A Secure Iot-Based Healthcare System With Body Sensor Networks
A Secure Iot-Based Healthcare System With Body Sensor Networks
A Secure Iot-Based Healthcare System With Body Sensor Networks
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 2
authentication mechanisms for IoT-based healthcare systems the scheme's feasibility and effectiveness, the authors
relying on body sensor networks. First, we will address the implemented an experimental system consisting of an 802.11
principal security requirements for IoT-based systems. A enabled sensor, a self-designed management server and an IoT
secure IoT-based healthcare system with two authentication application. The experimental results showed that their
mechanisms operating via BSN network architecture is then proposed system is practicable. However, one limitation exists
proposed to achieve the identified requirements. as the system scalability cannot be guaranteed.
The rest of the paper is organized as follows. Section II In 2014, Keoh et al. [5] presented an overview of the security
describes the current state of the art of IoT security and solutions for IoT ecosystems proposed by the Internet
discusses the principal security requirements for IoT-based Engineering Task Force (IETF), in which CoAP and, in
healthcare systems. In Section III, we first introduce the particular, Datagram Transport Layer Security (DTLS) are
underlying communication architecture of our proposed examined. Based on their performance evaluation, these
IoT-based healthcare system. Then, the IoT-based healthcare authors developed a refined and lightweight DTLS capable of
system using body sensor networks is introduced, comprising providing robust security functionality for IoT objects. Even so,
two authentication processes among the smart objects, the local the authors identified some unresolved issues for future work,
processing unit and the backend server. The security robustness i.e. device bootstrapping, key management, authorization,
of the proposed schemes is analyzed in Section IV, while the privacy and message fragmentation issues in IoT networks.
system implementation and performance evaluation is Next, in 2015, Kawamoto et al. [11] demonstrated an effective
presented in Section V. Finally, we make our concluding data collection scheme for location based authentication in IoT
remarks in Section VI. networks. In order to improve the authentication accuracy,
parameters related to network control are adjusted dynamically
II. RELATED WORK based on the real-time requirements from the system and the
In this section, we describe the current state of the art of IoT surrounding network environment. In addition, optimization of
security and then discuss the major security requirements for authentication accuracy was investigated. The authors finally
IoT-oriented healthcare systems. suggested that future work could focus on intelligently
controlling the data distribution from inhomogeneous IoT
A. The current state of the art of IoT security devices. In the same year, Cirani et al. [12] introduced an
In recent years, both industry and academia have devoted authorization framework which is integrated with HTTP/CoAP
considerable attention to the development of IoT applications services and is even able to invoke an external OAuth (Open
and related security measures. In 2013, Yao et al. [7] presented Authorization) based service. In the proposed framework, an
a lightweight multicast authentication scheme for small-scale external client may access a remote service from a network
IoT applications. They exploited the specific characteristics of broker (with constrained smart objects) via HTTP/CoAP.
the fast accumulator proposed by K. Nyberg [8], i.e. the Robust communication among entities such as an external
absorbency property and the one-way and client, a network broker and smart objects was thus designed
quasi-communicative property, to construct a lightweight and implemented. Performance evaluations were performed to
multicast authentication mechanism. To test their scheme’s examine the feasibility of the proposed framework, with results
practicability, the authors evaluated seven principal criteria showing that the proposed approach will increase the amount of
required by multicast authentications for resource-constrained energy consumed to ensure compatibility with IEEE 802.15.4.
applications in the course of a performance analysis. The In addition, the issues of memory footprint and dynamic
proposed scheme was claimed to be more efficient and configuration make the OAuth logic based scheme infeasible
effective than other systems it was compared to. The following for use with common smart objects.
year, Bello and Zeadally [9] investigated the possibility of In 2015, Ning et al. [13] proposed an aggregated proof based
self-collaborated device-to-device communications without hierarchical authentication scheme for layered U2IoT
any centralized control. Two challenges, namely the architecture to pursue security protection among ubiquitous
computation cost of smart objects and network heterogeneity, things. In the proposed scheme, security properties such as
were identified. After that, the authors analyzed the entity anonymity, mutual authentication and hierarchical access
state-of-the-art of communication mechanisms in licensed and control are achieved via the following techniques: user
unlicensed spectra and routing techniques which are able to authorization, aggregated-proof based verifications,
support intelligent inter-devices communications. In the course homomorphism functions and Chebyshev chaotic maps. Later,
of their analysis, four unresolved issues were identified: 1) Hernández-Ramos et al. [14] developed a series of lightweight
maximizing the use of available network resources; 2) route authentication and authorization procedures which are
management optimization; 3) inter-device based cooperation compliant with the Architectural Reference Model (ARM)
for load balancing; and 4) security properties such as privacy, from the EU FP7 IoT-A project, for use on constrained smart
authentication, integrity and resistance to new types of attack. objects. The proposed schemes are able to be combined with
Later, Cai et al. [10] adopted 802.11 based sensors to construct other standard technologies and form security plans for the life
an IoT-based device management system with a centralized cycle of IoT devices. Recently, Gope and Hwang introduced
control mechanism. The principal technique was based on the two authentication schemes, i.e. BSN-Care [1] and USM-IoT
IETF Constrained Application Protocol (CoAP). To evaluate [2], for IoT-based networks. These two authentication schemes
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 3
are designed to fit the security requirements for body sensor qualified security, the exclusive-or operation may be the
networks and distributed wireless sensor networks, respectively. attacker’s target. It is obvious that the exclusive-or operation
Accordingly, from the standpoint of authentication analysis, the can only resist against “cipher-text only” attacks, which
underlying architectures can respectively be characterized as represents the lowest security level in terms of cryptanalysis
being client-server and client-server-server. In 2015, Gope and activity. Other security guarantees, such as resistance to known
Hwang [2] first presented an authentication protocol for plain-text attacks, chosen plain-text attacks, chosen cipher-text
distributed wireless sensor networks. Their proposal not only is attacks, and chosen text attacks launched by a malicious
compatible with client-server-server (i.e. the adversary are not supported. Hence, we have to carefully
sensor-gateway-server) architecture, but also satisfies consider the utilization of the exclusive-or operation during the
important security properties such as mutual authentication, design of each protocol run. More specifically, all publicly
sensor anonymity and un-traceability, system scalability, and transmitted text must be in an unpredictable cipher form and the
resistance to impersonation attack, replay attack and cloning exclusive-or computation cannot be performed simply and
attack. The authors thus claimed the proposed protocol is directly on the cipher. It is suggested that all exclusive-or
secure as well as efficient. In 2016, Gope and Hwang [1] further operations must be embedded within the computation of a
proposed an authentication mechanism for a distributed one-way hash function. For example, the form of “M⊕key”
IoT-based healthcare system. The proposed protocol is based may be more vulnerable than the form of “H(M⊕key)” or
on body sensor networks (BSNs), which consist of lightweight “H(M)⊕key”, where key is a secret and M is a message.
and healthcare oriented smart objects. Lightweight
crypto-modules, such as a one-way hash function random 3) GPS information is suggested to resist against spoofing
number generation function and bitwise exclusive-OR attack
operation, are adopted to simultaneously pursue system The IoT-based communication architecture builds on
efficiency and security robustness. The authors then traditional wireless sensor networks and at the same time
investigated the security density and protocol efficiency via embeds body area networks consisting of body bio-sensors.
BAN logics analysis and computation cost comparison. Individual privacy is a key issue to consider owing to the
involvement of personal bio-data and sensitive health-related
B. Security Requirements for IoT-based Healthcare Systems information. Meanwhile, the correctness of application
In the following, we present the major security requirements operation incurred by sensor movement must also be
for IoT-based communication systems. considered carefully, including individual identification,
network switching, reputation maintenance, anonymity and
1) A session key is required for secure communication un-traceability, and resistance to spoofing attacks invoked by a
In the past decades, the research community has thoroughly malicious cluster head made up of parts of IoT networks. All
investigated the design of dynamic identity based these requirements can be supported via the anonymous
authentication schemes owing to their advantages in terms of authentication technique with a unique legitimate identification
user convenience and protocol efficiency. Lightweight in which GPS information is involved. That is, with
computation modules, such as one-way hash functions and identification of an individual’s location, immunity against
bitwise exclusive-or operation, are usually exploited in the spoofing attacks can be guaranteed.
design of secure transmission for each protocol run. Because
communication entities’ identities are anonymous and 4) The need for resistance to man-in-the-middle attack
unpredictable as a result of the hash function and exclusive-or Resistance to man-in-the-middle attack is one of the most
operation, it can be claimed that this category of authentication important security considerations after authentication. A
provides user anonymity. However, in traditional dynamic malicious attacker may interrupt transmitted authentication
identity based authentication mechanisms, a robust session key messages and spoof the legal communicating entities into
must be eventually agreed for secure communication among believing that he/she is the other legitimate side via
entities. A simple authentication and login activity without counterfeited and illegal messages by spoofing. That is, the
session key generation is not enough to guarantee any kind of attacker may pretend that he/she is the legitimate user who is
security. Even if it may be claimed that SSL/TLS or other communicating with the server. Spoofing can also be used
security techniques can be used to achieve robust security after when the attacker faces the real legitimate user. The attacker
the authentication, the computation cost involved will make may pretend to be the legitimate server to communicate with
such an approach inefficient. Based on the above reason, we the legal user. An efficient solution for resisting
argue that the session key agreement is an essential property for man-in-the-middle attacks is to embed the identities of all
entity authentication and secure communication. communicating entities into the protocol message for entity
authentication. For instance, H(IDi||IDi+1||…) is a possible form
2) Inappropriate usage of the bitwise exclusive-or module of protocol message which can be utilized to perform entity
must be avoided authentication and simultaneously conquer man-in-the-middle
Cryptanalysis for security modules is critical for protocol attacks.
robustness. While the one-way hash function maintains
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 4
5) Multiple security and privacy properties must be and, in addition, data confidentiality and data integrity can be
guaranteed at the same time guaranteed via the system's secure communication feature.
The protection of data security and entity privacy is the most In our proposed healthcare system, two communication
important aspects for IoT-based healthcare systems. As the channels, i.e. “sensors to LPU” and “LPU to BSN server,” are
communication of the BSN is mostly wireless (and insecure) in focused on, since the openness of these two channels means it
nature, various attacks may be launched at it as a vulnerability cannot be guaranteed that all the data transmissions on them are
entry, resulting in serious system damage to the entire system. secure. An attacker (or hacker) may therefore wish to launch
Therefore, in the following, we describe the key security and malicious behaviors, such as bio-data eavesdropping on a
privacy properties which must be guaranteed in an IoT-based specific person and entity counterfeiting for purposes of
healthcare system. First, mutual authentication among spoofing, on these insecure channels. The result could be huge
communication entities is required to protect against malicious and unpredictable losses. To sum up, the assumptions about the
data access and entity spoofing. Second, the system has to trust boundary of our IoT-based healthcare system are listed
achieve anonymity and untraceability for the bio-sensors in below: (1) the security parameters received during the
IoT-based healthcare systems to guard against the disclosure of registration phase are under a secure channel; (2) the LPU and
an individual's personal health status or private information. sensors are equipped with secure storage; (3) the “sensors to
Third, the resistance against forgery attack and replay attack LPU” and “LPU to BSN server” channels are insecure, i.e. the
during system operations must be embedded into the IoT-based transmitted data may be sniffed out; (4) the BSN server is
healthcare system. trusted and all the database accesses are safe and (5) a trusted
third party exists to support the public key infrastructure.
III. THE PROPOSED IOT-BASED HEALTHCARE SYSTEM WITH In the following section, we will introduce the
BODY SENSOR NETWORKS communication procedures of the proposed IoT-based
In this section, we first introduce the underlying healthcare system. The proposed system consists of two phases:
communication architecture of our proposed IoT-based the system initialization phase and the authentication phases. In
healthcare system. Then, the trust boundary and the desired the system initialization phase, all of the security parameters
objectives of the proposed IoT-based healthcare scheme are will be agreed upon and shared among the communication
introduced. After that, we present the detailed communication entities, i.e. wearable bio-sensors, the LPU and the BSN server,
procedures of the proposed system, which consist of a system via a secure channel. Next, two authentication phases are
initialization phase and two authentication phases. presented for securing all the communication and data
exchanges among the communication entities. In Table I, we
A. The Underlying IoT-based Communication Architecture present the common notations used throughout this study.
In this sub-section, we present the IoT-based communication
architecture on which our proposed healthcare system is TABLE I
modeled. As shown in Figure 1, there are three indispensable COMMON NOTATIONS USED THROUGHOUT THIS STUDY
components in the IoT-based communication architecture: the Symbol Definition
bsi Identity of the wearable bio-sensor i
wearable body bio-sensors (i.e. the smart objects), the Local LPUj Identity of the local processing unit j
Processing Unit (LPU) (which would normally be an intelligent BSN Identity of the BSN server
handheld device and acts as a mobile gateway), and the Body TTP Trusted third party
Sensor Networks (BSN) server. The IoT-based biomedical 𝐴𝐼𝐷𝑖 One-time-alias identity of the wearable bio-sensor i
bsID A set of un-linkable shadow identities bsID={sid1, sid2, …}
equipment (i.e. body bio-sensors) is adopted (or embedded) by for the wearable bio-sensor i
the user as the edge devices which are responsible for collecting Ki The secret key shared between the wearable bio-sensor i and
bio-data from the human (or, in this case, the patient). All of the the BSN server
collected data will be forwarded to the LPU and BSN server for Trseq Track sequence number
H(.) Secure one-way hash function, i.e. SHA-3 [3]
data analysis and user-oriented service provision. That is, based HMACk(.) A keyed-hash message authentication code
on specific bio-data from the user, the system can recognize and ⊕ Bitwise exclusive-or operation
satisfy the particular individual's needs in a faster and more || Concatenation operation
efficient way. For instance, by analyzing human bio-data, such
as electrocardiography (ECG), electroencephalography (EEG),
B. The System Initialization
electromyography (EMG) and blood pressure (BP), a
healthcare system in a hospital can provide more Let the notation E/Fp denote an elliptic curve E over a prime
individually-tailored and timely services and reduce delays in finite field Fp, defined by an equation y 2 x3 ax b , where
medical treatment. In the proposed IoT-based communication a, b Fp are constants such that Δ=4a 3+27b 2 0 . All points
architecture, all the body bio-sensors and the LPU need to
perform registrations with the BSN server in advance. After Pi=(xi, yi) on E and the infinity point O form a cyclic group G
registration, security credentials will be shared and stored under the operation of point addition R=P+Q defined according
among the bio-sensors, the LPU and the BSN server. The to a chord-and-tangent rule. In particular, we define
security credentials are exploited to achieve the goal of entity t P P P ... P (t times) as scalar multiplication, where
authentication and to establish a secure communication channel, P is a generator of G with order n.
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 5
Fig. 1. The underlying IoT based communication architecture of our proposed healthcare system.
Fig. 2. The authentication phase between the local processing unit j and the BSN server.
Fig. 3. The authentication phase among the wearable bio-sensor i, the local processing unit j and the BSN server.
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 6
First, given a security parameter k, a trusted third party (short Then, the local processing unit j sends ( R j , T j , j ) back to the
for TTP) generates a group G of elliptic curve points with prime BSN server who then examines the validity of the incoming
order n and determines a generator P of G. Next, TTP chooses a
message ( R j , T j , j ) with the following verification processes.
private key s Z n* and a secure hash function
H : 0, 1* G Z q* [3]. Next, TTP derives a public key With {G, P, PKTTP , H} , PK j , LPUj, BSN and ( R j , T j , j ) ,
PKTTP s P and publishes {G, P, PKTTP , H } . Meanwhile, the BSN server computes h j H ( PKTTP , LPU j , R j ) and
TTP keeps s Z n* securely. k j H (T j , h j , BSN , PK j ) . After that, the server verifies
whether the equation j P T j k j PK j R j h j PKTTP
Given {G, P, PKTTP , H} , the private key s and the identity
holds or not. If it holds, the ( R j , T j , j ) is legitimate. The
LPUj of local processing unit j, TTP generates a random
number r j Z n* , and calculates R j rj P , correctness of ( R j , T j , j ) is verified by:
1) The Key Agreement Phase between the Local Processing Finally, the local processing unit j and the BSN server both
Unit j and the BSN Server (Figure 2) possess and share a session key
SK t BSN T j t j t BSN P t j TBSN .
(Step 1) local processing unit j the BSN server:
( R j , T j , j )
2) The Authentication Phase among the Wearable Bio-sensor
Given {G, P, PKTTP , H } , LPUj, BSN, D j (s j , R j ) , h j and i, the Local Processing Unit j and the BSN Server (Figure 3)
x j , the local processing unit j computes T j t j P with a
In the proposed authentication scheme, Ki is a secret shared
random number t j Z n* , h j H ( PKTTP , LPU j , R j ) , by the BSN server and the wearable bio-sensor i, and bsID is a
k j H (T j , h j , BSN , PK j ) and j t j k j x j s j mod n .
set of un-linkable shadow identities bsID={sid1, sid2, …}
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 7
generated by the BSN server and installed into the wearable is launched
bio-sensor i at the system initialization. Trseq is a track sequence
number created to speed up the authentication process as well Condition (1): check the validity of Trseq, and look for the
as to prevent replay attacks. During each authentication session, corresponding tuple via Trseq from the backend database. If
Trseq will be renewed and stored at both the BSN server and the Trseq is valid, the BSN server retrieves Ni=H(Ki||𝑏𝑠𝑖 )⊕Mi, and
wearable bio-sensor i. In that case, the BSN server is able to then verifies if the received value 𝐴𝐼𝐷𝑖 and the computed value
check the freshness of an incoming request sent from the H(𝑏𝑠𝑖 ||Ki||Ni||Mi||𝐿𝑃𝑈𝑗 ||𝐺𝑃𝑆𝑗 |Trseq) are equal.
wearable bio-sensor i, and to achieve a fast identification of the
bio-sensor i via Trseq at the backend database during the Condition (2): If the BSN server cannot find any Trseq in 𝑀𝐴1 ,
authentication session. If Trseq in the request does not match the the BSN server will examine the freshness and validity of
one maintained in the backend database, the BSN server will
𝐴𝐼𝐷𝑖 =𝑠𝑖𝑑𝑖 . If the BSN server cannot identify the 𝑠𝑖𝑑𝑖 from the
reject the incoming request and terminate the connection. A backend database, the server will terminate the connection and
new request from the wearable bio-sensor i will be asked for in
request the wearable bio-sensor i to try again with another valid
which one of the fresh shadow identities 𝑠𝑖𝑑𝑖 will be picked up shadow identity 𝑠𝑖𝑑𝑖 .
from the list bsID as an anonymous identity of the wearable
bio-sensor i. The shadow identities 𝑠𝑖𝑑𝑖 adopted at this time If one of the above examinations is passed, the BSN server
must be removed from the bsID list at both the BSN server side will generate a random number m and assign this number as the
and the wearable bio-sensor i side after the authentication
new track sequence number Trseq, i.e. 𝑇𝑟𝑠𝑒𝑞𝑛𝑒𝑤 = 𝑚 .
session.
Subsequently, the BSN server computes Tr=H(Ki||𝑏𝑠𝑖 ||Ni)⊕
(Step 1) Local processing unit j wearable bio-sensor 𝑇𝑟𝑠𝑒𝑞𝑛𝑒𝑤 , V=H(Tr||Ki||BSN||𝐿𝑃𝑈𝑗 ||𝑏𝑠𝑖 ) and 𝐻𝑀𝐴𝐶𝑆𝐾 (𝑀𝐴2 :{Tr,
i: 𝑮𝑷𝑺𝒋 , 𝑳𝑷𝑼𝒋 BSN, V}). After that, the BSN server sends 𝑀𝐴2 ,
The local processing unit j sends its identity 𝐿𝑃𝑈𝑗 and its 𝐻𝑀𝐴𝐶𝑆𝐾 (𝑀𝐴2 ) to the local processing unit j as a response
global location information 𝐺𝑃𝑆𝑗 to the wearable bio-sensor i message.
as an authentication request.
(Step 5) local processing unit j wearable bio-sensor i:
(Step 2) wearable bio-sensor i local processing unit j: 𝑴𝑨𝟐 :{Tr, BSN, V}
𝑴𝑨𝟏 ={𝑨𝑰𝑫𝒊 , Mi, Trseq (if req.), 𝑳𝑷𝑼𝒋 , 𝑮𝑷𝑺𝒋 } After receiving 𝑀𝐴2 ={Tr, BSN, V}, the local processing unit
After receiving 𝐺𝑃𝑆𝑗 and 𝐿𝑃𝑈𝑗 , the wearable bio-sensor i j checks the correctness of 𝐻𝑀𝐴𝐶𝑆𝐾 (𝑀𝐴2 ). If it holds, the local
first generates a random number Ni and calculates Mi=H(Ki||𝑏𝑠𝑖 ) processing unit j forwards 𝑀𝐴2 ={Tr, BSN, V} to the wearable
⊕Ni and 𝐴𝐼𝐷𝑖 = H(𝑏𝑠𝑖 ||Ki||Ni||Mi||𝐿𝑃𝑈𝑗 ||𝐺𝑃𝑆𝑗 ||Trseq). Next, the bio-sensor i. Upon obtaining 𝑀𝐴2 , the wearable bio-sensor i
wearable bio-sensor i constructs a message 𝑀𝐴1 ={𝐴𝐼𝐷𝑖 , Mi, calculates H(Tr||Ki||BSN||𝐿𝑃𝑈𝑗 ||𝑏𝑠𝑖 ) and compares it with the
Trseq (if req.), 𝐿𝑃𝑈𝑗 , 𝐺𝑃𝑆𝑗 } and sends 𝑀𝐴1 as an authentication received value V. If these two values are the same, the wearable
request to the local processing unit j. Note that if the value Trseq bio-sensor i derives 𝑇𝑟𝑠𝑒𝑞𝑛𝑒𝑤 =H(Ki|| 𝑏𝑠𝑖 ||Ni) ⊕ Tr and sets
shared between the wearable bio-sensor i and the BSN server is 𝑇𝑟𝑠𝑒𝑞 = 𝑇𝑟𝑠𝑒𝑞𝑛𝑒𝑤 for the next authentication session.
out of synchronization, the wearable bio-sensor i needs to
choose a fresh shadow identity 𝑠𝑖𝑑𝑖 from bsID and, IV. SECURITY ANALYSIS
consequently, assigns the picked value 𝑠𝑖𝑑𝑖 as 𝐴𝐼𝐷𝑖 . After that, Before describing the security analysis, we introduce the
the wearable bio-sensor i sends 𝑀𝐴1 ={𝐴𝐼𝐷𝑖 , M1, 𝐿𝑃𝑈𝑗 , 𝐺𝑃𝑆𝑗 } adversary model. In the real world, it is possible for adversaries
as an authentication request to the local processing unit j. to replace a communication entity's public key with a false one
of its choice. Hence, the adversary Adv models an outside
(Step 3) local processing unit j the BSN server: 𝑴𝑨𝟏 , adversary who is able to replace any entity’s public key with
𝑯𝑴𝑨𝑪𝑺𝑲 (𝑮𝑷𝑺𝒋 , 𝑴𝑨𝟏 ) specific values chosen by the adversary itself; however, the
Upon receiving the authentication request from the wearable adversary Adv does not know the private key of TTP. In
bio-sensor i, the local processing unit j computes addition, the adversary Adv is able to learn valid verification
𝐻𝑀𝐴𝐶𝑆𝐾 (𝐺𝑃𝑆𝑗 , 𝑀𝐴1 ) and sends 𝑀𝐴1 , 𝐻𝑀𝐴𝐶𝑆𝐾 (𝐺𝑃𝑆𝑗 , 𝑀𝐴1 ) to messages for a replaced public key without any submission.
the BSN server.
Game 1: The following game is performed between a
(Step 4) the BSN server local processing unit j: 𝑴𝑨𝟐 , challenger C and an adversary Adv during the proposed
𝑯𝑴𝑨𝑪𝑺𝑲 (𝑴𝑨𝟐 ) authentication scheme between the local processing unit and
the BSN server.
Once the BSN server obtains 𝑀𝐴1 , 𝐻𝑀𝐴𝐶𝑆𝐾 (𝐺𝑃𝑆𝑗 , 𝑀𝐴1 ) ,
the BSN server first checks whether 𝐻𝑀𝐴𝐶𝑆𝐾 (𝐺𝑃𝑆𝑗 , 𝑀𝐴1 ) is Initialization: C generates a private key s, and public system
correct. If it holds, the server then checks the track sequence parameters {G, P, PKTTP , H } . Next, C keeps s, but gives all of
number Trseq is in the request or not. If Trseq is included in 𝑀𝐴1 , the public system parameters {G, P, PKTTP , H } to the adversary
the BSN server performs condition (1). Otherwise, condition (2)
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 8
true Verify(mt , t , params, IDt , PKt ) . If the public key system parameters {G, P, PKTTP , H } to 𝛼1 .
Next, according to the hardness of solving the elliptic curve RequestPublicKey(IDt): Upon receiving a query with an
discrete logarithm problem, we prove that our proposed identity IDt from 𝛼1 , performs the following steps.
authentication scheme is existentially secure against malicious (1) If IDt IDt* , generates three random numbers
adversaries. Note that the Elliptic Curve Discrete Logarithm
Problem (short for ECDLP) is defined as follows: given a group at , bt , xt Z n* , and Rt at P bt PKTTP ,
performs
G of elliptic curve points with prime order n, a generator P of G ht H ( PKTTP , LPUt , Rt ) bt , st at and PKt xt P .
and a point x P , it is computationally infeasible to derive x, Then, adds IDt , Rt , ht , IDt , st , Rt and
where x Z n* .
IDt , PKt , xt to the lists listH , listK1 and listK 2 ,
Theorem 1: The proposed authentication scheme is respectively. Finally, returns PK t to 𝛼1 .
existentially secure against malicious adversary in the random
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 9
and IDt , PKt , xt to the lists listH , listK1 and listK 2 , E2 ] ≥ , where 𝑞𝐻 and 𝑞𝑒𝑝𝑠 are the numbers of Hash query
𝑞𝐻
and ExtractPartialSecret query.
respectively. Finally, returns PK t to 𝛼1 .
Then, the probability that solves the given instance of the
ExtractPartialSecret(IDt): Upon receiving a query for an
ECDLP is
identity IDt from 𝛼1 , performs the following steps.
(1) If IDt = IDt* , stops the session. 𝑆𝑢𝑐𝑐𝛽 = Pr[E1 ∧ E2 ∧ E3 ] =
(2) Otherwise, looks at listK1 for IDt , st , Rt . If a record 1 1 𝑞𝑒𝑝𝑠
Pr[E1 ] Pr[E2 |E1 ] Pr[E3 |E1 ∧ E2 ] ≥ (1 − ) 𝑆𝑢𝑐𝑐𝛼1
𝑞𝐻 𝑞𝐻
of such a tuple exists, returns st to 𝛼1 ; otherwise,
makes a RequestPublicKey query with IDt and returns st to 𝛼1 Hence, the algorithm can solve the ECDLP with, at
accordingly. 1 1 𝑞𝑒𝑝𝑠
minimum, the advantage (1 −
𝑆𝑢𝑐𝑐𝛼1 , where q H )
𝑞𝐻 𝑞𝐻
ExtractSecret(IDt): When receives a query for an identity denotes the maximum number of queries to Hash, and qeps
IDt from 𝛼1 , looks for IDt , PKt , xt in the list listK 2 . If denotes the maximum number of queries to
ExtractPartialSecret(IDt). That contradicts the hardness of
there is such a tuple, returns xt to 𝛼1 . Otherwise, makes solving the ECDLP.
a RequestPublicKey query with IDt and returns xt to 𝛼1 . ■
ReplacePublicKey ( IDt , PKt# ) : Once receives a query for Next, we present security claims for the proposed
authentication mechanism among the wearable bio-sensor, the
some ( IDt , PKt# ) from 1 , performs the following steps. local processing unit and the BSN server.
(1) looks for IDt , PKt , xt in the list LK 2 . If there exists
Theorem 2: To achieve mutual authentication between the
such a record, sets PK t PK t# and xt . wearable bio-sensor and the local processing unit
(2) Otherwise, simulate the RequestPublicKey(IDt) query
for the identity IDt and sets PKt = PK t# and xt . The mutual authentication of the proposed authentication
mechanism is proven via BAN logic analysis [4]. Basic
constructs and logic postulates are presented in the following,
In the final phase, 𝛼1 successfully outputs t* ( Rt* , Tt* , t* ) where the symbols P and Q range over principals, X and Y
for the target IDt* with non-negligible advantage 𝑆𝑢𝑐𝑐𝛼1 . range over statements, and K ranges over long-term secrets
keys.
Based on the forking lemma [16], if we have the polynomial
replay of with the same random tape and different choices Constructs:
of hash oracle, 𝛼1 is able to output another three signatures P believes X: The principal P believes that X is true.
t ( j ) ( Rt , Tt , t ( j ) ) , where j = 2, 3, 4. Eventually, we have four P sees X: Someone has sent a message containing X to P,
who can read and repeat X (possibly after doing some
valid signatures, i.e. t ( j ) ( Rt , Tt , t ( j ) ) with j = 1, 2, 3, 4, decryption).
satisfying the following equations P said X: P has actually sent a message including
t ( j ) tt kt ( j ) ( xt rt ht ( j ) s) mod n , where j = 1, 2, 3, 4. statement X at the current session of the protocol or
before.
P controls X: P has jurisdiction over X, i.e. the principal P
Based on the four linear and independent equations, can
is an authority on X and this matter should be trusted.
derive the four unknown values tt , xt , rt and s , and outputs s fresh(X): X has not been sent in a message before the
as the solution of the random instance (P, Q s P ) of the current session of the protocol.
ECDLP. Next, we analyze ’s success probability 𝑆𝑢𝑐𝑐𝛽 of P Q: The key K is shared between the principals
K
winning game 1. P and Q.
P Q: The formula X is a secret known only to P
X
E1: does not abort in all the queries of and Q. Only P and Q may use X to prove their identities to
ExtractPartialSecret. each other.
E2: 𝛼1 can forge a valid signature ( IDt , mt , t ) .
E3: The output ( IDt , mt , t ) satisfies IDt = IDt* . Logical postulates:
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 10
Rule 1 (the message-meaning rules): If P believes P 12. 𝑏𝑠𝑖 believes S believes { 𝑀𝐴2 } (Based on (10) & (11),
K
Q and P sees {X}K, then we postulate P believes Inferred by Rule 2).
Q said X. 13. 𝑏𝑠𝑖 believes S controls{Ni} (Based on assumption 5).
Rule 2 (the nonce-verification rule): If P believes fresh (X) 14. 𝑏𝑠𝑖 believes {𝑀𝐴2 } (Based on (12) & (13), Inferred by
and P believes Q said X, then we postulate P believes Q Rule 3).
believes X.
Rule 3 (the jurisdiction rule): If P believes Q controls X The final results are as follows:
and P believes Q believes X, then we postulate P believes LPUj believes S believes {𝑀𝐴2 } (result 5)
X. LPUj believes {𝑀𝐴2 } (result 7)
Rule 4: If P sees (X, Y) then P sees X. In addition, if P 𝑏𝑠𝑖 believes S believes {𝑀𝐴2 } (result 12)
believes P Q and P sees {X}K, then P sees X.
X
𝑏𝑠𝑖 believes {𝑀𝐴2 } (result 14)
Rule 5: If one part of a formula is fresh, then the entire
formula must also be fresh. If P believes fresh (X), then P With the four results (5), (7), (12) and (14), and the assumption
believes fresh (X, Y). of the trustworthiness of S, both the wearable bio-sensor and the
local processing unit can be authenticated by each other via S.
Assumption: ■
Assumption 1: bio-sensor i (𝑏𝑠𝑖 ), the BSN server (S)
𝑏𝑠𝑖 , 𝐾𝑖 ,𝑏𝑠𝐼𝐷, 𝑇𝑟𝑠𝑒𝑞 Claim 1: Guaranteeing anonymity and untraceability for
believe𝑠 𝑏𝑠𝑖 ↔ 𝑆
𝑆𝐾 wearable bio-sensors i.
Assumption 2: LPUj, S believes 𝐿𝑃𝑈𝑗 ↔ 𝑆
Assumption 3: 𝑏𝑠𝑖 , S, LPUj believes fresh (Ni) In the proposed communication procedures, a random
Assumption 4: 𝑏𝑠𝑖 believes fresh (m) number Ni is generated and utilized to randomize the messages,
Assumption 5: 𝑏𝑠𝑖 , LPUj believes S controls Ni such as 𝐴𝐼𝐷𝑖 , Mi, V and Tr, transmitted among the wearable
bio-sensor i, the local processing unit j and the BSN server.
The concrete realization of the proposed authentication scheme Without revealing the real identity of bsi in public, the local
is as follows: processing unit j and the BSN server only need to know whether
the involved partner bio-sensor i is legitimate or not. Explained
Step 1: 𝐿𝑃𝑈𝑗 𝑏𝑠𝑖 : 𝐺𝑃𝑆𝑗 , 𝐿𝑃𝑈𝑗 in a more detailed way, the identity bsi is transmitted in a
Step 2: 𝑏𝑠𝑖 LPUj: 𝑀𝐴1 ={ 𝐴𝐼𝐷𝑖 , Mi, Trseq (if req.), 𝐿𝑃𝑈𝑗 , randomized cipher text format instead of plaintext during each
𝐺𝑃𝑆𝑗 }, where 𝐴𝐼𝐷𝑖 = H(𝑏𝑠𝑖 ||Ki||Ni||Mi||𝐿𝑃𝑈𝑗 ||𝐺𝑃𝑆𝑗 ||Trseq) and session. As a result, the proposed communication procedures
can provide the property of sensor anonymity and
Mi=H(Ki||𝑏𝑠𝑖 )⊕Ni.
untraceability. In addition, the shadow identity mechanism is
Step 3: LPUj S: 𝑀𝐴1 , 𝐻𝑀𝐴𝐶𝑆𝐾 (𝐺𝑃𝑆𝑗 , 𝑀𝐴1 ). used because loss of synchronization between the bio-sensor i
Step 4: S LPUj: 𝑀𝐴2 , 𝐻𝑀𝐴𝐶𝑆𝐾 (𝑀𝐴2 ), where 𝑀𝐴2 ={Tr, BSN, and the BSN server may occur. Even if the attacker interrupts
V}, Tr=H(Ki|| 𝑏𝑠𝑖 ||Ni) ⊕ 𝑇𝑟𝑠𝑒𝑞𝑛𝑒𝑤 and the shadow identity, it cannot retrieve any clue regarding entity
V=H(Tr||Ki||BSN||𝐿𝑃𝑈𝑗 ||𝑏𝑠𝑖 ) identification and traceability due to the un-linkable property of
Step 5: LPUj 𝑏𝑠𝑖 : 𝑀𝐴2 ={Tr, BSN, V} these shadow identities.
The formal analysis of mutual authentication: Claim 2: Resistance against forgery attack and replay attack.
1. LPUj sees {𝑀𝐴2 , 𝐻𝑀𝐴𝐶𝑆𝐾 (𝑀𝐴2 )} (Based on step 4).
𝑆𝐾 Attackers may intend to deceive the legal communication
2. LPUj believes 𝐿𝑃𝑈𝑗 ↔ 𝑆 (Based on assumption 2). entities via fake messages. However, without the knowledge of
3. LPUj believes S said {𝑀𝐴2 , 𝐻𝑀𝐴𝐶𝑆𝐾 (𝑀𝐴2 )} (Based on (1) Ni and Ki, it is difficult for the attacker to counterfeit legitimate
& (2), Inferred by Rule 1). request (or response) messages such as {𝐴𝐼𝐷𝑖 , Mi, Trseq (if req.),
4. LPUj believes fresh (Ni) (Based on assumption 3). 𝐿𝑃𝑈𝑗 , 𝐺𝑃𝑆𝑗 } and {Tr, BSN, V} for purposes of spoofing. Even
5. LPUj believes S believes {𝑀𝐴2 , 𝐻𝑀𝐴𝐶𝑆𝐾 (𝑀𝐴2 )} (Based on if the attacker sends a previously eavesdropped message to a
(3) & (4), Inferred by Rule 2). victim party, the verification of previously-used messages will
6. LPUj believes S controls {Ni} (Based on assumption 5). fail. This is because the random number Ni is used at a previous
session. Therefore, the resistance to forgery attack and replay
7. LPUj believes {𝑀𝐴2 , 𝐻𝑀𝐴𝐶𝑆𝐾 (𝑀𝐴2 )} (Based on (5) & (6),
attack are obviously embedded in our system.
Inferred by Rule 3).
Claim 3: Preservation of data confidentiality.
8. 𝑏𝑠𝑖 sees {𝑀𝐴2 } (Based on step 5).
𝑏𝑠𝑖 , 𝐾𝑖 ,𝑏𝑠𝐼𝐷, 𝑇𝑟𝑠𝑒𝑞
9. 𝑏𝑠𝑖 believes 𝑏𝑠𝑖 ↔ 𝑆 (Based on assumption 1). In the proposed communication procedures, all of the
10. 𝑏𝑠𝑖 believes S said {𝑀𝐴2 } (Based on (8) & (9), Inferred by transmitted messages {𝐴𝐼𝐷𝑖 , Mi, Trseq (if req.), 𝐿𝑃𝑈𝑗 , 𝐺𝑃𝑆𝑗 }
Rule 1). and {Tr, BSN, V} are well-protected via the robust one-way
11. 𝑏𝑠𝑖 believes fresh(Ni), fresh(m) (Based on assumption 3 & hash function, i.e. SHA-3 (512 bits), and a high-entropy secret
4). Ki chosen by S. Without knowing the secret, it is difficult for
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 11
attackers to break the SHA-3 hash function or to retrieve any the major overhead is based on the SHA-3 (with output 512 bits)
useful information from transmitted cipher texts owing to the operations in which 78.8% and 96.7% of computation cost are
irreversibility of the one-way hash function. Data needed, respectively, during the two authentication processes.
confidentiality is thus guaranteed. If we replace the SHA-3 operation with traditional SHA-family
techniques, the system efficiency can be further improved and
V. SYSTEM IMPLEMENTATION the overhead of our proposed scheme will be dominated by the
ECC based scalar multiplication computation.
To evaluate the practicability of the proposed scheme, we
implement the major security components of our scheme on an TABLE 3
IoT-based testbed, i.e. a Raspberry Pi series platform. The basic THE COMPUTATION COSTS FOR THE PROPOSED SCHEME
implementation environment is as shown in Table 2, where the Phase Process
Raspberry Pi II platform (i.e. Figure 4) is simulated as an 6 ECC Multiply + 4 SHA-3
(at local processing unit side)
intelligent mobile object or local processing unit. We adopt The key agreement phase
6 ECC Multiply + 4 SHA-3
SHA-3 (512 bits) as the secure one-way hash function [3], between the local processing
(at the BSN server side)
unit j and the BSN server
while the ECC based scalar multiplication operations (in which 12 ECC Multiply + 8 SHA-3
elliptic curve points over a prime field GF(p) with a 384 bit (Total computation cost)
prime p) and the random number generator (96 bits) are 1 RN + 4 SHA-3 + 2 XOR
(at wearable bio-sensor side)
implemented with the Bouncy Castle Crypto APIs [6]. The The authentication phase 2 SHA-3
experiment is programmed via Open JDK and Eclipse 3.8. among the wearable bio-sensor (at local processing unit side)
i, the local processing unit j and 1 RN + 6 SHA-3 + 2 XOR
TABLE 2 the BSN server. (at the BSN server side)
IMPLEMENTATION ENVIRONMENT 2 RN + 12 SHA-3 + 4 XOR
Environment Description (Total computation cost)
Broadcom BCM2836 @ 1GHz Quad-Core ARM
Cortex-A7 Architecture. VI. CONCLUSIONS
Raspberry PI 2
1GB DDR2 RAM
SanDisk 16GB Class 10 SD Card In this paper, we have demonstrated a secure healthcare
Operating System Raspbian 2016/03 system for IoT-oriented BSN infrastructures in which two
Programming Open JDK
Language
authentication processes are proposed to satisfy major security
Programming IDE Eclipse 3.8 requirements. According to our experiments, the computation
Crypto API The Bouncy Castle Crypto APIs [6] times of 4.056 ms and 4.965 ms are needed for performing two
authentication mechanisms, respectively, on a common
IoT-based development platform, i.e. the Raspberry Pi II.
Although the computation cost is user-acceptable, the system
efficiency can be further improved once the adopted
crypto-hash-modules are substituted by the traditional SHA-2
techniques. In addition, we investigate the security of the
proposed authentication schemes via rigorous formal analysis.
The robustness of the two schemes is proved. In brief,
according to the analysis and implementation results, we have
Fig. 4. Raspberry PI II platform adopted in the experiments. proved that the proposed schemes are suitable to be
implemented on common intelligent mobile objects with robust
In the system implementation, all of the random numbers, security density. Hence, the practicability of our proposed
entity identities and secrets are set to 96-bits for appropriate IoT-based healthcare system is guaranteed.
security density. Table 3 demonstrates the computation cost
required in our proposed scheme. During the authentication REFERENCES
phase between the local processing unit and the BSN server, the [1] Prosanta Gope, Tzonelih Hwang, “BSN-Care: A Secure IoT-based
computation cost of 12 ECC based scalar multiplication Modern Healthcare System Using Body Sensor Network,” IEEE Sensor
operations and 8 SHA-3 operations is required to perform a Journal, Volume 16, Issue 5, pp. 1368-1376, March 2016.
[2] Prosanta Gope, Tzonelih Hwang, “Untraceable Sensor Movement in
session key agreement for secure communication. Taking into
Distributed IoT Infrastructure,” IEEE Sensor Journal, Volume 15, Issue 9,
account the consideration of security robustness, ECC based pp. 5340-5348, September 2015.
scalar multiplication (over a prime field GF(p) with a 384 bit [3] Morris J. Dworkin, “SHA-3 Standard: Permutation-Based Hash and
prime p) is implemented on the Raspberry Pi II platform. In Extendable-Output Functions,” NIST FIPS-202,
dx.doi.org/10.6028/NIST.FIPS.202, August 2015.
brief, the proposed scheme needs at most 4.056 ms for
[4] M. Burrows, M. Abadi, R. Needham, “A logic of authentication,” ACM
performing 12 ECC based scalar multiplication operations and Transactions on Computer Systems, Volume 8, Issue 1, pp. 18-36,
8 SHA-3 operations. The computation cost is user-acceptable. February 1990.
In the authentication phase among the wearable bio-sensor, the [5] Sye Loong Keoh, Sandeep S. Kumar, Hannes Tschofenig, “Securing the
local processing unit and the BSN server, we require at most Internet of Things: A Standardization Perspective,” IEEE Internet of
Things Journal, Volume 1, Issue 3, pp. 265-275, 2014.
4.965 ms to perform 2 random number generations (RN), 12
[6] The Bouncy Castle Crypto APIs, https://www.bouncycastle.org/, 2016.
SHA-3 and 4 XOR operations. In our experiments, we find that
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2016.2638038, IEEE Access
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 12
2169-3536 (c) 2016 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.