A New Attack Method against ECG-Based Key Generation and Agreement Schemes in Body Area Networks

Jack Hodgkiss, Soufiene Djahel, Zonghua Zhang

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)


Body Area Networks (BAN) are wireless networks designed for deployment on or within the human body. These networks are primarily intended for application within the medical domain due to their capabilities for enabling wireless monitoring of physiological signals, and remote administration of medical devices. Due to their intended use case, securing these devices is paramount. In recent years, several key generation and agreement schemes that rely upon physiological signals of the wearer are developed. However, we have found that the application of Electrocardiogram (ECG) signals in this context may not be appropriate due to a potential vulnerability, wherein previously recorded ECG signals could be used against current and future key agreement attempts to compromise their security. This is a violation of temporal variance which is one of a few properties that make ECG signals suitable for use in key agreement schemes. By extracting the QRS complex from prior recordings and distributing them apart from one another we can construct synthetic signals that have a high level of coherence, and thus allow for the key to be intercepted. Based on the conducted experiments we have found that the proposed attack method yields a 0.7 coherence level regardless of how far away the adversary is from the target. This makes the success of such an attack extremely likely and is therefore a real threat to the security of these schemes.

Original languageEnglish
Article number9427552
Pages (from-to)17300-17307
Number of pages8
JournalIEEE Sensors Journal
Issue number15
Early online date30 Jul 2021
Publication statusPublished - 1 Aug 2021
Externally publishedYes


Dive into the research topics of 'A New Attack Method against ECG-Based Key Generation and Agreement Schemes in Body Area Networks'. Together they form a unique fingerprint.

Cite this