During a presentation here at BodyNets in Los Angeles, Leif Hanlen from NICTA presented one solution for securing the information collected by wireless sensors in a Body Area Network (BAN) and argued that not all BAN services will require the same level of security.
Hanlen began his presentation by sharing some details of the IEEE working group that is creating the Body Area Networks profile: 802.15-6. The group has defined BANs as having a range of about three meters, support for data rates ranging from 10 Kbps to 10 Mbps, and low enough power consumption that BANs can last for five to 6 years.
"You are going to be living inside a six meter cube" with Body Area Networks, Hanlen explained, after having the audience stand up, spread their arms and spin around to get a feel for the range of these networks.
"Question: Within that six meter cube, are you certain that nobody has a packet sniffer living on one of their laptops?" Hanlen asked. "I'm not. Would you be happy to have your wireless pacemaker just chugging away in this environment?"
To hammer the point home, Hanlen reminded the audience that Bluetooth devices have been hacked into from 1.78 kilometers away.
"Security will be a concern in BANs especially when wireless controls actuators," Hanlen argued. "I am not going to be too worried about someone stealing my fitness information from my wireless sensors, but if they may be hacking into my pacemaker, obviously, I will be concerned."
Hanlen noted that in his discussions with sports groups in the fitness industry as well as doctors groups, the demand for privacy in health-related body area networks is always there. However, they agree if it the situation is not mission critical, if someone's life is not on the line, perfect security solutions are probably not worth the effort.
"If you hack into [a wireless health sensor] and all you can do is listen in on the information that's one thing, but if you can hack in and [write over that information and change it], now you are "spoofing". And spoofing can kill."