Improving the Security of the IEEE 802.15.6 Standard for Medical BANs

TL;DR

This paper critically analyzes the security features of IEEE 802.15.6 for Medical Body Area Networks and proposes enhancements to address identified vulnerabilities, ensuring better protection for medical data and devices.

Contribution

It provides a structured analysis of IEEE 802.15.6 security and offers concrete recommendations to strengthen its security framework for medical applications.

Findings

Current security features are insufficient for realistic MBAN scenarios.

Structured analysis reveals specific vulnerabilities in the standard.

Proposed improvements enhance security robustness for medical BANs.

Abstract

A Medical Body Area Network (MBAN) is an ensemble of collaborating, potentially heterogeneous, medical devices located inside, on the surface of or around the human body with the objective of tackling one or multiple medical conditions of the MBAN host. These devices -- which are a special category of Wireless Body Area Networks (WBANs) -- collect, process and transfer medical data outside of the network, while in some cases they also administer medical treatment autonomously. Since communication is so pivotal to their operation, the newfangled IEEE 802.15.6 standard is aimed at the communication aspects of WBANs. It places a set of physical and communication constraints while it also includes association/disassociation protocols and security services that WBAN applications need to comply with. However, the security specifications put forward by the standard can be easily shown to be insufficient when considering realistic MBAN use cases and need further enhancements. The present work addresses these shortcomings by, first, providing a structured analysis of the IEEE 802.15.6 security features and, afterwards, proposing comprehensive and tangible recommendations on improving the standard's security.