Skip to main content
SpringerLink
Log in

Attribute based access control (ABAC) scheme with a fully flexible delegation mechanism for IoT healthcare

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Due to the meteoric rise of cloud computing and the Internet of Things (IoT) concepts, remote monitoring of patients in real-time has become possible, and patients can now get healthcare services at home. To accomplish this, the patient’s medical records must be stored on a server on the cloud. However, patient medical records kept on a server are extremely sensitive, making the Cloud-enabled IoT (CE-IoT) network vulnerable to several threats. Therefore, it must ensure that patient’s medical records are not exposed to malicious users. Therefore, advanced fine-grained access control systems are required to protect data for authorized users. To realize the full potential of IoT healthcare, flexible access control schemes are a current field of research. We propose the Attribute-Based Access Control (ABAC) model with completely flexible and programmable delegation capabilities to satisfy the aforementioned requirements. In our addressed delegation model, a delegator may delegate fully or partially, depending on the situation. The delegator can delegate read, write, and edit permissions for a given resource. Our proposed scheme manages this permission delegation further by the Quality Factor (QF) of authorized users. The proposed scheme can provide multi-level access delegation by restricting the number of further delegations of a particular attribute. Each delegator can manage further delegations by delegatee to compensate for suitable user behaviors. Thus, a user can gain access to cloud-based healthcare data by presenting evidence that they hold the relevant attribute set (attributes may be assigned or delegated) according to the access policies. The proposed scheme also includes a mechanism for attribute revocation on demand. Theoretical and practical analyses demonstrate that the proposed scheme is computationally efficient, safe against attribute collusion, impersonation attacks, and replay attacks, and meets its stated goals. We have demonstrated that the proposed access control scheme has greater delegation capabilities than the existing ABAC scheme with access delegation capabilities.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Azizan A, Din N, Dzaki D, Kadir A, Shafie N (2022) Implementation of an IoT Cloud-based Elderly Care Health Monitoring Dashboard. 2022 4th International Conference On Smart Sensors And Application (ICSSA), pp 150-154

  2. Haghi Kashani M, Madanipour M, Nikravan M, Asghari P, Mahdipour E (2021) A systematic review of IoT in healthcare: Applications, techniques, and trends. J Netw Comput Appl 192:103164. https://www.sciencedirect.com/science/article/pii/S1084804521001764

  3. Javaid M, Khan I (2021) Internet of Things (IoT) enabled healthcare helps to take the challenges of COVID-19 Pandemic. J Oral Biol Craniofac Res 11:209–214. https://www.sciencedirect.com/science/article/pii/S2212426821000154

  4. Pal S, Hitchens M, Varadharajan V, Rabehaja T (2017) On design of a fine-grained access control architecture for securing iot-enabled smart healthcare systems. Proceedings Of The 14th EAI International Conference On Mobile And Ubiquitous Systems: Computing, Networking And Services, pp 432-441

  5. Bang A, Rao U, Visconti A, Brighente A, Conti M (2022) An IoT Inventory Before Deployment: A Survey on IoT Protocols, Communication Technologies, Vulnerabilities, Attacks, and Future Research Directions. Computers & Security, pp 102914

  6. Darshan KR, Anandakumar KR (2015) A comprehensive review on usage of Internet of Things (IoT) in healthcare system. 2015 International Conference On Emerging Research In Electronics, Computer Science And Technology (ICERECT), pp 132-136

  7. Hansen F, Oleshchuk V (2006) Location-based security framework for use of handheld devices in medical information systems. Fourth Annual IEEE International Conference On Pervasive Computing And Communications Workshops (PERCOMW’06), pp 5

  8. Ali M, Sadeghi M, Liu X (2020) Lightweight Revocable Hierarchical Attribute-Based Encryption for Internet of Things. IEEE Access 8:23951–23964

    Article  Google Scholar 

  9. Ouaddah A, Mousannif H, Abou Elkalam A, Ouahman A (2017) Access control in the Internet of Things: Big challenges and new opportunities. Comput Netw 112:237–262

  10. Ravidas S, Lekidis A, Paci F, Zannone N (2019) Access control in Internet-of-Things: A survey. J Netw Comput Appl 144:79–101

    Google Scholar 

  11. Vijayalakshmi K, Jayalakshmi V (2022) A Study on Current Research and Challenges in Attribute-based Access Control Model. Intelligent Data Communication Technologies And Internet Of Things, pp 17-31

  12. Servos D, Osborn S (2017) Current research and open problems in attribute-based access control. ACM Comput Surv (CSUR) 49:1–45

    Article  Google Scholar 

  13. Pussewalage H, Oleshchuk V (2017) Attribute based access control scheme with controlled access delegation for collaborative E-health environments. J Inf Secur Appl 37:50–64

    Google Scholar 

  14. Servos D, Bauer M (2019,11) Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control

  15. Servos D, Osborn S (2014) HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control. FPS

  16. Lei W, Xu L (2016) Research and implementation of access control model of internet of things. 2016 5th International Conference On Computer Science And Network Technology (ICCSNT), pp 102-106

  17. Bilgen M, Bicakci K (2020) Extending Attribute-Based Access Control Model with Authentication Information for Internet of Things. 2020 International Conference On Information Security And Cryptology (ISCTURKEY), pp 48-55

  18. Ding S, Zhao Y, Zhu H (2011) Extending fuzzy identity-based encryption with delegating capabilities. 2011 6th IEEE Joint International Information Technology And Artificial Intelligence Conference.1:19-23

  19. Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W (2009) Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. IEEE Trans Image Process

  20. Badirova A, Dabbaghi S, Moghaddam F, Wieder P, Yahyapour R (2021) A Secure and Flexible Method of Permission Delegation Between Different Account Types. 2021 8th International Conference On Future Internet Of Things And Cloud (FiCloud), pp 50-57

  21. Porwal S, Mittal S (2022) A fully flexible key delegation mechanism with efficient fine-grained access control in CP-ABE. Journal Of Ambient Intelligence And Humanized Computing, pp 1-20

  22. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. 2007 IEEE Symposium On Security And Privacy (SP’07), pp 321-334

  23. Jiang Y, Susilo W, Mu Y, Guo F (2016) Ciphertext-policy attribute-based encryption with key-delegation abuse resistance. Australasian Conference On Information Security And Privacy, pp 477-494

  24. Jiang Y, Susilo W, Mu Y, Guo F (2018) Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Future Gener Comput Syst 78:720–729

    Article  Google Scholar 

  25. Porwal S, Mittal S (2019) A Secure Key Delegation Mechanism for Fog Networking. 2019 Twelfth International Conference On Contemporary Computing (IC3), pp. 1-7

  26. Porwal S, Mittal S (2019) A Flexible Secure Key Delegation Mechanism for CP-ABE with Hidden Access Structure. 2019 11th International Conference On Information Technology And Electrical Engineering (ICITEE), pp 1-6

  27. Ahuja R, Mohanty S (2017) A scalable attribute-based access control scheme with flexible delegation cum sharing of access privileges for cloud storage. IEEE Trans Cloud Comput 8:32–44

    Article  Google Scholar 

  28. Xu J, Wen Q, Li W, Jin Z (2015) Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans Parallel Distrib Syst 27:119–129

    Article  Google Scholar 

  29. Premkamal P, Pasupuleti S, Alphonse P (2019) A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in cloud. J Ambient Intell Humaniz Comput 10:2693–2707

    Article  Google Scholar 

  30. Pussewalage HG, Oleshchuk V (2022) A Delegatable Attribute Based Encryption Scheme for a Collaborative E-health Cloud. IEEE Transactions On Services Computing, pp 1-1

  31. Kyngäs H, Kääriäinen M, Elo S (2020) The Trustworthiness of Content Analysis. The Application Of Content Analysis In Nursing Science Research, pp 41-48

  32. Green C (2012) White Paper: Trust and the Sharing Economy: A New Business Model. Retrieved May 12:2014

    Google Scholar 

  33. Rabah K (2005) Theory and implementation of elliptic curve cryptography. J Appl Sci 5:604–633

    Google Scholar 

  34. Lidl R, Niederreiter H (1994) Introduction to finite fields and their applications. (Cambridge university press)

  35. Abbasinezhad-Mood D, Nikooghadam M (2018) Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications. Future Gener Comput Syst 84:47–57

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by a research project funded by IHUB NTIHAC Foundation, IIT Kanpur (Sanction Order No.: IHUB-NTIHAC/2021/01/8) under the aegis of the National Mission on Interdisciplinary Cyber-Physical System (NM- ICPS), DST, GoI.

Funding

This work is supported by a research project funded by IHUB NTIHAC Foundation, IITK under the aegis of the National Mission on Interdisciplinary Cyber-Physical System (NM-ICPS), DST, Government of India.

Author information

Authors and Affiliations

  1. Computer Science and Engineering Department, Sardar Vallabhbhai National Institute of Technology, Surat, 395007, Gujarat, India

    Pooja Choksy, Akhil Chaurasia & Sonu Kumar

  2. Computer Science and Engineering Department, National Institute of Technology, Patna, 800005, Bihar, India

    Udai Pratap Rao

Authors
  1. Pooja Choksy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Akhil Chaurasia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Udai Pratap Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sonu Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All the authors contributed to formulating the problem and preparing the manuscript. Moreover, Pooja started with the initial draft and prepared the security analysis of the proposed approach. Akhil and Sonu completed the empirical analysis of the proposed approach. Udai supervised overall this work.

Corresponding author

Correspondence to Udai Pratap Rao.

Ethics declarations

Ethics approval

Not applicable.

Consent to publish

All the authors are agreed for the publication.

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Choksy, P., Chaurasia, A., Rao, U.P. et al. Attribute based access control (ABAC) scheme with a fully flexible delegation mechanism for IoT healthcare. Peer-to-Peer Netw. Appl. 16, 1445–1467 (2023). https://doi.org/10.1007/s12083-023-01486-w

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-023-01486-w

Keywords

Search

Navigation