Abstract
Due to the meteoric rise of cloud computing and the Internet of Things (IoT) concepts, remote monitoring of patients in real-time has become possible, and patients can now get healthcare services at home. To accomplish this, the patient’s medical records must be stored on a server on the cloud. However, patient medical records kept on a server are extremely sensitive, making the Cloud-enabled IoT (CE-IoT) network vulnerable to several threats. Therefore, it must ensure that patient’s medical records are not exposed to malicious users. Therefore, advanced fine-grained access control systems are required to protect data for authorized users. To realize the full potential of IoT healthcare, flexible access control schemes are a current field of research. We propose the Attribute-Based Access Control (ABAC) model with completely flexible and programmable delegation capabilities to satisfy the aforementioned requirements. In our addressed delegation model, a delegator may delegate fully or partially, depending on the situation. The delegator can delegate read, write, and edit permissions for a given resource. Our proposed scheme manages this permission delegation further by the Quality Factor (QF) of authorized users. The proposed scheme can provide multi-level access delegation by restricting the number of further delegations of a particular attribute. Each delegator can manage further delegations by delegatee to compensate for suitable user behaviors. Thus, a user can gain access to cloud-based healthcare data by presenting evidence that they hold the relevant attribute set (attributes may be assigned or delegated) according to the access policies. The proposed scheme also includes a mechanism for attribute revocation on demand. Theoretical and practical analyses demonstrate that the proposed scheme is computationally efficient, safe against attribute collusion, impersonation attacks, and replay attacks, and meets its stated goals. We have demonstrated that the proposed access control scheme has greater delegation capabilities than the existing ABAC scheme with access delegation capabilities.
Similar content being viewed by others
References
Azizan A, Din N, Dzaki D, Kadir A, Shafie N (2022) Implementation of an IoT Cloud-based Elderly Care Health Monitoring Dashboard. 2022 4th International Conference On Smart Sensors And Application (ICSSA), pp 150-154
Haghi Kashani M, Madanipour M, Nikravan M, Asghari P, Mahdipour E (2021) A systematic review of IoT in healthcare: Applications, techniques, and trends. J Netw Comput Appl 192:103164. https://www.sciencedirect.com/science/article/pii/S1084804521001764
Javaid M, Khan I (2021) Internet of Things (IoT) enabled healthcare helps to take the challenges of COVID-19 Pandemic. J Oral Biol Craniofac Res 11:209–214. https://www.sciencedirect.com/science/article/pii/S2212426821000154
Pal S, Hitchens M, Varadharajan V, Rabehaja T (2017) On design of a fine-grained access control architecture for securing iot-enabled smart healthcare systems. Proceedings Of The 14th EAI International Conference On Mobile And Ubiquitous Systems: Computing, Networking And Services, pp 432-441
Bang A, Rao U, Visconti A, Brighente A, Conti M (2022) An IoT Inventory Before Deployment: A Survey on IoT Protocols, Communication Technologies, Vulnerabilities, Attacks, and Future Research Directions. Computers & Security, pp 102914
Darshan KR, Anandakumar KR (2015) A comprehensive review on usage of Internet of Things (IoT) in healthcare system. 2015 International Conference On Emerging Research In Electronics, Computer Science And Technology (ICERECT), pp 132-136
Hansen F, Oleshchuk V (2006) Location-based security framework for use of handheld devices in medical information systems. Fourth Annual IEEE International Conference On Pervasive Computing And Communications Workshops (PERCOMW’06), pp 5
Ali M, Sadeghi M, Liu X (2020) Lightweight Revocable Hierarchical Attribute-Based Encryption for Internet of Things. IEEE Access 8:23951–23964
Ouaddah A, Mousannif H, Abou Elkalam A, Ouahman A (2017) Access control in the Internet of Things: Big challenges and new opportunities. Comput Netw 112:237–262
Ravidas S, Lekidis A, Paci F, Zannone N (2019) Access control in Internet-of-Things: A survey. J Netw Comput Appl 144:79–101
Vijayalakshmi K, Jayalakshmi V (2022) A Study on Current Research and Challenges in Attribute-based Access Control Model. Intelligent Data Communication Technologies And Internet Of Things, pp 17-31
Servos D, Osborn S (2017) Current research and open problems in attribute-based access control. ACM Comput Surv (CSUR) 49:1–45
Pussewalage H, Oleshchuk V (2017) Attribute based access control scheme with controlled access delegation for collaborative E-health environments. J Inf Secur Appl 37:50–64
Servos D, Bauer M (2019,11) Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control
Servos D, Osborn S (2014) HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control. FPS
Lei W, Xu L (2016) Research and implementation of access control model of internet of things. 2016 5th International Conference On Computer Science And Network Technology (ICCSNT), pp 102-106
Bilgen M, Bicakci K (2020) Extending Attribute-Based Access Control Model with Authentication Information for Internet of Things. 2020 International Conference On Information Security And Cryptology (ISCTURKEY), pp 48-55
Ding S, Zhao Y, Zhu H (2011) Extending fuzzy identity-based encryption with delegating capabilities. 2011 6th IEEE Joint International Information Technology And Artificial Intelligence Conference.1:19-23
Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W (2009) Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. IEEE Trans Image Process
Badirova A, Dabbaghi S, Moghaddam F, Wieder P, Yahyapour R (2021) A Secure and Flexible Method of Permission Delegation Between Different Account Types. 2021 8th International Conference On Future Internet Of Things And Cloud (FiCloud), pp 50-57
Porwal S, Mittal S (2022) A fully flexible key delegation mechanism with efficient fine-grained access control in CP-ABE. Journal Of Ambient Intelligence And Humanized Computing, pp 1-20
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. 2007 IEEE Symposium On Security And Privacy (SP’07), pp 321-334
Jiang Y, Susilo W, Mu Y, Guo F (2016) Ciphertext-policy attribute-based encryption with key-delegation abuse resistance. Australasian Conference On Information Security And Privacy, pp 477-494
Jiang Y, Susilo W, Mu Y, Guo F (2018) Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Future Gener Comput Syst 78:720–729
Porwal S, Mittal S (2019) A Secure Key Delegation Mechanism for Fog Networking. 2019 Twelfth International Conference On Contemporary Computing (IC3), pp. 1-7
Porwal S, Mittal S (2019) A Flexible Secure Key Delegation Mechanism for CP-ABE with Hidden Access Structure. 2019 11th International Conference On Information Technology And Electrical Engineering (ICITEE), pp 1-6
Ahuja R, Mohanty S (2017) A scalable attribute-based access control scheme with flexible delegation cum sharing of access privileges for cloud storage. IEEE Trans Cloud Comput 8:32–44
Xu J, Wen Q, Li W, Jin Z (2015) Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans Parallel Distrib Syst 27:119–129
Premkamal P, Pasupuleti S, Alphonse P (2019) A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in cloud. J Ambient Intell Humaniz Comput 10:2693–2707
Pussewalage HG, Oleshchuk V (2022) A Delegatable Attribute Based Encryption Scheme for a Collaborative E-health Cloud. IEEE Transactions On Services Computing, pp 1-1
Kyngäs H, Kääriäinen M, Elo S (2020) The Trustworthiness of Content Analysis. The Application Of Content Analysis In Nursing Science Research, pp 41-48
Green C (2012) White Paper: Trust and the Sharing Economy: A New Business Model. Retrieved May 12:2014
Rabah K (2005) Theory and implementation of elliptic curve cryptography. J Appl Sci 5:604–633
Lidl R, Niederreiter H (1994) Introduction to finite fields and their applications. (Cambridge university press)
Abbasinezhad-Mood D, Nikooghadam M (2018) Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications. Future Gener Comput Syst 84:47–57
Acknowledgements
This work is supported by a research project funded by IHUB NTIHAC Foundation, IIT Kanpur (Sanction Order No.: IHUB-NTIHAC/2021/01/8) under the aegis of the National Mission on Interdisciplinary Cyber-Physical System (NM- ICPS), DST, GoI.
Funding
This work is supported by a research project funded by IHUB NTIHAC Foundation, IITK under the aegis of the National Mission on Interdisciplinary Cyber-Physical System (NM-ICPS), DST, Government of India.
Author information
Authors and Affiliations
Contributions
All the authors contributed to formulating the problem and preparing the manuscript. Moreover, Pooja started with the initial draft and prepared the security analysis of the proposed approach. Akhil and Sonu completed the empirical analysis of the proposed approach. Udai supervised overall this work.
Corresponding author
Ethics declarations
Ethics approval
Not applicable.
Consent to publish
All the authors are agreed for the publication.
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Choksy, P., Chaurasia, A., Rao, U.P. et al. Attribute based access control (ABAC) scheme with a fully flexible delegation mechanism for IoT healthcare. Peer-to-Peer Netw. Appl. 16, 1445–1467 (2023). https://doi.org/10.1007/s12083-023-01486-w
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-023-01486-w