Abstract
The Internet of Things (IoT) enables healthcare systems to handle emergencies, where multiple authorities interact to perform tasks. Prevention of unauthorized access and defining access domains for legitimate users are crucial. Attribute-Based Access Control System (ABACS) techniques play a vital role in defining boundaries in a multi-agent environment. However, adopting traditional ABAC in IoT-based resource-constrained networks is not feasible. This research analyzes the effects of attributes as key performance metrics, including execution time, memory overhead, and computational complexities. To address these challenges, this research proposes a Physical-Social Attributes Access Control Policy (PS-ABACS) framework that secures Multiparty Computation (SMC), symmetric encryption, and randomization-based access control methods. PS-ABASC introduces a lightweight two-party set intersection technique to generate an access policy. The analysis shows that the proposed technique is efficient in computing access policy and session key generation, and less number of attributes based on randomness characteristics is appropriate for resource-constrained networks. Moreover, it demonstrates advancements by reducing memory usage up to 0.048 KB for 60 attributes. The framework generates session keys proficiently, encrypts data, and minimizes computational expenses through a randomized attribute vector. In terms of communication overhead, the framework surpasses expectations by supporting up to 100 attributes, resulting in a reduction of transmission costs to 1120 bits. Overall, this framework improves security, reduces resource consumption, and enhances data exchange efficiency in IoT ecosystems.
Similar content being viewed by others
Availability of data and materials
Not applicable.
References
Wang W, Huang H, Yin Z, Gadekallu TR, Alazab M, Su C (2023) Smart contract token-based privacy-preserving access control system for industrial internet of things. Digit Commun Netw 9(2):337–346
Ali U, Idris MYIB, Frnda J, Ayub MNB, Khan MA, Khan N, Jasim AA, Ullah I, Babar M et al (2023) Enhanced lightweight and secure certificateless authentication scheme (elwscas) for internet of things environment. Internet of Things 24:100923
Fatima MN, Obaidat MS, Mahmood K, Shamshad S, Saleem MA, Ayub MF (2023) Privacy-preserving three-factor authentication protocol for wireless sensor networks deployed in agricultural field. ACM Trans Sens Netw
Chen D, Zhang L, Liao Z, Dai H-N, Zhang N, Shen X, Pang M (2023) Flexible and fine-grained access control for ehr in blockchain-assisted e-healthcare systems. IEEE Internet of Things J
Abu-Salih B, Al-Qurishi M, Alweshah M, Al-Smadi M, Alfayez R, Saadeh H (2023) Healthcare knowledge graph construction: a systematic review of the state-of-the-art, open issues, and opportunities. J Big Data 10(1):81
Alhaidari F, Rahman A, Zagrouba R (2023) Cloud of things: architecture, applications and challenges. J Ambient Intell Humaniz Comput 14(5):5957–5975
Li C, Jiang B, Dong M, **n X, Ota K (2023) Privacy preserving for electronic medical record sharing in healthchain with group signature. IEEE Syst J
Uddin R, Kumar SA, Chamola V (2024) Denial of service attacks in edge computing layers: taxonomy, vulnerabilities, threats and solutions. Ad Hoc Netw 152:103322
Bakhtiary V, Mirabi M, Salajegheh A, Erfani SH (2024) Combo-chain: towards a hierarchical attribute-based access control system for iot with smart contract and sharding technique. Internet of Things 101080
Trivedi C, Rao UP (2023) Secrecy aware key management scheme for internet of healthcare things. J Supercomput, 1–31
Saxena D, Patel P (2023) Energy-efficient clustering and cooperative routing protocol for wireless body area networks (wban). Sādhanā 48(2):71
Kiran MV, Nithya B (2023) Stable and energy-efficient next-hop router selection (se-nrs) for wireless body area networks. Int J Inf Technol 15(2):1189–1200
Verma P, Gupta DS (2023) An improved certificateless mutual authentication and key agreement protocol for cloud-assisted wireless body area networks. Wireless Pers Commun 131(4):2399–2426
Anwar M, Abdullah AH, Butt RA, Ashraf MW, Qureshi KN, Ullah F (2018) Securing data communication in wireless body area networks using digital signatures. Technol J 23(02):50–55
Wang J, Han K, Fan S, Zhang Y, Tan H, Jeon G, Pang Y, Lin J (2020) A logistic map**-based encryption scheme for wireless body area networks. Futur Gener Comput Syst 110:57–67
Wang K, **e S, Rodrigues J (2022) Medical data security of wearable telerehabilitation under internet of things. Internet of Things and Cyber-Physical Systems 2:1–11
Le T-V (2023) Cross-server end-to-end patient key agreement protocol for dnabased u-healthcare in the internet of living things. Mathematics 11(7):1638
Han D, Pan N, Li K-C (2020) A traceable and revocable ciphertextpolicy attribute-based encryption scheme based on privacy protection. IEEE Trans Dependable Secure Comput 19(1):316–327
Chatterjee U, Ray S, Adhikari S, Khan MK, Dasgupta M (2023) An improved authentication and key management scheme in context of iot-based wireless sensor network using ecc. Comput Commun 209:47–62
Saini KK, Kaur D, Kumar D, Kumar B (2024) An efficient threefactor authentication protocol for wireless healthcare sensor networks. Multimed Tools Appl, 1–23
Kashmar N, Adda M, Atieh M (2020) From access control models to access control metamodels: a survey. In: Advances in information and communication: proceedings of the 2019 future of information and communication conference (FICC), vol 2. Springer, pp 892–911
Liu X, Luo Y, Yang X (2020) Traceable attribute-based secure data sharing with hidden policies in mobile health networks. Mob Inf Syst 2020
Zhang C, Shahriar H, Riad AK (2020) Security and privacy analysis of wearable health device. In: 2020 IEEE 44th Annual computers, software, and applications conference (COMPSAC). IEEE, pp 1767–1772
Hussein SA, Abed IA, Hussien ZA (2022) Lightweight and secure authentication protocol for wearable device in smart healthcare. In: 2022 International conference on electrical, computer and energy technologies (ICECET). IEEE, pp 1–7
Aghili SF, Sedaghat M, Singelée D, Gupta M (2022) Mls-abac: efficient multi-level security attribute-based access control scheme. Futur Gener Comput Syst 131:75–90
Qin X, Huang Y, Li X (2020) An ecc-based access control scheme with lightweight decryption and conditional authentication for data sharing in vehicular networks. Soft Comput 24:18881–18891
Wu F, Li X, Sangaiah AK, Xu L, Kumari S, Wu L, Shen J (2018) A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Futur Gener Comput Syst 82:727–737
Azrour M, Mabrouki J, Chaganti R (2021) New efficient and secured authentication protocol for remote healthcare systems in cloud-iot. Secur Commun Netw 2021:1–12
Chen C-M, Li Z, Chaudhry SA, Li L (2021) Attacks and solutions for a two-factor authentication protocol for wireless body area networks. Secur Commun Netw 2021:1–12
Zhang L, Hu G, Mu Y, Rezaeibagha F (2019) Hidden ciphertext policy attribute-based encryption with fast decryption for personal health record system. IEEE Access 7:33202–33213
Qiu J, Tian Z, Du C, Zuo Q, Su S, Fang B (2020) A survey on access control in the age of internet of things. IEEE Internet Things J 7(6):4682–4696
Zerga H, Amraoui A, Benmammar B (2022) Distributed, dynamic and trustworthy access control for telehealth systems. Concurr Comput Pract Exp 34(28):7352
Al Mamun A, Faruk Jahangir MU, Azam S, Kaiser MS, Karim A (2020) A combined framework of interplanetary file system and blockchain to securely manage electronic medical records. In: Proceedings of international conference on trends in computational and cognitive engineering: proceedings of TCCE 2020. Springer, pp 501–511
Alshehri S, Bamasaq O, Alghazzawi D, Jamjoom A (2022) Dynamic secure access control and data sharing through trusted delegation and revocation in a blockchain-enabled cloud-iot environment. IEEE Internet Things J 10(5):4239–4256
Daidone F, Carminati B, Ferrari E (2021) Blockchain-based privacy enforcement in the iot domain. IEEE Trans Dependable Secure Comput 19(6):3887–3898
Fugkeaw S, Wirz L, Hak L (2023) An efficient medical records access control with auditable outsourced encryption and decryption. In: 2023 15th International conference on knowledge and smart technology (KST). IEEE, pp 1–6
Liu J, Li X, Ye L, Zhang H, Du X, Guizani M (2018) Bpds: a blockchain based privacy-preserving data sharing for electronic medical records. In: 2018 IEEE Global communications conference (GLOBECOM). IEEE, pp 1–6
Rahmadika S, Astillo PV, Choudhary G, Duguma DG, Sharma V, You I (2022) Blockchain-based privacy preservation scheme for misbehavior detection in lightweight iomt devices. IEEE J Biomed Health Inform 27(2):710–721
Saini A, Zhu Q, Singh N, **ang Y, Gao L, Zhang Y (2020) A smartcontract-based access control framework for cloud smart healthcare system. IEEE Internet Things J 8(7):5914–5925
Ullah Z, Raza B, Shah H, Khan S, Waheed A (2022) Towards blockchainbased secure storage and trusted data sharing scheme for iot environment. IEEE Access 10:36978–36994
Zhang J, Yang Y, Liu X, Ma J (2022) An efficient blockchain-based hierarchical data sharing for healthcare internet of things. IEEE Trans Industr Inf 18(10):7139–7150
Nasralla MM, Khattak SBA, Ur Rehman I, Iqbal M (2023) Exploring the role of 6g technology in enhancing quality of experience for m-health multimedia applications: a comprehensive survey. Sensors 23(13):5882
Ali R, Pal AK, Kumari S, Sangaiah AK, Li X, Wu F (2018) An enhanced three factor based authentication protocol using wireless medical sensor networks for healthcare monitoring. J Ambient Intell Humaniz Comput, 1–22
Mohamed AKYS, Auer D, Hofer D, Küng J (2024) A systematic literature review of authorization and access control requirements and current state of the art for different database models. Int J Web Inf Syst 20(1):1–23
Ding Y, Huang P, Liang H, Yuan F, Wang H (2023) Output regeneration defense against membership inference attacks for protecting data privacy. Int J Web Inf Syst 19(2):61–79
Ashraf Z, Mahmood Z, Iqbal M (2023) Lightweight privacy-preserving remote user authentication and key agreement protocol for nextgeneration iot-based smart healthcare. Future Internet 15(12):386
Thomas M, BB M, (2024) Dos attack detection using aquila deer hunting optimization enabled deep belief network. Int J Web Inf Syst 20(1):66–87
**e Q, Ding Z, Hu B (2021) A secure and privacy-preserving three-factor anonymous authentication scheme for wireless sensor networks in internet of things. Secur Commun Netw 2021:1–12
De Caro A, Iovino V (2011) jpbc: java pairing based cryptography. In: 2011 IEEE symposium on computers and communications (ISCC). IEEE, pp 850– 855
Perazzo P, Righetti F, La Manna M, Vallati C (2021) Performance evaluation of attribute-based encryption on constrained iot devices. Comput Commun 170:151–163
Acknowledgements
The authors would like to thank Prince Sultan University for their support. The authors thank the anonymous reviewers and the editor for their valuable feedback on the paper which helped to improve its quality and presentation.
Funding
This work was supported by Intelligent and Sustainable Aerial-Terrestrial IoT Networks, INITIATE Grant agreement ID: [101008297] and Automotive and Secure System for Emergency Communication. Grant No. R22084, Funding Agency Zayed University Research Project Fund.
Author information
Authors and Affiliations
Contributions
ZM: was involved in the algorithm design, system design, analysis, results, and write-up. ZA: proofread, reviewed the work, re-structured, and re-constructed the paper. MI: supervised technical aspects. BF: performed experiments and write-up.
Corresponding authors
Ethics declarations
Ethics approval
Not applicable.
Conflict of interest
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Mahmood, Z., Ashraf, Z., Iqbal, M. et al. User-trust centric lightweight access control for smart IoT crowd sensing applications in healthcare systems. Pers Ubiquit Comput (2024). https://doi.org/10.1007/s00779-024-01803-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00779-024-01803-x