Authentication of lossy data in body-sensor networks for cloud-based healthcare monitoring

Highlights

• Bodyworn medical devices are resource-constrained and operate in lossy environments.

• Data authentication is necessary for stakeholders to trust this technology.

• We propose a solution using the Merkle tree augmented with network coding.

• Experiments indicate over 99% items are authenticated with very low overhead.

Abstract

Growing pressure on healthcare costs is spurring development of lightweight bodyworn sensors for real-time and continuous physiological monitoring. Data from these sensors is streamed wirelessly to a handheld device such as a smartphone or tablet, and then archived in the cloud by personal health record services. Authenticating the data these devices generate is vital to ensure proper diagnosis, traceability, and validation of claims. Digital signatures at the packet-level are too resource-intensive for bodyworn devices, while block-level signatures are not robust to loss. In this paper we propose, analyse, and validate a practical, lightweight robust authentication scheme suitable for health-monitoring. We make three specific contributions: (a) we develop an authentication scheme that is both low-cost (using a Merkle hash tree to amortise digital signature costs), and loss-resilient (using network coding to recover strategic nodes within the tree). (b) We design a framework for optimizing placement of network coding within the tree to maximise data verifiability for a given overhead and loss environment. (c) We validate our scheme using experimental traces of typical operating conditions to show that it achieves high success (over 99% of the medical data can be authenticated) at very low overheads (as low as 5% extra transmissions) and at very low cost (the bodyworn device has to perform a digital signature operation no more than once per hour). We believe our novel authentication scheme can be a key step in the integration of wearable medical monitoring devices into current cloud-based healthcare systems.

Introduction

Increase in age-related disabilities and chronic medical conditions is putting huge pressure on national health expenditures worldwide. The US spends $2.3 trillion, or 16% of its GDP, on healthcare, and these costs are projected to rise steeply in coming years. A promising approach to dramatically cut costs is the emerging paradigm of mobile-health, which consists of bodyworn wireless sensor nodes that interface with handheld devices (such as smartphones and tablets), enabling cloud-based continuous monitoring (and possible treatment) of patients in their homes. Wearable platforms have recently begun to appear for personalised healthcare: the Sensium Digital Plaster  [1] is a bodyworn wireless solution that monitors a subject’s ECG, temperature, and movement. Efforts are underway to develop sensor devices that interact with the iPhone and iPad  [2] and Android devices  [3]. ABI research predicts 59 million wearable home health devices will be in use by 2014  [4].

However, for wearable medical monitoring devices to be integrated into the current healthcare system, doctors need to be able to trust the data these devices generate, as do insurance companies and government agencies that provide benefits. Given the critical importance of medical data and the huge associated liabilities, there have to be iron-clad guarantees as to source and data integrity. Specifically, the data stored in the cloud should be traceable back to the originating device; it should be non-repudiable, and should not be forgeable by anyone, including authorised parties such as the patient or doctor or caregiver, etc.

Wearable devices are by definition small and light (the Sensium weighs under 10 g), and hence severely constrained in computation, memory, communication, and battery resources. It is therefore tempting to offload the task of guaranteeing authenticity of the sensed data to the (more powerful) first-hop base-station, which may be a specialised unit, or an attachment to a multipurpose handheld device such as a smartphone. However, software on the base-station can easily be tampered with and secret keys extracted, rendering the data reported by the base-station (to a local or central database in the cloud) untrustworthy. Moreover, traceability of the medical data would only extend back to the base-station, and not to the bodyworn device, which is problematic when errors and malfunctions (which may carry heavy liabilities) need to be isolated. The data may be subject to tampering in the cloud itself by hackers and even parties authorised to legitimately access it. These requirements necessitate data authenticity be guaranteed by the source, namely the bodyworn device, rather than an intermediate transit point or destination.

Public-key cryptography is ideal for delivering conceptually simple and highly scalable at-source authentication of medical data without requiring complex key management. Data generated by the bodyworn device can be “digitally signed” by hashing the data content and encrypting with the device’s private key. Any entity can authenticate the data by verifying the signature using the device’s public key (which may be made publicly accessible). However, digital signatures are computationally expensive, typically two to three orders of magnitude more costly than symmetric-key operations.

In this paper we design, analyse, optimise and evaluate a novel authentication scheme whereby the bodyworn device need only perform digital signatures infrequently (e.g. once an hour, over a large block of data), thereby reducing energy costs, and the receiver can verify most of the data even in the presence of losses. We clarify here that our objective is not to recover lost data packets (that is deemed too complex and costly), but to be able to authenticate received data packets even if other packets in the data set are lost. Our scheme leverages the idea of a Merkle hash tree together with network coding. The sender combines hashes of the data items to form a tree and digitally signs only the root. The receiver validates the data by repeated hashing along the “authentication path” till the root is reached. Due to packet loss, nodes along the authentication path may not be available to the receiver. The sender therefore applies network coding to strategically insert “recovery packets” to help the receiver reconstruct the authentication path. We show that, if configured properly, recovery packets dramatically improve authentication of the data with very low computation and transmission overheads, even in the presence of loss.

Our specific contributions are: first, we develop a novel low-cost scheme for authenticating lossy data by combining a Merkle hash tree (to amortise authentication cost) with strategic use of network coding (to recover lost hash nodes in the tree). Second, we develop an optimisation framework that, for given loss conditions and specified overhead, determines a baseline for use of coding to maximise the fraction of data items that can be successfully verified. We then improve significantly upon this estimate using the Gilbert model to simulate packet loss in a bodyworn environment. Third, we validate our findings using experimental traces of typical operating scenarios (∼2% packet loss) to show that it allows nearly all (over 99%) of the medical data to be verified in a dynamic online setting for very low cost in transmission overheads (less than 4%) and computation (a digital signature operation once per hour). To the best of our knowledge our scheme is the first to provide a practical way of ensuring authenticity of lossy data at very low energy costs, suitable to the emerging paradigm of continuous cloud-based healthcare monitoring.

The rest of this paper is organised as follows: in Section  2, we discuss the system model, prior work, and briefly introduce hash trees and network coding. We describe our solution in detail in Section  3 and formulate the optimisation in Section  4. We support our findings in Section  5 with results from simulations and experiments in real settings using bodyworn devices. We conclude in Section  6.