A chaos‐based encryption technique to protect ECG packets for time critical telecardiology applications

Page 1

SECURITY AND COMMUNICATION NETWORKS
Security Comm. Networks (2010)
Published online in Wiley InterScience (www.interscience.wiley.com). DOI: 10.1002/sec.226
SPECIAL ISSUE PAPER
A chaos-based encryption technique to protect ECG
packets for time critical telecardiology applications
F . Sufi∗, F . Han, I. Khalil and J. Hu
School of Computer Science and Information Technology, RMIT University, 123 Latrobe St., Melbourne, VIC-3000, Australia
ABSTRACT
Electrocardiography (ECG) signal is popularly used for diagnosing cardiovascular diseases (CVDs). However, in recent
times ECG is being used for identifying person. As ECG signals contain sensitive private health information along with
detailsforpersonidentification,itneedstobeencryptedbeforetransmissionthroughpublicmedia.Moreover,thisencryption
must be applied with minimal delay for authenticating CVD patients, as time is critical for saving CVD affected patient’s
life.Withinthispaper,weproposetheusageofmulti-scrollchaostoencryptECGpackets.ECGpacketsarebeingencrypted
bythemobilephonesusingthechaoskeybypatients’subscribedintele-cardiologyapplications.Ontheotherhand,doctors
and hospital attendants receive the encrypted ECG packets, which can be decrypted using the same chaos key. Using the
techniques described in this paper, end-to-end security can be applied to wireless tele-cardiology application, with minimal
processing. Our experimentation with 12 ECG segments shows that with multi-scroll chaos implementation, CVD patients
remain completely unidentified, upholding patients’ privacy and preventing spoof attacks. Most importantly, the proposed
method is 18 times faster than permutation-based ECG encoding, 25 times faster than wavelet-based ECG annonymization
techniques and 31 times faster than noise-based ECG obfuscation techniques, establishing the proposed technique as the
fastest ECG encryption system according to the literature. Copyright © 2010 John Wiley & Sons, Ltd.
KEYWORDS
multi-scroll chaos; ECG biometric template protection; CVD patient’s privacy; ECG encryption; ECG annonymization technique
*Correspondence
F . Sufi, School of Computer Science and Information Technology, RMIT University, 123 Latrobe St., Melbourne, VIC-3000, Australia.
E-mail: fahim.sufi@student.rmit.edu.au
1. INTRODUCTION
In wireless tele-cardiology applications a patient is often
subscribed to a hospital or a monitoring facility for instant
cardiovascular disease (CVD) diagnosis, emergency rescue
services, event based on site cardiologist attendance, etc. In
such a scenario, the patient is attached with portable elec-
trocardiography (ECG) acquisition devices that transmit
patient’s ECG packets to his mobile phone via Bluetooth.
Patient’s mobile phone then transmits the ECG packets to
the hospital through public internet.
Hospital or the monitoring facility, on the other hand,
receives the monitored patient’s ECG and authenticate the
patient, with ECG-based biometric matching. After suc-
cessfulauthentication,hospitalthenknowswhothispatient
is and for what services that patient is subscribed for. Then
the patient’s ECG is used for diagnosis purposes.
As seen in Figure 1, if the patient’s ECG is transmitted
without being encrypted (plain text ECG), then it is vulner-
abletopatient’sprivacyaswellasspoofattack.ECGsignal
contains the sensitive cardiovascular details of a patient.
Therefore, if these unencrypted ECG segments reach to
wrong hands then patient’s sensitive health information is
compromised, which is against Health Insurance Portabil-
ity and Accountability Act (HIPAA) regulations [1]. This
private health information, if compromised then can be
valuable for few organizations, like insurance companies.
On the other hand, since ECG can be used for biometric
identification, imposter can use the captured ECG segment
and use it to gain unauthorized access to secured facilities,
such as hospital service.
Toprotectpatient’sprivacyandpossiblespoofattack,the
ECG segments are required to be encrypted (as it is being
done for medical images [2]). In previous studies, we have
used permutation cipher [3,4], noised smearing technique
[5], and wavelet based [6] technique. However, all of these
techniques are computationally expensive for mobile and
embedded devices with low computational capacity.
In this paper, we design a multi-scroll chaos cryptosys-
tem for ECG encryption. A chaos system can generate a
very long random sequences which can be used to provide
many cryptographic keys. This will make it feasible to
Copyright © 2010 John Wiley & Sons, Ltd.

Page 2

A chaos-based encryption technique
F . Sufi et al.
Figure 1. Disadvantages of transmitting unencrypted ECG segments between patient and hospital.
produce a psudo one-time pad scheme. The Diffe–Hellman
protocol has been applied for the distribution of the chaos
cryptographic session key. Using 12 publicly available
ECG segments, it is showed via spectrum analysis that
with application of the proposed ECG encryption, the
patient’s identity remains concealed. Moreover, patient’s
sensitivehealthinformationisprotected,upholdingHIPAA
regulation.
2. BACKGROUND AND RELATED
WORKS
Heart is responsible for the maintaining oxygenated blood
circulating through out our body, by beating about 100000
times daily. A typical human heart contains four cham-
bers:twoAtriaandtwoVentricles.Thedeoxygenatedblood
first enters the right atrium. The right atrium contracts and
pushes the deoxygenated blood to the right ventricle. From
therightventricletheoxygendeficitbloodgoestothelungs,
where gas exchange process occurs and blood attains oxy-
gen (releases Carbon dioxide). The oxygenated blood then
enters the left atria, from where it is redirected to the left
ventricle.Attheend,theleftventricleforcesthebloodtothe
restofthebody.Boththeatriacontracttogetherandthisjoint
contraction also occurs for the ventricles. This mechanical
activity of the heart is spurred by electrical activities of the
heart.
ECG is just shows the electrical activity of the hearth.
An ECG signal has three major features waves, namely P
wave, QRS complex, and T wave (as seen from Figure 2).
AtrialcontractionresultsinPwaveandventricularcontrac-
tion results in QRS complex. T wave, on the other hand,
represents ventricular relaxation that occurs after ventric-
ular contraction. Cardiologists have used different features
of these feature waves to assess the condition of heart (i.e.,
CVDDiagnosis).TableIlistssomeofthesefeatures.Earlier
ECG biometrics were also based on some of these features
[7,8].
As ECG packets contain both patient identifiable fea-
tures and cardiovascular details of a person, they need to
be secured before channelling them through public media.
According to the literature, there are three major types of
ECG encryption techniques available: permutation encod-
ing [3,4], wavelet annonymization [6,9], and noise-based
obfuscation [5,10].
The permutation encoding technique described in Refer-
ences [3,4] provides substantially higher level of security
compared to existing generic encryption algorithms (e.g.,
AES or DES). According to Reference [4], with a grid
of super computers that can compare a trillion trillion tril-
lion (1036) combinations of one ECG segment per second
for ECG morphology matching, it will take approximately
9.333 × 10970years to enumerate all the combinations.
Reference [4] also shows how the level of security can
be increased even higher by utilizing existing compres-
sion and encryption algorithms. In Reference [3], we have
showndifferentlevelofsecuritystrengthwhileusingdiffer-
ent character encodings (e.g., GSM 03.38, ASCII, UTF-7,
UTF-8 etc.).
InReferences[5,10],noise-basedECGobfuscationtech-
niques was described. These techniques first detects the
ECG feature waves (i.e., P wave, QRS complex and T
wave), as the features waves are mainly responsible for
biometricidentification[7,8,11--15]aswellascardiovascu-
lar diagnosis [16]. After identification of the feature waves
both References [10] and [5] adds distinct noises on top of
the feature waves. These specific noises and feature wave
template become the key for encryption. The difference in
References [10] and [5] is the methodology of feature wave
detection.
Lastly, inReferences
annonymization techniques were described. Reference
[6] used wavelet packet and Reference [9] used discrete
wavelet to decompose the ECG into wavelet coefficients.
The coefficient corresponding to the lowest frequency
component is then intentionally replaced with corrupted
values. Then using the coefficients (including the cor-
rupted coefficient) the ECG signal is reconstructed. This
reconstructed signal serves the purpose of annonymization.
Using the original value of the corrupted coefficient (along
with the rest of the coefficients), the annonymized ECG
can be decrypted. Therefore, the original value of the
corrupted coefficient is the key for encryption/decryption.
[6,9] wavelet-basedECG
Security Comm. Networks (2010) © 2010 John Wiley & Sons, Ltd.
DOI: 10.1002/sec

Page 3

F .Sufietal.
A chaos-based encryption technique
Table I. ECG features related to P wave, QRS complex, and T wave.
P wave duration
P wave amplitude
P wave onset slope
P wave offset slope
QT interval
RR interval
ST segment
RR interval
QRS complex duration
QRS complex amplitude
Q onset slope
Q offset slope
R onset slope
R offset slope
S onset slope
S offset slope
T wave duration
T wave amplitude
T wave onset slope
T wave offset slope
P wave direction
T wave direction
Figure 2. The proposed cardiac diagnosis system.
3. ARCHITECTURE
Unlike existing ECG encryption techniques [3--6], in this
paper we use chaos key to encrypt ECG signal. The prime
benefit of the architecture presented within this paper over
the existing methods is its suitability for computational
resource limited mobile (and embedded) devices.
3.1. ECG packet encryption with chaos
As seen in Figure 3 mobile phone receives the ECG sig-
nal from the ECG acquisition device and also requests a
Figure 3. Architecture of the proposed chaos-based ECG encryption system.
chaos key from the chaos generation server. The chaos key
is then XORed with the ECG packet, while both of them
being the same size (length). After performing the XOR
operation between the ECG packet and the chaos key, the
resultant is encrypted ECG. Equation (1) represents the
original ECG (unencrypted). ψ is the chaos key required
to encrypt the unencrypted ECG, e(n). Equation (2) shows
the XOR operation for retrieving the encrypted ECG τ.
e(n) = x(1),x(2),x(3),...,x(N) (1)
where, N is the lenght of the ECG packet.
τ(n) = e(n) ⊕ ψ
(2)
Decryption operation is represented in Equation (3),
where the chaos is XORed with the encrypted ECG, τ and
the original ECG (e(n)) is retrieved.
e(n) = τ(n) ⊕ ψ
(3)
Encrypted ECG does not reveal the patient identifiable
characteristics,aswellasprivatehealthinformation.There-
fore, the encrypted ECG can be freely transmitted over the
public internet. Even if the hacker with a malicious inten-
sioncapturestheECGpacket,thepatientremainscompletly
annonymized.
Security Comm. Networks (2010) © 2010 John Wiley & Sons, Ltd.
DOI: 10.1002/sec

Page 4

A chaos-based encryption technique
F . Sufi et al.
Figure 4. xy projection of a 3 × 2-scroll chaos.
When the cardiologist and the hospital receive the
encrypted ECG, they need to request the chaos key used
for encrypting the ECG. After receiving the same chaos
key from the chaos server, it is XORed with the encrypted
ECG to decrypt the orignal ECG.
Therefore, using this architecture a single XOR opera-
tion is required to either encrypt or decrypt a single ECG
packet. Only XOR operation basically establishes end-to-
end security within the link between the patient and doctor
(or hospital).
3.2. Random key generation
The chaos key server generates true random binary keys.
Chaotic systems are sensitive to initial conditions, and
this sensitivity results in long-term unpredictability. True
random sequences generated from double-scroll chaotic
attractors for cryptographic applications have been pro-
posed and it is indicated that more complex attractors may
further improve unpredictability [17,18].
We designed a multi-scroll chaos system (Chaos Key
Server of Figure 3) and used it for generating true random
sequences for the encryption of large volume of ECG sig-
nals. The core theories behind the chaos used is detailed
in References [19,20]. Following is the description of our
design.Withtheswitchingofhysteresis-seriesonacontinu-
oustimelinearsystem,the(p + 1) × (q + 1)scrollschaotic
attractors can be generated:
˙ x = y −?q
i=1hi(x)
˙ y = −ax + by + a?p
i=1hi(x)
(4)
where x and y are two state variables, a and b are system
parameters. h(x) is the hysteresis function. hi(x) is the hys-
teresisseriesandiisthenumberofhysteresis.Whena = 1,
b = 0.0625,p = 2,q = 1,a3 × 2—scrollchaosgenerated
by Equation (4) is as shown in Figure 4.
Sampling the chaotic signal system (Equation (4))
[19,20] in space gives an irregular sampling of the signal in
time. In Figure 4, the systems trajectories around any equi-
librium point are evolving clockwise and will be switched
by either its upper or lower switching lines. If the trajectory
is switched by its lower switching lines, a number 0 can be
created, and switched by upper switching lines, a number 1
willberecorded.Therefore,abinarysequence,ψ,basedon
the recorded numbers both in horizontal and vertical direc-
tion is obtained. Either 0 or 1 would be recorded depending
ontheinitialconditionswhentrajectorylandedonthebasin
of attraction of the corresponding equilibrium point. Statis-
tic tests demonstrate that the sequence possesses a certain
attribute that a truly random sequence would be likely to
exhibit.
In short, the chaos key is the random number sequence
generated by the multi-scroll chaos, which is used to XOR
the ECG data. Only the server, not the patient and the hos-
pital, knows the initial condition. While encrypting and
decrypting, both the patient and the hospital know the
current key. But the one-time-pad is used in the encryp-
tion, which means the key (random sequence generated by
chaotic generator) is only used once within a short period
of time.
3.3. Secure key exchange
If the chaos key is transmitted in unencrypted form, then it
can fall under wrong hand and the whole system becomes
vulnerabletosecuritythreats(e.g.,maninthemiddleattack,
spoof attack, etc.). Therefore, secured transmission of the
chaos key must be in place. For our implementation of
secured key exchange of the chaos key among the patient’s
mobile phone, the hospital and the chaos key server, we
have implemented a variant of Deffi Hellman key exchange
mechanism. Figure 5 shows the three step process. The
patient first visits the hospital or the health monitoring ser-
vice provider (ideally during the registration phase, when
themonitoringsoftwareisinstalledintothepatient’smobile
phone) to download the common base g and prime number,
P from the hospital server via Near Field Communica-
tion (NFC) protocol (http://www.nfc-forum.org). For this
scenario, the chaos key server is implemented within the
hospital.BothgandP commonforthemobilephoneandthe
hospitalserverandtheyareonlyupdatedwithpatient’svisit
in the hospital through NFC touch scheme. For our demon-
stration we have used the NFC kit supplied by Nexpert
(http://www.nexpert.com) along with NFC enabled mobile
phone (Figure 6).
Next,themobilephonecomputesAusingmobile’ssecret
key a (Eqation (5)) and transmits the value over public
network to the hospital. The hospital calculates B using
hospital’s secret key b and transmits B over the Internet.
Later on, both the parties (mobile phone and the hospital
server) reaches the same shared key, K, (refer to Equations
(8), (7)) since gaband gbaare equal MOD P. The secret
keys are generated by the mobile phone and the hospital
at a predefined interval and when it is done only A and B
valuesarecommunicatedoverunsecuredmedia.Thesecret
Security Comm. Networks (2010) © 2010 John Wiley & Sons, Ltd.
DOI: 10.1002/sec

Page 5

F .Sufietal.
A chaos-based encryption technique
Figure 5. Three step key exchange implementation between the patient’s mobile phone and the chaos server.
keyaandbareneverreleasedovertheunsecuredmedia(so
as g and P).
The chaos keys are alwayes XORed against the shared
secret key K before sending to the mobile phone (from the
chaosserver).Oncethemobilephonereceivesthechaoskey
(encrypted), it decrypts the chaos key (encrypted) by XOR-
ing the shared secret key K again. Discussions: As a chaos
random sequence can be very long, one initial condition or
seed can generate many cryptographic keys. Therefore, it
is feasible to use a chaos cryptographic key only for one
session which generates a virtual one-time pad. For more
secured key distribution framework that can also comply
with HIPAA standard, one can consider our recent hybrid
PKI key distribution scheme [21]
Figure6.NFCcommunicationwithNFCenabledmobilephone.
A = gaMODP
B = gbMODP
K = ABMODP
K = BAMODP
(5)
(6)
(7)
(8)
4. EXPERIMENTATION AND
RESULTS
Table II shows how we performed XOR operations for
encrypting the Chaos Key with a Shared Secret Key (vari-
ant of Deffi Hellman) and Original ECG with the Chaos
Key. As discussed earlier Chaos Key is encrypted for
securedkeydistributionpurposefromthechaosservertothe
Patient’smobilephoneandthehospitalserver.Ontheother
hand, ECG is encrypted for preserving patient’s privacy
(while transmitting over the public Internet) by XORing
chaos key with the original ECG. An ECG looks like,
0.175,0.180,0.165.... The Chaos Key server generates a
vector of the same length (e.g., 0.719,0.180,0.890,...),
so that ECG can be encrypted with one time padding. Even
though both the chaos key and the ECG signal are in three
digit precision format of decimal values, for simplifying
calculation both the vectors were multiplied by 1000 for
converting them into integer values. Once both the Original
ECG and Chaos Key are converted into integer values the
XOR operation becomes straight forward for them. As an
example, 175 (or binary 000010101111) and 719 (binary
001011001111) becomes 608 (binary 001001100000) after
XORing. Before, releasing on to the public media (e.g.,
Internet) this encrypted ECG value is transformed to three
digit precision decimal (e.g., 0.608). It should be noted that
theleftmostbit(12thbit)ofthebinaryECGsampledenotes
the sign of the ECG (e.g., 1 means negative sample and 0
means positive sample) for our implementation.
Security Comm. Networks (2010) © 2010 John Wiley & Sons, Ltd.
DOI: 10.1002/sec