KR20200079842A - Lightweight Method of Data Encryption in BANs Using Electrocardiogram Signal - Google Patents

Abstract

The present invention relates to a data encryption method in a body area network (BAN) using an electrocardiogram (ECG) signal. According to the present invention, provided is the data encryption method, as a more secure and simple data encryption method in a BAN, so called a linear feedback shift register (LFSR) encryption method based on the QRS complex of an ECG signal.

Description

{Lightweight Method of Data Encryption in BANs Using Electrocardiogram Signal}

The present invention relates to a data encryption method, and more particularly, to a method for more securely and simply realizing data encryption in a body area network (BAN) using an electrocardiogram signal.

The body area network (BAN) consists of a set of mobile and small communication sensors that can be worn or implanted into the human body. The sensor node collects real-time bio signals in multimedia form such as text, audio, image and video, and forms a multi-hop wireless network for the human body.

1 shows a general body area network (BAN) associated with telemedicine problems. Unlike a typical wireless sensor network, security is one of the key elements in BAN's application and requires it to support identity authentication, privacy and information integrity.

BAN uses encryption and authentication methods to ensure safety and health management through wireless communication. Unlike traditional wireless sensor networks (WSN), BAN is a product of multidisciplinary integration and has several unique challenges, such as energy consumption of the system, lightweight data fusion algorithms and real-time signal processing. One of the most pressing issues is an efficient data encryption system. Since the BAN system has limited energy resources due to weight and volume limitations, the circuit method of BAN should be low in energy consumption and lightweight. Since 2005, BAN's security research has conducted a series of methods. First, it provides a way for keys to be pre-distributed. When the sensor node transmits information, only the sensor node of the same system or intelligent terminal can decrypt the received information. For example, a method that proposes a multi-path reinforcement method that can effectively cope with small attacks by using a pre-distribution of random numbers and strengthening security between nodes is also used.

However, the aforementioned encryption and decryption algorithms require a large number of operations, so power consumption increases rapidly. Given the requirements of the ultra-low power BAN node, the BAN system is not suitable for using a key pre-distribution scheme. In the second method, a one-time key can be realized by using the characteristics of the BAN channel as a key. This method is completely resistant to eavesdropping outside λ/2 as it can randomly generate a symmetric key between the communication sides in the physical layer. In another method, the receiver generates a key according to the calculated value of the received radio channel signal strength. Because the distance between the eavesdropper and the receiver is not constant, the signal strength value is different and the eavesdropper cannot decrypt the data. The BAN channel encryption method has been widely studied in recent years, but the key is generated according to the signal strength of the receiver. This method is so simple that the transmitter can fail when it has the same distance from the eavesdropper and receiver. Another method proposed an efficient multi-layer authentication protocol for BAN that provides low computational cost and a secure session key generation method, but the core is not dynamic update. Other complex encryption methods include AES (advanced encryption standard) encryption method and ellipse curve cryptography. However, this encryption method has a high consumption cost and a fixed key, and is not suitable for BAN.

BAN systems can generate vast amounts of data, and cloud storage is an effective way to address BAN data processing. Therefore, in the case of BAN system, it is important to study the security and search system of cloud storage. One method using the MRSE (Multi Keyword Ranked Search over Encrypted Data) technique proposes a smart content-aware search technique that encrypts cloud data, and experimental results show that this technique is efficient. In another method, an innovative semantic retrieval technique based on the semantic relationship and concept hierarchy of encrypted data sets used in cloud storage was proposed, and experimental results based on real data sets show that this scheme is more efficient. In cloud computing than in previous plans, a framework for sharing urban data using attribute-based cryptography has been proposed, and this experiment shows that the method is safe and can resist possible attacks. Another method is to use a similarity search method for Simhash-based encrypted documents and users can submit query documents to find similar encrypted documents stored in the cloud. This document demonstrates that this technique is safe and efficient, using rigorous personal information analysis and experimentation on real data sets. In another method, an adaptive method aiming at space-time efficiency in a heterogeneous cloud environment is presented, and as a result, there is a method that facilitates a job scheduling process for BAN.

However, overcoming the limitations of the prior art, there is a demand for a faster conversion speed, simple hardware implementation, and a more secure and lightweight encryption method that can be realized at a low cost.

Therefore, the present invention has been devised to solve the above-described problems, and the object of the present invention is to provide a data encryption method in a BAN that is more secure and simple, and is based on the QRS complex of ECG signals. Shift Register) encryption method.

First, summarizing the features of the present invention, a data encryption method in an encryption device according to an aspect of the present invention for achieving the above object comprises: detecting a QRS complex from a user's ECG signal sequence and calculating a corresponding characteristic value ; Generating a key stream using the digital quantization value of the characteristic value; And encrypting data using the key stream, wherein the characteristic value is determined from the amplitude of the R wave that changes in time based on the detection and the interval between the Q and S waves.

The digital quantization value is used as an initial key input to the shift register and is properly summed with the digital signature S input while operating the shift register to generate the key stream.

The data encryption method is used to encrypt the input data by periodically determining the characteristic value and the quantitation value from a user.

In order to detect the QRS complex, the dynamic time after a predetermined time interval from the previous R wave by using the method of setting the average of the time windows for the detection of the previous two R waves as the dynamic time window for the detection of the third R wave Calculate the position of the R waves within the window.

In the detection of the QRS complex, a Q wave is determined based on a point in which a gradient direction between two adjacent points preceding the determined R wave is different, and based on a point in which a gradient direction between two adjacent points behind the determined R wave is changed. Determine the S wave.

In the data encryption method, ECG nodes mounted on users in a body area network (BAN) transmit the ECG signal sequence to each intelligent terminal in a wired or wireless manner, and broadcast each key stream. It is characterized in that it is for two-way communication to give or receive the encrypted data between terminals.

In addition, a computer-readable recording medium that performs data encryption according to another aspect of the present invention includes a function of detecting a QRS complex from a user's ECG signal sequence and calculating a corresponding characteristic value; A function of generating a key stream using the digital quantization value of the characteristic value; And performing a function of encrypting data using the key stream, and the characteristic value is determined from the amplitude of the R wave that changes in time based on the detection and the interval between the Q and S waves.

A more secure and simple feasible data encryption method in BAN according to the present invention can provide an LFSR encryption method based on a QRS composite of ECG signals. In particular, i) ECG signals of different individuals are inconsistent, and even in the case of the same individual, the value of the ECG signal changes slowly over time. Therefore, the present invention uses the parameters of the ECG signal as an initial key. And the BAN system itself must detect characteristic points to collect ECG signals and analyze physiological conditions. Therefore, no additional overhead is required for initial key generation. ii) Since the encryption method based on the initial key of the present invention generates a stream cipher by the LFSR circuit, it has the advantages of faster conversion speed, simple hardware implementation, lower cost, and security than software encryption. iii) Since the initial key of the present invention is generated by the ECG signal and the ECG signal changes over time, the initial key is dynamically updated. Even if a key is broken by an eavesdropper, only a small portion of the data can be intercepted. Therefore, the new key agreement technology of the present invention can be utilized as a lightweight encryption method suitable for BAN.

The method for encrypting data in a BAN that is more secure and simple to realize according to the present invention can be actively utilized to design a low-power BAN sensor node realized by light weight and low energy consumption. Therefore, the method of the present invention has an advantageous effect of solving the power consumption problem of the BAN that extends the life cycle of the sensor and improves the quality of service (QoS) of the BAN system.

The accompanying drawings included as part of the detailed description to aid understanding of the present invention provide embodiments of the present invention and describe the technical spirit of the present invention together with the detailed description.
1 shows a general body area network (BAN) associated with telemedicine problems.
2 is an example of the results for the ECG signal and its difference value, the horizontal coordinates are sampling points, and the vertical coordinates indicate the amplitude values.
3 is a flow chart for explaining the detection process of the R wave in the data encryption method according to the present invention.
4 is a view for explaining a method for selecting a start point of an ECG signal.
5 is a view for explaining a starting position of a second R wave after the first R wave.
6 is a view for explaining a gradient shift method for Q-wave identification.
7 shows the operation of the stream encryption system of the present invention.
8 shows a key generator that generates an LFSR key stream.
9 is a view for explaining R _amp , T _QS in the QRS of the ECG signal.
FIG. 10 is an example of distribution (a) of the R-wave amplitude of the 100th ECG data from the MIT-BIH database and distribution of characteristic values of the ECG signal (b).
11 is a block diagram of an apparatus 100 for generating an encrypted text of the present invention based on LFSR.
12 is a flow chart of a cryptographic method in which the quantified characteristic value λ of the present invention is used for a 16th LFSR and a coordinator to generate and transmit a ciphertext and decrypt it at the receiving end.
13 is an example of a waveform diagram of amplitude with respect to a sampling point of normal ECG data.
14 is an example of a waveform diagram of amplitude with respect to a sampling point of ECG data in which a T wave is inverted.
15 is an example of a waveform diagram of amplitude for a sampling point of ECG data having a high T wave.
Fig. 16 is an example of a waveform diagram of amplitude with respect to a sampling point of the ECG data with severe undulation of the base value.
17 is exemplary waveform diagrams for a result of sequentially detecting R waves, Q waves, and S waves in ECG data.
Figure 18 is an example showing the visual result (b) of the encryption for the original picture (a) by the application of the present invention.
19 is an example showing a distribution of pixel values of an encrypted image (b) with respect to an original image (a) by application of the present invention.
Fig. 20(a) is an image decrypted by a correct key, and when an image encrypted by a wrong key (1 bit difference of the initial key) having a small difference is decrypted, it is the same as in Fig. 20(b).
21 is a view for explaining an example of the implementation of the data encryption system according to an embodiment of the present invention.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. At this time, the same components in each drawing are indicated by the same reference numerals as possible. In addition, detailed descriptions of already known functions and/or configurations are omitted. The contents disclosed below focus on parts necessary for understanding the operation according to various embodiments, and descriptions of elements that may obscure the subject matter of the description will be omitted. Also, some components of the drawings may be exaggerated, omitted, or schematically illustrated. The size of each component does not entirely reflect the actual size, and thus the contents described herein are not limited by the relative size or spacing of the components drawn in each drawing.

In describing the embodiments of the present invention, when it is determined that a detailed description of known technology related to the present invention may unnecessarily obscure the subject matter of the present invention, the detailed description will be omitted. In addition, terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to a user's or operator's intention or practice. Therefore, the definition should be made based on the contents throughout this specification. The terminology used in the detailed description is only for describing embodiments of the present invention and should not be limiting. Unless expressly used otherwise, a singular form includes a plural form. In this description, expressions such as “including” or “equipment” are intended to indicate certain characteristics, numbers, steps, actions, elements, parts or combinations thereof, and one or more other than described. It should not be interpreted to exclude the presence or likelihood of other features, numbers, steps, actions, elements, or parts or combinations thereof.

Further, terms such as first and second may be used to describe various components, but the components are not limited by the terms, and the terms are used to distinguish one component from other components. Used only.

<QRS Complex Detection>

A lot of effort has been put into removing noise from the ECG signal. The present invention focuses on a method for encrypting an electrocardiogram signal. The encryption steps performed by the encryption system or the encryption device of the present invention in an intelligent terminal interworking with each node of the BAN are as follows: First, the QRS complex of the ECG signal is detected from the user, that is, the human body and the corresponding characteristic value is calculated. do. Second, the key is generated using the property value, the key is distributed to the receiver, and the data to be encrypted (eg, the property value or other data to be transmitted) is encrypted. Finally, the dynamic key is refreshed (refreshed) over time. To calculate the eigenvalues of the ECG signal, the Q wave, R wave and S wave must be accurately identified. In general, the R wave is the clearest wave in the ECG signal, and the recognition algorithm of the R wave is simple. Therefore, the position of the R wave can be determined most easily. In the present invention, the R wave is first detected and the QS wave is detected according to the position of the R wave.

A. R wave detection algorithm

The wavelet transform method is a useful signal processing technique. It was gradually used for medical signal analysis. Wavelet transform has excellent time-frequency positioning characteristics. The wavelet transform method analyzes ECG signals at multiple scales according to the frequency distribution of each waveform, highlights the characteristics of the QRS complex at a specific scale, and searches the position of the modulus maximum value in the corresponding scale space to locate the QRS complex. Can be detected. However, the computational cost and hardware support cost of this algorithm are quite high.

Neural networks are a new type of computer and artificial intelligence technology that has developed rapidly in recent years and are mainly applied to the classification, refactoring and compression of ECG signal processing. Due to self-learning and adaptive ability, neural networks have an excellent advantage in solving medical problems. The present invention proposes the detection and analysis of ECG signals by artificial intelligence networks and neural networks. This method ensures good discrimination, but neural networks take too much time to train and require specific representation of training samples. Therefore, the neural network method is difficult to realize real-time R wave detection.

The differential threshold method is a simple and fast detection algorithm of QRS complex suitable for highly real-time monitoring devices. The QRS complex is the most powerful part of the ECG signal compared to other characteristic waves, and the rising and falling slopes of the R wave vary greatly and the differential threshold method uses these features to detect the R wave. Because the R wave has the maximum change in the QRS complex due to the rising and falling slopes, the zero crossing point of the first derivative or the extreme point of the second derivative becomes the location of the R wave. Therefore, the differential threshold method calculates the first derivative or the second derivative of the ECG signal sequence, and then determines the position of the R wave combined with the time window and the amplitude threshold.

The differential threshold method for R wave detection can be realized in various forms. Using the quadratic sum of the 1st derivative of the ECG signal for R wave detection, the location of the earliest change in the amplitude value can be clearly known and the width of the R wave can be accurately predicted based on the pulse width. Since the central difference is the high order minimum value of the error square, the first order difference equation of the detection algorithm is as shown in [Equation 1].

[Equation 1]

Here, f(n) is a sequence of ECG signals. According to experience, the falling portion of the R wave is the position of the maximum derivative, and for this purpose, the difference is calculated as [Equation 1]. 2 is an example of the results for the ECG signal and its difference value, the horizontal coordinates are sampling points, and the vertical coordinates indicate the amplitude values.

3 is a flow chart for explaining the detection process of the R wave in the data encryption method according to the present invention. Here, it is assumed that the data sampling frequencies Wf=fs=500Hz, t=0.1*fs, and T1=0.35*fs.

First, the starting point of the ECG signal is preferentially detected in order to accurately locate the first R wave.

4 is a view for explaining a method for selecting a start point of an ECG signal.

First, the initial 3 second data of the input ECG signal data is discarded (S100). The initial 3 second data of the input ECG signal data is not adjusted and used in the analysis because it is an adjustment period for the user.

As shown in (a) of FIG. 4, the R wave can be easily identified when the starting point is in the steady part of the ECG signal. However, as shown in FIG. 4(b), if the starting point is close to the R wave, the minimum difference value appears after the maximum difference value, and thus appears as a detection error of the R wave.

The algorithm of the present invention starts detection on the steady part of the ECG signal to avoid detection errors (S200). To this end, first, the maximum amplitude value Amax in the period A(1,t) is found, and A(1) is the starting point of the beginning of the input ECG signal. Next, the maximum amplitude value Bmax in the period B(t+1,2t) is found, and if Amax>1.8*Bmax, the starting point of the ECG signal is close to the R wave, and the starting point of the R wave detection is 2R. Until it is postponed. If Amax is less than 1.8*Bmax, the starting point of R-wave detection is t=1, which is the beginning of the ECG signal.

Next, starting from the detection start point, the ECG signal x(t) having the width w _f is taken and expressed as x _wf (t), and then the maximum amplitude point R1 is determined (S300). The forward deviation dif (t) of the period of this ECG signal is calculated by [Equation 1].

Next, a single R wave is detected (S400). To this end, the maximum value difmax(t1) and the minimum value difmin(t2) of dif(t) are first determined using the forward deviation dif(t) of the period of the ECG signal, and the intervals (t1, t2) In between, the maximum amplitude point R'of the ECG signal is determined. If R1 and R'are the same point, this point is the position of the R wave. Otherwise, in the first and second R waveforms of the ECG signal, the algorithm compares the amplitude values between R1 and R'and the larger point is the R wave. In other R waves, the algorithm will calculate the absolute difference (R1 _ad ) between RR1 and RR, and calculate the absolute difference (R' _ad ) between RR' and RR (RR1 is the interval between the previous R wave and R1, RR' is Spacing between the previous R wave and R', RR is the spacing between the two previous R waves). And by comparing the difference between the absolute values, if R1ad <R'ad, R1 is the position of the R wave. Otherwise R'' is the position of the R wave.

After determining the first R wave of the ECG signal, the starting position of the next second R wave is a T1 point as shown in FIG. 5 (FIG. 5 is for explaining the starting position of the next second R wave after the first R wave) ), T1 corresponds to 0.35 fs after the first R wave. Then, the second R wave of the ECG signal x(t) is determined as described in S300 and S400 above (S500 and S600).

Next, the intervals of the first and second R waves are calculated and designated as RR.

Next, the starting position of the third R wave is T1 at 0.35 fs after the second R wave. The width Wf of the time window for detecting the position of the third R wave is an average of Wf(WfP, RR) of the previous two R waves (S700). Then, the third R wave of the ECG signal x(t) is determined as described in S300 and S400 above (S800). Then, all R waves of the ECG signal x(t) are continuously determined (S900). The algorithm proposed in the present invention uses a dynamic time window function because the ECG data for encryption of the present invention is real time. The interval of RR depends on individual differences, and if a fixed time window function is adopted, there are zero or more R waves in the time window, so recognition speed and algorithm robustness are reduced. In the present invention, the width Wf of the time window determined by the dynamic time window function Wf = (WfP + RR)/2 is proposed. Here, WfP is the width of the current time window, and RR is the interval previously applied between the two previous R waves. Since RR changes in real time according to individual differences and heart rate differences, Wf is adjusted in real time. In this case, Wf is modified over time to improve the robustness of the algorithm.

<QS wave detection algorithm>

The positions of the Q wave and the S wave can be identified according to the exact position of the R wave. The time window search method and the planimetry slope method are the basic methods for identifying the Q wave and the S wave. However, these two methods are not suitable for the actual BAN, the time window search method is not suitable for the large interval of the Q wave and the R wave, and the plane gradient method is too expensive for the BAN. Therefore, in the present invention, a slope mutation method is selected to identify Q waves and S waves.

The gradient shift method is based on the exact position of the R wave. This method continuously calculates the slope of two adjacent points An-1 and An (the R wave is the A0 position), starting from the position of the R wave, and expressing the slope as f_1, f_2 ... f_n (f_( After calculating until n-1)> 0 and f_n <0), the point An-1 is the Q wave position. If the calculation exceeds the range of the ECG cycle, it is determined that there is no Q wave. 6 is a view for explaining a gradient shift method for Q-wave identification. The recognition of the S wave is similar to that of the Q wave. The slopes of two adjacent points Bn-1 and Bn (the R wave is at position B0) sequentially after the R wave are sequentially calculated, and the slope is represented by f_1, f_2 ... f_n. After calculating the slope until one of the two slopes shows a variation such as (f_(n-1) <0 and f_n> 0), the point Bn-1 is determined as the S wave position.

<key generation>

In Shannon, if the key is the only random sequence used and the length is more than the length of the plaintext sequence, the password system is not compromised. 7 shows the operation of the stream encryption system of the present invention. Stream encryption systems generate random sequences and use them as keys.

은 2 모듈의 합산을 나타낸다. 키 생성기로 입력되는 초기 키 I에 대하여 키 스트림 k_j를 생성한다. 암호화 유닛에서 평문 스트리 m_j와 키 스트림 k_j를 합산하여 암호 스트림 c_j가 생성되고, 복호화 유닛에서 암호 스트림 c_j와 키 생성기에 의한 초기 키 I의 키 스트림 k_j를 합산하여 평문 스트림 m_j를 획득한다. 키 생성기는 LFSR 기반으로 동작하고, n-레벨 LFSR은 쉬프트레지스터 R=(r_n, r_n-1, ..., r₁), 탭 시퀀스 T=(t_n, t_n-1, ..., t₁), 및 사용자 등에 의해 입력되는 디지털 서명 S를 포함한다. symbol

Denotes the summation of 2 modules. A key stream k _j is generated for the initial key I input to the key generator. In encryption unit combined the plaintext streaming m _j and the key stream k _j cipher stream c _j is generated, the decoding unit code stream c _j and the plaintext by adding the key stream k _j of the initial key I by the mode generator stream in m _j To acquire. The key generator operates based on LFSR, and the n-level LFSR is shift register R=(r _n , r _n-1 , ..., r ₁ ), tap sequence T=(t _n , t _n-1 , .. ., t ₁ ), and a digital signature S input by a user or the like.

8 shows a key generator that generates an LFSR key stream. As shown in FIG. 8, when generating a new key, one of the digital signature and feedback bits forms a new bit through operation, after which the new bit is input to the shift register and at the same time one bit is output to the right, the other bit These are shifted to the right by 1 bit in sequence. That is, the digital quantization value of the characteristic value λ is used as an initial key input to each bit of the shift register and is properly summed with the input digital signature S while operating to shift the shift register 1 bit to the right, and the result is added to the left of the shift register. A key stream output to the right end (eg, least significant bit value LSB, Least Significant Bit) is generated while feeding back to the end (eg, most significant bit value MSB, Most Significant Bit).

The structure of the key generator can output a self-circulation key stream, while the circuit configuration of the key generator is relatively easy and some logic gates provide high safety. However, if an eavesdropper, such as a hacker, knows a certain number of plaintext and ciphertext, the tap sequence is deduced and the encryption system is destroyed. Therefore, it is necessary to optimize the structure. The present invention applies the 16th order (16 order) nonlinear feedback shift register to increase its period and set its maximum value to 2 ¹⁶ . In addition, dynamic key update is essential, and the key is refreshed every T seconds to have a low probability of destruction.

In the present invention, R _amp is the amplitude of the R wave, T _QS is the spacing between the Q and S waves, and λ is the characteristic value of the ECG signal. After detecting the QRS complex for t seconds of the ECG signal, the characteristic value λ can be calculated as [Equation 2] and [Equation 3].

[Equation 2]

[Equation 3]

Here, R ⁱ _amp is the amplitude of the i-th R wave of the ECG signal for t seconds. As shown in FIG. 9, T ⁱ _QS is the time interval of the i-th QS wave (Q wave and S wave) of the ECG signal, and n is the number of R waves for t seconds. 9 is a view for explaining R _amp , T _QS in the QRS of the ECG signal. The parameter λ _i is calculated by the product of R ⁱ _amp and T ⁱ _QS , and the final characteristic value λ is the average of λ _i . Due to the QRS complex, the characteristic values are different for each individual, and even one person has some differences over time. The characteristic values calculated by the amplitude of the R wave and the interval of the QS wave can reflect the difference between the ECG signals as much as possible. Therefore, the characteristic value λ is dynamically updated, and the key is refreshed based on λ. On the other hand, the determination of the physiological state requires the location of the QRS complex. Therefore, this method has no additional cost and lowers the power consumption of the sensor nodes of the BANs.

The characteristic value λ is then quantified with the corresponding digital value to use as the initial key for the LFSR of the N-order to generate the stream key. The key stream is broadcast to a node in the BAN system and the node decrypts the data using the key. On the other hand, the encryption method regenerates the key using the initial key that is periodically updated every T seconds and repeats the above steps. In the present invention, ECG signals are used for encryption rather than simple parameters of ECG signals used in other technologies. The ECG signal parameters of different individuals at the same time may be exactly the same, because the simple parameters of the ECG signal of the same individual at the same time do not differ sufficiently to generate different keys. It can affect the objectivity of different keys at different times so that a situation becomes an unreliable cipher. However, the characteristic values of the ECG signal increase the diversity of keys for each individual and allow the same individual to have diversity at different times. The present invention selects the first 10 minutes of the 100th ECG data from a given MIT-BIH database to demonstrate the diversity of the keys, calculates the characteristic values of the same person's ECG signal at different time periods, and calculates one ECG. The characteristic values are compared with signal parameters (eg, R-wave amplitude value). FIG. 10 is an example of distribution (a) of the R-wave amplitude of the 100th ECG data from the MIT-BIH database and distribution of characteristic values of the ECG signal (b).

As shown in FIG. 10, when comparing the amplitude of one R wave, the ECG signal characteristic values may have a wider range of values, and the repetition rate of the characteristic values is low, thus avoiding repeated keys of the same individual on time. Do it. ECG signal characteristic values also have a better effect on the diversity of keys of different individuals. In comparison of the same individual, different individuals have a wider range of variation in distribution of characteristic values.

<LFSR circuit encryption method>

In the present invention, the value of T may be 200-400 seconds. Creating an LFSR circuit to generate a stream cipher has the advantages of fast convergence speed, simple hardware implementation, low cost, and more secure than software encryption. In the present invention, a 16th order LFSR is used for plaintext encryption, and a maximum value of 2 ^N -1 is allowed. The encryption effect of the 16th LFSR is superior to that of the 8th LFSR, and the effect of the 16th LFSR is suitable as an encryption method. It is possible to use more than 32 LFSRs, but this increases the complexity of the hardware. Dynamic update of the key by ECG signal every T seconds enables real-time encryption and significantly reduces the possibility of hacker attacks.

The polynomial of the 16th LFSR is in the form of [Equation 4], and FIG. 11 is a block diagram of the apparatus 100 for generating a ciphertext of the present invention based on LFSR. The ciphertext generating apparatus 100 generates a ciphertext by appropriately summing (or synthesizing) the quantified value of the characteristic value λ with a key stream using a flip-flop circuit. However, the present invention is not limited to this, and instead of the characteristic value λ, any transmission target data of each intelligent terminal may be properly summed (or synthesized) with the key stream to form a ciphertext and transmitted to another intelligent terminal.

[Equation 4]

In BAN initialization, the ECG node transmits the preamble sequence and ECG data having a predetermined length without calculation. A given coordinator extracts ECG data for 4 seconds, computes the key after receiving the preamble sequence, and then broadcasts the key to all nodes.

When receiving the encrypted data generated by the node, the intelligent terminal calculates the corresponding characteristic value according to the corresponding ECG signal. In the present invention, the amplitude of the R wave and the time interval of the QS wave are used in the calculation to have a large difference between individuals. 12 is a flow chart of a cryptographic method in which the quantified characteristic value λ of the present invention is used for a 16th LFSR and a coordinator to generate and transmit a ciphertext and decrypt it at the receiving end. As shown in FIG. 12, the key and the ciphertext may be implemented to be given or received between intelligent terminals by wireless (eg, ZigBee, Blotus, Wi-Fi, mobile communication, etc.). It may be transmitted to a counterpart intelligent terminal.

The encryption algorithm should be as simple as possible because the BAN system of the present invention requires a very low cost biosignal acquisition node. As with the method mentioned above, the additional function for the node does not cost extra except for a simple LFSR circuit. This is very suitable for the implementation of low power sensor nodes.

<Key distribution and dynamic refresh>

BANs require a low cost sensor node. Therefore, in the present invention, when considering data encryption, the computational work of the node is minimized. The main interaction systems are:

First, in the BAN (Body Area Network), ECG nodes mounted on users transmit sampling ECG signal sequence data and a leader sequence during initialization through wired or wireless (eg, ZigBee, Bluetooth, Wi-Fi, etc.). Here, the ECG node does nothing. Second, intelligent terminals calculate the characteristic values of the ECG signal based on the received ECG signal and the data of the reader sequence, and then generate a key and broadcast it. Third, according to the above method, the intelligent terminals of each node communicate data with the intelligent terminal in both directions by encrypting the data by encrypting the data after receiving the key. Finally, every T time, the system randomly selects a node to transmit the reader sequence to the intelligent terminal, and the intelligent terminal recalculates the characteristic value based on the data from the ECG node. Therefore, the task of calculating the characteristic value is completed by the intelligent terminal, and other sensor nodes do not need to perform a lot of calculations so that the entire system has low power consumption. Even if the eavesdropper captures the key at once, only a certain period of information can be obtained due to the key change over time.

<Simulation and experiment results>

<QRS detection simulation>

When the R wave and the QS wave are individually detected based on the differential threshold method and the gradient shift method, and MATLAB simulation is adopted for a given method, the simulation effects are shown in FIGS. 13 to 16. 13 is an example of a waveform diagram of amplitude with respect to a sampling point of normal ECG data. 14 is an example of a waveform diagram of amplitude with respect to a sampling point of ECG data in which a T wave is inverted. 15 is an example of a waveform diagram of amplitude for a sampling point of ECG data having a high T wave. Fig. 16 is an example of a waveform diagram of amplitude with respect to a sampling point of the ECG data with severe undulation of the base value. In all of the above figures, the graph at the top is raw data and the graph at the bottom is raw data where the detected R wave is marked with a + sign.

After detecting the R wave, the above gradient shift method is applied to detect the QS wave. 17 is exemplary waveform diagrams for a result of sequentially detecting R waves, Q waves, and S waves in ECG data.

As shown in FIG. 17, the gradient shift method can accurately identify the Q wave and the S wave. Table 1 shows the computational complexity of the Q-wave detection of the window search method, the planimetry slope method, and the slope mutation method. In the area gradient method, when M is the first minimum point on the left of the R wave and N is the 30th point from the M point to the left, the linear equation of MN is Ax+By+C, L is the distance between point K and the line MN to be. K represents all points on the NR segment of the ECG signal. In the gradient shift method, (x1, y1) is the coordinates of A _n-1 and (x2, y2) is the coordinates of A _n . And, n is the number of samples between the Q wave and the R wave.

[Table1]

Table 2 below shows the detection rate of QRS waves of ECG data from the arrhythmia (arrhythmia) MIT-BIT database used in the evaluation of the present invention. The signal detection rate of most R waves is more than 99.5%. The signal detection rate of 118 shows relatively low results because these signals can be affected by noise. Sharp singular points and severe baseline fluctuations can make it difficult to characterize the R wave and cause discrimination errors. Therefore, the signal must be counter-noise canceled before detection. And in the present invention, QS wave detection using gradient shift method reaches 99%. Compared to other methods, the calculation principle of the gradient shift method is simple and the number of samples is small. However, this detection method for QS waves requires accurate detection of R waves.

[Table2]

<Experimental results and encryption analysis>

Figure 18 is an example showing the visual result (b) of the encryption for the original picture (a) by the application of the present invention. 19 is an example showing a distribution of pixel values of an encrypted image (b) with respect to an original image (a) by application of the present invention. In the plain text image of FIG. 19(a), the pixel value distribution has a specific distribution, but the pixel value distribution of the encrypted image of FIG. 19(b) has a balanced distribution. Therefore, the encryption method of the present invention makes it difficult to estimate the probability of distribution of pixel values for the original image. The probability of distribution of pixel values generated by encryption becomes more even in 8-bit gray scale. As described above, the encryption method based on the key stream of the present invention will be able to effectively prevent attacks from statistical hackers.

The two-dimensional correlation of the original image and the encrypted image can be represented by two-dimensional correlation coefficients of two corresponding matrices A and B as shown in [Equation 5].

[Equation 5]

와

는 각각 본래의 이미지와 암호화된 이미지의 화소값들의 평균을 나타낸다. 이러한 실험은 4가지 테스트 이미지들(Lena, Camera, Plane, Barbara)이 선택되고, 초기 키와 4가지 이미지들의 암호화를 생성하기 위하여 MIT-BIH 데이터베이스의 100번째 ECG 데이터를 사용하였다. 그 결과는 아래 Table3에 정리되었다. CAB는 제로에 가깝고, 이는 본래 이미지와 암호화된 이미지의 상관(correlation)이 아주 작다는 것을 의미한다. Here, A _ij and B _ij are gray values of the original image and the encrypted image at the position (i,j) of the data matrix, respectively.

Wow

Denotes the average of the pixel values of the original image and the encrypted image, respectively. In this experiment, four test images (Lena, Camera, Plane, and Barbara) were selected, and the 100th ECG data of the MIT-BIH database was used to generate the initial key and encryption of the four images. The results are summarized in Table 3 below. The CAB is close to zero, which means that the correlation between the original image and the encrypted image is very small.

[Table3]

Correlation coefficients were calculated from Equation 6 to Equation 9 below by selecting 100 adjacent pixel pairs selected from each of three directions (horizontal, vertical, and diagonal directions) from the original image and the encrypted images.

[Equation 6]

[Equation 7]

[Equation 8]

[Equation 9]

Here, x _i and y _i represent gray values of two adjacent pixels, and N is a pixel number. Table 3 shows the correlation coefficients in the three directions. The three-way correlation is 0.9 before encryption, indicating that the gray values of adjacent pixels are very similar, and it decreases to less than 0.1 after encryption, thereby improving the defense against attack due to the much smaller correlation.

[Table4]

In other studies, algorithms have been proposed that exhibit superior performance in differential attacks when they are more sensitive to plaintext. Therefore, in the present invention, NPCR (Number of Pixel Change Rate) and UACI (Unified Average Changing Intensity) were adopted to measure the sensitivity of the encryption algorithm to plain text. And in the sensitivity test of the present invention, two similar plain text images with only one different pixel are used. After key stream encryption, the pixel gray scale of (i, j) points in the two images is C1 (i, j) and C2 (i, j), respectively. If C1 (i, j) = C2 (i, j), D (i, j) = 0; If C1 (i, j) C2 (i, j), then D (i, j) = 1. Therefore, the formulas of NPCR and UACI are as follows [Equation 10] and [Equation 11]. [Equation 12] and [Equation 13] are expected values of NPCR and UACI.

[Equation 10]

[Equation 11]

[Equation 12]

[Equation 13]

Here, M and N represent row and list numbers of image pixels, respectively, and D is 0 or 1 according to the above algorithm. And since the experimental image is an 8-bit gray scale, n = 8 in equations (12) and (13). The ideal expectations for NPCR and UACI can then be calculated as 99.6094070% and 33.4635070%. This experiment adopts a Lena plot to simulate NPCR and UACI, selects a random pixel from Lena and inverts the lowest bit of the pixel to produce another image. Table 5 shows the NPCR and UACI results of the original and generated images. The mean experimental values of NPCR and UACI are 99.5509% and 50.0358%. When compared to the ideal value, the experimental NPCR value is close to the ideal NPCR value, but the experimental UACI value is different from the ideal UACI value. This is because the encryption method is light weight, and the pixel change rate and the pixel change intensity can be guaranteed. Since energy consumption is an important issue in BAN, the encryption algorithm in BAN must consider energy consumption. In the present invention, the encryption strength may be weak, but it is lightweight and has low energy consumption to be suitable for BAN applications.

[Table5]

The encryption algorithm must have a strong sensitivity to the key, so that even small changes in the key are decrypted in plain text that is completely different from the original plain text. The present invention calculates the initial key by applying the ECG data of the 100th MIT-BIH, which is used to encrypt a picture such as Lena. 20(a) is an image decrypted by a correct key, and when an image encrypted by a wrong key (1 bit difference of the initial key) having a small difference is decrypted, it is the same as FIG. 20(b). (B) of 20 is a case where one bit of the initial key is changed and used for generating a key stream, that is, when one bit of the 16-bit shift register is arbitrarily selected and inverted. As shown in the drawings, a small difference in key causes incorrect decoding.

21 is a view for explaining an example of the implementation of the data encryption system according to an embodiment of the present invention. For performing data encryption of the present invention, one or more of the encryption system itself including the key generator, the ciphertext generating device 100, or components constituting them, may be made of hardware, software, or a combination thereof. . For example, the data encryption system of the present invention may be implemented with the computing system 1000 as shown in FIG. 21.

The computing system 1000 includes at least one processor 1100, a memory 1300, a user interface input device 1400, a user interface output device 1500, storage 1600, and a network connected through a bus 1200. Interface 1700. The processor 1100 may be a central processing unit (CPU) or a semiconductor device that executes processing for instructions stored in the memory 1300 and/or storage 1600. The memory 1300 and the storage 1600 may include various types of volatile or nonvolatile storage media. For example, the memory 1300 may include a read only memory (ROM) 1310 and a random access memory (RAM) 1320.

Accordingly, steps of a method or algorithm described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules, or a combination of the two executed by processor 1100. The software modules reside in storage media (ie, memory 1300 and/or storage 1600) such as RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM. You may. An exemplary storage medium is coupled to the processor 1100, which can read information from and write information to the storage medium. Alternatively, the storage medium may be integral with the processor 1100. Processors and storage media may reside within an application specific integrated circuit (ASIC). The ASIC may reside in a user terminal. Alternatively, the processor and storage medium may reside as separate components within the user terminal.

Furthermore, a function used for input/output data processing for a data encryption method according to an embodiment of the present invention can be implemented as a computer-readable code on a recording medium readable by a device such as a computer. It can be implemented to input or output and display data or information required to perform a function by combining devices. The computer-readable recording medium includes all kinds of recording devices in which data readable by a computer system is stored. Examples of computer-readable recording media include storage media such as ROM, RAM, CD-ROM, magnetic tapes, floppy disks, optical data storage devices, hard disks, and removable storage devices. In addition, the computer-readable recording medium is distributed in a computer system connected by a network (eg, the Internet, a mobile communication network, etc.), and a computer-readable code may be stored in a distributed manner, and may be executed through a network.

As described above, the method of encrypting data in the BAN using the electrocardiogram signal according to the present invention is a more secure and simple feasible data encryption method, and can provide an LFSR encryption method based on the QRS complex of the electrocardiogram signal. have. In particular, i) ECG signals of different individuals are inconsistent, and even in the case of the same individual, the value of the ECG signal changes slowly over time. Therefore, the present invention uses the parameters of the ECG signal as an initial key. And the BAN system itself must detect characteristic points to collect ECG signals and analyze physiological conditions. Therefore, no additional overhead is required for initial key generation. ii) Since the encryption method based on the initial key of the present invention generates a stream cipher by the LFSR circuit, it has advantages of faster conversion speed, simple hardware implementation, lower cost, and security than software encryption. iii) Since the initial key of the present invention is generated by the ECG signal and the ECG signal changes over time, the initial key is dynamically updated. Even if a key is broken by an eavesdropper, only a small portion of the data can be intercepted. Therefore, the new key agreement technology of the present invention can be utilized as a lightweight encryption method suitable for BAN.

The method for encrypting data in a BAN that is more secure and simple to realize according to the present invention can be actively utilized to design a low-power BAN sensor node realized by light weight and low energy consumption. Therefore, the method of the present invention has an advantageous effect of solving the power consumption problem of the BAN that extends the life cycle of the sensor and improves the quality of service (QoS) of the BAN system.

As described above, in the present invention, specific matters such as specific components and the like have been described by limited embodiments and drawings, but they are provided only to help a more comprehensive understanding of the present invention, and the present invention is not limited to the above embodiments , Those of ordinary skill in the art to which the present invention pertains will be able to make various modifications and variations without departing from the essential characteristics of the present invention. Therefore, the spirit of the present invention is not limited to the described embodiments, and should not be determined, and all technical spirits equivalent to or equivalent to the claims as well as the claims described below are included in the scope of the present invention. It should be interpreted as.

Claims (7)

A method for encrypting data in an encryption device,
Detecting a QRS complex from the user's ECG signal sequence and calculating a corresponding characteristic value;
Generating a key stream using the digital quantization value of the characteristic value; And
Encrypting data using the key stream,
The characteristic value is determined from the amplitude of the R-wave and the Q-wave and the S-wave which change in time based on the detection. According to claim 1,
The digital quantization value is used as an initial key input to the shift register, and a data encryption method characterized in that the key stream is generated by appropriately summing the input digital signature S while operating the shift register. According to claim 1,
A data encryption method, characterized in that the characteristic value and the quantified value are periodically determined from a user and used for encryption of input data. According to claim 1,
In order to detect the QRS complex, the dynamic time after a predetermined time interval from the previous R wave by using the method of setting the average of the time windows for the detection of the previous two R waves as the dynamic time window for the detection of the third R wave Data encryption method characterized by calculating the position of the R waves in the window. According to claim 1,
In the detection of the QRS complex, a Q wave is determined based on a point in which a gradient direction between two adjacent points preceding the determined R wave is different, and based on a point in which a gradient direction between two adjacent points behind the determined R wave is changed. A data encryption method characterized by determining the S wave. According to claim 1,
In the body area network (BAN), the ECG nodes mounted on users transmit the ECG signal sequence to each intelligent terminal in a wired or wireless manner, and the encrypted data between the respective intelligent terminals broadcasting the corresponding key stream. Data encryption method characterized in that for the two-way communication to give or receive. A function of detecting a QRS complex from a user's ECG signal sequence and calculating a corresponding characteristic value;
A function of generating a key stream using the digital quantization value of the characteristic value; And
Encrypting data using the key stream,
The characteristic value is determined from an amplitude of an R wave that changes in time based on the detection and an interval between a Q wave and an S wave, and the computer readable recording medium performing data encryption.

Images