2016 International Conference on Computer, Mechatronics and Electronic Engineering (CMEE 2016) ISBN: 978-1-60595-406-6 The Data Aggregation Privacy Protection Algorithm of Body Area Network Based on Data Partitioning Yi-long CHEN 1,*, Jian LIU 2, Xin-rong WEN 3, Juan LEI 4 and Zhu ZHU 5 1,2,3 State Grid Chongqing Electric Power Co. Information and Telecommunication Branch, Chongqing, China 4,5 State Grid Chongqing Electric Power Co. Electric Power Research Institute, Chongqing, China *Corresponding author Keywords: Wireless body area network, Privacy protection, Data aggregation. Abstract. As a new network, the body area network is widely used in the field of health care, emergency rescue and so on. In the practical application, a large number of data collected by the body area network are closely related to user's personal privacy. However the body area network is an open environment. When transmitted in the network, the user's privacy data is vulnerable to the attacker's eavesdropping, tampering and other security threats. At the present stage, the research of the body area network mainly focuses on the system architecture and node energy consumption, the studies of security aspect of user privacy data is relatively few. This paper puts forward The data aggregation privacy protection algorithm of body area network based on data partitioning based on the above problem, this algorithm uses data partitioning strategy to deal with privacy data, and combines encryption theory to achieve security aggregation of user privacy data of the body area network security aggregation. The result not only improves effectively the privacy protection of the user data of body area network, but also reduces data redundancy and the traffic of the nodes. Introduction Wireless body area networks (referred to as WBAN or BAN) are the wireless networks that are in the body. The word was first proposed by Van with others [1], and has attracted the interest of some researchers. It is a branch of wireless sensor network (WSN). Multiple WBAN can form the Health Care System. The intelligent sensor nodes are integrated into the user's body and body surface to achieve the purpose of monitoring the relevant data information of the user. Every sensor node has a certain data processing capacity, it can send the collected user data to the medical data center for further diagnosis and treatment. However, various kinds of attacks and hacking technology have become complex and diverse, they bring great challenges to the traditional data privacy protection mechanism. The openness of WBAN in wireless space makes the privacy data vulnerable to be eavesdropped, tampered and so on. These data plays a very important role in the diagnosis and treatment of patients, and it is directly related to the patient's health and life. In order to give the patient an efficient and valuable help, the protection of security and privacy must be provided. This paper puts forward the Body Area Network (BAN) data aggregation privacy protection algorithm based on data partitioning for the view of the above problems. The algorithm uses data partitioning strategy to deal with the privacy data, and it combines encryption theory to achieve the security aggregation of user s privacy data in BAN. The result not only effectively improves the privacy protection of the user data of BAN, but also reduces the data redundancy and the traffic of the nodes. The rest of the paper is organized as follows: the second part is the related work; the third part describes the algorithm implementation process; the fourth part is the analysis of the performance of the algorithm; the fifth part is the summary of this paper and the future work. Related Work The categories of existing wireless body area network data privacy protection method can be divided into two types: one is the wireless body area network data privacy protection based on the
traditional cryptography, and the other method is the wireless body area network data privacy protection method based on a unique physiological signal. The first method is mostly based on the improvement and optimization of the cryptographic techniques. The literature[2] had analyzed and summarized the security threats and requirements of WBAN,and also proposed the security system architecture for wireless body area network application. In literature[3] proposed an encryption algorithm based on identity policy which makes the process of key management simplified. Although these schemes have some generality, all of these excessively depend on the traditional cryptography technology, which leads to their limited performance. The second method is to make full use of the WBAN data, that is, the true identity of the user is authenticated by user physiological information which is obtained by the acquisition node, so as to achieve the purpose of user data information security protection. For the similarity of the user's physiological information collected by the sensor nodes in WBAN in the literature [4], it used fuzzy theory to realize the key negotiation, and proposed a key agreement scheme based on physiological signals, the scheme can not only effectively complete the key agreement, but also realize the identity authentication of users. Through the analysis of the above research status, it can found that the wireless body area network user data privacy security research is relatively few at the present stage. It comes down to two main reasons: one is medical application facing to the wireless body area network system architecture is not perfect and need to be analyzed in the future; on the other hand, many users do not realize the importance of the security of personal data privacy. So it is necessary to study the wireless body area network data privacy protection scheme which is application of pervasive medical. Algorithm Specific Implementation The body area network data fusion privacy protection algorithm based on data slice is referred to as data aggregation privacy protection mechanism (DAPP). The specific implementation includes five stages: (1) the key establishment stage; (2) the key update stage; (3) the data partitioning stage (4) the data classification and transmission stage; (5) the data decryption and integrity testing stage. In the key establishment stage, in order to ensure the security of the user's privacy data transmission, we assume that the original data collected by all nodes is safe. In order to make full use of symmetric encryption and asymmetric encryption advantages, it uses symmetric encryption algorithm to protect user privacy data of the first layer in the acquisition node of the perception layer, and uses non symmetric encryption algorithm in the medical data center of application layer, and then disclosures the public key. The node key generation process can be transformed into flow chart as shown in Figure 1. In the key update stage, the key changes in the program mainly with the acquisition of data showing a dynamic change. There are two kinds of nodes in the wireless body area network: one is the active node, and the other one is the sleeping node. When the acquisition nodes to collect new data, first determine data content and is the same as before, if the latest data to extract characteristic values, and then the random number with the private key to get an update after treatment. When the acquisition nodes collect new data, firstly it determines whether the content of the data is the same with the previous data. If it is the new data, extracting characteristic values from it. And then it can be processed with random number to get a new private key. The specific update process as shown in Figure 2. Acquisition node Random number Characteris tic value Hash function Hash function Figure 1. Key generation process. Symmetric key
Start No Node dormancy No Active node Yes Collecting data Data update Random number H( ) Yes Mode 2 operation H( ) The secret key update End Figure 2. Key updating process. In the data partitioning stage, after each data acquisition node key is established, in order to prevent the node from being captured by the attacker, the integrity of the data is tampered with the data injection means. It deals with the data collected by each node using the technology of segmentation and reorganization, the basic idea is: each data acquisition node divides the original data into n data partitioning (pieces) randomly, and then the node private key is used to encrypt n 1 data partitioning, after that they are sent to the adjacent n 1 acquisition nodes, each acquisition node will seek the sum of all the partitioning and send them to the cluster head (PDA) for classification and processing, finally PDA sends all data encrypted by the public key to the remote terminal. It assumes that the number of acquisition nodes is n 5 ( n represents the number of all the acquisition nodes in the body area network), and the data partitioning of acquisition nodes is J 3. The specific implementation process is shown in Figure 3. After mixing, each node forwards all the data locally stored to the cluster head, which is further processed by the cluster head. Specific mixing and sending process as shown in Figure 4. PDA d 11 1 d 12 d 21 2 d 22 d 32 d 33 3 d 41 d 14 4 d 42 d 52 d 25 d 35 Figure 3. The data partitioning process. 5 d 53 d44 d55 f f1 f2 f3 f4 f5 PDA 1 f1 d11 d d 21 41 2 f2 d12 d d d d 22 32 42 52 3 f d d 3 33 53 4 f d d 4 14 44 5 f5 d d d 25 35 55 Figure 4. Data mixing and transmission. In the data classification and transmission stage, the sensor nodes send the collected data to the mobile phone/pda, mobile phone/pda as the access point outside classify the received data, then it transmits the processing results encrypted by the public key to a remote processing center, that is classifying the encryption data partitioning of the first layer of WBAN to restore the original data for each node and then transmitting the encrypted original data directly to the remote information processing center. The specific classification process is shown in Figure 5.
Figure 5. The classification and transmission of the data. In the data decryption and integrity testing stage, decryption principle: the data decryption processing is completed by the powerful performance of the medical data processing center. Firstly, the non symmetric encryption mechanism is used to decrypt the received data blocks, and finally, the private key of each node is obtained. Secondly, to obtain the private key, it uses the symmetric encryption mechanism decrypt the obtained user's privacy data, and then to get the real data of each acquisition node. Since it has done a hash of each node's privacy data, so it can perform integrity testing in the medical data processing center to ensure the integrity of the node privacy data. Performance Analysis of Algorithms The analysis will be further on the performance, this section mainly from two aspects of analysis, including: privacy protection analysis, data traffic analysis, and compared with the CPDA (private data aggregation cluster-based) protocol proposed by He W. et al[5]. The first is privacy protection analysis. For data aggregation privacy protection, in WBAN environment, when aggregated data transmission in the network, they are vulnerable to monitor communication link or the collusion attack by malicious attackers. In order to protection of privacy and making analysis, it is necessary to carry out the relevant setting, in particular: the probability of the safety communication link between the two sides of communication attacked by the attacker is q which is equivalent to the local collection node key is guessed; when the node key is guessed, then the probability of the user's privacy data collected by the node is Pq ( ). It will calculate and analyze the privacy protection of DAPP algorithm and CPDA algorithm and then it can get the results as shown in figure 6. It can be seen from the figure, the guessed probability Pq ( ) of the user privacy data of the two algorithms increases with the increasing of the value of the probability q that the security of the communication link is broken, but it can see that the growth of the value Pq ( ) of the CPDA algorithm is significantly bigger than the value Pq ( ) of the DAPP algorithm. In general, the value of the probability q that the security of the communication link is broken are the same, the user data privacy protection of the DAPP algorithm is better than the CPDA algorithm. The second is data traffic analysis. Comprehensive analyzing of the data traffic of the two algorithms, it can get the results shown in figure 7. As it can be seen from the graph, the data communication of the two algorithms is increasing with the increasing of the number of nodes in the sensing layer, however, the growth rate of DAPP algorithm is relatively balanced, which shows
P(q): probability of private data being captured Data traffic of all nodes that the energy consumption of the algorithm is relatively stable, while the CPDA algorithm is obviously an increasing trend, indicating that the energy consumption is restricted by the number of nodes. And when the acquisition node number less than 5, two kinds of algorithm of energy consumption don't have a big difference when the number of nodes is greater than 5, the amount of communication traffic of CPDA algorithm is higher than that of DAPP algorithm. 0.004 CPDA DAPP 300 CPDA DAPP 200 0.002 100 0.000 0 0.00 0.02 0.04 0.06 0.08 0.10 q: probability of a secure link being cracked 0 5 10 15 n: acquisition node number Figure 6. Comparison of data privacy protection. Figure 7. Comparison of data traffic. Summary According to the wireless body area network security requirements, this paper designs body area network data fusion privacy protection method based on data partitioning. The main method is combined with the use of symmetric key and asymmetric key to encrypt user data, and in the process of data transmission, the data is processed by the segmentation and recombination technology. This technology can defend node capture attack more effective, finally to realize safe aggregation of user data under the privacy of data acquisition node condition. And it also analyzes the privacy protection and data traffic of the method. But when extracting the biometric signal, the sign considered parameters are too single, it is necessary to consider various parameters of the human body signs in the latter part of the work; due to the limitations of experimental conditions, when analyzing performance, it only has carried on the analysis of traffic data and privacy protection, ignores the verification of data accuracy. It needs to be improved at the later work. Acknowledgement The authors acknowledgement support from the Science Technology Project of State Grid Chongqing Electric Power Company (No.2016 Yudiankeji 18). References [1] Van Dam K, Pitchers S, Barnard M, Body area networks: Towards a wearable future, Proc. WWRF kick off meeting, Munich, Germany, 2001, pp. 6-7. [2] Kai Zhu. Research on authentication method of wireless body area network, Xi'an Electronic and Science University, Xi'an, 2013. [3] Jang C, Lee D G, Han J. A proposal of security framework for wireless body area network, Security Technology, 2008. SECTECH'08. International Conference on. IEEE, 2008, pp. 202-205. [4] Paterson K G, Price G. A comparison between traditional public key infrastructures and identity-based cryptography, ISTR, 8(2003) 57-72. [5] He Wen Bo, Liu Xue, Nguyen H, et al. PDA: Privacy-preserving data aggregation in wireless sensor networks INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, 2007, pp. 2045-2053.