Recently there has been an increasing interest on bootstrapping security for wireless networks merely using physical layer characteristics. In particular, the focus has been on two fundamental security issues - device authentication and secret key extraction. While most existing works emphasize on tackling the two issues separately, it remains an open problem to simultaneously achieve device authentication and fast secret key extraction merely using wireless physical layer characteristics, without the help of advanced hardware or out-of-band channel. In this paper, for the first time, we answer this open problem in the setting of Wireless Body Area Networks (BANs). We propose ASK-BAN, a lightweight fast authenticated secret key extraction scheme for intra-BAN communication. Our scheme neither introduces any advanced hardware nor relies on out-of-band channels. To perform device authentication and fast secret key extraction at the same time, we exploit the heterogeneous channel characteristics among the collection of on-body channels during body motion. Specifically, with simple body movements, channel variations between line-of-sight on-body devices are relatively stable while those for non-line-of-sight devices are unstable. ASK-BAN utilizes the relatively static channels for device authentication and the dynamic ones for secret key generation. On one hand, ASK-BAN achieves authentication through multi-hop stable channels, which greatly reduces the false positive rate as compared to existing work. On the other hand, based on dynamic channels, the key extraction process between two on-body devices with multihop relay nodes is modeled as a max flow problem, and a novel collaborative secret key generation algorithm is introduced to maximize the key generation rate. Extensive real world experiments on low-end COTS sensor devices validate that ASK-BAN has a high secret key generation rate while being able to authenticate body devices effectively.