400

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009

Pervasive, Secure Access to a

Hierarchical Sensor-Based Healthcare Monitoring
Architecture in Wireless Heterogeneous Networks
Y. M. Huang, M. Y. Hsieh, H. C. Chao, S. H. Hung, and J. H. Park, Member, IEEE

AbstractThis study presents a healthcare monitoring architecture coupled with wearable sensor systems and an environmental sensor network for monitoring elderly or chronic
patients in their residence. The wearable sensor system, built
into a fabric belt, consists of various medical sensors that collect
a timely set of physiological health indicators transmitted via
low energy wireless communication to mobile computing devices.
Three application scenarios are implemented using the proposed
network architecture. The group-based data collection and data
transmission using the ad hoc mode promote outpatient healthcare services for only one medical staff member assigned to a
set of patients. Adaptive security issues for data transmission are
performed based on different wireless capabilities. This study also
presents a monitoring application prototype for capturing sensor
data from wireless sensor nodes. The implemented schemes were
verified as performing efficiently and rapidly in the proposed
network architecture.
Index TermsHealthcare monitoring, wearable sensor, security, ad hoc, WSN, ECG.

I. I NTRODUCTION

OBILE, wireless, pervasive computing and communication environments are changing the way medical
staffs interact with their patients and the elderly. By deploying self-organized wireless physiological-monitoring hardware/software systems, continual patient monitoring in certain
types of patient postures becomes convenient to assuring
timely intervention by a healthcare practitioner or a physician. For example, cardiac patients wearing electrocardiogram
(ECG) sensor systems can be monitored remotely without
leaving their residence. Healthcare sensor systems are required
to be connected directly or indirectly to the Internet at all
times, which allows medical staff to timely acquire arrhythmia
events and abnormal ECG signals for correcting medical
procedures. Moreover, physiological records are collected over
a long period of time so that physicians can provide accurate
diagnoses and correct treatment. However, developing a pervasive sensor network for healthcare has numerous challenges,
Manuscript received 23 July 2008.
Y.M. Huang is with the Dept. of Engineering Science at National Cheng
Kung University, Taiwan (e-mail: huang@mail.ncku.edu.tw).
M.Y. Hsieh is with the Dept. of Computer Science and Information
Engineering at Providence University, Taiwan (e-mail: mengyen@pu.edu.tw).
H.C. Chao is with the Institute of Computer Science & Information Engineering and the Dept. of Electronic Engineering at National Ilan University,
Taiwan (email: hcc@niu.edu.tw).
S.H. Hung is with the Dept. of Engineering Science at National Cheng
Kung University, Taiwan (e-mail: bonitahung@nchc.org.tw).
J.H. Pa is with the Dept. of Computer Science and Engineering at
Kyungnam University, Korea (e-mail: parkjonghyuk1@hotmail.com).
Digital Object Identifier 10.1109/JSAC.2009.090505.

including wireless healthcare sensor systems conforming to

the human body, the integration of different wireless networks
with various transmission techniques, and the development of
healthcare applications over these types of networks.
Typically, to catch the vital signs from an individual requires
a stand-alone monitoring device with a number of medical
sensors connected to the patient through wired connections.
This limits patient flexibility and mobility. Mainly due to
the rapid progress in sensing techniques, sensors have been
adapted in all shapes and sizes, accommodating human body
parts with various degrees of functionality. Various kinds
of wireless communication motes have been integrated with
medical sensors to support healthcare and medical supervision
by UC-Berkeley Research, Intel Research, and ETH Zurich
[14]. Wearable sensor devices are designed for physical contact with the substance or object being measured to record
physiology such as blood pressure, heart rate, ECG, weight,
body temperature, etc. For example, the CodeBlue project [3]
developed a range of small and wearable wireless vital sign
sensors based on the Mica2, MicaZ, and Telos commonlyused sensor platforms [5]-[8]. The developed devices include a wireless pulse oximeter, wireless two-lead EKG,
and some specialized sensor motes. Many network-level and
system-level mechanisms have been investigated to achieve
wireless pervasive communication for healthcare monitoring
architectures. The AlarmNET [4] network, integrated with
existing medical practices and technology, provides long-term
healthcare monitoring for elderly and chronic patients. Other
remote sensor systems for healthcare (such as MobiHealth,
Lifeguard, Smart Medical Home, AID-N, and SMART) organize smart healthcare processes for timely, continuous, and
vitals monitoring plus analysis, etc. However, a monitored
individual should feel comfortable and easily move around
while wearing a system integrated with biomedical sensors.
Therefore, wearable biomedical textile clothing is needed for
easy-wearing, comfortable feeling and convenient movement.
Moreover, a wearable sensor system situated into clothing is
unsuitable as a router for helping other nodes forward data.
Remote healthcare monitoring has the advantages of reduced medical costs, increased medical quality, continuous
and timely patient monitoring, complete patient physical data
collection, and timely presenting the correct adaptive remedy. The hierarchical architecture is used in wireless sensor
network technology development for healthcare monitoring
[4], [13], [15], [22], [25], [26]. Each layer in the hierarchy is formed using fixed or mobile nodes and saturated

c 2009 IEEE
0733-8716/09/$25.00 

HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE

with different computing and communication capabilities. The

lower layer is usually designed with low-cost computing,
communication capabilities for sensing objectives over a long
period of time because only one or two dry batteries and
micro-sensing chips are needed. On the other hand, the higher
layer is organized with more complicated computing and longdistance communication devices and stations. Hierarchical
networks are easily separated into different types of tasks,
such as the communication and control transmission paths
with reconfigurable mapping and pipeline applications for
efficiently reducing power consumption.
Commercially, most wireless electronic devices incorporate
Bluetooth technology to allow wireless connection with other
Bluetooth-enable devices. Bluetooth is a good candidate for
low power consumption wireless communication because the
transmission rate and range are nearly 1Mbps and up to 10
or 100 meters respectively. The intention behind Bluetooth
development is simultaneous communications between multiple devices to create small group networks in which one
master device operates up to seven active slave devices. This
is called a piconet. A Bluetooth-based sensor network [9]
was presented based on the BTnode technology developed at
ETH Zurich. In addition to the Bluetooth protocol, the IEEE
802.15.4 standard [1] specifies a physical layer and medium
access control for low-rate wireless personal area networks.
The ZigBee [2], based on the IEEE 802.15.4, is designed to
perform high level communication protocols using small, lowpower digital radios. A large number of research papers used
the Zigbee technology to develop inexpensive robust wireless
sensing networks (WSN) with a very large set of sensor
motes. The typical Zigbee WSN applications contain industrial
control monitoring, sensor networks, building automation and
home control/automation. However, most mobile computing
devices do not yet support Zigbee.
Wireless healthcare sensor network development has several challenges; reliable transmission, individual privacy and
security, wearable sensor device power management, wireless
node computing and communication diversity and fast and
convenient sensor deployment. The schemes proposed in this
paper were developed for the following reasons:
1) A wearable healthcare system should consider environmental parameters such as temperature, humidity, light
and CO2 gas during monitoring.
2) Medical staff, e.g. a nurse, could be responsible for
indirectly collecting real-time physical records from
several patients at the same time to promote outpatient
or hospitalization services.
3) Security issues [10]-[12] should be considered to assure
individual safety and privacy under legal secrecy healthcare requirements.
Therefore, the key benefits of this study include a
hierarchical-based architecture applied to three healthcare
monitoring applications, the timely and continuously monitoring of individual physiology and environmental physical records, temporary group-based healthcare monitoring,
adaptive secure transmissions corresponding to nodes in the
architecture.
The remainder of this paper is organized as follows. Section
2 introduces the related works that developed pervasive or

401

ubiquitous healthcare monitoring systems. Section 3 describes

a healthcare architecture with three network tiers. The proposed healthcare architecture is applied to home network,
nursing home and hospital applications for monitoring and
outpatient services. Grouping and ad hoc modes are considered
in the network architecture. Section 4 discusses the security
mechanisms between different network tiers to achieve individual privacy protection. Section 5 describes the proposed
healthcare hardware and software environment applications.
Section 6 provides the security analysis and performance evaluation of a prototype monitoring application in the proposed
pervasive and secure healthcare network. Conclusions and
future work are drawn in Section 7.
II. R ELATED W ORK
Zhou et al. [14] presented a pervasive medical supervision
system in a three layer network structure. Different wearable
wireless bio-sensor nodes forming the first network layer
were used to sample physiological conditions. Any of those
nodes could be set up using a self-organizing or manual
configuration as a gateway node for routing sensing data from
other nodes. Nodes in the second layer were responsible for
reliable data transmission as backbone sensor nodes using
mobile phones/PDA depending on two kinds of transmission
modes, home mode and nomadic mode. The hospital medical
data center acts as the third layer supporting personal services
and aggregates patient health data from the other layers.
Kang et al. [26] proposed a wearable context aware system
for ubiquitous healthcare, composing of two types of wearable
sensor systems: a watch type sensor system and a chest belt
type sensor system. The context aware system in distributed
networks was configured around wearable sensors, wearable
computers e.g. PDA, and internet-based healthcare services.
The Zigbee capability is used for communication between
wearable sensors and PDAs with a wireless LAN with the
802.11b (Wi-Fi) capability used for communication between
PDAs and healthcare service providers on the Internet. The
wearable system operates on an OSGi-based context aware
framework as a java-based component service middleware.
Using the public key infrastructure (PKI), Haque et al. [15]
proposed an efficient security scheme for a hospital healthcare
system acting between patients and medical staff e.g. doctor or
nurse. This healthcare network was built using a hierarchical
model that includes three primary components: Patient (PT),
Healthcare Service System (HSS), and Secure Base Station
(SBS). The SBS operates as a central key generator, that either
a PT or a HSS can establish a pairwise secret with it using
the bilateral key handshaking method. As the SBS has prior
key knowledge of any PT and HSS, the PT-to-HSS and HSSto-PT secure communication can be achieved using a secret
PT key (or the HSS) disclosed to the HSS (or the PT).
Fei et al. [16] designed a practical hardware/software
platform supporting a telecardiology sensor network (TSN)
under a typical healthcare community with many elderly
patients. The TSN network performs real-time healthcare data
collection and supports medical privacy to secure ECG data
transmission in wireless channels. This network adopted the
Skipjack-based symmetric crypto for one-hop secure ECG

402

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009

A. Architecture Overview

Fig. 1. Healthcare system Hierarchical Network Architecture in wireless

sensor networks.

data transmission with low energy and low overhead to

preserve the patients medical privacy. For multiple patient
cases, the network acted in a cluster structure to reduce the
patient-to-doctor routing overhead and key management with
few one-hop hash key chains. The TSN hardware of the sensor
platform driven using AA batteries was equipped with RF
motes built with Ember CPU-RF chips. The RF board acted
as the MCU/ZigBee transceiver unit and the ECG sensor board
was designed by the Harvard University CodeBlue team. For
different physiological chest leads, the Model 430B, 12-lead
ECG simulator in the platform provided a complete PQRST
waveform at six preset rates. The TSN software architecture
included wireless communication control software ad ECG
feature extraction/classification software, performed on the
TinyOS platform.
Anthony et al. [4] presented an assisted-living and residential monitoring network (ALARM-NET) for pervasive,
adaptive healthcare, organized with a heterogeneous network, context-aware protocols, a query protocol, a hardwareaccelerated secure message protocol, and a system implementation. The ALARM-NET included three node types,
sensor node, body network, and back-bone nodes to monitor
environmental and physiological data of individuals in their
residences for analyzing and storage in a back-end database.
The sensor nodes maintained connections from body networks
to back-end networks for long-term data transmission and
query periods. A bridge, denoted as AlarmGate, between the
Alarm-NET and Internet allows user interfaces to connect, authenticate and interact with the network. The query processor
designed in sensor devices parses query commands to obtain
data samples. For example, pulse-rate samples were collected
with 5-frequencies in one second. For wireless sensor network
security a link security was developed in MICAz and Telos
motes using the Chipcon CC2420 radio transceiver following
the IEEE 802.15.4 standard. AES-based encryption schemes
were implemented in hardware to accelerate the encapsulation
of secure packets in the network link layer.
III. S YSTEM A RCHITECTURE AND A PPLICATION
This section introduces the proposed network architecture
with multiple hierarchical tiers and illustrates three pervasive
healthcare applications.

Three network tiers are applied to the proposed healthcare

architecture. Figure 1 depicts the details and relationships
among the tiers.
1) Sensor Network Tier: Two types of sensor systems
for different sensing objectives are designed to capture the
individuals vital signals and the environmental physical parameters in their residence. Wearable sensor systems (WSS)
with Bluetooth wireless transmission are integrated with
biomedical sensors installed in a fabric belt. The WSS is
conveniently and comfortably tailored to the individual body
to capture their physiological data. Wireless sensor motes
(WSM) are placed inside buildings to capture the environmental parameters transmitted through a wired or wireless
network, communicating using Zigbee wireless technology.
Physical records and parameters from the WSS and WSM
must be transmitted securely to the upper network tier. The
proposed WSS enhances the Bluetooth security authentication
and encryption methods [30] by modifying the authentication
procedures using AES-based encryption schemes [33]. Secure
point-to-point communication between two WSM motes is
developed using a polynomial-based encryption [23] scheme.
Access to the devices in the upper tier is limited to legitimate
WSSs or WSMs which must authenticate themselves before
being allowed to connect.
2) Mobile Computing Network Tier: In the healthcare architecture, a number of mobile computing devices (MCD)
such as the PDA and laptop are organized regionally using an ad hoc network to route with multiple hops or an
infrastructure-based network to connect to a fixed remote or
local station. One MCD with enough computation capabilities
must capture and analyze physical records from the WSS or
WSM because the device does not have mass data storage
capability over a long period of time such as a few months or
years. However, major or significant data collection storage
will be required in the back-end network database through
an infrastructure-based mode where one MCD can route data
to a station. The ad hoc mode occurs in this tier when one
medical person in motion must deliver monitored WSS or
WSM data to another staff person in motion. A mobile-tomobile text-based alarm message is required to show realtime abnormal sensing data findings. One MCD can support
the short message service (SMS) using cellular or satellite
networks. It can also secure the message through public key
cryptosystem. In the case, the MCD must be authenticated by a
third party for communication in the back-end network. Then,
it obtains a secret key and public/private key pair, shared with
the third party after authentication. The secure communication
ad hoc mode details are introduced in Section 4. A number
of MCDs without any station organized as an ad hoc mode
can exchange physical data using on-demand routing protocols
(AODV). Hence, secure routing protocols are required. A
small temporal group is organized for outpatient healthcare
services since one MCD can simultaneously communicate
with several WSSs (up to seven) based on the Bluetooth
piconet standard. Only a valid MCD set with the enhanced
Bluetooth security and polynomial-based encryption schemes
can access physical data from the WSS and WSM.

HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE

Fig. 2.

403

Example of healthcare applications in nursing-house and in home.

3) Back-end Network Tier: This network tier is structured

on the Internet. It has fixed stations and servers to provide
application-level services for the low tiers and process various
sensing data from numerous MCDs. The server-side database
stores physical records for long-term periods from monitored
individuals and their residence environmental data. Because
the integration of various wireless technologies such the
cellular, WLAN, and IP-based protocols, application services
can be accessed easily by MCD. A third party set up on the
Internet can be trusted to open access areas such as hospitals or
nursing homes supporting the proposed healthcare monitoring
service. At least one station is necessary to provide MCD
connection to the third party. The third party issues effective
certificates and keys to valid MCDs.
B. In-home, in-hospital, nursing-house healthcare applications
Three implemented in-home, in-hospital and nursing-home
healthcare scenarios are applied effortlessly with the proposed
healthcare architecture and security schemes. According to
the in-home example in Figure 2 (Right), a WSS on a
monitored individual captures physiology and transmits it
timely to a MCD. The MCD is held by an at-home nurse,
family member or set in a fixed location. Sustained physical
postures detected from the WSS are presented on the MCD.
The MCD healthcare program performs a healthcare analysis
process to look for abnormal findings. Normal physical records
are sampled or integrated by the analysis program for highefficiency storage. WSM mote placement is required when
the patient is usually alone at home. Each WSM is located
at different corners in the home to sense the environment
and automatically report abnormal physical parameters to the
MCD. The station at home can communicate directly with
WSMs through the wireless Zigbee module. The application
to analyze physical records will be implemented in the backend networks for the analysis quality improvement.

The query process is a function in the WSM program where

the MCD can transmit data commands to one of the WSMs
to request physical parameters through wireless connections.
Figure 2 (Left) shows that a lot of WSM motes deployed in
a nursing-house can form a wired or wireless network. The
WSM motes with limited power should have a sleep mode
to stop automatic monitoring and reporting to reduce power
consumption. However, a nurse can query a special WSM
to gain monitored environment or patient physical parameters
in real-time. Many WSMs can organize an alarm network to
forward emergency data over all networks. For example, when
a severe environmental condition is reported the monitoring
WSM will broadcast an emergency alarm packet to any node
in the upper two network tiers though other WSMs. Although
WSSs designed with the Zigbee technology could directly
connect to WSMs, a WSM with limited power cannot always
receive and relay physical postures from a lot of WSSs in
an open access area. This is why the wireless communication
capabilities between the WSS and WSM are separated in this
study.
In the in-hospital example in Figure 3 the proposed healthcare network promotes outpatient healthcare services with
high effect. Temporal group-based monitoring is required
when a nurse watches multiple outpatients at the same time.
As a patient denoted as Pi waits to see a doctor denoted
as Di, a nurse denoted as Ni collects physical records from
Pi body before diagnosing or treating. Each nurse holds a
MCD represented as a temporal group for observing on the
outpatients put on WSSs that will be examined in a fixed
consulting room. In the figure, Nurse (N1), and Patients (P2,
P8) are in one group, Nurse (N2) and Patients (P5, P6, P7) are
in another group, and Nurse (N3) and Patients (P1, P2, P3,
P4) are in the third group. One patient can join a temporal
group using the enhanced Bluetooth authentication scheme
described in Section 4. Each doctor is represented as a local
station that receives the integrated physical records collected

404

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009

for MCDs secure communication. Finally, the equations (7)(9) are polynomial-based security policies for sensor networks.

Fig. 3.

Example of In-hospital healthcare application.

from the outpatients via a designated nurse. For example,

Doctor D1 can capture the present physical records of P5,
P6, and P7 over a short time period using the MCD of N2,
before starting outpatient treatment. Patients can be registered
as multiple groups when they need to see different doctors
in different examining rooms at different times during one
day. The proposed network improves the nurse-monitoring and
outpatient healthcare program process.
C. Grouping, Ad hoc Modes
Besides point-to-point the connection between one MCD
and one WSS, point-to-multipoint communication from one
MCD to multiple WSSs is possible based on the Bluetooth
piconet architecture. Unfortunately, the number of members
during group-based monitoring is limited up to seven due to
the 3-bits MAC address for Bluetooth transmission. For longterm monitoring, one MCD only reads physical records from
at most seven patients in a permanent group. In the outpatient
healthcare service, a nurse only monitors sub groups by turns.
Whenever the number of patients is more than seven, they
will be divided into sub groups. Figure 4 describes a group
mode where one MCD monitors several outpatients. In this
study, ad hoc mode, shown in Figure 4, is implemented in
the mobile computer network tier because MCD devices held
by the nurses are mobile. The Bluetooth transmission distance
is limited to 10 to 100 meters. Therefore, the secure ad hoc
routing protocols are required to protect routing packets.
IV. S ECURE T RANSMISSION
This section describes key establishment and secure data
transmission among nodes in the three network tiers when
considering pervasive and convenient network access. Figure
5 shows the proposed security policies between nodes in the
network architecture based on different wireless connection
capabilities among nodes. Equations (1) and (2) are derived to
enhance Bluetooth security and Equations (3)-(6) are designed

A. The Bluetooth security between WSS and MCD

The Bluetooth specification defines the methods of authentication, encryption, and key management to secure Bluetooth
transmission. Although the Bluetooth authentication performs
challenge-response schemes for point-to-point communication, several vulnerabilities exist such as attackers that can
recover link and encryption keys passively using exhaustive
searching methods. Impersonation and eavesdropping become
possible after the encryption key is captured. Moreover,
the man-in-the-middle attacks [18] can tunnel the Bluetooth
authentication procedure by relaying messages. To improve
the security and the efficiency in pairing, authentication and
encryption schemes are implemented on both MCD and WSS
devices based on [17] and [20]. The security module uses
hardware-accelerated cryptography in a compatible manner
with the Bluetooth controller chips.
The Bluetooth pairing security consists of the creation of an
initialization key, the creation of a link key, the authentication
process through the comparison of a SRES value calculation.
This study modified the process of the third step by using a
hash value in place of the AU RAND value. A group-based
session identity (GSID) belonging to one MCD and the clock
value are involved in SRES calculation. The GSIDMCD is
designed as piconet-specific information address value [20],
representing a hash value of that the identity index of MCD
XORed with a channel access code for the piconet (CACp )
in:

GSIDM CD =Hash(MCDindex
CACp )
(1)
The MCD challenges to the WSS are described as follows:
First, the MCD generates a random value, RAND, and
sends to the WSS.
Second, MCD and WSS calculate a hash value
as the AU RAND which must be XORed with
the concatenation of clock and all or part of
the identity index of M CD(AU RAN D
=
Hash(RAN D, Clock, GSIDMCD ))
Third, the WSS responses a SRES value to the
MCD, when the SERS is generated with AU RAND,
BD ADDR, and a shared link key from the former two
steps. Each WSS stores PINs values corresponding to its
MCDs into the ROM storage. In the future, when WSS
supports miniSD or SIM Card, secret materials will be
easily stored and updated.
To enhance secure transmission, the security protocol based
on [17] is designed above the Host Controller Interface (HCI)
Bluetooth standard protocol. The protocol replaces the proprietary encryption with the Advance Encryption Standard (AES)
and unites MAC to the transmitted physical records, which is
presented with four modes: None, an authentication-only mode
(CBC-MAC), an encryption-only mode (CTR), and a special
MAC-then-encrypt mode (CCM). To simplify the security
complexity, a symmetric key applied to the AES algorithm
with the 128-bits blocks is driven from the shared link key in
the authentication procedure. The descriptions in (2) show the
packet formats with the modes in the HCI protocol.

HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE

Fig. 4.

405

Temporal grouping mode and ad hoc modes.

N ON E:
[HCI Header][M,W SSID,HCI P ayload]
CRCMAC:
[HCI Header][M,P IN ID,W SSID,P ayload,MAC]
AESCT R:
[HCI Header][M,P IN ID,W SSID,Counter,Encrypt P ayload]
AESCCM:
[HCI Header][M,P IN ID,W SSID,Counter,Encrypt P ayload,MAC]

(2)

in data transmission between the WSS and the MCD. In the

NONE mode the HCI packet payload is not secure, but the
front 2 bits represent the addition of 4 possible modes and
two-byte sources (the WSS identity). In the CBC-MAC mode,
sensing data is only authenticated for healthcare applications
in which data privacy is not required. The AES-CTR and AESCCM modes provide both privacy and authenticity in data
transmission between the WSS and the MCD.
B. The security among MCDs in mobile computing network
tier

Fig. 5.

Security policies between nodes in the network tiers.

In the NONE mode the HCI packet payload is not secure,

but the front 2 bits represent the addition of 4 possible modes
and two-byte sources (the WSS identity). In the CBC-MAC
mode, sensing data is only authenticated for healthcare applications in which data privacy is not required. The AES-CTR
and AES-CCM modes provide both privacy and authenticity

Most Healthcare systems connecting to a base station on

Internet such as [15], [21], [22] used an expensive public
key cryptosystem to secure their data transmission. Systems
with the aid of a third party can provide confidentiality,
integrality, authentication, and non-repudiation. The back-end
tier in the proposed network architecture makes public-key
mechanisms suitable. Any MCD also shares a symmetrical
secret key with the third party after authentication. However,
two MCD devices with limited computation and power supply
capabilities need to construct their communication solely from
symmetrical key schemes. A secure encryption communication scheme is developed with low overhead for two MCDs
data confidentiality and data authentication in the ad hoc

406

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009

MCDi MCDj :
Sign(SKi ,<RREQpair ,IDj ,Certi ,Ni >)
MCDj Station:
<Ni ,Nj ,IDi ,IDj ,MAC(Keyj,s ,Ni |Nj |IDi |IDj )>
StationMCDi :
<CT R,IDS ,E(Keyi,s ,Keyi,j ),MAC(Keyi,s ,N i|IDi |CT R|IDS |E(Keyi,s ,Keyi,j ))>
StationMCDj :

(3)

<CT R,IDS ,E(Keyj,s ,Keyi,j ),MAC(Keyj,s ,N i|IDj |CT R|IDS |E(Keyj,s ,Keyi,j ))>

mode. Suppose that one MCD denoted as M CDi wants to

establish a shared secret key with another MCD, denoted as
M CDj for one session connection. If they have not previously
shared a secret they have to use a third party (Station) set up
in the back-end network tier through a remote or local base
station. Suppose a route has been established between two
MCDs, the details of their key agreement with a signed pair
request, RREQpair is described as in (3), where the Keyj,s is
the secret key shared between M CDj and Station; the Keyi,s
is the secret key shared between M CDi and Station; IDi ,
IDj , IDS , represent the identities of M CDi , M CDj , Station,
respectively. Ni , Nj , represent a random number; CTR is a
shared counter for creating block ciphers in the secure data
transmission. After key agreement through the third parity,
M CDi and M CDj share a secret key, Keyi,j .
The agreed key as a master key derives two keys, Kept and
Kmac . The entire secure data transmission from M CDi to
M CDj is:

(4)

, where P P DAT A represents individual physical data. An

on-demand secure routing protocol (SRP) is required to find
a secure route, since the topology is dynamic in ad hoc mode.
Two protocols from Ariadne [27] and ARAN [28] can be
applied to the ad hoc mode. However, the SRP in Ariadne
requires broadcasting authentication aid and initial TESLA key
commitment setup between two neighboring MCDs. Because
TESLA key disclosures from participating MCDs during a
routing could cause the broadcasting storm and delay time
problems, the ARAN based on AODV [32] is more suitable
than Ariadne based on DSR [31]. Each authenticated MCD
must acquire an asymmetrical key pair (PK/SK) and a certificate (Cert) from the third party. Suppose M CDi discovers
a route (M CDi A B M CDj ) to M CDj . The
authenticated route discovery process with a routing request
packet (RREQ) is described as follows:
MCDi :Sign(SKi ,<RREQ,IDj ,Certi ,Ni ,T >)
A:Sign(SKA ,Sign<RREQ,IDj ,Certi ,Ni ,T >),CertA
B:Sign(SKB ,<RREQ,IDj ,Certi ,Ni ,T >),CertB

MCDj B:Sign(SKj ,<RREQ,IDi ,Certj ,Ni ,T >)

BA:Sign(SKB ,Sign(SKj ,<RREQ,IDi ,Certj ,Ni ,T >)),CertB
AMCDi :
Sign(SKA ,Sign(SKB ,Sign(SKj ,<RREQ,IDi ,Certj ,Ni ,T >))),CertA

(6)
According the secure routing protocol, the route maintenance
and key revocation schemes can also be performed in this
network tier.
C. The security between MCD/WSM and WSM in sensor
network tier

MCDi MCDj :
<E(Kept ,P P DAT A),MAC(Kmac ,CT R|E(Kept ,P P DAT A))>

, where Sign(SK, message) represents that the message is

signed by a private key; N is a nonce value, and T is the
timestamp for current time and date. After receiving the
request packet, M CDj unicasts a reply packet (RREP) to
M CDi along the reverse path. The authenticated route reply
process is described as follows:

(5)

There are three factors making WSM security considered in

the sensor network tier. First, environmental physical records
are not more important than individual physical records.
Second, each WSM only has limited computation capability.
Third, valid MCD devices can query a particular WSM in
a hospital or open access area to capture the environmental
physical parameters. The symmetrical key cryptosystem is
applicable instead of the public-key infrastructure to the secure
data transmission between MCD and WSM or between two
WSM motes. A t-degree trivariate polynomial proposed in
[23] is applied to the key agreement method. The trivariate
polynomial is defined as
f (x1 , x2 , x3 ) =

t 
t 
t


ai1 ,i2 ,i3 xi1 xi2 xi3

(7)

i1 =0 i2 =0 i3 =0

, where all of the polynomial coefficients are chosen from

an arbitrary finite field Fq and the q prime value is large
enough to accommodate the key size. The three input values
(x1 , x2 , x3 ) represent the identity of one location in the open
access area. The sensor motes have the same location identity
denoted as LOC, when they are placed in one location such
as the same floor. Hence, any two neighboring motes can

HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE

Fig. 7.

Fig. 6.

The function structure of a WSS.

achieve the shared key establishment using a t-degree bivariate

polynomial,
fLOCj (xi , x3 ) = f (LOCj , xi , x3 )

(8)

For example, if two neighbor motes, W SM1 and W SM2 , in

the same location must establish a shared key after exchanging
their identity indexes, the WSM1 obtains the individual key
materials, which are the coefficients of the polynomial with
its identity (fLOC (x, wsm1 )), before deployment. The WSM1
determines the shared key by evaluating its private polynomial,
Key = fLOC (wsm2 , wsm1 ) = fLOC (wsm1 , wsm2 )

(9)

, where W SM1 and W SM2 are the identity indexes; The

W SM2 holds the individual key materials from the polynomial (fLOC (x, wsm2 )).
One valid MCD can connect to and query a WSM in an
open access area location after gaining the trivariate polynomial and the location ID. The MCD needs to send an
encrypted request to one station in the back-end network if
they have shared a pairwise key. The station validates the
request and responds with the individual key materials of a
trivariate polynomial, a persudo index (wsmmcd ), and the
required location (LOC). After authentication, the MCD can
access any of the neighboring WSM motes and exchange
identity indexes.
V. HARDWARE/SOFTWARE ENVIRONMENTS
This section describes the hardware and software components distributed to the proposed network tiers.
A. Hardware design and implementation
The digital signals from WSS can pass over through MCD
into back-end networks. The WSS system is designed to
monitor two measurement parameters, such as the heart beat
and body temperature continually. In Figure 6, the structure
of a WSS consists of five components: biomedical sensors,
analog to digital converter (ADC), data processing, communication module. Various biomedical sensors can capture
several kinds of physiological signals. In this study, four

407

WSS implementation into a fabric belt with a controller box.

silver color nodes measure body temperature and ECG/heart

beat are equipped on an electronic sensor board. The ADC
can sample the changes in an electrical signal, and perform
analog-to-digital conversion, digital filtering, digital amplification, and down-sampling. Noise can be effectively restrained
and shaped through the ADC. The data processing module
performs data encoding and data encryption for low-power
and secure transmission. Different values from continuous
physiological signals are encoded using an entropy encoder.
Encoded data will be compressed and encrypted using a
hardware-accelerated cryptography corresponding to the link
layer protocol in the communication module. Various wireless
communication modules such as Zigbee, RFID, RuBee or
GSM/GPRS/3G will be supported. However, the Bluetooth
controller facilitating data transmissions over short distances
is adopted in the current WSS for this study.
Figure 7 shows a fabric belt with a controller box and a
lithium battery organized using textile or silver coating. The
controller box is equipped with an electronic sensor board
and four nodes buckled into the two nodes for heart beat and
two nodes for body temperature. The box positioned at the
outer region of the belt to eliminate electrical interference.
The box also provides at least 5 MB capacity memory for
temporary storage, biomedical digital signal management and
transmission to the MCD through a Bluetooth connection.
This study developed WSM motes using MICAz motes [5],
[6], [24] by Crossbow, supporting with 2.4 GHz ISM band,
IEEE 802.15.4 RF transceiver, 250 data rate etc. The MICAz motes equipped with MTS300/310 sensor board provide
physical parameters such as light, temperature, and relative
humidity. A number of installed WSM motes use wireless
communication capability to form a static topology in an
open access area. All WSMs report their monitored parameters
periodically. In addition to automatic data collection, this
system adopts query functions proposed in [4] to query a
particular WSM for real-time monitoring. PDAs and laptops
are considered MCD devices so the JAVA software platform
and HTTP connections are supported and various wireless
communication modules are furnished such as Bluetooth,
WiFi, Zigbee, and GSM/GPRS transceivers through USBserial adapters. PC servers are installed on Internet as third
parties performing Certificate Authority (CA) functions on the
Microsoft Internet Information Server (IIS).
B. Software environment
The MCD software application was developed to benefit
users for monitoring physiology records and physical pa-

408

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009

stead of the SAFER+ encryption algorithm, since the SAFER+

features are vulnerable to some malicious attacks [29].
Two WSM motes can achieve key agreement using a tdegree bivariate polynomial driven from the location-based
t-degree trivariate polynomial. WSM motes in one location
need (t + 1) log2 q bits memory to store t+1 coefficients
while each coefficient costs log2 q bits. More than (t+1) WSM
motes in the LOC maintaining t-degree bivariate polynomial
shares can reconstruct the polynomial. Therefore, a secure
bivariate polynomial for a location scale should be used with
the polynomial degree of satisfaction:
0N 2t

Fig. 8. (Left) temporal group monitoring by one MCD. (Right) physiology

records and physical parameters for an individual and his/her residence.

rameters from WSS and WSM by graphical user interface

(GUI). The application was designed using the Java 2 Micro
Edition (J2ME) and Java 2 Standard Edition (J2SE) platforms
to support HTTP connections and PKI-based/Symmetric encryption cryptography. The application also provides group
monitoring functions to allow one nurse to monitor several
individuals using one MCD device. As the heart beat or body
temperature for a monitored person goes too high or low, the
application will change the individual color from green to red
as shown in Figure 8 (Left). The group-based monitoring can
go further to review individual current records. Moreover, the
SOS/emergency call out function or an alert message in the
application has been raised up while records show unstable
or over a threshold value. For example, an alert message in
a MCD supporting GSM/GPRS transmission will be directly
sent to his/her family or healthcare providers mobile phone
using the Short Message Service (SMS). Figure 8 (Right)
shows an individual record consisting of heart beat rate
(HR), body temperature (BT), indoor temperature (IT), indoor
relative humidity (IH), and indoor relative light (IL). Through
the HTTP connection, back-end applications implemented by
Microsoft ASP.NET technology collect all important physical
records from a great number of MCDs, storing them into a
database for long-term storage and analysis.
VI. SECURITY ANALYSIS AND PERFORMANCE
EVALUATION
This section discusses the possible attacks and defenses
on security schemes involved to the communication among
the three network tiers. Ad hoc network performance and the
experiment result are evaluated accordingly.
A. Security Analysis
Using the enhanced Bluetooth authentication scheme, adversaries cannot enforce the same value, since two W SSs use
different clock and GSIDMCD . The enhanced Bluetooth encryption uses the hardware-accelerated AES cryptography in-

(10)

, where N is the number of motes in the LOC. If all motes

are compromised at one location, the N (N2+1) equations will
be gained by malicious motes. Suppose that one open access
area has the location number, N1 , and each location has N2
motes (N1 N2 ) The total N12N2 (N1 + N2 + 2) equations for
one open access area can be constructed when all motes are
compromised. Because one MCD for one access area is setup
with coefficients of a t-degree trivariate polynomialwithout

of
location information and pseudo index, the number t+3
t
different coefficients for the polynomial is distributed. The
minimum polynomial degree t* must satisfy the inequality:

3
(11)
1.8171N2 = 3!N2 t
, where N2 is the maximum number of WSM motes in one
location of the open area.
A symmetric pairwise key can be established between two
valid MCDs depending on the aid of the third party and a pair
request, RREQpair , signed by the source MCD. Two or more
compromised participants can maliciously obstruct the routing
with a pair request. Suppose the probability of compromising
one MCD is p. A route path between the M CDi and M CDj
consists m participants. The probability that the MCDs cannot
establish a shared key, Keyi,j , with the route can be calculated
as:
(12)
Pc = 1 (1 p)m
A route between the M CDi and M CDj will be re-discovered
based on the ARAN protocol. With the protocol in the
mobile computing network tier, an unauthorized MCD cannot
participate in data routing and data transmission from other authenticated MCDs connected with particular WSS and WSM
nodes. An MCD authenticated by a third party holds security
information consisting of a symmetrical key shared with the
third party, a public/private key pair, and some pairwise keys
shared with other MCDs. The trusted party on the Internet
is a single point-of-failure, however, firewalls or multiple
authorities can be used to resist attacks. Based on multiple
routing packets signed with valid certificates from participants,
the secure routing scheme prevents unauthorized participation,
spoofed routing, impersonation attacks, routing alteration and
ensures non-repudiation and quickest-path discovery. Each
routing packet such as RREQ/RREP contains a nonce and
time-stamp to prevent reply attacks. However, a secure route
always exists as the number of authorized MCDs is greater
than the number of potential adversaries. Each MCD has a
secure channel with the third party after authorization. AS for

HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE

Fig. 9.

Fig. 10.

409

(Left) Average routing latency. (Right) Average end-to-end transmission of exposed data and encrypted data.

Example of ECG signal display on World Wide Web.

the attack issue on the Internet, it is beyond the scope of this

study.
B. Performance Evaluation
Two performance metrics are evaluated with the ad hoc
mode in the mobile computing network tier:
1) Average routing latency: The routing discovery time is
measured when one MCD discovers a route to another MCD
using AODV and ARAN routing protocols. The measurement
time is the average period from the time a RREQ is sent
to a corresponding RREP reply. The sending time for the
first transmission is used if retransmission occurs during the
routing discovery.
2) Average end-to-end data transmission delay: Any two
MCDs sharing a symmetrical secret key can exchange confidential physical data. One MCD transmits exposed or encrypted physical data to anther MCD along a route. The
average end-to-end delay between the data sent by the source
and data receipt by the destination is measured. This delay
period involves all of the buffering and processing delays at
participating MCDs in the transmission.
Figure 9 shows the average latency results for route discovery and data transmission between two MCDs in the ad hoc

mode. Both 8 and 12 MCDs with random mobility patterns

are organized into respective wireless ad hoc networks. The
distance between any two MCDs is ranged from 5 meters
to 100 meters when each MCD connects few WSSs with a
range lower than 10 meters, and few WSMs with a range
lower than 100 meters. Each point in the figure goes through
an average of 10 simulation runs. The speed of each MCD
ranged from 0 to 100 meters per minute. Figure 9 (Left)
shows that the average rout discovery latency using ARAN
is triple or quadruple that by AODV because each participant
for one routing packet must verify the digital signature of the
previous participant, sign the packet with its private key and
then replace the attached certificate. The signature verification
and generation at each hop causes additional delay time during
routing discovery when compared to the AODV of processing
normal routing packets. Figure 9 (Right) shows the average
latency of exposed and encrypted data transmission between
two MCDs with a shared key when an average route involves
5 participants in the 8 MCDs network, or 7 participants in
the 12 MCDs network. Using encrypted data transmission,
the physical data encryption delays from the source and
decrypting the packet at the destination are increased to close
to 50 ms. Figure 9 also presents that the time latency during

410

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 27, NO. 4, MAY 2009

routing discovery or data transmission is stable when the

mobile MCD speed is less than 60 meters per minute.
The controller box automatically and continuously transmits
the ECG signal while receiving the monitoring request from
a MCD. When an individual wears a WSS, the ECG signal
acts irregularly for few seconds (<3 second) at the beginning
due to noise and disturbance. The digital amplifier in the ADC
efficiently enlarges biomedical signals and noise signals. Although noise and disturbance are hard to eliminate completely
using a digital filter, physicians can still make a correct diagnosis with the ECG digital data from the experiment. While
the monitoring physiology data is transmitted from the WSS to
the back-end server via MCD, the server-side application can
organize the received data into graphic displays on the World
Wide Web. The heart beat/ECG peaks and body temperature
performance are displayed clearly and periodically as shown in
Figure 10. Although the belt was made of cloth the rhyme and
wave forms were still clear enough to offer clinical analysis.
For example, this figure is from a twenty-two year old female
with a normal sinus rhyme (regular P wave 90 beat/min), QRS
complex, and T wave.
The proposed system is flexible and reliable, since data
transmission in wireless sensor networks with WSS and
WSM nodes are developed according to the Bluetooth and
IEEE 802.15.4 protocols. The connection among MCDs is
established by the Wi-Fi protocol. The PDA and Laptop
applications for the proposed architecture are implemented
with Java-based Web interfaces making it portable and easy
to use.
VII. C ONCLUSIONS AND F UTURE W ORK
This study presented a healthcare monitoring architecture structured by three network tiers which are providing
pervasive, secure access to wearable sensor systems and
wireless sensor motes. This study united various wireless
techniques and adaptive encryption cryptography to promote
a convenient and secure service for timely and continual
healthcare and environment monitoring. The WSM design
involves a Bluetooth chip with enhanced security schemes and
a fabric belt integrated with two types of biomedical sensors
to provide ECG/Heart beat, and body temperature monitoring with secure transmission with low-power consumption.
Appropriate security schemes were presented for different
wireless communications in the network tiers when privacy
protection for individual health information is required. The
schemes implemented in the network tiers consist of publickey cryptography, key agreement with a third party, a secure
ad hoc routing protocol and polynomial-based encryption. The
experimental results obtained from the proposed architecture
and application revealed that the secure transmission can be
achieved without degrading much system performance.
Two future directions for this study are to develop IPv6enable sensor networks and to integrate biomedical sensor
systems with positioning functions. The 6LowPAN [34] extends WSN to the network by allocating IPv6 addresses to
sensor nodes according to IEEE 802.15.4, that can increase the
reachable range within sensor networks. Auto configuration,
mobility management, and security issues are main concerns

when the IPv6 over IEEE 802.15.4 are implemented into

sensor nodes. Furthermore, biomedical sensor positioning is
a foundational and crucial subject for detecting the location
of elderly or chronic patients at any place, at any time. The
global positioning system, multidimensional scaling, or radiofrequency identification techniques can be also applied to
biomedical sensor systems.
R EFERENCES
[1] J. A. Gutierrez, M. Naeve, E. Callaway, M. Bourgeois, V. Mitter, B.
Heile, IEEE 802.15.4: A Developing Standard for Low-Power LowCost Wireless Personal Area Networks, IEEE Network, vol. 15, no. 5,
pp 12-19, Sep., 2001.
[2] H.C. Huang, J.W. Din, Y.M. Huang, An Implementation of Batteryaware Wireless Sensor Network Using ZigBee for Multimedia Service,
Int. Conf. Consumer Electronics, 2006, pp. 369-370.
[3] V. Shnayder, B.R. Chen, K. Lorincz, R.F. Thaddeus. F. Jones, and M.
Welsh, Sensor Networks for Medical Care, Harvard Univ., Tech. Rep.
TR-08-05, April 2005.
[4] A. Wood, G. Virone, T. Doan, Q. Cao, L. Selavo, Y. Wu, L. Fang, Z. He,
S. Lin, and J. Stankovic, ALARM-NET: Wireless Sensor Networks for
Assisted-Living And Residential Monitoring, Dept. Computer Science,
Virginia Univ., Tech. Rep. CS-2006-11, 2006.
[5] Crossbow Technology, Inc. MICA2 Series. [Online]. Available:
http://www.xbow.com/Products/productsdetails.aspx?sid=72.
[6] Crossbow Technology, Inc. MICAz ZigBee Series. [Online]. Available:
http://www.xbow.com/Products/productsdetails.aspx?sid=101.
[7] J. Polastre, R. Szewczyk, and D. Culler, The Mote Revolution: Low
Power Wireless Sensor Network Devices, in Proc. Hot Chips: A Symposium on High Performance Chips, July 2004.
[8] J. Polastre, R. Szewczyk, and D. Culler, Telos: enabling ultra-low power
wireless research, in Proc. 4th Sensor Networks, 2005, pp. 364-369.
[9] M. Leopold, M. B. Dydensborg, and P. Bonnet, Bluetooth and sensor
networks: a reality check, in Proc. 1st Int. Conf. Embedded Networked
Sensor Systems, November 2003, pp.103-113.
[10] K. Malasri, L. Wang, Addressing security in medical sensor networks,
ACM SIG-. MOBILE HealthNet Workshop, June 2007.
[11] H. S. Ng, M. L. Sim, and C. M. Tan, Security issues of wireless sensor
networks in healthcare applications, British Telecom Technology Journal,
vol. 24 no. 2, Apr. 2006, pp. 138-144
[12] O.G. Morchon, H. Baldus, D.S. Sanchez, Philips Res. Labs., and
Aachen, Resource-efficient security for medical body sensor networks,
Int. Wksp. on Wearable and Implantable Body Sensor Networks, April,
2006.
[13] S. L. Chen, H. Y. Lee, C. A. Chen, C. C. Lin, and C. H. Luo, A Wireless
Body Sensor Network System for Healthcare Monitoring Application,
IEEE Biomedical Circuits and System Conf., Canada, Nov. 2007 pp. 243246
[14] B. Zhou, C. Hu, M.Q.-H. Meng, H.B. Wang, R. Guo, A wireless sensor
network for pervasive medical supervision, in Proc. ICIT 07 IEEE Int.
Conf. Integration Technology, Shenzhen, China, March, 2007.
[15] M.M. Haque, A.-S.K. Pathan, Securing U-Healthcare Sensor Networks
using Public Key Based Scheme, in Proc. 10st Int. Conf. Advanced
Communication Technology, 2008, pp.1108-1111.
[16] F. Hu, M. Jiang, M. Wagner, D.C. Dong, Privacy-preserving telecardiology sensor networks: toward a low-cost portable wireless hardware/software codesign, IEEE Trans. Inform. Technol. Biomed., vol. 11,
no. 6, pp. 619-627, 2007.
[17] P. Hamalainen, N. Liu, R. Leppisaari, M. Hannikainen, T.D.
Hamalainen, Design and implementation of an enhanced security layer
for bluetooth, 8th IEEE Int. Conf. Telecommunications, Zagreb, Croatia,
2005, pp. 575-582.
[18] D. Kugler, Man in the middle attacks on bluetooth, in Proc. 7th Int.
Financial Cryptography Conf., French West Indies, Jan. 2003, pp. 149161.
[19] L. Nguyen, R. Safavi-Naini, W. Susilo, and T. Wysocki, Secure
authorization, access control and data integrity in Bluetooth, in Proc.
10th IEEE Int. Conf. on Networks, Singapore, Aug. 2002, pp. 428-433.
[20] Suri, Pushpa R. Rani, Sona, Bluetooth security - need to increase the
efficiency in pairing, IEEE Southeastcon, April 2008, pp. 607-609.
[21] M. Markovic, On Secure e-Health Systems, Springer-Verlag (LNCS
4302), 2006, pp. 360-374.
[22] W. J. Song , S. H. Son, M. Choi, and M. Kang, Privacy and security
control architecture for ubiquitous RFID healthcare system in wireless
sensor networks, In Proc. IEEE ICCE 2006, Jan., 2006, pp. 239-240

HUANG et al.: PERVASIVE, SECURE ACCESS TO A HIERARCHICAL SENSOR-BASED HEALTHCARE MONITORING ARCHITECTURE

[23] Y. Zhou, Y. Fang, A two-layer key establishment scheme for wireless

sensor networks, IEEE Trans. Mob. Comput., vol. 6, no. 9, pp. 10091020, 2007.
[24] M.Y. Hsieh, Y.M. Huang, and H.C. Chao, Adaptive security design with
malicious node detection in cluster-based sensor networks0, Computer
Communications, vol. 30, pp. 2385-2400, Sept. 2007.
[25] A. D. Jurik, A. C. Weaver, Remote Medical Monitoring, Computer,
vol. 41, no. 4, pp. 96-99, April 2008.
[26] D. O. Kang, H. J. Lee, E. J. Ko, K. Kang, and J. Lee, A wearable
context aware system for ubiquitous healthcare, in Proc. 28th IEEE
EMBS Annual Int. Conf., August 2006, pp. 5192-5195.
[27] Y.C. Hu, A. Perrig, and D. B. Johnson, Ariadne: a secure on-demand
routing protocol for ad hoc networks, ACM and Springer Wireless
Networks, vol. 11, pp. 21-38, Jan. 2005.
[28] K. Sanzgiri, B. Dahill, D. LaFlamme, B. N. Levine, C. Shields, and E.
Belding-Royer, A secure routing protocol for ad hoc networks, In Proc.
IEEE Int. Conf. Network Protocols, 2002, pp. 78-89.
[29] Y. Shaked, and A. Wool. Cracking the Bluetooth PIN, In Proc. 3rd
USENIX/ACM Conf. Mobile Systems, Applications, and Services, Seattle,
WA, June 2005, pp. 39-50.
[30] Bluetooth SIG, Bluetooth Security, ver. 1.1, pp. 148-180, Feb. 2001.
[31] Johnson, and Maltz (1998). The dynamic source routing protocol
for mobile ad hoc networks. IETF Internet Draf. [Online]. Available:
http://www.ietf.org/internetdrafts/draft-ietf-manet-dsr-01.txt.
[32] C. Perkins, E. Royer, Ad hoc on-demand distance vector routing, In
Proc. 2nd IEEE Workshop on Mobile Computing Systems and Applications, 1999, pp 90-100.
[33] National Institute of Standards and Technology (NIST). FIPS PUB 197,
Specification for the Advanced Encryption Standard (AES), November
2001.
[34] N. Kushalnagar, G. Montenegro (2006), 6lowpan: Overview, Assumptions, Problem Statement and Goals, IETF draft. [Online]. Available:
http://www.ietf.org/rfc/rfc4919.txt

Yueh-Min Huang is a Distinguished Professor

and Chairman of the Department of Engineering
Science, National Cheng-Kung University, Taiwan,
R.O.C. His research interests include multimedia
communications, wireless networks, artificial intelligence, and e-Learning. He received his MS and
Ph.D. degrees in Electrical Engineering from the
University of Arizona in 1988 and 1991 respectively.
He has co-authored 2 books and has published
about 200 refereed professional research papers. Dr.
Huang has received many research awards, such as
the Best Paper Award of 2007 IEA/AIE Conference, Best Paper Award of
the Computer Society of the Republic of China in 2003, the Awards of Acer
Long-Term Prize in 1996, 1998, and 1999, Excellent Research Awards of
National Microcomputer and Communication Contests in 2006. Dr. Huang
has been invited to give talks or served frequently in the program committee
at national and international conferences. Dr. Huang is in the editorial
board of the Journal of Wireless Communications and Mobile Computing,
Journal of Security and Communication Networks and International Journal
of Communication Systems. Huang is a member of the IEEE as well as IEEE
Communication, Computer, and Circuits and Systems Societies.

411

Meng-Yen Hsieh received his BS degree in Information Engineering and Computer Science from
Feng Chia University, Taiwan, in 1999; the MS
degree in Computer Science and Information Engineering from National Central University, Taiwan, in
2001; the Ph.D. degree in Engineering Science from
National Cheng Kung University, Taiwan, 2007. He
is currently an assistant professor in the department
of Computer Science and Information Engineering
at Providence University. His research interests include wireless security, sensor network applications,
and software engineering applications.

Han-Chieh Chao received the B.S. degree in Electrical Engineering from National Cheng-Kung University, Taiwan, in 1985; the MESS and Ph.D.
degrees in Electrical Engineering from Purdue University, Indiana, USA, in 1989 and 1993, respectively. He is currently a jointly appointed professor
in the institute and department of electronic engineering and the institute of Computer Science and
Information Engineering at National Ilan University,
Taiwan; jointly adjunct professor in the institute
and department of electrical engineering at National
Dong Hwa University, Taiwan; and honorary adjunct professor in Beijing
Jiaotong University (211 University), Xiamen University (985 University),
Lanzhou University (985 University) and Yantai University, China. He serves
as director of computer center at Ministry of Education, Taiwan; and the
dean of college of Electrical Engineering and Computer Science, National
Ilan University, Taiwan. Dr. Chao has published more than 200 academic
papers in journals, books and conference proceedings. He is a fellow of
IET and Fellow and Chartered IT Professional of British Computer Society.
His research interests include wireless and mobile computing, high speed
networks, IPv6 and digital arts technologies.

Shu-Hui Hung received her BS degree in Information Engineering from Eastern Washington University, Washington, U.S.A. in year 1993. She received her MS degree in Mathematic and Computer
Science Education from Oregon State University,
Oregon, U.S.A. in 1997. Since 2002, she has been
an associate researcher in Department of Bio &
Medical Information Science, National Center for
High-performance Computing, Taiwan, R.O.C. She
is currently working toward her PhD degree in
Department of Engineering Science, National Cheng
Kung University, Taiwan, R.O.C. Hungs research interests include medical
/health information, wireless transmission.

Jong Hyuk Park received his Ph.D. degree in

Graduate School of Information Security from Korea
University, Korea. Before August, 2007, he had been
a research scientist of R&D Institute, Hanwha S&C
Co., Ltd., Korea. He is now a professor at the
Department of Computer Science and Engineering,
Kyungnam University, Korea. Dr. Park has published
many research papers in international journals and
conferences. He has been served as Chairs, program
committee or organizing committee chair for many
international conferences and workshops. Dr. Park
is editor-in-chief of the International Journal of Multimedia and Ubiquitous
Engineering (IJMUE), the managing editor of the International Journal of
Smart Home (IJSH), and Associate Editor of Security and Communication
Networks (SCN). In addition, he has been served as a Guest Editor for international journals by some publishers: Oxford, Emerald, Hindawi, Springer,
Elsevier, John Wiley, Inderscience, SERSC. Moreover, he is a member of the
Task Force in the IEEE IUC. He has won a Best Paper Award of the 2nd
International Conference on Information Security and Assurance, 2008. Dr.
Parks research interests include Digital Forensics, Security, Ubiquitous and
Pervasive Computing, Context Awareness, Multimedia Service, etc.