Secured Key Agreement Schemes in Wireless Body Area Network — A Review

Objective : To review diﬀerent key agreement schemes which are used to establish Wireless body area network (WBAN) on the basis of identiﬁed attacks and also evaluate the schemes on performance parameters. Method : In this paper, an overview of WBAN, its architecture, diﬀerence between WSN and WBAN, IEEE 802.15.6 speciﬁcations of WBAN, attacks in the environment and security essentials are discussed at ﬁrst. It further divides the key agreement schemes into four classes and provides an extensive review of the schemes on the basis of distinct parameters viz. data conﬁdentiality, node authentication, data integrity, mutual authentication, unforgeability, unlinkability, forward/backward secrecy, scalability, freshness, dos attack and node capture attack. Schemes are searched using the keywords- (“Traditional Key Agreement Scheme” OR “Physiological Key Agreement Scheme” OR “Signal Based Key Agreement Scheme” OR “Hybrid Key Agreement Scheme” OR “Security in Key Agreement Scheme”) AND (“Wireless Body Area Network” OR “WBAN” OR “Body Area on the values of two PPG signals measured at two distinctive sensors showed that the sensor values are different but the trends are similar. Sampling is performed at 60 Hz and a particular interval of 12.8 seconds which produces 768 samples. FFT is applied in each of the five overlapping windows acquired after sampling. Peaks are identified using peak-detection algorithm. <Peak index, Peak value> pairs are quantized and concatenated to form a feature. Features measured from different samples constitute feature vectors. Random symmetric key is generated at one of the sensor and hidden using feature vector. The hidden key is communicated to other sensor. The receiver unlocks the symmetric key using its own feature vector. To compensate the difference between the feature vectors of sender and receiver, fuzzy vault scheme is used.


Introduction
With the advancement in electronics and embedded systems, the size of the biosensors has been reduced to a level that now it is possible to wear these sensors either on the clothing or body or even implanted inside the body (1) . Considering the continuous growth in world population, improving life expectancy, growing chronic diseases, increasing use of bio-sensors in sports and rising popularity of medical device in personal fitness; wearable medical devices will see a sharp increase in its usage globally (2) . IOT is creating wave in personal fitness and it is going to be one of the strongest market as per different surveys. According to a market research company named IOT ANALYTICS; the number of IOT devices are expected to be 10 billion by 2020 and 22 billion by 2025 (3) . The global market of wearable medical devices was evaluated worth USD 445.6 million in 2017. The overall market is predicted to observe a CAGR of about 17% for the duration of the forecast period 2018-23 (4,5) . Wearable sensors are larger in size consequently having a bigger battery, more computational resources and larger storage in comparison to implantable sensors. Wearable sensors are generally used to measure blood pressure, heart rate, glucose level, respiration, pulse oximeter SpO 2 , temperature and pH level whereas implantable devices are used to measure brain liquid pressure, cardiac arrhythmia and endoscopy (6) . The invasive body sensors are small, thin, wireless enabled and operate at low power.
A basic architecture of WBAN based on IOT is shown in Figure 1 (7) . The entire architecture is divided in three tiers. Tier 1 is responsible for intra-BAN communication whereas Tier 2 is responsible for inter-BAN communication. Tier 3 represents the already established network and responsible for beyond BAN communication. The wearable or implanted bio-sensors are called nodes and create an intra-BAN network with one node acting as a personal server. Literature on WBANs describes either a star topology or a multi-hop topology for communicating the nodes to personal server as shown in Figure 2 (8) . Considering the small size of WBAN, a star topology may be a reasonable option in which all the nodes are directly connected to the personal server without any intermediate nodes in between. Alternative approach in WBAN is multi-hop communication. Nodes need not connect directly with personal server but connect using one or two hops. Mutihop communication is a better approach in case the nodes are using very low power radios producing low transmission range and low wireless channel quality. The con of multi-hop communication is that it requires routing and may suffer from longer latencies.

Fig 2. Star topology and Multi-hop Topology
Personal server collects the data from different nodes and pass on to the mobile device or PDA (9) . There could be related healthcare application developed and installed on mobile device. The rapid growth of Smartphone plays a crucial role in the implementation of WBAN. These collected values may be compared in real time with the threshold values already stored in healthcare app in mobile. When the values cross the threshold limit with a significant margin, the case must be reported immediately to the caregivers or a medical response team to handle the paroxysmal sickness thus arises in life critical situations. In common situation, the mobile app transmits the collected data to a centralized server periodically for permanently storage in electronic healthcare repository (EHR). The recorded medical information is used for long term storage in EHR which acts as an online database for clinical diagnosis, experts' advice and for future references (10) .
The field aims to connect millions of healthcare IOT devices for remote monitoring in near future which shows that massive amount of data would be generated. This explosion of data would cause several challenges in IOT implementation. Security would pose the biggest threat among others. 70% of IOT devices contain insufficient authorization and severe vulnerabilities (11) . Identity preservation, secured data transportation, insecure web interfaces and database repository, inadequate software application protection and insufficient authorization are the major threats in the implementation of WBAN which can put the life of an individual in danger. An attack on WBAN can suppress the legitimate data leading to unwanted action in terms of wrong drug delivery by actuator or not informing the doctor in case of life critical situation. Also, personal health related information must not be accessible to an unauthorized one. Traditional cryptographic methods cannot be applicable in IOT based WBAN as the environment is extremely resource constrained in terms of computation capacity, storage and battery power. Adequate authentication methods, compatible firewalls, strong encryption techniques and other safeguards are required to be evolved to strengthen the system. In case of invasive bio-sensors, entire system is expected to exchange minimum messages transmission which would keep the temperature of the body in control otherwise it can damage the tissues (12,13) . Security issues and privacy concerns must be taken care on priority before making any disaster to happen in the society (14) .
Considering the security viewpoint of WBAN in focus, research can be divided as into three different tiers as follows Intra-BAN communication (Tier 1) confers the communication with the body sensors and personal server ( Figure 1). The data gathered on personal server is communicated to nearby linked device or PDA in tier 2. This communication is found to be heterogeneous and required to be protected. The collected medical data is sent to store in Electronic Health Repository (EHR) at web server in tier 3. The data in exchange and storage in EHR at web server is also required to be protected. This paper covers the security key agreement schemes required in intra-WBAN architecture which is the primary aspect of security in tier 1. Several review papers on security of Wireless Body Area Network (WBAN) are available in the literature. The common aspect in many of the papers is discussing the security threats and the corresponding countermeasures. The three basic security principles Confidentiality, Integrity and Availability (CIA) are discussed in Mainanwal et al. (15) , Al-Janabi et al. (16) , Usman et al. (17) . General security requirements such as data freshness and secure management are discussed in Al-Janabi et al. (16) . Different types of attacks on WBAN are also discussed in the literature. A set of protocol stack layer attacks are discussed in Bharathi and Venkateswari (18) while Kompara and Hölbl (19) discuss a set of eighteen different types of active and passive attacks. Authentication is briefly reviewed in Mainanwal et al. (15) , Al-Janabi et al. (16) and Usman et al. (17) while different authentication schemes are discussed in Chaudhary et al. (20) . A detailed survey on key agreement schemes in WBAN along with security evaluation methods is provided in Kompara and Hölbl (19) . Security challenges on different tiers of WBAN are provided in Usman et al. (17) . Hasan et. al. (21) focuses the pitfall of WBAN architecture, security, reliability, classification & applications of WBAN including medical & non-medical applications. Jabeen, T. et al. (22) provides a comparison of multiple data security schemes for WBAN considering different attack scenarios. Their work is restricted only on performance analysis of different schemes in terms of time, cost and memory range. Liu et. al (23) discuss that the attacks on BAN may degrade the performance of WBAN in terms of increased network congestion, higher energy consumption and higher delays besides inaccurate data communication which leads to erroneous healthcare decisions.
It is found that very less focus is stressed on the key agreement schemes in WBAN in the literature and the available reviews are either old or limit themselves to portray a complete analysis of the schemes under the specific security parameters identified in the literature and their corresponding performance analysis. There is a great need to take stock of the accumulation of recent developments in this area. This review work fills the research gap found in the available literature. It is an improvement over the past reviews on key agreement schemes in WBAN which are first and foremost agenda in securing WBAN.
This work first categorizes the key agreement schemes into different groups depending upon their nature. Schemes are analyzed based upon identified parameters related to security countermeasures viz. data confidentiality, node authentication, data integrity, mutual authentication, unforgeability, unlinkability, forward/backward secrecy, scalability, freshness, dos attack and node capture attack. It further investigate the schemes on performance related parameters viz. usage of hash technique, usage of symmetric/ asymmetric key, memory efficiency, computational efficiency and energy efficiency. Unlike other review papers which cover the general aspects of the security requirements in WBAN, this work provides a detailed review which covers a range of key agreement schemes since almost the inception of WBAN up to the latest. This work is unique as the authors of this paper could not come across any other systematic literature reviews on key agreement schemes which are so extensive in nature.
The main contribution of this work is as follows-

Methodology
This section provides a systematic review methodology of the literature relevant to key agreement schemes in WBAN environment. In this article, systematic review is performed to collect subsidiary information by dividing the entire process in two levels.

Inceptive Level
It is an initial phase for the appraisal of the research which includes the identification of the research question, suitable keywords to search reference papers from database libraries, period of coverage, inclusion and forbidden criteria.

Research Question
Research question contains the core requirement. This manuscript is aimed to contribute the answer to the following question. Question: What are the security essentials in the development of key agreement schemes in intra-BAN communication of WBAN architecture, their limitations, challenges and performance evaluation in the purview of different possible attacks?

Search Keywords
An important task is to generate the multiple strings for searching which do not leave anything from the research question. Important expressions are produced by joining diverse words. Words are also substituted without diluting their meaning. To find the articles related to our research domain, the following search strings are employed-("Traditional Key Agreement Scheme" OR "Physiological Key Agreement Scheme" OR "Signal Based Key Agreement Scheme" OR "Hybrid Key Agreement Scheme" OR "Security in Key Agreement Scheme") AND ("Wireless Body Area Network" OR "WBAN" OR "Body Area Network" OR "BAN" OR "Body Sensor Network" OR "BSN" OR "Medical Body Area Network" OR "MBAN").

Research paper selection from database libraries
Digital libraries are searched using the mentioned search keywords precisely to identify the most relevant research articles. The research papers are selected from the databases enlisted in Table 1.

Subservient Level
The articles that fulfill the requirements of research question are finally shortlisted at inceptive level. Fact finding are conducted from the shortlisted research papers based upon the research question. Considering these points, research papers of the years between 2003-2021 are used in the selection process. 131 research papers are included in the review which satisfies the paper selection criteria. Key agreement schemes in WBAN are focused to provide extensive review of different key agreement schemes and highlight their key aspects and discuss their limitations and challenges.

Difference between WSN and WBAN
Wireless Sensor Network (WSN) and Wireless Body Area Network (WBAN) have been treated closely by some of the authors but there are considerable differences between both the environments. Some major differences in WSN and WBAN are found worthy to be discussed (24) . WBAN is spread around human body within a range of few centimeters/meters whereas in case of WSN, it is extended up to few kilometers. To improve the robustness and longevity of the system, many redundant nodes exist in WSN but this sort of arrangement is not feasible in WBAN as it would increase the temperature of body and harm the tissues in case of invasive bio sensors. Frequent node and battery replacement in WBAN environment is not easy as the sensors are sometimes implanted inside the body; on the contrary WSN environment supports easy node and battery replacement. WSN is established over a large geographical area using multi hop routing. No routing is required in one-to-one connection between sensors and personal server or there requires two to three hop connections at the max in case of WBAN. WSN follow a consistent network topology over a period of time whereas the network topology in WBAN is dynamic in nature due to movement, different posture and gait of human beings. The propagation of electromagnetic signals through the human body is variable due to the differences in the body formation or thickness of individuals and subject to absorption and reflections within the body. These waves diffract around the human body rather than passing through it. Additionally, individuals' mobility and posture also affects the efficient packet delivery. As a whole, the environment of WSN and WBAN is different in total. Consequently, the security requirements of WSN and WBAN are also different.  (25) . Its objective was to design communication standards and protocols optimized for low power bio-sensor devices which are employed in or around human body. The first version of IEEE 802.15.6 was published in 2012. As per the standards, maximum data transfer rate is 2 Mbps within the proximity of .01 to 2 meters and power consumption range is 1 to 10mWatt. Different countries follow different frequency band specifications. These standards talk about Physical layer, Medium Access layer (MAC), frequency bands of operation, frame format and security specification of the WBAN standard. However, Toorani in (26) provide an analysis of proposed standards and found vulnerabilities in them.

Attacks on BAN
This section talk about several possible attacks on BAN.
1. Eavesdropping Attack (27) : Eavesdropping is a serious threat for all those systems which transmit their signals over the air. BAN is also not immune to this attack. Eavesdropping is a passive listening but the knowledge gained by this attack is utilized to launch other active attacks. 2. Message Corruption (28,29) : Message Corruption is one of active attack based on eavesdropping which capture the information first, modify and reintroduce in transmission again. The modified information gives false impression to the Doctors and Caregivers about the actual health of the patient. It may be fatal for a human life in case actuator is attached with the patient's body and Doctor initiates a dose remotely based upon the information received. 3. Impersonation or Node Cloning Attack (28,30) : Another focus area is trust of a node. The compromised information gathered using some other attacks, impersonation of a legitimate node is performed. The attacker may launch attack to steal the information in real time through this node. 4. Replay Attack (29,31) : An attacker with a malicious intent can capture a message, replay it at a later time with or without changing its contents. Such bogus messages are induced into the network to drain the energy of the system. It may also lead to take wrong decisions. 5. Forge Base Station Attack (30) : In wireless environment it is possible to create forge base station which make enable to collect data from legal sensor node. 6. Man in the Middle Attack (31) : MITM attack is a powerful real time attack, where the attacker is sitting between two parties and communicates to both ends concealing her identity. 7. Guessing Attack (31) : Passwords may be guessed which it is required to log into the system. Online guessing or Offline guessing are the two ways by which possible passwords may be guessed. 8. Reflection Attack (32) : An attacker can launch reflection attack by manipulating the challenge handshake mechanism of Authentication protocol. Attacker can gain unauthorized access to the system without having genuine credentials. 9. Denial of Service Attack (29,33) : The aim of the Denial of Service (DOS) attack is to bar the accessibility of the system through network resources. The target is flooded by sending a large number of fake packets in order to consume the communication bandwidth and computing capabilities. It is really difficult to manage DOS attack in resource constraint environment of BAN. 10. Tracking Attack (34) : Attacker can eavesdrop and able to identify the identity of the person by determining the actual source of BAN communication. 11. Matching Attack (34) : When the message is small in size as in case of WBAN, attacker generates a pool of public keys.
She tries to decrypt the message content by applying different key values and find the meaningful values. 12. Collusion Attack (35) : An attacker acquires the key material for few nodes and crypt-analyzes the keys for other nodes of the network. The required starting stuff can be gathered either by conspire or using an access to multiple compromised nodes. 13. Key Compromise Impersonation Attack (36) : Crypt-analyzes the private key of any node may lead to impersonation attack.
Hello flood attack, selective forwarding, wormhole attack, sinkhole attack and sybil attack are all routing based attacks which are more relevant for WSN. These attacks are not very potent in WBAN because the nodes may be connected using single hop which does not require any type of routing. https://www.indjst.org/

Security Requirements of WBAN
There are certain expectations from WBAN from the security perspective without which the crucial medical data would not be secure. Based upon the literature review, following are the expectations of WBAN from security perspective.
1. Data confidentiality (37) : Medical data is private and crucial in nature which needs to be protected from unauthorized access. Data confidentiality in transmission as well as in storage requires being secured by means of cryptographic techniques. 2. Node authenticity (37) : Node authentication is a major concern in WBAN. Spoofed nodes may ruin the entire network authenticity. Lightweight cryptographic methods are required as traditional techniques are not suitable for energy constraint resources. 3. Data integrity (37) : Personal health related data may be modified in transit in absence of any mechanism to ensure the data integrity. It could be dangerous in life critical situations. System must ensure to detect any modification in data.
To check the data integrity, lightweight cryptographic hash functions are required which can authenticate inter BAN communication. 4. Mutual authentication (38) : The nodes of WBAN participating in the system must authenticate one another to thwart Man-In-The-Middle (MITM) attack. 5. Unforgeability (39) : A secure WBAN must ensure that the personal server cannot be forged. A compromised server may divert all the medical data towards the attacker which can play disastrous to the system. 6. Unlinkability (31) : Unlinkability is ensured if the system is able to hide the identity of sender and the corresponding receiver. The identity of the sender and receiver must be hidden during communication. 7. Forward secrecy and backward secrecy (40) : In backward secrecy, when a node joins a network after it was established, system must not provide the access of those messages exchanged earlier before it joined the network. In forward secrecy, a node which has left the network is not allowed to access the messages exchanged after its departure. 8. Scalability (40) : System must ensure the implementation of security schemes keeping in view of the scalability of the system. It must support the inclusion of more nodes without causing any security flaw. 9. Freshness (41) : To maintain the freshness of data packets, time-stamping on the data packets is done. It will identify the new and old data packets. It will help the system to thwart the replay attack. 10. Prevention of DoS attack: Denial of Service attack is meant to forbid the accessibility of any service or resource to its intended users. It is accomplished by flooding the target resource that triggers a crash. 11. Prevention of Node Capture attack: An adversary can capture the node and install malicious software. It is redeployed to launch various attacks.

Key Agreement in WBAN
The first and foremost agenda in securing WBAN is key agreement schemes. To successfully establish a secure network, the keys are negotiated upon all the nodes participating in the network. Key agreement is a mechanism in which sensor nodes authenticate one another by sharing secret keys among them. The basic steps involved in key agreement process is as follows (42) 1. Key Generation: Either the agreement keys are pre-deployed or calculated dynamically at run time using biometric or RSSI values.

Key Agreement:
After key generation process, sensor nodes authenticate one another to create WBAN. 3. Key Refreshment: All the keys are timely refreshed to prevent any type of cryptanalysis attack. 4. Key Revocation: It refers to the process of withdrawing the cryptographic keys of the nodes known to be compromised.
Traditional cryptographic methods are categorized in two categories namely symmetric key and asymmetric key methods. A symmetric key method is easy to integrate with less memory requirement as well as it is fast to execute. Symmetric key method is preferred in general but sharing a common key to both the ends is always a challenge. Different mechanisms of sharing the key between the parties have been proposed by the researchers from time to time. An asymmetric key method of encryption and decryption is slower and would seek more energy and memory requirement which makes it unsuitable in resource constraint environment of WBAN.
The nodes of WBAN are required to be authenticated before the network is established. Secret keys must be distributed to all the nodes of the network securely. The key agreement schemes are classified as physiological value based, non-physiological value based and hybrid key agreement schemes by Ali and Khan (29) . However M.Kompara and M Holbl (19) have classified the key agreement schemes into four classes namely traditional, physiological value based, hybrid and signal based secret key agreement schemes. The approach used by (29) and (19) is same with one exception. The non-physiological value based scheme of (29) is divided in two categories as traditional and signal based secret key agreement by (19) considering both the schemes are fundamentally different.
Pre-distributed keys are pre-installed before the network is established in traditional key agreement schemes. The advantage of this scheme is that the execution time processing efforts in calculating the keys are less but it requires additional storage space to store the keys. Biological parameters are used to compute the common secret key in physiological based key scheme. As same biometric parameters are used to calculate secret key at all the deployed nodes; the corresponding key values at all the nodes are expected to be the same. Hybrid key scheme is an amalgamation of both traditional and physiological values based schemes. The combination of two approaches produces better results. The fourth scheme i.e. signal based secret key generation scheme; is analogous to physiological values based key agreement. This scheme uses the characteristics of transmission channel and the biometric parameters of human body to generate key values.

Traditional key agreement schemes
Security keys are pre-deployed in traditional key agreement schemes. The advantage of this scheme is that the computation is not required to calculate the security keys whereas the memory requirement to store the keys is a major disadvantage of the scheme.
Initial idea of Deterministic Pair-wise Key Pre-distribution scheme (DPKPS) is suggested in (43) . Combinational design theory is used to pre-distribute key material to the sensor nodes as bivariate polynomial in the form of Blundo's polynomial. The method has shown perfect connectivity and provide resiliency for BAN in the presence of attackers as explained in (44) . Pair wise key distribution in DPKPS consists of two phases. In the first phase called initial configuration phase, the IT administrator of hospital authenticate all the sensor nodes and pre-deploy DPKPS key material in secured environment of hospital where intruders cannot invade. DPKPS material is unique for each sensor node and composed of n+1 discrete univariate polynomial of order λ . The DPKPS material create pair wise key in the second phase called as usage phase. The generation of key material is a two step process.
Step 2: Chosen n+1 BPs are evaluated at distinct points of a field. The polynomials and the calculated points in step 2 are used to generate pair wise key between the devices.
A bidirectional secrecy & collusion resilience key management scheme namely Forward Security (FoS) and Backward Security (BaS) i.e. FosBaS was introduced in (45) . It is a mechanism to deploy a shared group key in BAN. This scheme is based on the concept of Chinese Remainder Theorem (CRT). There are multiple BANs connected to one server. Each sensor node of a BAN holds a unique ID (S i ). In initialization phase each individual sensor of every possible BAN obtains a unique prime number K i as a key from the server. Server maintains a combination of sensor id & corresponding key in database. To form a group G k , health personal selects few sensors & collect their corresponding IDs {S i , …. S j }and calculate Offset Code Book (OCB). This information is sent to server along with Message Authentication Code (MAC). Based upon the encoded IDs, server finds the corresponding keys (K k ). K k is used to compute a broadcast value x using CRT. This x value is communicated back to sensors and used to compute new group key. The key is updated as and when any sensor is excluded from the group due to medical or technical reason. Nodes may be added into or removed from the group anytime. FoS ensures the communication held earlier must not be accessible to recently inducted sensor. BaS ensures that if any sensor leaves the group any time, it cannot access the future communication. FoSBaS ensures a bidirectional security sensor association for group key management using Chinese Remainder Theorem.
An efficient lightweight method for distributed security key mechanism named Multidimensional α Secure Key Establishment (MαSKE) is proposed in (46) which is based on polynomial α secure system. There is a central authority called MSN administrator who manages the registration process of sensor nodes including key material distribution, key update and revocation. A sensor node stores a cryptographic key material (KM), a lightweight digital certificate (LDC) and a security policy (SP). In the set up phase trust center (TC) coordinates the deployment of KM, LDC, and security policies to sensor nodes. Security handshakes and access control is managed automatically using this key material in the next phase without any involvement of TC. TC is required in case of updation or revocation of key. αSKE is a key distribution system which ensures that α-entities are required to be compromised to crack the system. Initial key establishment and access control role verification process use polynomial based α secure system which is stored at a secure location at the trust center. It uses symmetric bivariate polynomial of degree α over a finite field to generate & share the key material to each sensor node. MαSKE distribute multiple uncorrelated and independent sets to sensor nodes. The ID of a sensor node is generated using LDC by calculating hash of all its attributes. MαSKE and LDCs provide three different methods namely Cryptographically Enforced Access Control (CEAC), https://www.indjst.org/ Role Based Access Control (RBAC) and Identity Based Access Control (IBAC) and make the key generation & access control very efficient and fast.
In another traditional scheme Low Energy, Secure and Flexible Communication Protocol (LEXCOMM) (47) , every sensor node uses a pre-deployed key for the first time when system is started otherwise temporary key is generated in rest of the cases. The coordinator of network broadcast a beacon packet for synchronization of network. The beacon packet consists of five parts: message, TDMA period, rest period, CSMA period and next beacon message. Every sensor node has been assigned a priority number. The priority number determines that which node has more rights to transmit in case of channel noise. Whenever any node joins the network, the coordinator makes an entry into the database about its node ID, its priority number together with other details like the amount of data to be transmitted, frequency of data transmission and time slot requirement. When everything goes fine, the coordinator allocates the requested slots to all the nodes. In case of slots deficiency, the coordinating node apply deficiency distribution algorithm in which available slots are allocated as per priority of individual node. The contention period may be used by the sensor nodes for re-negotiate its service terms with the coordinator nodes. CSMA period is positioned before the beacon message due to the same reason. Protocol uses acknowledgement at application layer or link layer. It may also use no acknowledgement policy depending upon the type of node. A proper retransmission process is followed in case no communication is received from sensor nodes. Transmission Delay and Clock Drift is calculated by exchanging few messages at the time a node is joining the network. All the nodes must follow a synchronization procedure at the time of joining. A lightweight version of AES is used for data encryption. Energy consumption is restricted by applying strict sleep awake schedule for the nodes.
Selimis et al. (48) categorized the transmitted data into sensor data and control data. Sensor nodes send its data to master node in unicast fashion whereas the master node broadcast control messages back to sensor nodes. Two types of keys are considered in symmetric key cryptographic primitives. A node key is a common key between a sensor node and server. Network key is shared by all nodes in the network. The core protocol consists of three phases. In node key pre-loading a unique key is installed in each sensor node in advance. The second phase of the process is network discovery phase in which a sensor node join the network after key agreement. In last phase all the nodes share the common key after network key update.
According to Efficient-Strong Authentication Protocol (E-SAP) (41) , device is registered by Hospital registration desk and provides a secret key to the devices. Healthcare professional is authenticated using two-factor authentication which includes password and smartcard. Patients are also registered at registration center of hospital and corresponding ID and sensor kit's information is sent to concerned healthcare professional to enable him to access the data from the sensor kit. Healthcare professional sends a login request to patient's node. User is authenticated and a secure session key is generated and shared to exchange the data between sensor node and healthcare professional. There is an option for the user to change the password as well. He et al. (49) found some of the vulnerabilities in E-SAP scheme and proposed their own scheme to rectify the flaws.
Two group device pairing schemes were introduced in (50) and (51) which use light signals for initial exchange. Group Device Pairing (GDP) based Secure Sensor Association and Key Management is a unique way of group key agreement for a batch of ten nodes using LED blinking sequences which can be done within 30 seconds. It consists of three phases. In pre-deployment phase, new nodes are procured and group key is calculated. Keying material (KM) is distributed among all the nodes using group key. In deployment phase, nodes are deployed and pair wise keys are computed after creating BAN. In working phase; along with all the normal functions of data exchange, keys are periodically updated. New nodes may join or leave the network and revocation may also be done. Light channel for sensor Initialization and Radio channel for Authentication (LIRA) is a multichannel key deployment scheme which uses a visible light channel to exchange secret keys to the node. Light signals are easy to block so that the attacker cannot intercept them. Sensors with light detectors are required for this purpose.
In a resource constraint environment of WBAN, computation and storage is a concern in implementing asymmetric encryption. RSA based traditional asymmetric encryption would not be appropriate due to memory and processing power constraints (52) . Several traces of asymmetric encryption along with ECC are found in different works (53) . ECC provides better security than RSA and Elgamal with smaller key. ECC is also beneficial in constrained environment like BANs (54,55) . Wang et al. (34) introduce HIGDCP which provide security using a combination of ECC and human interaction. Amin et al. (40) have used Elliptic Curve Cryptography (ECC) together with pre-deployed private and public keys. These keys are used to generate the session key for symmetric encryption. ID-based Elliptic Curve Diffie Hellman key exchange protocol is used in (56) . Huang et al. (57) introduced Elliptic Curve Diffie Hellman version of Symmetric Hash commitment Before Knowledge Protocol. Dynamic distribution of keys is performed rather than pre deployment of the keys. (58) provides four schemes for authentication and key agreements. All schemes use ECC for key agreement. The first scheme is a basic scheme which is an unauthentic key agreement scheme. Hidden public key transfer protocol is the second authentication scheme. A segregated protected channel is used to transfer the secret key. The password-authenticated key agreement protocol uses the password scrambled form to send the public key to other end which is retrieved with password information. In fourth https://www.indjst.org/ scheme named as display authentication; hidden nonce contained in witness value is sent in first message. The actual nonce is communicated in final message which can be compared with the nonce and witness values communicated in first message to ensure the integrity of the message. (59) is an ECC based key management scheme to protect medical information in healthcare. The entire scheme is divided in three phases. In setup phase, Certification Authority chooses a elliptic curve and perform system initialization. Sensors are used to create WBAN. WBAN controller or Smartphone acts as sink node. In registration phase, the data sink uses its registration id i.e. sim-card number and public key to register with CA. CA generates key material which is exchanged with the other party in verification and key exchange phase. Consequently, session key is generated. (60) is ECC and hash chains based key management protocol. A PC (patient controller) such as PDA or smart phone collects the values from all the sensors of the body. ECC is used to calculate a shared secret key between PC and each sensor node with the help of LED blinking pattern. Synchronized blinking pattern ensures the successful establishment of WBAN. ECC is found to be more efficient than RSA. Group key is always computed by PC as it has sufficient resources. It is distributed to all the nodes using shared secret keys. Hash chains are used to ensure authentication. Hospital itself is key generation centre (KGC) which choose a random integer as its private key and computes the corresponding public key.
Some researchers have also used Boneh-Franklin's Identity Based Encryption Algorithm (IBE) in different ways to calculate the keys. The idea of IBE is based on Asymmetric Key Cryptography. IBE does not generate the combination of public key and private key similar to RSA. The data is stored at central server. The keys in IBE is based upon the identity of the doctor who wants to access the data, date and time on which he/she is willing to access the data. IBE generates the public key for 1 hour duration from a string = {date/time/ER}. The ER is the identity of the doctor whereas date and time parameters are as usual. The corresponding private key is generated later. A variation of the method, IBE-Lite (34,60) which is lightweight IBE, retains the attribute of conventional IBE and can be applied on sensor node. It is based upon Elliptic Curve Cryptography (ECC). Public key is independently generated by a sensor using an arbitrary string. Data is encrypted using the key and stored to the remote server. Whenever a doctor wants to access the data, the administrator will generate the same key using same string and provide access to doctor. Huang et al. (27) extended the idea of IBE-Lite further.
A lightweight protocol providing anonymous mutual authentication was proposed by Li et al. (61) who claimed the protocol to be secured against various types of attacks. In cryptanalysis of Li's protocol Chien-Ming Chen et al. (62) have found that the protocol is vulnerable against three types of attacks i.e. offline identity guessing attack, hub node spoofing attack and impersonation attack on sensor node. A secure mechanism addressing these problems with similar efficiency is proposed in (62) .
A secured Energy Efficient Mutual Authentication and Key Agreement Scheme for Wireless Body Area Networks (SEEMAKA) is proposed by Narwal B et al in (63) . SEEMAKA uses fewer hash functions and bitwise XOR operations. The algorithm is analyzed using informal analysis as well as tested using AVISPA tool. The performance of SEEMAKA is compared with other methods using NS-2 simulator. Two XOR operations are reduced at master node and makes the master node as well as the sensor node safe from spoofing attack.
Ali et al. (64) have designed an attribute based encryption (ABE) scheme with lightweight encryption and decryption mechanisms. Contrary to other schemes which use heavy computation in their encryption process, the scheme proposed by Ali et al. uses very few computations to encrypt the data at the tiny sensors. This scheme also reduces the communication overhead as partial cipher text rather than the complete and larger size cipher text is sent to cloud server which is a usual phenomenon in other schemes.
Singh U et al. (65) proposed a novel authentication scheme for WBAN with anonymity. This scheme is certificate-less and lightweight. The scheme has three phases namely initialization, registration and authentication phase. It uses public and private key system in initialization phase as well as registration phase. The scheme uses a random parameter for the communication which ensures anonymous unlinkable session. Time stamps are used to check the freshness of the message which helps to thwart the replay attack. The scheme also provides forward/backward secrecy, confidentiality, authentication and resilience to forgery etc.
Mo J et al. (66) proposed two factor authentication and key agreement scheme for WBAN which is an improvement of the twofactor authentication protocol based on quadratic residues with fuzzy verifier presented in (67) . The proposed algorithm (67) is cryptanalysed & is found that it is not immune to Known Session Special Temporary Information (KSSTI), DOS and privileged insider attack. The improved scheme is analyzed under random oracle model and demonstrated that the method is secure and efficient against different known attacks. A comparison with other scheme is also demonstrated.
A hybrid Advanced Encryption scheme for a protected wireless sensor data in secure transition and storage is proposed in (68) . The purpose of the proposed scheme is twofold. Effective key pairing mechanism using modified RSA algorithm and authenticated access of the user by modified AES algorithm is ensured. This scheme uses the combination of symmetric and asymmetric encryption technique for key pairing mechanism as well as for security. The proposed scheme is compared with https://www.indjst.org/ other existing algorithms on several parameters and found its performance better than other existing methods.
An efficient Lightweight Key Agreement and Authentication Scheme for WBAN is proposed in (69) . The scheme is an effort to overcome the security gaps particularly base station compromise attack and sensor node impersonation attack found in the method proposed by M. Kompara et al. (70) . This scheme is also compared with other related schemes. The scheme has been kept lightweight and is verified using AVISPA tool. The scheme is lightweight in terms of storage, communication, computation cost and time.
Secure new node ID assignment for internet integrated wireless body area networks is proposed in (71) . It is a scheme using public key cryptography to assign a new node ID for newly join node to create WBAN. The authors performed design, energy and computation cost analysis of the proposed algorithm.
A lightweight key agreement scheme in WBAN is proposed in (72) . The protocol has used less number of hash functions and XOR operations to keep it lightweight. Informal security analysis of the proposed scheme is conducted for the well known attacks like eavesdropping attack, anonymous and untraceable sessions, sensor node capture attack, replay attack and forward/backward security. Performance analysis for storage, computation and communication cost is also conducted for the proposed algorithm.
Shen et al. (59,73) introduced a key management protocol which exchange keys between the personal server and sensor node at one end. On the other end it exchanges keys between the personal server and medical professional. Hash chains are used to achieve authentication.
TinyZKP (30) is a Zero Knowledge Proof (ZKP) based scheme. In this scheme, personal server (verifier) authenticates the sensor nodes (prover) using the knowledge based upon the secrets it stores without actually revealing these secrets to server. The secrets may be some crucial information received from prover. In the first phase secret and public keys of sensor nodes and server are generated. In authentication phase each sensor node proves itself to base station using zero knowledge proof.
Ibrahim et al. (74) proposed a scheme in which parameters are pre deployed in personal servers and sensor nodes by the system administrator. One of the parameter is a temporary id for each of the node. A corresponding parameter related to temporary id of each of the node is available with personal server. Nodes are authenticated by this combination available at personal server. It prevents the attempt to join the network later by any foreign node.
M. Almuhaideb et al. (75) provides two protocols P-I and P-II for authentication and re-authentication respectively. The scheme is implemented in four phases (i) initialization and registration (ii) authentication (iii) re-authentication and (iv) expired key deletion. The scheme offers a better key management and uses high randomness to improve the security parameters.
Song Y. et al. (76) proposed a method consisting of two subsections. In the first section, mutual authentication of PC to sensor and in second subsection a group key generation between sensors is performed. The scheme follows security properties and contribute resistance to well known attacks.

Physiological value based key agreement schemes
Physiological signals or bio-signals may be used to calculate the symmetric keys at sensor nodes. All the sensor nodes of WBAN accesses a uniform physiological value independently and calculate the symmetric keys accordingly. These symmetric keys are utilized in encryption and decryption processes performed at the nodes. These parameters vary from one human being to another as these values are unique to an individual (37) . It would a better idea to generate key values at every sensor node independently as the exchange of data is most energy consuming process in WBAN. This method of key generation is energy effective as it requires less energy in secret key calculation rather than the energy consumption required to exchange the data during other key agreement schemes. Keys are changing dynamically depending upon the physiological signals. Biometric signatures are distinctive to a human body which is a way ahead in Intra-BAN security (77) . Biometric signals such as Electrocardiogram (ECG or EKG) (78)(79)(80) , Blood Pressure (BP), photoplethysmogram (PPG) (78,(81)(82)(83) , Blood Oxygen Level (SPO 2 ) etc. may be used for this purpose. Inter-pulse interval (IPI) is also used to compute the symmetric key (84) . IPI is the time gap between two successive pulses and compatible to use with ECG and PPG signals.
Physiological value based key methods are divided in two categories on the basis of key distribution policies (77) .
1. Physiological value based protocols with pre-distributed secret keys 2. Physiological value based protocols without pre-distributed secret keys Other authors (29) have categorized physiological value based protocols with pre-deployed secret keys as hybrid solutions because these schemes borrow their methods from traditional & physiological based scheme. Physiological value based protocols are divided into fuzzy and non fuzzy groups (29) . Further there are several fuzzy protocols without pre-distributed secrets. Protocols with fuzzy vault (e.g. PPG based key agreement (PKA) (82,83) , Ordered Physiological Feature Based https://www.indjst.org/ Key Agreement (OPFKA) (85) , Protocols with fuzzy vault and encoded features (Physiological signal based key agreement (PSKA) (86) , Protocols with fuzzy vault and encoded key materials (87) , Fuzzy vault with a cubic spline curve (88) are the examples of fuzzy protocols without pre-distributed secrets. Ordered Physiological Feature Based Key Agreement for WBAN (85) is a novel way of key agreement between two nodes which is based upon physiological signal features. The same physiological signal (ECG, PPG or BP) read by distinguished sensors at different parts (chest, fingertips or limbs) of body have overlap values but with some gap. OPFKA is an efficient protocol which transfers the secret features of one sensor to another in such a way that the sensors are able to identify their overlapping features. First of all, a feature vector is prepared by each sensor and sent to the receiver. Feature vector may contain noise. Receiver generates a symmetric key based upon common feature. It returns the indices of matching features back to sender along with MAC of the key. The sender calculates its symmetric key using those values of features vector which are corresponding to the indices received from receiver.
A physiological feature based key agreement for WBAN (86) is a biometric parameters based system. The biometric parameters are of two types: static and dynamic. Fingerprints, retina and iris patterns are static parameters whereas ECG, IPI, PPG etc. are dynamic biometric parameters due to their randomness and time-variance behavior. PFKA calculates and distribute the symmetric key which is based upon the features extracted from Electrocardiogram (ECG) signal. Either enhanced FFT or IPI method is used to generate features. In FFT, the sampling rate of biometric signal is same at two sensors. FFT is applied on the signals after dividing them into windows. Peak index and peak values of each of the overlapping window are calculated after applying peak-detection algorithm. Values are quantized and concatenated to form a feature vector (F). In IPI method, the last 4 bits are quantized for each IPI. The bits of three adjacent IPIs are concatenated after quantization to form a feature. These feature vectors are changed with a vector of random numbers along with its MAC. Reed Solomon coding is applied to form a modified vector which is exchanged between sensor and receiver. (89) is a key agreement scheme based upon Linear Prediction of ECG features. The process is summarized in Figure 3 (89) . It calculates symmetric keys based upon ECG signal features and use Linear Prediction Coding to compress the data before transmission. The transmitter node N t and receiver node N r want to establish a connection. The node N t collects the N samples of ECG value for a fixed time duration of T s . The features F 1 are extracted from the N-sampled set of values. F 1 is linearly predicted and produce the LPC coefficient vector (A) and the residual error of predicting F 1 (E). The value "A" is sent to receiver and value "E" is used to generate 128 bit session key using a key generation process. Entire key is not exchanged and only a partial value is sent across in terms of "A" value. BCH coding is used to adjust and correct the key K 1 . Near similar method is used to generate 128 bit session key by receiving value "A" from sender.
Trust Key Management Scheme for WBAN (90) use ECG values to generate and distribute symmetric keys to sensors. Base station maintains a database of those keys which are shared with the sensor nodes. Base station has a pair of private and public key. WBAN architecture is divided into three layers. After the base station on the top, there is an intermediate layer of gateways. The nodes which are in close proximity are connected to one of the gateway. The protocol consists of four steps. In Key Generation phase, fiducial methods are used to calculate the interested area on a heartbeat. ECG values contain high degree of randomness and variance which is essential for good cryptographic keys. A symmetric key (Biokey) is generated after the feature extraction of ECG signals. Its morphed version after applying MD5 function is used as a session key (K session =MD5 (Biokey). In second phase known as Key Setup phase; each node after calculating the K session, encrypt the Biokey using the public key of base station and transmit to base station. In third phase known as Key authentication phase; sensor nodes authenticate its gateway using a challenge response mechanism. In fourth phase called as Key Update phase, the keys are updated periodically to avoid long-term cryptanalysis. The key update process is initiated by the base station.
Yasmeen et al. (91) proposed an algorithm which is based on measuring the common ECG signals at the sender as well as recipient sensor. The algorithm is lightweight as it uses the information from the previous connections to calculate the new and random security key for the current sessions.
ESKE (92) is ECG parameter and fuzzy commitment based protocol. The fuzzy commitment in ESKE ensures that the protocol can tolerate noise and randomness in ECG signals. The combination of ECG signals along with fuzzy commitment is used to create confusion between correct point sets and chaff points. In fuzzy commitment scheme, the biometric values close to the original can be accepted using the idea of hamming distance. Central Unit (CU) observes biometric values and sends to a sensor along with some chaff points. The sensor compares the received values with the biometric parameters observed directly. If sufficient number of point match; sensor is approved and a session key is established. Because of uniqueness, biometric parameters can be used to calculate the cryptographic key dynamically. These keys are further encrypted to provide security to biometric driven cryptographic keys.
Broadcast -Based Key Agreement Scheme Using Set Reconciliation for WBAN (79) . A node share a common key with personal server which is generated using feature set extracted from ECG. This scheme uses the idea of set reconciliation. If https://www.indjst.org/ PS broadcasts minimal information related to feature set to all the nodes. After applying the reconciliation process each node calculate the symmetric key to be used for data exchange.
Electrocardiogram (EKG) based key agreement scheme (93) , generate a common key at two sensor nodes in plug and play manner without requiring any kind of pre-deployment. The design goals of a symmetric keys like randomness, time variance and sufficient long length are met in EKG based key agreement scheme. The values of EKG signals measured at two distinctive sensors are different but the trends are similar. Sampling is performed at 125 Hz and a particular interval of 5 seconds. Frequency component is removed from the samples as it does not affect much to the overall power of the signal. Samples taken over five seconds are divided into five parts and FFT is applied on each of these parts. Feature vector (F) is created from FFT coefficients. Filtering is performed to remove the higher level of entropy in quantization process. Feature vectors are exchanged between nodes and symmetric keys are calculated.
An improvement of (93) is proposed in An Improved EKG-Based Key Agreement Scheme for BAN in (94) , which uses discrete wavelet transform (DWT) for feature extraction rather than FFT as performed in (93) . The computational cost using DWT is found to be linear.
Plethysmogram based Secure Inter-Sensor Communication in BAN (82) use photoplethysmogram (PPG) signal to calculate feature generation. Pulse oximeter is used to measure PPG. Frequency domain analysis of PPG signals are performed to generate the features as frequency components of physiological signals produce same values irrespective of the fact that at which part of the body they are measured. Time domain analysis performed on the values of two PPG signals measured at two distinctive sensors showed that the sensor values are different but the trends are similar. Sampling is performed at 60 Hz and a particular interval of 12.8 seconds which produces 768 samples. FFT is applied in each of the five overlapping windows acquired after sampling. Peaks are identified using peak-detection algorithm. <Peak index, Peak value> pairs are quantized and concatenated to form a feature. Features measured from different samples constitute feature vectors. Random symmetric key is generated at one of the sensor and hidden using feature vector. The hidden key is communicated to other sensor. The receiver unlocks the symmetric key using its own feature vector. To compensate the difference between the feature vectors of sender and receiver, fuzzy vault scheme is used. https://www.indjst.org/ Majority of physiological value based key agreement schemes are centered on fuzzy vaults (95) . In fuzzy vault scheme a polynomial is selected to lock a secret K. The coefficients of the polynomials hold the value of the secret. A common value is chosen to lock the vault. Physiological values (PVs) are those values which are common and shared between two parties. These PVs represent the X coordinate and are used to calculate the corresponding Y coordinate using the selected polynomial. To secure the previously created points, other points called chaff points are also included which are selected randomly. The result is a fuzzy vault. The fuzzy vault along with a hash value H(K) is sent to other entity. PVs i.e. X-coordinate are gathered independently by other entity. Polynomial function is reconstructed by finding the appropriate points in the vault. Secret is assembled and hash H(K') is calculated. The values of H(K) and H(K') are compared.
The other works which follows the non-fuzzy approach are protocols with multiple commitments (96) , protocols with matrices comparison (93,94) and protocols with Reed Solomon decoding (93,97) . However, it is analyzed that non-fuzzy solutions are not very common.
Physiological value based key agreement scheme offers following advantages (98)  Physiological based key agreement schemes experience following challenges in key negotiations-Lightweight computational design (77) In physiological value based scheme, the storage requirement comes down comparatively to other schemes but computing requirement increases which would put more strain on the battery life of the node.
Signal Obtrusion Two BAN users in close proximity can interfere each other's network which can lead to the false calculation of the keys based upon physiological parameters (77) .
Variation in physiological signals (77) There could be variation in the signals measured at two different nodes of WBAN due to the high entropy of the signals which propagate to calculation of false key values.
Security Assurance (77) There should not be any access to the physiological signals to anybody who can get the benefit after calculating the secret key.
Proficient key generation (77) The physiological signals are varying randomly. The process of key generation must be fast enough to avert the variation in the key.
Noise Removal (77) Multiple sensors are located at different parts of the body. The signals may vary due to the positions of the sensors and nodes. The generated noise must be removed to calculate the exact measurement of the signal.
The challenge to implement the PVs based key generation scheme is the lack of randomness in physiological values. All the possible biological parameters namely BP, ECG, EKG, PPG, SPO 2 and IPI used to generate PVs have a short range which is contrary to the requirement of very large range and true randomness in the numbers used to generate symmetric keys at both the ends.

Signal Based Secret key generation schemes
Secret key generation schemes exploits the user specific signals to generate keys between two genuine nodes. These schemes are generally based on the signals which are easily available to all the sensors. However, to receive identical signal features at all nodes is always a challenge due to motion of human body and positioning of the nodes. The signals that show consistent values on different nodes are used to calculate the symmetric keys.
Generally protocols use two types of signals to generate the secret keys. A common property of a wireless channel or common physical environment is extracted to generate the keys. Received Signal Strength Indicator (RSSI) is most commonly used attribute of the wireless channel to compute the secret key at nodes. These signals are not possible to be reproduced outside the network as the same environment is hard to regenerate due to the positioning and dynamicity of the WBAN environment (99) . These values are highly dynamic in nature due to which replica generation is a challenge for an adversary.
Secret key generation schemes generally consist of four steps in these types of schemes-3. Reconciliation or Noise Removal-The difference between the key values is removed and the two nodes agree on a common key. 4. Strengthening phase-During this phase, the key values are strengthen further to make the keys stronger and avoid the attacker to gain any information during the previous phase.
S.T. Ali et al. (100) presented a dynamic secret key generation scheme using temporal-spatial characteristics of wireless channel for BSN. The multi-path channel properties between two communicating sensor nodes are spatially unique. Authors verify experimentally that human body motion create channel variation in WBAN which helps to generate symmetric key at sensor nodes safely even in the presence of eavesdropper. The channel is sampled intensively for a brief period of time. The fast and slow components from the sampled signal are isolated using filters. Quantization is performed on both the signals independently. The base station and sensor node keep track of RSSI values. Noise is removed from these values and symmetric keys are generated. The eavesdropper measures a different channel and would not be able to generate the same symmetric key. The mismatch rate is high due to the motion causes fluctuations in the measurement of RSSI values in proposed scheme. The scheme was revised and mismatch rate was lowered in (101) . Later, they improvised their technique and further reduced the mismatch of the generated bits in (102) . Tsouri et al. (103) calculates symmetric key for BAN using wireless physical layer security (wpls) in presence of eavesdropper. RSSI values were measured at two nodes from the packets going back and forth. Proposed algorithm was used to generate the symmetric key on basis of the difference between consecutive RSSI values. After a fixed number of attempts, if the absolute total of all the differences is above a threshold number, a bit is generated otherwise the process is repeated.
Device authentication and secret key exchange are two major issues which are taken care separately. Authenticated Secret Key (ASK-BAN) (104) proposes a solution to both the problems simultaneously using heterogeneous characteristics of physical layer. The authentication of the devices is done using stable channels whereas the key generation uses relatively unstable channels. ASK-BAN authenticates on body sensors using trusted sensors as relay node. It uses transitivity in trust establishment among nodes. To establish secret key; ASK-BAN uses multi-hop paths which causes larger RSS fluctuations. Its extension Movement Aided Authenticated Secret Key (MASK-BAN) (13) is a dynamic channel based lightweight fast device authentication and secret key extraction scheme for WBAN which uses RSSI values for authentication and for building the keys.
Secure Authentication and Key Generation Protocol Based on Dual Antennas for WBAN (SeAK) scheme (105) uses the idea of dual antennas in BAN while the other protocols based on RSS use single antenna. The sampling can be performed by any one of the antenna present on device which provides great diversity. Authentication and secret key generation is done simultaneously in this scheme. This scheme generates a secret key of 128-bit in 640 ms as compared to 15.9 s in ASK-BAN.
One promising solution (106) for key agreement between two communicating parties is data reciprocity. It is an efficient method to extract a common key after removing the minor differences. The attenuation coefficient of RSSI value depends upon inter-node distance. RSSI values are also changed due to the movement of human body which alters the inter-node distance. The closeness of several sensors interfere the signals of one another. Probe messages are sent from node to PS and vice versa. The strength of RSSI values are measured at both ends which helps to calculate symmetric keys. It is purely a software based solution and does not require any special hardware.
According to (107) same characteristics of Physical layer are shared by two communicating parties in point to point channel. Keys are calculated on the basis of the received signal at any sensor node. Almost same value of the signal is measured at its peer node. The differences in the signal values are exchanged in terms of check symbols which help to compensate the gap in the values measured at two nodes. Error-correcting algorithm is used to regenerate the original data stored at other end. The method of exchanging the check bits rather than the actual data is found to be secure and significantly reduce the amount of information exchanged during key agreement process. Improved Juels and Sudan (IJS) algorithm is used in which the high order polynomial coefficient of RSSI is sent to other side. Reed-Solomon method is used to regenerate the signals from local RSSI and the received coefficients.
The joining of a new device in a wireless network is a three step process. Whenever a new device joins a wireless network; it's a three step process. New device first joins a wireless network (using common key). It then establishes communication with peer devices (using unique key). It finally connects to the cloud account (using copy and paste). Wanda-a 'magic wand' is a small hardware device shown in Figure 4 (108) has two antennas. Both the antennas are separated by one-half wavelength. Wand calculates the difference in received signal strength measured by both antennas and determines the proximity with the device.
The two antennas in Wand device help to implement two operations: detect and impart which are essential to make new device part of the system. The device's proximity can be ascertained by observing the difference between the power readings of two antennas. Larger the difference, closer is the device. When the proximity of the other device is ascertained, it can use the reciprocity property of signal to impart information onto another device.
https://www.indjst.org/  (109) to generate and share the secret key to other node even in the presence of eavesdropper. The sender node gathers RSSI value which is used to construct the fuzzy vault with a randomly generated secret key hidden inside it. The receiver extracts the key from the vault using highly correlated RSSI values.
The second group of schemes is based on some property of common physical environment exposed to both the nodes. Much work is focused on acceleration signals which are generated due to the acceleration of human body. Positioning of nodes on different parts of bodies pose a challenge as the different parts of body accelerates with different rate. The acceleration rate measured by the sensor placed on arm or leg is different than the sensors placed on chest or neck. Bichler et. al (110) presented a mechanism in which a secret key is generated by the acceleration data produced from shaking the device. A near similar method of shaking two mobile devices simultaneously was proposed by Mayrhofer and Gellersen (111) . Simultaneous shaking is an easy to use mechanism to pair two small mobile devices. The method based on common physical environment involves the same sequences as those based on wireless link characteristics.
Quach et al. (112) proposed a secret key generation mechanism which is dependent on ambient audio signals. Acceleration depends upon user's gait-the way that somebody walks. Measurement of acceleration on different parts of body is a challenge as different parts of body accelerates with different speeds. To compensate the gap between the readings of the sensors on arm and chest due to the different rate of acceleration, the acceleration due to the swing of arm has to be reduced (113,114) .
Mubarak et al. (115) proposed a signal based protocol which is a two step scheme. In the first step of the scheme a compromise and impersonation attacks resistant (CIAK) authentication scheme based on Zero Knowledge Proof (ZKP) is proposed. In the second step a channel characteristic aware (CCA) authentication scheme based on ZKP is proposed. The efficacy of the scheme is more than 90% in comparison of other schemes.

Hybrid key agreement scheme
Hybrid key agreement scheme is amalgamation of physiological and pre-deployed key agreement schemes. Physiological values of an individual are unique and hard to recreate outside the network. To provide more robustness and security, pre-deployed keys are also taken together along with PVs to generate the secret keys.
Protocols with physiological certificate (116) , protocols with multipoint key negotiation (117) and protocols with predistributed keys (118) are some of the protocols using hybrid key mechanism.
Secret Key Exchange Protocol (SKEP) (119) is an ECG based cubic spline interpolation technique to secure inter-sensor communication. All sensor nodes are preloaded with a number Nb. SKEP is a two step process: commitment phase and feature acknowledgement phase. ECG values are collected at nodes. The sampled values of ECG are divided into different windows. FFT is applied to each of the window. Feature vectors (F) are calculated from FFT coefficients. Sensor nodes uses RNGs to generate a vector F' of random numbers. Cubic spline method is applied on a combination of F and F' to generate coefficients vector (Coeff). BioScript = hash(Coeff) ⊕Ks ession is calculated. Encrypted value of BioScript, Coeff using the key hash (Nb) is sent to the receiver. As the receiver also has the number Nb, the received message can be decrypted.
BARI (120) is a hybrid key management scheme in WBAN which establishes a secure traffic from sensor node to the remote medical server through Personal Server. Each sensor node of the network is given a slot to change its key as per the key refreshment schedule issued by the Personal Server (PS). Three types of the keys are used to manage the whole BAN.
https://www.indjst.org/ Communication key K comm is maintained by PS and used to transfer the data securely through the network. Administrative key K admin is used to refresh K comm . Every node of WBAN contains its own key K bsc which is also recorded by Medical Server (MS). In initial setup phase PS is deployed. K admin and K comm are preloaded with PS. Sensor nodes are preloaded with K admin and K bsc . These keys are used for initial establishment phase. Re-keying is done on the basis of biometric parameter in the next phase as per the schedule issued periodically by PS. All the keys are refreshed according to the circulated schedule. BARI+ (121) is a distributed key management scheme. BARI+ uses four types of keys. Apart from the three keys used in BARI, BARI+ uses an additional key K SN,MS which is a backup key shared between MS and sensor node.
A Biometric Method to Secure Telemedicine Systems (122) involves IPI values to create secure keys. Four types of keys are used in WBAN: K int -predefined initial symmetric key, Key LPU -symmetric key that shares between sensor node (SN) and Personal Server or Local Processing Unit (LPU), K server -Key between LPU and Remote Server (RS), K phy -Key between RS and Doctor or medical professional (PR).Session key can be generated using biometric parameters like heart rate variability, ECG and IPI. Keys are exchanged using MAC for secure transmission.
Secure and Efficient Key Exchange for Wireless Body Area Network (SEKEBAN) (123) uses electrocardiogram (ECG) to generate symmetric keys. There are some points of interest in heartbeat readings called fiducials. 67 consecutive IPI values generate 128 bits. It is also observed that the Hamming distances are less than 22 bits for the same person but in case of different persons the distances are of the order 80 bits or higher. ECG generated binary sequence contains sufficient randomness required to be a good symmetric key however a morphed version is used. MD5 hashing is used for morphing. The hashed data will not allow creating original data and serving confidentiality. The process of SEKBAN is summarized in Figure 5 (123) .

Fig 5. Session Key Generation in SEKBAN
IMDGuard (124) is a security mechanism for heart related Implantable Medical Devices (IMD). It remains operable even in case of emergency. It facilitates ECG-based key generation and an access control mechanism. Heavy security mechanism may lead to troubles in life critical situations. Security mechanism is switched off in emergency and an available doctor must be given access even if he/she is not authorized. The entire system is managed in two phases. IMD is implanted inside the body and an external device called Guardian is used as an interface between IMD and doctor. Guardian acts as a proxy server and performs all authentications on behalf of IMD. ECG values are used to share keys between IMD and Guardian. IMDGuard works in two modes: regular and emergency. In regular mode, Guardian would authenticate all communication. When Guardian is not detected by IMD; it enters into emergency mode and doctor may directly access to IMD. IDKEYMAN (125) is a publisher-subscriber based key management scheme for WBAN. IBE is used to set up symmetric keys between publishers (sensor nodes) and subscribers (doctors or caregivers). There is no certification authority as available in traditional PKI rather a private key generator (PKG) generate private keys for nodes on providing their identification number as input. This method contains two phases. In publisher authentication model, publisher gathers the unique identification (PID) information of the user using RFID tags and validates the person before the actual communication begins. The second phase called identity based key management scheme operates in pre-operational, operational, post-operational and destroyed phases. In pre-operational phase, private keys and public keys of publishers and subscribers are pre-distributed. In operational phase, pair-wise session key is generated. In post-operational phase, the session keys are updated regularly. In destroyed phase, key regeneration process takes place in case of key compromise.
IAMKeys (126) generate random keys independently at both ends to encrypt each data frame. It eliminates key exchange requirement as keys are calculated independently at sender and receiver end. In secure environment, five dummy reference frames are loaded in WBAN Central Controller Node (WCC) and monitoring station data receiver. PRNG choose one of the data field from one of the reference frame as seed value and generate a random key. The data is encrypted using the key and transmitted. The receiver independently generates the key and decrypts the data frame. The encryption process include block and stream ciphers. It is also taken care that a single bit errors don't propagate and remain single bit error. In case of lost frame, a frame with latest values is sent to maintain the freshness of the data.
Sammoud et al. (127) proposed a biometric based symmetric key establishment method to exchange the data between two sensor nodes in WBAN. ECG signal is made available to all the sensor nodes and biometric based symmetric key is calculated https://www.indjst.org/ which is based on three entities. The protocol offers an optimal and robust security approach in WBAN environment.
In (128) , a value of bivariate polynomial is pre-deployed. These values are used for key exchange. Hash values of PVs are X-Ored with pre-deployed keys to generate a random key.

Analysis of Key Agreement Scheme on the basis of different parameters
Tables 3, 4, 5 and 6 are prepared to show a comparison of different key agreement schemes of Traditional, Physiological, Signal based and Hybrid methods respectively on different parameters viz. data confidentiality, node authentication, data integration, mutual authentication, unforgeability, unlinkability, forward/backward secrecy, scalability, freshness, DoS attack, and Node capture attack as discussed in Section 6. Results of these comparisons are summarized and shown graphically using Figures 6, 7,  8 and 9. In figures, distinguished parameters are denoted on X-axis and the count of the algorithms following the corresponding parameter is denoted on Y-axis. Red color is used to denote the backward secrecy in Figures 6 and 9. Table 3 is prepared to show a comparison of different Traditional key agreement schemes.

Analysis of Traditional Key Agreement Schemes
Thirty algorithms are studied in Traditional key agreement scheme. A summary of the study is shown in Figure 6. Maximum algorithms have considered the parameters like data confidentiality, node authentication, mutual authentication, forward/backward secrecy, freshness and node capture attack. The parameters like data integrity, unforgeability, unlinkability, scalability and DoS attack are less stressed upon. Table 4 is prepared to show a comparison of Physiological key agreement schemes.

Analysis of Physiological Key Agreement Schemes
Nine algorithms are studied in Physiological value based key agreement scheme. A summary of the study is shown inFigure 7. Maximum algorithms have considered the parameters like data confidentiality, node authentication, data integrity, mutual authentication and freshness. The parameter unforgeability is less stressed upon. Unlinkability, forward/backward secrecy, https://www.indjst.org/  (41) Yes Yes Yes Yes (43) Yes Yes (44) Yes Yes (45) F/B (46) Yes Yes Yes Yes Yes (48) Yes Yes Yes F Yes (49) Yes Yes (50) Yes F (51) Yes F/B Yes (55) F (56) Yes Yes Yes (57) Yes Yes Yes Yes (58) Yes Yes Yes F (39) Yes Yes Yes Yes (59) Yes Yes F/B Yes (60) Yes Yes (62) Yes F (63) Yes Yes F/B Yes (64) Yes (65) Yes Yes Yes Yes F/B Yes (66) Yes F/B Yes Yes Yes (68) Yes (69) F/B Yes Yes Yes (71) Yes Yes Yes Yes (72) F/B Yes Yes (73) Yes Yes F (74) Yes Yes F/B Yes Yes (75) (85) Yes Yes (86) Yes Yes Yes Yes Yes (89) Yes Yes (90) Table 5 is prepared to show a comparison of different Signal based key agreement schemes.  (101) Yes Yes (103) Yes Yes (104) Yes Yes Yes Yes Yes (13) Yes Yes Yes Yes Yes Yes (105) Yes Yes Yes (106) Yes Yes Yes Yes (107) Yes Yes Yes Yes (108) Yes Yes Yes (109) Yes Yes Yes (110) Yes (115) Yes Yes Yes 11

Analysis of Signal Based Key Agreement Schemes
Eleven algorithms are studied in Signal based key agreement scheme. A summary of the study is shown in Figure 8. Maximum algorithms have considered the parameters like data confidentiality, node authentication, mutual authentication and freshness. The parameters like unforgeability and node capture attack are less stressed upon. None of the algorithm has considered data integrity, unlinkability, forward/backward secrecy, scalability and DoS attack. Table 6 is prepared to show a comparison of different Hybrid key agreement schemes.

Analysis of Hybrid Key Agreement Schemes
Nine algorithms are studied in Hybrid key agreement scheme. A summary of the study is shown in Figure 9. Maximum algorithms have considered the parameters like data confidentiality, node authentication, data integrity, mutual authentication and freshness. The parameters like unlinkability, forward/backward secrecy, DoS attack and node capture attack https://www.indjst.org/

Yes
Yes Yes Yes (120) Yes Yes Yes Yes (121) Yes Yes Yes F Yes Yes Yes (122) Yes Yes Yes Yes (123) Yes Yes Yes Yes (124) Yes Yes Yes (126) Yes Yes Yes Yes (126) Yes Yes (127)  are less stressed upon. None of the algorithm has discussed about unforgeability, and scalability. Table 7 depicts the comparison of different schemesof all the four categories on the basis of additional parameters of security viz. hash function, Symmetric/ Asymmetric cryptography used, memory efficiency, computational efficiency, and energy efficiency.  (41) HASH Yes (43) Yes Yes (44) MAC Yes Yes Yes (45) MAC Yes Yes Yes Yes (47) Yes Yes (48) Yes Yes Yes Yes Continued on next page https://www.indjst.org/ Table 7 continued (50) HASH Yes (51) HASH Yes Yes Yes (55) MAC Yes Yes (57) Yes Yes (39) HASH (59) MAC Yes Yes (60) Yes Yes Yes (62) HASH Yes Yes (63) HASH Yes Yes Yes (64) SHA-1 Yes Yes Yes (65) HASH Yes Yes Yes (66) HASH Yes Yes Yes Yes Yes (68) Yes Yes Yes (69) HASH Yes Yes Yes Yes (71) HASH Yes Yes Yes Yes (72) HASH Yes Yes Yes Yes (73) HASH Yes Yes (74) HASH Yes Yes Yes Yes (75) HASH Yes Yes (76) HASH Yes (85) MAC Yes Yes Yes (86) HASH Yes Yes Yes Yes (89) Yes Yes (90) MAC Yes (91) HASH Yes Yes Yes Yes (92) MD5 Yes Yes Yes (79) MAC Yes Yes (93) MAC Yes (95) MAC Yes (101) Yes (103) Yes Yes Yes Yes (104) Yes (104) Yes (103) Yes (104) Yes (13) Yes (105) Yes (106) Yes (107) MAC (112) Yes Yes Yes Yes (116) HASH Yes (117) Yes (118) Yes Yes Yes (119) MAC Yes (121) Yes Yes (122) MAC Yes Yes Yes Yes (123) Digital Signature /Hash Yes Yes (124) HASH Yes Yes Yes 54 34 42 15 24 21 Summary of the study is shown in Figure 10 https://www.indjst.org/ Fifty four algorithms of all the different key agreement schemes are reviewed on the considered parameters. Around 60 percent algorithms have used hash methods either in their internal mechanism or to maintain the data integrity. Most of the algorithms are based on Symmetric key cryptography as it is lightweight in comparison of asymmetric key cryptography. In few cases, Symmetric as well as Asymmetric key cryptography have been used simultaneously for encryption process. Around one-third of the total algorithms have considered either memory or computation or energy efficiency in their designing.
The overall analysis highlights that there is scope of significant improvement is still available in the discussed schemes. The other research works also highlights similar trends but a one to one analysis of the reviewed schemes covered in this work with their work could not be possible. The lists of the reviewed schemes are found to be dissimilar due to the difference in the methodology and search criteria.

Conclusion
In this review work, a brief introduction of WBAN architecture in compliance with IEEE 80.15.6 is discussed first. Some of the differences between WSN and WBAN are also discussed. A total of eleven parameters are identified primarily during literature survey viz. data confidentiality, node authentication, data integrity, mutual authentication, unforgeability, unlinkability, forward/backward secrecy, scalability, freshness, dos attack and node capture attack. Taxonomy is provided to analyze different key agreement schemes based upon the identified security parameters. Performance analysis of the covered schemes is also conducted on the basis of usage of symmetric/asymmetric key, memory efficiency, computation efficiency and energy efficiency.
During analysis, it is observed that the prevention of DoS attack is not considered prominently in any of key agreement scheme. None of Signal based algorithm considered DoS attack whereas only one algorithm considered DoS attack in Physiological, two in Hybrid and three in Traditional key agreement scheme. Wireless environment is always susceptible to DoS attack. It should be taken into consideration while designing key agreement algorithms. Absence of DoS attack protection may trigger a crash. Few algorithms of Traditional key agreement scheme have considered Forward Secrecy and Backward Secrecy in their designing but it is rarely considered in other key agreement schemes. A few algorithms have considered Scalability in Traditional and Physiological scheme but none of the Signal based and Hybrid scheme algorithm considered this parameter. System must ensure security keeping in view of the inclusion of more nodes without causing any security flaw. Forward/ Backward secrecy and Scalability should be taken into consideration while designing key agreement algorithms. Data Integrity is considered moderately by all the schemes except Signal Based algorithms. Avoiding the data integrity could be dangerous in life critical situations. System must detect any modification in data during transit. Unlinkability is hardly bothered by any of the scheme. Like Unlinkability, Unforgeability is also overlooked by the algorithms. A compromised server may divert all the medical data towards the attacker which can play disastrous to the system. Data integrity, Unlinkability and Unfogeability should be taken into consideration while designing key agreement algorithms.
The main difference between WBAN and other networks is due to the size of hardware. Each node in WBAN has a limited energy with limited computational power and very small size of memory. All the operations must be designed to work keeping https://www.indjst.org/ in view of these limitations. In order to implement the key agreement schemes, additional lines of code would be required. It may impact the efficiency of the overall WBAN functioning. Very few algorithms have considered all the factors of efficiency. Even some algorithms have considered none of them.
This review emphasizes the importance of the security countermeasures while designing the key agreement schemes for WBAN environment. It also highlights the role of performance parameters during the development of such schemes. This work will benefit the future investigators, researchers and professionals to develop security preserving key agreement schemes for WBAN. WBAN implementation will improve the quality of life and also cut down the cost of expenditure incurred on health but the security flaws can play disaster for patients' health and prevent WBAN from being adopted.