Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009
AbstractThis study presents a healthcare monitoring architecture coupled with wearable sensor systems and an environmental sensor network for monitoring elderly or chronic
patients in their residence. The wearable sensor system, built
into a fabric belt, consists of various medical sensors that collect
a timely set of physiological health indicators transmitted via
low energy wireless communication to mobile computing devices.
Three application scenarios are implemented using the proposed
network architecture. The group-based data collection and data
transmission using the ad hoc mode promote outpatient healthcare services for only one medical staff member assigned to a
set of patients. Adaptive security issues for data transmission are
performed based on different wireless capabilities. This study also
presents a monitoring application prototype for capturing sensor
data from wireless sensor nodes. The implemented schemes were
verified as performing efficiently and rapidly in the proposed
network architecture.
Index TermsHealthcare monitoring, wearable sensor, security, ad hoc, WSN, ECG.
I. I NTRODUCTION
OBILE, wireless, pervasive computing and communication environments are changing the way medical
staffs interact with their patients and the elderly. By deploying self-organized wireless physiological-monitoring hardware/software systems, continual patient monitoring in certain
types of patient postures becomes convenient to assuring
timely intervention by a healthcare practitioner or a physician. For example, cardiac patients wearing electrocardiogram
(ECG) sensor systems can be monitored remotely without
leaving their residence. Healthcare sensor systems are required
to be connected directly or indirectly to the Internet at all
times, which allows medical staff to timely acquire arrhythmia
events and abnormal ECG signals for correcting medical
procedures. Moreover, physiological records are collected over
a long period of time so that physicians can provide accurate
diagnoses and correct treatment. However, developing a pervasive sensor network for healthcare has numerous challenges,
Manuscript received 23 July 2008.
Y.M. Huang is with the Dept. of Engineering Science at National Cheng
Kung University, Taiwan (e-mail: huang@mail.ncku.edu.tw).
M.Y. Hsieh is with the Dept. of Computer Science and Information
Engineering at Providence University, Taiwan (e-mail: mengyen@pu.edu.tw).
H.C. Chao is with the Institute of Computer Science & Information Engineering and the Dept. of Electronic Engineering at National Ilan University,
Taiwan (email: hcc@niu.edu.tw).
S.H. Hung is with the Dept. of Engineering Science at National Cheng
Kung University, Taiwan (e-mail: bonitahung@nchc.org.tw).
J.H. Pa is with the Dept. of Computer Science and Engineering at
Kyungnam University, Korea (e-mail: parkjonghyuk1@hotmail.com).
Digital Object Identifier 10.1109/JSAC.2009.090505.
c 2009 IEEE
0733-8716/09/$25.00
HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE
401
402
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009
A. Architecture Overview
HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE
Fig. 2.
403
404
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009
for MCDs secure communication. Finally, the equations (7)(9) are polynomial-based security policies for sensor networks.
Fig. 3.
HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE
Fig. 4.
405
N ON E:
[HCI Header][M,W SSID,HCI P ayload]
CRCMAC:
[HCI Header][M,P IN ID,W SSID,P ayload,MAC]
AESCT R:
[HCI Header][M,P IN ID,W SSID,Counter,Encrypt P ayload]
AESCCM:
[HCI Header][M,P IN ID,W SSID,Counter,Encrypt P ayload,MAC]
(2)
Fig. 5.
406
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009
MCDi MCDj :
Sign(SKi ,<RREQpair ,IDj ,Certi ,Ni >)
MCDj Station:
<Ni ,Nj ,IDi ,IDj ,MAC(Keyj,s ,Ni |Nj |IDi |IDj )>
StationMCDi :
<CT R,IDS ,E(Keyi,s ,Keyi,j ),MAC(Keyi,s ,N i|IDi |CT R|IDS |E(Keyi,s ,Keyi,j ))>
StationMCDj :
(3)
<CT R,IDS ,E(Keyj,s ,Keyi,j ),MAC(Keyj,s ,N i|IDj |CT R|IDS |E(Keyj,s ,Keyi,j ))>
(4)
(6)
According the secure routing protocol, the route maintenance
and key revocation schemes can also be performed in this
network tier.
C. The security between MCD/WSM and WSM in sensor
network tier
MCDi MCDj :
<E(Kept ,P P DAT A),MAC(Kmac ,CT R|E(Kept ,P P DAT A))>
(5)
t
t
t
(7)
i1 =0 i2 =0 i3 =0
HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE
Fig. 7.
Fig. 6.
(8)
(9)
407
408
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009
(10)
3
(11)
1.8171N2 = 3!N2 t
, where N2 is the maximum number of WSM motes in one
location of the open area.
A symmetric pairwise key can be established between two
valid MCDs depending on the aid of the third party and a pair
request, RREQpair , signed by the source MCD. Two or more
compromised participants can maliciously obstruct the routing
with a pair request. Suppose the probability of compromising
one MCD is p. A route path between the M CDi and M CDj
consists m participants. The probability that the MCDs cannot
establish a shared key, Keyi,j , with the route can be calculated
as:
(12)
Pc = 1 (1 p)m
A route between the M CDi and M CDj will be re-discovered
based on the ARAN protocol. With the protocol in the
mobile computing network tier, an unauthorized MCD cannot
participate in data routing and data transmission from other authenticated MCDs connected with particular WSS and WSM
nodes. An MCD authenticated by a third party holds security
information consisting of a symmetrical key shared with the
third party, a public/private key pair, and some pairwise keys
shared with other MCDs. The trusted party on the Internet
is a single point-of-failure, however, firewalls or multiple
authorities can be used to resist attacks. Based on multiple
routing packets signed with valid certificates from participants,
the secure routing scheme prevents unauthorized participation,
spoofed routing, impersonation attacks, routing alteration and
ensures non-repudiation and quickest-path discovery. Each
routing packet such as RREQ/RREP contains a nonce and
time-stamp to prevent reply attacks. However, a secure route
always exists as the number of authorized MCDs is greater
than the number of potential adversaries. Each MCD has a
secure channel with the third party after authorization. AS for
HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE
Fig. 9.
Fig. 10.
409
(Left) Average routing latency. (Right) Average end-to-end transmission of exposed data and encrypted data.
410
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009
HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE
411
Meng-Yen Hsieh received his BS degree in Information Engineering and Computer Science from
Feng Chia University, Taiwan, in 1999; the MS
degree in Computer Science and Information Engineering from National Central University, Taiwan, in
2001; the Ph.D. degree in Engineering Science from
National Cheng Kung University, Taiwan, 2007. He
is currently an assistant professor in the department
of Computer Science and Information Engineering
at Providence University. His research interests include wireless security, sensor network applications,
and software engineering applications.
Han-Chieh Chao received the B.S. degree in Electrical Engineering from National Cheng-Kung University, Taiwan, in 1985; the MESS and Ph.D.
degrees in Electrical Engineering from Purdue University, Indiana, USA, in 1989 and 1993, respectively. He is currently a jointly appointed professor
in the institute and department of electronic engineering and the institute of Computer Science and
Information Engineering at National Ilan University,
Taiwan; jointly adjunct professor in the institute
and department of electrical engineering at National
Dong Hwa University, Taiwan; and honorary adjunct professor in Beijing
Jiaotong University (211 University), Xiamen University (985 University),
Lanzhou University (985 University) and Yantai University, China. He serves
as director of computer center at Ministry of Education, Taiwan; and the
dean of college of Electrical Engineering and Computer Science, National
Ilan University, Taiwan. Dr. Chao has published more than 200 academic
papers in journals, books and conference proceedings. He is a fellow of
IET and Fellow and Chartered IT Professional of British Computer Society.
His research interests include wireless and mobile computing, high speed
networks, IPv6 and digital arts technologies.
Shu-Hui Hung received her BS degree in Information Engineering from Eastern Washington University, Washington, U.S.A. in year 1993. She received her MS degree in Mathematic and Computer
Science Education from Oregon State University,
Oregon, U.S.A. in 1997. Since 2002, she has been
an associate researcher in Department of Bio &
Medical Information Science, National Center for
High-performance Computing, Taiwan, R.O.C. She
is currently working toward her PhD degree in
Department of Engineering Science, National Cheng
Kung University, Taiwan, R.O.C. Hungs research interests include medical
/health information, wireless transmission.