CHAPTER 4
IMPROVED SECURE SYMMETRIC FORCE ENCRYPTION ALGORITHM FOR EEG SIGNAL PROCESSING
4.1. Prologue
This chapter discusses and presents an EEG-signal-based Improved Secure Symmetric Force Encryption (SSFE). The secret key is generated from patients’ EEG signals, and SSFE is used for data encryption from implanted body sensor nodes (BSNs). The proposed SSFE algorithm is proposed for WBASNs with low-level resource constraint architecture. Therefore, this algorithm is used for WBASN cryptographic algorithm. This work explains the real-time execution steps to realize the EEG-signal based authentication system to predict the SNs. The secret key is transmitted from the transmitter to the receiver, where the cryptographic operation is realized.
4.2. Research objectives
The ultimate objective of this work is:
- To design a cryptographic algorithm for encrypting the data over the WBASNs.
- To reduce the time complexity and power consumption using SSFE.
- To generate the secret key in various places and increase the battery life of sensor nodes.
- To compute average time interval, mean, variance, and standard deviation.
4.3. Overviews
The propagation of SNs and wireless communication are applied over various applications in networking fields. One such area is WBAN, where the patients interact with diverse embedded systems, bio-sensors, and communication links for health monitoring. It works as a potential performer for all types of patient-centric solutions owing to the low cost, independent communication channels, and miniaturized sensors, as described by Latre et al. (2010) and Sangwan et al. (2015). The bio-sensors are placed on the human body for sensing signals like blood pressure, blood glucose, EEG, ECG, EMG, heart rate, and so on) and communicates with the Physicians directly for data aggregation. By performing this, the damage to the patients’ treatment is eliminated in avoided during crucial circumstances as the response time of sensors should be significantly smaller.
In WBASN, one of the essential factors is to perform data transmission securely. The authorized persons can only access the data as described by Karthikeyan et al. (2015). Asymmetric or Lightweight symmetric cryptographic code is applied to secure communication with limited power usage, processor, and memory. The prevailing cryptographic code needs enormous resources, while the proposed SSFE is meant explicitly for establishing security to the nodes entity, which is attained from the bio-signals. Mansoor et al. (2013) explain the lightweight cryptographic algorithm with specific modification. This work concentrates on developing an improved SSFE model for generating the unique key from the EEG signals with lesser computational complexity. The uniqueness should fulfill the generation of random access in an efficient manner.
4.4. Improved Secure Symmetric Force Encryption (SSFE) algorithm
The SSFE is a less complex symmetric algorithm modeled based on the Feistel structure, which is simple as the key generation is done by the end-user (Physicians) with certain mathematical, logical operations like AND, OR, NOR, XNOR, SHIFTING, and SWAPPING for generating the key. This model pretends to reduce the computational complexity, lesser power consumption, and effectual computation with devices in WBSAN. The functionality of SSDE includes four major blocks known as Key expansion, key management, encryption, and decryption process. Table 4.1 depicts the notation and functions used in the proposed encryption model.
Table 4.1 Notations and functions
| Notations | Functions |
| ^ | AND |
| + | OR |
| ⊕ | XOR |
| ⊙ | XNOR |
| ⊗ | Multiplication |
| <<< | Left shift |
4.4.1. Key expansion
It is the initial process utilized for the generation of various keys for encryption and decryption functions. There are diverse operations generating confusion and diffusion to diminish the weaker key’s probability and enhance critical strength. A round key generated from the cipher key is used for crucial scheduling. Fig 4.1 depicts the key expansion process.
Fig 4.1 Key expansion process
This process comprises of two components: key selection and expansion. It performs logical operations like, matrix multiplication, and left shifting with fixed matrix, transposition, and permutation. The cipher key is in a linear array format, partitioned into four half of 16 bits. It is arranged in the 4*4 matrix left-shift operation. The resultant matrix is a 4*4 matrix column with logical operations. The outcomes are merged to form a 64-bit linear array.
The 64-bit data is passed to the permutation table and arranged in a 4*4 matrix with a left-shift. The left-shift matrix is then multiplied with a fixed matrix, which transforms 16 bits to 64 bits and set in row-wise and left-shift order. The left-shift is then partitioned into 4-column wise 16-bit blocks where the XOR & AND operations are performed to transform it into a single 16-bit block. The generated 16-bit block is partitioned into a 4-bits arranged column; an XOR operation is given to produce 4-bit keys. The generated keys are used by transposition and substitution techniques to create 4-sub keys from 16-bits used for encryption rounds. is generated with XOR operation and used in further encryption round. Fig 4.2 explains the left shift process of the proposed model. Similarly, Fig 4.3 gives the flow diagram of the anticipated model.
| 1 | 2 | 3 | 1 |
| 1 | 2 | 3 | 1 |
| 1 | 2 | 3 | 1 |
| 1 | 2 | 3 | 1 |
| 1 | 2 | 3 | 1 | No shift |
| 1 | 1 | 2 | 3 | 1 bit |
| 3 | 1 | 1 | 2 | 2 bits |
| 2 | 3 | 1 | 1 | 3 bits |
Fig 4.2 Left shift process
Fig 4.3 Flow diagram of SSFE algorithm
4.4.2. Key Management
The generated key is securely transmitted to the encoder using an energy-efficient protocol. It facilitates the key establishment process via four different kinds of keys known as an individual key, cluster key, group key, and pair-wise shared key. The key management process is used for the pre-distribution of the key to assist and establish the updated keys for all the available nodes. The key is set using node ID and seed function. Subsequently, the neighborhood node detection process is initiated with the pair-wise shared key generation phase for broadcasting the corresponding node ID. The receiving nodes can evaluate the shared key among the neighbors with the seed function and key. The intermediate keys that are generated need to be erased. When the pair-wise keys are established, the key cluster is distributed among the CH for establishing a pair-wise secured communication process. At last, the BS needs to broadcast the group key. An effectual authentication method has to be used for eliminating the intimation of compromised nodes from the BS. When the keys are generated and established, secure communication is generated among the sender and the receiver in WBASNs. It is utilized for the secure transmission of the encryption process.
4.4.3. Encryption process
The encryption process is initiated after generating the key from the key expansion block via the secure communication channel. In the encryption process, simple operations like OR, AND, XOR, XNOR, substitution, left shift, and swapping is carried out to generate diffusion and confusion. The plain text of 64-bits in a linear array format is partitioned into two halves, i.e., 32 bit. This 32 bit is further partitioned as two halves, i.e., 16 bits. Then, the rounded swapping of 16-bits is carried out to change the complex cipher generation’s original data position. The sub-keys like K4), and XNOR functions are rounded correspondingly. The output of this process is considered as the input to the next successive rounds. It is mapped over F-function as expressed in Eq. (4.1):
The F-function output is XOR with swapped 16-bits over the same round those outcomes in confusion data (See Fig 4.4). It leads to the proper conclusion of the encryption process. Similarly, decryption is the vice-versa of this process. The pseudo-code for the proposed SSFE is given below.
Fig 4.4 F-function
| Pseudo-code for SSFE |
| Step 1: Partition the plain text into two halves, i.e., 32 bits each
Step 2: Further partition the 32 bits into two halves, i.e., 16 bits each Step 3: In every round to carry out encryption, 16-bits are swapped to re-arrange the complex cipher generation’s alternative position. Step 4: The sub-keys are generated and known as Step 5: Perform XNOR operations from left to right in each round. Step 6: The generated output is given as an input to successive steps Step 7: Perform F-function using Eq. (4.1). Step 8: The outcome from F-function is then XOR for swapping the 16 bits Step 9: The resultant bits leads to data confusion Step 10: End of the encryption process // Decryption Step 11: Vice-verse of the encryption process Step 12: End process |
4.4.4. Round Transformation
The round transformation includes various operations like F-function, XOR, XNOR, and swapping function. During the encryption process, l6-bits (left halves) are swapped to the right half, and 16-bits (right halves) are swapped to the left half. This process is carried out to change the original data position to make the cipher data more complex. An example of this process is given below:
| Hex Key – 133457799bbcdff167abc8a9 | |
| Key 1 (16-bits) | 0 0 1 1 1 0 0 1 0 1 0 0 0 0 1 1 |
| Key 2 (16-bits) | 0 0 1 0 0 1 0 0 0 0 0 1 0 0 1 1 |
When the encryption process is initiated with 64-bit SSFE, four keys are generated, as given below.
| Key 1 (16-bits) | 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 |
| Key 2 (16-bits) | 0 0 0 0 0 0 1 1 1 0 0 0 0 1 1 1 |
| Key 3 (16-bits) | 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 |
| Key 4 (16-bits) | 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 |
Finally, the encryption is performed for attaining the symmetric key as given below:
| Key 1 (16-bits) | 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 |
| Key 2 (16-bits) | 0 0 0 0 0 0 1 1 1 0 0 0 0 1 1 1 |
| Key 3 (16-bits) | 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 |
| Key 4 (16-bits) | 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 |
| Key 5 (16-bits) | 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 |
| Key 6 (16-bits) | 1 1 1 1 0 0 0 0 1 1 1 1 0 0 0 0 |
Based on the process mentioned above, the performance is carried out to project the proposed SSFE model’s efficiency. This model is so simple with reduced computational and time complexity. It can be applied for any WBASNs to achieve better security for data to be transmitted. This process is implemented in the processing of EEG signals, which is discussed in the next section. The encryption and data transmission process is shown in Fig 4.5.
Fig 4.5 Generic view of SSFE-based data transmission
4.5. Key generation from EEG signals
The key generated by the end-users is based on the EEG signal features where the bit length of the signal undergoes certain complexity. However, the secret key generated uses simple operational logics like AND, OR, NOR, XNOR, swapping, and left shot operations. The patients’ EEG signals are recorded for a minimal duration (2 minutes), and the features are extracted. These values are partitioned into an equal weight of 16 bits, with the construction of four keys at the end-users (. It is generated at the end-user side and transmitted to the patients. This effectual key generation and validation process help in the use of the SSFE algorithm for real-time implementation. This algorithm fulfills the research objective by enhancing lifetime (battery) devices that are placed over the patients.
4.6. Analyzing the EEG signal for unique key generation
The receiver end is the node placed on the physicians’ body after the appropriate time synchronization process. It detects the receiver’s EEG signal and transmits to the Doctor for computing the following eight parameters from the sender (patient). They are discussed below:
Average Time Interval (ATI): In the pre-processing with DCT, the time delay among the peaks is computed, where the RR peak interval is attained and the average time interval for the L-number of the peak is considered as the input from the EEG signal database. For this computation, seventy-five EEG signals are considered. The average time is expressed using the following mathematical expression as in Eq. (4.2):
| (4.2) |
Here, number of peak instances ‘R’, is an average time delay among the RR intervals. The average time value is rounded off.
Maximum Peak value EEG signal attained from the sender possesses some unique features in peak value. Therefore, this value is achieved from the key generation process. It is expressed as in Eq. (4.3):
| (4.3) |
The values are attained from DCT.
Waveform Length: this value is computed for all feature extraction based computation process (N). The receiver gives it, and the time duration of the signal measurement is attained from the signal.
Mean, variance, and SD extraction from EEG signals: These values are attained as the basic parameters of all signal identification process. Therefore, mean, variance, and SD of EEG signals are computed.
Square Number: It is attained from the average time used for computing the signals from the patients. Generally, the EEG graph is plotted based on Eq. (4.4):
| (4.4) |
The square number value is transformed into 8-bit binary values.
Signal rate computation: For the nominal non-sinus EEG signal with a regular rhythm, the signal rate is attained with the following Eq. (4.5):
| (4.5) |
From all the parameters mentioned above, the signal value is measured for one minute, and unique values are attained from EEG signals. These eight EEG features are some distinct with the generated values, and it is utilized to predict the patient’s condition uniquely. With these parameters, 8-bit binary data form a 64-bit binary length unique key for patients at various time instances that are generated. This 64-bit secret key is produced at the patients’ end and given to the physicians. The key generated is 64-bit using SSFE.
Before performing an authentic key generation, it is noticed that the key produced by the SSFE algorithm is avoided. It is because it conducts the single XOR operation for the first four keys, and this key of 16-bit length generates a 64-bit secret key for further computation. SSFE based signal generation relies on over two devices: body sensor nodes placed in the patients’ body and the receiver end (Doctor’s). The body sensor nodes are electronic components placed over/inside the human body to monitor the social functionality very often and assist the patients’ health condition. Similarly, the receiver end (controller) is also a device placed externally to evaluate body-sensor nodes’ capacity and generates wireless channel modification. These nodes can compute the EEG signal, and the programmer end system has to measure the EEG signal.
The receiver considers this EEG signal to generate the unique 64-secret random bit from the sampled EEG signal. It is utilized to create the 64-bit secret key with the receiver end’s SSFE algorithm. Before initiating the communication process, the device verification is carried out to analyze the authentication of nodes. Time synchronization processes among the two devices are measured. The end-users use the standardized IEEE format for communication for initiating the current time to a pacemaker. After performing this process, the instruction from the programmer, the device starts the EEG signal sampling simultaneously and records the particular time duration.
4.7. Authentic key generation
The randomly-generated 64-bit data from the EEG signal is provided as the input to the SSFE algorithm. This SSFE algorithm produces four distinct keys from the end-users. When the secret key generation is completed, it communicated with the transmitter. The secret key operation is performed over the receiver end. Therefore, the WSBAN placed over the patients with constrained battery life is saved from power dissipation with no further compromise in inpatient data privacy.
4.8. Key encryption
The WSBAN transmitter end gathers the 64-bit key from the end-user. This encryption process is performed over the transmitter side among the raw EEG signal and secret key at the same time instance (time synchronization). The extracted output is a complex signal transmitted to the receiver.
4.9. Key Verification for privacy establishment
The encrypted EEG signal is attained by the en-user (Physicians), and the generated secret key is decrypted for extracting the information (See Fig 4.6). The patients’ external EEG signal and the decoded EEG signal are compared with signal features and amplitude, and time). The successful decryption at the receiver side is observed to be 100% authentic and initiated for further processing. When no proper decryption is done, it is known that unauthorized users access the data. Thus, it is validated that the authentication is failed. When it is successful, targets like privacy, energy efficiency are achieved effectually.
Fig 4.6 Flow diagram of transmitter side (Patient’s side)
This process does not need any key generation (end-user), key generation at lower resource constraints where WBAN nodes, key refreshment, key pre-distribution, key storage, revocation, and the secret key generation process is performed at the receiver end. The key size is generated for each time during the pairing time. This key is not re-produced. The inherent EEG signal characteristics are based on the 64-bit binary key generated from the randomly generated secret, reciprocal, and distinctive variance. It is based on the fact that EEG signals with 64-bit binary keys are not developed without any appropriate physical interaction with the patients’ end. The analysis with the EEG-based secret key generation is implemented based on Fig 4.7.
Fig 4.7 Flow diagram of receiver side (Doctor’s side)
4.10. Embedding sensor nodes
The anticipated model is designed by tracking various measures like glucose level, BT, heart rate, and o on with the programmer device at the sensor node. The real-time simulation environment is set up to monitor various metrics and the programmable device at the node implanted environment. Here, raspberry pi pro 3 (two) is used for executing the same condition. When the receiver acts as a sensor (one), the receiver sensor node is the Doctors’ location (two). Both these SNs are communicated wirelessly with one another. Then, the transmission of the 64-bit secret key from node 1, encryption, and decryption is carried out. However, it is not so practical to compute the EEG with the available features where the signals are attained from the available online data. The available sensors (one and two) are imported with patients’ EEG signals from the available dataset. Then, the eight features are computed with the random 64-bit value for further generation. The generated 64-bit is given as the input for the SSFE algorithm for a secret key generation, which is of the same length.
Then, the secret key is transmitted from sensor one to two over the available wireless medium. The EEG signals are synchronously measured with the available sensor two encrypted data along secret using Secure Symmetric Force Encryption algorithm which is applied to the sensor nodes, and it is expressed as in Eq. (4.6):
Therefore, the benefits of using sensor two are that there is no need to spend any power during the computation of secret-key for the pre-sharing process. It makes the extended lifetime of the battery used. When the encryption process is carried alone, the complete flow is given in Fig 4.7. Once the process is finished, the encrypted data is then transmitted to the receiver end. Based on the sensor node’s received encryption data (one), the node pretends to decrypt the information using the 64-bit secret key generation using the SSFE decryption algorithm. When the entire data is decrypted, it is validated that its devices are more authentic, and the processing is carried out with the 64-bit secret key. It is expressed in Eq. (4.7) and (4.8):
| (4.7) | |
| (4.8) |
The complete process is performed using the Raspberry Pi3 model. The time for generating this 64-bit secret key using sensor one and encryption tome, voltage, and current at sensor two is evaluated effectively. Therefore, it is more probable to compute the total power consumption of Raspberry Pi3 using the linear equation as in Eq. (4.9):
| (4.9) |
Here, is computational power, is voltage drain during the encryption process in volts, is currently consumed during the encryption process, is encryption time, respectively. When the decryption process pretends to fail, then the complete process has to be performed again as in Eq. (4.10):
| (4.10) | |
Therefore, the request for measuring the EEG signal from the patients’ side is initiated to perform other communication processes among the senor nodes.
4.11. Numerical results and discussion
The simulation is carried out in MATLAB 2018b environment. The EEG signal measurements are attained from the patients directly and used for further processing. The EEG signal is used for encryption and decryption processes with the SSFE algorithm to generate a secrete key and experimented with over 70 subjects. It is generated from the EEG signal, a random key factor using the anticipated SSFE algorithm. This randomness analysis includes 1000 EEG values consecutively. With the algorithm, the variations in the intervals are expressed based on the standard distribution curve. The secret key randomness from the generated EEG interval is provided based on the histogram values. It is used for highlighting the secret key from the EEG signal interval values. The analysis of the secret key is performed with 128 bits in the future.
4.11.1. Entropy computation
The uncertainties with the generated secret key of EEG signals are evaluated with the use of entropy. When there is a uniform distribution over the EEG signal generation, then the entropy value is set as 1. The mean value of the entropy value is 0.993, and the secret key values of entropy are set as 1. Fig 4.8 depicts the entropy computation for a private key generation with the EEG signals. Fig 4.9 shows the RR interval computation in milliseconds for histogram evaluation.
4.11.2. False Rejection Rate (FRR) and False Acceptance Rate (FAR)
Here, FRR and FAR are the two main parameters that are needed for the computation of EEG signals based on the cryptography algorithm. The EEG signal decryption is attained from the body sensor with the attention of patient’s data from various patients’ represents FAR computation. The appropriate EEG signals that cannot be decrypted are known as FRR. The samples and body signals are measured for a simultaneous time from the received signal. It is rejected in further processing.
Fig 4.8 Entropy computation
Fig 4.9 RR interval computation in milliseconds
The experimental analysis noted that the information transferred from the sender and the receiver is 100% error-free. When the decryption process is not possible, then the EEG signal observed from patients shows FAR. When there is an increase in error rate, then the FAR is also increased. When the error rate measured is 60% corrupted, then the maximal FAR is generated. Therefore, it is essential to use Error Correction Coding (ECC) to enhance the FAR when there is some transmission error. It is also noted that the error is identified in encrypted information from the sender to the receiver. The FRR value can be increased drastically. Therefore, to preserve the optimal FRR and FAR, then an appropriate ECC has to be included. The power consumed during the encryption process is shown in Table 4.2.
Table 4.2 Encryption based performance measure computation
| Power consumption during encryption (mA) | Voltage drain during encryption (V) | Time is taken for execution |
| 0.13 | 5.02 | 0.000285 |
Table 4.3 Comparison of SSFE with existing methods
| Parameters | AES | LEA | SSFE |
| Code size (byte) | 20000 | 10000 | 10000 |
| Input size (byte) | 16 | 16 | 16 |
| Execution time (s) | 0.000724 | 0.000312 | 0.000285 |
| Energy consumption (J) | 0.001231 | 0.000221 | 0.0001102 |
| Throughput (byte/s) | 49823.12 | 75011.55 | 87500.55 |
Fig 4.10 Code size and throughput comparison
Fig 4.11 Execution time (s) comparison
Fig 4.12 Energy consumption (J) comparison
Similarly, based on SSFE encryption, the privacy of the anticipated model is improved. Table 4.2 and Table 4.3 depicts the performance metrics based on the SSFE algorithm. The power consumed by the devices during encryption is 0.13 mA, the voltage drain is 5.02 V, and the time taken for execution is 20 seconds. Similarly, the metrics like code size (bytes), Input size (bytes), accomplishment time (s), energy consumption (J), and throughout (byte/s) are evaluated. It is compared with existing AES and LEA, where the performance of SSAF is comparatively higher than the current AES and LEA model.
The computation complexity of AES is higher than the SSFE. The anticipated SSFE model gives better results compared to the existing model. Thus, the target is achieved with reduced energy consumption and better privacy to the network’s data. Fig 4.10 – Fig 4.12 depicts the comparison of various metrics and shows the improved performance of SSFE. Therefore, it is observed that the compression and encryption process shows better trade-off when compared to other models. The Huffman coding based IDCT and SSFE model is more suited for WBSAN effectually. The comparison of existing and the proposed cryptographic techniques is given in Table 4.4 to evaluate the models’ advantages and limitations.
Table 4.4 Comparison of existing Vs. proposed cryptographic techniques
| S. No | Techniques | Advantages | Observations |
| 1 | Lightweight cryptography | 1. Simpler
2. Faster execution |
1. Minimal key size
2. No proper security |
| 2 | DES | 1. Security increases when the number of iterations increases
2. Easily eliminates brute-force attacks |
1. the 56-bit key is not so sufficient
2. Does not provide high-security applications |
| 3 | 2-DES | 1. Handles 112 bits with a block size of 64 bits. | 1. Keyspace size is
2. Security is increased by double the times; however, it does not move to the next level. |
| 4 | 3-DES | 1. Applied three times than other models
2. Eliminates differential and brute-force attacks |
1. This process is slower in the encryption process |
| 5 | Blow-fish | 1. It can be optimized both in software and hardware applications | 1. Produces weaker key |
| 6 | RC5 | 1. It is more appropriate for software and hardware requirements
2. It is known as a faster symmetric block cipher |
1. Produces data-dependent based rotations |
| 7 | IDEA | 1. Gives higher security
2. Easier hardware and software requirements |
1. Weaker key |
| 8 | Proposed SSFE | 1. Encryption is performed with simpler mathematical operations like OR, XOR, AND, XNOR | 1. Complex key expansion |
4.12. Summary
This chapter discusses the secret-generation from the EEG signals, which are implemented using the Secure Symmetric Force Encryption (SSFE) algorithm to acquire a cryptographic-based solution over Wireless Body Area Sensor Networks (WBASNs). It is theoretically proven that secure information is transmitted among the available sensor nodes. The anticipated scheme uses EEG signals based secret key generation for encrypting secure data, which is measured from WBASN before the transmission process. The private key is produced at the receiver end with the EEG signal measurements. Here, there is no need to add any other algorithm for key distribution, refreshment, and retrieval. It uses the generated EEG signal based secret key from the random input signal where the private key maintenance is not essential. This work analysis the EEG signals from the available online dataset for unique 64-bit generation from encryption and receiver end to fulfill the request for lower resource constraint, which needs maximal data security. Further, this work can be extended with the adoption of ECC to enhance the security solution for data collection from the sports specialists and computes the performance over a real-time environment.