Abstract
Implantable medical devices, sensors and wearables are widely deployed today. However, establishing a secure wireless communication channel to these devices is a major challenge, amongst others due to the constraints on energy consumption and the need to obtain immediate access in emergencies. To address this issue, researchers have proposed various key agreement protocols based on the measurement of physiological signals such as a person’s heart signal. At the core of such protocols are fuzzy cryptographic primitives that allow to agree on a shared secret based on several simultaneous, noisy measurements of the same signal. So far, although many fuzzy primitives have been proposed, there is no comprehensive evaluation and comparison yet of the overhead that such methods incur on resource-constrained embedded devices. In this paper, we study the feasibility of six types of fuzzy cryptographic primitives on embedded devices for 128-bit key agreement. We configure several variants for each fuzzy primitive under different parameter selections and mismatch rates of the physiological signal measurements on an MSP430 microcontroller, and then measure and compare their energy consumption and communication overhead. The most efficient constructions consume between 0.021 mJ and 0.198 mJ for the transmitter and between 0.029 mJ and 0.380 mJ for the receiver under different mismatch rates. Subsequently, we modify the best performing methods so that they run in constant time to protect against timing side-channel attacks, and observe that these changes only minimally affect resource consumption. Finally, we provide open-source implementations and energy consumption data of each fuzzy primitive as a reference for real-world designs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
However, this requirement can be alleviated with the combination of a Password Authenticated Key Exchange (PAKE), as shown in [18]. Note that fuzzy extractors can still be securely used even if the inputs are not uniformly distributed.
- 3.
BLE is already being used in commercial IMDs e.g., Medtronic Azure pacemakers [1].
References
Medtronic Azure pacing system. https://europe.medtronic.com/xd-en/healthcare-professionals/products/cardiac-rhythm/pacemakers/azure.html
Simon Rockliff’s Reed-Solomon encoder/decoder. http://www.eccpage.com/rs.c
Abidin, A., Argones Rúa, E., Peeters, R.: Uncoupling biometrics from templates for secure and privacy-preserving authentication. In: ACM SACMAT (2017)
Al Reshan, M., Liu, H., Hu, C., Yu, J.: MBPSKA: multi-biometric and physiological signal-based key agreement for body area networks. IEEE Access 7, 78484–78502 (2019)
Billeb, S., Rathgeb, C., Reininger, H., Kasper, K., Busch, C.: Biometric template protection for speaker recognition based on universal background models. IET Biometrics 4(2), 116–126 (2015)
Calleja, A., Peris-Lopez, P., Tapiador, J.E.: Electrical heart signals can be monitored from the moon: security implications for IPI-based protocols. In: WISTP, pp. 36–51 (2015)
Cherukuri, S., Venkatasubramanian, K.K., Gupta, S.K.S.: BioSec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body. In: ICPP, pp. 432–439 (2003)
Crossbow Technology Inc.: TelosB Mote Platform datasheet, Rev. B, https://www.willow.co.uk/TelosB_Datasheet.pdf
Delvaux, J., Gu, D., Schellekens, D., Verbauwhede, I.: Helper data algorithms for PUF-based key generation: overview and analysis. IEEE TCAD 34(6), 889–902 (2015)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Halperin, D., Heydt-Benjamin, T.S., Fu, K., Kohno, T., Maisel, W.H.: Security and privacy for implantable medical devices. IEEE Pervasive Comput. Spec. Issue Implantable Electron. 7, 30–39 (2008)
Hinterwälder, G., Moradi, A., Hutter, M., Schwabe, P., Paar, C.: Full-size high-security ECC implementation on MSP430 microcontrollers. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 31–47. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16295-9_2
Hirose, S.: Some plausible constructions of double-block-length hash functions. In: FSE, pp. 210–225 (2006)
Hu, C., Cheng, X., Zhang, F., Wu, D., Liao, X., Chen, D.: OPFKA: secure and efficient ordered-physiological-feature-based key agreement for wireless body area networks. In: INFOCOM (2013)
Juels, A., Sudan, M.: A fuzzy vault scheme. Des. Codes Crypt. 38(2), 237–257 (2006)
Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: ACM CCS (1999)
Kholmatov, A., Yanikoglu, B.: Realization of correlation attack against the fuzzy vault scheme. In: Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, vol. 6819, p. 68190O. SPIE (2008)
Li, X., Zeng, Q., Luo, L., Luo, T.: T2Pair: secure and usable pairing for heterogeneous IoT devices. In: ACM CCS, pp. 309–323 (2020)
Lin, S., Costello, D.J.: Error Control Coding, vol. 2. Prentice Hall (2001)
Marin, E., Argones Rúa, E., Singelée, D., Preneel, B.: On the difficulty of using patient’s physiological signals in cryptographic protocols. In: ACM SACMAT, pp. 113–122 (2019)
Marin, E., Mustafa, M.A., Singelée, D., Preneel, B.: A privacy-preserving remote healthcare system offering end-to-end security. In: Mitton, N., Loscri, V., Mouradian, A. (eds.) ADHOC-NOW 2016. LNCS, vol. 9724, pp. 237–250. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40509-4_17
Marin, E., Singelée, D., Garcia, F.D., Chothia, T., Willems, R., Preneel, B.: On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them. In: ACSAC, pp. 226–236 (2016)
Marin, E., Singelée, D., Yang, B., Verbauwhede, I., Preneel, B.: On the feasibility of cryptography for a wireless insulin pump system. In: CODASPY (2016)
Marin, E., et al.: Securing wireless neurostimulators. In: CODASPY, pp. 287–298 (2018)
de Meulenaer, G., Gosset, F., Standaert, F., Pereira, O.: On the energy cost of communication and cryptography in wireless sensors networks. In: IEEE WiMob, pp. 580–585 (2008)
Ortiz Martin, L., Picazo-Sanchez, P., Peris-Lopez, P., Tapiador, J.: Heartbeats do not make good pseudo-random number generators: an analysis of the randomness of inter-pulse intervals. Entropy 20, 94 (2018)
Rathgeb, C., Uhl, A.: Statistical attack against fuzzy commitment scheme. IET Biometrics 1(2), 94–104 (2012)
Reparaz, O., Balasch, J., Verbauwhede, I.: Dude, is my code constant time? In: DATE, pp. 1697–1702. IEEE (2017)
Reverberi, L., Oswald, D.: Breaking (and fixing) a widely used continuous glucose monitoring system. In: USENIX WOOT (2017)
Rostami, M., Juels, A., Koushanfar, F.: Heart-to-Heart (H2H): authentication for implanted medical devices. In: ACM CCS, pp. 1099–1112 (2013)
Seepers, R.M., Strydis, C., Peris-Lopez, P., Sourdis, I., Zeeuw, C.I.D.: Peak misdetection in heart-beat-based security: characterization and tolerance. In: EMBC, pp. 5401–5405 (2014)
Seepers, R.M., Wang, W., de Haan, G., Sourdis, I., Strydis, C.: Attacks on heartbeat-based security using remote photoplethysmography. IEEE J-BHI 22(3), 714–721 (2018)
Singelée, D., Seys, S., Batina, L., Verbauwhede, I.: The energy budget for wireless security: extended version. IACR Cryptol. ePrint Arch. 2015, 1029 (2015)
TI: AN092: Measuring Bluetooth Low Energy Power Consumption (2012)
TI: MSP430FR596x, MSP430FR594x Mixed-Signal Microcontrollers datasheet (2012). rev. G. https://www.ti.com/lit/gpn/msp430fr5969
TI: MSP430FR599x, MSP430FR596x Mixed-Signal Microcontrollers datasheet (2016). rev. C. https://www.ti.com/lit/gpn/msp430fr5994
Venkatasubramanian, K.K., Banerjee, A., Gupta, S.: Plethysmogram-based secure inter-sensor communication in body area networks. In: IEEE MILCOM (2008)
Venkatasubramanian, K.K., Banerjee, A., Gupta, S.K.S.: PSKA: usable and secure key agreement scheme for body area networks. IEEE T-ITB 14(1), 60–68 (2010)
Venkatasubramanian, K.K., Gupta, S.K.S.: Physiological value-based efficient usable security solutions for body sensor networks. ACM TOSN 6(4), 1–36 (2010)
Xu, F., Qin, Z., Tan, C.C., Wang, B., Li, Q.: IMDGuard: securing implantable medical devices with the external wearable guardian. In: IEEE INFOCOM (2011)
Acknowledgements
This work is funded in part by the European Union’s Horizon 2020 Research and innovation program under grant agreement No. 826284 (ProTego), the FWO-SBO project SPITE, and by the Engineering and Physical Sciences Research Council (EPSRC) under grant EP/R012598/1. Mo Zhang is funded by the Priestley PhD Scholarship programme. The ECC decoding methods were based in part on the source code of Simon Rockliff [2].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, M., Marin, E., Oswald, D., Singelée, D. (2022). FuzzyKey: Comparing Fuzzy Cryptographic Primitives on Resource-Constrained Devices. In: Grosso, V., Pöppelmann, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2021. Lecture Notes in Computer Science(), vol 13173. Springer, Cham. https://doi.org/10.1007/978-3-030-97348-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-97348-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-97347-6
Online ISBN: 978-3-030-97348-3
eBook Packages: Computer ScienceComputer Science (R0)