An evaluation of break-the-glass access control model for medical data in wireless sensor networks

Wireless Sensor Networks (WSNs) have recently attracted a lot of attention in the research community because it is easy to deploy them in the physical environment and collect and disseminate environmental data from them. The collected data from sensor nodes can vary based on what kind of application is used for WSNs. Data confidentiality and access control to that collected data are the most challenging issues in WSNs because the users are able to access data from the different location via ad-hoc manner. Access control is one of the critical requirements to prevent unauthorised access from users. The current access control models in information systems cannot be applied straightforwardly because of some limitations namely limited energy, resource and memory, and low computation capability. Based on the requirements of WSNs, we proposed the Break-The-Glass Access Control (BTG-AC) model which is the modified and redesigned version of Break-The-Glass Role-Based Access Control (BTG-RBAC) model. The several changes within the access control engine are made in BTG-RBAC to apply and fit in WSNs. We developed the BTG-AC model in Ponder2 package. Also a medical scenario was developed to evaluate the BTG-AC model for medical data in WSNs. In this paper, detail design, implementation phase, evaluation result and policies evaluation for the BTG-AC model are presented. Based on the evaluation result, the BTG-AC model can be used in WSNs after several modifications have been made under Ponder2 Package.

[1]  Emil C. Lupu,et al.  Ponder2 - A Policy Environment for Autonomous Pervasive Systems , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[2]  Wenjing Lou,et al.  FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks , 2009, IEEE INFOCOM 2009.

[3]  David W. Chadwick,et al.  How to Break Access Control in a Controlled Manner , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[4]  David W. Chadwick,et al.  How to Securely Break into RBAC: The BTG-RBAC Model , 2009, 2009 Annual Computer Security Applications Conference.

[5]  Klaus Wehrle,et al.  Modular context-aware access control for medical sensor networks , 2010, SACMAT '10.

[6]  Bruce Christianson,et al.  A Survey of Access Control Models in Wireless Sensor Networks , 2014, J. Sens. Actuator Networks.

[7]  Emil C. Lupu,et al.  AMUSE: autonomic management of ubiquitous e‐Health systems , 2008, Concurr. Comput. Pract. Exp..

[8]  Bruce Christianson,et al.  An adaptive access control model with privileges overriding and behaviour monitoring in wireless sensor networks , 2012, Q2SWinet '12.

[9]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[10]  Bruce Christianson,et al.  An adaptive access control model for medical data in Wireless Sensor Networks , 2013, 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013).