Skip to main content

Researchers: Health sensors open new doors for hackers

April 30, 2007

In just a few years, we might not have to be examined by our physicians to get an assessment of our health. Instead, a network of tiny sensors implanted in our bodies could alert us about health problems even before we feel any symptoms.

Sound too futuristic? Not so, says Sandeep Gupta, an associate professor in the Department of Computer Science and Engineering in ASU's Ira A. Fulton School of Engineering. Not only can he envision such a scenario, he already has considered a potential vulnerability of the “body sensor network”: information theft.

Gupta's research paper addressing the concern, “Security for Pervasive Health Monitoring Sensor Applications,” co-authored by graduate research assistant Krishna Venkatasubramanian, won “Best Paper Award” in December at the Institute of Electrical and Electronics Engineers' (IEEE) Fourth International Conference on Intelligent Sensing and Information Processing in Bangalore, India. In the paper, Gupta and Venkatasubramanian propose a solution to the vulnerability of information exchange between wireless biomedical sensors.

Biomedical sensors – sometimes called “smart sensors” – are, in essence, computer chips fused with sensors. They are very small and use little energy. They primarily are data collectors, but they also serve as communicators that can send out data to a larger computer – such as a doctor's personal computer – through a “base station,” which could be a computer chip woven into a person's shirt, or into a wristwatch.

Like all other types of information exchange, the transfer of data between biomedical sensors in the body is vulnerable to theft and needs to be protected. This is done using cryptographic “keys” – long strings of random numbers – to encrypt and decrypt (jumble and re-order) data.

Before any communication between sensors takes place, the sender and the receiver node (sensor) must be made aware of the key. This “key distribution” also must be done securely. There are several ways that a key can be distributed to the sensors, but not all techniques are equal in efficiency.

In their paper, Gupta and Venkatasubramanian propose a new technique for key distribution, unique to the body sensor network.

“We wanted to find a technique that would exploit the properties of the environment – the body – and derive these keys in an energy-efficient manner,” Gupta says.

In Gupta and Venkatasubramanian's proposal, two sensors wishing to communicate would simultaneously measure the same physiological property, such as the inter-pulse-interval (the difference in the value between two pulse rates). This random number would then be put through some sort of algorithm, which would then result in the generation of a key.

Through a synchronized measurement of some phenomena in the body, a key would be derived by the individual sensors. Because both sensors know the “password,” the key doesn't need to be communicated.

“This is a solution to the chicken-and-egg problem of secure data transmission,” Gupta says. “Using the physiological parameters of the body, you can secure the information, and because the sensors are using their environment to derive the key, a person outside the body cannot measure the environment.”

The security of information collected by biomedical sensors isn't yet a hot-button issue, but Gupta says that as emerging health-monitoring technologies become more pervasive – specifically, systems that use networks – the security issue will be a critical one.