Improving the Security of the IEEE 802.15.6 Standard for Medical BANs
This addresses security vulnerabilities in medical device communication, which is critical for patient safety, but is incremental as it builds on existing standards.
The work tackled the insufficient security specifications of the IEEE 802.15.6 standard for Medical Body Area Networks (MBANs) by providing a structured analysis and proposing comprehensive recommendations to enhance security.
A Medical Body Area Network (MBAN) is an ensemble of collaborating, potentially heterogeneous, medical devices located inside, on the surface of or around the human body with the objective of tackling one or multiple medical conditions of the MBAN host. These devices -- which are a special category of Wireless Body Area Networks (WBANs) -- collect, process and transfer medical data outside of the network, while in some cases they also administer medical treatment autonomously. Since communication is so pivotal to their operation, the newfangled IEEE 802.15.6 standard is aimed at the communication aspects of WBANs. It places a set of physical and communication constraints while it also includes association/disassociation protocols and security services that WBAN applications need to comply with. However, the security specifications put forward by the standard can be easily shown to be insufficient when considering realistic MBAN use cases and need further enhancements. The present work addresses these shortcomings by, first, providing a structured analysis of the IEEE 802.15.6 security features and, afterwards, proposing comprehensive and tangible recommendations on improving the standard's security.