Biometric Authentication and Veriﬁcation for Medical Cyber Physical Systems

: A Wireless Body Area Network (WBAN) is a network of wirelessly connected sensing and actuating devices. WBANs used for recording biometric information and administering medication are classiﬁed as part of a Cyber Physical System (CPS). Preserving user security and privacy is a fundamental concern of WBANs, which introduces the notion of using biometric readings as a mechanism for authentication. Extensive research has been conducted regarding the various methodologies (e.g. ECG, EEG, gait, head/arm motion, skin impedance). This paper seeks to analyze and evaluate the most prominent biometric authentication techniques based on accuracy, cost, and feasibility of implementation. We suggest several authentication schemes which incorporate multiple biometric properties.


Introduction
A Wireless Body Area Network (WBAN) is an interconnected network of wearable sensing devices.A WBAN network composed of medical sensors can be categorized as a Cyber Physical System (CPS).This subset of WBAN devices consists of special linked sensors made to work independently and continuously to connect with other medical devices, which can be planted either inside or outside the human body [1].WBAN protocols are developed in such a way that will spread the communication between the body's sensors and the data center through the internet via web-servers A WBAN can be installed inside a person's body in the form of intra-body sensors or on the surface of the skin.From here, the sensors record and transmit the data to the personal devices (such as smartphones) or dedicated hospital monitoring devices [2].The sensors can be classified into two categories.They can be wearable outside the human body and implantable inside the human body.These sensors have become more practical because of advanced ingenuity, requiring them to be lightweight, small, and low-power.
Recent developments of low power fields in circuits and wireless communications such as Radio Frequency technology have advanced the achievements of WBANs [3].This technology provides low-cost, accurate healthcare solutions for people which may, inevitably, enhance their quality of life [4].There is significant interest from researchers, developers, and system designers in body network architecture technology [1,[3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19].These applications can be used in health care, security, wireless audio and fitness monitoring.Given the dramatic population increase and growing cost of health care, these applications will be highly beneficial for society in the future.WBANs allow for continuous, real-time health monitoring for patients, military staff and fire fighters to provide updated medical reports though the internet with the help of low-cost sensors [18].
WBANs possess the potential to reduce healthcare costs as well as the workload of medical professionals, resulting in higher efficiency.Mobile sensing of the human body will become more widespread with the new personal mobile devices which are capable of storing and processing large amounts of data [20].The main purpose of this paper is to examine and evaluate the biometric techniques that have been used in several studies on WBANs to verify patient identities.We discuss the advantages and disadvantages of each technique, and we evaluate the studies based on their results.Additionally, we propose several authentication that will incorporate two or more biometric technologies.
The remainder of this paper is outlined as follows: Section 2 provides a foundational background for WBAN devices, specifically the hardware and network requirements.WBAN security is addressed in Section 3. We provide a general overview of authentication methodologies in Section 4, as well as how we can recognize whether or not the sensors are on the same body in Section 5. Section 6 provides a comprehensive analysis of currently available biometric authentication methods.Subsequently, our analysis of each technique is presented in Section 7. Section 8 proposes several potential authentication schemes and the future scope of WBAN devices.We conclude our analysis in Section 9.

Background of WBANs
WBANs consist of several or more miniaturized low-power devices connected wirelessly in or near a human body.An example WBAN network is depicted in Figure 1.The patient has several sensors and actuators that record data, which is transmitted to the central unit.This information is passed on via the Internet to a medical center.The devices often perform sensing functions in a two-hop star topology and transmit information to the central receiver.These devices are extensively used in areas including medicine, sports, gaming, entertainment, and emergency response [2].We focus on medical applications of WBAN devices.Devices that fall under this scope include pacemakers, glucose monitors, blood pressure monitors, etc.We will discuss the foundational components of WBAN systems.
WBAN networks are broadly composed of the following hardware components: sensors, actuators, and personal devices (PD) [5,17].The sensor node is responsible for responding to and recording information according to a physical stimuli.Data processing may occur if necessary prior to transmission.These sensors can either be external, as in added to clothing [21] on placed directly on the body (e.g.SpO2, ECG, EEG), or internal, as in injected under the skin or into the blood stream (e.g.electrical impulses to mitigate the effects of Parkinson's disease) [10].An actuator responds to data received from sensors or via direct instruction from the user.These can be responsible for administering medication or controlling a person's biometrics (e.g.blood pressure, body temperature).Physically, actuators and sensors share much of the same components (a power unit, a central processor (CPU), memory, and a receiver or transmitter).The personal device collects and processes all information from the sensors and actuators.Nowadays, these devices are typically smartphones, PDAs, or dedicated unit.In some cases, the personal device can function as an actuator.
The fundamental limitations of WBAN devices is caused by their inherently small form factor.This directly affects power consumption, efficiency, and long-term reliability.Since these devices are typically battery powered, the sensors must be capable of continuous operation for several years (e.g.pacemakers are required to operate for a minimum of five years [11]).During their service, the devices must perform their functions reliably and consistently.The Quality of Service (QoS) must be guaranteed by the wireless protocols WBAN devices adhere to.
Furthermore, the various available WBAN applications demand a wide range of data transmission rates.The amount of data transmitted by the devices also depends on if the data is processed locally and only recorded parameters are transmitted [9].Table 1 shows the data rate, bandwidth, and accuracy for several medical applications.Further research is necessary to improve cost, size, and lifespan of WBAN devices.WBANs are typically designed to operate in a star topology, where all sensors are associated with a master node [6].In some scenarios where devices are internally mounted, the human body can become and obstacle for radio transmission.A more optimal topology for this situation would be a multi-hop network, where sensors communicate to neighboring nodes to exfiltrate data.Relay-based protocols can also alleviate this issue by implementing a mixed integer linear programming formulation of the topology problem, which minimizes the network usage while accounting for energy considerations [22].Several protocols are available for wireless transmission in WBANs, as specified by IEEE 802.15.6, including Bluetooth, Bluetooth Low Energy (BLE), Zigbee, Thread, and 6LoWPAN.
Another requirement for WBAN devices is true coexistence.Most devices communicate at the 2.45 Ghz ISM band, which is shared with WiFi, Bluetooth, Zigbee, and other IEEE standards.This introduces the risk of interfering radio traffic, which can produce sub-optimal (and potentially fatal) outcomes for medical WBAN applications [11].Fortunately, many researchers have proposed possible solutions to resolve these issues by implementing time and frequency spacing, code diversity, standards modification, standards adaptation, and hybrid solutions [6].

Security
Security is a fundamental requirement for WBANs as a result of the constant transmission of medical data.Since WBANs are transmitting important information, a security method is necessary to ensure communications remain private and to prevent security threats.Authentication, integrity authorization, availability, non-repudiation and confidentiality must be implemented.Fraudulent instructions sent to actuators can have potentially fatal outcomes [17].Patient data must not be obtained by an adversary who could then use it to authenticate themselves as the wearer [15].One of the marked challenges also is to answer the user's basic security questions.For instance, how does a user know if their critical health information is secure or not?How consistent or accurate is the data going to be? Sensor validations are subject to inherent communication and hardware constraints.Some of these constraints are experience by the majority of the sensors, but are more apparent for medical sensors.
There are several protocols designed with the purpose to improve the energy efficiency of WBAN, and that means a longer life of the WBAN sensors [15,23].The data access security requirements would need to have access control, accountability and non-repudiation.One of the biggest questions we ask with the WBAN technology is going to be regarding the authentication.How do we know if it is the right person using the WBAN?Confidentiality, integrity and dependability are absolutely necessary for wBAN networks.We will discuss several studies about the verification techniques of the WBAN and their respective effectivenesses and accuracies.

Authentication
Authentication is critical to ensure that the sensors, base station, and cluster heads are tested and authorized prior to providing or revealing information.These messages and information should be coming from the correct original source [16].Several authentication procedures are outlined in Table 2.

Procedure Description
One-Way A single message is sent from the sender to the receiver node.

Two-way
A communication link between two parties is certified.
Three-way When clock synchronization fails, a third message is sent from the sender to the receiver

Implicit
Authentication is performed as a subset of another process.
Some authentication issues would be based on static and dynamic node deployment.In general, the authentication process starts with the mobile node to verify which of the sensor nodes are on the same body.After the authentication, the mobile node records the sensor data from the node.Until that time, all the data will be ignored [20].In the personal health system, users will be able to connect to and read data from these sensors by using their cell phone and expecting the system to operate flawlessly.However, these sensors might not only be connected to the user's personal cell phones, but also unauthorized devices [20].We consider a motivational example of two users living in the same house using identical sensor devices.User 1 should be able to put on either device and have the cell phone recognize which device is attached to the user.This will automatically create the phone-device association without an explicit paring step.For this to happen, there needs to be two problems addressed first.User 1's device must be able to determine which sensors are attached to user 1.They must ignore other sensors that may be close by but not attached to user 1.The next step would be to have the phone and sensor device agree on a shared encryption key to ensure their communications are secure.The cell phone would analyze the data coming from the sensors to verify the wearer by some biometric measure.
Therefore, we can compose a solution by including an accelerometer sensor to every sensor device in addition to the primary sensors.Accelerometers are inexpensive additions, and can be used instead of biometric identity verification and can be implemented in 3 steps.First, the user wears the sensor on their body, and then turns it on.Next the sensor will detect that it was utilized, and then it will transmit its existence.Finally, the mobile receives the transition, and then connects with the sensor [20].

Location Recognition
It is necessary to discuss the different techniques that help to verify that the correct person is wearing a sensor, specifically biometric and cryptographic.Biometric authentication is the most popular option, with techniques that are capable of implementing an automatic verification of an individual identification by their physiological and behavioral characteristics.These characteristics can be used to measure the physiological or behavioral human patterns.In order to use the biometric techniques, there are several properties that must to be satisfied [16]: • Universal: Available to the entire population.
• Distinctive: It should be different between individuals.
• Permanent: It should remain unchanged for a period of time.
• Collectible: It means that the properties should be easy to collect and measure.
• Effective: Sufficient and stable for a period of time.
• Acceptable: The biometric system process has to be fast and accurate, have good memory storage and give a high performance with limited resources.• Invulnerable: The biometric system should be hard to access or hacked by any fraud attempts.The WBAN security system has to ensure that the sensor is on the correct user's body before it can authorize for information transfer.Biometric techniques use the human body's physiological or behavioral characteristics as an authentication identity in order to ensure a high security of the distribution for the cipher key inside the WBAN communications.The detection, collection and transition of human body data in the WBAN is sensitive and must be secured.The biometric tools can be implemented to verify the person who is wearing the sensor.If the verification is completed, then it will transmit the data through the WBAN network.

Device Authentication
There are several technical ways that have been used on the WBANs verification systems.In order to understand and analyze the techniques, we created the main categories below in Table 3 based on the user authentication devices with the techniques that were used on them.

Head Wearable Authentication Devices
Head wearable devices including Virtual Reality (VR) headsets and smart glasses have become more common in the market for communication and entertainment.This new technology was also adopted by well-known companies such as Samsung, Google, and others, which made it available for users.Recent research of authentication WBANs used the available devices in the market such as Google Glass (GG) [16,24,25] in different techniques for authentication.The main focus was to create a software that uses the sensors of the smart glasses for authentication.
In some studies, the user will have to wear the GG which will display a series of changing images of numbers and letters in front of one or both eyes.By using the sensors, the device will be able to verify the users from their eye blinking and patterns of head movements [16].This study used the blinking and head movements as a biometric for user identification and required a new software to be installed on the device for verification.Another study uses the GG sensors to create WBANs authentication system by capturing the unique human head-movement patterns while a person listens to an audio stimulus or music and monitoring these movements for authentication [24].The GG will record the data from the sensors and store it to the installed memory as a text file.The text file will be send to a PC to process the collected data using Python Script.
Another use of GG WBAN authentication involved creating a biometric authentication system using the audio signal inside the human skull to identify the users by recoding it.The users will be required to wear the GG in in a controlled laboratory setting room in order to record the skull audio signal waves.This study showed the range of the recorded audio between 0 kHz to 8 kHz and all the details about it [25].

Bracelet (Hand) Wearable Authentication Devices
Hand wearable devices are considered one of most available and obtainable devices in the market nowadays.That's because of the new generation of smart Hand wearable devices (Watches) that were developed lately in the market by several companies such as Samsung, Apple, Huawei and many other tech companies.Most of these devices were designed to be connected with the smart phones.Some of these watches contain accelerometer and gyroscope sensors that might be used for authentication.Several researchers used the idea of the smart watches to create WBAN authentication systems [26][27][28][29][30].
Some of the studies created a hand wearable device that contains eight sensors to read the internal impedance geometry of a user's arm using a tomography system [31].A tomography system can analyze the internal structure of an object such as arm or leg by radiation and electricity.These waves go across the eight sensors and read the interior of the object.This research is an example of a wearable device that doesn't contain any verification system to validate if it is being used by the actual owner or not.Some other studies presented an authentication scheme based on human body motions to verify a person wearing a wrist worn smart device using Samsung Galaxy Gear (SGG) [26].
The device is a behavioral biometric-based authentication method using three simple natural gestures and one special: arm up, arm down, forearm rotation about 90 degree clockwise, and the special one is drawing a circle.In addition, an application was implemented based on the Android platform to apply dynamic time warping method (DTW) and Histogram.This research used a smart watch available in the market (SGG) to create a new software and implement it.
One study used the LG G smart watch to perform gait-based biometric authentication [29].The authentication models were generated using a variety of machine learning techniques, using the accelerometer and gyroscope sensors on the watch, but evaluating each one separately.A subsequent study [30] by the same research group examined the simultaneous usage of both the accelerometer and gyroscope sensors, as well as physical activities other than walking to form the biometric signature.In total, this study evaluated the use of eighteen different physical activities (e.g., jogging, stair climbing) for biometric authentication.
Another example is a paper that describes a bracelet authentication which verifies the users while they are using a computer by monitoring how they type on the keyboard or how the user moves the mouse [27].The bracelet contains accelerometer and gyroscope sensors that transfer the information to the computer over short range radio.The computer used in this experiment is a Mac, and a Python script was written to capture two different movement sources from the bracelet.
Another study on WBAN bracelet authentication systems used the bioimpedance technique to verify and authenticate that the WBAN sensors belong to the same body and identify who is wearing them [28].Bioimpedance is a measurement of how tissue responds when exposed to an electrical occurred.A wrist-worn device was created with eight electrodes in contact with the wearer's wrist.With two of these electrodes, the device applies a small harmless current to the wrist so that it can measure bioimpedance.The wearable sensor was built on top of the shimmer platform which is an open-source, low-power wireless sensing platform.Peer-reviewed version available at Electronics 2018, 7, 436; doi:10.3390/electronics7120436

EEG and ECG Authentication on IMDs
Several new studies discussed Implantable Medical Devices (IMD) authentication systems using Electroencephalography (EEG) and Electrocardiography (ECG) [14,[32][33][34].In general, most on these papers proposed the IMD authentication based on the inter-pulse interval (IPIs).An ECG is used to provide a quantitative measurement of the electrical activity of a hear over a period of time [35].The signals are recorded by attaching a series of electrodes to various locations on the the patient's body.An EEG signal is used to record brain activity, and is similarly recorded by using electrodes attached to the patient's head [36].
A study introduced an authentication system for the IMDs called Heart-to-Heart (H2H) [32].This system used the ECG for the authentication mechanism since the user's body should already have an IMD that can read the body's ECG and send out the information.A touchable medical instrument, generically called a "Programmer", was created and for it to work, the user needs to keep physical contact with it so that it can accept and authorize access to the user's IMD to read the signals.A H2H mechanism is used to compare the equality of the user's ECG from the touchable medical instrument (Programmer) and the IMD in order to access the IMD data.Another paper presented a secure scheme for IMDs with comprehensive techniques for the ECG based keys with secure protocol and on the access control mechanism on the IMD external devices with an authentication proxy to protect it [34].Another study implements a Discrete Cosine Transform to process real-time ECG signals for more resilient feature extraction [37].An accuracy rate of 97.78% with an average 1.21 second processing time is reached for 15 subjects.A major drawback for most ECG authentication studies is the presumption that real-life users are perfectly healthy and have no preexisting medical conditions.Further testing is necessary for individuals with cardiac issues (e.g.arrhythmia and ischemia).
In [38], the authors incorporate an EEG-based authentication system with eye blinking.Several features are extracted (including event-related potential and morphological features) from EEG and eye-blinking signals.This information is passed to a convolutional neural network to score the two features.Least squares is used to produce their final estimation score.This method produced an improved accuracy of 97.6% (when compared to EEG-based authentication systems).Additionally, machine learning has been implemented to leverage Brain EEG signals for authentication [39].Raw EEG signals are filtered then segmented into sub-bands.These are used to extract several features to train a Error Correcting Code Support Vector Machine classifier.The input EEG vector and stored EEG vector are compared, and if a certain threshold is passed, then the user is authenticated [40].Lower-cost, consumer-grade EEG authentication systems have been studied by [41], thus introducing the possibility of more widespread adaptation of this technology.[42] proposes an in-ear EEG sensor to collect data.This novel technique allows for even easier EEG authentication implementation.

Body Portable Devices
This category pertains to any other WBAN devices that should be worn on any part of the body except the hands or head.Most of these studies used the Accelerometer Sensors and Fingerprint for WBAN Authentication [30,43,44] These techniques were used several times and are often considered as the first and the oldest phase of the WBAN authentication.A paper identified the user using a portable device that records their accelerometer signals from gait signals.The device should be worn on a belt, similar to carrying a mobile phone attached to the waist [43].The device consists of three dimensional accelerometer, two perpendicularly positioned Analog Devices ADXL202JQ accelerometers.It will record the accelerometer signals of gait signal 256-Hz sampling frequency on a laptop with National Instruments Lab 1200 DAQ card.The user should walk 20 Meters in normal, slow and fast walking speeds in order to detect the signals.It requires several other testing sessions to identify the users from their gait.
Personal devices, such as smartphones, typically include motion sensors, and another study utilized Google Nexus 5 and Samsung Galaxy S5 smartphones for biometric authentication [30].The phones were placed in the subject's pockets and both the accelerometer and gyroscope sensors were Peer-reviewed version available at Electronics 2018, 7, 436; doi:10.3390/electronics7120436used for authentication.Eighteen activities, including walking (gait) were evaluated as biometric signatures.This study also evaluated biometric performance when the smartphone sensors were combined with the sensors on a commercial smart watch.
Other studies discussed the Fingerprint authentication system to give access to the person who will assist the patient [44].This type of authentication access can be implemented by using fingerprint authentication systems which have become cheap and available in the market.The biometric fingerprint recognition system is used in the new generations of smart mobile phones such as Samsung and Apple.Other access devices are using electronic fingerprint recognition systems to grant access to doors or computer devices.Adding the fingerprint recognition system to the WBANS Body Portable Devices can be an advanced solution which should be considered in the near future.

Evaluation of Authentication Techniques
After discussing and analyzing the techniques and devices that have been used for the WBANs authentication, it is necessary to determine the realistic effectiveness of each technology and assess their limitations.In some cases biometric authentication performance was measured using Equal Error Rate (EER) , which is the value at which the false identification rate equals the false rejection rate.To discuss the results of the WBANs authentication papers, each is classified into one of the categories that we used above for WBAN authentication analysis.After discussing the techniques that were used on the head wearable devices (outlined in Table 4, we concluded that most of the studies used GG as a head wearable device.Focusing on the advantages of the head wearable devices for the WBANs authentication and identification studies, we can start with GG; using GG can be considered one of the advantages as it can be made available for patients as a low-priced, easy to use option.In addition, new head wearable devices can be built easily since the necessary equipment is readily available nowadays in the market.Another advantage is the high rate user identification accuracy of the papers such as 94% of 20 users [16] and 95.57% of 95 users [24].

Head Wearable Devices
Regarding the disadvantages, and talking about the security, most of the paper's systems did not mention the security methods that should be used to secure the transfer of the recorded data from the head wearable device to the other needed device (such as a computer).The security criteria was not addressed by the authors.Another disadvantage regarding the head-movement techniques is that the unique head-movements for human beings might not be functional for mentally or physically disabled individuals.This is one of the larger challenges for the head wearable device authentication Peer-reviewed version available at Electronics 2018, 7, 436; doi:10.3390/electronics7120436system for the WBANs including all the used techniques such as Head Movement and Eye blinking.
Adding to the disadvantages, some studies reading skull signal frequency used GG in a controlled laboratory setting [25].This method is unlikely to be scalable to the point it can be used without specific laboratory conditions, thus increasing the the cost and negatively affecting the availability.IMDs can be considered one of the newest and more novel forms of WBANs technology.Most of the studies used the data that the IMDs provided about the human body for authentication.We show in Table 6 that most of the studies used the ECG and EEG signals from the IMD for authentication [14,[32][33][34].Each human body provides unique ECG and EEG data which can be considered one of the advantages for security and authentication.In addition to that, the IMD already provides the signals and will not require any extra cost for authentication as the device is already implanted inside the patient's body.The only thing needed is another external device to read the same signal externally and compare it with the IMD's reading to implement the security criteria.

Bracelet (Hand) Wearable Devices
The other requirement is to secure the connection between the external device and the IMD.Unfortunately, security issues with the connection might be considered one of the disadvantages of the IMD authentication systems as none of the studies consider it.Further research is necessary to ensure that these methods of authentication are as secure as the others we discussed.
An important disadvantage of these techniques is their variability when the user is undergoing mental or physical activity.This can be mitigated by learning the user's biometric data while under load, but it further increases the complexity of an already computationally demanding process.Recoding all the signals with all the physical situations of the user for authentication requires a lot of time, memory space and energy.Several papers [48,49]  This category discussed the Body Portable Devices that can be wore on any part of the body except the hands and head.The accelerometer sensors were used in such devices in [30,43].Our evaluation of this technique is presented in Table 7.In [43]The device was tested on 36 users and the equal error rate (EER) was 7% on with signal correlation method, and 10%, 18% and 19%, respectively on frequency domain method and two variations of data distribution statistics method.This technique required a laptop that should be carried by the users, which can be considered one of the disadvantages regarding the usability.
A second study [30] utilized the Google Nexus 5 and Samsung Galaxy S5, two popular smartphones, as body portable devices.These devices were placed in the subject's pant pocket and the accelerometer and gyroscope sensors were used, both independently and in tandem.Over a population of 51 participants, the average EER was 9.4% when using the accelerometer, 9.8% when using the gyroscope, and 8.0% when used the fused sensor values from the two devices.Both methods are relatively easy to implement, with [43] being the lower cost option, and [30] having better availability.However, both techniques are not viable for physically disabled individuals, and the results are highly affected by the surface walked on.Another disadvantage of [30] is its relying on the user to carry their phone in their pockets.A simple fingerprint verification can easily be added to both methods to enhance the overall security, and provide authentication when the user is not moving.

Future Scope of WBANs
WBANs are growing at an insurmountable rate in the market for medical fields and industry fields for entertainment.In the near future, WBAN systems will change the way people think about managing and monitoring their health.This will also reduce healthcare costs because it will provide more preventive healthcare.WBANs require small, low-cost, low-energy devices such as sensor nodes.New generations of smart phones can store the medical data that is sent from the sensors, and in the future, with the growth of the smart phones, we will see improvements in this technology.The S-MAC and T-MAC protocols still need more research and improvements regarding the energy efficiency for the WBAN sensors.The user configuration systems and interfaces for the personal monitoring systems require more enhancements.This will be helpful for the users to interact efficiently with the device and improve their quality of life.WBAN authentication and identification fields require further research and studies in terms of efficiency, accuracy and reliability for the users' personal sensitive information.This will help to implement it in the market to increase the usability and availability.
We can now formulate several potential authentication schemes based on biometric techniques we discussed.Compared to the previous category that used the devices as a base form, on this analysis form we discussed the techniques that were used in papers [14,16,[24][25][26][27][28][31][32][33][34]43,44,50].Each technique has been used in a different way on the same device.For improved understanding and simplification, we re-categorized the use of each technique based on the way it's used and we added the possibility of combining two techniques or more together.We created new methods for improved comprehension of the WBAN authentication systems and the possibility of combining two or more techniques together.

External Authentication
This method focuses on sensors located outside of the body.The two authentication techniques, Head Movement and Eye blinking, were already used in [45].Additionally, head movement was also used independently for WBAN authentication in [24].The Skull Signal Frequency authentication technique was used in [25].Since these techniques were both GG on similar head wearable devices, there will be an opportunity to incorporate these techniques together into a single device for enhanced accuracy, effectiveness and security.
An additional combination is possible by incorporating several techniques designed to work on a bracelet.Several studies [26,28,31] used a hand wearable device in different ways for WBAN authentication systems.Combining these techniques to operate on a singular device will provide consistent results.Adding onto each technique (such as the Tomography System) with a Fingerprint authentication technique may be feasible since the Fingerprint devices can be seamlessly added to hand wearable devices.This new combination may be adopted and implemented into the market within the near future due to the high-speed developments on the smart watches by prominent tech companies such as Samsung and Apple.

Internal Authentication
This method consists of the WBANs authentication techniques that have been used on IMDs and other wearable devices [14,[32][33][34]43,44].IMDs can read the ECG and EEG signals of the patients and can be used for authentication.In order to use the ECG and EEG for authentication, it usually requires another portable external device to read the same signals and apply the authentication by comparing both readings to check if they are the same.To enhance the authentication techniques for the IMDs and make them more accurate, we added the Fingerprint techniques on the external device or the wearable device.Since the Fingerprint authentication devices are available in the market and easy to implement on any other device, it will be venerable and effective for them to be added for more privacy and security.

Conclusion
WBAN is expected to be a very useful tool with the potential to offer a wide range of benefits to the health field and for society.This is going to be done by continuous monitoring and early detection of possible health problems.As the technology continues to expand, the WBAN will grow accordingly.We provided an overview of WBANs and discussed the challenges and security issues that are present in a WBANs.
The expanding utilization of remote systems and the constant scaling down of electrical gadgets has engaged the improvement of remote body wireless systems.These systems' sensors are connected to garments or on the human body.These systems can offer numerous new useful and imaginative

Table 3 .
WBAN authentication categories based on device.

Table 4 .
Head Wearable Device Evaluation by technique.

Table 5 .
Bracelet (Hand) Wearable Device Evaluation by technique.

Table 6 .
IMD Evaluation by technique.

Table 7 .
Body Portable Device Evaluation by technique.