RoFa : A Robust and Flexible Fine-Grained Access Control Scheme for Mobile Cloud and IoT based Medical Monitoring

• Autorzy: Chen, Y. , Lei, M. , Ren, W. , Ren, Y. , Qu, Z.
• Języki publikacji: EN

Abstrakty

EN

Cloud computing paradigm is becoming very popular these days. However, it does not include wireless sensors and mobile phones which are needed to enable new emerging applications such as remote home medical monitoring. Therefore, a combined Cloud-Internet of Things (IoT) paradigm provides scalable on-demand data storage and resilient computation power at the cloud side as well as anytime, anywhere health data monitoring at the IoT side. As both the privacy of personal medical data and flexible data access should be provided,attackers exploit diverse social engineering and technology attacks ways, access to personal privacy information stored in the home medical monitoring cloud, with more and more social engineering attacks.Therefore, the data in the Cloud are always encrypted and access control must be operated upon encrypted data together with being fine-grained to support diverse accessibility. Since a plain combination of encryption before access control is not robust and flexible, we propose a scheme referred to as RoFa, with tailored design. The scheme is introduced in a step-by-step manner. The basic scheme (BaS) makes use of cipher-policy attributes based encryption to empower robustness and flexibility. We further propose an advanced scheme (AdS) to improve the computation efficiency by taking the advantages of proxy-reencryption. AdS can greatly decrease the computation overhead on hospital servers due to operation migration. We finally propose an enhanced scheme (EnS) to protect integrity by using aggregate signature. RoFa describes a general framework to solve the secure requirements, and leaves the flexibility of concrete constructions intentionally. We finally compare the robustness and the flexibility of the proposed schemes by performance analysis.

Słowa kluczowe

EN

access control; cloud computing; fine grained; Internet of things; robust security; flexible security

• Czasopismo: Fundamenta Informaticae
• Rocznik: 2018
• Tom: Vol. 157, nr 1/2
• Strony: 167--184
• Opis fizyczny: Bibliogr. 31 poz., rys., tab.

Twórcy

autor

Chen, Y.

• Guizhou Provincial Key Laboratory of Public Big Data, GuiZhou University, Guizhou Guiyang, P. R. China,

autor

Lei, M.

• Information Security Center, Beijing University of Post and Telecommunications, Beijing, P. R. China,

autor

Ren, W.

• School of Computer Science, China University of Geosciences, Wuhan, P. R. China,

autor

Ren, Y.

• School of Computing Science, University of East Anglia, Norwich, UK,

autor

Qu, Z.

• Jiangsu Engineering Center of Network Monitoring, School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing, P. R. China,

Bibliografia

• [1] Koch S. Home telehealth-current state and future trends. Elsevier Int. Journal of Medical Informatics, 2006;75(8):565-576. doi: 10.1016/j.ijmedinf.2005.09.002.
• [2] Sheppered S, and Iliffe S. Hospital at home versus in-patient hospital care. Cochrane Database of Systematic Reviews, 2005, pp. 1-172. doi:10.1002/14651858.CD000356.pub2.
• [3] Hebert MA, Korabek B, and Scott RE. Moving research into practice: a decision framework for integrating home telehealth into chronic illness care. Elsevier Int. Journal of Medical Informatics, 2006;75(12):786-794. Jochen Moehr Special Issue. doi:10.1016/j.ijmedinf.2006.05.041.
• [4] Skubic M, Alexander G, Popescu M, Rantz M, and Keller J. A smart home application to eldercare: Current status and lessons learned. Technology and Health Care, 2009;17(3):183-201. doi:10.3233/THC-2009-0551.
• [5] Jovanov E, Milenkovic A, Otto C, and De Groen P. A wireless body area network of intelligent motion sensors for computer assisted physical rehabilitation. Journal of Neuro Engineering and Rehabilitation, 2005;2(1):2-6. URL https://doi.org/10.1186/1743-0003-2-6.
• [6] Rubel P, Fayn J, Nollo G, Assanelli D, Li B, Restier L, Adami S, Arod S, Atoui H, Ohlsson M, et al.. Toward personal eHealth in cardiology. Results from the EPI-MEDICS telemedicine project. Elsevier Journal of Electrocardiology, 2005;38(4):100-106. doi:10.1016/j.jelectrocard.2005.06.011.
• [7] Fensli R, Oleshchuk V, Donoghue JO, and Reilly PO. Design requirements for a patient administered personal electronic health record. Biomedical Engineering, Trends, Researches and Technologies, 2010. doi:10.5772/12948.
• [8] Ren Y, Shen J, Wang J, Han J, and Lee S. Mutual Verifiable Provable Data Auditing in Public Cloud Storage. in Journal of Internet Technology, 2015;16(2):317-323. doi:10.6138/JIT.2015.16.2.20140918.
• [9] Ma T, Zhou J, Tang M, Tian Y, Al-Dhelaan A, and Al-Rodhaan M. Social network and tag sources based augmenting collaborative recommender system. in Ieice Transactions on Information & Systems, 2015;98(4):902-910. URL http://doi.org/10.1587/transinf.2014EDP7283.
• [10] Kotenko I, Stepashkin M, and Doynikova E. Security analysis of information systems taking into account social engineering attacks, in Parallel, Distributed and Network-Based Processing (PDP), 2011. 19th Euromicro International Conference on, 2011 pp. 611-618. doi:10.1109/PDP.2011.62.
• [11] Fu Z, Ren K, Shu J, and Sun X. Enabling personalized search over encrypted outsourced data with efficiency improvement. in IIEEE Transactions on Parallel & Distributed Systems, 2016;27(9):2546-2559. doi:10.1109/TPDS.2015.2506573.
• [12] Fu Z, Sun X, Liu Q, Zhou L, and Shu J. Achieving Efficient Cloud Search Services: Multi-keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing. in IEICE Transactions on Communications, 2015;98(1):190-200. doi:10.1587/transcom.E98.B.190.
• [13] Xia Z, Wang X, Sun X, Wang, Q. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. in IEEE Transactions on Parallel & Distributed Systems, 2015;27(2):340-352. doi:10.1109/TPDS.2015.2401003.
• [14] Kong Y, and Zhang M, and Ye D. A belief propagation-based method for task allocation in open and dynamic cloud environments, in Knowledge-Based Systems, vol. 115, 2017 pp. 123-132.
• [15] Ren Y, Oleshchuk VA, Li FY, and Sulistyo S. FoSBaS: an efficient key management scheme for body area networks. in Proc. IEEE Wireless Communications and Networking Conference (WCNC ’12), Paris, France, Apr. 2012.
• [16] Mouton F, and Leenen L, and Venter HS. Social engineering attack detection model: Seadmv2, in Cyberworlds (CW), 2015 International Conference on, 2015 pp. 216-223. doi: 10.1109/CW.2015.52.
• [17] Shen J, Shen J, Chen X, Huang X, and Susilo W. An Efficient Public Auditing Protocol with Novel Dynamic Structure for Cloud Data, in IEEE Transactions on Information Forensics and Security, 2003.
• [18] Fu Z, Shu J, Wang J, Liu Y, and Lee S. Privacy-Preserving Smart Similarity Search Based on Simhash over Encrypted Data in Cloud Computing, in Journal of Internet Technology, 2015;16(3):453-460. doi:10.6138/JIT.2015.16.3.20140918.
• [19] Wang, B, Gu X, Ma Li, and Yan S. Temperature error correction based on BP neural network in meteorological wireless sensor network, in International Journal of Sensor Networks, 2017;23(4):265-278. URL https://doi.org/10.1504/IJSNET.2017.083532.
• [20] Zhang J, Tang J, Wang T, and Chen F. Energy-efficient data-gathering rendezvous algorithms with mobile sinks for wireless sensor networks, in International Journal of Sensor Networks, 2017;23(4):248-257. doi:10.1504/IJSNET.2017.083533.
• [21] Shen J, Chang S, Shen J, Liu Q, and Sun X. A lightweight multi-layer authentication protocol for wireless body area networks, in Future Generation Computer Systems, 2016 doi:10.1016/j.future.2016.11.033.
• [22] Bethencourt J, Sahai A, and Waters B. Ciphertext-policy attribute-based encryption. in Proc. IEEE Security and Privacy (S&P ’07), 2007, pp. 321-334. doi:10.1109/SP.2007.11.
• [23] Dekker M, and Etalle S. Audit-based access control for electronic health records. in Proc. Second Int. Workshop on Views on Designing Complex Architectures (VODCA 2006), vol. 168, 2007, pp. 221-236. URL https://doi.org/10.1016/j.entcs.2006.08.028.
• [24] Wilikens M, Feriti S, Sanna A, and Masera M. A context-related authorization and access control method based on rbac. in Proc. 7th ACM Sym. on Access control models and technologies, Monterey, CA, USA, Jun. 2002, pp. 117-124. [Online]. URL http://doi.acm.org/10.1145/507711.507730.
• [25] Blobel B. Authorisation and access control for electronic health record systems. Elsevier Int. J. Medical Informatics, 2004;73(3):251-257. doi:10.1016/j.ijmedinf.2003.11.018.
• [26] Becker M, and Sewell P. Cassandra: distributed access control policies with tunable expressiveness. In Proc. 5th IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY ’04), Yorktown Heights, New York, USA, Jul. 2004, pp. 159-168. doi:10.1109/POLICY.2004.1309162.
• [27] Sandhu R, and Samarati P. Access control: principle and practice. emphIEEE Commun. Mag., 1994;32(9):40-48. doi:10.1109/35.312842.
• [28] Sandhu R, Coyne E, Feinstein H, and Youman C. Role-based access control models. IEEE Computer, 1996;29(2):38-47.
• [29] Blaze M, Bleumer G, and Strauss M. Divertible protocols and atomic proxy cryptography. in Proc. Advances in Cryptology-EUROCRYPT ’98. Lecture Notes in Computer Science, vol. 1403. Springer, Berlin, Heidelberg. 1998, pp. 127-144. URL https://doi.org/10.1007/BFb0054122.
• [30] Boneh D, Gentry C, Lynn B, and Shacham H. A survey of two signature aggregation techniques Crypto-Bytes, 2003;6(2):1-10.
• [31] Ma D, and Tsudik G. Extended abstract: forward-secure sequential aggregate authentication. in Proc. IEEE Symp. on Security and Privacy (S&P ’07), Oakland, CA, USA, May. 2007, pp. 86-91. doi:10.1109/SP.2007.18.

Uwagi

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2018).

Identyfikatory

DOI

10.3233/FI-2018-1624