WBAN security Layer basics as per IEEE 802.15.6 security specifications
This page on WBAN security layer describes IEEE 802.15.6 security layer basics.It covers 802.15.6 WBAN security structures and mention association-deassociation procedure.
The WBAN standard defines three levels of security based on security properties, protection levels and frame formats.
1. Unsecured communication level:Here data are transmitted in unsecured frames. There will not be any mechanisms for data authentication, integrity, confidentiality or privacy protection.
2. Authentication level:Here data frames are transmitted in secured authentication without any encryption. The level does not support confidentiality or privacy.
3. Authentication and Encryption: This level has highest level of security. Here data frames are transmitted with authentication as well as encryption.
During the association procedure mentioned below any one level is selected from the one mentioned above. A master key is activated for secured unicast communication. The master key is pre-shared or established using the unauthenticated association process. After this pairwise temporal key is created for one single session. For multicast secured communication, a group temporal key is shared among corresponding group using the unicast method. Figure-1 depicts process of activating Master Key and establishing Pairwise Temporal Key for the secured communication.
WBAN Security Association and disassociation Procedure
The private keys used in both association and disassociation procedures are independent and unique 256 bit integers.
The figure-2 shows 802.15.6 WBAN association procedure.
• The node initiates the process by sending a security association frame request to the Hub.
• The Hub responds either allowing to join or aborting the request.
• If the node receives response to abort then it stops the association procedure.
• If the node receives a joining response, preshared master key is activated and shared between the node and the Hub based on mutual agreement. This is used to generate a Pairwise Temporal Key(PTK).
The figure-3 depicts WBAN disassociation procedure. This can be initiated either by node or by hub. As shown sender sends security disassociation frame request and later deletes master key and corresponding PTK from the storage. When the receiver receives the request, it also deletes the key informations from its own storage.