Information Technology Reference
In-Depth Information
Upon receiving an access request, the access
control engine uses the contextual data to de-
termine the patient's health status and map it
to one of the three health situation categories
presented earlier in this section. Afterwards,
the access control engine identifies the role
of the medical staff requesting the patient's
data and the corresponding access rights.
Finally, the access control engine searches
the access control policies for a matching
rule related to the patient's health situation
and the requestor role. If the matching policy
rule authorizes the release of data, then the
access control engine grants the requestor
access to the requested data. Otherwise, data
access is denied.
TOSSIM is a discrete event simulator that ships
with the TinyOS library. It allows the simulation
of full-fledged TinyOS networked applications.
The main security models that we consider in
this section are the TinySec security architecture
(Karlof, Sastry, & Wagner, 2004) developed at
UC Berkeley and the TinyECC public key library
developed by Liu and Ning at the North Carolina
State University.
TinySec
TinySec is a link layer security architecture for
WSNs that provides basic confidentiality and
integrity services for sensor data communication.
It is compatible and included with the standard
TinyOS distribution and supported by the TOS-
SIM simulator.
TinySec provides a basic symmetric-key se-
curity model suitable for operation on embedded
sensor devices. The key agreement among a group
of sensor nodes is done by statically programming
the same symmetric key in a key file in each node.
The name of the key file is.
tinyos_keyfile
and is
created the first time TinySec is launched.
The data confidentiality services are provided
by encrypting the network messages with the
shared symmetric key using an efficient block ci-
pher. The default block cipher adopted in TinySec
is the Skipjack cipher. Data integrity is achieved
by applying a MAC to the encrypted message.
This allows the receiver to check the validity
of the message before applying the decryption
mechanism on the encrypted contents. In Tiny-
Sec, CBC-MAC is the default algorithm used for
creating and validating the authentication codes.
An interesting design property in TinySec is
its ease of use in applications. In fact TinySec
does not require in most cases any modification
to the application code. Enabling TinySec is
done by simply setting the value of the
TINYSEC
parameter to
true
in the application's Makefile
(TINYSEC=True)
. Enabling TinySec in applica-
tions causes all network messages to be authenti-
For a detailed discussion on the operation of
the access control engine and the construction of
the access control policies, the reader is referred
to (Garcia-Morchon & Wehrle, 2010).
The research work in (Mitseva, Imine,&
Prasad, 2006; Mitseva, Wardana, & Prasad, 2008;
Bricon-Souf & Newman, 2007) provides further
information on context-aware privacy preserva-
tion in BSNs.
SECURITY AND CRYPTOGRAPHIC
SUPPORT IN BSN DEVELOPMENT
FRAMEWORKS
In this section we present a basic overview of the
security and cryptographic support in the TinyOS
BSN development framework. We focus on Ti-
nyOS because it is the dominant platform and
the reference standard for developing embedded
sensor applications and protocols. TinyOS is an
open source operating system specially designed
for limited-resource sensor devices. It provides a
component-based model that aids in the develop-
ment of rapid and maintainable embedded applica-
tions. Simulating TinyOS applications can be done
using the TOSSIM (Levis et al., 2003) simulator.
Search WWH ::
Custom Search