Policy-Controlled Authenticated Access to LLN-Connected Healthcare Resources

Ubiquitous devices comprising several resource-constrained nodes with sensors, actuators, and networking capabilities are becoming part of many solutions that seek to enhance user's environment smartness and quality of living, prominently including enhanced healthcare services. In such an environment, security issues are of primary concern as a potential resource misuse can severely impact user's privacy or even become life threatening. Access to these resources should be appropriately controlled to ensure that eHealth nodes are adequately protected and the services are available to authorized entities. The intrinsic resource limitations of these nodes, however, make satisfying these requirements a great challenge. This paper proposes and analyzes a service-oriented architecture that provides a policy-based, unified, cross-platform, and flexible access control mechanism, allowing authorized entities to consume services provided by eHealth nodes while protecting their valuable resources. The scheme is XACML driven, although modifications to the related standardized architecture are proposed to satisfy the requirements imposed by nodes that comprise low-power and lossy networks (LLNs). A proof-of-concept implementation is presented, along with the associated performance evaluation, confirming the feasibility of the proposed approach.

[1]  Félix J. García Clemente,et al.  SeCoMan: A Semantic-Aware Policy Framework for Developing Privacy-Preserving and Context-Aware Smart Applications , 2016, IEEE Systems Journal.

[2]  A. Kannan,et al.  Access control for healthcare data using extended XACML-SRBAC model , 2012, 2012 International Conference on Computer Communication and Informatics.

[3]  Geoff Mulligan,et al.  The 6LoWPAN architecture , 2007, EmNets '07.

[4]  Luis Alonso,et al.  Reliable MAC design for ambient assisted living: moving the coordination to the cloud , 2015, IEEE Communications Magazine.

[5]  Cátia Santos-Pereira,et al.  A secure RBAC mobile agent access control model for healthcare institutions , 2013, Proceedings of the 26th IEEE International Symposium on Computer-Based Medical Systems.

[6]  Suku Nair,et al.  State Machine-Based Security Fusion for Resource-Constrained Environments , 2013, IEEE Systems Journal.

[7]  Pradeep Kumar Ray,et al.  The Need for Technical Solutions for Maintaining the Privacy of EHR , 2006, 2006 International Conference of the IEEE Engineering in Medicine and Biology Society.

[8]  Hans A. Kielland Aanesen,et al.  eHealth: The future service model for home and community health care , 2013, 2013 7th IEEE International Conference on Digital Ecosystems and Technologies (DEST).

[9]  Hui Zhang,et al.  Efficient Signcryption for Heterogeneous Systems , 2013, IEEE Systems Journal.

[10]  Serge Chaumette,et al.  Wireless Sensor Nodes , 2014, Secure Smart Embedded Devices, Platforms and Applications.

[11]  Wenjing Lou,et al.  FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks , 2009, IEEE INFOCOM 2009.

[12]  Kyung Sup Kwak,et al.  Performance study of low-power MAC protocols for Wireless Body Area Networks , 2010, 2010 IEEE 21st International Symposium on Personal, Indoor and Mobile Radio Communications Workshops.

[13]  Kris Steenhaut,et al.  REST Enabled Wireless Sensor Networks for Seamless Integration with Web Applications , 2011, 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems.

[14]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[15]  Guang-Zhong Yang,et al.  Body sensor networks , 2006 .

[16]  Wouter Joosen,et al.  Access Control in Multi-party Wireless Sensor Networks , 2013, EWSN.

[17]  Martina Ziefle,et al.  From Computer Innovation to Human Integration: Current Trends and Challenges for Pervasive HealthTechnologies , 2014 .

[18]  Matt Welsh,et al.  Integrating wireless sensor networks with the grid , 2004, IEEE Internet Computing.

[19]  Emil C. Lupu,et al.  A lightweight policy system for body sensor networks , 2009, IEEE Transactions on Network and Service Management.

[20]  Ramadan Abdunabi,et al.  Specification, Validation, and Enforcement of a Generalized Spatio-Temporal Role-Based Access Control Model , 2013, IEEE Systems Journal.

[21]  Luis Alonso,et al.  WSN4QoL: Wireless Sensor Networks for quality of life , 2013, 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013).

[22]  Charalampos Manifavas,et al.  IPsec over IEEE 802.15.4 for low power and lossy networks , 2013, MobiWac '13.

[23]  Guang-Zhong Yang,et al.  Body Sensor Networks: Infrastructure for Life Science Sensing Research , 2006, 2006 IEEE/NLM Life Science Systems and Applications Workshop.

[24]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[25]  Ibrahima Niang,et al.  A Survey of Access Control Schemes in Wireless Sensor Networks , 2011 .

[26]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[27]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[28]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[29]  Alyn Iorwerth,et al.  Web Services Security: SOAP Message Security , 2017 .

[30]  Kyung Sup Kwak,et al.  Towards security issues and solutions in Wireless Body Area Networks , 2010, INC2010: 6th International Conference on Networked Computing.

[31]  Duane DeCouteau,et al.  Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0 , 2008 .

[32]  Salvatore J. Stolfo,et al.  A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan , 2010, ACSAC '10.

[33]  Jim Sermersheim,et al.  Lightweight Directory Access Protocol (LDAP): The Protocol , 2006, RFC.

[34]  Ioannis Papaefstathiou,et al.  IPv6 security for low power and lossy networks , 2013, 2013 IFIP Wireless Days (WD).

[35]  Charalampos Manifavas,et al.  Embedded Systems Security Challenges , 2014, PECCS.

[36]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[37]  Christos V. Verikoukis,et al.  Energy harvesting aware hybrid MAC protocol for WBANs , 2013, 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013).

[38]  Chun Chen,et al.  Distributed Access Control with Privacy Support in Wireless Sensor Networks , 2011, IEEE Transactions on Wireless Communications.

[39]  Colin J. Fidge,et al.  Access Control Requirements for Processing Electronic Health Records , 2007, Business Process Management Workshops.