonation attack based on identity.
Summary of the invention
The object of the invention is to the deficiency for above-mentioned prior art, a kind of wireless body area network cryptographic key negotiation method for medical monitoring is proposed, to reduce calculating and the storage overhead of wireless body area network sensor node, improve key and produce speed, and make key agreement can resist the impersonation attack based on identity.
Realizing the object of the invention key problem in technology is: the shared secret using received signal strength as wireless body area network node is to produce key, with adaptive threshold mapping method to utilize more received signal strength value to produce key bit, to carrying out biological signature authentication in the information of common signal channel transmission in cipher key agreement process, make key agreement possess the function of authentication.Implementation step comprises as follows:
(1) build received signal strength sequence:
Two node A and B in wireless body area network send training signal N time in turn, the node of at every turn receiving training signal takes out 1 received signal strength value from the information of wireless network card report, and the N of collection received signal strength value arranged in chronological order, form the received signal strength sequences h of this node node, have:
Figure BDA0000488440250000031
In formula, h a, h brepresent respectively the received signal strength sequence that node A, Node B build, subscript " node " represents nodename, and N is greater than 1 natural number;
(2) the received signal strength sequences h of node to oneself nodecarry out adaptive threshold mapping, obtain its status switch Q node, this status switch Q nodein element set value in 1,0,1}, and subscript " node " represent nodename, node=A or B;
(3) set up inequality element index table
(3a) node initializing inequality element index table L nodefor sky, i.e. L node={ }, subscript " node " represents nodename, node=A or B;
(3b) node checks the status switch Q of oneself successively nodein each element, if this element value is-1, by this element at status switch Q nodein sequence number be saved in inequality element index table L as its index value nodein.
(4) node, in execution step (1) in step (3), constantly gathers the electrocardiosignal of human body, and by the electrocardiosignal collecting by modulus coding method, produce biological bit sequence K;
(5) biological signature
(5a) node is using biological bit sequence K as signature key, by inequality element index table L nodeas treating signature information, adopt the message authentication code hmac algorithm based on Hash to calculate inequality element index table L nodecorresponding message authentication code: MAC node=HMAC (K, L node), subscript " node " represents nodename, node=A or B;
(5b) node is by message authentication code MAC nodetrail at inequality element index table L nodeafterwards, form the signature inequality element index table of oneself: subscript " node " represents nodename, node=A or B;
(6) two node A and B send signature inequality element index table separately by common signal channel in turn;
(7) authentication and total bit sequence extract
(7a) receiving node of receiving signature inequality element index table authenticates the identity of sending node;
If (7b) sending node is not by authentication, receiving node finishes and the key agreement of sending node; If sending node is by authentication, union got by the inequality element index table receiving and the inequality element index table of oneself by receiving node, obtains the inequality element index table upgrading
Figure BDA0000488440250000042
(7c) the inequality element index table of receiving node to upgrade
Figure BDA0000488440250000043
as index, from the status switch Q of oneself nodethe all indexed elements that arrive of middle deletion, and the element being retained is arranged by the order of its position, form total bit sequence Y;
(8) node carries out Hash operation to total bit sequence Y and obtains key K ey, and key K ey is as two node A and the shared key of B.
The present invention compared with prior art has the following advantages:
1) compared with traditional cryptographic key negotiation method, the present invention only utilizes the intrinsic physical resource of wireless body area network self to carry out key agreement, avoid the mechanism of using public-key, thereby reduce the requirement to the calculating of transducer device node, storage capacity, also broken away from the dependence to security infrastructure, key agreement is more easily disposed in wireless body area network;
2) the present invention has introduced biological signature authentication in cipher key agreement process, has overcome the existing cryptographic key negotiation method based on received signal strength and can not resist this shortcoming of impersonation attack based on identity;
3) the present invention adopts adaptive threshold mapping method to make received signal strength value as much as possible be converted to key bit, produces speed thereby improved key.
Brief description of the drawings
Fig. 1 is realization flow schematic diagram of the present invention;
Fig. 2 is the simulated effect figure that the present invention resists the impersonation attack based on identity;
Fig. 3 is that the key of the inventive method and existing Mathur method produces speed comparing result.
Embodiment
Below in conjunction with accompanying drawing, the invention process and effect are described in further detail.
With reference to Fig. 1, performing step of the present invention is as follows:
Step 1, builds received signal strength sequence.
(1a) in the t moment, node A in wireless body area network sends training signal probe (t), Node B in wireless body area network is received after the training signal probe (t) from node A, the measurement data of reporting from network interface card, extracts received signal strength value RSS b(t), t>=0;
(1b) in the t+1 moment, Node B sends training signal probe (t+1), and node A receives after the training signal probe (t+1) from Node B, the measurement data of reporting from network interface card, extracts received signal strength value RSS a(t+1);
(1c) node A and B repeated execution of steps (1a)-(1b) is after N time, and node A is N the received signal strength value RSS collecting a(t+1), RSS a(t+3) ..., RSS a(t+2N-1) order is arranged, the received signal strength sequences h of configuration node A a; Node B is N the received signal strength value RSS collecting b(t), RSS b(t+2) ..., RSS b(t+2 (N-1)) order is arranged, the received signal strength sequences h of configuration node B b, N is greater than 1 natural number, and all received signal strength values are the real number that is more than or equal to 0.
The reciprocity of wireless channel has ensured that node A is consistent with the received signal strength sequence of Node B in the ideal case, but in practical application owing to being subject to the impact of the factor such as discreteness, the time difference of two node measurement received signal strengths of noise, radio-frequency devices, actual received signal strength sequence is the stack of ideal value and interference, therefore, the received signal strength sequence of node A and Node B is inconsistent.
For convenience, the received signal strength sequence unification of node A and Node B is denoted as to h node:
Subscript " node " represents nodename.
Step 2, adaptive threshold mapping.
(2a) node taking the long W of window as interval, by received signal strength sequences h nodeorder is divided into T continuously, and nonoverlapping subsequence, that is:
Figure BDA0000488440250000052
wherein, received signal strength subsequence represent received signal strength sequences h nodei subsequence, i=1,2 ..., T, node=A or B, the long W of window is a natural number that is less than N,
Figure BDA0000488440250000054
"
Figure BDA0000488440250000055
" represent the computing that rounds up;
(2b) node intensity subsequence to received signal
Figure BDA0000488440250000056
i=1,2 ..., T, carries out mapping successively, obtains shining upon output sequence
Figure BDA0000488440250000057
(2b1) according to received signal strength subsequence
Figure BDA0000488440250000061
average
Figure BDA0000488440250000062
and standard variance
Figure BDA0000488440250000063
calculate mapping Upper threshold
Figure BDA0000488440250000064
with mapping Lower Threshold
Figure BDA0000488440250000065
q + node i = m node i + α * σ node i
q - node i = m node i - α * σ node i
In formula, thresholding regulatory factor α is an arithmetic number.
Described average
Figure BDA0000488440250000068
it is received signal strength subsequence
Figure BDA0000488440250000069
the arithmetic mean of all elements comprising.By received signal strength subsequence
Figure BDA00004884402500000610
each element and average the quadratic sum of difference divided by received signal strength subsequence
Figure BDA00004884402500000612
the element number comprising, more the root of making even obtains received signal strength subsequence
Figure BDA00004884402500000613
standard variance
Figure BDA00004884402500000614
(2b2) according to mapping Upper threshold
Figure BDA00004884402500000615
with mapping Lower Threshold
Figure BDA00004884402500000616
by received signal strength subsequence
Figure BDA00004884402500000617
the all elements comprising converts one by one, obtains successively the state value after each element conversion:
Figure BDA00004884402500000618
In formula, x represents the element before conversion, and f (x) represents the state value after element x conversion;
(2b3) by received signal strength subsequence
Figure BDA00004884402500000619
in the sequencing that occurs according to element of state value after the conversion of each element arrange, form mapping output sequence i=1,2 ..., T;
(2c) node will shine upon output sequence
Figure BDA00004884402500000621
be linked in sequence, obtain the status switch Q of oneself node, subscript " node " represents nodename, node=A or B.
Step 3, sets up inequality element index table.
Due to the status switch Q of node A astatus switch Q with Node B bnot quite identical, node A, need to weed out internally inconsistent element in these two sequences, therefore in order to extract consistent key from status switch separately with B, each node need to be set up the inequality element index table of oneself, so that internally inconsistent element is followed the tracks of.
(3a) node initializing inequality element index table L nodefor sky, i.e. L node={ }, subscript " node " represents nodename, node=A or B;
(3b) node checks the status switch Q of oneself successively nodein each element, if this element value is-1, by this element at status switch Q nodein sequence number as its index value, and be saved in the inequality element index table L of this node nodein.
Step 4, biological bit sequence generates.
Node in step 3, constantly gathers the electrocardiosignal of human body in execution step 1, and the electrocardiosignal collecting is carried out to modulus coding obtains biological bit sequence K:
(4a) node adopts ecg-r wave detection method to find out the position at all R wave-waves peak of gathered electrocardiosignal, and using front and back, the location gap at two adjacent R wave-wave peaks, as 1 ecg-r wave spacing, obtains multiple ecg-r wave spacing; Described ecg-r wave detection method is a kind of existing method of maturation, it comprises difference threshold algorithm, bank of filters method, Wavelet Transform, Hilbert transform method, correlation integral method etc., the difference threshold algorithm that this example adopts Pan & Tompkins to propose carries out ecg-r wave detection, but in practical application, is not limited to this method;
(4b) node by each ecg-r wave spacing to 2 xask mould, obtain the modulus value of this ecg-r wave spacing, again the modulus value of this ecg-r wave spacing is converted to the binary system natural coding sequence that length is x bit, and binary system natural coding sequence is carried out to Gray code, obtaining length is the ecg-r wave spacing bit sequence of x, x is natural number, 2≤x≤4;
(4c) sequencing that node occurs ecg-r wave spacing bit sequence corresponding each ecg-r wave spacing according to ecg-r wave connects, and obtains biological bit sequence K.
Due to can not Real-time Collection human ecg signal, cannot pseudo-produce the biological bit sequence that only has legal node just to have away from the illegal node of human body, therefore, biological bit sequence can be used as the foundation of identifying node identity legitimacy.
Step 5, biological signature.
(5a) node is using biological bit sequence K as signature key, by the inequality element index table L of oneself nodeas treating signature information, adopt the message authentication code hmac algorithm based on Hash to calculate inequality element index table L nodecorresponding message authentication code: MAC node=HMAC (K, L node), the hash function of using in this hmac algorithm adopts MD-5 or SHA-1 function, if use MD-5 function, message authentication code MAC nodelength V=16, if use SHA-1 function, message authentication code MAC nodelength V=20, message authentication code MAC nodelength taking byte as unit, subscript " node " represent nodename, node=A or B;
(5b) node is by message authentication code MAC nodetrail at inequality element index table L nodeafterwards, form the signature inequality element index table of oneself:
Figure BDA0000488440250000081
subscript " node " represents nodename, node=A or B.
Step 6, two node A and B send signature inequality element index table separately by common signal channel in turn.
Step 7, authentication and total bit sequence extract.
This step comprises that Node B receives the signature inequality element index table from node A
Figure BDA0000488440250000082
node B carries out authentication and total bit sequence extracts, and node A receives the signature inequality element index table from Node B
Figure BDA0000488440250000083
node A carries out authentication and total bit sequence extracts.
(7a) receive the signature inequality element index table from node A for Node B
Figure BDA0000488440250000084
node B carries out authentication and total bit sequence extracts, and its step is as follows:
(7a1) the signature inequality element index table of Node B from receiving the last V of a middle taking-up byte bit is as the message authentication code MAC of node A a, the inequality element index table L of remaining element configuration node A a;
(7a2) Node B is using biological bit sequence K as signature key, by the inequality element index table L of node A aas treating signature information, and adopt the message authentication code hmac algorithm based on Hash in step (5a) to calculate the authentication code MAC' of Reference News of node A a, i.e. MAC a'=HMAC (K, L a);
(7a3) Node B is by the authentication code MAC' of Reference News of node A amessage authentication code MAC with node A acompare, if the two is in full accord, Node B predicate node A is legal node, execution step (7a4), otherwise Node B predicate node A is illegal node, finishes the key agreement with node A;
(7a4) Node B is by the inequality element index table L of the node A receiving awith the inequality element index table L of oneself bget union, obtain the inequality element index table upgrading
Figure BDA0000488440250000086
and with upgrade inequality element index table
Figure BDA0000488440250000087
as index, from the status switch Q of Node B bthe all indexed elements that arrive of middle deletion, remaining element is that node A and Node B are owned together, the element that these are retained is arranged and is formed total bit sequence Y by the sequence of positions at its place.
(7b) receive the signature inequality element index table from Node B for node A
Figure BDA0000488440250000088
node A carries out authentication and total bit sequence extracts, and its step is as follows:
(7b1) the signature inequality element index table of node A from receiving
Figure BDA0000488440250000089
the last V of a middle taking-up byte bit is as the message authentication code MAC of Node B b, the inequality element index table L of remaining element configuration node B b;
(7b2) node A is using biological bit sequence K as signature key, by the inequality element index table L of Node B bas treating signature information, and adopt the message authentication code hmac algorithm based on Hash in step (5a) to calculate the authentication code MAC' of Reference News of Node B b, i.e. MAC b'=HMAC (K, L b);
(7b3) node A is by the authentication code MAC' of Reference News of Node B bmessage authentication code MAC with Node B bcompare, if the two is in full accord, node A predicate node B is legal node, execution step (7b4), otherwise node A predicate node B is illegal node, finishes the key agreement with Node B;
(7b4) node A is by the inequality element index table L of the Node B receiving bwith the inequality element index table L of oneself aget union, obtain the inequality element index table upgrading
Figure BDA0000488440250000091
and with upgrade inequality element index table
Figure BDA0000488440250000092
as index, from the status switch Q of node A athe all indexed elements that arrive of middle deletion, remaining element is that node A and Node B are owned together, the element that these are retained is arranged and is formed total bit sequence Y by the sequence of positions at its place.
Step 8, key generates.
For minimizing information is in mutual the caused information leakage of common signal channel, and improve the randomness of key, node adopts the arbitrary function in universe hash function family to carry out Hash operation to total bit sequence Y, obtains key K ey, as two node A and the shared key of B.
Total bit sequence Y is divided into the total bit sequence sub-block that several length are 256 bits by this example, the total bit sequence sub-block of curtailment 256 bits is added to " 0 " in the back and supplies, calculate the cryptographic Hash of a total bit sequence sub-block by following universe hash function:
y a,b(s)=((as+b)mod?p M)mod?m
Wherein, " mod " is that remainder is counted operator, M=2 256, p mbe a prime number that is greater than M, m is less than p ma positive integer, m and p mit is disclosed parameter.A ∈ 1,2 ..., p m-1}, b ∈ 1,2 ..., p m-1}, node A chooses a and b at random, and notifies to Node B, and s is a total bit sequence sub-block;
Node calculates the cryptographic Hash of each total bit sequence sub-block, and the cryptographic Hash of each total bit sequence sub-block is connected successively according to the order of total bit sequence sub-block appearance, forms key K ey.
It should be noted that, in practical application, be not limited to the universe hash function that above formula is constructed.
Effect of the present invention can further illustrate by following emulation
1. simulated environment
Emulation experiment of the present invention is to carry out on the computer of Intel Pentium E58003.2G Hz CPU, internal memory 2GB, the human ecg signal that uses MIT-BIH Arrhythmia Database database simulation biosensor to collect, use the software programming environment of MATLAB R2010b and Microsoft Visual C++6.0 to carry out hybrid programming emulation, and the function that calls LibTomMath storehouse carry out Algebra Domain computing.
2. simulating scenes
Emulation experiment of the present invention has been simulated such scene: node A and Node B are the biosensors that is attached to same human body different parts, node A and B are legal nodes, node C is the illegal node away from human body, it knows the cryptographic key negotiation method that legal node adopts, and can pretend to be arbitrary legal node transmitted signal and other legal nodes to carry out key agreement.
Emulation adopts rayleigh fading channel model to simulate internodal wireless channel, and the Doppler frequency of Rayleigh fading model is got 10Hz, and the frequency that node sends training signal is 300Hz.
In order to check the performance of the inventive method under the impersonation attack based on identity, definition " key mismatch ratio " is the ratio of inconsistent bit number and the total bit number of key in pair of secret keys.Key mismatch ratio indicates that whether key agreement is successful.
In order to weigh the inventive method at the improvement effect aspect key generation speed, definition " key bit speed " is the key bit number producing in the unit interval.
3. emulation content
Emulation 1, when a pair of legal node A and B adopt the inventive method to carry out key agreement, pretends to be node A to attempt to carry out key agreement with Node B away from the illegal node C of human body.The long W of different windows is set, adds up the key mismatch ratio that produces key between legal node A and B, and key mismatch ratio between illegal node C and legal Node B, simulation result is as shown in Figure 2.Wherein " star-drawing " line represents the key mismatch ratio between node A and Node B, and " circle-drawing " line represents the key mismatch ratio of node C and Node B.
As can be seen from Figure 2, the key mismatch ratio of legal node A and B reduces with the increase of the long W of window, and when window, long W exceedes after 45, and the key mismatch ratio of legal node A and B approaches 0 very much, reaches acceptable degree.Visible, select suitable window long parameter, legal node A and B just can successfully set up key.And the key mismatch ratio of illegal node C and legal Node B remains at 0.5 left and right, this represents that illegal node C fails successfully to set up key with legal Node B.Visible, although cryptographic key negotiation method of the present invention is disclosed to illegal node, even but illegal node takes the way of identity personation also to fail to reach the legal node of deception to set up with it the object of key, prove that method of the present invention can resist the impersonation attack based on identity.
Emulation 2, under different signal to noise ratio snr conditions, carries out the key agreement between legal node A and B by the inventive method and existing Mathur method respectively, and two kinds of methods of emulation produce the speed of key, and result as shown in Figure 3.Wherein " star-drawing ", " circle-drawing " line represent that respectively the key of the present invention, Mathur method produces the curve that speed changes along with received signal to noise ratio SNR.
Fig. 3 demonstration, the key bit speed of the inventive method is apparently higher than Mathur method, and visible method of the present invention has effectively improved key and has produced speed.
Above the results show method of the present invention can solve the existing channel characteristics generation encryption key method that utilizes effectively cannot resist the problem of impersonation attack, and can obviously improve key generation speed.

Claims (5)

1. for the wireless body area network cryptographic key negotiation method of medical monitoring, comprise the steps:
(1) build received signal strength sequence:
Two node A and B in wireless body area network send training signal N time in turn, the node of at every turn receiving training signal takes out 1 received signal strength value from the information of wireless network card report, and the N of collection received signal strength value arranged in chronological order, form the received signal strength sequences h of this node node, have:
Figure FDA0000488440240000011
In formula, h a, h brepresent respectively the received signal strength sequence that node A, Node B build, subscript " node " represents nodename, and N is greater than 1 natural number;
(2) the received signal strength sequences h of node to oneself nodecarry out adaptive threshold mapping, obtain its status switch Q node, this status switch Q nodein element set value in 1,0,1}, and subscript " node " represent nodename, node=A or B;
(3) set up inequality element index table
(3a) node initializing inequality element index table L nodefor sky, i.e. L node={ }, subscript " node " represents nodename, node=A or B;
(3b) node checks the status switch Q of oneself successively nodein each element, if this element value is-1, by this element at status switch Q nodein sequence number be saved in inequality element index table L as its index value nodein.
(4) node, in execution step (1) in step (3), constantly gathers the electrocardiosignal of human body, and by the electrocardiosignal collecting by modulus coding method, produce biological bit sequence K;
(5) biological signature
(5a) node is using biological bit sequence K as signature key, by inequality element index table L nodeas treating signature information, adopt the message authentication code hmac algorithm based on Hash to calculate inequality element index table L nodecorresponding message authentication code: MAC node=HMAC (K, L node), subscript " node " represents nodename, node=A or B;
(5b) node is by message authentication code MAC nodetrail at inequality element index table L nodeafterwards, form the signature inequality element index table of oneself:
Figure FDA0000488440240000023
subscript " node " represents nodename, node=A or B;
(6) two node A and B send signature inequality element index table separately by common signal channel in turn;
(7) authentication and total bit sequence extract
(7a) receiving node of receiving signature inequality element index table authenticates the identity of sending node;
If (7b) sending node is not by authentication, receiving node finishes and the key agreement of sending node; If sending node is by authentication, union got by the inequality element index table receiving and the inequality element index table of oneself by receiving node, obtains the inequality element index table upgrading
Figure FDA0000488440240000024
(7c) the inequality element index table of receiving node to upgrade
Figure FDA0000488440240000025
as index, from the status switch Q of oneself nodethe all indexed elements that arrive of middle deletion, and the element being retained is arranged by the order of its position, form total bit sequence Y;
(8) node carries out Hash operation to total bit sequence Y and obtains key K ey, and key K ey is as two node A and the shared key of B.
2. method according to claim 1, wherein the received signal strength sequences h of the node described in step (2) to oneself nodecarry out adaptive threshold and shine upon the status switch Q that obtains it node, carry out as follows:
(2a) node taking the long W of window as interval, by received signal strength sequences h nodeorder is divided into T continuously, and nonoverlapping subsequence, that is:
Figure FDA0000488440240000021
wherein, received signal strength subsequence
Figure FDA0000488440240000022
represent received signal strength sequences h nodei subsequence, i=1,2 ..., T, node=A or B, the long W of window is a natural number that is less than N,
Figure FDA0000488440240000031
"
Figure FDA0000488440240000032
" represent the computing that rounds up;
(2b) node intensity subsequence to received signal
Figure FDA0000488440240000033
i=1,2 ..., T, carries out successively mapping and obtains shining upon output sequence
Figure FDA0000488440240000034
(2b1) according to received signal strength subsequence
Figure FDA0000488440240000035
average
Figure FDA0000488440240000036
and standard variance
Figure FDA0000488440240000037
calculate mapping Upper threshold
Figure FDA0000488440240000038
with mapping Lower Threshold
Figure FDA0000488440240000039
q + node i = m node i + α * σ node i
q - node i = m node i - α * σ node i
In formula, thresholding regulatory factor α is an arithmetic number.
(2b2) according to mapping Upper threshold with mapping Lower Threshold
Figure FDA00004884402400000317
by received signal strength subsequence the all elements comprising converts one by one, obtains successively the state value after each element conversion:
Figure FDA00004884402400000312
In formula, x represents the element before conversion, and f (x) represents the state value after element x conversion;
(2b3) by received signal strength subsequence
Figure FDA00004884402400000313
in the sequencing that occurs according to element of state value after the conversion of each element arrange, form mapping output sequence i=1,2 ..., T;
(2c) node will shine upon output sequence
Figure FDA00004884402400000315
be linked in sequence, obtain the status switch Q of oneself node, subscript " node " represents nodename, node=A or B.
3. method according to claim 1, wherein the described node of step (4) produces biological bit sequence K by the electrocardiosignal collecting by modulus coding method, carries out as follows:
(4a) node adopts ecg-r wave detection method to find out the position at all R wave-waves peak of gathered electrocardiosignal, and using front and back, the location gap at two adjacent R wave-wave peaks, as an ecg-r wave spacing, obtains multiple ecg-r wave spacing;
(4b) node by each ecg-r wave spacing to 2 xask mould, obtain the modulus value of this ecg-r wave spacing, again the modulus value of this ecg-r wave spacing is converted to the binary system natural coding sequence that length is x bit, and binary system natural coding sequence is carried out to Gray code, obtaining length is the ecg-r wave spacing bit sequence of x, x is natural number, 2≤x≤4;
(4c) sequencing that node occurs ecg-r wave spacing bit sequence corresponding each ecg-r wave spacing according to ecg-r wave connects, and obtains biological bit sequence K.
4. method according to claim 1, what wherein step (7) was described receives that the receiving node of signature inequality element index table authenticates the identity of sending node, carries out as follows:
(7a) be sending node for node A, Node B is receiving node, and the step that Node B is carried out authentication to node A is as follows:
(7a1) Node B is received signature inequality element index table afterwards, from signature inequality element index table
Figure FDA0000488440240000042
the message authentication code MAC of middle taking-up node A ainequality element index table L with node A a;
(7a2) Node B is using the biological bit sequence K of oneself as signature key, by the inequality element index table L of node A aas treating signature information, and the message authentication code hmac algorithm of employing based on Hash calculates the authentication code MAC' of Reference News of node A a, i.e. MAC a'=HMAC (K, L a);
(7a3) Node B is by the authentication code MAC' of Reference News of node A amessage authentication code MAC with node A acompare, if the two is in full accord, Node B predicate node A is legal node, otherwise Node B predicate node A is illegal node;
(7b) be sending node for Node B, node A is receiving node, and the step that node A carries out authentication to Node B is as follows:
(7b1) node A receives signature inequality element index table afterwards, from signature inequality element index table
Figure FDA0000488440240000044
the message authentication code MAC of middle taking-up Node B binequality element index table L with Node B b;
(7b2) node A is using the biological bit sequence K of oneself as signature key, by the inequality element index table L of Node B bas treating signature information, and the message authentication code hmac algorithm of employing based on Hash calculates the authentication code MAC' of Reference News of Node B b, i.e. MAC b'=HMAC (K, L b);
(7b3) node A is by the authentication code MAC' of Reference News of Node B bmessage authentication code MAC with Node B bcompare, if the two is in full accord, node A predicate node B is legal node, otherwise node A predicate node B is illegal node.
5. method according to claim 1, wherein the described node of step (8) carries out Hash operation to total bit sequence Y, and the arbitrary universe hash function in employing universe hash function family is as the hash function of Hash operation.
CN201410140435.6A 2014-04-09 2014-04-09 Wireless body area network cryptographic key negotiation method for medical monitoring Expired - Fee Related CN103888943B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410140435.6A CN103888943B (en) 2014-04-09 2014-04-09 Wireless body area network cryptographic key negotiation method for medical monitoring

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410140435.6A CN103888943B (en) 2014-04-09 2014-04-09 Wireless body area network cryptographic key negotiation method for medical monitoring

Publications (2)

Publication Number Publication Date
CN103888943A true CN103888943A (en) 2014-06-25
CN103888943B CN103888943B (en) 2017-09-29

Family

ID=50957627

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410140435.6A Expired - Fee Related CN103888943B (en) 2014-04-09 2014-04-09 Wireless body area network cryptographic key negotiation method for medical monitoring

Country Status (1)

Country Link
CN (1) CN103888943B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301888A (en) * 2014-10-20 2015-01-21 西安电子科技大学 Wireless body area network security access method
CN104605841A (en) * 2014-12-09 2015-05-13 电子科技大学 Wearable electrocardiosignal monitoring device and method
CN105187203A (en) * 2015-09-22 2015-12-23 中国科学院信息工程研究所 Shared secret key establishment method between wireless equipment based on receiving signal intensity
CN105515765A (en) * 2015-12-09 2016-04-20 西安电子科技大学 Biometric key generating method adapting to dynamic quantization
CN105516971A (en) * 2015-12-15 2016-04-20 西安电子科技大学 Method for generating wireless body area network key at low communication expense
CN105792198A (en) * 2016-03-02 2016-07-20 西安电子科技大学 Wireless body area network oriented biological enhanced wireless channel secret key generation method
CN109995790A (en) * 2019-04-11 2019-07-09 广东电网有限责任公司 A kind of node identities authentication method, device and the equipment of industry internet

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047497A (en) * 2006-03-31 2007-10-03 香港中文大学 Entity capability discrimination and key managing method for body (sensor) network
CN102802151A (en) * 2012-08-24 2012-11-28 山东省计算中心 Wireless body area network symmetric key negotiation method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101047497A (en) * 2006-03-31 2007-10-03 香港中文大学 Entity capability discrimination and key managing method for body (sensor) network
CN102802151A (en) * 2012-08-24 2012-11-28 山东省计算中心 Wireless body area network symmetric key negotiation method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ABDULAZIZ ALSADHAN,NAVEED KHAN: ""An LBP based key management for Secure Wireless Body Area Network"", 《2013 14TH ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCE, NETWORKING AND PARALLEL/DISTRIBUTED COMPUTING》 *
SRIRAM CHERUKURI,KRISHNA K VENKATASUBRAMANIAN,ETC.: ""BioSec: A Biometric Based Approach for Securing Communication in Wireless Networks of Biosensors Implanted in the Human Body"", 《PROCEEDINGS OF THE 2003 INTERNATIONAL CONFERENCE ON PARALLEL PROCESSING WORKSHOPS (ICPPW’03)》 *
蔡文炳: "《信息科技辑》", 28 February 2014 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301888B (en) * 2014-10-20 2018-01-30 西安电子科技大学 A kind of method of wireless body area network secure accessing
CN104301888A (en) * 2014-10-20 2015-01-21 西安电子科技大学 Wireless body area network security access method
CN104605841A (en) * 2014-12-09 2015-05-13 电子科技大学 Wearable electrocardiosignal monitoring device and method
CN105187203A (en) * 2015-09-22 2015-12-23 中国科学院信息工程研究所 Shared secret key establishment method between wireless equipment based on receiving signal intensity
CN105187203B (en) * 2015-09-22 2018-05-11 中国科学院信息工程研究所 Shared key method for building up based on received signal strength between a kind of wireless device
CN105515765A (en) * 2015-12-09 2016-04-20 西安电子科技大学 Biometric key generating method adapting to dynamic quantization
CN105515765B (en) * 2015-12-09 2018-08-10 西安电子科技大学 The biological secret key generation method of adaptive dynamic quantization
CN105516971A (en) * 2015-12-15 2016-04-20 西安电子科技大学 Method for generating wireless body area network key at low communication expense
CN105516971B (en) * 2015-12-15 2018-11-16 西安电子科技大学 The wireless body area network key generation method of low communication expense
CN105792198A (en) * 2016-03-02 2016-07-20 西安电子科技大学 Wireless body area network oriented biological enhanced wireless channel secret key generation method
CN105792198B (en) * 2016-03-02 2019-03-26 西安电子科技大学 Bioaugnentation wireless channel key generation method towards wireless body area network
CN109995790A (en) * 2019-04-11 2019-07-09 广东电网有限责任公司 A kind of node identities authentication method, device and the equipment of industry internet
CN109995790B (en) * 2019-04-11 2021-07-23 南方电网电力科技股份有限公司 Node identity authentication method, device and equipment for industrial Internet

Also Published As

Publication number Publication date
CN103888943B (en) 2017-09-29

Similar Documents

Publication Publication Date Title
Sun et al. An artificial neural network framework for gait-based biometrics
CN103888943A (en) Wireless body area network key agreement method for medical monitoring
Zhang et al. Homomorphic encryption-based privacy-preserving federated learning in IoT-enabled healthcare system
Altop et al. Deriving cryptographic keys from physiological signals
Venkatasubramanian et al. PSKA: Usable and secure key agreement scheme for body area networks
Venkatasubramanian et al. Plethysmogram-based secure inter-sensor communication in body area networks
Xu et al. IMDGuard: Securing implantable medical devices with the external wearable guardian
Moosavi et al. Cryptographic key generation using ECG signal
Sundararajan et al. A survey on modality characteristics, performance evaluation metrics, and security for traditional and wearable biometric systems
Miao et al. Biometrics based novel key distribution solution for body sensor networks
CN107592311A (en) Towards the cloud storage medical treatment big data lightweight batch auditing method of wireless body area network
Bao et al. A method of signal scrambling to secure data storage for healthcare applications
Bao et al. A novel key distribution of body area networks for telemedicine
Zebboudj et al. Secure and efficient ECG-based authentication scheme for medical body area sensor networks
Chizari et al. Extracting randomness from the trend of IPI for cryptographic operations in implantable medical devices
Xu et al. A secure mutual authentication scheme of blockchain-based in WBANs
Sangari et al. Public key cryptosystem based security in wireless body area network
Jammali et al. PFKA: A physiological feature based key agreement for wireless body area network
Pourbemany et al. A survey of wearable devices pairing based on biometric signals
Lavanya et al. Smart chair-a telemedicine based health monitoring system
CN103763698A (en) Wireless body area network key negotiation mechanism based on wavelet transform tendency
Al Reshan et al. MBPSKA: Multi-biometric and physiological signal-based key agreement for body area networks
Chen et al. Secure and resource-efficient communications for telemedicine systems
Yao et al. Using bloom filter to generate a physiological signal-based key for wireless body area networks
Siddiqi et al. Secure opportunistic contextual logging for wearable healthcare sensing devices

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170929

CF01 Termination of patent right due to non-payment of annual fee