Content uploaded by Joshua D. Guttman
Author content
All content in this area was uploaded by Joshua D. Guttman on Jan 15, 2015
Content may be subject to copyright.
00
Secure Ad-Hoc Trust Initialization and Key Management in Wireless
Body Area Networks
MING LI, Utah State University
SHUCHENG YU, University of Arkansas at Little Rock
JOSHUA. D. GUTTMAN, Worcester Polytechnic Institute
WENJING LOU, Virginia Tech
KUI REN, Illinois Institute of Technology
Body area network (BAN) is a key enabling technology in E-healthcare. An important security issue is to
establish initial trust relationship among the BAN devices before they are actually deployed, and generate
necessary shared secret keys to protect the subsequent wireless communications. Due to the ad hoc nature
of the BAN and the extreme resource constraints of sensor devices, providing secure, efficient and user-
friendly trust initialization is a challenging task. Traditional solutions for wireless sensor networks mostly
depend on key pre-distribution, which is unsuitable for BAN in many ways. In this paper, we propose group
device pairing (GDP), a user-aided multi-party authenticated key agreement protocol. Through GDP, a group
of sensor devices that have no pre-shared secrets, establish initial trust by by generating various shared
secret keys out of an unauthenticated channel. Devices authenticate themselves to each other under the
aid of a human user who performs visual verifications. The GDP supports fast batch deployment, addition
and revocation of sensor devices, does not rely on any additional hardware device, and is mostly based on
symmetric key cryptography. We formally prove the security of the proposed protocols, and we implement
GDP on a sensor network testbed and report performance evaluation results.
Categories and Subject Descriptors: C.2.0 [Computer–Communication Networks]: General—Security
and Design; C.2.0 [Computer–Communication Networks]: Network Architecture and Design—Wireless
communication, Network topology; C.4.0 [Computing Systems Organization]: Performance of System-
s; K.4.6 [Operating Systems]: Security and Protection—Cryptographic controls; K.6.5 [Management of
Computing and Information Systems]: Security and Protection
General Terms: Security, Design, Experiment, Body Area Networks, Efficiency
Additional Key Words and Phrases: Trust Establishment, Key Management, Usable Security, Device Pairing
ACM Reference Format:
Li, M., Yu, S., Guttman, J. D., Lou, W., Ren, K. 2012. Secure Ad-Hoc Trust Initialization and Key Manage-
ment in Wireless Body Area Networks. ACM Trans. Sensor Netw. 0, 0, Article 00 ( 0000), 35 pages.
DOI =10.1145/0000000.0000000 http://doi.acm.org/10.1145/0000000.0000000
This work was supported in part by the US National Science Foundation under grants CNS-0716306, CNS-
0831628, CNS-0746977, CNS-1117811 and CNS 0831963.
Authors’ addresses: M. Li: Dept. of CS, Utah State University, 4205 Old Main Hill, Logan, UT 84322, email:
ming.li@usu.edu; S. Yu: Dept. of CS, University of Arkansas at Little Rock, 2801 S. University Ave, Little
Rock, AR 72204, email: sxyu1@ualr.edu; J. D. Guttman: Dept. of CS, Worcester Polytechnic Institute, 100
Institute Road, Worcester, MA 01609, email: guttman@wpi.edu; W. Lou: Dept. of CS, Virginia Tech, 7054
Haycock Road, Falls Church, VA, 24061, email: wjlou@vt.edu; K. Ren: Dept. of ECE, Illinois Institute of
Technology, 3301 Dearborn St, Siegel Hall 319, Chicago, Illinois 60616, email: kren@iit.edu.
A preliminary version of this paper [Li et al. 2010] appeared in IEEE INFOCOM 2010 (The 29th Conference
on Computer Communications).
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted
without fee provided that copies are not made or distributed for profit or commercial advantage and that
copies show this notice on the first page or initial screen of a display along with the full citation. Copyrights
for components of this work owned by others than ACM must be honored. Abstracting with credit is per-
mitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component
of this work in other works requires prior specific permission and/or a fee. Permissions may be requested
from Publications Dept., ACM, Inc., 2 Penn Plaza, Suite 701, New York, NY 10121-0701 USA, fax +1 (212)
869-0481, or permissions@acm.org.
c
⃝0000 ACM 1550-4859/0000/-ART00 $10.00
DOI 10.1145/0000000.0000000 http://doi.acm.org/10.1145/0000000.0000000
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:2 M. Li et al.
Fig. 1: A typical body area network and its relationship with the E-healthcare system. ( c
⃝2011,
Ming Li)
c
⃝ACM, 2012. This is the author’s version of the work. It is posted here by permission
of ACM for your personal use. Not for redistribution.
1. INTRODUCTION
In recent years, the interoperable medical device (IMD) [Venkatasubramanian et al.
2010] has emerged as an enabling technique for modern E-healthcare systems, which
would revolutionize hospital treatment [Lorincz et al. 2004; Hanson et al. 2009; Jo-
vanov et al. 2005; Li et al. 2010a]. Traditional medical devices usually operate sepa-
rately, while IMDs are able to interoperate with each other — they are small wearable
or implantable medical devices that are capable of sensing, storing, processing and
transmitting data via wireless communications. IMDs promise afford many advan-
tages to the patient, including improved safety, more accurate diagnosis, and better
context awareness for caregivers [Venkatasubramanian et al. 2010].
A network of IMDs is often referred to as a wireless body area network (BAN). It may
consist of multiple IMDs of different types — they could be placed in, on or around a
patient’s body, while they fulfill the common goal of patient monitoring. In addition, a
controller (a hand-held device like PDA or smart phone) is usually associated with each
patient, which collects, processes, and transmits the sensor data to the upper tier of
the network for healthcare records. A typical structure of the BAN and its relationship
with the E-healthcare system is depicted in Fig. 1.
The BAN is designed to satisfy a wide range of applications, such as ubiquitous
health monitoring (UHM) [Jovanov et al. 2005] and emergency medical services (EMS)
[Lorincz et al. 2004]. The UHM features long-term and consistent monitoring of a
patient’s health status and surrounding environment, while the EMS requires real-
time medical data collection and reporting.
Unlike conventional sensor networks, a BAN deals with medical information, which
has stringent requirements for security and privacy. It is critical to protect this infor-
mation from eavesdropping, malicious modification and unauthorized access, etc. Trust
among the BAN devices is crucial for realizing these security requirements, includ-
ing especially authenticated shared (symmetric) secret keys that enable cryptograph-
ic functions such as encryption and integrity check. However, in traditional wireless
sensor networks (WSNs) the secret keys are usually pre-distributed before network
deployment. The existing methods for key distribution in WSNs can be divided into
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:3
several categories. (1) Rely on knowledge of the network topology [Perrig et al. 2002];
(2) Require less topology information but need the sensors to store a large number of
keys [Eschenauer and Gligor 2002; Chan et al. 2003; Di Pietro et al. 2003; Du et al.
2005; Liu and Ning 2003; Liu et al. 2008]; (3) Assume the existence of root of trust
from certain central entities [Zhu et al. 2003; 2006], or rely on public key infrastruc-
ture (PKI) [Malan et al. 2004].
However, key pre-distribution is not suitable for a BAN in several ways. First, the
distribution chain of a medical sensor node may not be fully trusted by the end us-
er: the devices could come out of the hands of different manufacturers and users. This
rules out the first two types of pre-distribution methods in traditional WSNs, i.e., there
will not exist shared keys or common security context within the IMDs before they
arrive at end users. Second, a BAN is often formed in an ad hoc way with unpre-
dictable topology, while “plug-n-play” is the ideal usability goal. It is hard for the users
to distribute keys manually since they are usually not experts. Most existing works
on user-aided key pre-distribution in WSNs involve cumbersome human efforts [Kuo
et al. 2007; Law et al. 2010], and are not very user-friendly. Third, a central root of
trust or a PKI would be impractical for BANs, not only because they require costly
infrastructure, but also due to the high complexity involved in the revocation of nodes.
This gives rise to the problem of secure ad hoc initial trust establishment for a BAN,
which happens before the BAN is actually deployed. Here we highlight several key
differences between this and traditional key pre-distribution in WSNs. (1) Since se-
cret keys are not assumed to be pre-distributed, trust must be established despite the
lack of a common security context, and no central trusted parties as the root of trust
except that the user trusts herself. In particular, in practice, a group of BAN devices
must be correctly associated with the intended patient, lest the wrong medical data be
collected. This requires the IMDs to be authenticated to each other and to the BAN
controller, which forms the group securely. Secret keys which can belong only to the
intended group should be generated. (2) The traditional authentication goal [Bellare
and Rogaway 1994] only stipulates that each participant is assured that each message
appears to come from the true identity that generated it. However, in a BAN since
the wireless communication cannot be perceived by a human, in addition to tradition-
al authentication it is desirable to let a human user physically make sure that the
devices ultimately authenticated to each other include and only include the intended
devices that s/he wants to participate, which is often referred to as demonstrative i-
dentification [Chen et al. 2008; Lin et al. 2009] in usable security. To achieve this, the
mechanism should be user-friendly, i.e., involving as few human interactions as possi-
ble. (3) BAN applications are usually time-critical which mandates the trust bootstrap
process to be fast and scalable. For instance, in EMS an additional 5 minutes delay
may result in a difference between life and death. Of course, overhead is an important
concern since the medical sensor nodes are extremely resource-constrained.
A unique challenge is that, a secure communication channel shall be established
out of an insecure channel for all the BAN devices upon their first meet, since IMD-
s communicate through wireless. This can be achieved by the so called secure device
pairing concept that “pairs up” two devices [Li et al. 2010b]. A straightforward solu-
tion is to apply device pairing between the controller and each of the N−1IMDs to
establish individual keys, based on which the pairwise keys and group key can be de-
rived. However, this requires about N−1human interactions while each one needs
tens of seconds. Many current device pairing techniques are designed for pairing only
two devices, which will require many runs for a BAN. Many others are unsuited for
IMDs with limited resources and little human interface. GAnGS [Chen et al. 2008] is
an exception, but it still requires Ninteractions.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:4 M. Li et al.
In this paper, we propose the group device pairing (GDP) protocol that establishes
shared secret keys within a BAN out of nothing, i.e., it relies on neither prior shared
secrets, nor common measurements, nor a PKI. GDP sets up an authenticated BAN
group (including a shared group key and individual secret keys among devices), with
much fewer human interactions (constant) than establishing authenticated individual
shared keys between the nodes one at a time using traditional device pairing tech-
niques. In GDP, each device authenticates itself to every other device in the group as a
legitimate member, which can be verified visually by a human. With the initial shared
secret keys, standard cryptographic methods can be applied to generate other secret
keys on demand after BAN deployment.
1.1. Our Contributions
We propose a suite of novel schemes for secure ad hoc initial trust establishment and
key management in BAN.
(1) We put forward GDP as the primary scheme for initial trust establishment that re-
lies on zero prior security context. GDP is essentially a user-aided multi-party au-
thenticated key agreement protocol, which combines the concept of device pairing
and group key agreement in an unique way. We propose to use simultaneous com-
parison of synchronous LED blinking sequences on multiple resource constrained
devices by human user as an auxiliary out-of-band (OOB) channel to authenticate
the key exchange in the group. An authenticated group key and individual shared
secret keys among IMDs can be set up for a batch of BAN devices only in one shot.
As a secondary scheme, we also propose a pairwise device pairing (PDP) proto-
col which establishes a shared symmetric secret key between a controller and an
IMD without relying on key pre-distribution. The GDP is particularly suitable for
BAN, because it typically contains less than 100 IMDs and the devices are within
one-hop range.
(2) GDP enables efficient key management after network deployment. Multiple types
of keys can be derived on-demand based on the initial keys obtained during trust
establishment before deployment. Also, dynamic operations, such as regular key
updates, batch node addition and revocation are supported naturally by GDP. Our
scheme is mostly based on symmetric key cryptography (SKC), thus having low
communication and computation overhead.
(3) We formally prove the security of both schemes (GDP and PDP) based on the
Bellare-Rogaway model [Bellare and Rogaway 1994], and give the security guar-
antees under the existence of a computational bounded adversary. The distinct
features of our protocols and security proofs compared with other existing ones
are: 1) Many previous protocols either require the use of non-malleable commit-
ment schemes that involve heavy public key cryptography (PKC), or their security
have not been formally proven. In contrast, our GDP and PDP both adopt com-
mitment schemes that can be efficiently constructed from hash functions, while
we prove their security without depending on the non-malleability of the commit-
ments. 2) Our GDP protocol is also secure against compromised insider nodes, with
the fewest communication rounds, while the only assumption underlying that is
minimal, i.e., having a non-compromised controller.
(4) We carry out a thorough efficiency analysis for GDP, and implement it on a 10 node
sensor network testbed to evaluate its performance. Experimental results show
that initial trust establishment can be done within 30 seconds with low overhead
in terms of time and energy consumption. GDP is secure yet practical. To the best of
our knowledge, we are the first to propose, implement and test the feasibility of the
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:5
visual OOB channel based on human comparison of simultaneous LED blinking
patterns.
1.2. Related Works
The problem of secure initial trust establishment in BAN has received not much atten-
tion so far. In BAN, most previous works focus on security issues such as key manage-
ment [Lorincz et al. 2004; Morchon et al. 2006; Malasri and Wang 2007], encryption
[Lorincz et al. 2004; Malasri and Wang 2007; Tan et al. 2008], and access control [Tan
et al. 2008]. However, it is a non-trivial issue to securely establish a secure commu-
nication channel among a BAN and associate it to the correct patient before any data
communication happens.
1.2.1. Biometrical Methods. Biometrical values [Poon et al. 2006; Venkatasubramanian
and Gupta 2010; Venkatasubramanian et al. 2010; Singh and Muthukkumarasamy
2007] have been used to establish a secure channel from which nodes can derive a com-
mon secret that associates the BSN to a specific patient’s body. For example, electro-
cardiogram (EEG) and photoplethysmogram (PPG) has been exploited in [Poon et al.
2006; Venkatasubramanian and Gupta 2010; Venkatasubramanian et al. 2010]. This
realizes initial trust establishment in a plug-and-play manner. However, it requires
specific hardware for all the nodes to be equipped with the same sensing capability.
Moreover, this biometrical channel is not always available since it does not apply to
sensor devices that are not placed on the human body, for example, those that monitor
the surrounding environment.
1.2.2. Key Generation based on Channel Characteristics. [Mathur et al. 2008] proposed to
extract a secret key between two wireless devices out of an unauthenticated wireless
channel using received signal strength indicator (RSSI). [Jana et al. 2009] evaluated
the effectiveness of key extraction methods using RSSI in real environments. These
methods do not rely on key pre-distribution, but the key generation rate is limited by
the wireless channel and currently group key generation is not enabled.
1.2.3. Key Pre-distribution in BAN. Recently, the trust establishment in BAN is studied
by [Keoh et al. 2009] under the context of secure sensor association. Each sensor n-
ode is associated with the controller one-by-one using public key based authentication,
where a user compares LED blinking patterns to verify each association. However,
their scheme assumes the existence of a trusted authority (TA), and still relies on the
pre-distribution of public keys onto the sensor nodes. Also, it does not support batch
deployment. In “message-in-a-bottle” [Kuo et al. 2007] and KALwEN [Law et al. 2010],
a closed faraday-cage is employed as a secure channel, in which keying materials are
pre-distributed to all the intended sensor nodes before deployment. Secure sensor as-
sociation is achieved in the sense that the user is assured no attackers out of the cage
can associate with the same patient. However, costly additional hardware is required
and it is cumbersome to add new nodes.
1.2.4. Secure Device Pairing. Device pairing is a promising technique to generate a com-
mon secret between two devices that shared no prior-secrets with minimum or with-
out additional hardware. It employs some low-bandwith out-of-band (OOB) channel
to aid the authentication of information exchanged in the insecure wireless channel.
Most proposed OOB channels rely on some form of human user participation. Well-
known examples include the “resurrecting duckling” [Stajano and Anderson 2000],
“talking-to-strangers” [Balfanz et al. 2002], “seeing-is-believing” [McCune et al. 2005],
Loud-and-clear [Goodrich et al. 2006] and short string comparison based key agree-
ment schemes [Cagalj et al. 2006; Pasini and Vaudenay 2006]. In [Nithyanand et al.
2010; Kumar et al. 2009], the usability of device pairing protocols based on various
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:6 M. Li et al.
OOB channels are evaluated. For a comprehensive survey, please refer to [Nguyen and
Roscoe 2011].
1.2.5. Group Message Authentication Protocols. The idea of user-aided authentication has
also been adopted in group message authentication protocols, where each group mem-
ber wants to transfer an authenticated data copy from her device to each other’s. For
example, GAnGS [Chen et al. 2008] requires O(N)human interactions, and also us-
es digital signatures, which increase computational complexity. In SPATE [Lin et al.
2009], this is done through comparing T-flags. Each group member carries out Ncom-
parisons in parallel to authenticate other members’ data. However, SPATE is specifi-
cally designed for message exchange and is not for group key agreement, and it lacks a
formal security proof. [Laur and Pasini 2008] proposed a group message authentication
and key agreement protocol (SAS-GAKA) based on comparison of short authentication
strings (SAS). However, it does not achieve group demonstrative identification. More-
over, SAS and T-flags are not applicable for sensor nodes because they require richer
device interfaces. Therefore, none of SPATE and SAS-GAKA is suitable for secure, fast,
efficient and user-friendly initial trust establishment in BAN. In GDP, the whole group
is authenticated and group key is generated in one shot (i.e., requires one-time visual
comparison of synchronized LED blinking patterns).
The most recent work that is close to ours is GAP [Perkovi´
c et al. 2011]. GAP is
a user-aided group message authentication protocol that can be applied to wireless
sensor networks. It also exploits the idea of synchronous LED blinking pattern as the
OOB channel. The authors also discussed how to deal with semi-authenticated visual
light channels which is orthogonal to our contribution. However, the security of GAP
requires the use of non-malleable commitment schemes, where known constructions
are much more inefficient than hash commitments used in this paper.
2. PROBLEM DEFINITION
2.1. Network Model
A BAN consists of a controller (gateway node) and a group of IMDs (medical sensor n-
odes). The size of the network varies, which may range from a few to the order of hun-
dreds. Although the IMDs could be heterogenous in functionalities, we assume they
are equipped with low-end, form-factor sensor nodes (e.g., comparable with Tmote). To
meet the interoperability requirement, all of them are equipped with the same wireless
communication interface, say ZigBee, and so does the controller. The sensors are lim-
ited in energy, communication, processing and storage capabilities, while the energy
and computation resources of the controller are more ample.
The sensors may be placed in, on, or around the patient’s body. Although there is no
consensus on the communication technologies in BAN, the communication ranges in
most current proposals are larger than 3m (e.g. ZigBee). This is enough to assure that
all nodes can be reached in one hop after deployment. Hence, we will assume a star
topology. Each BAN has a patient, who may be regarded as its owner, as well as a user
who sets up the network. The latter is often a nurse, but may be the patient herself.
2.2. Design Requirements
2.2.1. Security Goals. The initial trust establishment during pre-deployment should
establish a group key and/or individual keys shared between each sensor and the con-
troller, which can be used for the controller to securely broadcast messages to the BAN
later, such as queries. For the design of the PDP and GDP (user-aided authenticated
key agreement protocols), we have the following security goals:
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:7
(1) Key secrecy and key confirmation [Ateniese et al. 2000]. For key secrecy, each group
member should be assured that no non-member can obtain the group key. Key
confirmation means each member is assured that the peers actually possess the
same key.
(2) Group demonstrative identification. Suppose that a set Gof devices is intended by
the user to be the group associated with a specific patient. If a group formation
process causes the set G′of devices to derive the same group key, then the user
should be able to physically verify that Gand G′are the same set.
Actually, this includes two properties — 1) key authenticity or consistency: each
legitimate group member derives the same group key. If it also obtains individ-
ual shared keys, it must be assured that those keys come from the claimed true
identities; 2) exclusiveness: the group includes only legitimate members and no
attackers. This extends the “demonstrative identification” in [Balfanz et al. 2002;
McCune et al. 2005], but is different from PAALP in GAnGS [Chen et al. 2008].
In addition, for the key management after deployment, it should have backward se-
crecy: a new group member should not learn about group keys in the past, and forward
secrecy: a former group member should not discover subsequent group keys for existing
members. The session keys may include pairwise keys shared between pairs of sensor
nodes, so that they can securely distribute their data to other sensors. Sometimes,
cluster keys are also needed in BAN.
2.2.2. Usability Goals
(1) Efficiency. A BAN is often consisted of low-end devices, relies on battery energy and
is intended to last at least for several days [Hanson et al. 2009; Lorincz et al. 2004;
Jovanov et al. 2005]. To match the low-capabilities of the sensors in BAN and to
minimize energy consumption, it is important to minimize computation, commu-
nication and storage overhead. Therefore, expensive cryptographic functions such
as public-key operations should be avoided whenever possible.
(2) Fast operation and user-friendliness. The initial trust establishment in a BAN
should be fast, while involving as few and intuitive human interactions as pos-
sible. Especially, batch-deployment of devices should be supported.
(3) Error-proof. Since humans make mistakes, the procedure must be easy to follow.
Also, the system should be able to detect errors or attackers and alert the user.
(4) Requires no additional hardware. In order to reduce the cost of the system, it is es-
sential to use commercial-off-the-shelf (COTS) products, and to use fewer hardware
components. For example, there should be no auxiliary devices. Also, the sensors
usually do not have physical interfaces such as USB, because they may constrained
form factors.
In addition, because the devices may be manufactured by different vendors which
are hard to inter-operate, we assume there are no pre-loaded public keys, certificates,
or pre-shared secrets among the devices in BAN. The sensors are used in a plug-and-
play manner.
2.3. Attack Model
The attacker can either be an outsider or insider. An outsider does not compromise any
devices in the intended BAN group, while an insider can compromise any of the sensor
device. The attacker is able to eavesdrop, intercept, modify, replay or inject the wireless
communication between any devices in range. The attacker can also compromise a
certain number of sensor nodes after deployment.
The main goals of an attacker are: obtain the secret keys by eavesdropping; imper-
sonate as a legitimate group member to join the group; prevent one or more legitimate
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:8 M. Li et al.
group member to join the group; act as man-in-the-middle and try to split the intended
group into two or more subgroups; maliciously modify the information contributed by
legitimate group members so as to violate key authentication and disrupt the group.
The attacker can also pose as multiple identities to join the group, which is a Sybil
attack. We do not consider denial of service (DoS) attacks in this paper.
We assume only that the controller is not compromised during the initial trust estab-
lishment process (i.e., is trusted by the user)1. This is because the user can recognize
his/her controller by password, and the controller is usually better kept and protected.
Note that, devices do not trust each other before the initial trust establishment.
3. BACKGROUND, NOTATIONS AND DEFINITIONS
Table I. Frequently used notations
H() A cryptographic hash function
H(m, r)Digest function with input mand key r
xR
←− S, x ∈RSChoose xuniformly from set S
EK{·} Symmetric encryption with key K
bxThe unauthenticated version of x
a|bConcatenation of aand b
MiThe i-th group member
GThe group of devices intended to associate to a patient
KG, Kij The group key, the pairwise key between nodes iand j
SkA subgroup of index k
NTotal number of devices in the group
Z∗
qMultiplicative group of prime order q
FpFinite field of size p
nThe length of nonces
ℓLength of the short authentication string
3.1. Communication Channels in Device Pairing
In this paper, we consider secure device pairing protocols (or user-aided authentica-
tion protocols) with multiple communication channels. Usually there are two kinds of
channels: one is the normal Dolev-Yao channel, the other is an auxiliary out-of-band
(OOB) channel. In a Dolev-Yao channel, all the messages transmitted between two de-
vices can be overheard, deleted, or modified by the adversary. Examples may include
the wireless channel. In an OOB channel considered in this paper, messages cannot
be modified or delayed from one to another session. The definition of the OOB channel
corresponds to the “empirical channel” defined in [Nguyen and Roscoe 2011], and can
be regarded as “authentic”. The OOB channel is usually bandwidth-limited as com-
pared with a Dolev-Yao channel. The former is represented as “↔” in this paper, while
the latter is denoted as “⇐⇒”.
Practical factors need to be considered when choosing the type of OOB channel in
a device pairing protocol. In a BAN, sensor nodes may only have LED lights, beepers
and buttons, but no interfaces such as camera, displays or keyboards; yet the controller
may have all of them. Under this asymmetric setting, the methods in [McCune et al.
2005; Balfanz et al. 2002] are unable to achieve mutual authentication. Fortunately,
the “Blink-Blink” (BB) pairing method proposed in [Prasad and Saxena 2008] was
shown to be a practical approach. Briefly, both devices encode a short authentication
string (SAS) obtained from a protocol run to a synchronized LED blinking pattern,
where a ‘1’ bit encodes to a “blink” (on) period and ‘0’ bit encodes to an “off”. Then the
1In the preliminary version of this paper [Li et al. 2010], we assumed all the devices to be benign during the
pre-deployment phase; so the current assumption is much weaker.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:9
user compares the patterns and accepts the results if they are the same. The above is
essentially a visual OOB channel between two devices, and we extend it to multiple
devices in this paper.
3.2. Commitment Schemes
Commitment schemes are important cryptographic primitives that have been widely
used in message authentication [Laur et al. 2005] and authenticated key agreement
protocols [Cagalj et al. 2006; Pasini and Vaudenay 2006; Laur and Pasini 2008]. Typi-
cally, a commitment scheme consists of two algorithms:2
—Commit(I NF O , x)→(c, d), where IN F O is public data, xis n-bit private data, cis
the commitment value, and dis an opening value. The algorithm is probabilistic.
—Open(I NF O , c, d)→x∈ {0,1}n∪ {⊥}, which outputs the committed value x. If c
is not a valid commitment, then it returns ⊥. This algorithm is deterministic, and
correctness implies that for any x∈ {0,1}n,Open(I NF O, Commit(I NF O , x)) = x.
A commitment scheme should have two basic properties: hiding and binding. Their
definitions are as follows.
DEFINITION 1((ϵh, Th)-HIDING).Given (c, I N F O), the probability that an adver-
sary can correctly guess the value of xbefore the opening value dis revealed is upper
bounded by ϵhin time Th.
DEFINITION 2((ϵb, Tb)-BINDING).The probability that an adversary can open an
commitment value cto a different x′afterwards than the one committed by cis upper
bounded by ϵbin a time Tb.
In many existing user-aided authentication protocols [Perkovi´
c et al. 2011; Laur and
Pasini 2009; Laur and Nyberg 2006; Vaudenay 2005; Laur and Pasini 2008], the com-
mitment schemes used are required to have a third property — non-malleability, which
is stronger than the basic ones above. However, non-malleable commitment schemes
are usually very inefficient in practice [Laur et al. 2005; Laur and Nyberg 2006], which
will be unsuitable for low-end sensor nodes like Tmote. Fortunately, as we will show
later, this property is not necessary for provable security of our proposed protocols.
We instantiate the commitments using the following efficient construction from [Pass
2003] based on a cryptographic hash function 3.
DEFINITION 3(HASH BASED COMMITMENT SCHEME).Assume we have a crypto-
graphic hash function Hthat can be modeled as a random oracle: {0,1}2n→ {0,1}l(n),
where l(n)≤poly(n). Then we have the following scheme:
—Commit: given x, randomly picks r← {0,1}n, and compute c=H(x, r).
—Open: let d= (x, r). Output xif c=H(x, r).
The above scheme achieves hiding and binding [Pass 2003]. To commit to a longer
message x, we can first hash it to nbits using a collision-resistant hash function and
then commit, which is a general method [Halevi and Micali 1996]. Therefore, with
public data I NF O and a message to be committed (m), we can set x=I NF O |mwhile
2In this paper we adopt the definition from [Nguyen and Roscoe 2011].
3In a few previous user-aided message authentication protocols, one-way hash functions (OHF) have been
adopted as a practical alternative for commitment schemes [Zimmermann et al. 2006; Alliance 2006; Lin
et al. 2009]. But to the best of the authors’ knowledge, there have been no formal security proofs for such
protocols up to date. In [Laur and Pasini 2009] a security proof was posed as an open problem. We here
provide security proofs for our protocols.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:10 M. Li et al.
the hiding and binding properties defined in Defs. 1 and 2 still hold. We will denote
the hash commitment using HCommit and HOpen.
3.3. Digest Functions
In this paper, we will make use of a digest function proposed by [Nguyen and Roscoe
2008; 2011]. The digest function is defined as a mapping:
DEFINITION 4(DIGEST FUNCTION).H(m, k):{0,1}L× {0,1}n→ {0,1}ℓis a map-
ping where mis the message to be digested and kis the key. It shall have two properties:
(1) (ϵu-key-based uniformity) for any fixed mand y, Prk∈R{0,1}n[H(m, k) = y] = ϵu.
(2) (ϵr-no uniform compensation) for any fixed θand m̸=m′, Prk∈R{0,1}n[H(m, k) =
H(m′, k ⊕θ)] = ϵr.
The “key-based uniformity” says that, upon varying the key k, the output of the di-
gest function should be uniformly distributed. And “no uniform compensation” means
there should not exist θsuch that it can always compensate the change in the digest
output incurred by a different m′than m, for any varying key k.
A concrete construction is given in [Nguyen and Roscoe 2008] based on matrix prod-
uct, where the ideal properties are achieved: ϵu=ϵr=1
2ℓ. Usually the output of a
digest function is a short string, e.g., ℓ= 16 bits. Note that, it is similar to a univer-
sal hash function, but a universal hash usually concerns collision resistance w.r.t. the
same key.
3.4. Group Key Agreement Scheme
A contributory group key agreement establishes a group key based on no pre-shared
secret, where every member equally contributes one share of the group key. In this
paper, we choose the unauthenticated group key agreement protocol (UDB) proposed
by Dutta and Barua [Dutta and Barua 2008] as a primitive. It is based on Diffie-
Hellman (DH) key agreement and is provably secure, and only requires 2 rounds of
communication. However, its authenticated version uses digital signatures, which re-
quires PKI and is unsuitable for BAN. We describe the UDB protocol for complete-
ness in Fig. 2. Z∗
qis a multiplicative group of prime order q, where gis a generator.
Note that, KG=gx1x2+x2x3+...+xnx1. Each node broadcasts two messages, and per-
forms three modular exponentiations, 2N−2modular multiplications and 1 modular
division.
Fig. 2: Unauthenticated DB Key Agreement Protocol. (1≤i≤N)
/* Round 1: */
1Mi:xi
R
←− Z∗
q;Xi←gxi;
2Mi→Mi−1, Mi+1:Xi//can be achieved by a broadcast;
/* Round 2: */
3Mi:KL
i←Xxi
i−1;KR
i←Xxi
i+1;Yi←KR
i/KL
i;
4Mi−→ ∗:Yi//“−→ ∗” stands for broadcast in the wireless channel;
5Mi:
b
KR
i+1 ←Yi+1KR
i;
6for j= 2 to n−1do
7Mi:
b
KR
i+j←Yi+j
b
KR
i+j−1;
8end
/* Key computation: */
9Mi: verifies KL
i=
b
KR
i+n−1; if fails, abort;
10 Mi: group key: KG←
b
KR
1
b
KR
2...
b
KR
n;
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:11
4. SECURE AD HOC TRUST INITIALIZATION AND KEY MANAGEMENT FOR BAN
4.1. Overview
Conceptually, the working cycle of a BAN mainly consists of three phases: pre-
deployment, deployment and working phases. In the pre-deployment phase, the sen-
sor nodes are bootstrapped for the first time after being purchased; thus, initial trust
among sensors should be established in this phase. For this phase, we propose two
schemes for securely establishing the initial shared secrets among a group of ad hoc
BAN devices (including a controller and multiple sensors), without relying on any prior
security context (or pre-shared secrets) among the devices. The core of the first scheme
(Scheme-I) is a pairwise device pairing protocol (PDP), a.k.a. user-aided two-party au-
thenticated key agreement, where a human user aids the authentication process by
verifying simultaneous LED blinking patterns on both devices. By running the PDP
protocol between the controller and each sensor one-by-one, each sensor derives an
individual symmetric secret key with the controller. After that, the group key and
pairwise keys can be established. The Scheme-I’s complexity is O(N)in terms of hu-
man effort. To improve upon it, we propose the group device pairing (GDP) protocol,
a.k.a. user-aided multi-party authenticated key agreement. The GDP establishes au-
thenticated group key and individual symmetric keys in a group of devices in one shot,
with O(1) human effort. Pairwise keys can also be subsequently obtained based on
those keys. Both schemes are security enhanced versions of the corresponding ones in
the preliminary version of this paper [Li et al. 2010]. In the GDP, the only addition-
al assumption is that the controller is not compromised, which is reasonable since it
is usually better protected by the human user. In the next section, we also prove the
security of both PDP and GDP formally, while the GDP protocol is also secure against
compromised sensor nodes inside the group.
In the deployment phase, nodes are actually deployed to designated places
on/in/around the human body. Neighbor discovery is performed to form a BAN topol-
ogy, pairwise keys are actually computed, and a logical key hierarchy is established.
For the working phase, the regular functions (e.g. collecting and reporting medical
data) are executed. We then discuss periodical key updates and how to handle node
join/leave/revocation operations efficiently.
4.2. Initial Trust Establishment via User-Aided Two-Party Authenticated Key Agreement
In the pre-deployment phase, a group of sensor nodes and a controller picked by the
user must be uniquely and securely associated to the patient they will serve for. This
is done through establishing initial secret keys including individual keys and group
key. Rather than pre-distributing key materials onto each device beforehand (where
the whole process may not be fully trusted), our approach is based on the concept of
device pairing, which does not rely on any prior security context among nodes. In this
subsection, we first present a straightforward scheme (Scheme I) where the controller
establishes a individual secret key with each sensor one-by-one via our PDP protocol.
4.2.1. The Pairwise Device Pairing Protocol. The PDP is depicted in Fig. 3. It is based
on DH key agreement, and takes the DH public keys as part of the messages to be
authenticated. The protocol essentially has three rounds; and the high-level idea can
be described as “joint commitment before knowledge” [Nguyen and Roscoe 2011]: it
means there is a point in every partial execution of the protocol such that both parties
are committed to a value D(in our case it is the SAS digest), but they do not yet
know D; and in every successful completion of this partial execution, the parties are
committed to the same value for D.
At first, Aand Bboth generate a DH public value (XAand XB), and a random nonce
(rA,rB), respectively. In the first round, they compute hash commitments (cA, cB) to
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:12 M. Li et al.
Controller (A) Sensor Node (B)
Input: IDA, xA
R
←− Z∗
q, XA=gxAIDB, xB
R
←− Z∗
q, XB=gxB
Pick rA
R
←− {0,1}nPick rB
R
←− {0,1}n
mA←IDA|XAmB←I DB|XB
(cA, dA)←HCommit(mA, rA)mA,cA
−−−−−→
mB,cB
←−−−−− (cB, dB)←HCommit(mB, rB)
dA
−−→ If HOpen(bcA,
b
dA) =⊥, abort
If HOpen(bcB,
b
dB) =⊥, abort dB
←−−
sasA← H((mA|bmB|cA|bcB), rA⊕brB)sasB← H(( bmA|mB|bcA|cB),brA⊕rB)
LED blinking pattern←sasA
auth compare
⇐⇒ LED blinking pattern←sasB
//Key confirmation:
If sasA=sasB, user presses a button on both side
Otherwise, user resets both devices
Note: “⇐⇒: OOB channel; “←→”: wireless channel.
Fig. 3: User-aided two-party authenticated key agreement protocol (PDP) between the controller
and a sensor node in Scheme I.
their corresponding nonces and IDs, and exchange the messages mAand mBalong
with the commitments. In the second round, the decommitment values are exchanged
which reveal the nonces to each other. The above two rounds exchange messages us-
ing the wireless channel. In the third round, Aand Bboth compute a SAS in order to
authenticate mBand mA, which is a digest based on their own and received messages
and keys. The SASes are encoded into LED blinking patterns which are displayed
synchronously over a visual OOB channel. The user compares the patterns (in an au-
thenticated way), and accepts the authentication if they are the same. If authenticated,
KAB =b
XxA
B=b
XxB
A=gxAxB. After that, the user needs to let both the controller and
the sensor “know” the acceptance of the authentication result (key confirmation), by
simply pressing a button on both devices.
There are some subtle points to be noticed. First, we have included the ID and DH
public value of each party in its hash commitment. The ID is used to prevent the
replay attack, where the adversary can copy a commitment of Aand later deliver it
to Aagain. And the inclusion of DH public value binds it with the commitment value,
whose function will be more clear in the security proof. Second, we need to ensure
a strict order of message exchange between the parties in order to synchronize both
devices about the ending of phases. This can be done by announcing the devices’ IDs
before round I, and a node only sends its own data after receiving from the one with
smaller ID. In the PDP, there is no constraint to the controller’s ID. In contrast, we will
see later in the GDP protocol, the controller’s ID is required to be maximum. Third, in
the SAS we have included both parties’ IDs, DH public values and commitments, i.e.,
the protocol transcript. This also turns out to be an important factor for the security of
both PDP and GDP protocols. Finally, the key confirmation can only be done manually,
because otherwise there will be man-in-the-middle attacks at this stage. For example,
in the preliminary version of this paper [Li et al. 2010], if the adversary establishes a
different key with each of Aand Bbefore key confirmation, she will be able to deceive
both Aand Bagain at this stage.
4.2.2. Establishment of Group Key and Pairwise Keys. After N−1individual shared keys
are established, a group key KGis generated by the controller. To distribute the group
key, the controller simply encrypts it N−1times using the individual shared keys,
and unicasts to each sensor node. Now, the user enters the ID of the patient into the
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:13
controller, and associates the individual keys and the group key with this ID, which is
also the ID of the BAN.
Next, in order to prepare for secure communication in the deployment phase and
working phase, we need to distribute key materials to sensors so that they can estab-
lish pairwise keys afterwards. Here we use the Blundo’s polynomial based key pre-
distribution method [Blundo et al. 1993]. The controller first randomly generates a
bivariate t-degree symmetric polynomial f(x, y) = ∑t
i,j=0 ai,j xiyjdefined over a finite
field Fpwith pbeing a large prime number4. The controller C(the group member with
largest ID, sometimes denoted as MN) computes a univariate polynomial share for
each node Mi(with ID i): fi(y) = f(i, y). Then it encrypts and unicasts this to each
sensor node:
(msg1) C−→ Mi:i, EKN i {fi(y)|MACKNi (fi(y))}.(1)
where the message authentication code (MAC) provides authentication and integrity
check, and KCi stands for the key shared between Cand Mi. Now, the pairwise key
between iand jis: Kij =fi(j) = fj(i) = Kji .
In addition, in order for the controller to authenticate itself afterwards, the con-
troller generates a one-way hash chain [Lamport 1981]: ¯
kn,¯
kn−1, ..., ¯
k0, where ¯
ki=
H(¯
ki+1),0≤i≤n−1. The controller distributes the commitment of the chain (¯
k0) to
all sensor nodes:
(msg2) C−→ Mi:EKG{¯
k0|MACKG(¯
k0)}.(2)
4.3. Initial Trust Establishment via User-Aided Multi-Party Authenticated Key Agreement
In Scheme-I, associating sensor nodes one-by-one is very time-consuming, since each
pair of LED blinking requires tens of seconds. Therefore, a more scalable and efficient
method must be developed. The GDP below directly establishes initial secret keys in
one shot, including a group key and individual keys among a group of devices through
multi-party authenticated key agreement. The idea is to authenticate the messages
exchanged in a group key agreement scheme with a human user’s help, i.e., simul-
taneously comparing LED blinking patterns for a group of devices in an OOB visual
channel.
We first propose the core protocol: GDP. We present it in two steps; firstly we give
a multi-party message authentication protocol (MP-MAP), and then build the GDP
based on the MP-MAP. The MP-MAP adopts similar design principles with the under-
lying MAP protocol of PDP, and their protocol structures resembles each other.
4.3.1. The Proposed MP-MAP. The MP-MAP for a group Gis outlined in Fig. 4. It con-
sists of four rounds. The first three rounds use wireless channel, while the fourth uti-
lizes the visual channel.
Round 1 (wireless). In the counting & group forming phase, the user Uwould pick
a group of Ndevices and place them in close proximity. She chooses the controller de-
vice MNwhich has the largest ID among all devices (this can be ensured by assigning
IDNa very large number), and enters the group member count (N) into MNand in-
dicates to start the protocol. Each member device Mibroadcasts its own identity IDi
to the group, and receives others’ IDs. After a timeout, each Misorts the pool of IDs
in ascending order and keeps its own view of the group Gi. In addition, the controller
checks if the group size equals to n; if not, it will abort. The true group is denoted as
G, which can be perceived by the user.
Round 2 (wireless). In the commitment round, each Migenerates a random nonce
rias its own share of digest key to generate the SAS in the end. Then riis committed
4For example, we can use p≈280 to provide a 80 bit symmetric key.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:14 M. Li et al.
User designates controller MN, which initiates the protocol
Round 1:Given IDi(User enters group size Ninto MN)
Wait for {
d
IDj}j∈
b
Guntil timeout
Set Gi={
d
ID1, ..., I Di, ..., [
IDN}, in ascending order of ID.
MNwill abort if |GN| ̸=N.
IDi
−−−−−−−→
Counting&
d
IDj
←−−−−−−−−
GroupForming ···
(wireless)
Round 2: Pick ri
R
←− {0,1}n
(ci, di)←HCommit(IDi|mi, ri); record b
ci;
Verify
c
IDjreceived after
c
IDj−1∧
c
IDj̸=
c
IDi.
d
IDi−1,bmi−1,bci−1
←−−−−−−−−−−−−−−−
Commitment IDi,mi,ci
−−−−−−−−−−−−→
(wireless)
d
IDi+1 ,bmi+1,bci+1
←−−−−−−−−−−−−−−
·· ·
Round 3: If ∃j̸=i, ⊥← HOpen(
c
IDj|bmj,bcj,
b
dj), abort;
Else, ∀j̸=i, brj←HOpen(
c
IDj|bmj,bcj,
b
dj);
Record
b
Gi,b
mi,b
ri, and verify
b
Gi=Gi;
(MNalso verifies |b
ck|=|
b
Gi|=|b
mk|=|b
rk|=N)
If verifications OK, compute sasi← H(
b
Gi|b
ci|b
mi,⊕b
ri)
b
di−1
←−−−−−−−−
Decommitment di
−−−−−−→
(wireless)
b
di+1
←−−−−−−−−
·· ·
Round 4: User verifies simultaneously LED: sasi
?
=sasj,∀i̸=j∈ G;
If verifications OK, user presses a button on every device.
Auth. & Confirm sasi
⇐========⇒
(visual OOB)
Fig. 4: Multi-party message authentication protocol (MP-MAP) at each device Mi: the message
to be authenticated of each device is mi.
along with the message miand its ID, which are public data. Since the digest keys
are hidden from the attacker in this round, all devices essentially have jointly com-
mitted to a SAS value that the attacker do not know. So the digest keys provide the
randomness required for security. All devices send their commitments ciin order, i.e.,
IDi−1’s transmission must precede that of IDi’s, and each device can verify this order.
The purpose is to provide device synchronization, i.e., they must agree on when one
round ends. By using strict message ordering in rounds 2 and 3, the message sent by
the device with largest ID serves as the synchronization signal. It prevents possible
attacks that exploit the desynchronization, e.g., the one discovered in [Perkovi´
c et al.
2011]. The controller will always be the last one to broadcast. Each device Mialso
keeps record of the set of received bcjs — b
ci={bc1, ..., ci, ..., bcNi}, where Nishould equal
to |Gi|.
Round 3 (wireless). In this round, each device Mireveals its committed digest key
by broadcasting the decommitment value so that others can verify the validity of the
commitment and obtain bri(they will check if c
IDi,bmi,briand bciare a valid message-
commitment pair). The controller, upon collecting all the other devices’ commitments
and digest keys, checks if the numbers of group members, commitments, messages
and digest keys all equal to N(the controller is assumed to be not compromised).
In addition, each other device should check the consistency of the group IDs w.r.t. Gi
collected at the beginning. After that, the SAS is computed at each Mias a digest of
the protocol transcript, with the XOR of Mi’s received set of b
rias digest key.
Round 4 (visual OOB). This round is when most of the human effort take place.
Next, the SASes are encoded into synchronized LED blinking patterns for user com-
parison. The duration of the LED blinking depends on the number of bits of the SAS.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:15
User designates controller MN, which initiates the protocol
Round 1: The same with round 1 in MP-MAP
Round 2: xi
R
←− Z∗
q
Xi←gxi
b
Xi−1
←−−−−−−−
DH public key Xi
−−−−−−−→
(wireless)
b
Xi+1
←−−−−−−
·· ·
Round 3: Compute KL
i, KR
i, Yi;mi← {Xi|Yi}
Pick ri
R
←− {0,1}n
(ci, di)←HCommit(IDi|mi, ri); record b
ci;
Verify
c
IDjreceived after
c
IDj−1∧
c
IDj̸=
c
IDi.
d
IDi−1,bmi−1,bci−1
←−−−−−−−−−−−−−−−
Commitment IDi,mi,ci
−−−−−−−−−−−−→
(wireless)
d
IDi+1 ,bmi+1,bci+1
←−−−−−−−−−−−−−−
·· ·
Round 4: The same with round 3 in MP-MAP
Round 5: User verifies simultaneously LED: sasi
?
=sasj,∀i̸=j∈ G;
If verifications OK, user presses a button on every device.
Each Micomputes {
b
KR
j}j∈
b
Gi\i,KG=
b
KR
1
b
KR
2...
b
KR
n,
individual keys: KiN = (
b
XN)xi;
MNcomputes {KNi = (
b
Xi)xN}i∈
b
GN\N.
Auth. & Confirm sasi
⇐========⇒
(visual OOB)
Fig. 5: The multi-party key agreement protocol (GDP) at each device Mi. It establishes a group
key and sensors’ individual keys with the controller.
Usually 16−20 bits are enough for security. If all the patterns are the same, Uconfirms
that authentication succeeded by pressing a button on every device.
4.3.2. The Group Device Pairing Protocol. Next we describe the GDP protocol which com-
bines the MP-MAP and the UDB group key agreement protocol. Round 1 is the same
with that in MP-MAP. In round 2, a Diffie-Hellman (DH) public key (Xi) is comput-
ed at each device, and is exchanged among all the devices in the group. In round 3,
each device first computes its Yivalue based on Xjs received in round 2, and then
takes Xi|Yias the message mito be authenticated. Devices compute and exchange
hash commitments in this round as in MP-MAP. Round 4 is the same as round 3 in the
MP-MAP, which reveals the digest keys. Finally, in round 5, after confirming all the
LED blinking patterns match, each device computes a group key based on all the pre-
viously received Xjs and Yjs which should be already authenticated up to this point. In
addition, as a byproduct, each sensor computes its individual key shared with the con-
troller using the DH public key, and vice versa. As we will show in the next Section, the
GDP achieves almost the same level of security as the PDP, with the same SAS length.
Therefore, using the same amount of human effort as in the PDP, an authenticated
group key and individual keys are all established.
4.3.3. Initial Trust Establishment via GDP. Now we describe some practical issues, e.g., how
the GDP is applied to initial trust establishment in the BAN (or called secure sensor
association). In reality, there is usually a limit to the number of LED blinking devices a
human user can watch at the same time. We refer to this limit as Nmax. If the number
of the intended group of devices for a BAN N=|G| ≤ Nmax , the user carries out one
GDP for Gto setup the group key KG. If N > Nmax, the user randomly picks nodes
from Gin a batch to form smaller subgroups whose sizes are equal to Nmax whenever
possible. The GDP protocol is then executed for each subgroup G(k). The controller
must be in every subgroup, so that it can establish a subgroup key KG(k)with each of
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:16 M. Li et al.
them through GDP. When the last subgroup has only one sensor node left, Scheme I is
automatically used to establish a pairwise key (however, it makes little difference to
the user). After that the controller generates the final group key KGand broadcasts it
using encryption to each subgroup: EKG(k){KG|G|M ACKG(k)(KG|G)}, where G=∪kG(k)
and |G| =N.
After the sensor association is successfully done, the group of devices need to setup
the pairwise keys among them. There are two options. The simplest way is to reuse
the DH public keys and let each Mi, i ∈ G compute Kij = (Xj)xi,∀j∈ G \ i. But this
incurs additionally N−2exponentiation operations for each sensor device (except the
individual key computation), which is not desirable for resource-constrained sensors.
The other way is to use the method in Sec. 4.2.2, i.e., let the controller broadcast ma-
terial to each sensor which is encrypted under the sensor’s individual key. And then
each sensor computes the shared pairwise keys with others on its own. In this way,
exponentiation operations are replaced with less costly field multiplication operations.
4.4. Deployment and Thereafter
The deployment phase establishes the pairwise and logical keys. Upon deployment,
each node Mifirst performs neighbor discovery. For each neighbor Mj,Micomputes the
pairwise key Kij as previously mentioned. In practice, in order to save storage space,
a node can merely store the pairwise keys that it uses frequently, while computing the
other pairwise keys on-demand.
Then, the logical keys are derived naturally from the subgroup keys in GDP, which
are used to form a logical key hierarchy (LKH). The LKH [Wong et al. 1998] has been
proposed to achieve efficient key revocation. Since the LKH is a balanced binary tree,
the message overhead for key revocation is O(log2(N)). However, it is not very efficient
for batch node addition or removal.
To avoid this drawback, we use a constant depth (d= 3), variable branch and bal-
anced key tree (Fig. 6). Each internal node stands for a logical key, and each leaf n-
ode corresponds to the individual key of a sensor node. So we have k0,0=KGand
k2,i =KC,i+1. The keys k1,i =KG(k)which are the subgroup keys derived in the end of
GDP. The branch of the root µ0,0equals to the number of subgroups, while the branch
of a second level node µ1,i =|G(i)|. The controller Chas the information of the entire
key tree. Note that, no messages are needed to transmit the logical keys for the tree in
our scheme.
Note that, our scheme can be easily extended to BANs with cluster topologies, s-
ince we can predict which nodes will form a cluster and thereby a subgroup by looking
at their functionalities. For example, the use of several sensor nodes connected to 30
motion sensors are reported in [Van Laerhoven et al. 2002] to detect patient’s acceler-
ation and gait. A simple clustered BAN topology is shown in Fig. 7. Some nodes form
clusters (e.g., M4, M5and M6, M7, M8), while others are independent with each other
(M1, M2, M3). In order to save energy, the controller directly communicates with clus-
ter heads and non-clustered nodes. In this case, the cluster keys will be the logical keys
and the subgroup keys at the same time. We can use GDP to setup the cluster key for
both clusters, and use PDP to establish individual keys for each non-clustered node.
After that, the BAN is ready to function. In summary, now a sensor node Mihas
the following key (material)s: KG, Ki,N , KG(k), fi(y),¯
k0. Since the keys may be com-
promised by cryptanalysis afterwards, we need to introduce sessions for the working
phase —- time periods across which keys are updated regularly. The above keys are all
treated as keys in session 0. A key Kin session iis denoted as K(i).
4.4.1. Session Key Update. Periodically, the controller broadcasts a update message to
the network. It is authenticated using the local broadcast authentication method [Zhu
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:17
Fig. 6: A logical key tree for a BAN of 9 nodes (Nmax = 3). A key is indexed by its level λand
branch number µ.G(k)refers to a subgroup.
Fig. 7: A simple clustered BAN topology.
et al. 2003], since we assume the BAN is one-hop. The controller first updates f(x, y):
fi+1(x, y) = fi(x, y)+∆i+1, where ∆i+1
R
←− Fp. Then, it updates the logical keys as
k0,0(i+ 1) = H(k0,0(i)), k1,µ(i+ 1) = H(k1,µ(i)), and broadcasts the following:
msg3←“Update to session i+ 1”|∆i+1
C−→ ∗ :Ek0,0(i){msg3},¯
ki+1, M AC¯
ki+1 (msg3).
Then, each sensor can authenticate Cby verifying that H(¯
ki+1) = ¯
ki.
Next, all sensor nodes update all the keys in its memory as the controller does. For
the pairwise keys, node ucomputes fu,i+1(y) = fu,i(y)+∆i+1 . This achieves the update
of all N(N−1)
2pairwise keys through only one broadcast message.
4.5. Membership Management
4.5.1. Node Join. Adding one node is easy; we can just perform one device pairing
using Scheme I. We will elaborate on how GDP supports efficient batch node addition.
Step 1. Before l > 1new nodes join the BAN during session i, they are reset by the
user (all dynamic memories are lost) and assumed to be benign.
Step 2. Before they are deployed, the same steps in GDP are performed by treating
them as a new group, where the controller obtains the temporary group key KT
Gand
all the logical keys.
Step 3. The controller advances the existing BAN to session i+ 1 without waiting
until the end of session i. To this end, all nodes do the same thing as in session key
update.
Step 4. The controller pre-distributes new polynomial shares fv,i+1(y)for each new
node v. Also, it encrypts KG(i+ 1) and ¯
ki+1 using KT
Gand broadcasts to the new nodes.
A new key tree can then be derived that includes the new nodes. Then, the new nodes
are deployed.
4.5.2. Node Leave/Revocation. Upon single node leave or revocation during session i,
the group key, logical keys and pairwise keys are renewed to exclude the leaving node.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:18 M. Li et al.
The controller randomly generates a new group key KG(i+ 1). All the logical keys
on the tree path of the leaving node are refreshed. For example, in Fig. 6, say M1is
revoked. Then, the controller sends the following messages:
C→M2:Ek2,2{k1,0(i+ 1)};
C→M3:Ek2,3{k1,0(i+ 1)};
C→M2, M3:Ek1,0(i+1){k0,0(i+ 1)};
C→M4, M5, M6:Ek1,1(i+1){k0,0(i+ 1)};
C→M7, M8:Ek1,2(i+1){k0,0(i+ 1)};
where k1,1(i+1) = H(k1,1(i)), k1,2(i+1) = H(k1,2(i)). After that, the controller sends the
updated polynomial share (∆i+1) to all nodes using authenticated broadcast. Thus, the
revoked node cannot obtain the new group key and the updated polynomial share. It
is straightforward to see how the above is done when batch node leave event happens,
for which we will analyze the efficiency in Sec. 6.
5. SECURITY ANALYSIS
For the authenticated key agreement (AKA) protocols in this paper, there are essen-
tially two security goals: key secrecy and key authenticity. A basic secrecy goal is de-
fined w.r.t. a passive adversary, i.e., an eavesdropper should have negligible advantage
in deriving the shared key KAB . In PDP, the only information sent over the wireless
channel for the derivation of KAB is the set of the Xis. Thus, key secrecy with a pas-
sive adversary amounts to that of Diffie-Hellman key exchange, which follows from
the assumption that the Decisional Diffie–Hellman (DDH) problem is intractable. In
the GDP protocol, a similar passive secrecy guarantee follows from the secrecy of the
UDB key agreement protocol [Dutta and Barua 2008].
Thus, key authenticity will be the AKA protocol security goal we study in the remain-
der of this section. The cores of our AKA protocols are their corresponding message
authentication protocols (MAPs). In the following, we focus on defining and proving
the security of MAPs. The security of an AKA protocol follows from the security of it-
s underlying MAP and the security of the key agreement protocol against a passive
adversary.5
Without loss of generality, we state the security definition of MAP using the
multi-party scenario. Assume the group consists of Nparties (devices): G=
{ID1, ID2, ..., I DN}; for simplicity we use ito represent IDi. Each party i∈ G has
some message mito be authenticated to all the rest parties in G, for example in the
PDP mi={IDi, Xi}, while in GDP mi={IDi, Xi, Yi}.
Next, we define secure message authentication of a MAP based on the notion of
“matching conversations” introduced by [Bellare and Rogaway 1994], where the detail-
s are provided in Appendix A. The following security definition captures the intuition
that if a MAP is secure, then the only way that an adversary can make all parties ac-
cept at the end of a protocol run is to faithfully relay all the messages. We will use b
mito
denote i’s received vector (ordered set) of messages {bm1i, ..., bmi−1i, mi,bmi+1i, ..., bmN i},
and similarly b
cistands for the vector of received commitments by i, etc.
5To show this, the modular approach proposed by Bellare et al. [Bellare et al. 1998] can be applied. Specif-
ically, It assumes two adversary models — the authenticated link model (AM) and un-authenticated link
model (UM). If a protocol is proven to be secure in the AM, then it can be shown to be secure in the UM
provided that each message transferred between the parties is authenticated by a protocol called message
transfer (MT) authenticator. In our setting, by saying “security of the key agreement protocol” we mean its
unauthenticated version (e.g., original Diffie-Hellman) should be secure in the AM, while the MAP can be
regarded as an MT-authenticator.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:19
DEFINITION 5(SECURE MESSAGE AUTHENTICATI ON).We say that Πis a (ϵ, T )-
secure message authentication protocol with a group of participants G(|G| ≥ 2), if for
any T-time adversary A,
(1) (Matching conversations ⇒acceptance) If all pairs of parties in Ghave jointly match-
ing conversations, then all parties accept.
(2) (Acceptance ⇒matching conversations) Letting AdvΠ(A) = Pr[All-accept ∧
No-MatchingA], where No-MatchingArefers to the event that the conversations are
not jointly matching, we have AdvΠ(A)≤ϵ.
In (2), we may use the uncorrupted group N=G, in which case we speak of the
adversary as an outsider. Alternatively, we may choose N(G, and speak of an insider
adversary. In a two-party MAP, one does not need to consider one of the parties be-
ing compromised, because then there is nothing to prove. Thus we only discuss node
compromise for the multi-party protocols.
5.1. Security of the PDP
We will refer to the message authentication protocol underlying the PDP as “two-party
MAP (TP-MAP)”. We first state the following theorem.
THEOREM 1. Assume that the digest function satisfies ϵu-key-based uniformity and
ϵr-no uniform compensation. If the hash commitment scheme is (ϵh, Th)-hiding and
(ϵb, Tb)-binding, the TP-MAP is (max{ϵu, ϵr}+ϵh+ 2ϵb,2Tb+Th+O(1))-secure.
PROOF. Please refer to Appendix. B.
Security interpretation. The security levels achieved by the TP-MAP (and the MP-
MAP as we will see) depend mainly on the SAS’s length ℓ. This is because the adver-
sary’s deception probability is dominated by either ϵuor ϵr, which should equal to 2−ℓ
given an ideal digest function. While ϵh, ϵbreflect the security of hash commitment,
which use long nonces. Their values are approximately 2−n, orders smaller than 2−ℓ.
5.2. Security of the GDP
The MP-MAP can be proven as secure as the TP-MAP under the Bellare-Rogaway
model, even when there exist compromised devices (insider attack). Our assumption is
that the controller is not compromised, but any other sensor could be compromised by
the adversary6.
THEOREM 2. Assume that the digest function satisfies ϵu-key-based uniformity and
ϵr-no uniform compensation. If the hash commitment scheme is (ϵh, Th)-hiding and
(ϵb, Tb)-binding, the MP-MAP is (max{ϵu, ϵr}+ϵh+ 2ϵb,2Tb+Th)-secure.
PROOF. Please refer to Appendix. C.
Remarks. The MP-MAP and TP-MAP’s security proofs are similar, and they both
belong to the directly binding category [Nguyen and Roscoe 2011]. Interestingly, we
can summarize several principles underlying both multi-party and two-party version
of the MAP protocol in this paper. They are: (1) they both follow the joint-commitment
before knowledge principle, where the hash commitment only needs two properties
— hiding and binding; (2) they both have the strict order of message exchanges in
each round; (3) they both use a digest function with the key-based uniformity and no
uniform compensation properties defined in Section. 3.3; (4) they have both bound the
message mito the commitment, and digest for SAS involves all protocol transcript.
6For a MP-MAP to make sense, there must be at least two non-compromised devices.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:20 M. Li et al.
A C B
•A,mA,cA
−−−−−−→ A, bmAC,bcAC
−−−−−−−−→ • A, bmAB ,bcAB
−−−−−−−−→ •
⇓ ⇓ ⇓
•B, bmB A,bcBA
←−−−−−−−− • B, bmB C ,bcBC
←−−−−−−−− B,mB,cB
←−−−−−− •
⇓ ⇓ ⇓
•C,mC,cC
←−−−−−− C,mC,cC
←−−−−−− • •
⇓ ⇓ ⇓
•dA
−−→ dA
−−→ •
⇓
•C, bmC,bcC
−−−−−−→ C , bmC,bcC
−−−−−−→ •
Fig. 8: A potential attack scenario against three party MAP, if the controller (C) is compromised.
5.2.1. Security Intuition of the Role of Member Count. The member count information plays
an important role in achieving exclusiveness (or demonstrative identification), i.e., the
group authenticated in the end includes only the devices the user sees in front of her,
which excludes any outsider attacker. If there is no member count information, exclu-
siveness cannot be achieved, as is the case in [Laur and Pasini 2008]. This is because
before the group of devices meets with each other, they do not know the member list in
advance. An attacker Acan thus claim it is one of the group members and inject her
DH public key share, trying to obtain the group key. Then the actual group becomes
b
G=G ∪ A, while for members in G, they still have the same SAS values. While the
only sign that the user perceives is the LED blinking patterns on the sensor nodes, she
will accept b
Gas authenticate. However, with the count information, this attack can
be defeated. First, if N+ 1 key shares are received by the controller, GDP will abort,
assuming that the user counts correctly. Second, if MNonly receives N Xis and Yis
from G, but G \ MNall receive N+ 1 key shares from G ∪ A,Awill not be able to derive
the same key with all j∈ G, thus have no gain. Even if Acarries out such attack to
disrupt the group, it will not be able to make all the SASes equal due to the properties
of the digest function.
5.2.2. Security Intuition Against Compromised Devices. Here we provide more insight into
why GDP is secure against compromised devices. We illustrate it using a potential
attack in reminiscence of the one discovered in [Perkovi´
c et al. 2011], if the controller
(device with largest ID) is compromised.
Suppose there are three devices: A,Band C. Controller Cis under the full control
of the adversary, i.e., it can launch active attacks in the wireless channel. Depicted
in Fig. 8, Ctries to impersonate Bto Aand vice versa, but it does not try to break
the group exclusiveness. C’s goal is to make all the SASes equal. In the first move,
after seeing cA,Cconstructs new commitments bcAC and bcAB with brAC ,brAB known
by itself. Then after Bsends cB,Cdoes the similar thing to the above. In the third
move, Csends C, mC, cConly to Ato trick Asend its decommitment dA, so that C
will know rAbefore this round ends. At this point, Cknows all the random nonces
received/generated at A, and also all the received/generated data at A, which leads to
the revealing of sasAin advance. What remains for Cis to compute bcCand θoffline
(after seeing cB), such that bcCopens to an brC=rB⊕θwhere rBis not known by C,
which makes sasB=sasA. Assuming this can be done (since our hash commitment
does not preclude malleability), Ccan make all SASes equal while deceiving both A
and B.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:21
In the above attack, the attacker knows the last digest key rN. However, if the con-
troller is not compromised but the attacker compromises any other device with smaller
ID (e.g. B), there is no way for she to obtain the value of rNbefore the commitment
round ends (except by breaking the hiding property with negligible probability). So
there is no way to know the SAS of the controller beforehand, which also means she
cannot compute the SAS of other devices (e.g., A) offline to make SASes equal.
Therefore, the key factor for MP-MAP to be immune from insider attacks is that,
the uncompromised controller is mandated to be the device with largest ID. Note that,
in [Perkovi´
c et al. 2011] the similar problem is dealt with by adding another round
between the commitment and decommitment rounds. Our scheme keeps the number
of rounds to the minimum.
5.3. Security of Key Management
5.3.1. Secrecy of the Key Polynomial. This is ensured to be unconditionally secure and
resists up to tcolluding attackers [Blundo et al. 1993]. If more than tpolynomial
shares are collected, f(x, y)can be reconstructed using bivariate Lagrange interpo-
lation. Therefore, we set tas the maximum number of nodes in the BAN. For example,
t= 50 is usually enough. In this case, even if all the sensors are compromised, f(x, y)
is secure and we can replace compromised nodes by new ones, as long as the total
number of nodes is smaller than t.
5.3.2. Backward Secrecy. For a new group member vjoined during the i-th session, the
new group key sent out by the controller is KG(i+ 1). It is infeasible for vto derive
KG(i), since it requires to break the pre-image resistance property of hash function.
5.3.3. Forward Secrecy. For a revoked former group member v, since the new group
key KG(i+ 1) is randomly generated by the controller and is securely delivered to the
remaining group members, vcan only randomly guess the value of KG(i+ 1).
5.3.4. Key Update and Revocation. A revoked group member must not be able to commu-
nicate with existing members. Because the value ∆(i+ 1) is randomly chosen from Fp
and is encrypted thus is not known to revoked members, vcan only guess it randomly.
The success probability is 1/p. For v, without knowing ∆(i+ 1), even if it possesses
fv,i(y), it cannot derive fv ,i+1(y), therefore cannot obtain pairwise keys with any legit-
imate node.
6. EVALUATION
In this section, we analyze the efficiency of our device pairing and key management
protocols. We first compare the overheads with an existing scheme, and then report
our implementation of GDP and experimental results.
6.1. Computation and Communication Efficiency of GDP
It is important for the trust establishment in a BAN to have both low computation
and communication costs. A common reason is to keep low energy consumption for
resource-constrained sensor devices. But more importantly, performing complex com-
putations would increase the protocol run time dramatically, which is not tolerable for
medical monitoring applications — especially under emergency situations. Many ex-
isting group message authentication (GMA) protocols [Vaudenay 2005; Laur and Ny-
berg 2006; Laur and Pasini 2008; 2009; Perkovi´
c et al. 2011] require the adoption of a
“non-malleable” commitment scheme, which is usually constructed based on number-
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:22 M. Li et al.
Decomposition SAS-GMA (bits) MP-MAP (bits)
Commu. cost
ID N · |ID|2N· |ID|
commit N·c1·q N ·n
decom.N·(c2·q+n+|ID|) 2N·n
message N· |m|N· |m|
Comput. cost
hash H(·)N2·n·(|ID|+|m|)N2·n·(|ID|+|m|+n)
commit/decom. N ·(c′
1+c′
2)·mod exp N·n·(|ID|+|m|+n)
sas universal hash digest function
Table II: Comparison of MP-MAP and SAS-GMA in terms of overall communication and compu-
tation. N: number of devices; q: length of group element in a non-malleable commitment scheme.
theoretic assumptions and incurs intensive computation7[MacKenzie and Yang 2004;
Vaudenay 2005; Laur and Nyberg 2006]. A representative scheme of this kind is the
SAS-GMA protocol proposed in [Laur and Pasini 2008; 2009], which we will compare
with. In terms of computation, the biggest advantage of our MP-MAP is the elimina-
tion of “non-malleable” commitment schemes. Instead, we only require commitments
with the basic hiding and binding properties, whereas much more efficient schemes
based on hash functions can be used (while still enjoying provable security).
Therefore, we compare both the overall computation and communication overhead
between our MP-MAP and the SAS-GMA in Table. II. The communication overhead
is evaluated in terms of number of bits transmitted/received. For the SAS-GMA pro-
tocol, we assume the use of a non-malleable commitment scheme from [MacKenzie
and Yang 2004]. The constants c1and c2stands for the number of group elements (the
length of each of them, qis usually 1024-bits) in the commitment and decommitment,
respectively. For example, for the DSA-based commitment scheme in [MacKenzie and
Yang 2004], c1= 2 and c2= 1. In contrast, in the MP-MAP we use hash commitments
and thus the length of a commitment value is the hash length —n. For instance, in
SHA-256 n= 256, and this is much smaller than q.
For the computation overhead, the main parts come from commitmen-
t/decommitment, hash function, and SAS computation. Common to both protocols is
the use of a cryptographic hash function H(·)to hash an arbitrary long data ( b
G|b
c|b
m)
to the length accepted by a universal hash (e.g., 256 bits) or digest function. The com-
plexity for a cryptographic hash is based on the simple model in [Nguyen and Roscoe
2011], which is linear to both the input length and the output (or key) length. The N2
factor is due to there are Ndevices, and each device’s hash input length is linear with
N. For the commitment/decommitment, c′
1, c′
2refer to the number of modular exponen-
tiations required in their computations respectively. For the DSA-based commitment
scheme in [MacKenzie and Yang 2004], c′
1= 5, c′
2= 4. For the SAS, the complexity
of the digest function is even smaller than a cryptographic hash [Nguyen and Roscoe
2011], and is similar to a universal hash [Laur and Pasini 2008]. In summary, it can be
seen that the MP-MAP is more efficient than SAS-GMA in terms of both computation
and communication.
Finally, for our GDP protocol, the additional computation overhead to the MP-MAP
is also small. It requires each sensor device to perform 3modular exponentiations and
2N−2modular multiplications for running the UDB key agreement protocol, and only
one additional modular exponentiation for computing the individual key shared with
controller. The computations for setting up the pairwise keys during the deployment
phase rely on Galois field multiplications instead and are much more efficient. On the
7Construction based on hash function has also been proposed in [Laur and Nyberg 2006], but the security
only remains as conjecture.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:23
other hand, the controller which is usually more powerful, needs to carry out N+ 2
modular exponentiations.
6.2. Prototype Implementation
We implemented GDP on a prototype sensor network platform consisting of 10 Tmote-
Sky nodes, each with 8MHz TI-MSP430 microcontroller, 10KB RAM and 48KB Flash
(ROM), and with TinyOS. We let one of the sensor nodes be the controller, which does
not improve the performance of GDP protocol. For our experiments, we implement
rounds 2-5 in Fig. 5 up to the computation of the group key and the individual keys.
The counting step is omitted, by programming the IDs of the devices and the group
size into them in advance.
We convert the Diffie-Hellman based group key agreement (UDB) to its elliptic curve
cryptography (ECC) version, where the modular exponentiation and modular multipli-
cation correspond to point multiplication and point addition, respectively. We use the
primitive operations provided by TinyECC [Liu and Ning 2008], including point mul-
tiplication and point addition, with all optimizations enabled. To provide 80-bit key
security, the finite field size used in ECC should be 160 bits. So we first compute 160-
bit group key and individual keys using ECC versions of the UDB and Diffie-Hellman
key agreement, and then hash the keys. In [Liu and Ning 2008], for 160-bit ECC and
with all optimizations enabled, the ECDH initialization time is reported to be 1.8s on
Micaz, while the key computation time is 2.1s. The required ROM and RAM sizes are
16KB and 1.8KB which are well below the capacities of a Tmote-Sky node. Since there
are only 4 point multiplications in ECC version of the GDP protocol on sensor nodes,
GDP is fairly practical to be implemented on low-end sensors.
For the hash commitment in GDP, we use a keyed hash (standard HMAC construc-
tion based on SHA-256), where the random nonce ris used as the key, and I D|mis the
input data. For implementation of the digest function, since the software code for it is
not available, we also employ the keyed hash instead, which is only for demonstration
purposes 8. We chunk the first ℓbits of the keyed hash to be the SAS. Finally, we set
ℓ= 16.
In Fig. 9, the experimental setup is depicted. Now we describe the protocol process
and user experience in more detail. After all devices are powered on, all the devices
display red LED by default. Then the user presses a reset button on the controller
which broadcast a “reset” signal to all the others. After resetting, the user presses an-
other button on the controller to initiate the protocol. The controller’s last message in
each round serves as synchronization signal, and different rounds are started/finished
through state transitions on each device. In each round before the final one, the other
sensors should display the same LED light pattern which indicates that they are syn-
chronized. Before devices start to display SASes, they display green light for several
seconds. The simultaneous LED blinking for SAS lasts for about 16 seconds; after that
if the patterns are the same, the user presses a button on every device to confirm. Note
that, in our implementation the synchronization signals sent out by the controller are
quite reliable, since the sensor nodes are put close to each other which leads to very
good channel conditions.
6.3. Results
In the following, we assume that Nmax = 10. And we will show that for Nmax = 10, it is
practical for a human user to perform the initial trust establishment with little effort.
8This only increases the computation time since the digest function is more efficient than a hash [Nguyen
and Roscoe 2008].
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:24 M. Li et al.
Fig. 9: Experimental setup with 10 devices. The central node is designated as the controller. All
nodes are displaying synchronous LED blinking patterns. ( c
⃝2011, Ming Li)
Decomposition Commu. Comput. LED blink. Idle Total
Time (ms) 409 11,005 15,360 3,187 29,961
Energy (mJ) 24.5 59.4 1,152 1.5 1,237.4
Table III: Decomposition of overhead of each sensor device in GDP (N=10).
2 4 6 8 10
0
50
100
150
200
250
Comparison between GDP and Scheme I
Group size
Time (s)
Scheme I
GDP
Fig. 10: Time for initial trust establishment.
For larger Nmax, specialized device could be used to aid the process such like the one
in [Perkovi´
c et al. 2011].
6.3.1. Time Required for Initial Trust Establishment. In our experiments, N≤Nmax. So we
plot the time for one GDP run (Tgdp(N)) against the group size Nin Fig. 10. It can be
seen that Tgdp is almost constant (increases linearly but very slowly) when Nincreas-
es. This is because all nodes display LED blinking patterns simultaneously, while the
computations are quite fast. Tgdp consists of time spent in computation (Tcp), commu-
nication (Tcm) and human interaction (TI). We then decompose Tgdp in Table. III. For
ℓ= 16 bits, TI≈16s (one bit for 1s). Obviously, the LED blinking time takes a major
portion, and then the computation time, and finally the communications. The idle time
is needed for nodes to wait to receive all other’s broadcasts in each round and to resolve
collisions.
When N > Nmax, the number of subgroups k=⌈N−1
Nmax−1⌉. Then the total initial trust
establishment time
Tgdp(N)≈(k−1)Tg dp(Nmax ) + Tgdp(N−k(Nmax −1)),(3)
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:25
2 4 6 8 10
1150
1200
1250
1300
Comparison between GDP and Scheme I
Group size
Energy consumption (mJ)
Scheme I
GDP
Fig. 11: Energy consumption per sensor node.
which increases linearly with k, and repeats the almost constant pattern when N≤
Nmax. The above time can be approximated theoretically, based on the experimental
values Tgdp(N), N ≤Nmax. For N= 20,Tgdp ≈60s.
We also compare GDP with Scheme I, in which Tsc1(N)=(N−1)Tsc1(2), where
Tsc1(2) is the estimated time for pairwise device pairing. From Fig. 10, Tsc1(N)is linear
with N. For N= 20, this is 475s. Obviously, when N≥3the time of GDP is far less
than Scheme I, which is also the case for [Keoh et al. 2009] that uses one-by-one sensor
association.
6.3.2. Energy Consumption. From the data sheet of Tmote [Tmo 2005], we obtain the
normal voltage and current of the mote under different conditions, based on which we
compute the energy consumption (EC). We plot the average EC for each sensor node in
GDP against the group size (N≤10) in Fig. 11, and compare it to the estimated EC of
Scheme I (based on the EC break down for each primitive operation). The EC of GDP
is a little higher than that of Scheme I, since it uses extra ECC point multiplication
and addition operations. However, the difference is small (below 50 mJ). Note that, for
the controller, the EC of Scheme I is linear to Nwhich is much larger than that of GDP
due to GDP’s grouping mechanism.
Then we break down the EC of GDP in Table. III. It can be seen that the LED
blinking takes major part in the EC, since its time is the longest and the required
power is among the largest. Although the communication needs the largest power, it
consumes the smallest energy since the time of it is quite small. Finally, note that the
energy spent in computation is very small too, because the required power is small.
6.3.3. Usability and Security. GDP supports batch deployment. From the experiments,
we found it is practical for a human to watch n≤10 LED blinking patterns simulta-
neously, when the nodes are put close to each other. The watch-and-compare is easy to
follow, and differences can be identified with high probability. While MiB [Kuo et al.
2007] and KALwEN [Law et al. 2010] also achieve batch deployment, they require ad-
ditional hardware (a faraday cage (FC), a keying device and a keying beacon). These
devices add cost to the BAN and a FC is cumbersome to carry by the user. The SAS-
GAKA [Laur and Pasini 2008] does not use additional device, however string compar-
ison needs a user to remember strings which requires Ninteractions. The results are
summarized in Table. IV. We also compare with SPATE [Lin et al. 2009], a group mes-
sage authentication protocol. It requires Ncomparisons of “T-flags” for each user, while
each comparison needs a few seconds, and the devices need to have screen/display.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:26 M. Li et al.
Comparison criteria
GDP
MiB
KALwEN
Keoh et.al.
SAS-GAKA
SPATE
Security
Key secrecy, authenticity √ √ √ √ √ √
Key confirmation √ √ ×√× ×
Exclusiveness √ √ √ √ ×√
Provable security √× × √ √ ×
Usability
Fast batch deployment √ √ √ ×√ √
Error-proof √ √ √ √ ×√
# of human interactions k≪N/ / N N N
Human effort L M M H M M
Cost
Requires NO PKI √ √ √ ×√ √
No additional hardware √× × √ √ √
No interface on sensors √ √ √ √ × ×
Involvement of PKC L NA NA M H L
Table IV: Comparison of GDP with related previous schemes. L: low; NA: none; M: medium; H:
high.
Finally, from the security point of view, few of the compared protocols have formal
security proofs. The SAS-GAKA is proven secure under a simulation-based security
model, but it requires the use of non-malleable commitment schemes. The protocol in
[Keoh et al. 2009] was proven secure using the Burrows-Abadi-Needham (BAN) logic,
but the BAN logic is mainly suitable for proving traditional authentication protocols
secure, which involves the existence of pre-shared secret keys between the parties.
6.4. Efficiency of Key Management after Initial Trust Establishment
6.4.1. Communication. The overhead for adding Nnodes is essentially the same as
initial sensor association. The existing nodes do not need to perform extra commu-
nications. Revoking one node in subgroup krequires #G+|G(k)| − 1unicasts of the
controller, where #Gis the number of subgroups. Our scheme is very efficient under
group node leave, where the leaving nodes all belong to one subgroup or one cluster.
If mnodes leave in G(k), the controller only needs to send #G+|Gk| − mmessages.
Clearly, if |Gk|=Nmax , for single sensor leave/revocation there is an optimal value
for Nmax, which equals to √N−1. For N≤100, this is smaller than 10. Therefore, it
provides a guideline to choose Nmax for GDP.
6.4.2. Storage. If all the pairwise keys are stored along with the polynomial share, the
size of the keys stored on each sensor node is: 2κ+ (N−1 + t)·log p+nbits, where κ
is the bit length of symmetric key. If the sensors do not store the pairwise keys, then
the minimum size of the keys is: 2κ+t·log p+nbits. Assume κ= 80,log p= 80, t =
50, n = 256, the maximum size is 4416 + 79Nbits, while the minimum is 4416 bits.
These numbers are well below 4KByte, the available RAM of Micaz.
7. CONCLUSION
In this paper, we address the problem of secure ad hoc initial trust establishment and
key management in body area networks. We exploit the concept of “device pairing” and
propose group device pairing (GDP), a novel solution that establishes an authenticated
group consisting of low-end sensor devices and a controller, without relying on any
pre-distributed secret information. An authenticated group key and individual keys
are agreed upon using GDP, with the help of simultaneous and manual comparison
of LED blinking patterns on all devices, which can be done within 30 seconds with
enough security strength in practical applications. GDP helps the user of a BAN to
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:27
visually make sure that the authenticated group only consists of those nodes that she
wants to deploy and associate with the intended patient. The resulting initial key
materials enable efficient key management after network deployment. We have proven
the security of the proposed GDP and its two-party version (PDP) under standard
security notions; especially we show the non-necessity of non-malleable commitment
schemes. Efficiency analysis shows that GDP outperforms a previous group message
authentication protocol, while experimental results show that GDP greatly reduces the
total time and complexity of human effort, and being efficient both in communication
and computation.
ACKNOWLEDGMENTS
We would like to thank Hanfei Zhao for his help with GDP’s prototype implementation. We also thank
Shahab Mirzadeh for his comments on the conference version of this paper. Finally, we thank the anonymous
reviewers for their helpful comments.
APPENDIX
A. SECURITY DEFINITION OF MAPS: MATCHING CONVERSATIONS
In this section, we give a formal treatment of matching conversations [Bellare and
Rogaway 1994], adapt it to group settings and deal with broadcast messages. First,
if each participant i∈ G has executed a local run (or partial run) Ri, then we can
interleave the events of all the local runs, arranging them in a single sequence, in
many different ways. One of these sequences is a topological sort of {Ri}i∈G if, for all
i, it preserves the order of events lying on the same Ri. We use topological sorts to
represent the notion of a proper matching up of transmission and reception events.
When a protocol uses no broadcast, but only point-to-point messages, we can require
that we can always place a matching transmission-reception pair next to each other.
We will give the definitions first for the case without broadcast, and then loosen them
for the case using broadcast, as is needed for our protocols.
Thus, we will say that the parties i∈ G have jointly matching broadcast-free conver-
sations in a family {Ri}i∈G of local runs if:
there is a topological sort of the transmission and reception events of all
local runs Ri, respecting the local ordering of each Ri, such that
(1) every reception event e1immediately follows a transmission event e0,
and e1receives the same message sent at e0; and
(2) vice versa, every transmission event e0immediately precedes a recep-
tion event e1, and e1receives the same message sent at e0.
Thus, if the parties have matching conversations, all messages transmitted by them
will be received unaltered, i.e., authentically. This condition also implies that the same
transmitted message is not delivered more than once, since only one reception can
follow it immediately.
To generalize this notion to a group Gwith an uncorrupted subset N ⊆ G, we will
suppose that associated with every reception e1along a local run Riwith i∈ N, there
is an expected sender j∈ G. Likewise, associated with every transmission e0along a
local run Riwith i∈ N, there is an expected recipient j∈ G. This is certainly the
case with our protocols when the group Gis known. Now, a set {Ri}i∈N of local runs
for i∈ N consists of jointly matching, broadcast-free matching conversations for the
uncorrupted participants if:
there is a topological sort of the transmission and reception events of the
local runs Ri, respecting the local ordering of each Ri, such that
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:28 M. Li et al.
(1) for every reception event e1, if the expected sender of e1is some j∈
N, then e1immediately follows a transmission event e0on Rj, and e1
receives the same message sent at e0; and
(2) vice versa, for every transmission event e0, if the expected recipient of
e0is some j∈ N, then e0immediately precedes a reception event e1on
Rj, and e1receives the same message sent at e0.
Our previous definition without corruption, is equivalent to the case in which N=G,
at least when the group is known, and each message makes its expected sender and
expected recipient explicit.
To adapt our definition to the case with broadcast messages, we use a symbol ∗
to represent the expected recipient of a broadcast message. We assume ∗ ̸∈ G. The
idea is that a message with expected recipient ∗is broadcast and may be received by
everyone. In this case, there may be several reception events, all following immediately
after the transmission as a block. We assume here that Nis non-empty. A set {Ri}i∈N
of local runs for i∈ N consists of jointly matching conversations for the uncorrupted
participants if:
there is a topological sort of the transmission and reception events of the
local runs Ri, respecting the local ordering of each Ri, such that
(1) for every transmission event e0,e0immediately precedes a reception
event e1on some Rj, where the expected recipient of e0is either jor
∗. If the expected recipient of e0is j, then e1is not followed by another
reception event. Moreover, e1receives the same message sent at e0.
(2) for every reception event e1, if the expected sender of e1is some j∈ N,
then e1immediately follows some event e0, and e0involving the same
message as e0. If e0is a transmission event, then e0lies on Rj.
B. PROOF OF THEOREM 1
PROOF. Let the parties involved in a protocol run as Aand B. The first part of the
security goal is obvious, so we only need to show that for any Tb+ 2Th+O(1)-time
adversary A, whenever the assumptions of the theorem hold, its deception probability
AdvΠ(A)is no larger than max{ϵu, ϵr, ϵ2
h}+max{ϵr, ϵb}. We first denote the event “A
succeeds in deception” as S, where
S={S1∧S2},{Both-accept ∧No-matchingA},(4)
where No-matchingArefers to the event that Aand Bdo no have matching conversa-
tions. Note that, in order for both of them to accept, they need to successfully verify
the SASes are equal (Fig. 3), and they must not abort during the protocol. It is easy to
see that AdvΠ(A) = Pr[S].
Next we analyze Pr[S]. First we define “viewi” as the ordered set consisting of all the
messages received by device iin the round 2 (viewA={mA,bmB, cA,bcB}, and viewB=
{bmA, mB,bcA, cB}).
We will use the following lemma to continue our proof.
LEMMA 1. In the TP-MAP, if event S2happens (No-matchingA), then either viewA̸=
viewB, or otherwise, Aand Bwill accept with probability ϵb.
The above is straightforward to prove. To see that, notice if viewA=viewB, to create
no-matching conversations the adversary must break the binding property of hash
commitments (i.e., to find a different dfor the same mand cvalues), and the probability
of success is no larger than ϵb. Thus, we can define an event E,{viewA̸=viewB}.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:29
A B
•mA,cA
−−−−→
bmA,bcA
−−−−→ •
⇓ ⇓
•
bmB,bcB
←−−−− mB,cB
←−−−− •
⇓ ⇓
•dA
−−→
b
dA
−−→ •
⇓ ⇓
•
b
dB
←−− dB
←−− •
Fig. 12: Diagram for a partial execution of the protocol in the TP-MAP for our PDP. Note that,
here micontains IDiand the message to be authenticated.
Observe that, by the total probability principle, we have
Pr[S] = Pr[S|E]P[E] + Pr[S|¯
E]P[¯
E](5)
(1)
≤Pr[S|E] + Pr[S|¯
E]
(2)
=Pr[S1|E] + ϵb.
where (1) follows from Pr[E],Pr[¯
E]≤1, and (2) follows from Lemma. 1 and the fact
that Eimplies S2(no-matching conversations).
Therefore, next we focus on the case that event Ehappens, and assume Adoes not
break the binding property of hash commitments. There are two cases for viewA̸=
viewBthat deserves discussion. (1) b
mA̸=b
mBbut b
cA=b
cB. This again corresponds
to a double opening of the hash commitment, and the probability the adversary will
succeed in this way is bounded by ϵb. (2) b
cA̸=b
cB. We have the following lemma for
this case.
LEMMA 2. In the TP-MAP, given b
cA̸=b
cB, for any Th+O(1) time adversary that
does not break the binding of hash commitments, Pr[S1|E]≤max{ϵu, ϵr}+ϵh.
PROOF. To be clear, consider the diagram for a partial execution (first four moves) of
the protocol9in Fig. 12. The black dots stand for the decision points of each party’s run
(also called a strand), while down arrows represent parties’ internal state transitions.
The blank parts between two strands indicate a party’ sent messages can be manipu-
lated by any outsider adversary before they are received by the other party. The first
two moves consist the first round, and the second and fourth moves consist the second
round.
First let us assume the adversary Adoes not break the hiding property of hash com-
mitments in the first round (this strategy is denote as H). This does not preclude the
following three general strategies — (a) Acan simply relay a message truthfully; (b)
Acan create a new bcAor bcBusing brAor brBvalues of her own choice, but are indepen-
dent of rAand rB; (c) create “related” bcAand bcBcommitting to unknown brAand brB,
that are “correlated” to rAand/or rB, respectively, after seeing cAand cB(malleabili-
ty). (although she does not know the latter two). The “correlation” (∼)between those
rvariables could mean anything except their independence. But here, it must have
a constraint — the variables (regarded as bit strings) have the same length, other-
wise it does not make sense. So relations like string concatenations are excluded. The
9Here we adopt the protocol representation in strand spaces proposed by [Guttman 2011].
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:30 M. Li et al.
simplest relation is equality; however, relaying is the same with (a), while the replay
attack (copying cAas bcB) is prevented since the commitments have included sender ID
in it, and the replay will not pass the verification of A.
Since Adoes not break the binding property of hash commitments, the digest keys
are bound to the commitments. So we can focus on the commitment round only. In
order to succeed, Amust create bcAand bcBsuch that sasA=sasB. For bcA, if Achooses
strategy (a) and let bcA=cA, then rAand rBare independent since they are randomly
generated by Aand B, respectively; if Achooses (b) or (c), due to the precedence bcA≺
cB,brAwill still be independent from rB, which is unknown by A.
As bcBis the last message Acan send, it must obtain a corresponding brBsuch that
sasA=sasB. Note that, Acannot simply relay both cAand cB. Next we discuss the
case when bcA̸=cA.
—Acan choose strategy (b) to construct any of bcA. No matter how bcBis constructed,
brAmust be independent from both rAand rBwhich are unknown to A. So according
to the key-based uniformity property of digest function, the probability of finding brA
such that H(b
mA, rA⊕brB) = y=H(b
mB,brA⊕rB)is smaller or equal to ϵu, where yis
a fixed number.
— So Acan choose strategy (a) or (c) for bcAand bcB. According to our definitions, we have
brA∼rAand brB∼rBor brB∼rA. W.l.o.g., suppose brA=rA⊕θ1and brB=rB⊕θ2or
brB=rA⊕θ3. In the first case, we have Pr[H(b
mA, rA⊕rB⊕θ2) = H(b
mB, rA⊕rB⊕θ1)] ≤
ϵraccording to the no uniform compensation property of digest function, where θ=
θ1⊕θ2. In the second case, we have Pr[H(b
mA, θ3) = H(b
mB, rA⊕rB⊕θ1) = y]≤ϵu,
since yis a fixed (unknown) number.
For the case bcA=cA, it can be shown similarly that A’s probability to succeed is no
larger than max{ϵu, ϵr}. Combining the above, we get Pr[S1|E]≤max{ϵu, ϵr}for any
O(1)-time adversary that does not break hiding of hash commitments.
Second, if the hiding property of any hash commitment is broken, A’s probability of
success is bounded by ϵhfor any Thtime A. So the Lemma is proved.
Using Eq. (5) and Lemma 2, we get
Pr[S]≤max{ϵu, ϵr}+ϵh+ 2ϵb,(6)
for any adversary Athat runs in 2Tb+Th+O(1) time.
C. PROOF OF THEOREM 2
PROOF. First we define “viewi” as the set of information exchanged in the sec-
ond round, which is the ordered set consisting of all the messages (b
mi,b
ci), i.e.,
({c
IDj|b
Xj|b
Yj},{bcj}), j ∈ Gireceived by device iin the round 2.
In this proof, we use Gto denote the true group of legitimate devices (perceived by
human user), and Nto denote the subset of non-compromised devices in G. Similar to
TP-MAP, we define
S={S1∧S2},{All-accept ∧No-matchingA},(7)
where All-accept means all devices in Naccept, while No-matchingArefers to the
event that there exist i, j ∈ N such that their conversations do not match. We will use
the following lemma to continue our proof.
LEMMA 3. If event S2happens (No-matchingA), then either ∃i, j ∈ N such that
viewi̸=viewj, or otherwise, all the devices in Nwill accept with probability ϵb.
The argument for this Lemma is similar to that of Lemma. 1.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:31
Define event E,{∃i, j ∈ N, s.t.viewi̸=viewj}, we have the following:
Pr[S] = Pr[S|E]P[E] + Pr[S|¯
E]P[¯
E](8)
(1)
≤Pr[S|E] + Pr[S|¯
E]
(2)
=Pr[S1|E] + ϵb.
The second equation follows from Lemma. 3 and the fact that Eimplies S2(no-
matching conversations).
Next, we use the following bound to constrain our discussion to the scenario that all
pair of non-compromised devices’ SASes match except one pair Nand i(event denoted
as S1−Ni ), ∀i∈ N \ N, while Nand i’s views do not equal. Applying the probability
product rule, we get:
Pr[S1|E] = Pr[S1, E]
Pr[E](9)
≤Pr[S1, E]
Pr[E, S1−N i ]
=Pr[SNi |E, S1−Ni ],
where SNi ,{sasN=sasi}, because S1={SN i , S1−Ni }. Also, note that event Eimplies
there must exist some isuch that viewi̸=viewNwhere Nis the controller, we can
further decompose Pr[SNi|E, S1−Ni ]into two cases for iand N, i.e., |Gi|=Nor |Gi| ̸=N
(note that N=|GN|, otherwise MNwill not accept).
Connecting the above, we thus have the following bound on Pr[S]:
Pr[S1|E]≤max {Pr[SNi |E, S1−Ni ,|Gi|=N],
Pr[SNi |E, S1−Ni ,|Gi| ̸=N].(10)
It remains to show that the probabilities on the right hand side are upper bounded
by max{ϵu, ϵr}+ϵh+ϵb. We first focus on the case of E, S1−Ni ,|Gi|=N.
There are two cases for viewi̸=viewNthat deserves discussion. (1) b
mi̸=b
mNbut b
ci=
b
cN. This corresponds to a double opening of the hash commitment, and the probability
the adversary will succeed in this way is bounded by ϵb. (2) b
ci̸=b
cN. Here we need
to consider two cases: N=G(no compromised insiders) or N G(some devices are
compromised). We first discuss the former case. We have the following lemma, whose
proof is shown later.
LEMMA 4. In the MP-MAP, given b
ci̸=b
cN, for any Thtime adversary that does not
break the binding of hash commitments, Pr[SNi|E , S1−Ni ,|Gi|=N]≤max{ϵu, ϵr}+ϵh.
For the case of E, S1−N i,|Gi| ̸=N, using a similar analysis to the proof of Lemma. 4,
the same conclusion can be drawn. Note that since |Gi| ̸=|GN|, in the SASes of iand
N, respectively, their data input parts of the digest function will never equal to each
other even if b
ci=b
cNand b
mi=b
mN, while this does not affect the result. In fact, this
is why we should include all the protocol transcript into the SAS digest.
From the above, we know that the right hand side of Eq. (10) is bounded by
max{ϵu, ϵr}+ϵh+ϵbfor a Tb+Thtime adversary. Summing up Eqs. (8), (9) and (10),
we get Pr[S]≤max{ϵu, ϵr}+ϵh+ 2ϵbfor a 2Tb+Thtime adversary.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:32 M. Li et al.
Mi∈ N MN∈ N
bm1i,bc1i
−−−−−→ •
bm1N,bc1N
−−−−−−→ •
⇓ ⇓
.
.
..
.
.
⇓ ⇓
•mi,ci
−−−→
bmiN ,bciN
−−−−−→ •
⇓ ⇓
.
.
..
.
.
⇓ ⇓
bmN−1i,bcN−1i
−−−−−−−−−→ •
bmN−1N,bcN−1N
−−−−−−−−−−→ •
⇓ ⇓
•
bmN i,bcNi
←−−−−− mN,cN
←−−−−− •
Fig. 13: Simplified diagram for a partial execution concerning devices iand Nin round 2 of
protocol MP-MAP. mstands for the message to be authenticated.
Proof of Lemma. 4.
PROOF. Consider the simplified diagram in Fig. 13. When N=G, our proof strategy
is to show that, if Adoes not break the hiding of any hash commitments, its probability
of success will be bounded by max{ϵu, ϵr}. On the other hand, if any hash commitment’s
hiding is broken, A’s probability of success is bounded by ϵhfor any Thtime A.
Then we focus on proving the first statement above. Adversary Acan generate com-
mitments bc1i, ..., bci−1i,bci+1i, ..., bcN i and bc1N, ..., bcN−1Nin arbitrary ways. It can either
simply relay the original commitments sent by honest parties (without knowing the
underlying rvalues), or construct new commitments using its own brvalues, or create
commitment bcj′i′that is related to any cj, j ∈ G while does not know brj′i′, where either
j=j′or j≺j′.
Since the last message Acan inject/modify is bcN i, we can focus on how Acan compute
it to make sasi=sasN. The SASes are in the following forms: sasi=H(ηi,br1i⊕...⊕ri⊕
...⊕brNi )(denoting ηias the data inputs); and similarly, sasN=H(ηN,br1N⊕...⊕brN−1N⊕
rN). In the above, both riand rNare unknown to A, and since b
ci̸=b
cN,ηi̸=ηN.
Note that, all the bc1N, ..., bcN−1Nmust be created before cNis sent out due to the
message ordering, so br1N, ..., brN−1Nmust be independent of rNwhich is unknown to A.
We have two cases:
— If Arelays cNto iand brNi =rN, since bc1i, ..., bci−1i,bci+1i, ..., bcN−1i≺bcN i,br1i, ..., brN−1i
must be all independent with rN. Thus, sasi=H(ηi, θi⊕rN), where θi=br1i⊕
... ⊕ri⊕.... ⊕brN−1iis independent of rN, and sasN=H(ηN, θN⊕rN), where θN=
br1N⊕... ⊕rN⊕.... ⊕brN−1Nis independent of rN. In the above, no matter whether θi
is known to Aor not, it is a fixed number when Arelays rNto i, and the same is true
for θN. In addition, ηi̸=ηN. So according to the no uniform compensation property
of digest function, Pr[H(ηi, θi⊕rN) = H(ηN, θN⊕rN)] ≤ϵr, and θ=θi⊕θN.
— If bcNi is created by Ausing other strategies. Because Ais free to create related
commitments to ciafter seeing ci, and is also free to create its own commitments,
it could make θi⊕brN i equal to a number θ′
iit knows (otherwise, there will be an
unknown factor rjin br1i⊕... ⊕brN i , which reduces to the same case as above). Also,
sasNis fixed when Asends b
rNi to i. So the key-based uniformity property of digest
function applies and Pr[H(ηi, θ′
i) = H(ηN, θN⊕rN)] ≤ϵu.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:33
Finally, for the scenario with compromised devices (N G), the only additional
information to Ais the internal rjvalues for j∈ G \ N , j ̸=i, j ̸=N. It is easy to see
that the above proof still holds as long as iand Nare not compromised (ri, rNare not
known by A).
REFERENCES
2005. Tmote-Sky Product Description Key Features. www.bandwavetech.com/download/tmote-sky-
datasheet.pdf .
ALLIANCE, W. 2006. Association Models Supplement to the Certified Wireless Universal Serial Bus Specifi-
cation. Revision 1, 3.
ATENIE SE, G., ST EI NER , M., AND TSUDIK, G. 2000. New multiparty authentication services and key a-
greement protocols. IEEE JSAC 18, 4, 628–639.
BALFANZ , D., SMETTERS, D. K., ST EWA RT, P., AND WONG, H. C. 2002. Talking to strangers: authentication
in ad-hoc wireless networks. In NDSS ’02.
BELLARE, M., CANETTI, R., AND KR AWC ZYK , H. 1998. A modular approach to the design and analysis of
authentication and key exchange protocols (extended abstract). In Proceedings of the thirtieth annual
ACM symposium on Theory of computing. ACM, 419–428.
BELLARE, M. AND ROG AWAY, P. 1994. Entity authentication and key distribution. In Advances in Cryptol-
ogyCRYPTO93. Springer, 232–249.
BLUNDO, C., SANTIS, A. D., HERZBERG, A., KUTTEN, S., VAC CAR O, U., AN D YUNG, M. 1993. Perfectly-
secure key distribution for dynamic conferences. In CRYPTO ’92. Springer-Verlag, 471–486.
CAGALJ, M ., CAPKUN, S., A ND HUBAUX , J.- P. 2006. Key agreement in peer-to-peer wireless networks.
Proceedings of the IEEE 94, 2, 467–478.
CHAN, H., PERRIG, A., AND SON G, D. 2003. Random key predistribution schemes for sensor networks. In
IEEE S & P ’03. 197.
CHEN, C.-H. O., CHEN, C.- W., KUO, C., LAI, Y.-H., MCCUNE , J. M., STUDER, A., PERRIG, A., YANG,
B.-Y., AND WU, T.-C. 2008. Gangs: gather, authenticate ’n group securely. In MobiCom ’08. 92–103.
DIPIETRO, R., MANCINI, L., A ND ME I, A . 2003. Random key-assignment for secure wireless sensor net-
works. In Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks. ACM, 62–71.
DU, W., DENG, J., HAN, Y., VARS HNE Y, P., KATZ , J., AN D KHALILI, A. 2005. A pairwise key predistri-
bution scheme for wireless sensor networks. ACM Transactions on Information and System Security
(TISSEC) 8, 2, 228–258.
DUTTA, R. AND BA RUA , R. 2008. Provably secure constant round contributory group key agreement in
dynamic setting. IEEE Trans. on Inf. Theory 54, 5, 2007–2025.
ESCHENAUER, L. AN D GLIGOR, V. D. 2002. A key-management scheme for distributed sensor networks. In
CCS ’02. 41–47.
GOODRICH, M. T., SIRIVIANOS, M., S OL IS, J., T SU DIK , G., A ND UZU N, E. 2006. Loud and clear: Human-
verifiable authentication based on audio. In In IEEE ICDCS 2006. 10.
GUTTMA N, J. 2011. Shapes: Surveying crypto protocol runs. In Formal Models and Techniques for Analyzing
Security Protocols, Cryptology and Information Security Series. IOS Press.
HALEVI , S. AN D MICALI, S. 1996. Practical and provably-secure commitment schemes from collision-free
hashing. In Advances in CryptologyCRYPTO96. Springer, 201–215.
HANSON, M., PO WE LL, H., BA RT H, A., RI NGG EN BER G, K., CALHOUN, B., AYL OR , J., AND LACH, J. 2009.
Body area sensor networks: Challenges and opportunities. Computer 42, 1, 58–65.
JANA, S., PREM NATH, S., CL ARK , M., KAS ER A, S., PATWA RI, N., AN D KRIS HN AMU RT HY, S. 2009. On the
effectiveness of secret key extraction from wireless signal strength in real environments. In Proceedings
of the 15th annual international conference on Mobile computing and networking. ACM, 321–332.
JOVAN OV, E., MILENKOVIC, A., OTTO , C., AND DE GR OEN, P. C. 2005. A wireless body area network of in-
telligent motion sensors for computer assisted physical rehabilitation. J Neuroengineering Rehabil 2, 1.
KEOH, S. L., LUPU, E., AN D SLOMAN, M. 2009. Securing body sensor networks: Sensor association and key
management. IEEE PerCom ’09, 1–6.
KUMAR, A., SAX ENA, N., TSUDIK, G., A ND UZU N, E. 2009. Caveat eptor: A comparative study of secure
device pairing methods. IEEE PerCom ’09, 1–10.
KUO, C., LU K, M., NEGI, R ., AN D PERRIG, A. 2007. Message-in-a-bottle: user-friendly and secure key
deployment for sensor nodes. In SenSys ’07. 233–246.
LAMPORT, L. 1981. Password authentication with insecure communication. Commun. ACM 24, 11, 770–772.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
00:34 M. Li et al.
LAUR , S., ASOKAN, N., AND NYBERG, K. 2005. Efficient mutual data authentication using manually au-
thenticated strings. In Cryptology and Network Security. Springer, 90–107.
LAUR , S. AND NYBERG, K. 2006. Efficient mutual data authentication using manually authenticated
strings. Cryptology and Network Security, 90–107.
LAUR , S. AND PAS INI , S. 2008. SAS-Based Group Authentication and Key Agreement Protocols. In Public
Key Cryptography - PKC ’08. LNCS. 197–213.
LAUR , S. AN D PASINI, S. 2009. User-aided data authentication. International Journal of Security and Net-
works 4, 1, 69–86.
LAW, Y., MONIAVA, G., GONG, Z., HAR TE L, P., AND PALA NISWAM I, M . 2010. Kalwen: A new practical
and interoperable key management scheme for body sensor networks. Security and Communication
Networks.
LI, M., LOU, W., AN D REN, K . 2010a. Data security and privacy in wireless body area networks. Wireless
Communications, IEEE 17, 1, 51–58.
LI, M., LOU, W., AND REN, K. 2010b. Secure device pairing. in Encyclopedia of Cryptography and Security
(2nd Ed.).
LI, M., YU, S., LOU, W., AND RE N, K. 2010. Group device pairing based secure sensor association and key
management for body area networks. In INFOCOM, 2010 Proceedings IEEE. IEEE, 1–9.
LIN, Y.-H., STUDER, A., HSI AO, H .-C., MCCUNE, J. M., WANG, K.-H., KROHN, M., LI N, P.-L., PERRIG,
A., SUN, H.-M., AND YANG, B.- Y. 2009. Spate: small-group pki-less authenticated trust establishment.
In Mobisys ’09. 1–14.
LIU, A. AND NING, P. 2008. Tinyecc: A configurable library for elliptic curve cryptography in wireless sensor
networks. In IPSN ’08. 245–256.
LIU, D. AND NING, P. 2003. Establishing pairwise keys in distributed sensor networks. In CCS ’03. 52–61.
LIU, D., NING, P., AND DU, W. 2008. Group-based key predistribution for wireless sensor networks. ACM
Transactions on Sensor Networks (TOSN) 4, 2, 1–30.
LORINCZ, K., MAL AN, D., FULFORD-J ON ES, T., NAW OJ, A., CL AVEL , A., SHN AYDER, V., MAI NLA ND, G.,
WELSH, M., A ND MOU LTON, S. 2004. Sensor networks for emergency response: challenges and oppor-
tunities. IEEE Pervasive Computing 3, 4, 16–23.
MACKENZ IE, P. AN D YANG, K. 2004. On simulation-sound trapdoor commitments. In Advances in
Cryptology-EUROCRYPT 2004. Springer, 382–400.
MALAN, D., W ELSH, M., AND SMITH, M. 2004. A public-key infrastructure for key distribution in tinyos
based on elliptic curve cryptography. In IEEE SECON 2004. 71–80.
MALASR I, K. AND WANG, L. 2007. Addressing security in medical sensor networks. In HealthNet ’07. 7–12.
MATHUR, S., TRAP PE, W., MANDAYAM, N., YE, C., AND REZ NIK , A. 2008. Radio-telepathy: extracting a
secret key from an unauthenticated wireless channel. In Proceedings of the 14th ACM international
conference on Mobile computing and networking. ACM, 128–139.
MCCUNE, J. M., PERR IG, A ., AND REI TE R, M . K. 2005. Seeing-is-believing: Using camera phones for
human-verifiable authentication. In IEEE S & P. 110–124.
MORCHON, O., BALDU S, H., AND SANCHEZ, D. 2006. Resource-efficient security for medical body sensor
networks. In BSN ’06. 83.
NGUYEN, L. AN D ROSCOE, A. 2008. Authenticating ad hoc networks by comparison of short digests. Infor-
mation and Computation 206, 2-4, 250–271.
NGUYEN, L. AN D ROSCOE, A. 2011. Authentication protocols based on low-bandwidth unspoofable chan-
nels: a comparative survey. Journal of Computer Security 19, 1, 139–201.
NITHYANAND, R., SAXENA, N., TSU DI K, G., A ND UZ UN, E . 2010. Groupthink: Usability of secure group
association for wireless devices. In Proceedings of the 12th ACM international conference on Ubiquitous
computing. ACM, 331–340.
PASINI, S. AN D VAUDENAY, S. 2006. SAS-based Authenticated Key Agreement. In Public Key Cryptography
- PKC ’06. LNCS Series, vol. 3958. 395 – 409.
PASS, R. 2003. On deniability in the common reference string and random oracle model. Advances in
Cryptology-CRYPTO 2003, 316–337.
PERKOVI ´
C, T., ˇ
CAGALJ, M., MASTELI ´
C, T., SAX ENA, N., A ND BEG U ˇ
SI ´
C, D. 2011. Secure Initialization of
Multiple Constrained Wireless Devices for an Unaided User. IEEE transactions on mobile computing.
PERRIG, A., SZEWCZYK, R., T YG AR, J., W EN, V., AND CULLER, D. 2002. Spins: Security protocols for sensor
networks. Wireless networks 8, 5, 521–534.
POON, C., ZH ANG , Y.-T., AN D BAO, S.-D. 2006. A novel biometrics method to secure wireless body area
sensor networks for telemedicine and m-health. IEEE Communications Magazine 44, 4, 73–81.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
Secure Ad-Hoc Trust Initialization and Key Management in Wireless Body Area Networks 00:35
PRASAD, R. AN D SAXENA, N. 2008. Efficient device pairing using human-comparable synchronized audio-
visual patterns. In Applied Cryptography and Network Security (ACNS). LNCS. 328–345.
SINGH, K. AND MUTHUKKUMARASAMY, V. 2007. Authenticated key establishment protocols for a home
health care system. In ISSNIP ’07. 353–358.
STAJ ANO, F. AND ANDERSON, R. J. 2000. The resurrecting duckling: Security issues for ad-hoc wireless
networks. In IWSP ’00. 172–194.
TAN, C. C., WA NG, H ., ZH ON G, S., AND LI, Q. 2008. Body sensor network security: an identity-based
cryptography approach. In ACM WiSec ’08:. 148–153.
VAN LAERHOVEN, K., SCHMIDT, A., AND GE LLERS EN, H.-W. 2002. Multi-sensor context aware clothing. In
Wearable Computers, 2002. (ISWC 2002). 49–56.
VAUD ENAY, S. 2005. Secure communications over insecure channels based on short authenticated strings.
In Advances in Cryptology–CRYPTO 2005. Springer, 309–326.
VENKATASUBRAMANIAN, K., BA NER JE E, A., AN D GUPT A, S. 2010. Pska: Usable and secure key agreement
scheme for body area networks. Information Technology in Biomedicine, IEEE Transactions on 14, 1,
60–68.
VENKATASUBRAMANIAN, K. AND GUPT A, S. 2010. Physiological value-based efficient usable security solu-
tions for body sensor networks. ACM Transactions on Sensor Networks (TOSN) 6, 4, 1–36.
VENKATASUBRAMANIAN, K., GU PTA , S., JETLEY, R., AND JON ES, P. 2010. Interoperable medical devices:
Communication security issues. Pulse, IEEE 1, 2, 16–27.
WONG, C. K., GO UDA , M., AND LAM, S. S. 1998. Secure group communications using key graphs. SIG-
COMM Comput. Commun. Rev. 28, 4, 68–79.
ZHU, S., SETIA, S., AN D JAJO DIA, S. 2003. Leap: efficient security mechanisms for large-scale distributed
sensor networks. In CCS ’03. 62–72.
ZHU, S., SETIA, S., AND JAJODIA, S. 2006. Leap+: Efficient security mechanisms for large-scale distributed
sensor networks. ACM Transactions on Sensor Networks (TOSN) 2, 4, 500–528.
ZIMMERMANN, P., JOHNSTON, A., AND CALLAS, J. March. 2006. Zrtp: Extensions to rtp for diffie-hellman
key agreement for srtp draft-zimmermann-avt-zrtp-01. In Internet-draft.
ACM Transactions on Sensor Networks, Vol. 0, No. 0, Article 00, Publication date: 0000.
