Authentication in a body area network (BAN) using OpenSSL

Thumbnail Image



Journal Title

Journal ISSN

Volume Title


University of New Brunswick


Internet of Things (IoT), which enable the connection and communication of objects (Things) over the internet, have received considerable attention in recent years. The internetisthe main medium (backbone) of communication, while the things are smart devices, machineries, industry level equipment, etc., which generate data to share and process for some intelligent decision making. Ever since the term IoT was coined out and described by Kevin Ashton in 1999, industries have adopted the idea of IoT and began integrating it into their product development process widely. As a popular application scenario of IoT, body area network (BAN) is one IoT network formed by body sensors, which can sense the health related data, deliver the data to the remote eHealthcare center for a better health monitoring through some gateways over the Internet. However, due to the congestion of the internet and the fast rise in cyberattacks, it is very important to secure packet exchange via advanced level encryption methods to prevent possible session hijacking, Man-In- The-Middle (MITM) attacks, cross site scripting, etc. Fortunately, there are numerous encryption standards available. In this study, in order to address the cyber security issues in body area network, we will be considering the OpenSSL, one popular software library which is open source for user revision. According to, OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general- purpose cryptography library, and it islicensed under the Apache-style license which makes it free to use by everyone. Concretely, the report examines the OpenSSL cryptographic architecture, propose and implement a “layer-in-layer” level cryptographic model in a bid to secure our communication while interfacing with generated data between the BAN and IoT. The study involves dissecting the selected authentication process, seeing how it ticks, and why, look into its applications and its setbacks. The ultimate goal of this study is to create an extra layer of security on the same technology and put it to use. It is expected that this strategy will make the authentication algorithm more secure.