Abstract
Wireless Body Area Networks (WBAN) support a variety of real-time health monitoring and consumer electronics applications. The latest international standard for WBAN is the IEEE 802.15.6. The security association in this standard includes four elliptic curve-based key agreement protocols that are used for generating a master key. In this paper, we challenge the security of the IEEE 802.15.6 standard by showing vulnerabilities of those four protocols to several attacks. We perform a security analysis on the protocols, and show that they all have security problems, and are vulnerable to different attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chen, M., Gonzalez, S., Vasilakos, A., Cao, H., Leung, V.C.: Body area networks: a survey. Mob. Netw. Appl. 16(2), 171–193 (2011)
Movassaghi, S., Abolhasan, M., Lipman, J., Smith, D., Jamalipour, A.: Wireless body area networks: a survey. Commun. Surv. Tutorials, IEEE 16(3), 1658–1686 (2014)
Association, T.I.S.: IEEE P802.15.6-2012 Standard for Wireless Body Area Networks (2012). http://standards.ieee.org/findstds/standard/802.15.6-2012.html
Krawczyk, H.: HMQV: a high-performance secure diffie-hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)
Menezes, A.: Another look at HMQV. Math. Cryptology JMC 1(1), 47–64 (2007)
Toorani, M.: On continuous after-the-fact leakage-resilient key exchange. In: Proceedings of the 2nd Workshop on Cryptography and Security in Computing Systems (CS2 2015), ACM (January 2015)
Toorani, M.: Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy. Secur. Commun. Netw. 8(4), 694–701 (2015)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Toorani, M., Beheshti, A.: A directly public verifiable signcryption scheme based on elliptic curves. In: Proceedings of the 14th IEEE Symposium on Computers and Communications (ISCC 2009), pp. 713–716 (2009)
Hankerson, D., Vanstone, S., Menezes, A.J.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004)
Misra, S., Goswami, S., Taneja, C., Mukherjee, A.: Design and implementation analysis of a public key infrastructure-enabled security framework for ZigBee sensor networks. International Journal of Communication Systems (2014)
LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)
Toorani, M., Beheshti, A.: Cryptanalysis of an elliptic curve-based signcryption scheme. Int. J. Netw. Secur. 10(1), 51–56 (2010)
Toorani, M., Beheshti, A.: LPKI-a lightweight public key Infrastructure for the mobile environments. In: Proceedings of the 11th IEEE International Conference on Communication Systems(ICCS 2008), pp. 162–166, November 2008. doi:10.1109/ICCS.2008.4737164
Acknowledgement
The author would like to thank Øyvind Ytrehus and the anonymous reviewers for their comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 International Financial Cryptography Association
About this paper
Cite this paper
Toorani, M. (2015). On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48051-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-662-48051-9_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48050-2
Online ISBN: 978-3-662-48051-9
eBook Packages: Computer ScienceComputer Science (R0)