Privacy Protection And Con dentiality In
Medical IoT
Anjana George, Anu S Alunkal, Gopika G Nair, Poornasree R Mohan, and
Fasila K.A
Muthoot Institute of Technology & Science
Varikoli P.O, Puthencruz, Ernakulam, Kerala, India
Abstract. The central issue of any IoT device is its security in sharing data. Di erent methods have been proposed for sharing of data from an IoT device. The range of security in these methods are di erent. This paper is a comparative study of these security schemes to determine which scheme allows the fastest and most accurate output.
Our nd-ings indicate that attribute matching functions decrease the usage of keys and leads to e cient key management. Bloom lters helps in easy addition and searching of the attributes and solves the trouble of com-plete re-initialization of attributes during updation.Attribute matching functions also reduce the need of large number of keys and is based on hashing of attributes to a speci ed position that enhances the security.
The authenticated people whose attributes matches with the speci ed condition can upload and retrieve medical les whereas non-matching attribute holders may be able to request , but could not download the medical les or have access to its contents.Since medical world is boom-ing and the associated technology is advancing formerly protection of the data from tampering and its sharing to various terminals need security enhancing methods and procedures which adds on the relevance of this work.
Keywords: IOT Attribute Bloom Filter Con dentiality Privacy at-tributes.
Introduction
The security of medical IOT is a project undertaken for enhancing privacy pre-serving e ciency of a smart medical terminal that stores vital information. Typi-cally and commonly used encryption methods (e.g.: AES) does not provide a ne grained access.The public key approach does not have one to many relations so a large number of keys are required for security as the number of users increase and key management becomes di cult. Traditionally we use attribute matching functions to retrieve and protect data which does not exhibit much e ciency .In many cases all attributes have to be collected and fed into the terminal and to add new one complete re-initialization have to be done.There is a chance that
Authors Suppressed Due to Excessive Length
data may get decrypted as it passes to the terminals, if cipher text not produced soon.
This proposed work focuses upon solutions to these problems. Here we use the modern attribute based encryption to increase e ciency and privacy of data sharing, where the cipher text is accompanied by a ne grained access control data structure.Here we use a set of attributes instead of keys. Users take par-tially decrypted data from terminals and the set of their matching attributes in the cipher helps to completely decrypt data which provides additional security. Bloom lters are used which is based on hashing that helps easy retrieval and security of data.Due to bloom lters, initially you need not add every single attribute. Instead you can add it at any stage without complete re-initialization unlike the old attribute matching function.
Medical data is increasing at an alarming rate and has really sensitive con-tents which needs secure mechanisms for transmission and processing.The work was initially implemented using AES but reached to a conclusion that CP-ABE algorithm is much suited for the work and since there is involvement of storage and processing in cloud platform ,Java was found to be suitable. The main focus was cast upon usage of attributes instead of keys that created confusions and problem of management.Matching of attributes were considered for granting and rejecting access.
Section I gives a general introduction to the area of research and the vari-ous motivations that led to the proposal. Section II and III discusses the brief literature survey done and the comparison of the existing methodologies. Sec-tion IV deals with the proposed idea. Section V illustrates the work ow of di erent modules. Section VI discusses the design diagrams. Section VII shows the expected result from the proposed idea. Section VIII and IX deals with the conclusion and idea of enhancement for the proposed solution.
Literature Survey
2.1Security in the Internet of Things[1]
Internet of Things (IOT) is a new network that uses wireless sensor connections and radio frequency identi cation (RFID) to achieve overall perception of infor-mation, reliable transmission and smart processing through wireless network and technology. Therefore, the protection of privacy and security is a key feature of IOT[1].This security concerns tag information (RFID), wireless communications information security, information security, privacy, and security processing.
2.2Security Model for IoT[2]
Proposed an integrated and interrelated security, trust, privacy prospect and selects a cube structure[3] as a modeling mechanism for IoT security, trust and privacy. The cube structure depicts security, con dence and privacy convergence. Privacy consists of privacy of the respondent, privacy, ethical, and laws of the
Privacy Protection And Con dentiality In Medical IoT 3
owner. The security consists of licensing, identi cation and authentication.The trust foundation of IoT is the integrity, non-repudiation andavailability. Beliefs, delegation, recommendation and reputation together. .
2.3IoT Device Security Based On Proxy Re-encryption [3]
In this paper, they propose an IoT network environment in which information is collected and processed from dozens of sensor nodes. In this environment, through communication with the server, each node shares its information with nodes at di erent locations, which acts as an order to secure the scalable data. If the proxy re-encoding schemes are used as proposed, n re-encoding keys are created by each node and sent to the proxy server. The proposed protocol pro-vides a structure through which a large number of di erent data can be accessed safely and e ciently, including user personal information that requires high con-dentiality. The additional calculation compared to the polynomial equation.
2.4A Lightweight and Flexible Encryption Scheme to Protect Sensitive Data in Smart Building Scenarios [4]
A Lightweight and Flexible Encryption Scheme for Protecting Sensitive Data in Smart Building Scenarios[4 ], this paper introduces an encryption scheme based on the lightness of symmetric cryptography and attribute-expressiveness based on encryption. This proposal combines the lightness and e ciency of symmetric key cryptography to protect data with the expressiveness and exibility of the Ciphertext Policy Attribute Based Encryption Scheme (CP ABE) for distribut-ing the appropriate symmetric keys. SymCpAbe provides a solution that is more e cient and exible to protect sensitive data while maintaining scalability. To carry out these resources, it is not a mechanism for distributing CP-ABE encryp-tion and decryption in various edge nodes-requiring cooperative cryptographic operations.
2.5A Survey on Authentication Techniques for Internet of Things
[5]
Identi cation of a speci c object in such a huge network of interconnected smart objects poses a fundamental task that inuences all other system functions such as its governance, privacy features, access control, overall architecture. Tradi-tional authentication methods like certi cate based are discussed.Most of tradi-tional ones require complete change in protocols and cause key generation over-heads. Gateway, controller and central data store authentication architecture requires new hardware implementations.ID based one was listed as the strongest one against various attacks. Overhead problems solved using access structure.
Authors Suppressed Due to Excessive Length
2.6Identity-based authentication scheme for the Internet of Things
[6]
For addressing the heterogeneity in IO T devices and to integrate the wide rang-ing protocols of the network a common identity and authentication mechanism is necessary . Private and public keys of devices are not stored by Key Distribution Centre (KDC) and instead all the attributes / identities are stored. When a user log in and give their attributes it is checked with the stored attributes and only valid identi cation is permitted. Public key of a recipient is not needed in an identity based encryption but can simply use identity for the purpose. Even the recipient need not hold the corresponding private key at the time when cipher text is generated. Servers can be used for direct generation of the private key as their requirement and need not worry about public key distribution. The only thing required is a secure channel and an IBE server for private key transmission.
2.7Authentication and Access Control in e-Health Systems in the Cloud [7]
In this new environment, processing, storing, hosting and archiving data relating to e-Health systems without physical access and control increases the importance of authentication and access control issues. In our project access control struc-ture is added with encrypted data into the cloud , which provides access only to authorized data owners and users.Achieves authentication and ne-grained access control
2.8E-health care andle hierarchical encryption[8]
Based on de-duplication and le hierarchical encryption, e-health care data shar-ing in the cloud. The e-healthcare system plays a major role in society. It mon-itors the health condition and helps provide adequate medical treatment. This systems objective is to collect and store patient details and share health-related information. In this system, in terms of text and image, they send the PHI to the cloud, as well as other personal questions about their medical history. In cloud computing, the collected PHI should match physicians experience in judging the condition of the patient and, unfortunately, a series of security measures would be provided by delegating storage and computing to the untrusted en-tity. This is where duplication occurs. It is a technique for eliminating duplicate copies of data and has been widely used in cloud storage to reduce storage space and upload bandwidth.
2.9Attribute Based Encryption for Secure Sharing of E-Health Data.[9]
Attribute Based Encryption for Secure Sharing of E-Health Data. Cloud comput-ing is a revolutionary computer paradigm that makes it possible to use computer
Privacy Protection And Con dentiality In Medical IoT 5
resources exibly, on demand and at low cost. The reasons for security and pro-tection problems arise because the health information of patients[2]. The active customers is stored on some cloud servers instead of under their own control. Various systems based on attribute – based encryption have been proposed to address security problems. In this paper, we use multi – party cloud computing systems to make health data safer. Where health data is encrypted using key policy and attributes. And the user with a speci c attribute and key policy alone can decipher health data after veri cation by the “key distribution center” and the “secure data distributor.” In the medical eld, this technique can be used to securely store patient details and restrict access to an outsider . In order to secure the scalable data, the health data must be encrypted before outsourcing.
There are lots of methods for the data preserving in medical IoT. From the survey we analysed that, for a group sharing the best choice is CP-ABE. Pro-cessing,storing, hosting and archiving data related to e-Health systems without physical access and control rises importance of authentication and access control issues in this new environment.In our project access control structure is added with encrypted data into the cloud , which provides access only to authorized data owners and users.It thus achieves authentication and ne-grained access control. Fine grained authentication with access control. To decrease heavy com-putational and communication overhead on data owners, most of the process of authentication and access control is given to an AAM( authentication and access management).
Comparison of Existing Techniques
Con dentiality and privacy is important in the scenario of medical IOT.For a group sharing it is better to use Ciphertext based attribute based encryption.It should ensure that only authorized people will get access data. Initially algo-rithms like AES was implemented and checked , but is considered to be an old method that uses extra keys but with CP-ABE uses less number of keys.
Proposed Work
The main idea behind the work is to ensure a more secure and practical method for transmission and storage of medical data.Instead of using private and public keys preference was given to the usage of attributes. Single attributes are taken which involves designation of the person logging in. All registered members can log in and add con dential medical les in their respective accounts.
Person who wishes to retrieve these les can place a request for it from their respective account. Acceptance and rejection is done the rquest reciever and if by chance or accidentally request is permitted for an unauthenticated person, the le will be disabled for download. The security algorithm chosen is CP-ABE
after checking upon AES method. CP-ABE is more suitable for works involving cloud platforms.
Authors Suppressed Due to Excessive Length table.jpg
796925-138430
Fig. 1. Comparison table of CP-ABE with other encryption methods
The medical data is proposed to be collected on a real time basis from tem-perature and pulse sensors.ECG variations are also taken into account using potentiometer.Data collected from these hardwares are taken in as a CP-ABE le and then encryption is performed on it.On the occurence of tampering inside the cloud contents an alert noti cation is placed to inform the same.
Methodology
The main focus of the project is to reduce the number of keys used as in other methods. Instead we use attributes to check the granting of access and to enhance security. Attributes used here is the designation of people or it can be any other factors assigned or selected, can be multiple in numbers which replaces the use of extra security keys for granting access.
The medical data sharing model involves entities like cloud server,attribute authority,data owner and data user.The cloud server is third party ,which is used to store ciphertext and attribute bloom lter.The attributes are provided by attribute authority.
The scheme model involves these steps.
{ Initialization: This algorithm is executed by authority attribute. Which takes a security parameter and generates ouput PK and MSK.PK is public key and MSK is Master Secret Key.
{ Key generation: Key generation is done using PK, MSK and user set S assignment that produces SK(secret key) as output for each user. : three encryption phases are created o ine, online, and ABF.
O ine encryption: inputs the users public PK parameters and outputs an intermediate IT ciphertext.
Online Encryption: Sensors or smartphones are based on the public PK
Privacy Protection And Con dentiality In Medical IoT 7
parameters, an intermediate ciphertext IT and the information m to be en-crypted, as well as an access structure (M, ). Then output is a ciphertext CT.
ABF Build: The data owner takes an access structure (M, ) and generates the attribute of the bloom lter.
{ Decryption: ABFQuery and Dec have two subalgorithms.
ABFQuery: Inputs set S, ABF and PK attribution. The algorithm ABF-Query produces a reconstructed mapping attribute 0 = (rownum, att)S. The mapping shows the cascading of the corresponding row number of ma-trix M and all att level S attributes.
Dec: Inputs the SK, ciphertext CT and reconstructed mapping attribute 0, then returns message m if the access policy attributes can be ful lled, oth-erwise the algorithm will be omitted.
In overall, the key is generated using the keygen values. The private key and the public key will be automatically generated for each users and is tied with the set of attributes which represents users permission. For en-cryption, both keys and attributes are provided so that security is enhanced.
Conclusion
Instead of using the public key approach which uses a large number of key pairs attributes were collected for each user which reduced the confusion and problems created by large number of keys. Extra level of security were ensured by applying online-o ine encryption before installing the data to cloud. Access control structures were used to provide authentication. ABF Build were used to create attribute bloom lters which provided a particular position for storing the data by hashing and storing method. Hashing of attributes to a particular position enhanced the security of storage. With attribute bloom lters addition of new attribute at any stage of execution become easier and it does not require complete re-initialisation of all the existing attributes when new ones are added.
Future Scope
The work has got a great relevance in the protection of vital medical informa-tions. Various encryption methods have been used at di erent stages for pro-tecting the data. A modi cation can also be added , along with the medical images that were generated a video was tried to be compressed and encrypted
So that a person seeing the medical image cannot nd the presence of a vital data containing video inside it. This involves higher level of protection of data.
Authors Suppressed Due to Excessive Length
References
Hui Suoa, Jiafu WanCaifeng ZouaPower ://, Jianqi Liua Security in the Internet of Things International Conference on Computer Science and Electronics Enginerring
2012
Sachin Babar, Parikshit Mahalle, Antonietta Stango, Neeli Prasad, and Ramjee Prasad Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) 2012
IoT device security based on proxy re-encryption “, Journal of Ambient Intelligence and Humanized Computing
A Lightweight and Flexible Encryption Scheme to Protect Sensitive Data in Smart Building Scenarios A lightweight and exible encryption scheme to protect sensitive data in Smart Build-ing scenarios “, 1Department of Information and Communication Engineering, Uni-versity of Murcia, Murcia, Spain 2 FINCONS SpA, Bari, Italy Corresponding au-thor: Salvador Prez (e-mail: [email protected]).
A Survey on Authentication Techniques for the Internet of Things : A Survey on Au-thentication Techniques for the Internet of Things/download “, ,July 2017
Identity-based authentication scheme for the Internet of Things
9-10 April 2016 Paper June 2016
Authentication and Access Control in e-Health Systems in the Cloud
Paper 9-10 April 2016
E-health care and le hierarchical encryption :International conference on informa-tion,communication embedded systems (ICICES 2017)
Attribute based encryption for secure sharing of E-health data :IOP Conf. Se-ries: Materials Science and Engineering 263 (2017) 042030 doi:10.1088/1757-899X/263/4/042030