Skip to main content
SpringerLink
Log in

On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8976))

Included in the following conference series:

Abstract

Wireless Body Area Networks (WBAN) support a variety of real-time health monitoring and consumer electronics applications. The latest international standard for WBAN is the IEEE 802.15.6. The security association in this standard includes four elliptic curve-based key agreement protocols that are used for generating a master key. In this paper, we challenge the security of the IEEE 802.15.6 standard by showing vulnerabilities of those four protocols to several attacks. We perform a security analysis on the protocols, and show that they all have security problems, and are vulnerable to different attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Chen, M., Gonzalez, S., Vasilakos, A., Cao, H., Leung, V.C.: Body area networks: a survey. Mob. Netw. Appl. 16(2), 171–193 (2011)

    Article  Google Scholar 

  2. Movassaghi, S., Abolhasan, M., Lipman, J., Smith, D., Jamalipour, A.: Wireless body area networks: a survey. Commun. Surv. Tutorials, IEEE 16(3), 1658–1686 (2014)

    Article  Google Scholar 

  3. Association, T.I.S.: IEEE P802.15.6-2012 Standard for Wireless Body Area Networks (2012). http://standards.ieee.org/findstds/standard/802.15.6-2012.html

  4. Krawczyk, H.: HMQV: a high-performance secure diffie-hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Menezes, A.: Another look at HMQV. Math. Cryptology JMC 1(1), 47–64 (2007)

    MATH  MathSciNet  Google Scholar 

  6. Toorani, M.: On continuous after-the-fact leakage-resilient key exchange. In: Proceedings of the 2nd Workshop on Cryptography and Security in Computing Systems (CS2 2015), ACM (January 2015)

    Google Scholar 

  7. Toorani, M.: Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy. Secur. Commun. Netw. 8(4), 694–701 (2015)

    Article  Google Scholar 

  8. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  9. Toorani, M., Beheshti, A.: A directly public verifiable signcryption scheme based on elliptic curves. In: Proceedings of the 14th IEEE Symposium on Computers and Communications (ISCC 2009), pp. 713–716 (2009)

    Google Scholar 

  10. Hankerson, D., Vanstone, S., Menezes, A.J.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004)

    MATH  Google Scholar 

  11. Misra, S., Goswami, S., Taneja, C., Mukherjee, A.: Design and implementation analysis of a public key infrastructure-enabled security framework for ZigBee sensor networks. International Journal of Communication Systems (2014)

    Google Scholar 

  12. LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Toorani, M., Beheshti, A.: Cryptanalysis of an elliptic curve-based signcryption scheme. Int. J. Netw. Secur. 10(1), 51–56 (2010)

    Google Scholar 

  14. Toorani, M., Beheshti, A.: LPKI-a lightweight public key Infrastructure for the mobile environments. In: Proceedings of the 11th IEEE International Conference on Communication Systems(ICCS 2008), pp. 162–166, November 2008. doi:10.1109/ICCS.2008.4737164

Download references

Acknowledgement

The author would like to thank Øyvind Ytrehus and the anonymous reviewers for their comments.

Author information

Authors and Affiliations

  1. Department of Informatics, University of Bergen, Bergen, Norway

    Mohsen Toorani

Authors
  1. Mohsen Toorani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohsen Toorani .

Editor information

Editors and Affiliations

  1. Leibniz Universität, Hannover, Germany

    Michael Brenner

  2. Carnegie Mellon University, Pittsburgh, Pennsylvania, USA

    Nicolas Christin

  3. Carnegie Mellon University, Pittsburgh, Pennsylvania, USA

    Benjamin Johnson

  4. New Jersey Institute of Technology, Newark, New Jersey, USA

    Kurt Rohloff

Rights and permissions

Reprints and permissions

Copyright information

© 2015 International Financial Cryptography Association

About this paper

Cite this paper

Toorani, M. (2015). On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48051-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-48051-9_18

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-48050-2

  • Online ISBN: 978-3-662-48051-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation