A Robust and Flexible Access Control Scheme for Cloud-IoT Paradigm with Application to Remote Mobile Medical Monitoring

Cloud computing paradigm is becoming very popular these days. However, it does not include wireless sensors and mobile phones which are needed to enable new emerging applications such as remote home medical monitoring. Therefore, a combined Cloud-Internet of Things (IoT) paradigm provides scalable on-demand data storage and resilient computation power at the cloud side as well as anytime, anywhere health data monitoring at the IoT side. As both the privacy of personal medical data and flexible data access should be provided, the data in the Cloud are always encrypted and access control must be operated upon encrypted data together with being fine-grained to support diverse accessibility. Since a plain combination of encryption before access control is not robust and flexible, we propose a scheme with tailored design. The scheme makes use of cipher-policy attributes based encryption to empower robustness and flexibility. The scheme describes a general framework to solve the secure requirements, and leaves the flexibility of concrete constructions intentionally.

[1]  Sabine Koch,et al.  Home telehealth - Current state and future trends , 2006, Int. J. Medical Informatics.

[2]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[3]  Marcelo Masera,et al.  A context-related authorization and access control method based on RBAC: , 2002, SACMAT '02.

[4]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[5]  Bernd Blobel,et al.  Authorisation and access control for electronic health record systems , 2004, Int. J. Medical Informatics.

[6]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[7]  Aleksandar Milenkovic,et al.  Journal of Neuroengineering and Rehabilitation Open Access a Wireless Body Area Network of Intelligent Motion Sensors for Computer Assisted Physical Rehabilitation , 2005 .

[8]  James M. Keller,et al.  A smart home application to eldercare: current status and lessons learned. , 2009, Technology and health care : official journal of the European Society for Engineering and Medicine.

[9]  Richard E. Scott,et al.  Moving research into practice: A decision framework for integrating home telehealth into chronic illness care , 2006, Int. J. Medical Informatics.

[10]  Sandro Etalle,et al.  Audit-Based Access Control for Electronic Health Records , 2007, Electron. Notes Theor. Comput. Sci..

[11]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..