Embed Size (px)
Citation preview
I
UNIVERSITY OF EASTERN FINLAND
Faculty of Science and Forestry
Master’s Thesis
DATA SECURITY IN TELEHEALTH
AND SMART HOME ENVIRONMENT
Author: Sujan Karanjeet
Helmipöllönkatu 5 C 9
02680, Espoo
Phone: +358 447388008
II
ABSTRACT
UNIVERSITY OF EASTERN FINLAND
Faculty of Science and Forestry
Sujan Karanjeet
DATA SECURITY IN TELEHEALTH AND SMART HOME ENVIRONMENT
Master’s Thesis
51 Pages, 10 Figures, 2 Tables.
Supervisors: Professor, D.Sc. (Tech.) Pekka Toivanen and Ph.D. Keijo Haataja
Keywords: Data Security, Mobile, Sensor Devices, Sensor Nodes, Telehealth, Wireless
Sensor Monitoring, Wireless Sensor Networks.
This Master’s Thesis examines Telehealth care system, which is able to deliver medical
services to remotely located patients using telecommunications technology like Internet and
smart devices including sensors. In Telehealth care systems, security is one of the main
challenges. Patients have more trust on face-to-face communications comparing to
Telehealth care systems. Other challenges in Telehealth care system are the structure that
needs to be built in order to monitor the patient remotely and the expenses which occur
while building the network for Telehealth care system. Telehealth care systems are utilizing
wireless sensor networks and devices for the communication and we need to make sure that
the communication between the devices remains safe and secure. Compromise in the
security of these devices could spoil the security of the whole healthcare system.
This thesis work deals with the different wireless technologies that can be involved in
developing the telehealth care systems and focuses mainly on their security requirements.
III
ACKNOWLEDGEMENTS
I would like to express my gratitude to the University of Eastern Finland and the School of
Computing for providing me such a great opportunity.
I would like to thank my supervisors Professor Pekka Toivanen and Ph.D. Keijo Haataja for
their guidance and supervision on this thesis. I’m very grateful for their time and suggestions
throughout the duration of the thesis. I would also like to thank M.Sc. Antti Väänänen for
his suggestions and comments.
I’m very grateful to my wife Bandana, my family, and friends for their love and continuous
support throughout the entire duration of my studies.
IV
Table of Contents
1. INTRODUCTION............................................................................................................................. 1
2. TELE-HEALTH CARE SYSTEM AS MEDICAL DEVICE ............................................ 7
3. WIRELESS SENSOR NETWORK ...................................................................................... 11
3.1. STRUCTURE OF WIRELESS SENSOR NETWORK ....................................... 13
3.2. NETWORK TOPOLOGIES ............................................................................................ 18
4. DATA SECURITY ........................................................................................................................ 23
4.1. SECURITY REQUIREMENTS...................................................................................... 24
4.2. STANDARDIZATION AND PROTOCOLS .............................................................. 26
5. DATA ANALYSIS AND COMPARISON ........................................................................... 40
6. CONCLUSION AND FUTURE WORK .............................................................................. 42
REFERENCES ...................................................................................................................................... 44
V
LIST OF FIGURES
Fig 1: Thesis Framework
Fig 2: Basic Telehealth system
Fig 3: Telehealth Care System
Fig 4: Wireless Sensor Network Environment
Fig 5: Wireless Sensor Network Architecture
Fig 6: Sensor Node Architecture
Fig 7: Star Topology
Fig 8: Mesh Topology
Fig 9: Star-Mesh Hybrid Topology
Fig 10: ZigBee
VI
LIST OF TABLES
Table 1: Bluetooth Attacks
Table 2: Data Analysis and Comparison
VII
ABBREVIATIONS
ACL Asynchronous Connection-Less
ADC Analog to Digital Converter
AES Advanced Encryption Standard
APS Application
BSS Basic Service Set
BAN Body Area Network
BS Base Station
CBC-MAC Cipher Block Chain Message Authentication Code
CCMP Counter Mode with Cipher Block Chaining Message Authentication
Code Protocol
CRC Cyclic Redundancy Check
DEMANES Design, Monitoring and Operation of Adaptive Networked Embedded
Systems
DoS Denial of Service
EAP Extensible Authentication Protocol
EDR Enhanced Data Rate
ESS Extended Service Set
GSM Global System for Mobile Communication
GPRS General Packet Radio Service
GPS Global Positioning System
HCI Host Command Interface
HTTP HyperText Transfer Protocol
IEEE Institute of Electrical and Electronics Engineers
IMEI International Mobile Equipment Identity
IP Internet Protocol
IT Information Technology
J2ME Java 2 Platform, Micro Edition
L2CAP Logical Link Control and Adaption Protocol
VIII
MAC Message Authentication Code
MHz Megahertz
NIST National Institute of Standard and Technology
NWK Network
PC Personal Computer
PDA Personal Device Assistant
PSK Pre-Shared Key
RADIUS Remote Authentication Dial-In User Service
RC4 Rivest Cipher 4
RF Radio Frequency
SCO Synchronous Connection-Oriented
SEAL Smart Environment for Assisted Living
SSID Service Set Identifier
TCP/IP Transmission Control Protocol / Internet Protocol
TKIP Temporal Key Integrity Protocol
TRSS Tactical Remote Sensor System
UDDA Unauthorized Direct Data Access
UMTS Universal Mobile Telecommunications System
UWB Ultra-WideBand
WBAN Wireless Body Area Network
Wi-Fi Wireless Fidelity
WiMAX Worldwide Interoperability for Microwave Access
WPA Wi-Fi Protected Access
WPAN Wireless Personal Area Network
WSDL Web Service Description Language
WSN Wireless Sensor Network
1
1. INTRODUCTION
The population of elderly has been increasing so rapidly these days. There is an
expectation that the population of 60 years old and above will increase from 605 million
to 2 billion by the year 2050 (Facts on ageing1, 2014). This rapid growth of elderly results
in the growth of people with chronic diseases. The cost of manual caring for elderly and
the chronic disease patients are very high. It is even difficult for the family members to
take care of them.
Research for improving the quality of life of elderly and the patients is becoming a very
important subject (J. Edvards, 2006). People are realizing the importance of tele-health
care systems and the study related to such systems are emerging as one of the most
interesting fields of study.
Using the telecommunications technology such as Internet, tele-health care systems can
provide the medical services to the patient located in the remote location (Qian Liu, et al.,
2008). Huge number of tele-medicine devices these days use Wi-Fi (Wireless Fidelity) as
a medium to send and receive medical signals that is then collected by Wi-Fi-based
medical sensors. Tele-health care system provides non-invasive and inexpensive means
for accurate and promptly diagnosing for many clinical conditions. It is done through
continuous monitoring and medical signal analysis such as pulse, breathe rate, blood
pressure, temperature, and lungs sound (Huyu Qu, et al., 2009). However, Their design
and implementation have some challenges and specifically more crucial part is the
security to tele-health applications. It’s very possible that the medical services are critical
to the health of patients or even to their life itself (Qian Liu, et al., 2008).
These kinds of systems are precious and can be a lifesaver in many cases. However, it
can also be dangerous to users when there is even a small issue or a fault in the system.
1 http://www.who.int/features/factfiles/ageing/en [Access Date: 2nd Nov 2014]
2
Therefore, one of the important things to do while designing the system is to focus on the
security issues and build the best possible system. This thesis is a part of the EU Artemis
DEMANES (Design, Monitoring, and Operation of Adaptive Networked Embedded
Systems) project 2 in which UEF’s CI (Computational Intelligence) research group
developed the SEAL (Smart Environment for Assisted Living) system. The main idea here
is to build a fully realized Telehealth and smart home systems for the elderly, the people
with chronic conditions, and healthy people who want to monitor their health with
unobtrusive mobile Telehealth system. The project focused on improving the independent
living of the patients by monitoring and assisting them in everyday life with a secure,
cheap, versatile, and adaptive Telehealth system.
The system includes a Body Area Network (BAN) with wireless sensor nodes, smart-
phones, in-house automation servers, and the better means of connection between them.
The system will be responsible for analyzing and disseminating the data and will send the
information to patients as well as the healthcare personnel.
This Master's Thesis focuses on the data security requirements of the project. The system
will be using different protocols, standards, and different kinds of devices for sensing,
tracking, transferring data, analyzing, alerting, etc. The thesis performs a study on the
protocols and standards available for designing Telehealth care systems along with their
evaluation. It also analyzes the data security situation planned for the SEAL system,
which includes the analysis of data security in Body Area Network (BAN), Wireless
Sensor Network (WSN), Client-Server communication, and User Interface Design. The
analysis of security requirements is based on the efficient living of the elderly and the
people with chronic diseases.
The major goal of this thesis is to find the best and the appropriate data security standard
for safety, reliability, and confidentiality of the data in the SEAL system. The research
methodologies used in this thesis are both Qualitative and Quantitative, which is also
known as the mixed method (John W. Creswell, 2009). Quantitative method is used for
2 http://www.demanes.eu/
3
comparing different standards and protocols using statistical data, while Qualitative
method is used to find out the importance of standards and protocols. Additionally, review
of literature is done as a method of research. In a literature survey, topic is selected and
writing part is done reflecting the topic, which is followed by studying the existing literature
in relation to the topic. The literature review provides the result of other studies and
findings that are closely related to the specific topic and it can further be helpful in filling
research gap. For example, topic can be WSN, sensor devices, wireless technologies,
standards, protocols, data security, network security, technology, and other topics as well.
The primary information gathered is mostly from conference articles, journals, books, and
Internet sources.
The study work has been developed with the help of required academic materials from
databases such as IEEE. Focusing on journals and articles as well as relating them to the
framework of this thesis helped in developing of the Research Questions. Framework
developed as shown in Figure 1 supported a lot in generating research questions.
Although there were lots of literature reviews for this study, the priority was given mainly
to the literature information that was relevant to the research questions.
The research questions are as follows:
1. What are the standards for data security in Tele-health?
2. What kinds of protocols are used in Tele-health?
3. How can SEAL be made safe, reliable, and confidential?
4. What is the most appropriate data security standard for safety, reliability, and
confidentiality of the data in SEAL?
5. What are the limitations of the system?
4
Figure 1. Thesis Framework.
5
Chapter 2 defines Telehealth care system as a medical device. It will focus on using IT
(Information Technology) and Tele-communication to provide assistance on the health
care system. It helps the reader to understand the basic workflow of the Telehealth care
systems and the necessary components required to build up the system and the
importance and type of communication channels being used in today’s health care
system.
Chapter 3 consists of the definitions of wireless sensor network, its structure, wireless
network topologies, communication link, and wireless standards. It also briefly defines the
sensor node, base station, and communication link. This chapter shows how the signal is
generated by target node, how data is transmitted from a target node to the sensor node
or a base station from sensor node and sent to mobile devices, personal computers, and
other display devices. It also defines the sensor node architecture, which enables the
reader to understand how the sensor node operates in real world environment. As the
overview, Chapter 3 provides the detailed information on different wireless network
topologies and different characteristics between star and mesh wireless network
topologies.
Chapter 4 deals with data security. This chapter defines the security requirements, which
allow the reader to understand the basic requirements for data integrity, data
authentication, and data confidentiality. This chapter includes the detailed description
about the wireless standards like Bluetooth, ZigBee, Ultra-wideband, and Wi-Fi. The
importance of this chapter is that it allows the reader to clearly understand what type of
security one can achieve with the use of those wireless standards. It defines in details the
strengths and weakness of using each of those wireless standards in Telehealth care
system. This chapter also defines several types of attacks and threats that could be
encountered with the use of the wireless standards.
Chapter 5 consist the core part of this thesis. This section covers an analysis and a
comparison of different types of wireless standards are made on the basis of the basic
attributes like range, signal rate, type of cell used, encryption, authentication, and the data
6
protection. The main importance of this chapter is that it allows the reader to select the
correct wireless standard in Telehealth care system in order to get the data secured.
Finally, Chapter 6 will conclude the thesis with some future research work ideas.
7
2. TELE-HEALTH CARE SYSTEM AS MEDICAL DEVICE
Tele-health is defined as a support system that uses telecommunication technology for
facilitating the health care and services to the remotely located, physically confined
person and geo-graphically dispersed people by exchanging information between the
providers and the patient (Tele health Handbook3, 2013). Telehealth is also defined as
the use of telecommunications and IT for providing access to health assessment,
intervention, education, diagnosis, supervision, consultation, and information across
distance” (Morreale, P.A., 2007).
Tele-health systems are simple as well as complex. Simple Tele-health system uses a
computer and a telephone for providing health care, whereas complex Tele-health system
uses latest mobile devices and latest technology. Simple Tele-health system is also called
as informal Tele-health system (Garripoli, C, Mercuri, M. et al., 2015). Tele-health care
systems today use wireless sensor nodes connected to the mobile devices and servers.
Tele-health system is therefore used as a tool for managing long-term conditions for
proactively monitoring patient’s health. The approach of patient management would allow
data transfer in timely manner and an immediate feedback. In Tele-health, system should
promptly send a response to indicators of acute signals. By monitoring vital signs, Tele-
health care system reduces unnecessary hospital admissions (Mei-Ju Chen, et al., 2012).
The very basic Tele-health system consists of end instruments like sensor devices, which
take physical signals as input from patient and convert them to the electrical signals.
Then, those electrical signals are communicated to other end instruments or directly to
clinical persons or doctors through communication channel like wireless communications
(Garripoli, C, Mercuri, M. et al., 2015). Other end instruments here mean databases. In
the database, all the health records are stored and this information is communicated as
output to doctors. In response to the information received remotely from patients, doctors
3 http://www.eric.ed.gov/PDFS/ED165952.pdf
8
make the analysis and send them feedback accordingly. In this way, the basic Tele-health
care system works. Figure 2 shows basic Tele-health system elements.
Figure 2. Elements of a Basic Telehealth system (W. Leister et al., 2008).
End user Instruments
End user instruments are the transducers, which act as interface between the patient and
the communication channel. Input transducers and sensors receive signals from patient
and convert those signals into electrical form. The electrical form of signal is then
transmitted to other end through a communication channel. Then the output transducer
will convert the received signal into representable form in the other end and the data is
saved in a database (W. Leister et al., 2008).
Communication Channel
Communication channel acts as an intermediate link between sensor nodes and the
network. In Wireless Sensor Network, communication channel can be either short range
communication link or long range communication link. Nowadays, Bluetooth is the most
commonly used in short-range communication. The public networks, which are based on
various technologies like GPRS (General Packet Radio Service), GSM (Global System
for Mobile communication), WiMAX (Worldwide Interoperability for Microwave Access),
9
UMTS (Universal Mobile Telecommunications System) and others, are used for long
range communication (W. Leister et al., 2008).
System Design / Devices
A typical Tele-health care system consists of a Wireless Body Area Network, Wireless
Sensor Network, Mobile devices, and Application Server as shown in Figure 3.
Wireless Body Area Network (WBAN) is emerging as one of the most suitable
technologies in the field of healthcare technology supporting a wide range of medical and
non-medical applications (Ramli, S.N, et al., 2013). It consists of sensor nodes capable
of sensing and processing more physiological signals, storing and transmitting the data
to other nodes, and the whole network.
Wireless Sensor Network (WSN) is a technology similar to WBAN but the sensors are not
in the patient’s body. Sensor nodes cost less, need less power, and other multifunctional
aspects allow them to be deployed in a wide range of areas (Morreale, P.A et al., 2007).
Central Nodes are the mobile devices, which are connected to the sensor node devices
with short-range communication technologies, which would be Bluetooth or ZigBee. It
gathers all the information from sensors and transmits them to the application server
using long-range communication like Wi-Fi.
Application Server analyzes all the information gathered from the central nodes. It
presents the information to the health personnel located at a different place in a User
Interface.
10
Figure 3. Tele-health care system (C. Zhou et al. 2013, R. Woo et al. 2015).
11
3. WIRELESS SENSOR NETWORK
Nowadays, WSN is applicable to military applications, home applications, medical
applications, building monitoring, machine conditions monitoring, distributed temperature
monitoring, transportation, industrial monitoring, environmental monitoring, energy
monitoring, and many other use cases as well (M.Sharifi et al., 2009; Chee-Yee Chong &
Srikanta P.Kumar, 2003). Wireless Sensor Network is made up of a number of sensors
or motes, small in size, have limited memory size with sensing capabilities, and are cost
effective (P.Radivojac et al., 2003, S.Krco et al., 2005 A.Ali et al., 2006; W.Leister et al.,
2008, Rehena, Zeenat et al., 2011). Wireless Sensor Network also performs data
processing tasks and can communicate wirelessly to other similar devices by single-hop
communication or multi-hop communication.
Wireless Sensor Networks are deployed as ad-hoc network whereas sensor nodes are
placed in geographically suitable area and they do not require any human supervision.
Spatially distributed sensor nodes receive signals from environment and respond to
signals either periodically or continuously based on the requirements. Sensor devices
measure the physical quantity like heat, temperature, light, radiation, pressure, etc. After
receiving the signal, sensor devices then convert them into signal, which is
understandable to readers and by instruments. (A. Ali et al., 2006)
Basically, a Wireless Sensor Network has a sensor node, target node, and BS (Base
Station) or sink node. Target node generates signals called as stimuli. Sensor node
detects signals that are generated by target node and forward the data to BS or sink node.
Then BS performs appropriate action. Finally, it allows user to sense and monitor data
from distance using desktop computer, mobile devices, and others and does it very
effectively. Many researchers have suggested that it is very important to know about the
sensing task at the time of WSN deployment devices (Rehena, Zeenat et al., 2011; S.Krco
et al., 2005; A.Ali et al., 2006; P.Radivojac et al., 2003; W.Leister et al., 2008).
Figure 4 shows an overview of a typical Wireless Sensor Network environment.
12
Figure 4. An overview of a typical Wireless Sensor
Network Environment (A. Abahsain et al. 2013).
The wireless sensor network is composed of sensors, base stations and communication links,
which are defined in detail in section 3.1. It is followed with the different types of network
topologies in section 3.2.
13
3.1. STRUCTURE OF WIRELESS SENSOR NETWORK
The structure of WSN is shown in Figure 5. According to Liu in (WenjinXu&Jianfeng Liu,
2008) every task performed by WSN included retrieval of information from the
environment. When there are many sensor nodes used in WSN, it increases the extended
range of sensing, robustness, and fault tolerance as well as improves the accuracy and
lowers the cost for data availability.
Figure 5. Wireless Sensor Network Architecture (Z. Dai et al. 2012).
14
Sensor Node
As Figure 5 illustrates, the collection of sensor nodes makes each sensor network.
Sensors in sensor network collects or sense the information from certain area or from
certain object of interest as the sensors are interconnected with each other and distributed
in an appropriate environment (I.F. Akyildiz et al., 2002). Sensor network consists of many
attributes such as sensor size, sensor type, number of sensors, composition, coverage
area, deployment, sensing entities of interest like mobility and nature, operating
environment, communication behavior, architecture and energy availability.
There are three types of sensor networks: Centralised, distributed, and hybrid. When all
data is sent to central site, it is called as centralised sensor network and when data can
be located at sensor itself or in other sites, it is called as distributed sensor network. Some
examples of sensor nodes are Tactical Remote Sensor System (TRSS) Node (Sang Hyuk
Lee, et al., 2009), ember (Chih-Chun Chang et al., 2008), and others. There are four
primary components in sensor nodes, which are processing unit, sensing unit, transceiver
unit, followed by a power unit (see Figure 6). Sensor nodes also consist of application
dependent component like mobilizing system or localization system. Power unit is
supported by batteries, such as AA batteries or solar power depending on the generations
of sensor nodes used. (Chih-Chun Chang et al., 2008)
Sensing Unit consists of ADC (Analog to Digital Converter) and sensor. Sensor is a device
that measures physical parameters. Properties of sensors define the characteristics of
the sensors. Properties of sensors may include manufacturer size, weight, sensory type,
calibration date, and others (S.Krco et al., 2005). In today’s market, there is a wide variety
of sensor types such as seismic, thermal, visual, acoustic, infrared, and magnetic. A
sensor can be an active sensor if it uses active manipulation of environment to sense
data, for example, radar. Similarly, if sensing is carried out without active manipulation of
environment, then it is regarded as passive sensor. Initially, the sensed information is in
analog form, thus to make it digitised, ADC (Analog to Digital Converter) is used. An
output from ADC is provided as an input to the processing unit (I.F. Akyildiz et al., 2002).
15
Figure 6. Sensor Node Architecture (Liu W. et al. 2012).
Processing unit consist of storage unit and processor. Activities like data processing and
classification occur within the processing unit. By collaborating one sensor node to other
sensor node, processing unit manages the procedures in order to finish the assigned
sensing task.
Finally, the transceiver is capable of transmitting and receiving the data to other devices
by connecting a wireless sensor node into a network. Communication between the
devices in wireless sensor network occur using RF transceivers and other wireless
technologies such as Bluetooth and ZigBee.
Sensing of information and routing of data depends on exact location of sensor nodes.
Localisation unit manages the routing table while transmitting the information from one
node to the other. Information related to location with high accuracy is very important in
16
wireless sensor network during sensing of information form environment or from user
movement. Localisation system is needed based on the application and end user
monitoring requirement. But mobilisation unit is required only when there is requirement
for sensor nodes to move from one place to another unit (I.F. Akyildiz et al., 2002).
Base Station
Base station (BS) is regarded as a central node in wireless sensor network. Information
received by the sensor node is sent to the BS. Properties of the BS are similar to personal
computers (PCs), thus it is regarded as a powerful device. BS can collect, store, and
control the information received from the sensor nodes and route it back to required
destination. In comparison to sensor nodes, BS has unlimited power supply. Nowadays
we also have mobile base stations with more advanced computational capabilities. End
user using mobile or computer system can be easily connected to BS, from BS end user
can retrieve the data provided by sensor nodes to BS. BS also acts as interface between
sensor network and Internet in case of front-end proxy solution where sensor node cannot
be directly connected to Internet as every information need to be parsed through BS.
Depending on the scenarios, sensor nodes are independent of Internet and it facilitates
sensor node from implementing own protocols and algorithms as well. In gateway
application, BS sometimes acts as application layer. It is important to maintain the
independence from sensor network point of view as the exchange of information between
sensor node and Internet occurs directly. In order to maintain the independence of sensor
network, it requires translation table. These are mapped to the sensor node address to
Internet Protocol (IP) address. BS can also act as a router in the sense that it forwards
packets to and from the sensor node in TCP/IP (Transmission Control Protocol / Internet
Protocol). Sensor node itself is able to behave as a web servicer as it can reports its
interface with the help of WSDL (Web Service Description Language) and connecting to
other host using HyperText Transfer Protocol (HTTP) (Sang Hyuk Lee, et al., 2009).
BS needs to be placed in correct location. The positioning of BS influences various
important factors like improvement in network performance, throughput, and increase the
17
lifetime of network, balance energy expenditure, flow of data in WSN, and data rate (Sang
Hyuk Lee, et al., 2009). Base station behaves like a sink node for the data that gets
collected. According to most of the research performed, careful positioning of BS is
important, because routing of data from source sensor to BS leads to numerous relay
nodes, which further increase aggregate delay, more power consumption, and also risk
chances of packet loss due to error in the links (I.F. Akyildiz et al., 2002, K. Akkaya et al.,
2007). BS are positioned either statically or dynamically. In static positioning, each sensor
node is transmitting some data at a fixed rate without any compression or suppression.
Based on exact node location, static BS positioning is defined. Sensor node locations are
structured through Global Positioning System (GPS). Power saving can be achieved if
the distances between the nodes are minimised. Compared to single static BS
positioning, multiple static BS positioning is more challenging, as sensor node has to
select among multiple destination to send data. Challenges occur in multiple static BS
positioning due to type of network architecture. There are different approaches defined
for multiple static BS positioning. Dynamic positioning of BS improves the network
performance when network is operational by reducing effect of packet drop caused by
links and node failure. Moving the BS toward highly loaded BS improves network
performance by maintaining energy consumption, throughput, and delay (Sang Hyuk Lee,
et al., 2009).
Communication Link
Wireless Sensor Network uses of two types of communication links: One is short-range
communication link and the other is long range communication link. Most commonly,
public networks that are based on various technologies like GSM, UMTS, GPRS, WiMAX
are used for long-range communications. Nowadays, Bluetooth is mostly used in case of
short-range communication (W. Leister et al., 2008).
The main function of a communication link is to act as a link between sensor nodes and
a network. Short-range communication links in the Tele-health care systems are basically
18
used to transmit the data among the end user devices to the sensor nodes and the long
range communication links are used to send or receive the data from the nodes to the file
or database server where the user’s data will be saved. The saved data should be sent
to the health care personnel for the analysis and this can be achieved via the long-range
communication links as well.
3.2. NETWORK TOPOLOGIES
Network topology is very important to be considered while deploying WSN. Network
topology helps in determining the connectivity between nodes, which is necessary while
routing data from one node to other nodes and BS during deployment phase (I.F. Akyildiz
et al., 2002). There are different types of network topologies in WSNs. They are Star
Topology, Mesh Topology, and Star-Mesh Hybrid Topology. Based on the transmission
data frequency, distance of transmission, battery life, requirements for mobility, and level
of changes in sensor nodes are all needed when choosing the appropriate WSN topology.
Star Topology
A star network topology is made up in such a way that a single BS is able to transmit or
retrieve messages from or to a number of remote nodes is characteristics of a star
network topology. In star topology there are many remote nodes, which are identical to
each other and are connected to single BS for sending and receiving the data (Xiaodong
Wang et al., 2007). It’s a single-hop topology where the available wireless sensor nodes
can connect directly and are in between thirty to hundred meters to a BS. BS in star
topology can be PC, PDA (Personal Device Assistant), dedicated devices for monitoring,
or it can be other gateways to higher data rate device. Gateway communicates between
the nodes, as nodes in star topology cannot send data to each other directly. BS also
19
transfers data to higher level such as Internet. As there is a single BS, there is always a
requirement for better routing, message handling and proper decision-making capabilities
than other nodes. Star topology helps to reduce power consumption of the remote nodes.
However, it is limited to transmission distance of a radio, which is typically 30-100 meters
in each node. Whenever the communication link is lost then it affects on a single node.
However, BS should also be in the communication range or otherwise the links in the
network will be lost.
Some of the disadvantages of star topology are that it lacks robustness and scalability
due to single hop and routing techniques. If there occurs any failure, then there is no
alternative communication path in star topology as shown in Figure 7.
Figure 7. Star Topology (Xiaodong Wang et al., 2007).
20
Mesh Topology
Mesh topology is available in Figure 8. Its a multi-hop system and decentralised in nature
where all wireless sensor nodes are alik’e to each other. Nodes in mesh topology can
directly communicate to each other, skipping a communication to the BS. It has distributed
network where it allows transmission to nodes that are nearest neighbours (Xiaodong
Wang et al., 2007).
It is very helpful for large-scale network of WSNs that can stay distributed over a large
geographic region due to its multi-hop nature. Mesh topology is scalable and reliable
because there is no single point of failure. It also provides many alternative
communication paths. Additionally, it reconfigures new connections automatically around
the failed sensor node.
Some disadvantages of mesh topology are as follows. With mesh topology, latency might
be increased as the number of nodes increase. Also, the distances between them might
increase the latency as sensor data from node to node is hopped when sending data to
BS. In mesh topology there is a significant high power consumption, which is caused due
to higher duty ratio of mesh network, as it has to always remain in the listening state for
message or for change in prescribes route through mesh.
21
Figure 8. Mesh Topology (Xiaodong Wang et al., 2007).
Star-Mesh Hybrid Topology
In hybrid topology (see Figure 9), wireless sensor nodes will be arranged as in star
topology around routers where routers put themselves in mesh network and serves to
increase the network range and to provide better fault tolerance (Xiaodong Wang et al.,
2007).
Some of the advantages of using hybrid topology are that it is reliable as there isn’t a
single point of failure, it also provides alternative communication paths and has lower
power consumption compared to mesh topology. Additionally, it provides robust and
versatile communication network due to which it offers very good mobility and flexibility
of sensor nodes. For example, ZigBee uses mesh topology.
22
Figure 9. Star-Mesh Hybrid Topology (Xiaodong Wang et al., 2007).
23
4. DATA SECURITY
The amount of data has been increasing every day in this technology-oriented world.
There is networking and technology everywhere in the world today and with our important
data all around, the concept of data security has a very significant meaning in today’s
world. Data security not only deals with the data stored in a device but it also includes the
securing of information during data communication.
Data in today’s world could include all the personal information, which people do not want
to share with anyone else but they exist in the system isolated from others. If the system
is not secure enough and those important personal information is exposed, it could be a
very big problem to the people as well as the designer of the system. Thus we have to
agree that the security of the data is very important when designing any systems, which
contain the information or from which the information is transmitted.
Malicious attacks might take place on the wireless networks and some threats are very
difficult to be avoided as well (Wen-Bin Hsieh, et al., 2013). The attacker might obtain the
important information very easily if the system is not properly secured.
Wireless networks in the industry are especially very vulnerable to the threats and attacks
these days. Some potential security threats are even difficult to be avoided. Tele-health
care systems will have a lot of information on the patient’s health. Losing this information
to someone might turn out to be very dangerous.
The requirements of the security are elaborated in the first section below Standards and
protocols like Bluetooth, ZigBee, Ultraband and WiFi are defined in the later section.
24
4.1. SECURITY REQUIREMENTS
People are very much concerned about the privacy of their data. Possible weakness in
security of a wireless system should be recognized so that the right measures can be
taken to improve the user level confidence.
Tele-health systems require data privacy, security, and physical security. A very small
carelessness in the Tele-health security could really have a big impact to everyone
involved (Huyu Qu, et al., 2009). These systems can have personal data of huge number
of patients, which could be quite critical to loose (Alfaiate,J , et al., 2012). It will be a big
loss to the health service providers and the patients themselves if their critical data is
compromised in any possible way. Thus it is very important to have an analysis on the
security risks before developing the system (Adekunle, A.A, et al., 2009). There should
be a very good trust relationship between the patients and the health care professionals.
Otherwise, the patients might not provide the accurate or crucial information, which could
directly affect the quality of service of the health service itself.
Problems like authorization, authentication, and accounting are important while
considering the data security. Different devices and standards for communications should
be studied properly. Any health care systems should have the security requirements for
the following: Data Integrity, Data Authentication, and Data Confidentiality.
Data Integrity
Data integrity requirement should ensure that the transmitted data from source to
destination is unaltered by any means. The data could be intercepted in transit and can
be modified (Adekunle, A.A, et al., 2009). Therefore, the data checks should be performed
so that the receiver could confirm that the data is not altered. Data integrity can be
achieved by checking the fingerprint of the data.
25
Data Authentication
Data authentication is the process that lets us know that the sender is truly the sender of
the data (Huyu Qu, et al., 2009; Alfaiate,J , et al., 2012). The sender should be
authenticated so that the attacker pretending to be the sender would not be able to fake
the communication. Data authentication is performed with Message Authentication Code
(MAC), a hash value that with its secret key being encrypted. Moreover, it used one-way
hash function and only the sender and receiver know the encrypted secret key.
MAC can take care of the integrity and authentications, but the data that’s protected is in
a clear text, which brings the new requirement of the data encryption (Adekunle, A.A, et
al., 2009).
Data Confidentiality
Data confidentiality is the process of hiding the information so that only the recipients
could know of what’s being transmitted by the sender. It can be achieved by using the
data encryption algorithms, which are defined below.
Symmetric key encryption is the encryption where the receiver share the common key
used for both encrypting and decrypting of data (Huyu Qu, et al., 2009; Alfaiate,J , et al.,
2012). Advanced Encryption Standard (AES) is the mostly used symmetric algorithm.
Public key encryption is the encryption that has the public key as well as the private keys.
The main idea is that the only holder of the correct public-private key pair can decrypt the
encrypted message.
26
4.2. STANDARDIZATION AND PROTOCOLS
Following are the mostly used Wireless Sensor Network standards and the ones that
will be studied in more details: Bluetooth, ZigBee, Ultra-Wideband (UWB), and Wi-Fi.
Bluetooth
Bluetooth is one of the most emerging technologies for connecting different fixed and
portable devices over short distances. The growing world of mobile phones is increasing
the importance of the Bluetooth technology. It is small in size, lightweight, and it provides
are very good performance.
Bluetooth includes software and hardware definition for short range, low power, and low
cost radio link (Hongyu Chu et al., 2010). It has both link layer and application layer
definition for the product developers, making it different from other wireless standards
(Alfaiate,J , et al., 2012; Bandyopadhyay, S, et al., 2003). IEEE 802.15.1 standard defines
wide range of electronic devices to have a uniform structure so that communicating
between the devices would be possible. It uses star network topology and follows master
slave concept where master device acts as single base station and communication
medium for other seven remote nodes. Frequency band, channel arrangements, and
transmission characteristics for a Bluetooth device are defined in the radio layer.
(Alfaiate,J , et al., 2012; Bandyopadhyay, S, et al., 2003).
Bluetooth operates at 2.4 GHz frequencies in the free ISM (Industrial, Scientific, and
Medical) (Hager, C.T, et al., 2003). It consists of total bandwidth of 83.5 MHz. The
bandwidth is divided to 79 channels where every channel has a bandwidth of 1 MHz.
Radio frequency (RF) connections with other Bluetooth devices are handled by the
Baseband layer. The layer is also able to distinguish between Synchronous Connection-
Oriented (SCO) and Asynchronous Connection-Less (ACL) packets. The Link Manager
(LM) layer of Bluetooth protocol stack handles link security, link setup, and configurations
(Hager, C.T, et al., 2003).
27
Common interface between host stack, lower level, and hardware-oriented layers are
provided by HCI (Host Command Interface). L2CAP (Logical Link Control and Adaption
Protocol) is considered as data link layer of the stack and it allows transportation of data
packets. Today, some of the health equipment uses Bluetooth and its output power is 100
mW, which is sufficient for indoor environments (N.Nakajima, 2009).
Transmission rate of basic Bluetooth (without any speed enhancements) is 1 Mbps, which
is greater than that of IEEE 802.15.4 whose transmission rate is 250 kbps (Alfaiate,J , et
al., 2012). There are some limitations of Bluetooth device as well. Blutooth devices
relatively use high power for short transmission range. Node synchronization to the
network takes longer when returning from sleep mode which inturn increases the average
power of the system. It also has less number of nodes per network that is, it allows only
seven nodes in a network.
Ten different versions of Bluetooth have been released so far: 1.0A, 1.0B, 1.1, 1.2, 2.0,
2.1+EDR (Enhanced Data Rate), 3.0+HS (High Speed), 4.0, 4.1, and 4.2. The main
security enhancement was released with version 2.1+EDR when SSP (Secure Simple
Pairing) was introduced. Version 3.0+HS provided support for the use of WLAN when
there is a need to transferring a large amount of data, thus giving transmission rates up
to 24 Mbps. When there is no need to use higher speeds and thus device can save
energy, transmission rate of 3 Mbps provided by the EDR will be used. Bluetooth versions
4.0-4.2 support LE (Low Energy) that further reduces the energy consumption and allows
batteries to last for several months. Bluetooth LE devices also support LE Privacy mode
that can be used to protect the identity of the device by using a pseudorandomly
generated Bluetooth device address value. The old SAFER+ (Secure And Fast
Encryption Routine +) algorithm was also updated to much safer AES (Advanced
Encryption Standard) for Bluetooth versions 4.0-4.2.
28
Bluetooth Security
When Bluetooth was introduced for the first time, it had a lot of security issues. Version
2.1+EDR, which was the sixth release, introduced more security features than other
versions (Alfaiate J., et al., 2012). Bluetooth security is totally based on the authentication
and encryption.
Four modes of security modes are available in Bluetooth. Security Mode 1 uses the
unsecure links and does not need any authentication or any encryption. Security mode 2
has a security manager, which is able to control the access to different devices and
services. It is only initiated after the link has been established (Hager, C.T, et al., 2003).
This level of security uses authentication and encryption for communication of individual
services only. Security mode 3 fully supports authentication as well as encryption and is
enforced to authenticate and encrypt before the link establishment. The device is initiated
with the security process before the establishment of the physical link so all the traffic is
encrypted. It is considered to be the strongest mode from NIST (The National Institute of
Standards and Technology) because of the execution of authentication and encryption
feature before the link establishment.
Security Mode 4 is a service level mode introduced in version 2.1+EDR. It is initiated after
the link establishment. This mode has the SSP method for creating service level security.
Bluetooth also has some confidentiality service for tackling eavesdropping attempts on
the payloads of exchanged packets. It has 3 encryption modes. Encryption Mode 1 does
not have any encryption on the traffic. Encryption Mode 2 has encryption on the basis of
individual link keys (Bouhenguel, R, et al., 2008; Karen Scarfone, et al., 2008). It actually
broadcasts the traffic. In Encryption Mode 3, all the traffic is encrypted based on the
master key. Common encryption mechanism is deployed in both Encryption Modes 2
and 3.
29
Bluetooth provides four different options for its discoverability and connectability. The four
options are Silent, Private, Public and LE (Low Energy) Privacy (Haataja K. et. al, 2013):
Silent: This option makes the Bluetooth device not to accept any Bluetooth
connections ever. It will only monitor the Bluetooth traffic.
Private: The Bluetooth devices with private mode accepts connection only when
the prospective master knows BD_ADDR (Bluetooth Device Address). The device
cant be discovered at all with this option and it is also called non-discoverable
device. Normally, a 48-bit BD_ADDR are unique which refers globally to only one
indivitual Bluetooth device.
Public: Bluetooth device with public mode option are called discoverable devices
as it is both discoverable and is able to be connected.
LE Privacy: These devices with LE Privacy mode is able to protect the ID (identity)
of the device with the use of a pseudo-randomly generated BR_ADDR value. The
BD_ADDR will be changed to a new pseudoramdom value after some
predetermined time. The communication of such devices therefore looks like there
are several different devices communicating which provides better protection
agains device survelliance / tracking based attacks.
It would also be good to define the two levels of service security. Service security could
be trusted or untrusted depending on its relationship with another and the level of access.
A fixed relationship is maintained between a trusted device and the other device and has
full access to the services (Suri, P.R, et al., 2008; Tan, M, et al., 2011; Sandhya, S, et al.,
2012). No relationships are established with another device in an untrusted service and
there is no restricted access to the services.
John Paul Dunning has made a very interesting classification of the Bluetooth attacks and
prioritized them according to the threat of the attack (see Table 1). He classifies the
attacks to be Man-in-the-Middle attack, unauthorized direct data access (UDDA),
30
malware, denial-of-service, Sniffing, Fuzzer, Obfuscation, Range Extension, and
Surveillance (Suri, P.R, et al., 2008; Tan , M, et al., 2011; Sandhya, S, et al., 2012).
Table 1. Bluetooth Attacks (Suri, P.R, et al., 2008;
Tan , M, et al., 2011; Sandhya, S, et al., 2012).
Classification: Attacks: Purpose: Man-in-the Middle
BlueSpoof, bthidproxy, BT-SSP-Printer-MITM
Placing a device in between two connected devices.
UDDA
Blueover, BlueSnarf, Bluesnarf++, Bluebug, BTCrack, HeloMoto, btpincrack, Car Whisperer.
Gather the unauthorized information.
Malware Caribe, CommWarrior, Bluebag
To attack using self-replicating software form.
DOS
Battery Exhaustion, BlueSYN, signal jamming, Blueper, vCardBlaster, Bluejacking,
To deny resources by saturating communication channel.
Sniffing Merlin, BlueSniff, Wireshark
To Capture traffic transferred.
Fuzzer
BluePass, Bluetooth Stack Smasher, BlueSmack, BlueStab
Submitting a non-standard input for getting different results.
Obfuscation Bdaddr, Spooftooph, hciconfig
To hide the identity of an attacker.
Range Extension
BlueSnipping, Bluetoone
To extend device range for attacking from far distance.
Surveillance
Blueprinting, bt_autdit, Bluefish, Bluescanner, BTScanner
To gather information about the device and the location.
Man-in-the-Middle attack is the most threatening classification where a user is
unknowingly connected to a third device instead of connecting to the desired device,
giving the access to the user’s data.
31
Common Bluetooth attacks
The following list shortly explains the most common Bluetooth attacks (Haataja K. et. al,
2013):
Bluebug: In bluebug attacks, an attacker is be able to get the contacts, call logs,
and send/receive messages or even connect to the Internet. It used the device
command without any notification to the user.
BlueSnarf: Bluesnarfing is the process, which allows an attacker to have an access
to the device for getting the information like address, calendar information, or even
the IMEI (International Mobile Equipment Identity) code of the device, which could
be used to route the user’s incoming calls to somewhere else (Suri, P.R, et al.,
2008; Tan, M, et al., 2011; Sandhya, S, et al., 2012).
BlueSnarf++: It is an enhancement of the BlueSnarf, which exposes the devices
with full read/write access to the file system.
Bluejacking: BlueJacking is the process of sending of text messages or
anonymous business cards (vCards) to the devices (Bouhenguel, R, et al., 2008;
Karen Scarfone, et al., 2008). However, it is not very serious attack as the hacker
cannot get any information from the device.
Denial-of-Service: The attacker requests the pairing with a Bluetooth device
repeatedly but no information is sent to the attacker and the attack can be stopped
easily. However, repeated pairing requests could cause the device’s battery to
drain and temporarily paralyze the device.
HeloMoto: It is the combination of BlueSnarf and Bluebug.
Car Whispering: It is the type of attack, which would allow an attacker to transmit
and receive audio signals to and from a car audio system with Bluetooth. An
attacker will be able to listen the conversation going inside the car and will also be
able to announce something using the car audio.
Fuzzing attacks: Fuzzing attacks transmit the malformed information to the
Bluetooth radio and observe the functionality of the device. It should be understood
that the device has a serious vulnerability in the protocol stack if the device is
32
slowed or stopped by fuzzing attacks (Bouhenguel, R, et al., 2008; Karen
Scarfone, et al., 2008).
BlueBump: Bluebump can start a trusted connection with the Bluetooth device by
sending a business card to make the authentication. The attacker asks the hacked
device to delete the link key but does not close the connection. The victim is not
aware of the connection and the hacker gets into the device without any
authentication by requesting the regeneration of a link key.
BlueSmack: It is a DoS attack where a large amount of echo requests are sent to
the Bluetooth device. When the receiving device continuously receives such
repeated requests, the input buffer overflows leading to the segmentation fault and
finally causing the device to hang or crash.
BlueDump: Attacker spoofs one of the device’s address and connects to other
devices. In some cases, it causes a stored link key to be dumped, providing the
possibility for another pairing with the hacker’s device.
Bluechop: Bluechop disrupts an established Bluetooth network (piconet) with a
device that is not in the network. Since the master device supports multiple
connections, an extended network can be created with it. The hacker spoofs the
address of some device of the piconet and makes a link to the master device hence
disrupting the piconet.
Blueover: Blueover is intended to serve as an audit tool allowing people to check
the vulnerability. It was developed first as a proof-of-concept tool, which can initiate
an attack using the mobile phones with J2ME (Java 2 Platform, Micro Edition)
platform.
ZigBee
ZigBee is another wireless technology used for communication between the devices over
short distances. It is based on IEEE 802.15.4. The best thing about ZigBee is in its design
for the low power consumption, which makes its batteries last longer, up to months or
even years (Hongwei Li, et al., 2010). It allows the devices to communicate in a variety of
network topologies, especially star and hybrid topologies. It supports communication of
33
data via unfriendly RF environments, which are quite general in commercial applications.
However, it is much slower than Wi-Fi and Bluetooth.
ZigBee is based on 128-bit AES algorithm providing simple and strong end-to-end
security. Zigbee provides security to different layers including MAC layer, network layer,
and application layer as well. Its security services include key establishment methods,
frame protection and device management services. One of the key drawbacks of security
in ZigBee is the high cost of resources (Hongwei Li, et al., 2010).
It provides the possibility to carry out secure communications, protection in establishment
and transmission of cryptographic keys, controlling devices and cyphering frames
(Hongwei Li, et al., 2010; Maoheng Sun, et al., 2011; Li Chunging et al., 2009). It focuses
on the key establishment and distribution, which was not defined in its de-facto standard
IEEE 802.15.4.
The specification of ZigBee security has two models. The first one is Standard Security
Mode and the second one is High Security Mode. The first security mode is used in the
residential applications with low security where as the high security mode is used for
commercial applications with higher security.
ZigBee Security
ZigBee security includes encryption, integrity checking, and authentication on its three
layers, which are physical (MAC) layer, network (NWK) layer, and application (APS) layer.
These three layers have the responsible of secure transmission of the data. AES-128
encryption is used for the data confidentiality and it uses some security mechanisms from
AES algorithm for integrity checking and authentication (Dechuan Chen, et al., 2006; Dini,
Gianluca, et al., 2010; Bin Yang, et al., 2009; Meng Qiangian, et al., 2009). These
mechanisms can provide services for securing data transmission, device authentication,
device management, key establishment, key transport, etc.
MAC layer’s AES encryption algorithm can keep secrecy, integrity, and authenticity. It is
34
possible to determine if the MAC frame is encrypted or not by checking the bit on the
header of MAC (Sarijari, M.A.B, et al., 2008; Hui Gao, et al., 2009). The MAC layer is
responsible for calculating the header data and payload. It then gets a message integrity
code to guarantee the data integrity. The frame number is present on the header of every
MAC frame, which is used for detecting the missing frames and retransmitting them when
needed.
NWK layer is responsible for transmitting messages via multi-hop links. It broadcasts the
route requests and processes the received route replies. The NWK layer uses the link
key for securing the outgoing NWK frames if link key is available but if not, it uses its
active network key for securing the outgoing NWK frames.
ZigBee uses three kind of keys: master keys, network keys, and link keys. Master keys
are used as an initial shared secret for Key Establishment Procedure and generating the
link keys (Sarijari, M.A.B, et al., 2008; Hui Gao, et al., 2009). Link keys are used to encrypt
information between the devices and they are managed in the application level (Dechuan
Chen, et al., 2006; Dini, Gianluca, et al., 2010; Bin Yang, et al., 2009; Meng Qiangian, et
al., 2009). Network keys are the unique shared 128 bit keys, which are shared to all the
devices in the network.
35
Figure 10. ZigBee (Sarijari, M.A.B, et al., 2008).
36
UWB
Ultra-Wideband (UWB) is known for its nice geolocation features, robustness to
interference, small-scale fading and its low complexity receivers (Jinyun Zhang, et al.,
2009). It is able to provide accurate and very reliable measurement ranges, because of
the fine delay resolution and robustness.
It is intended to be used for the high band multimedia links. It can be very useful for the
indoor short-range requiring high-speed wireless communication (Pande, D.C, et al.,
1999). It provides the bandwidth up to 480 Mbps and can transmit a few Mbps of data at
10 meters distance. It is considered suitable for multimedia applications like streaming
audio and videos. UWB can also be used as an unwired replacement of USB 2.0/3.0 and
IEEE 1394 standard (Jin-SHyan Lee, et al., 2007). It uses a large spreading factor, which
helps in achieving better robustness against the interference and fading. It achieves very
low energy consumption and a very simple transmission is made possible because of the
short frequencies in impulse radio transmission and a good architectural design. It
provides very good advantages for geolocation along with even 10-20 centimeter
accuracy due to its bandwidth being proportional to the bandwidth of the precision of
ranging measurements forming the basis of good geolocation features (Jinyun Zhang, et
al., 2009).
UWB systems are very good option for the tracking applications because of their good
time domain resolution and high-resolution localization capacities. One of the very good
advantages of UWB is the low loss penetration. That allows the system to penetrate
through the obstacles and operate under line-of-sight as well as non-line-of-sight
situations. The power consumption of UWB devices is about 10 mW making it a very low
power consuming system. UWB devices use a single chip architecture making it a great
choice for mobile devices.
One of the issues with the UWB is that it does not provide high resistance to shadowing
in the microwave range. However, collaborative communications and appropriate routing
could help mitigate the issue. It’s not interfering with other systems in the used
37
environments. IEEE developed 802.15.4a standard for UWB based sensor networks that
are able to provide high flexibility. Modulation, coding, and a multiple access scheme are
being used, allowing either coherent or non-coherent receivers to receive the data.
Environments with different delay spreads can be adapted by UWB (P. Marco, et al.,
2011).
It can be greatly used in the hospital locating, tracking, and communication systems. UWB
will be able to provide the communication as per the requirements, required location
accuracy, and lower cost solution, which will be very helpful in the healthcare industries.
UWB Security
UWB systems are operating below the electro-magnetic noise floor level. This makes the
intruders to detect and intercept the transmitting data very difficult. UWB systems are
robust against jamming sources as well (Jinyun Zhang, et al., 2009).
Wi-Fi
Wi-Fi is standardized as 802.11 a/b/g/n/ac by IEEE and it is meant for local area
networking where a relative high bandwidth is required. The data transfer rate could go
up to 6.9 Gbps and has the transmission range of about 300 meters with a normal
standard antenna and the range could also be increased with a directional high gain
antenna (Huyu Qu, et al., 2009).
It is used very widely these days since its introduction in 1985 as it is the cheapest way
to deploy a wireless local area network (Haishen Peng, 2012). It skips the part of heavy
cabling, which has always been a problem. Wi-Fi is the most popular wireless network
providing the best quality of service along with the security and performance (Joon
Hyoung Shim, et al., 2003).
38
Wi-Fi Security
As Wi-Fi is the most popular and used wireless networking protocol, securing the data
over it becomes equally important. Wi-Fi uses Wired Equivalent Privacy (WEP), Wi-Fi
Protected Access (WPA), or Wi-Fi Protected Access 2 (WPA2).
WEP is using Rivest Cipher (RC4) algorithm for providing the data confidentiality and
CRC-32 is used for the shake of data integrity, but it uses a very simple encryption logic.
WEP encryption is possible to crack within minutes so it is not a safe encryption at all
today. It is considered insecure and thus it is not to be used at all (Joon Hyoung Shim, et
al., 2003).
WPA was then introduced by the Wi-Fi Alliance. Security enhancements were introduced
in WPA for authenticating, access control, message integrity, replay prevention, message
privacy, and key distributions. WPA provides the user authentication and it also controls
the access with EAP (Extensible Authentication Protocol) and IEEE 802.1x standard is
used to provide port-based access control. WPA uses TKIP (Temporal Key Integrity
Protocol), which was developed to address the issues seen in WEP.
TKIP makes use of per-packet key, which is able to dynamically generate a new 128 bit
key. TKIP is able to defend from replay and weak key attacks (Joon Hyoung Shim, et al.,
2003).
WPA supports two operating modes. They are WPA Personal and WPA Enterprise
modes. WPA Personal is also called Pre-Shared Key (PSK) as a shared secret key is
used for authentication and the user credentials where as WPA Enterprise modes makes
use of RADIUS (Remote Authentication Dial-In User Service) protocol for authentication
and key distribution (Xiao Luo, 2008).
WEP encryption used an insecure CRC, which was then replaced in WPA with strong
message integrity. However, the use of WPA is also limited nowadays, because of the
dependency on stream cipher and weak integrity in terms of cryptography.
39
WPA2 used AES encryption algorithm with CCMP (Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol) in counter mode (Joon Hyoung Shim,
et al., 2003). This was the mandatory element defined by IEEE 802.11i standard and it
resolved the TKIP security issue found in WPA1. WPA2 is the only security protocol of
Wi-Fi without any known or exploited security flaws. (T. Hayajneh, et al., 2015)
40
5. DATA ANALYSIS AND COMPARISON
Table 2 provides an overview of data analysis and comparison between Bluetooth, UWB,
ZigBee, and Wi-Fi.
Table 2. Data Analysis and Comparison.
Protocol: Bluetooth: UWB: ZigBee: Wi-Fi:
IEEE Standard 802.15.1 802.15.3a 802.15.4 802.11a/b/g/n/ac
Range 10-100 m 10 m 10-100 m 100-300 m
Max signal rate 1-24 Mbps 480 Mbps 250 Kbps 6.9 Gbps
Basic Cell Piconet Piconet Star BSS
Extention of basic cell Scatternet Peer-to-Peer Cluster tree, Mesh ESS
Encryption SAFER+
or AES
AES AES RC4 or AES
Authentication Shared
secret
CBC-MAC (CCM) CBC-MAC (ext. of
CCM)
WPA2 (802.11i)
Data protection 16-bit CRC 32-bit CRC 16-bit CRC 32-bit CRC
Bluetooth, UWB, and ZigBee are usually meant for the lower range transmission whereas
Wi-Fi supports up to 300 meters range of transmission (Bouhenguel, R, et al., 2008;
Karen Scarfone, et al., 2008). Similarly, Bluetooth and ZigBee supports the lower data
rate while UWB and Wi-Fi supports much higher data transmission rate.
All the protocols use encryption and authentication mechanisms. Talking about the
encryption, Bluetooth used SAFER+ or AES whereas both UWB and ZigBee use AES.
However, Wi-Fi uses RC4 or AES for encryption. People generally use WPA2 security
these days because WEP can be cracked very easily (Jin-SHyan Lee, et al., 2007).
41
Bluetooth devices use a pre-shared key and a strong encryption mechanism. The
strength depends on the length of the randomness of passkeys for pairing. However, the
security also depends on the discoverability and the connectivity settings on the devices.
It provided four different modes of security and it also offers optional user authentication,
which adds the additional security.
ZigBee uses 128 bit AES algorithm for the encryption. It uses master keys, link keys, and
network keys for encrypting and includes methods for key establishment, transport,
device management, and frame protection (Dechuan Chen, et al., 2006; Dini, Gianluca,
et al., 2010; Bin Yang, et al., 2009; Meng Qiangian, et al., 2009).
UWB is considered very strong in the physical layer security. Many applications are
already using the UWB channels for device secret keys.
Wi-Fi is by far, the mostly used wireless protocol and has the best security features as
well. Since WEP can be cracked very easily, people use mostly WPA or WPA2 to secure
their networks.
42
6. CONCLUSION AND FUTURE WORK
Security is an important aspect when it comes to the Tele-health care systems. A
compromised system can easily risk the data of the patients and expose the personal
information to unwanted hands. Lots of security protocols have been developed to secure
the data but many of them seem to have the loopholes and cannot be considered very
secure. Therefore, we need to take some countermeasures ourselves to keep the data
more secured.
Tele-health care systems use the short-range communication as well as long-range
communication for the data transmission. Wi-Fi is the most secured means of
communication if properly implemented using the proper encryption. But in case of short-
range communication protocols, such as Bluetooth, UWB, and ZigBee, there are more
precautions to take before taking the device in use. For example, by setting a Bluetooth
device into undiscoverable mode and allowing the pairing to happen only with the known
legitimate devices when needed could easily minimize the security risk. Similarly, in case
of Wi-Fi, we can keep the Wi-Fi network SSID (Service Set Identifier) hidden so that it at
least slows down the attacker.
The future of Tele-health care systems is very promising as the use of these kinds of
systems are increasing everyday and helping the patients to fight with their conditions in
a very efficient way. With this, the future study of the security requirements in tele-health
becomes very important as well. The development of tele-health care systems is using
relatively new technologies so there is always a chance for new attacks. There is a clear
need to work on the security aspects further to avoid the critical security vulnerabilities.
Bluetooth and WiFi security has improved quite a lot in the last few years, as they are the
most widely used technologies. ZigBee and UWB security needs a lot of research and
work to be done as they are lagging behind in the security aspects. One of the important
future work that can be done is to utilize the security of Bluetooth devices to implement it
in ZigBee and UWB. As they are very similar technologies, it would be nice to have one
43
concrete and very strong security mechanism to all these devices. In this way, we do not
have to focus on many different kinds of security mechanisms.
Here are some future works that can be done on the security of Tele-health care systems:
Further Research on vulnerabilities, security threats, and how it can be handled.
Analysis and assessments of the security threats on the Telehealth applications.
Focus on developing a common security mechanism so that all the WBAN devices
can be integrated to build a complex system.
44
REFERENCES
Abahsain A., Al-Fagih A. E., Oteafy S.M.A. and Hassanein H.S, "Selective context fusion
utilizing an integrated RFID-WSN architecture", IEEE 10th Consumer Communications
and Networking Conference (CCNC), pp. 317-322, Las Vegas, NV, 2013.
Adekunle A.A. and Woodhead S.R., "On Efficient Data Integrity and Data Origin
Authentication for Wireless Sensor Networks Utilising Block Cipher Design Techniques,"
Third International Conference on in Next Generation Mobile Applications, Services and
Technologies (NGMAST '09), pp. 419-424, Sept. 15-18, 2009.
Akkaya K., Younis M. and Youssef W., "Positioning of Base Stations in Wireless Sensor
Networks," in IEEE Communications Magazine, vol. 45, no. 4, pp. 96-102, April 2007.
Akyildiz I.F., Weilian Su, Sankarasubramaniam Y. and E. Cayirci, "A survey on sensor
networks," Communications Magazine, IEEE , vol.40, no.8, pp. 102- 114, Aug 2002.
Alfaiate J. and Fonseca J., "Bluetooth Security Analysis for Mobile Phones," 7th Iberian
Conference on Information Systems and Technologies (CISTI), 2012, pp. 1-6, June 20-
23, 2012.
Ali A., Latiff L.A., Rahid R.A., and Fisal N., "Real Time Communication with Power
Adaptation (RTPA) in Wireless Sensor Network (WSN)," International Conference on
Computing & Informatics (ICOCI '06), pp. 1-7, June 6-8, 2006.
Bandyopadhyay S., Majumdar A., Ghosh O., Chatterjee S. and Chattopadhyay S., "A
proposal for improvement in service-level security architecture of Bluetooth," TENCON
2003. Conference on Convergent Technologies for the Asia-Pacific Region, vol.3, no.,
pp. 1058- 1061 Vol.3, 15-17 Oct. 2003.
Bouhenguel R., Mahgoub I. and Ilyas M., "Bluetooth Security in Wearable Computing
Applications," High Capacity Optical Networks and Enabling Technologies, 2008.
Chang C., Muftic S. and Nagel D.J., "Security in Operational Wireless Sensor Networks,"
Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE ,
vol., no., pp.781-785, 10-12 Jan. 2008.
45
Chen D. and Wang M., "A home security Zigbee network for remote monitoring
application," International Conference on Wireless, Mobile and Multimedia Networks,
2006 IET, vol., no., pp.1-4, 6-9 Nov. 2006.
Chen M., Chiang S., Lee J. and Yu E.W.R., "The Citizen Telehealth Care Service model
in Taipei: A case study," 14th International Conference on e-Health Networking,
Applications and Services (Healthcom), 2012 IEEE, vol., no., pp.399,402, 10-13 Oct.
2012.
Chong C. and Kumar S.P., "Sensor networks: evolution, opportunities, and challenges,"
Proceedings of the IEEE, vol.91, no.8, pp. 1247- 1256, Aug. 2003.
Chunqing L. and Jiancheng Z., "Research of ZigBee's Data Security and Protection,"
International Forum on Computer Science-Technology and Applications, 2009. IFCSTA
'09. , vol.1, no., pp.298-302, 25-27 Dec. 2009.
Creswell J. W., Research Design: Qualitative, Quantitative, and Mixed methods
approaches, 3rd ed., 2009.
Dai Z., Wang S. and Yan Z., "BSHM-WSN: A wireless sensor network for bridge structure
health monitoring," Proceedings of International Conference on Modelling, Identification
& Control (ICMIC), Wuhan, Hubei, China, 2012, pp. 708-712, 2012.
Edvards J., "The potential of Telemedicine Aplications", Gartner, Industry Research,
IDG00142598, 16.10.2006.
Gao H., Yao Q. and Liu B., "A ZigBee indoor security system based on small-scale
fading," Networked Sensing Systems (INSS), 2009 Sixth International Conference on,
vol., no., pp.1-4, 17-19 June 2009.
Garripoli C., Mercuri M., Karsmakers P., Soh P.J., Crupi G., Vandenbosch G.A.E., Pace
C., Leroux P., and Schreurs D., "Embedded DSP-Based Telehealth Radar System for
Remote In-Door Fall Detection," IEEE Journal of Biomedical and Health Informatics,
vol.19, no.1, pp.92,101, Jan. 2015.
46
Gianluca D. and Marco T., "Considerations on Security in ZigBee Networks," International
Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC), 2010
IEEE , vol., no., pp.58-65, 7-9 June 2010.
Haataja K., Hyppönen K., Pasanen S., and Toivanen P., B”luetooth Security Attacks“,
Comparative Analysis, Attacks, and Countermeasures. SpringerBriefs Book, Springer
Verlag, October 2013.
Hager C.T. and Midkiff S.F., "An analysis of Bluetooth security vulnerabilities," Wireless
Communications and Networking, 2003. WCNC 2003. 2003 IEEE , vol.3, no., pp.1825-
1831 vol.3, 20-20 March 2003.
Hayajneh T., Ullah S., Mohd B.J., and Balagani K., "An Enhanced WLAN Security System
With FPGA Implementation for Multimedia Applications," IEEE Systems Journal, vol.PP,
no.99, pp.1-10 May 2015.
Hsieh W. and Leu J., "A dynamic identity user authentication scheme in wireless sensor
networks," 9th International Wireless Communications and Mobile Computing
Conference (IWCMC), 2013, vol., no., pp.1132-1137, 1-5 July 2013.
Krco S., Cleary D. and Parker D., "P2P Mobile Sensor Networks," Proceedings of the
38th Annual Hawaii International Conference on System Sciences, 2005. HICSS '05. ,
vol., no., pp. 324c, 03-06 Jan. 2005.
Lee S., Su Y. and Shen C., "A Comparative Study of Wireless Protocols: Bluetooth, UWB,
ZigBee, and Wi-Fi," Industrial Electronics Society, 2007. IECON 2007. 33rd Annual
Conference of the IEEE , vol., no., pp.46,51, 5-8 Nov. 2007.
Lee S.H., Lee S., Song H. and Lee H.S., "Wireless sensor network design for tactical
military applications : Remote large-scale environments," Military Communications
Conference, MILCOM 2009. IEEE, vol., no., pp.1-7, 18-21 Oct. 2009.
Leister W., Abie H., Groven A.K., Fretland T and; Balasingham I., "Threat Assessment of
Wireless Patient Monitoring Systems," 3rd International Conference on Information and
47
Communication Technologies: From Theory to Applications, 2008. ICTTA 2008., vol., no.,
pp.1-6, 7-11 April 2008.
Li H., Jia H. and Xue X., "Application and Analysis of ZigBee Security Services
Specification," Second International Conference on Networks Security Wireless
Communications and Trusted Computing (NSWCTC), 2010, vol.2, no., pp.494-497, 24-
25 April 2010.
Liu W., "Application specific sensor node architecture optimization—Experiences from
field deployments," 17th Asia and South Pacific Design Automation Conference, Sydney,
NSW, pp. 389-394, 2012.
Liu Q., Lu S., Hong Y., Wang L. and Dssouli, R., "Securing Telehealth Applications in a
Web-Based e-Health Portal," Third International Conference on Availability, Reliability
and Security, 2008. ARES 08., vol., no., pp.3,9, 4-7 March 2008.
Luo X., "The Realization of the RADIUS Security Authentication," 4th International
Conference on Wireless Communications, Networking and Mobile Computing, 2008.
WiCOM '08., vol., no., pp.1-4, 12-14 Oct. 2008.
Marco P., Lorenzo F. and Claudio B., "A novel dry storage security system using UWB
techniques," International Conference on Ultra-Wideband (ICUWB), 2011 IEEE, Bologna,
2011, pp. 550-554.
Morreale P.A., "Wireless Sensor Network Applications in Urban Telehealth," International
Conference on Advanced Information Networking and Applications Workshops, 2007,
AINAW '07. 21st, vol.2, no., pp.810,814, 21-23 May 2007.
Pande D.C., "Ultra wide band (UWB) systems and their implications to electromagnetic
environment," Proceedings of the International Conference on Electromagnetic
Interference and Compatibility, 1999., vol., no., pp.50,57, 6-8 Dec. 1999.
48
Peng H., "WIFI network information security analysis research," 2nd International
Conference on Consumer Electronics, Communications and Networks (CECNet), 2012,
vol., no., pp.2243-2245, 21-23 April 2012.
Qianqian M., and Kejin B. , "Security Analysis for Wireless Networks Based on ZigBee,"
International Forum on Information Technology and Applications, 2009. IFITA '09., vol.1,
no., pp.158-160, 15-17 May 2009.
Qu H., Cheng J., Cheng Q. and Wang L. Y., "WiFi-Based Telemedicine System: Signal
Accuracy and Security," International Conference on Computational Science and
Engineering, 2009. CSE '09., vol.2, no., pp.1081,1085, 29-31 Aug. 2009.
Radivojac P., Korad U., Sivalingam K.M. and Obradovic Z.; , "Learning from class-
imbalanced data in wireless sensor networks," Vehicular Technology Conference, 2003.
VTC 2003-Fall. 2003 IEEE 58th , vol.5, no., pp. 3030- 3034 Vol.5, 6-9 Oct. 2003.
Ramli S.N., Ahmad R., Abdollah M.F. and Dutkiewicz E., "A biometric-based security for
data authentication in Wireless Body Area Network (WBAN)," 15th International
Conference on Advanced Communication Technology (ICACT), 2013, vol., no., pp.998-
1001, 27-30 Jan. 2013.
Rehena Z., Roy S. and Mukherjee N., "A modified SPIN for wireless sensor networks,"
Third International Conference on Communication Systems and Networks (COMSNETS),
2011 , vol., no., pp.1-4, 4-8 Jan. 2011.
Sandhya S. and Devi K.A.S., "Analysis of Bluetooth threats and v4.0 security features,"
International Conference on Computing, Communication and Applications (ICCCA),
2012, vol., no., pp.1-4, 22-24 Feb. 2012.
Scarfone K. and Padgette J., Guide to Bluetooth Security. National Institute of Standards
and Technology. Special Publication 800-121. September 2008.
49
Sharifi M., Kashi S.S. and Ardakani S.P.; , "LAP: A Lightweight Authentication Protocol
for smart dust wireless sensor networks," International Symposium on Collaborative
Technologies and Systems, 2009. CTS '09., vol., no., pp.258-265, 18-22 May 2009.
Shim J. H., Kwon T. W., Kim D. W., Suk J. H., Choi Y. H. and Choi J. R., "Compatible
design of CCMP and OCB AES cipher for wireless LAN security," SOC Conference, 2003.
Proceedings. IEEE International [Systems-on-Chip] , vol., no., pp.275-276, 17-20 Sept.
2003.
Sun M. and Qian Y.; , "Study and Application of Security Based on ZigBee Standard,"
Third International Conference on Multimedia Information Networking and Security
(MINES), 2011 , vol., no., pp.508-511, 4-6 Nov. 2011.
Sarijari M.A.B., Rashid R.A., Rahim M.R.A. and Mahalin N.H., "Wireless Home Security
and Automation System Utilizing ZigBee based Multi-hop Communication," 2nd Malaysia
Conference on Telecommunication Technologies 2008 and 2008 Photonics, NCTT-MCP
2008.
Suri P.R. and Rani, S., "Bluetooth security - Need to increase the efficiency in pairing,"
Southeastcon, IEEE , vol., no., pp.607-609, 3-6 April 2008.
Tan M. and Masagca, K.A., "An Investigation of Bluetooth Security Threats," International
Conference on Information Science and Applications (ICISA), 2011, vol., no., pp.1-7, 26-
29 April 2011.
Wang X., Zhao X., Liang Z. and Tan M., "Deploying a Wireless Sensor Network on the
Coal Mines," International Conference on Networking, Sensing and Control, 2007 IEEE,
vol., no., pp.324-328, 15-17 April 2007.
Wenjin X. and Jianfeng L., "A Novel Communication Structure for Wireless Sensor
Network," IFIP International Conference on Network and Parallel Computing, NPC 2008.,
vol., no., pp.541-544, 18-21 Oct. 2008.
50
Woo R., Lee S. I., Yang E. J. and Seo D. W., "Smart home system architecture for real-
time and low standby power," 5th International Conference on Consumer Electronics -
Berlin (ICCE-Berlin), IEEE, pp. 441-442, Berlin, 2015.
Yang B., "Study on Security of Wireless Sensor Network Based on ZigBee Standard,"
International Conference on Computational Intelligence and Security, CIS '09., vol.2, no.,
pp.426-430, 11-14 Dec. 2009.
Zhang J., Orlik P.V., Sahinoglu Z., Molisch A.F. and Kinney P., "UWB Systems for
Wireless Sensor Networks," Proceedings of the IEEE , vol.97, no.2, pp.313,331, Feb.
2009.
Zhou C., Huang W. and Zhao X., "Study on architecture of smart home management
system and key devices", 3rd International Conference on Computer Science and
Network Technology (ICCSNT), Dalian, pp. 1255-1258, 2013.
