A Survey on Wireless Body Area Networks (WBAN) PDF

Summary

This survey paper examines the challenges and applications of wireless body area networks (WBAN). It delves into the importance of WBAN in real-time health monitoring and remote healthcare, citing advantages like low-power design and miniaturization of sensors. The paper also explores security and authentication aspects within WBAN, along with various related protocols and challenges like network partitioning and quality of service.

Full Transcript

Cyber Security and Applications 2 (2024) 100047

Contents lists available at ScienceDirect

Cyber Security and Applications
journal homepage: http://www.keaipublishing.com/en/journals/cyber-security-and-applications/

A survey on exploring the challenges and applications of wireless body
area networks (WBANs)
Arun Sekar Rajasekaran a, L. Sowmiya b, Azees Maria c,∗, R. Kannadasan d
a
Department of ECE, SR University, Warangal, 506371, Telangana, India
b
Department of ECE, KPR Institute of Engineering and Technology, Coimbatore, India
c
School of Computer Science and Engineering, Inavolu, Beside AP Secretariat, VIT-AP University, Andhra Pradesh 522237, India
d
Department of Software systems, School of Computer Science and Engineering, VIT University-Vellore 632014, Tamilnadu, India

a r t i c l e i n f o a b s t r a c t

Keywords: Networks play an important role in the day-to-day life of every individual. Networks are involved in the trans-
Quality of service mission of necessary information between the sender and receiver in the channel. Wireless Body Area Network
Routing protocol (WBAN) is a major advancement in the field of network communication. Due to the arrival of the Micro Electrome-
Sensors
chanical System (MEMS) and several intelligent sensors, collaboration with WBAN makes accurate predictions of
Security
parameters in the human body. WBAN has numerous applications in medical and non-medical fields. WBANs have
Wireless body area network
demonstrated remarkable capabilities in real-time health monitoring, facilitating the collection of vital physiolog-
ical data from individuals in diverse environments. Firstly, their low-power and energy-efficient design ensures
prolonged device operation, making them suitable for continuous monitoring over extended periods. Addition-
ally, the miniaturization of sensors and the integration of wireless communication technologies enable seamless
data transmission to centralized healthcare systems. Furthermore, the integration of artificial intelligence and
machine learning algorithms in WBAN systems has enabled personalized health analytics, allowing for more pre-
cise and context-aware health monitoring. This paper gives a survey of the WBAN standard, security in WBAN,
several authentication approaches, routing, and MAC protocols. In addition, this paper describes the challenges
faced by WBAN, such as network partitioning, changes in postures, lifetime issues, and quality of service (QoS).
At last, the advancement in WBAN is for future improvement in the area of body area networks.

Introduction the body and storing it in the medical records present in the internet
cloud.
In this world, medical healthcare services are mainly provided for In modern days, remote healthcare systems have become popular
physically challenged people, elderly people, and newborn babies. Many among people due to the arrival of pandemics. So, there is a need for
people died because of coronary heart, kidney, cerebrovascular dis- a medical practitioner who can detect and analyze the cause of deadly
eases, and several types of cancer. Earlier detection of these chronic diseases and give solutions and precautions according to them. The lifes-
diseases can prevent people from dying at the initial stage. Many scien- pan of the world population above the age of 60 is analyzed. In 2017,
tists, financial experts, and entrepreneurs focus on developing a futur- the death rate from chronic diseases such as cancer and heart disease
istic healthcare model to increase the emergence of several epidemics, were said to be 70%. In 2017, the elderly death rate was reported to
endemics, pandemics, and attacks of several diseases. Due to the exist- be 9.62%. It will gradually increase in the year 2050 to 21.1%, and in
ing crisis of several pandemic eras, many people tend to die because the year 2100, it is expected that the increase in the death rate will be
of the spreading of cruel pandemic diseases and are left with finan- 31.1%. Due to the rapid increase in the growing population, it is ex-
cial scarcity. Because of these problems, financial experts provide pected that the need for healthcare will also increase rapidly, and there
innovative and optimal solutions for managing budgets during pan- will be a heavy monetary scarcity in the future, as per the records. So,
demics by analyzing the health records of people. Many scientists, re- developing a suitable and futuristic healthcare system is necessary for
searchers, and entrepreneurs are developing solutions for the emer- developing generations of evolution. Information and communication
gence of these crises by continuously monitoring the real-time data of technology (ICT) over the past years has led to tremendous develop-

Peer review under responsibility of KeAi Communications Co., Ltd.
∗
Corresponding author.
E-mail address: [email protected] (A. Maria).

https://doi.org/10.1016/j.csa.2024.100047
Received 2 December 2023; Received in revised form 25 January 2024; Accepted 4 March 2024
Available online 5 March 2024
2772-9184/© 2024 The Authors. Publishing Services by Elsevier B.V. on behalf of KeAi Communications Co., Ltd. This is an open access article under the CC BY
license (http://creativecommons.org/licenses/by/4.0/)
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

ment in diagnosing diseases that occur in patients and monitoring their mainly used for wireless sensors. Due to various standards, the standard
health condition with the help of data collected by wireless sensor de- is chosen by application requirements in order to find a better solution
vices. Correspondingly, the life time of the patient has increased and he for the challenges the user faces. WBAN provides various new applica-
gets relief from several chronic diseases [3,4]. tions and creates a tremendous amount of market availability. So, the
In order to meet the lifespan expectations of patients, a good health- marketing opportunities for WBAN increase with the expansion of con-
care system must have properties such as superior communication net- sumer electronics. This will pave the way for creating many new
works, adaptability, and user friendliness. These conditions can be generations of intelligent systems to improve a person’s quality of life.
achieved by a wireless body area network (WBAN). In WBAN, security WBAN is not only used in medical applications but also in other ap-
plays a key role. By transferring the data from the medical practitioner plications such as defence, entertainment, sports, etc. Moreover, WBAN
to the patient, the attacker can easily hack the data from the medical is useful for elderly patients who are unable to visit the medical practi-
practitioner and alter the data sent. On the other hand, he can also act tioner at a specific time and disabled people who have difficulties vis-
as a medical practitioner and send data to patients. However, end-to- iting the medical practitioner. Further, physiologically and psychologi-
end security should be maintained in order to prevent several types of cally challenged people can also make use of WBAN. Medical practition-
attacks. ers may use WBAN when appropriate medical equipment is not avail-
For this problem statement, the rise of recent developments in the able or in demand during a critical situation. The advantages of
area of microelectronics and the increase in the number of smart low- WBAN are low power consumption, low computation, and communica-
power sensors have defined the idea of using WBAN. As well, in tion overhead. Further, security in WBAN is very high when compared
some chronic diseases, the root cause of the disease affected in patients to other wireless systems.
cannot be found by traditional practitioner methods. WBAN uses sensors The main contributions in this paper are to explore the main chal-
that can detect and monitor different types of parameters in the patient’s lenges existing in the mechanisms of WBAN. Surveys provided by many
body. These detected parameters can diagnose several chronic diseases authors did not mention any advancements in WBAN. Many survey ar-
and diseases that cannot be cured easily. ticles mentioned only the model and its applications. Moreover, it is im-
WBAN is basically a type of network that communicates between portant to analyze the research issues of WBAN and improve the model
human and computer interfaces with the help of wireless sensors. In of WBAN. When the WBAN model is improved, it can be used in
WBAN, a small wearable sensor is used to monitor blood pressure and many medical and industrial areas.
sugar levels and provide accurate data to the medical practitioner. This paper mainly focuses on a survey of WBAN, discusses various
WBAN consists of tiny sensors that can be fixed inside and outside of applications, gives clarifications to increase security in WBAN, and the
the human body to detect the vital parameters of the patient’s body. major contribution is described as follows:
WBAN gives higher mobility and authenticity to the entities present in
the network channel. WBAN sends the live readings of bio signals gen- The different methods (security, authentication, routing protocol,
erated by the patient’s body to the sink node. The readings of the sensor MAC protocol, address allocation, frequency bands, communication
node depend upon the temperature, heart rate, and many other param- channel, and research issues) in WBAN are discussed.
eters of the patient’s body. If any of the parameters in the patient’s body Analyzing different applications (asthma monitoring, cancer and
change, the readings of the sensor nodes change accordingly. tumor recognition, telehealth technologies, and disaster cases) by
In this current age, researchers focus on building an architecture WBAN in both the medical and non-medical fields.
framework for WBAN, which enlarges technological demands for the To give a detailed perception of the challenges (network partition-
applications of healthcare systems. WBAN gives real-time data to med- ing, lifetime issues, and irregular postural movement) that are faced
ical practitioners and instantaneous monitoring of the patient. Though in the protocols of WBAN.
WBAN does excellent work in providing real-time and accurate param- To inquire about advancements (quantum cryptography, virtual re-
eters of the disease, it may face various types of problems, including ality, and artificial intelligence (AI), Energy harvesting, multisensory
efficiency, data loss, privacy, and quality of service (QOS). Many re- fusion) in WBAN.
searchers develop solutions for these problems and establish a greater
This paper includes other sections, such as Section 2, which dis-
number of systems to enhance the security and protection of data in
cusses the overview of WBAN. Section 3 is about WBAN types and clas-
WBAN. WBAN performs several functions, such as sampling, process-
sifications. Section 4 explains the traffic and sensor classifications of
ing, monitoring, and transferring real-time data, so that the medical
WBAN. Section 5 describes the security in WBAN. Section 6 elucidates
practitioner can analyze the patient’s data without any contact with the
the data authentication in WBAN. Section 7 discusses the WBAN rout-
patient. WBAN is flexible and allows the patient to be mobile. If any in-
ing protocol. Section 8 describes the low-power techniques involved in
convenience or attack occurs between the network channels, it not only
WBAN. Section 9 discusses the challenges involved in address allocation
affects the patient but also medical practitioners. WBAN can be resistant
in WBAN. Section 10 discusses the frequency bands and communication
to various attacks, such as internal and external attacks [7,8].
channels of WBAN. Section 11 discusses the MAC protocol. Section 12
In wireless sensor networks (WSN), the size of the sensor nodes is
explains the faults in WBAN. Section 13 is about the research issues at
large when compared to WBAN. The node density of WSN is 256; in
WBAN. Section 14 describes the WBAN applications. Section 15 briefs
contrast, WBAN has nodes less than 64. The communication range of
the advancements in WBAN, followed by a case study in Section 16 and
WSN is between 10 and 100 m, whereas in WBAN it is 2 m and 5 m.
finally, Section 17 concludes the survey paper.
The data rate of WSN is 250 kbps, and the data rate of WBAN is 1 kbps–
10 kbps. From the above comparison, WBAN usage is better than WSN.
Furthermore, WBAN is more reliable and steadier than WSN. In ad- Overview of WBAN
dition, WBAN uses bands such as wireless medical telemetry services
(WMTS) and medical implant communications services (MICS). This section represents the architecture of WBAN, the topology of
In recent times, WBAN has provided better solutions for many exist- WBAN, IEEE 802 layers, and IEEE 802.11 standards. WBANs have sev-
ing diseases, like influenza, yellow fever, and COVID-19. It reduces the eral unique characteristics that differentiate them from other wireless
time taken for patient monitoring and provides a better quality of life for networks. The development of WBAN technology has opened up new
the patient. WBAN can be connected to the internet and other wireless possibilities for healthcare, including remote monitoring, early detec-
devices such as Zigbee, Bluetooth, and other cellular networks. Blue- tion of health problems, and more personalized care. As WBANs con-
tooth Low Energy (BT-LE) uses ultra-low energy demand specifications tinue to advance, they are likely to play an increasingly important role
of technology in Bluetooth, aiming at various types of applications and in healthcare and other industries.

2
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 1. Three tier architecture of WBAN.

Architecture of WBAN 802.11 is to interpret the data rate and frequency band of the data that
is transmitted. In the data link layer, the logical link control layer and
WBAN is a three-tier architecture; in the first tier, a set of sensors the MAC layer are present. Logical link control layers carry out the main
are embedded into the human body, and they are used to collect sen- task of error control. The MAC layer consists of lower and upper sub-
sitive data from the human body. In the second tier, the collected layers. The lower sublayer is named the Distributed Coordination Func-
sensitive data is transmitted through a communication medium to the tion (DCF). An Ethernet-based contention algorithm distributes access
hospital medical server, and processing of the data is done. In the third to available traffic in the lower sublayer. The upper sublayers consist of
tier, the collected data will be available on the medical server, where the Point Coordination Function (PCF) algorithm. The upper sublayer al-
medical practitioners can check the patient’s condition. The three-tier gorithm brings the contention-free methods from polling stations. High-
architecture of WBAN is shown in Fig. 1. priority-based traffic uses this type of sublayer. Moreover, WBAN prefers
the MAC layer for communicating patient data since the MAC layer is
Topology of WBAN used for short-range wireless communication systems. Protocols in the
MAC layer satisfy the necessary throughput, efficiency, and security. The
WBAN uses star topology. In star topology, point-to-point connec- MAC protocol handles various types of traffic generated within WBAN.
tions take place. Each sensor node at the end of the network channel But the performance of the MAC protocol degrades when there is a rapid
is connected to the central device known as the sink node. WBAN change in the topology or when the number of node sensors increases.
employs a one-hop and two-hop star topology network. When all the In order to solve the above problems, hybrid MAC is used.
sensor nodes are directly connected to the sink, it is said to be a one-
hop topology. When sensor nodes interconnect with each other and also IEEE standards
connect with the sink node, it is referred to as the two-hop topology. Se-
lecting one or two hop topologies depends on the application of WBAN. The IEEE 802.11 standard consists of network modes that are known
Here, whenever any defect or fault happens in the data link between a as infrastructure mode, ad hoc mode, repeater mode, and bridge mode.
particular sensor node and sink node, that particular data link will be In infrastructure mode, a large number of patient systems are intercon-
affected, and it does not affect other data links that are connected to the nected with the access point (AP) in the wireless medium. Infrastruc-
sink nodes. The advantages of star topology are low establishment costs ture mode is also known as Basic Service Set (BSS). The station present
and easy management. The main drawback of star topology is that if in the BSS first transfers the data to the AP. Later, the AP delivers the
any defect takes place at the sink node, there will be no communication data to the receiver station, and this may lead to the use of two hops.
inside the network. The data gets slotted in the star topology by beacon Ad hoc mode is mainly used to communicate with wireless stations that
and non-beacon modes in superframe structures and routed for further do not use AP and directly communicate with another wireless station.
transmission. Fig. 2 gives the topology of WBAN. It can also be connected directly to wired networks. Ad hoc network,
also known as peer-to-peer mode or independent basic service set (IBSS)
IEEE 802 layers , In repeater mode, repeaters are present between two long-distance
wireless mediums. Repeaters satisfy the network gap by repeating the
The IEEE 802 standards work at the lower level of open system inter- signals. In bridge mode, a wireless bridge connects two or more net-
connect (OSI) models. These lower-level models are the data link layer works for communication.
and the physical layer. The data link layers have two sublayers, namely WBAN uses several standards, such as IEEE 802.15.4 and IEEE
logical link control and medium access control. Fig. 3 describes the 802.15.6. IEEE 802.15.4 uses protocols such as the physical layer (PHY)
lower layers involved in WBAN communication. The data link layer and and medium access control (MAC) layer for a particular range of wire-
the physical layer are the two main layers of IEEE 802. But the physical less communication. Further, it supports low power, lesser cost, and a
layer is not used frequently. The main role of the physical layer in IEEE lower bit rate. IEEE 802.15.6 standardization also provides a standard

3
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 2. Topology of WBAN.

IEEE 802.15.6 WBAN requirements
IEEE 802.15.6 is a standard for WBANs which are wireless networks
of wearable or implantable medical devices used for healthcare monitor-
ing. The standard defines the requirements for WBANs to ensure reliable
and efficient communication between devices.
Personal Device (PD): PD is responsible for collecting data from sen-
sor nodes that are attached or implanted inside the patient’s body. The
data collected from the patient’s body is stored on the personal device
and transmitted to the hospital medical server. The personal device is
otherwise known as the Personal Digital Assistant (PDA).
Sensor node: Sensor nodes that are present in WBAN gather informa-
tion when a physical stimulus happens inside or outside of the body.
Several sensor nodes commercially used are ECG, EEG, EMG, SpO2 , etc.

WBAN types and comparisons

WBANs can be classified into different types based on their specific
characteristics and applications. Here are some common types of WBANs
and comparisons between them:
Fig. 3. Layers involved in WBAN communication.
Autonomous WBAN

Autonomous WBAN makes decisions and sends the data to patients
for low power consumption. Moreover, data rates get communicated in
without the need for medical practitioners’ suggestions. In this type of
a short range and a vast range for various types of applications.
WBAN, sensors are implanted in the patient’s body and get connected
It is mainly designed for wireless communication within and outside of
to actuators for creating responses based on the medical data without a
the human body. It monitors the body’s blood pressure, sugar levels,
medical practitioner and sending the data to the patient. Autonomous
electrocardiogram (ECG), and electroencephalogram (EEG).
WBANs are used in emergency conditions.

Managed WBAN
IEEE 802.15.6 standard
IEEE 802.15.6 is categorized mainly for the use of low-power sensor Managed WBAN is a basic WBAN model. In managed WBAN, the data
nodes. The main aim of the IEEE 802.15.6 standard is to establish an collected by the sensor present in the patient body gets transferred to
international communication standard that provides short-range, con- the medical practitioner via the network channel. A medical practitioner
sumes less power, and has high reliability while setting up wireless sees the data and makes his own decision without any other suggestions.
communication outside or within the human body. It supports a wide Here, the data will be sent to a trusted patient and medical practitioner.
range of applications for numerous healthcare and non-healthcare sec- All types of medical data can be analyzed with the help of a managed
tors [17,18]. WBAN.

4
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Intelligent WBAN Implanted sensors: They are fitted into the patient’s body with the
help of surgery. An intracranial pressure sensor is a type of implanted
Intelligent WBAN is an advanced type of WBAN. In intelligent sensor. It detects the irregularities in signals that happen during brain
WBAN, a cluster of managed and autonomous Wireless Body Sensor Net- injuries. Similarly, a cardiovascular sensor, a type of implantable sensor,
works (WBSN) is present, and it is connected to the network channel. watches the tapering of the artery valves during and after angioplasty.
Intelligent WBAN is used in both normal and emergency situations. Like Ingestible sensors: They are comparatively small. It can be ingested
autonomous WBAN, it takes decisions on its own. Unless, in normal sit- easily inside the patient’s body. These ingestible sensors are usually dis-
uations, it sends the data to a trusted patient and medical practitioner. posable and monitor the pharmaceutical medicines that are injected into
After some time, if the medical practitioner is busy during emergency the body. It also checks the heart rate and blood pressure. Imaging cap-
situations, the intelligent WBAN itself takes decisions and sends them to sules are a type of ingestible sensor that is ingested inside the gastroin-
patients. testinal tract for capturing real-time images and videos of the gastroin-
testinal tract, bowel system, intestines, etc. Imaging capsules are the
WBAN vs other area networks alternative to endoscopy.
Injectable sensors: It can be injected via syringe. This type of sensor
Based on their geographical coverage, wireless networks are clas- is very small in size, i.e., at nanolevels. The thickness of the sensor is
sified into different types and used according to specific applications. equivalent to the thickness of human hair. Lumee oxygen is a type of
When compared to Wireless Personal Area Networks (WPAN), WBAN injectable sensor that is used to predict the oxygen levels inside the
connects a device within less than 2 m. Though WPAN covers an area tissues of the patient’s body. The potential of hydrogen (PH) sensors
larger than WBAN, i.e., less than 10 m2, it is not suitable for communica- monitors the growth of the tumor cells inside the patient body at an
tion between some applications. Similarly, wireless local area networks earlier stage and really paves the way for cancer treatments and anti-
(WLAN) cover an area of less than 100 m, and wireless metropolitan cancer precautions.
area networks (WMAN) cover an area of less than 5 km. Wireless Wide Body-surfaced or patched sensors: They are mended on the upper sur-
Area Networks (WWAN) work within an area of less than 15 km, and face of the patient’s body. These sensors can directly communicate with
satellite communications take place in this region. Due to the coverage other devices. High sugar levels in the blood can be predicted with the
of a larger number of areas, these wireless networks will have high data help of patched sensors.
loss and not provide accurate results to medical practitioners. Moreover, Proximity-based sensors: proximity-based sensors are placed near
these wireless networks do not focus on the inside and outside commu- portable smart devices. It collects real-time data from the organs that
nications of the patient body. Therefore, compared to other wireless are affected inside the patient’s body or on the surface of the patient’s
networks with different standards, WBAN is beneficial to medical ap- body. The data collected by the proximity-based sensors is displayed on
plications and gives accurate results to medical practitioners. Further, smart devices such as smart watches, smart phones, etc.
due to coverage over smaller distances than other wireless networks, the
data accuracy is high in WBAN, and the delivery of data is much faster Security in WBAN
in WBAN. The network communication range between the WBAN and
other area networks is described in Fig. 4. The medical data generated by the sensor nodes that are placed in
the patient’s body and the prescription written by the medical practi-
Traffic and sensor classification in WBAN tioner should be in an anonymous state. If the system consists of a weak
mechanism, the data can be easily hacked by attackers. So, security pa-
WBAN traffic and sensors used in WBAN are classified into different rameters such as integrity, authentication, confidentiality, and privacy
types based on various criteria. In this section, some common classifica- must be achieved while designing WBAN [21,22].
tions of WBANs are discussed.

Security requirements for WBAN
WBAN traffic classifications
The security requirements for WBAN are mentioned below, and some
The WBAN traffic is classified into different types, namely, on- of the security requirements are given in Fig. 7.
demand traffic, emergency traffic, and normal traffic. Fig. 5 shows the Data originality: Healthcare and non-healthcare applications need
WBAN traffic classifications. There are two types of on-demand traffic, verification and authorization certificate validation. Authentication
namely, continuous and discontinuous on-demand traffic. Continuous should be used for both the medical practitioner and patient in
on-demand traffic takes place during surgical moments. Discontinuous order to analyze whether the data transmitted by them are identical
on-demand traffic takes place whenever there is a need for the exchang- and authenticated.
ing of data between a medical practitioner and patient. Emergency Data confidentiality: The data transmitted between the medical prac-
traffic cannot be created at regular intervals, and it is used for emergency titioner and patient should be confidential. To achieve this, data commu-
situations only. Unlike other traffic, emergency traffic is unpredictable. nicated between the two parties should be encrypted in order to prevent
Normal traffic happens when the data is transferred during normal con- eavesdropping attacks.
ditions. Critical and emergency events are not included in normal traf- Data integrity: Integrity between the medical practitioner and patient
fic. Normal traffic may also occur in normal health care monitoring of must be ensured for secure communication. There may be a possibility
a patient and self-care activities. that attackers can hack the data and alter the information that is trans-
mitted to the receiver network. This may lead to false assumptions about
Sensor classification the patient and result in a decrease or a serious impact on the patient’s
health condition. So, integrity must be preserved.
In WBAN, every sensor node can communicate independently with- Data availability: The trusted authority should ensure the data is
out depending on any other devices. These sensors are classified into available on time for instant communication between the medical prac-
five types, and they are represented in Fig. 6. titioner and the patient. When an attacker tries to retrieve data from the
They are implantable sensors, ingestible sensors, injectable sensors, sensor nodes or between the networks, access should be denied. Data ac-
body-surfaced or patched sensors, and proximity-based sensors. cessibility should be maintained between the authenticated user and the
The sensors are analysed as follows: receiver.

5
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 4. Comparison of WBAN with other area net-
works.

Fig. 5. WBAN traffic classifications.

Data authentication: In data authentication, the trusted authority are able to access the files and report their availability on the server.
should authenticate and identify the doctor and patient. Data au- Certainly, authorization should be paired with authentication, and it is
thentication supports integrity between the user and the data, and meant for the trusted authority to seek out who is requesting and ac-
non-repudiation authenticates and verifies the integrity and source cessing the data. Authentication is checked by issuing asymmetric keys
of the data. Methods such as symmetric authentication, hashing, and and creating passwords.
secure hash algorithm (SHA) algorithms are used for data authenti Data freshness: Data freshness is said to be keeping the data records of
cation. the patient up-to-date. Data freshness regulates and maintains the qual-
Data authorization: The attacker may endeavor to access the resource ity of the data. Patient data and medical practitioner suggestions for the
that is available in WBAN and may release the data to several unautho- patient should be maintained regularly in order to avoid miscommuni-
rized sites. In order to prevent this, the trusted authority should autho- cation. The data refresh can be carried out by inserting a timestamp.
rize and give approval to medical practitioners and patients so that they Including timestamps can avoid replay attacks.

6
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 6. Types of WBAN sensors.

Fig. 7. Security requirements.

Accountability: Accountability refers to the fact that the health activities inside the network. The main goal of this attack is to disrupt
records of a patient should be maintained and recorded periodically. The or exploit the primary network connections in WBAN.
health record information of patients should be maintained securely. En- External attack: External attacks happen by the external attacker or
suring the safety of data is the primary goal for the medical practitioner any malicious software that is accidentally downloaded by the medical
assistant or the staff in the hospital allocated for accounting purposes. practitioner or patient. Some of the external attack components include
Accountability is used to achieve non-repudiation of the data and intru- phishing, spyware, adware, ransomware, worms, viruses, trap doors,
sion prevention. rootkits, Trojan horses, and scareware.
Flexibility: Just in case of any emergency or when a patient is in a Based on the nature of the attacks, the security attacks in WBAN are
critical stage, he or she cannot communicate with the medical practi- further classified into two categories: passive and active attacks.
tioner, and there should be a possibility that the patient’s information Passive attack: Passive attacks focus only on gathering the data that
must be transmitted to a caretaker or medical practitioner present in the is transmitted between the medical practitioner and the patient. Passive
hospital. During emergency times, when a patient is not able to contact attacks are very easy to stop but hard to detect. This type of attack is
the medical practitioner, the caretaker of the patient can be flexible to contrary to the confidentiality and privacy of the medical practitioner
give alert messages to the medical practitioner. and the patient.
Active attack: In this type of attack, the attacker not only observes
Security attacks on WBAN the data that is transmitted between the users but also hacks and steals
the information that is transferred between the medical practitioner and
There are several types of security attacks, as follows: patient. Active attacks that are completely converse to the passive at-
Internal attack: The internal attack happens when communication tacks i.e., it is very hard to stop this attack but very easy to detect. For
takes place by using in-body sensor nodes. The intruder introduces var- example, some of the active attacks include data alteration, route poi-
ious malicious nodes to the transmission routes of medical practitioners soning, DoS attacks, etc. Fig. 8 shows the security attacks involved in
and patients. In addition, internal attacks may happen due to accidental WBAN.

7
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 8. Security attacks of WBAN.

Attacks upon availability Eavesdropping attack: Eavesdropping attack is completely op-
posed to the term confidentiality and comes under passive attack. By
Availability refers to the instant and reliable presence of the device making this type of attack, the attacker listens to the entire data sent
when it is needed. The availability of the device can be accessed only by silently between the medical practitioner and patient. The eavesdrop-
authorized persons. Unauthorized persons cannot access the network. ping attack is also known as a snooping attack.
Denial of service: A denial-of-service (DoS) attack is performed Traffic analysis attack: A traffic analysis attack is a passive at-
to stop the function of a network and disturb the data sent by the server. tack. A traffic analysis attack involves when an abundant attacker tracks
In WBAN, a DoS attack can hack all of the data that a doctor sends to and listens to the bulk of data that is carried out between the medical
the patient, preventing the user from accessing the data in the network practitioner and patient. In a traffic analysis attack, the attacker does not
channel. hack the data transmitted between the medical practitioner and patient,
Jamming attack: When an attacker transfers the interrupting signals but the attackers only analyze the medical data.
into the wireless medium purposefully, it is considered a jamming attack Man in the middle attack: The man in the middle attack com-. Therefore, it decreases the quality of the signal that is received in prises the presence of an attacker in between the medical practitioner
the receiver channel, thereby cutting off communication between the and patient without any knowledge of the entity. In this case, the at-
medical practitioner and the patient. tacker presents a message between the medical practitioner and patient,
Blackhole attack: A blackhole attack takes place when a large seizes it, changes it accordingly, and hands over the message between
number of patient systems are connected to the medical server. In a the entities in the network. As a result, the medical practitioner and
blackhole attack, patient data present in a particular system gets hacked patient believe that they communicate with each other in private.
and the data packets dropped without the knowledge of the patient. Collision attack: Two or more nodes that transmit the data at the same
Moreover, the medical data will not be reached by medical practitioners instant can exhibit collisions. It may affect the performance and
for further treatment. exhaust the energy of the sensor nodes. Here, the attacker intentionally
tries to create a collision.
Interrogation attack: In this type of attack , the attacker tries to
Attacks upon confidentiality attack the request to send (RTS) and clear to send (CTS) techniques. This
technique is present in the MAC layer and usually goes along with the
Confidentiality is about protecting the information that is available Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) proto-
in the system so that it cannot be accessed by unauthorized individuals col. In order to obtain CTS reactions from the body’s sensor nodes, the
or an unauthorized organization. attacker transmits the RTS commands.

8
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Selective forwarding attack: In a selective forwarding attack , the Spoofing attack: A spoofing attack characterizes that the attacker
node that drops a selective number of packets or forwards a certain acts as an adversary and gets access to the system. Finally, in WBAN,
amount of the data to a particular terminal communication takes place between the medical practitioner and pa-
Exhaustion attack: In an exhaustion attack , the attackers try to tient.
capture the sender or receiver information. In addition, it also drains Injection attack: In an injection attack , the attacker not only
the battery of the sensor nodes. hacks the data and delays sending it to the receiver; besides, it injects
Sink-hole attack: In a sink hole attack , the intruder performs the new data and modifies the data that is transmitted between the users.
attacks or malicious activity at the nearby nodes, thereby collecting all This type of attack is similar to the man-of-the-middle attack.
the information about routing and traffic that is present in the network.
Attacks upon non-repudiation
Attacks upon authentication
Non-repudiation refers to the message transmitted by the medical
In the authentication process, the trusted authority authenticates the practitioner and the patient that cannot be denied. Additionally, the au-
person who is communicating over the network. Some of the attacks thenticity of medical practitioners and patients cannot be denied. Non-
based on authentication are as follows: repudiation can be ensured by encryption techniques and digital signa-
Sybil attack: In a Sybil attack , the attacker may act and create tures.
various fake identities at a time in the network. The attacker may pre- Repudiation attack: In a repudiation attack , the attacker may act
tend to act as a medical practitioner and send a large amount of data to as a medical practitioner or patient and make a denial of information
the patient, and vice versa. As a result, the Sybil attack is very tough to exchange between the medical practitioner and patient.
identify.
Wormhole attack: In a wormhole attack , the data transmitted Other attacks in WBAN
between the medical practitioner and patient will be hacked through a
tunnel. Wormhole attacks can combine with sinkhole attacks. Some other attacks related to WBAN are mentioned as follows:
Tunneling attack: Tunneling attacks are similar to wormhole attacks. Hello flood attack: The attackers aim to exhaust or exploit the battery
In this type of attack, attackers create a path known as a backdoor or of the sensor nodes. Thereby, the attacker spread a flood of hello mes-
tunnel between the medical practitioner and the patient’s personal de- sages and sent them as data packets into the communication network
vice. Due to tunnel creation, the attacker can trap all the data linked channel of WBAN.
between the medical practitioner and patient. In a tunneling attack, the Misdirection attack: The attacker attacks the data packets of the ad-
attacker can access and change the commands in the patient system jacent sensor node and dormants it so that it is not able to send the
and the architecture of the whole network path in between the medical available data packets to the distance sensor nodes. The main goal
practitioner and patient. of the attacker is to delay the process of data reaching the receiver side,
Impersonation attack: In an impersonation attack , an attacker i.e., the patient.
will act as a medical practitioner or a patient in WBAN. As a result, the Flooding attack: Attackers may create and make numerous network
attacker can steal data from the data packets available on the network. link requests in communication between the medical practitioner and
Key Duplication: In this type of cyberattack, the attacker will generate the patient. Therefore, the attacker does the attack purposely to
a number of replication keys for the patient or the medical practitioner. create a crowd of resources, thereby reaching the required maximum
The trusted authority finds it very difficult to analyze an authenticated limit of the system.
medical practitioner or contrarily. The main goal of the attacker is to Resource exhaustion attack: The resource exhaustion attack con-
confuse the trusted authority who handles the keys of the users. tains many collisions and creates repeated amounts of retransmitted
Data tampering: Data tampering involves modifying the data data inside the nodes fitted into the body. The malevolent node sends
that gets communicated between the medical practitioner and the pa- the data without any interruptions.
tient. Data tampering in WBANs can occur through various means, in- Node replication attack: In this type of attack , the attacker acts or
cluding the interception of data, modification of data in transit, and poses as a medical practitioner, and he or she compels the patient to fit a
injection of false data into the network. The consequences of data tam- large number of sensor nodes inside or outside the body. In comparison
pering can be severe, particularly in medical applications where the data to the Sybil attack, the attacker in the node replication attack requires
is used to diagnose and treat patients. a large number of sensor nodes. This may lead to inconvenience for the
patient.
Attacks upon integrity Network looping attack: In a network looping attack, the attacker tries
to reframe the routing of the network. As a result, the affected node
Integrity ensures that the data exchange that happens inside the transmits various bogus messages in the communicating networks in
WBAN should not be altered or changed by an unauthorized entity. In- WBAN. Moreover, the sink node present in the patient body collects all
tegrity protects the data from being modified or misused by the redun- the data, including the bogus data, and transmits it to the channel in the
dant individual. Moreover, it ensures the transmission of original data network.
to medical practitioners. Overwhelm attack: The attacker simulates or overwhelms the sensor
Replay attack: In a replay attack , the attacker hacks the commu- nodes and creates a very large quantity of traffic in the communication
nication network of WBAN, i.e., the attacker attacks the medical server network between the medical practitioner and the patient. The other is-
of the medical practitioner, accesses the data of the medical practitioner, sues in overwhelm include increased power consumption over the ma-
and sends the modified data packets afterwards to the receiver. licious sensor nodes and exhibiting fake sensor identity information.
Masquerading attack: In a masquerading attack , the attacker gets
admitted into WBAN by stealing the essential credentials of medical Security techniques in WBAN
practitioners and producing fake data. Then, the forged data will be
sent to the receiver, i.e., the patient. Mechanisms to distinguish and prohibit security attacks are de-
Message modification attack: Message modification attack defines scribed using several techniques. Some of the techniques are discussed
that the attacker modifies the message sent by the medical practitioner below:
to the patient on the receiving side. This attack may create unauthorized Cryptography: Cryptography involves providing secure data transmis-
issues in the wireless communication system. sion, and therefore it provides an assured technique for better commu-

9
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

nication among wireless systems. Cryptographic algorithms secure the the medical practitioner and patient. In order to prevent this, hashing
privacy of the data from several security threats. Powerful encryption of the password is done. Certificate based authentication: In certificate-
techniques and algorithms should be used to encrypt patient data, i.e., based authentication , a patient sends a certificate that consists of a
converting plain text into cipher text, in accordance with the use of sev- public key and data to a medical practitioner. The medical practitioner
eral techniques to decrypt the data at the medical practitioner’s side. The encrypts a nonce with the help of the patient’s public key and sends
goals of cryptography are confidentiality, integrity, non-repudiation, it to the patient. Then the patient decrypts the nonce with its private
and authentication. key.
Key management: Key management is very important in the security Two-way authentication or mutual authentication: In two-way or mu-
mechanism of WBAN. It involves the encryption and decryption of data tual authentication , the medical practitioner at the sender side
using symmetric and asymmetric keys. If an attacker attacks and in- gives a timestamp, such as a nonce or one-time password (OTP), along
vades the keys, the whole network system will collapse and get attacked. with the healthcare data to the receiver end. The patient on the receiver
To prevent this, a reliable key management algorithm should be imple- end verifies the identity of the medical practitioner, checks the times-
mented for secure transmission of messages via keys. Some of the key tamp, and accepts the data. Similarly, the patient sends the data with his
management techniques are adopting key distribution centers, symmet- or her timestamp to the medical practitioner. The medical practitioner
ric key agreement protocols, authentication protocols, and certificate verifies the patient, checks the validity of the timestamps that are gener-
authorities. ated by the patient, and finally accepts the patient’s data. Further, if the
Secure routing: Routing is the process of choosing a suitable session key is identical, authenticated communication takes place be-
network path between the medical practitioner and patient. Some of tween the medical practitioner and patient. Mutual authentication is di-
the routing protocols are: routing information protocol (RIP), interior vided into shared secret-based authentication and asymmetric-based au-
gateway routing protocol (IGRP), and open shortest path first (OSPF). thentication. Shared secret based Mutual authentication: In shared mutual-
Routers are used to route several traffic that takes place between the based authentication , the symmetric key encryption technique is
network channels of WBAN. Routers forward various data packets to used. During the initial setup, the medical practitioner and patient agree
their respective (Internet Protocol) IP addresses and connect different upon a shared secret, such as a password or a cryptographic key. This
configurations of devices with the same type of internet connectivity. can be done through a trusted administrator or a secure communication
Trust management: The medical practitioner and the patient should channel. When the patient wants to establish a connection with the med-
initially register with trusted management to become trustworthy. ical practitioner, the patient’s device sends an authentication request
Later, trusted management should verify and authenticate the real users, that includes the patient’s identity information. Upon receiving the au-
such as medical practitioners and patients. Trusted management allows thentication request, the medical practitioner’s device responds with a
the users to participate in the communication network only after show- challenge, which is a randomly generated value or a cryptographic puz-
ing them the necessary credentials. zle. The patient’s device uses the shared secret and the challenge to
Block chain technology: Block chain technology [51,52] is described compute a response value. This calculation involves applying a crypto-
as a decentralized system that gives inherent secure data in assigned graphic function to the shared secret and the challenge. The patient’s
registers and records the transmission of data under various computers. device sends the computed response back to the medical practitioner’s
Blockchain is mainly used for healthcare applications. It terminates even device. The medical practitioner’s device independently calculates the
if a single failure happens in a network. It has many built-in functions expected response value using its copy of the shared secret and the re-
that provide data protection, integrity, and privacy. ceived challenge. It then compares the expected response with the re-
ceived response. If the received response matches the expected response,
Data authentication in WBAN the medical practitioner’s device verifies the authenticity of the patient’s
device and grants access to the medical practitioner. This confirms that
Authentication is the process of verifying the identity of the patient the patient is communicating with the correct medical practitioner. If
and the medical practitioner by a trusted authority. In their initial state, the responses do not match, authentication fails, and access is denied.
the medical practitioner and patient should register their authenticated Thus, secure mutual authentication takes place.
credentials with the trusted authority. During verification, the trusted Asymmetric based mutual authentication: In asymmetric-based mutual
authority re-checks and validates that the given credentials are matched authentication , each participant, the patient, and the medical prac-
with the credentials that are stored in the database of the trusted author- titioner generate a pair of cryptographic keys, namely a public key and
ity. Authentication gives assurance of the confidentiality and integrity a private key. The owner securely stores the private key while making
of the data that gets transferred between the medical practitioner and the public key available to everyone. The patient and the medical prac-
the patient. titioner obtain digital certificates from a trusted Certificate Authority
(CA). These certificates digitally sign themselves by the CA to guar-
Types of authentications antee their authenticity and bind their public keys to their respective
identities. The patient initiates the authentication process by sending
Authentication is divided into two types: one-way authentication and an authentication request to the medical practitioner. The request typ-
mutual authentication. Fig. 9 shows an overview of the authentication ically includes the patient’s identity and may be encrypted using the
types. medical practitioner’s public key. Upon receiving the request, the med-
One way authentication: In one-way communication, the data gets ical practitioner uses the patient’s public key to verify the authenticity
transmitted at a single time along with a timestamp between the med- of the patient’s identity information. This step ensures that the request
ical practitioner and patient. The data cannot be replayed in one- is indeed from the claimed patient. The medical practitioner generates a
way authentication. Moreover, the patient has no knowledge regarding challenge, i.e., a random value or a cryptographic puzzle, and encrypts
the status of the medical data received by the medical practitioner. One- it using the patient’s public key. The encrypted challenge is then sent to
way authentication is divided into two types: password-based one-way the patient. The patient uses their private key to decrypt the challenge
authentication and certificate-based one-way authentication. Password received from the medical practitioner. They then calculate a response
based one-way authentication: In password-based one-way authentication value based on the challenge. The patient encrypts the response value
, the user, such as a medical practitioner or patient, sends their lo- using the medical practitioner’s public key and sends it back. The med-
gin ID and password to a trusted authority. The trusted authority ver- ical practitioner decrypts the received response using their private key.
ifies the credentials that match the data stored in its database. In this If the decrypted response matches the expected value, the patient’s au-
case, there may be a possibility for a hacker to get the passwords of thenticity is confirmed, and mutual authentication is achieved.

10
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 9. Types of authentications.

Fig. 10. Authentication schemes in WBAN.

Authentication schemes in WBAN the medical practitioner and patient. It also uses the behavioral features
of a person, such as keystrokes and signatures. The biometric authen-
Due to the sensitive nature of the data that is transmitted over tication determines the authorized features of the patient and medical
WBANs, it is important to ensure that these networks are secure. One practitioner and further classifies if the features match the features that
way to achieve security in WBANs is to use authentication schemes. Au- are available in the database. Only then does it access the medical practi-
thentication schemes allow WBANs to verify the identity of devices and tioner and patient in the network. If the medical practitioner and patient
users and to prevent unauthorized access to data. The best authentica- features do not match, the authentication scheme rejects the user. The
tion scheme for the WBAN will depend on several factors, including the main goal of this authentication scheme is to provide stronger authen-
sensitivity of the data that is being transmitted, the cost of implementa- tication with biometric features for medical practitioners and patients.
tion, and the security requirements of the organization. Authentication Several advantages can be included in biometric authentication, as fol-
schemes can help protect WBANs from different security threats. By ver- lows: It is very hard to implement an attack, forgery of the system is very
ifying the identities of devices and users, authentication schemes can tough, and further biometric based authentication schemes can improve
help prevent unauthorized access to data and services. There are three the security of the network. Moreover, the factors such as accuracy, flex-
types of authentication schemes discussed in this article, and they are ibility and scalability are higher in biometric based authentication than
shown in Fig. 10. any other system. The accuracy of the biometric authentication scheme
Biometric based authentication scheme: In a biometric-based authenti- is determined as False Rejection Ratio (FRR), False Acceptance Ratio
cation scheme [59,60], the medical practitioner and patient should reg- (FAR). In FRR, the entity will be original, but the system will not accept
ister their physiological or biological features to identify the originality the user and it tends to reject it. For example, if the biometric identity
of the person who is present in the network. The main characteristics of a of a medical practitioner and patient is incorrect, then the trusted au-
biometric authentication scheme are the fingerprint, retina, and voice of thority rejects the user. This may lead to FRR in the network channel.

11
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

In FAR, the entity will not be the same, but the trusted authority will al- Information Processing Standard (FIPS) 180-1, and the internet stan-
low the entity into the network channel. For example, if the patient has dard is said to be RFC 3174. FIPS 180-1 is also known as the Secure
an identical twin, the trusted authority may allow the network channel, Hash Standard (SHS). SHA algorithms produce 160 bits of hash values.
which may create a FAR. In the SHA 512 algorithm, the message digest value is 512 bits. The
Blockchain based authentication scheme: The blockchain-based au- SHA algorithm has a message size of less than SHA 512 has a block size
thentication scheme is the most commonly used authentication of 1024 and a word size of 32. The number of steps involved is 80. In
scheme after the biometric-based authentication scheme. In blockchain the SHA 512 architecture, the padding of the patient data will be 128
technology, the patient and medical practitioner can verify their own bits, less than a multiple of 1024 bits. It consists of 8 buffers for initial-
identity without a third party. There are several types of blockchain net- ization. Later, the processing of patient data takes place in 80 steps. At
works available, such as private blockchain networks, public blockchain last, the output in the buffer will be generated in terms of a hash code of
networks, and federated blockchain networks. In addition, public 512 bits. The hash code is then transmitted to the medical practitioner.
blockchain is used to validate the security among the users present in the A medical practitioner compares his decrypted hash code with the pa-
network. Blockchain authentication mainly follows decentralized tech- tient hash code. If the value of the hash code is not changed, the data is
niques. In the blockchain authentication scheme, the users will be iden- authenticated and not attacked by the attacker.
tified by a private key, and signatures will be provided. If the network
needs a third party, it can also be incorporated into the blockchain au- Authentication protocols involved in WBAN
thentication scheme. The main goal of blockchain-based authentication
is to establish data integrity among medical practitioners and patients in Authentication protocols are a set of rules to get authenticated access
the network. Similar to biometric authentication schemes, blockchain- to the medical practitioner and patient. Some of the important authenti-
based authentication schemes are very difficult to hack. If any malicious cation protocols are: lightweight directory access protocol (LDAP), Ker-
activity tends to happen in the blockchain-based authentication scheme, beros, security assertion markup language (SAML), remote authentica-
the activity can be spotted immediately and terminated. It is one of the tion dial-in user service (RADIUS), and Challenge Handshake Authenti-
most powerful and strongest authentication schemes. cation Protocol (CHAP). The different types of authentication protocols
Cryptographic authentication schemes: Some of the cryptographic- are shown in Fig. 11.
based authentication schemes include the Message Authentication LDAP Protocol: LDAP acts as the main platform for Microsoft to build
Code (MAC), Message Digest (MD5), and Secure Hash Algorithm (SHA). active directories. This type of protocol is used to identify the login
In cryptography, hash function-based schemes are mainly used to pro- credentials of medical practitioners and patients that are present across
vide authentication among the entities in the network. In hash function- the internet. LDAP is mainly used in the development of cloud directo-
based authentication schemes, the input length gets padded in order ries. Moreover, it connects the medical practitioner and patient on the
to give a fixed-length output. Using hash-based authentication schemes network to the cloud server. When a medical practitioner or patient de-
gives productive computations. mands a certain task known as administrative data or login credentials,
Message Authentication Code (MAC): MAC is mainly used for pro- LDAP accepts the request and conveys it to the directory services. Then,
viding authentication for data that gets transmitted between the medi- the directory services give responses to the entities that are available
cal practitioner and patient in the WBAN. MAC uses symmetric keys for in the network. Moreover, a trusted person can access the medical files
data encryption. In MAC, patient data gets combined with his symmet- available on the cloud server with the help of LDAP.
ric key and produces MAC. The patient data is appended with a MAC, Kerberos: Kerberos acts as an important authentication protocol.
encrypted to form cipher data, and sent to the medical practitioner. The Kerberos mainly uses secret keys for communication between the users,
medical practitioner then decrypts the cipher data with his symmetric such as medical practitioners and patients. Kerberos was first discovered
key. Later, compare the decrypted MAC and the patient MAC. If the two by the Massachusetts Institute of Technology (MIT). There are many
MACs are equal, then the data is authenticated. If the two MACs are steps involved in the authentication process of Kerberos, and they are
not equal, then the data is not authenticated. Several types of MACs are discussed in this section.
available, including nested MAC, hash MAC (HMAC), and cipher-based Components: The WBAN setup would involve the patient’s wearable
MAC (CMAC). devices, such as sensors or monitoring devices, and the medical practi-
MD5 Algorithm: The MD5 algorithm was designed by Ronald tioner’s workstation or device.
Rivest. MD5 is the latest in the series of MD2 and MD4, and it is a widely Key Distribution Centre (KDC): A central authority, acting as the KDC,
used hash function in order to produce 128 bits of hash value. The MD5 would be responsible for issuing and managing authentication creden-
algorithm has been specified under Internet Standard Request for Com- tials within the WBAN. The KDC would store the authentication infor-
ments (RFC) 1321. In the MD5 algorithm, the patient generates a mes- mation, such as usernames, passwords, and cryptographic keys.
sage digest. After creating the message digest, the patient appends the Authentication process:
message digest and his medical data. The patient sends the appended Initial authentication: When the patient wishes to establish commu-
data to the medical practitioner. A medical practitioner again gener- nication with the medical practitioner, the authentication process will
ates messages to digest. Then, he compares his message digest and the be initiated. The patient’s wearable device will send an authentication
patient message digest. If both message digests are equal, no modifica- request to the KDC.
tions are performed. If an attacker changes or modifies the data, then the Authentication ticket: The KDC verifies the patient’s credentials and
message digest will not be equal and the data will not be authenticated. issues an authentication ticket. This ticket contains encrypted data that
In the architecture of the MD5 algorithm, the patient data gets padded the medical professional’s device can use to verify the patient’s identity.
into a length of 64 bits, which is less than the multiples of 512 bits. Ticket forwarding: The patient’s device sends the authentication ticket
The MD algorithm contains four buffers for the initialization of patient to the medical practitioner’s device.
data. MD5 consists of 4 rounds of 16-bit operations along with adding Session key establishment: Upon receiving the authentication ticket,
the output buffer value to the given input value in order to form a new the medical practitioner’s device contacts the KDC to verify its authen-
buffer value. After 16 rounds, the final buffer hash value is a 128-bit ticity. If the ticket is valid, the KDC generates a session key, encrypts it
message digested and transmitted to the medical practitioner. using the medical practitioner’s key, and sends it to their device.
SHA 512 Algorithm: SHA was originally designed by the Na- Secure communication: With the session key in hand, the patient’s
tional Institute of Science and Technology (NIST) and the National Se- device and the medical practitioner’s device can now communicate se-
curity Agency (NSA). Originally, it was developed in 1993 and revised curely within the WBAN. They can encrypt and decrypt their data us-
in 1995, later renamed SHA-1. The standard of this algorithm is Federal ing the session key, ensuring the confidentiality and integrity of the

12
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 11. Types of authentication protocol.

Fig. 12. Mechanism of Kerberos.

exchanged information. The mechanism of Kerberos is mentioned in Then, it authorizes the medical practitioner and patient to get access to
Fig. 12. the network. Later, after receiving the request from the entity that is
SAML Protocol: SAML is an open standard, Extensible Markup present in WBAN, RAS accounts for the request and provides a response
Language (XML), discovered by the OASIS security services commit- to the medical practitioner and patient.
tee, and it is a data format used to exchange authorized data and ex- CHAP Protocol: Here, the medical practitioner and patient give their
change authentication between the medical practitioner and patient in- user identity and password to the CHAP (Challenge-Handshake Authen-
side the network. SAML gives access to web applications and medical tication Protocol) server. CHAP server stores the login credentials
built-in apps such as the Google Fit app and the Healthifyme app. SAML and creates challenge messages. The challenge message is transferred
is divided into identity providers and service providers. The identity to the patient and the medical practitioner. Patients and medical prac-
provider checks the patient’s and the doctor’s identities in medical apps. titioners create challenge responses with passwords, transfer challenge
It converts the patient’s authenticated data into Extensible Markup Lan- messages, and respond to the CHAP server. The CHAP server also cre-
guage (XML) documents. After this process, the document will be signed ates a challenge response and compares it with an entity’s challenge
by the X.509 certificate and sent to the service provider. After the au- response. If the challenge response is equal, then the entities are al-
thentication process, the service provider provides software access to lowed inside the websites. The demonstration of the CHAP protocol is
medical practitioners and patients. With the help of SAML, medical prac- discussed in Fig. 13.
titioners and patients sign up for medical sites and apps at the initial
stage and need not login again. Both the medical practitioner and the
patient need not remember passwords. WBAN routing
RADIUS protocol: RADIUS follows the authentication, authorization,
and accounting mechanism, otherwise known as the Triple A mechanism Routing is the process of determining the best path for data to travel. RADIUS consists of a Remote Access Server (RAS), where RAS is from one node to another in a network. Routing protocols are an im-
said to be a gateway and controls the access of medical practitioners and portant part of WBANs. By addressing the challenges of WBAN routing,
patients. When the medical practitioner and patient give access requests routing protocols can help to ensure that WBANs can provide reliable
to RAS, it follows the triple A mechanism, in which it collects the private and efficient communication for medical applications. The best routing
identities and authenticates the persons who are available in WBAN. protocol for a WBAN will depend on a number of factors, including the

13
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 13. Description of CHAP protocol.

size of the network, the mobility of the nodes, and the quality of the tient includes normal data, emergency data, delayed responsive data,
links. and reliability-sensitive data. Every node in the WBAN should be in sync
with the genetic algorithm and the BAT algorithm’s Transmission Rate
Challenges involved in WBAN routing Adaption Policy (GABAT-TRAP) in order to maintain the quality of the
service’s latency and throughput. The GABAT-TRAP-TRAPrithm delivers
Lifespan of the network, body movements of an individual, radiation emergency data packets without any delay. Moreover, emergency data
and interference of the network, and distinct environmental factors are packets are given priority over normal data packets. This algorithm sat-
some of the obstacles involved in the routing of WBAN. Routing pro- isfies the QoS metrics in WBAN.
tocols should be designed to eradicate or minimize the obstacles men- Security and privacy of the users in WBAN: The main challenges of
tioned above. Due to the substantial size of the sensor nodes, there are WBAN are the security and privacy of the patient as well as the medi-
some limitations, such as exhausted energy and bandwidth, that may cal practitioner. Routing protocol used in networking is considered the
also create routing problems. Challenges faced by routing protocols are security of a system used by medical practitioners and patients. Med-
shown in Fig. 14. Along with these challenges, some of the routing pro- ical data of a patient is sensitive data, and if any attacker attacks the
tocols are discussed below in the next parts. medical data of a patient and tries to release it in unethical entries via
Network Partitioning: Due to the changing position of the patients who social networks, it may lead to privacy issues. Therefore, to maintain
are fixed with sensor nodes, this leads to network partitioning and causes the privacy of the patient and the security of the system from attack-
routing problems in WBAN. Many researchers have proposed many ers, several encryption techniques should be employed in WBAN. For
solutions for this issue, such as body-coupled communication (BCC) and increasing security in the routing process, phantom routing can extend
so on. In WBAN, sensor nodes transmit patient data through primary the anonymity of the users in WBAN.
and backup paths. If the primary path fails, the sensor nodes get heated Limited Resources: Several resources of WBAN, such as computing
up, which may cause injury to the tissue present in the body. BCC links efficiency, narrow bandwidth, and storage, are considered limited re-
are created between the primary path and the backup path. Moreover, sources. Researchers should be aware of these limited resources while
BCC links are attached to the sensor nodes, which are fitted to the body. designing the WBAN in the healthcare system.
When the sensor exhibits uneven fluctuations on the receiver side, then
the patient can sense the jerks in the body with respect to his surround- WBAN routing protocols
ings. Once the BCC link is established, the link will be accessible at any
time. When the primary path present in sensor nodes faces any difficul- WBAN requires specialized routing protocols to enable communica-
ties, the BCC link detects the issues and communicates with the backup tion between devices while preserving the limited power and compu-
path. The backup path alerts the sink node about a path breakdown. tational resources available in the network. Fig. 15 shows some of the
Energy efficiency: Energy saving is considered to be the main issue common WBAN routing protocols:
in WBAN. In WBAN, maintaining battery life is very tough. Battery re- Cluster based routing protocol: In the cluster-based routing protocol
placement in body nodes is not an easy task since the sensor nodes are , the sensor nodes are divided into a large number of clusters.
present underneath the body. A large amount of energy is consumed due Among the clusters of sensor nodes, one node will act as a cluster head.
to communication and coordinating the data between the sensor nodes The cluster head collects the data from its corresponding nodes that are
and the sink node. In order to solve this issue, a dynamic path is cre- present in the body and provides the medical data to the sink node.
ated for routing the data instead of using a static path. By this way, the There will be no interaction between the sensor nodes, and communica-
efficiency of the battery of sensor nodes present in WBAN is increased. tion will take place only through the cluster nodes. The different types
Quality of Service (QoS): In WBAN, QoS includes throughput, of routing protocols available in cluster-based routing protocols include
latency, data packet delivery, and drop ratios. But QoS is considered cluster-based body area protocol (CBBAP), hybrid indirect transmission
the major challenge in WBAN. Healthcare information about the pa- (HIT), and anybody protocol (ANP). Here, ANP is better when compared

14
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Fig. 14. Challenges faced by routing protocol.

Fig. 15. Routing protocols of WBAN.

to other protocols. Moreover, in this protocol, if the sensor node number work layer, to improve the overall performance of the routing process
increases, the clusters remain constant, which regulates the data traffic. in a WBAN. The cross-layer approach in WBAN routing protocols aims
In addition, in ANP, the installation cost is very low. to address the unique challenges and requirements of WBANs, such as
Cross layered routing protocol: A cross-layered routing protocol limited energy resources, high data reliability, low latency, and qual-
in a WBAN refers to a routing scheme that takes into account informa- ity of service (QoS) guarantees. By leveraging information from various
tion from multiple layers of the network protocol stack to make routing layers, a cross-layered routing protocol can optimize resource utiliza-
decisions. It involves the exchange of information and coordination be- tion, enhance network efficiency, and improve the overall performance
tween different layers, such as the physical layer, MAC layer, and net- of the WBAN.

15
A.S. Rajasekaran, L. Sowmiya, A. Maria et al. Cyber Security and Applications 2 (2024) 100047

Temperature aware routing protocol: Radio signals generated from They are classified as low-power listening (LPL), contention-based tech-
wireless technologies produce magnetic and electric fields that pro- niques, and time division multiple access (TDMA).
voke an increase in temperature, specifically in sensor nodes that are
implanted inside the body. This condition can damage the exist- LPL mechanism
ing tissues and organs due to sensor nodes placed over a large span of
time. The specific absorption rate (SAR) defines the rate of radio fre- Transferring data packets from the sensor nodes to the sink nodes in
quency (RF) absorbed by the body, and it is given below in Eq. (1). The WBAN consumes a large amount of power and energy. Meanwhile, to
temperature-aware protocol mainly targets decreasing the temperature reduce this, LPL is designed to minimize the power consumption in
in sensor nodes that are embedded inside the patient’s body. transmitting or delivering data packets. Here, the sensor nodes in WBAN
| | are usually in an idle state. For a short period of time, the sensor node
𝜎 |𝐸 2 | ( 𝑊 )
𝑆𝐴𝑅 = | | (1)
links will be in an awakened state, especially to examine the actions and
𝜌 𝐾𝑔 responses of the sensor nodes.
LPL follows a mechanism, and it is known as channel polling. In
𝜎 indicates electrical conductivity of tissues.
the channel polling technique, the sensor node links will be in an idle
𝐸 represents the induced electric field in body.
state, and if any data is generated by the sensor nodes, then the net-
𝜌 denotes the density of the tissues in the body.
work links connected to the sensor nodes receive and transmit the data
In temperature aware routing protocol, Least Total Route Tempera-
into the WBAN. Generally, LPL is performed to maintain synchroniza-
ture Protocol (LTRT) is one of the best performing protocols whereas,
tion within the sensor nodes. There are different types of MAC, such as
Temperature Aware Routing Algorithm (TARA) is the worst.
sensor medium access control (SMAC), timeout medium access control
Posture based routing protocol: Network partitioning in WBAN can
(TMAC), and Berkeley medium access control (BMAC). In this context,
happen because of the posture and body movements of the patient.
BMAC mainly utilizes the techniques of LPL.
Network partitioning will create disconnection of data links among the
Adaptive preamble sampling is done in order to reduce the ideal state
sensor nodes and may create issues in the routing process. Posture-based
of the sensor nodes during the transmission of data. The advantages of
routing protocols will cause a very low amount of delay when the data
LPL include efficient periodic sampling, and it can perform well in vari-
packets traverse from the sensor nodes to the sink nodes. Moreover, the
able and high-traffic networks. LPL’s primary drawback is that it is in-
on-body store and flood routing (OBSFR) protocols reduce the level of
effective when little traffic is introduced into the network. Therefore,
energy consumption and decrease data delays.
using LPL techniques is not the best solution for medical communica-
QoS aware routing protocol: The QoS-aware routing protocol
tions based on WBAN health systems.
is designed to prioritize and optimize routing decisions based on spe-
cific QoS requirements. The development of a QoS-aware protocol is
Contention based scheduled techniques
very complicated because different parameters should be needed for
determining QoS. The data-centric multi-objective QoS-aware protocol
Certainly, in contention-based scheduled techniques , data from
(DMQoS) is a widely used protocol. It reduces the delay in patient data.
the sensor nodes contends and slots the data into the network links
Further, the routing process of DMQoS is reliable in nature.
without any inbuilt functions. One of the examples of a contention-
based scheduled technique is CSMA/CA. CSMA/CA monitors the data
WBAN routing protocol’s future challenges and compa