Spirit: Security and Privacy in Real-Time Monitoring System Merchant Marine College, Shanghai Maritime University, Shanghai, 201306, China hfwu@shmtu.edu.cn, cjshi@shmtu.edu.cn, seiya@cmu.edu doi:10.4156/jcit.vol5. issue10.4 Abstract In this paper, we investigate the effect of data size on mobile device s computing power for different security protocol. Based on the fact that the computing power efficiency of security protocol may depend on the data size, we propose a system prototype, Spirit, which can minimize its computation power by selecting the security protocol dynamically according to different data types which may be of different data size, such as blood pressure, brain wave, overall health status, etc.. 1. Introduction Keywords: Privacy, Rea-Time, Health Monitoring A new computing paradigm is emerging wherein users wear small monitoring devices, especially for medical conditions, that transmit selected information to a local wireless hub wherever at home, in the hospital, and potentially in public areas. The collected information is relayed to and summarized for medical staff and/or caregivers. The goal of this research is to explore the dimensions of security and privacy in a new data paradigm: real-time monitoring systems. Previous research has shown that small embedded systems in the form of a wrist watch incorporating accelerometers and sensors for light, sound and temperature can, with more than 90% accuracy, determine activity (standing, sitting, walking, running, driving, eating, etc.) using accelerometers and location using light and sound fingerprints [1-3]. This paper presents the partial work of the project Privacy and security in real time monitoring systems in which we will apply the machine learning algorithms we've developed for activity, location identification and "exceptional" behavior identification and deploy them for two populations: mobile workers and people with disabilities including the elderly. The target application will be monitoring feedback and encouraging the users to comply with goals set by a clinician or care-giver. We will explore the paradigm where sensors on mobile devices collect and analyze data to determine user activities. Either the user or a clinician, if the user is under medical guidance, will set activity goals that will be downloaded into the mobile device. The mobile device will monitor for compliance and give feedback to the user. In addition, summaries and notifications will be provided to the clinician or caregiver. All these communications should be secure, that means we would apply some security protocol to them. In addition, the user should have control over what information is given to whom, that means we also need to take some privacy mechanisms. Both of the applied security protocols and the privacy mechanisms could be over burdening on the system. To secure the communication, we may adopt different secure protocols which may bring different burden over the mobile device under different conditions, such as data size, network connectivity. We probably don t have one security protocol which suits all conditions. That makes us think about changing the applied secure protocol dynamically according to the current conditions. To implement such an idea, we firstly investigate the different effects on the device caused by different security protocols, such as 3DES, AES, and RC4. Based on the investigation results, we then propose a protocol adaption scheme, which dynamically change the applied secure protocol according to the different data types of that time. The remainder of this paper is organized as follows. In Section 2 we briefly introduce the system overview. The burden brought by different security protocols over the mobile device is investigated in Section 3. We then propose a secure protocol adaption scheme in Section 4. Section 5 is the related work. Finally we draw a conclusion in Section 6. 2. System overview - 22 -
Journal of Convergence Information Technology Volume 5, Number 10. December 2010 The system overview is shown as figure 1. In such a health monitoring system, there are mainly three components as follows: Figure 1. System overview Sensing device: like ewatch or Glucometer, it is a kind of wearable sensing, notification and computing platform, responsible for sensing the user s health status and even the activity. It can not only make notification on itself, but also transmit the sensed information to the cell phone carried by the users via Bluetooth. Cell phone: like Nokia N95, it is just a normal smart phone, however, with the special health monitoring application, which can communicate with the sensing device via Bluetooth, and with the remote monitoring server via some wireless network, such as Wi-Fi or GPRS. The application running on this device is used to manage the sensed health information and the feedback information respectively from the sensing devices and the remote monitoring server. These applications also provide UI to the users for privacy and security option setting. Remote monitoring server: it will receive the health status information from the users, and provide them for the interested person, such as the clinician or caregiver, who may send some feedback via the server to the user. Let s give an example of system s operation. Suppose a diabetic wearing a Glucometer which monitors the blood sugar and transmits the result to the cell phone. The phone then sends the information wirelessly to the server. The clinician could read the diabetic s blood sugar from the server and correspondingly write a feedback, suggesting to take one more or less tablet, to the diabetic. For the communication between the device and the server of such a system, it needs to encrypt/decrypt data all the time for protecting user privacy. However, the computational power of the monitoring and mobile devices is limited. In this paper, what we do is to secure the wireless communication between the cell phone and the network server with minimized mobile device s computing power and energy consumed. 3. Experiment To investigate the effects on the computing power of the cell phone by various applied secure protocols, we performed some experiments. 3.1. Experiment setup As in this heading, they should be Times New Roman 11-point boldface, initially capitalized, flush left, with one blank line before, and one after. 3.1.1. Server, client and network - 23 -
In the client side, running on the cell phone Nokia 95, we use CarBide C++ to develop and compile a SSH (Secure Shell) client, and we also run a performance investigator on the client. While in the server side, running on the PC WinVista, we use Eclipse Java to develop a SocketManager Server, which keeps listening to the clients. The communication between the server and client is through Wi-Fi network (802.11 b/g). 3.1.2. Traffic Data According to the health monitoring scenario, we set the traffic, packet structure and the variable reporting rate respectively as shown in table 1, table 2 and table 3. Table 1. Traffic data Data Byte/Time Heart Beat 8Byte/Sec Blood Pressure 12Byte/Min Body Temperature 8Byte/Min Action Status 8Byte/Min Blood Sugar 8Byte/Hour Pulse Wave 520Byte/Sec Brain Wave 2052Byte/Sec Table 2. Packet structure Header (ID, Version, Time, etc) 4byte Type Header (Type, Body (Heart Beat) Len, etc) 4 byte 4byte * Len Type Header (Type, Body (Blood Pressure) Len, etc) 4 byte 8byte * Len Type Header (Type, Body (Body Temp) Len, etc) 4 byte 4byte * Len Type Header (Type, Body (Activity) 4byte * Len, etc) 4 byte Len Type Header (Type, Body (Blood Sugar) Len, etc) 4 byte 4byte * Len Type Header (Type, Body (Pulse Wave) Len, etc) 4 byte 512byte * Len Type Header (Type, Body (Brain Wave) Len, etc) 4 byte 2048byte * Len Footer (Checksum, etc) 4byte Table 3. Variable reporting rate Every Every Reporting Rate Second Minute Small Data (w/o Pulse wave, Brain wave) Every Hour 16 byte 52 byte 18 Kbyte Total Data (with Pulse wave, Brain wave) 2.5 Kbyte 150 Kbyte 9 Mbyte From table 3, we can see that the traffic data size varies with time, from 16B to 9MB. It could be envisioned that we may use different cipher to encrypt the data to minimize the CPU usage of the device. The data size in the table 3 provides us a reference to the data size setting of our experiment. 3.1.3. Secure protocol - 24 -
Journal of Convergence Information Technology Volume 5, Number 10. December 2010 The ciphers which we apply to the transmitted data mainly include the following 4 types: RC4: the most widely-used software stream cipher AES: a new encryption standard (Block cipher) DES: classical symmetric-key algorithm 3DES: three iterations of DES 3.2. Performance metrics We use the performance investigator program running in the mobile device to measure the mobile device s computing power and cell energy consumed by each of the secure protocols stated in section 3.1.3 for transmitted data of different type (length). The computing power is described by duty cycle and the CPU usage pattern is as following figure 2. The highlighted area represents the CPU usage when it transmits data with encryption/decryption. Search Access Points List Open Menu Encrypt+Send Data Receive Data+Decrypt efile::loaderthread c32exe::esock_ip Figure 2. CPU usage monitoring ekern::spi2thread 3.3. Experimental results Through this experiment, we get the results of encryption CPU time as shown in figure 3. Figure 3. CPU Power usage vs. cipher and data size - 25 -
The results show that DES uses less CPU than other three when data size is less than 100B. However, AES uses the least CPU when the data size is getting larger. That means the system could select different cipher dynamically according to the data size to minimize the CPU usage. We also get the cipher initialization time as following figure 4. Figure 4. Cipher initialization time In figure 4, it is illustrated that RC4 uses least CPU power. If the network condition is bad, these initialization costs have an effect on total CPU usage. 4. Cipher adaptation logic The experimental results imply kind of logic relationship between cipher and the data size as shown in figure 5. CPU 3DES AES Data Figure 5. Cipher adaption logic Based on the above logic and the cipher s own performance, we propose a security protocol adaption scheme as figure 6. - 26 -
Journal of Convergence Information Technology Volume 5, Number 10. December 2010 Figure 6. Cipher adaption scheme Through using this cipher adaption scheme, we increase the system s cipher efficiency of CPU usage from 50% to 67% compared to when using only one kind of ciphers. 5. Related work There are a number of security schemes proposed for sensor networks in general [4, 5] but only a few of them focus on healthcare perspectives [6-9]. CodeBlue has implemented the ECC using only integer arithmetic on the MICA2. It generates a key in 35 seconds which is far from satisfactory [6]. Warren et al [7] utilizes hardware encryption supported by the ChipCon 2420 ZigBee-compliant RF transceiver on the Telos platform. The Advanced Encryption Standard (AES) hardware encryption in the CC2420 uses a 128-bit encryption key. The goal is to use one key per session, where the personal server shares the encryption key with all the sensors in the wireless BAN during the session initialization. The key is loaded on to the controller and used throughout the session. The global key sharing approach may not be suitable in the healthcare environment where an individual patient s data and privacy must be secured. Furthermore, there are some security considerations as highlighted in Naveen and David [8] which may reduce the security capability. The security issues discussed in [9] are mainly focused on key management for mobile sensor networks, where the identified (possible) solutions include sensor node fast authentication with handoff in hierarchical network architecture, and efficient key distribution in large distributed topology. However, the resource-constraint nature of sensor nodes raises stringent challenges in embedding the multi-layer security solution. More work and effort are therefore needed in this area to facilitate the wider application of pervasive computing in the healthcare industry for the benefit of the entire population. Different with above mentioned references, this paper takes another perspective: not trying to design a brand new security protocol, but to find out a security-protocol-adaptive scheme which could help select different protocol suitable for different scenario. 6. Summary We develop a prototype secure protocol adaptation scheme for real time health monitoring system, which could dynamically adapt the applied secure protocol to the transmitted data size to minimize the mobile device s CPU usage. This work is only the starting point of our efforts towards a secure and privacy real time monitoring system, Spirit. 7. Acknowledgment This work was supported by Innovation Program of Shanghai Municipal Education Commission (09YZ247) and Shanghai Leading Academic Discipline Project (S30602). - 27 -
8. References [1] J. Chen, Karric Kwong, D. Chang, J. Luk and R. Bajcsy, Wearable Sensors for Reliable Fall Detection, Engineering in Medicine and Biology Society, 2005. IEEE-EMBS 2005. 27th Annual International Conference of the Volume, Issue, 17-18 Jan. 2006 pp.3551-3554. [2] K. Pister, Ivy - A Sensor Network Infrastructure for the College of Engineering, URL: http://www-bsac.eecs.berkeley.edu/projects/ivy/. [3] M.J. Mathie, A.C. Coster, N.H. Lovell, and B.G. Celler, Accelerometry: providing an integrated, practical method for long-term, ambulatory monitoring of human movement, Physiol. Meas. 2004 Apr;25(2):R1-20. [4] Adrian P, John S and David W: Security in wireless sensor networks, Commun ACM, 47, 2004, pp 53-57 [5] Shi E and Perrig A: Designing secure sensor networks, Wireless Communications, IEEE, 11, 2004, pp 38-43 [6] Lorincz K, Malan D J, Fulford-Jones T R F, Nawoj A, Clavel A, Shnayder V, Mainland G, Welsh M and Moulton S: Sensor networks for emergency response: challenges and opportunities, Pervasive Computing, IEEE, 3, 2004, pp 16-23. [7] Warren S, Lebak J, Yao J, Creekmore J, Milenkovic A and Jovanov E: Interoperability and Security in Wireless Body Area Network Infrastructures, in 27th IEEE Annual Conference on Engineering in Medicine and Biology, EMBC Shanghai, China, 2005. [8] Naveen S and David W: Security considerations for IEEE802.15.4 networks, Proc of the 2004 ACM Workshop on Wireless Security, Philadelphia, PA, USA, ACM Press (2004). [9] H. S. Ng, M. L. Sim and C. M. Tan, Security issues of wireless sensor networks in healthcare applications, BT Technology Journal Vol 24 No 2 April 144 l 2006 pp. 138-144 - 28 -