A Secure Remote Monitoring Framework Supporting Efficient Fine-Grained Access Control and Data Processing in IoT

As an important application of the Internet-of-Things, many remote monitoring systems adopt a device-to-cloud network paradigm. In a remote patient monitoring (RPM) case, various resource-constrained devices are used to measure the health conditions of a target patient in a distant non-clinical environment and the collected data are sent to the cloud backend of an authorized health care provider (HCP) for processing and decision making. As the measurements involve private patient information, access control, confidentiality, and trustworthy processing of the data become very important. Software-based solutions that adopt advanced cryptographic tools, such as attribute-based encryption and fully homomorphic encryption, can address the problem, but they also impose substantial computation overhead on both patient and HCP sides. In this work, we deviate from the conventional software-based solutions and propose a secure and efficient remote monitoring framework using latest hardware-based trustworthy computing technology, such as Intel SGX. In addition, we present a robust and lightweight “heartbeat” protocol to handle notoriously difficulty user revocation problem. We implement a prototype of the framework for PRM and show that the proposed framework can protect user data privacy against unauthorized parties, with minimum performance cost compared to existing software-based solutions with such strong privacy protection.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Dan Boneh,et al.  IRON: Functional Encryption using Intel SGX , 2017, CCS.

[3]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[4]  M V Patil,et al.  HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING , 2006 .

[5]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[6]  Gonzalo Mateos,et al.  Health Monitoring and Management Using Internet-of-Things (IoT) Sensing with Cloud-Based Processing: Opportunities and Challenges , 2015, 2015 IEEE International Conference on Services Computing.

[7]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[8]  Jianqing Zhang,et al.  Performance evaluation of Attribute-Based Encryption: Toward data privacy in the IoT , 2014, 2014 IEEE International Conference on Communications (ICC).

[9]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[10]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[11]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[12]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[13]  Lei Yang,et al.  A multi-cloud based privacy-preserving data publishing scheme for the internet of things , 2016, ACSAC.

[14]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[15]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[16]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[17]  Hongwei Liu,et al.  An efficient access control scheme with outsourcing capability and attribute update for fog computing , 2018, Future Gener. Comput. Syst..

[18]  Yiwei Thomas Hou,et al.  REARGUARD: Secure Keyword Search Using Trusted Hardware , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[19]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[20]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[21]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[22]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[23]  Yiwei Thomas Hou,et al.  Protecting your right: Attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[24]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[25]  Yixian Yang,et al.  Secure Data Access Control With Ciphertext Update and Computation Outsourcing in Fog Computing for Internet of Things , 2017, IEEE Access.