Hodgkiss, Jack, Djahel, Soufiene ORCID: https://orcid.org/0000-0002-1286-7037 and Zhang, Zonghua (2021) A New Attack Method Against ECG-based Key Generation and Agreement Schemes in Body Area Networks. IEEE Sensors Journal, 21 (15). pp. 17300-17307. ISSN 1530-437X
|
Accepted Version
Download (1MB) | Preview |
Abstract
Body Area Networks (BAN) are wireless networks designed for deployment on or within the human body. These networks are primarily intended for application within the medical domain due to their capabilities for enabling wireless monitoring of physiological signals, and remote administration of medical devices. Due to their intended use case, securing these devices is paramount. In recent years, several key generation and agreement schemes that rely upon physiological signals of the wearer are developed. However, we have found that the application of Electrocardiogram (ECG) signals in this context may not be appropriate due to a potential vulnerability, wherein previously recorded ECG signals could be used against current and future key agreement attempts to compromise their security. This is a violation of temporal variance which is one of a few properties that make ECG signals suitable for use in key agreement schemes. By extracting the QRS complex from prior recordings and distributing them apart from one another we can construct synthetic signals that have a high level of coherence, and thus allow for the key to be intercepted. Based on the conducted experiments we have found that the proposed attack method yields a 0.7 coherence level regardless of how far away the adversary is from the target. This makes the success of such an attack extremely likely and is therefore a real threat to the security of these schemes.
Impact and Reach
Statistics
Additional statistics for this dataset are available via IRStats2.