Assessing the Security of the IEEE 802.15.6 Standard for Medical BANs

Medical Body Area Networks (MBANs) are ensembles of collaborating, potentially heterogeneous, medical devices, located inside, on the surface of or around the human body with the objective of tackling one or multiple medical conditions of the MBAN host. These devices collect, process and transfer medical data outside of the network, while in some cases they also administer medical treatment autonomously. Being that communication is so pivotal to their operation, the newfangled IEEE 802.15.6 standard is aimed at the communication aspects of MBANs. It places a set of physical and communication constraints as well as includes association/disassociation protocols and security services that MBAN applications need to comply with. However, the security specifications put forward by the standard can be easily shown to be insufficient when considering realistic MBAN application scenarios and need further enhancements. This paper remedies these shortcomings by, first, providing a structured analysis of the IEEE 802.15.6 security features and, afterwards, proposing comprehensive and tangible recommendations on improving the standard's security.