Bio Sensor Nodes

A bio-sensor node has two parts: physiological signal sensor and the radio platform. Function of body sensor is to read analogue signals corresponding to humans' physiological activity. This analogue signal is digitized and then forwarded by the radio transceiver to the sink node attached to the human body. Some sensors are required to be implanted inside the human body, and some sensors are usually placed on the surface of the human body. Figure 5.2 shows a diagram of a human body with some bio-sensors. To name some sensor devices for BANs, we can mention the following: blood glucose sensor, blood pressure sensor, CO2 gas sensor, accelerometer sensor, ECG sensor, EEG sensor, EMG sensor, gyroscope sensor, pulse oximetry sensor. Level of glucose in blood, also known as blood sugar, is an important parameter to get the physical status of any person. Both kinds of sensor, a non-invasive sensor that can be put onto the body surface and implantable sensor that are implanted in the body, are available for monitoring the blood sugar level. Non-invasive sugar monitoring is made possible by using infra-red technology and optical sensing. Blood pressure measures the force of blood flow on the blood vessel wall. Two kinds of blood pressure measurements are taken: systolic pressure, and diastolic pressure. There are sensors to measure both the pressures. CO2 gas sensor reads carbon dioxide levels in blood and also reads concentration level of oxygen during respiration cycle. Pulse Oximetry sensor measures the SpO2 level in blood by photoplethysmograph (PPG) signal. Heart muscles continuous contraction and expansion produce specific signals that are captured by Electrocardiogram (ECG). ECG is used to investigate heart condition. Body muscles produce specific signals during contraction or rest. Electromyography (EMG) captures this signal emitting from body muscles. As nerves control the muscles responses, study of nerves is done by EMG. Electroencephalography (EEG) monitors the electrical activity within the brain by placing small electrodes on the humans' scalp at different locations. Different sensors are available for ECG, EMG, and EEG. The activity and the motion of a person can be monitored by accelerometer and gyroscope. Accelerometer sensor measures acceleration. Gyroscope sensor reads angular velocity. Table 5.1 summarizes a list of different types of sensors available commercially.

Conventional operating systems such as Linux, Windows cannot be adopted by sensor nodes in BAN because the sensor nodes are resource constrained. Most of the sensor nodes use Tiny OS as the underlying operating system. Apart from Tiny OS, other alternative choices of operating system for sensor nodes are Contiki, Mbed, nano-RK, and FreeRTOS [284].

Cloud Enabled Body Area Network Table 5.1: Common Bio-sensors

Body Area Network

Body area network is one of the most active interdisciplinary research areas of Electronics and Computer Science. Several top class survey papers exist in the literature such as [92], [213], [281 ], [155], [209], [243], [191 ]. One of the earliest survey works on BAN was done in [92], and they have discussed design of MAC layer, physical layer, and radio technologies used in BAN. They have compared existing body sensor nodes, their operating systems, radio technologies used, data rate, outdoor communication range. They also studied several BAN projects taken up for remotely monitoring health or fitness status. Another excellent survey work has been performed in [213]. They have nicely studied the architecture of BAN, data rate of different types of sensors, energy consumption, positioning of BAN, characteristics of three layers: physical, MAC and network. They also mentioned about IEEE 802.15.6, BAN standard, which was then in the formative stage. They also touched on the security issues in BAN. We can mention here some other IEEE 802 standards, which are given in the Table 5.2.

Table 5.2: IEEE 802 Standards

The survey in [281] is another excellent work. They have discussed the IEEE

802.15.6 standard for BAN in detail. They have also discussed the communication architecture of BAN, layers of BAN, routing protocols in BAN and its classification and challenges, channel models, interference issues, antenna design, security and privacy issues. They highlighted the open problems in BAN. The research in [243] studied BAN from the angle of Wireless Sensor Networks and highlighted BAN research challenges.

As sensors and base stations are resource-constrained, Cloud is used to receive the sensory data from BAN and performs resource-intensive data processing of long-term storage of mammoth data. Furthermore, Cloud provides access to shared resources to BAN-based applications in a pervasive manner. Also, Cloud-based BAN offers the facility for remote update/upgrade of software in BAN. This makes maintenance of BAN more quick and cost-effective [278]. Review of Cloud-assisted BAN and its challenges have been discussed in [133]. Integration of BANs with Cloud infrastructure raises the following research issues apart from security and privacy[133]:

I. Interfacing Cloud with BAN

II. Sensor stream management

III. Massive scale and real-time processing

IV. Advanced off-line data analysis.

Figure 5.3: A Reference Architecture to integrate Cloud with BAN

The reference architecture for integrating BAN and Cloud is shown in Figure 5.3.

To mention a few BAN based research projects, we can name CodeBlue, AID-N, SMART, and CareNet [92], and MediNet project launched by Microsoft in Caribbean countries for remote monitoring of diabetes and cardiovascular diseases [225].

Communication Architecture

The communication in BAN is wireless. The three-tier communication architecture of Cloud-enabled BAN has been depicted in the Figure 5.4. The innermost communication is the tier-1 communication. Here, sensors are scattered throughout the body and send the PHI readings to the personal server in BAN, while the person may be in any posture like working, running, walking, sitting, or sleeping. The tier-2 communication is between BANs. One BAN can communicate with the other BAN. Also, tier-2 facilitates connection of BAN with other kind of networks. Here the presence of access points is assumed as ubiquitous, and not shown in the diagram. The inter-BAN communication architecture can be of two types: infrastructure based architecture, and ad hoc based architecture. The outermost communication is the tier-3 communication, where BANs communicate to Cloud via Internet and MSPs, and emergency services such as ambulatory service providers also communicate to Cloud via the Internet. Cloud also initiates communication to BAN, MSPs, and emergency services in case there is medical emergency of MU.

Physical and MAC Layers of BAN

IEEE 802.15.6 standard defines physical layer (PHY) and medium access control layer (MAC) for BAN. It is the task of BAN application developer to develop

Figure 5.4: Three Tier Communication Architecture

other layers, namely, network layer, transport layer and application layer. PHY and MAC layers are defined so that they provide low cost, low complexity, ultra- low power consumption, high reliability, and short range communication around the body.

Major task of PHY layer is to convert physical layer service data unit (PSDU) into physical layer protocol data unit (PPDU). PHY layer also does the following tasks:

I. activation/deactivation of radio transceiver,

II. data transmit/receive, and

III. clear channel assessment.

IEEE 802.15.6 has mentioned three different types of physical layers: human body communication (PHY), narrow band (NB), and ultra-wide band (UWB). NB PHY is used for communication in the current channel. HBC PHY utilizes the human body, whose tissues are lossy medium, as a transmission channel for transmitting data between nodes [175]. UWB PHY can be used for communication between on-body devices, as well as between on-body and off-body devices.

IEEE 802.15.6 MAC layer controls access of transmission channel. Here, the sensor nodes are organised into one-hop star or two-hop star network. A single coordinator node or hub controls the channel access of the BAN. MAC divides the time axis of channel into super frames or beacon periods of equal length size.

Every super frame has a number of allocation slots for data transmission. The channel is accessible in one of the following three modes:

I. Beacon mode with super frame boundary,

II. Non-beacon mode with super frame boundary, and

III. Non-beacon mode without super frame boundary.

Cryptographic Building Blocks

In this section, we briefly introduce the important cryptographic building blocks that have been used to address the privacy and security issues in BAN. These include hash function, homomorphic encryption, bilinear pairing, and attribute based encryption.

Cryptographic Hash Function

A hash function maps a input of variable length into a output of fixed length. Hash functions that are used in the security related applications are referred to as cryptographic hash functions [301 ]. Examples of cryptographic hash functions are MD-5, SHA-1, SHA-2, SHA-3, etc. A function needs to have three properties to qualify as cryptographic hash function. These three properties of hash functions are mentioned below:

I. Preimage Resistance: Given a message digest y, it is computationally infeasible to find a message x that hashes to y.

II. Second Preimage Resistance: Given a message x, it is computationally infeasible to find a different message x>, such that both the messages .v and xr hash to the same message digest.

III. Collision Resistance: It is computationally infeasible to find two different messages that hash to the same message digest.

Homomorphic Encryption

Presence of Cloud to process and analysis the MU and MSP demands a different kind of strategy. MU and MSP both do not want Cloud to get access to their actual data, but they want Cloud to be doing some operations on these data. This type of scenario requires that semi-trusted or untrusted servers should operate on encrypted data so that they do not get to know what the actual data is. This is made possible with homomorphic encryption. Homomorphic encryption is a kind of encryption that permits operations on ciphertexts [386]. Homomorphic encryption allows computations on encrypted data, without the need to fully decrypt the data on the Cloud. That is, public Cloud would work on ciphertexts without decrypting it. So, confidentiality of the data is not compromised. Result of applying the operation on encrypted result, when decrypted, matches the result of the operations as if it had been applied on the plaintext. That is, for a particular homomorphic encryption HE (•), and two ciphertexts HE (mi), HE (m₂), the following holds true: HE (ni + m2) = HE (mi) x HE (m2).

Bilinear Pairing

The basic idea behind pairing-based cryptography, [124], [88], is the pairing between elements of two cryptographic groups and mapping this pairing to a third group, G|f x G, -> Gj*. For simplicity, only symmetric bilinear pairing is considered, where G_r = G* = G. Now, we formally introduce bilinear pairing for this simplified version. Suppose, G is a additive cyclic group of order q, and Gr is a multiplicative cyclic group of order q. Here, q is a prime number and let g be a random generator of Gr. A Bilinear map is a non-degenerate and efficiently computable таре : GxG —» G_T satisfying the following property:

Then we say that G and Gr are equipped with a pairing. Bilinear pairing can transform a discrete logarithm from elliptic curve to finite field.

Attribute Based Encryption

In Cloud-enabled BAN, it is natural that only certain users can access vital PHI data. The traditional public key cryptography severely limits the users who can access the content. In attribute-based encryption (ABE), user can encrypt data for a set of receivers who satisfy certain conditions. Here, a ciphertext and a private key are associated with a set of attributes. The key is allowed to decrypt the ciphertext if and only if these sets overlap beyond a certain threshold [294]. There are variations in this basic ABE scheme that support finer-grained access control. In one such scheme, a set of attributes is attached with the ciphertext, whereas an access structure is associated with a private key. This association is specified by a Boolean function. Decryption is possible only when the set satisfies this Boolean function. Since the key specifies the access structure, this scheme is called key-policy ABE (KP-ABE). Its complementary scheme is ciphertext-policy ABE (CP-ABE). In CP-ABE, the ciphertext specifies an access structure whereas a key is associated with a set of attributes.