Security design of ECG telemonitoring systems

Electrocardiogram (ECG) telemonitoring systems are a flourishing application of Wireless Body Area Networks (WBAN) in the field of healthcare. Due to inherent technical vulnerabilities and limitations of wireless systems, security and privacy threats are main areas of concern. To meet security and privacy requirements of ECG telemonitoring, an elaborate security design scheme is proposed. Firstly, Multi-stage Security Authentication (MSSA) strictly identifies all components and operators in the system, guaranteeing the legitimacy of the whole system. The next step is to ensure the security of all communications. High-intensity AES-256 algorithm and dynamic two-way keys are adopted to realize the security of public communications. A selective encryption mechanism provides a simple and effective security solution for local communications within the WBAN. To protect data from being falsified and ensure the correctness of data transmission, SHA-256 algorithm is used to verify the integrity of data. Finally, Authority Access Mechanism (AAM) based on smart cards is proposed to realize secure storage and access of sensitive data. Experimental results show that all security issues in the system are eliminated, and the system has very high security.