A Novel Fuzzy Based Bio-Key Management scheme for Medical Data Security

1. Introduction

The rapid development of computer networks and telemedicine based applications has enabled effective real-time medical data transmission and reception. It has also led to quick and proper exchange of medical information in the digital form. Medical sensor networks offer economic solution to the present healthcare system, in which the status of the patient can be sent to physicians any time through interconnection of networks. Code Blue [1], Live Net [2], MobiHealth [3], Alarm-Net [4], Ubi-Mon [5] are some of the health care projects that can take care of patients in homes, hospitals, health centers, catastrophe sites and the open environment.

Medical sensor networks consist of a group of tiny and movable sensors that are capable of communicating with each other. Sensors can be wearable or implanted into the patient’s body to observe the parameters as ECG, EEG and blood pressure level. Diagnostic equipments embedded with imaging technologies, genetic analysis etc., are used for collecting realistic data from patients [6-8]. Conversely, there are numerous difficulties to be faced by medical sensor networks before its deployment in the real world. First the sensors have limited resources in terms of power consumption, memory and computational potential. Since the sensors are battery operated, power consumption and energy are the main factors to be considered. So, Medical sensor networks require manageable and secure communication to assure confidentiality, integrity, authentication and non-repudiation of real-time medical data.

Medical data security is mainly based on cryptography. Symmetric key cryptography and Asymmetric key cryptography are the two types of cryptosystems available to ensure data security. All symmetric key cryptography depends on common secret key shared between sender and receiver. AES, DES, Triple DES, IDEA, FEAL, RC5 are some of the very popular symmetric key cryptosystem available in the cryptography. The conventional cryptographic techniques provide confidentiality but fail to provide the other security aspects. These symmetric key cryptography methods require smaller key size, much faster computation and smaller memory requirements than asymmetric key cryptography techniques. These advantages can be used in medical sensor networks. Asymmetric key cryptography uses the Public key and Private Key for encryption and decryption. Some of the most popular asymmetric key cryptography techniques are RSA, El-Gamal, ECC, and many more. Public key cryptography assures all security aspects. Many algorithms have been developed by combining public key cryptography and secure hash functions that enable digital signatures, authentication and integrity. However these are not only slower but also requires large memory and computational power. Due to this reason, medical sensor networks cannot use this type of public key cryptography techniques.

In medical sensor networks, sensors mainly depend upon cryptographic keys to secure real-time medical data communication. Based on that fact, various number of key management techniques have been developed. But all those techniques cannot be applied directly in medical sensor networks due to the limitations of biomedical sensors. Therefore, designing an efficient key management scheme in medical sensor networks is a challengeable problem. Due to the need for more security in telemedicine based applications [9], we require an efficient cryptography scheme. The proposed Fuzzy based Bio-Key Management (FBKM) scheme, which would serve as a better and efficient cryptography solution for secured real-time medical data communication.

The rest of this paper is organized as follows. Section II outlines the related works, section III depicts system model and gives the detailed procedure of the proposed scheme. Section IV discusses the simulation results in detail. Finally, Section V concludes the paper.

 

2. Related Works

In Medical sensor networks, various types of medical sensors like ECG, Blood pressure, EMG, Glucose, Pulse oxymeter, inertial sensors, etc., can be connected to other medical sensors or to the control nodes. Interconnected sensors could interface with Internet to further carry medical information to the medical expertise or emergency services. Secured communication scheme is required to support secure communication in medical sensor networks as shown in Fig. 1.

Fig.1.Telemedicine scenario

In [10], the authors describe deployment knowledgebased random key pre-distribution scheme. This scheme is said to be efficient in reducing memory requirement of sensors in networks.

Fuzzy vault scheme [11] is error-tolerant and secret sharing scheme, which deals with unordered sets of different cardinalities. This scheme is based on polynomial reconstruction problem and well suitable for biometrics based applications [12].

In Physiological Signal based Key Agreement (PSKA) [13-16], inter-sensor communication within a BAN is enabled allowing neighboring nodes to agree to a symmetric cryptographic key. Though this scheme proves to be better, it causes additional overhead through chaff points introduced in key generation. In [17], the author presents ECG-IJS scheme to improve authentication of real-time messages. Here, both the sender and receiver are capable of sampling the ECG signal from the human body. A similar feature extraction algorithm is used at receiver to generate features from the sampled ECG signals.

This scheme exhibits error tolerance better than previous schemes and reduces the entropy loss to near optimal value. The performance of this ECG-IJS scheme can be further improved by implementing the best possible vault size and best different tolerance values. In this paper, a new scheme called Fuzzy based Bio-Key Management (FBKM) scheme is proposed to implement the key agreement procedure in more efficient manner in telemedicine, mobile applications [18] and Cloud based Internet of Things [19-21].

 

3. System Description

3.1 System design of Fuzzy Based Bio-Key Management (FBKM) scheme

A standard proposed FBKM design for the authentication procedure followed by sender is explained in Fig. 2(a). The figure shows how medical sensor network triggers alert to the hospital, even before the patient has severe problems like heart attack. Sensors are implanted in the human body to measure the change in temperature, pulse rate, blood pressure, respiratory rate etc.,. The parameter level is transmitted to physician working in the intensive care unit in hospital to take necessary steps to prevent a critical incident. Critical care units have multimodal monitors that concurrently measure and display the related fundamental parameters. In such scenario, this real-time medical data among sensor nodes must be well protected against attackers and security aspects must be ensured [20].

Fig. 2(a):FBKM scheme procedure followed by Sender

When the receiver gets the packet, decrypts the original message by using the key generated from ECG signal measured by the receiver. Receiver recalculates the new hash value using the same SHA-1 algorithm. Health care units without proper security arrangement for real-time medical data communication will lead to wrong diagnosis and treatment.

In the proposed scheme, both the sender and the receiver have the capability to sample the ECG signals from the human body. System model diagram that depicts the process involved at sender and receiver using FBKM scheme is shown in Fig. 2(a) and Fig. 2(b). Detailed architectural flow followed at sender and receiver is explained in Section III. B.

Fig. 2(b):FBKM scheme procedure followed by Receiver

3.2. Detailed Architecture of FBKM scheme

Objective of FBKM scheme is to protect the integrity and confidentiality of sensitive medical data among sensor nodes.

Procedure at Sender:

The procedure to be done by the sender is described as follows:

a) Feature extraction at sender: Feature extraction plays a vital role in protecting the confidentiality during communication. Features when carefully chosen are expected to perform desired task efficiently. In our proposed method, from the sample ECG signal, the ECG features are extracted. FBKM scheme uses frequency-domain analysis of ECG signals for generating the features. Process followed for extracting ECG features using sample ECG signal in FBKM is explained below:

Step 1: Get the analog ECG signal(ECGanalog_sig) from the human body using ECG sensor for fixed duration of 4 sec (reason for choosing 4 sec is to include one heart beat) as shown in Fig. 3.

Fig. 3.ECG signal captured using ECG sensor

Step 2: Resample the captured ECG signal, using the Nyquist theorem at the frequency of 120Hz to filter the noise. The filtered ECG signal ECGan_sig_org is processed through FFT in next stage.

Step 3: The ECG signal (ECGan_sig_org) is divided into 512 sample blocks {Ecb1, Ecgb2 … . Ecgb512} to detect the local peak limits within each block. Local peak limit from each block is stored in an array vector named ECGpeak = P0,P1, … Pn) where ‘n’ varies from 0 to 511.

Each of the peak limit can be used as a feature as shown in Fig. 4. Conduct 512 points FFT to the ECG sample blocks and retrieve first 10 FFT peak location index (Po, P8, P4, …, P14, P1) as the extracted feature set or coefficients subset sub set Coeffsubset = (C0, C1 … C9). The peak location index is a good candidate that can be used to differentiate measurements (collected by a sensor) of one patient from those of different patients. This extracted feature provides an efficient representation of ECG signals for the data authentication and secret key agreement.

Fig. 4.ECG sample blocks with peak limits

Step 4: Extract the first 10 coefficients of peak values from coefficient sub set Coeffsubset = (C0,C2 … C9) i.e peak values of the peak index (P0,P8,P4,…, P14,P1) and store it in set A={a0, a2, a3 … a9). Extracted feature set A is used to generate the polynomial (PA) where, PA = {p(a0), p(a1), p(a2) … .p(a9)} with degree D varying from 1 to 10. Project the locking key elements (i.e. Sender A’s features) on the polynomial and evaluate the polynomial ‘P’ on the elements of A and compute the Genuine set (GA) where,

GA = {(a0, p(a0)), (a1, p(a1)), (a2, p(a2)), …(a9, p(a9))}

b) Private key-1 generation using feature set:

Non overlapping 10 segments are created considering each pair of the constructed set say, {(a0, p(a0))}. Each segment is declared as a specific private key coefficient. The genuine set GA is finally passed through a scrambler which randomizes the list, with the aim of removing any stray information that can be used to fetch genuine points. This results in private key set KSA, where KSA = { k1, k2, k3, … kSM} here SM is 10. Along with the key set KSA , the polynomial of degree D a final private key ‘Ks_private’ is generated using feature set where ‘Ks_private’ denotes the sender’s private key-1.

c) Fuzzy vault locking:

Fuzzy vault scheme is an Artificial Intelligence technique well suitable for biometrics based applications. It is an error-tolerant and secret sharing scheme, which deals with unordered sets of different cardinalities. Fuzzy vault utilizes fuzzy logic that comprises of four components namely, fuzzification, fuzzy inference engine, fuzzy rule base and defuzzification as shown in Fig. 5.

Fig. 5Structure of Fuzzy Logic Model

The sensor at sender measures the ECG signals, heart beat rate, pulse rate, blood pressure, respiration rate and oxygen levels and sends the data to the receiver. In FBKM, for designing the fuzzy logic system three input variables i.e. blood pressure, heart rate, and blood sugar are considered. These inputs are called vital signs and use to predict the health status of person. After choosing the input variables the next step is to fuzzify the variables referred to as fuzzification. Fuzzification is the first step in the design of any fuzzy logic system. To fuzzify the variables, we have to determine the fuzzy sets for each input variable and the corresponding range for each fuzzy set. Formation of fuzzy set is through classification of vital sign with its corresponding triangular membership functions are referred in Table 1, Table 2 and Table 3. In this fuzzy system, there is one output variable i.e. the Risk Level (RL), which refers to the degree of illness of the patient. Larger the value of this output variable more will be the health risk of the patient.

Table 1.Classification of Blood pressure

Table 2.Classification of Heart rate

Table 3.Classification of Blood sugar

In FBKM, we have considered 4 fuzzy sets RLlow, RLmedium, RLnormal, RLhigh for the output variable Risk Level. The fuzzified values are processed by the inference engine, which consists of a rule base and various methods for inferring the rules. The rule base is the main part in the fuzzy inference system and the quality of results in a fuzzy system depends on the fuzzy rules. In FBKM, the number of rules are obtained using Nrule = I(1) * I(2) * I(3) * I(4) … I(n), where, Nrule is the total number of possible rules for a fuzzy system and I(n) is the number of linguistic terms for the input linguistic variable varying from 1 to n. We use logical combination of inputs with ‘and’ operator as all the inputs are dependent among each other. Sample fuzzy rules used in FBKM are referred below:

If (Blood pressure is low) and (Heart rate is low) and (Blood sugar is low) then (Risk_level is RLhigh)

If (Blood pressure is low) and (Heart rate is high) and (Blood sugar is low) then (Risk_level is RLmedium)

If (Blood pressure is normal) and (Heart rate is normal) and (Blood sugar is high) then (Risk_level is RLnormal)

If (Blood pressure is normal) and (Heart rate is high) and (Blood sugar is normal) then (Risk_level is RLnormal)

If (Blood pressure is high) and (Heart rate is normal) and (Blood sugar is normal) then (Risk_level is RLnormal)

If (Blood pressure is high) and (Heart rate is low) and (Blood sugar is high) then (Risk_level is RLhigh)

In our case, the logical combination for input values Blood Pressure = 120, Heart Rate = 75 and Blood Sugar = 95, original message or data (M) is to given the fuzzy inference engine to produce a crisp output (O1) risk level is RLnormal = 0.126 as shown in the below Table 4. Similar manner, five combinations of inputs are captured using the sensor to produce 5 crisp output (O1, O2, O3, O4, O5) using fuzzification. Crisp output is obtained by applying one of strategies called Centroid of Area.

Table 4.Fuzzification process produces crisp output using inputs

d) Private key-2 generation:

Extracted crisp output set Coutput = (O1, O2, O3, O4, O5) is used to generate the polynomial ‘Pcp’ with degree Dcp varying from 1 to 5.

Polynomial Construction:

Treating the elements of set Coutput = (O1, O2, O3, O4, O5) as distinct coordinate values, the polynomial is constructed, Pcp = { p(O1), p(O2), … p(O5)}. Project the locking key elements (i.e. Crisp output set values) on the polynomial and compute the Genuine private set GACP, GACP = {(O1, p(O1)), (O2, p(O2)),… (O5, p(O5))} Non overlapping 5 segments are created considering each pair of the constructed set say, (O1, p(O1))}. Each segment is declared as a specific private key coefficient. The genuine private set GACP is finally passed through a scrambler which randomizes the list, with the aim of removing any stray information that can be used to fetch genuine points. This results in private key set Kfuzzy, Along with the key set Kfuzzy, the polynomial of degree Dcp a final private vault key ‘Ks_vault’ is generated where ‘Ks_vault’ denotes the sender’s private key-2.

e) Encryption:

In our proposed FBKM, using the features extracted, the sender generates a private key-1 (Ks_private) .(Sender uses the private key-1 to encrypt the crisp output set ‘Coutput’ (secret data) to generate an encrypted message (Ecp_msg).

f) MAC generation using SHA-1:

Proposed FBKM scheme uses Secure Hash Algorithm 1 (SHA-1) for Message Authentication Code (MAC) generation. The same SHA-1 hash algorithm must be used by the receiver. The Vault Key (Ks_vault), the secret data (Coutput), original message (M) and ID of the sender (IDs) are processed using SHA-1 algorithm to generate the hash code (Hs_value) referred as MAC. i.e. Hs_value = MAC ( Ks_vault, Coutput, M, IDs). Then the sender sends the following ‘packet’ to the receiver:

{IDs, IDr, Coeffsubset, Ecp_msg, Ks_private, Ks_vault, Hs_value}

Fig. 6. shows a sample packet sent from sender to receiver.

Fig. 6.Packet sent from sender to receiver

where, IDs and IDr are the ID’s of the sender and receiver, Coeffsubset is the subset of coefficients generated using features extracted (feature set A), Ecp_msg is the encrypted message of the crisp output, Ks_private is the private key-1 of the sender, Ks_vault is the private key-2 of the sender and MAC or Hs_vault contains the vault key Ks_vault, crisp output set Coutput, original message (M) and sender ID (IDs).

Procedure at Receiver:

The receiver receives the packet from the sender and performs the following verification and validation to confirm user authenticity to retrieve the original data.

a) Feature extraction at receiver: The receivers have statistically similar ECG signals when two sensors measure the ECG from the same body. The procedure to be done by the receiver is described as follows:

Step 1: Get the ECG signal from the same human body using ECG sensor in order to extract features at the receiver.

Step 2: The receiver B follows the similar steps (Step2 and Step3) as like in Sender‘s procedure to extract the feature set i.e. the first 10 coefficient subset RCoeffsubset = (RC0, RC1 … RC9). Both the sender and the receiver use the same feature extraction algorithm to generate coefficient subset.

Step 3: Extract the first 10 coefficients of peak values from coefficient subset RCoeffsubset = (RC0, RC1 … RC9) i.e values of the peak index (P0, P8, P4, …, P1, P9) and store it in set B= {b0, b2, b3 … b9}. The Extracted feature set is used to re-construct the polynomial at receiver. Polynomial reconstruction is performed using the feature set B= {b0, b2, b3 … b9} following similar steps referred in sender procedure. Therefore, receiver B constructs the polynomial PB. where, PB = {p(b0), p(b1), p(b2) … p(b9)}. Evaluate the polynomial ‘PB’ on the elements of B and compute the Genuine set GB where,

GB = {(b0, p(b0)), (b1, p(b1)), (b2, p(b2)), (b9, p(b9))}

where bi denotes the ith element and ‘i’ varies from 0 to 9 of set B and p(bi) indicates the generated polynomial of ith element. Similar way, using the coefficients ( Coeffsubset) received from sender, receiver re-constructs the Evaluate the on the elements of A (using coefficients received from sender) and compute the Genuine set Where,

Genuine setGB is matched with the genuine set and search to meet most of the pairs.

b) Private Key-1 Generation at Receiver: Non overlapping 10 segments are created considering each pair of the constructed set say, {(b0, p(b0))}. Each segment is declared as a specific private key coefficient. The genuine set GB is finally passed through a scrambler which randomizes the list, with the aim of removing any stray information that can be used to fetch genuine points. This results in private key set KSB, where KSB = {k1, k2, k3, … KSM} here SM is 10. Along with the key set KSB, the polynomial of degree D a private key Kr_private is generated where Kr_private denotes the receiver’s private key-1. Receiver now verifies the private key-1 received from sender (Ks_private) with private key-1 generated at receiver (Kr_private),

if (Ks_private = = Kr_private ) then

“Authentication is successful”

else

“Authentication is rejected”

end

If both the private key-1 matches, then the user is said to be authenticated user and provided access to validate private key, otherwise the user is prevented further access to the system. Receiver performs Fuzzy vault unlocking mechanism only for users whose private key-1 verification is successful.

c) Fuzzy Vault Unlocking: Receiver decrypts the encrypted message Ecp_msg using the private key-1 (Kr_private) to generate the set of crisp output Cr_output = (Or1, Or2, Or3, Or4, Or5).

d) Private Key-2 generation: Extracted crisp output set Cr_output = (Or1, Or2, Or3, Or4, Or5) is used to generate the polynomial ‘Pr_cp’ with degree Dr_cp varying from 1 to 5.

Polynomial reconstruction: Treating the elements of set Cr_output = (Or1, Or2, Or3, Or4, Or5) as distinct coordinate values, the polynomial constructed is, Pr_cp = {p(Or1), p(Or2), … p(Or5)}. Project the locking key elements (i.e. Crisp output set values) on the polynomial and compute the Genuine private set (GBCP) where,

GBCP = {(Or1, p(Or1)), (Or2, p(Or2)), … (Or5, p(Or5))}

Non overlapping 5 segments are created considering each pair of the constructed set say, (Or1, p(Or1))}. Each segment is declared as a specific private key coefficient. The genuine private set GBCP is finally passed through a scrambler which randomizes the list, with the aim of removing any stray information that can be used to fetch genuine points. This results in private key set Krfuzzy, Along with the key set Krfuzzy, the polynomial of degree Dr_cp a final private vault key ‘Kr_vault’ is generated where ‘Kr_vault’ denotes the receiver’s private key-2. Receiver now verifies the private key-2 received from sender (Ks_vault) with private key-2 generated at receiver (Kr_vault),

if (Ks_vault = = Kr_vault) then

“Authorized user to perform decryption”

else

“Unauthorized user”

end

Once the private key verification is successful, the receiver using the Cr_output to perform defuzzification process to produce the original message ‘M’. i.e. each crisp output undergoes a defuzzification process. Defuzzification is the inverse process of fuzzification. The crisp output is given as input to the defuzzification process to generate set of outputs which is the original message ‘M’ (representing the set of input values passed through the fuzzification stages). The receiver now performs message authentication.

e) Message Authentication: Authentication often involves verifying the validity of at least one form of identification. The receiver uses the same authentication (SHA-1) algorithm as like the sender to recalculate the MAC.

if (MACreceiver = = MACsender) then

“Authentication succeeds”

“Received packet accepted”

else

“Authentication Fails”

“Received packet will be discarded”

end

Message authentication is important for many applications in sensor networks. An adversary can easily inject messages, so the receiver needs to make sure that the data used in any decision-making process originates from the correct source. When a message with a correct MAC arrives, the receiver knows that it must have been sent by the sender. If hash value calculated by the sender and receiver matches, then the data is said to be an authenticated data. Thereby, the vault unlock scheme successfully authenticates the sender. This, not only confirms the correctness of the unlocking process, but also authenticates the sender to the receiver confirming that the sender is on the same Body Area Network (BAN) like the receiver. In FBKM, using the above said procedure, parameters like False Acceptance Rate (FAR), Genuine Acceptance Rate (GAR) and False Rejection Rate (FRR) are calculated for the polynomial degree from 5 up to 10. Proposed FBKM scheme through Fuzzy vault scheme implementation proved to be more efficient and secure compared to ECG-IJS scheme in terms of reduced FRR, FAR and higher GAR (TPR) by adopting optimal tolerance limit to 2.

 

4. Simulation Results

This section validates the proposed Fuzzy based Bio-Key Management scheme. Experimental analysis was done using a self-written script in MATLAB. Security analysis and performance of the proposed FBKM scheme was analyzed using the following metrics:

Genuine Acceptance Rate (GAR): The percentage of times a system (correctly) verifies a true claim of identity.

False Acceptance Rate (FAR): The percentage of times a system produces a false accept, which occurs when a sender key is incorrectly matched to receiver key.

False Rejection Rate (FRR): The percentage of times the system produces a false reject. A false reject occurs when a sender key is not matched to receiver key.

In this process, twenty person’s ECG signals are downloaded from “MIT-BIH Arrhythmia” database. This database contains 48 half-hour excerpts of two-channel ambulatory ECG recordings. The recordings were digitized at 360 samples per second per channel with 11-bit resolution over a 10-mV range. ECG data was resampled at 120 Hz. Coefficients from the ECG data were obtained using FFT technique.

Fig. 7. shows the evaluation process done using MATLAB script to fetch the peak index values using the ECG signal. Then peak index values on the extracted coefficients are identified as features. The features present a resourceful representation about ECG signals for the data authentication and secret key agreement. Moreover, the peak index values are used to characterize and tolerate the differences on the same body, and they significantly differ on different bodies. Fig. displays sample ECG signal. We can observe that the resulting ECG signals contain little baseline wandering but keeps the main characteristics of the original ECG signals, we can also see that the wideband noises are suppressed while almost all the information of the ECG signal are maintained.

Fig. 7.Snapshot of Matlab script processing the output ECG signal

4.1. Receiver Operating Characteristic Curve (ROC):

Performance of FBKM scheme is evaluated by analyzing ROC against existing ECG-IJS scheme. ROC considers only the Genuine Acceptance Rate (GAR) or True Positive Rate (TPR) and False Acceptance Rate (FAR) or False Positive Rate (FPR) . The True positive in this case occurs when an authorized user’s key generation and key verification results in a success when the user do have the vault key and hash code. A false positive on the other hand occurs when an unauthorized user’s attempt for key generation and verification results in success when the user actually do not have the correct vault key and hash code.

The ROC curve referred in Fig. 8. proves that, the attempt made by authorized person’s success rate increases (True positive rate is higher) while the attempt made by unauthorized person’s success rate never occurs nor is very minimal.

Fig. 8.ROC curve comparison graph between FBKM Vs Existing scheme

The ROC curve in Fig. 8. proves that the performance of FBKM is better compared to existing ECG-IJS scheme due to the factor that in FBKM scheme a combination of fuzzy vault (private key) and MAC (Hash code) provides higher security ensuring confidentiality, integrity and authenticity at the receiver. i.e. without a similar feature set and crisp output, the attacker would not be able to regenerate the key. Fig. 9. below displays the glioblastoma cancerous cell image and sensor data sent from authorized sender to receiver. Sender executes the FBKM procedure converting a real image and valid sensor data to an encrypted format, which when received at the receiver is validated through key generation and verification. Once the key is validated and authentication is successful, decryption process is done to retrieve the original image and sensor data.

Fig. 9.FBKM process verification for Authenticated users

4.2 Detection Error Tradeoff (DET):

Error rates in FBKM scheme was derived through Detection Error Tradeoff (DET) graph plotting False Rejection Rate (FRR) against False Acceptance Rate (FAR).

This analysis is done to verify if the system could tolerate more different features between the sender and the receiver. Fig. 10. shows the DET curve for FBKM scheme.

Fig. 10.Detection Error Tradeoff Curve for FBKM scheme

The DET curve proves that, when the attempt made by authorized person’s failure rate increases (FAR), the attempt made by unauthorized person’s success rate decreases (FRR). The possibility of matching two feature sets that do not belong to the same person increase and thus the FAR increase. As we predict from the results at higher false acceptance rate the rejection rate is null. When the FAR is challenged continuously with respect to injection of False Rejection Rate, it gradiently decreases and becomes ineffective.

4.3 False acceptance rate:

False Acceptance Rate performance is illustrated in Fig. 11., when the polynomial degree ‘D’ changes with tolerance value set as 2. The False Acceptance in this case occurs when the system incorrectly verifies an unauthorized person. FAR is considered the most serious biometric security errors as it gives unauthorized users access to systems that expressly are trying to keep them out. Security level is assured with higher degree of polynomial ‘D’ varying between 5 and 10. When the polynomial degree is high at particular tolerance value, then maximum number of shared features must be recovered to find out the secret information. Thus, the probability of mismatching the feature sets decreases. Performance of FAR is illustrated comparing PSKA [13-16], ECG-IJS [17] scheme with the proposed FBKM. From the figure, it is understood that FAR decreases when polynomial degree D increases. This comparison results indicates the performance of proposed Fuzzy based bio-key management scheme is more efficient and secure than PSKA and ECG-IJS scheme. The fuzzy vault (private key) and MAC combination generated in the proposed FBKM scheme facilitates reducing the FAR.

Fig. 11.FAR versus Polynomial Degree ‘D’

4.4 False rejection rate:

The False Rejection in this case occurs when the security system will incorrectly reject an access attempt by an authorized user. False Rejection Rate performance is illustrated in Fig. 12., when the polynomial degree ‘D’ changes with tolerance value set as 2. It is understood that FRR increases when the polynomial degree ‘D’ increases. FRR is increased, due to the fact that, when more common elements of the feature are required to authenticate, the system may reject the two-feature sets when received from the same person. This comparison results indicate that the performance of FBKM is more robust against existing PSKA and ECG-IJS scheme.

Fig. 12.FRR versus Polynomial Degree ‘D’

 

5. Conclusion

Secured communication is strongly required in telemedicine based applications to ensure the privacy and safety of a patient. In this paper, we present an efficient bio-key management scheme for medical data security using fuzzy logic. This scheme has made the security system stable by providing low FRR value. This novel scheme provides less computation complexity and communication overhead. This efficient scheme offers the security in terms of authentication, data confidentiality and data integrity. It remains future work to investigate the energy analysis and various network layer related attacks such as wormhole attack, sinkhole attack, and Sybil attack.