SpringerLink
Log in

User-trust centric lightweight access control for smart IoT crowd sensing applications in healthcare systems

  • Original Paper
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) enables healthcare systems to handle emergencies, where multiple authorities interact to perform tasks. Prevention of unauthorized access and defining access domains for legitimate users are crucial. Attribute-Based Access Control System (ABACS) techniques play a vital role in defining boundaries in a multi-agent environment. However, adopting traditional ABAC in IoT-based resource-constrained networks is not feasible. This research analyzes the effects of attributes as key performance metrics, including execution time, memory overhead, and computational complexities. To address these challenges, this research proposes a Physical-Social Attributes Access Control Policy (PS-ABACS) framework that secures Multiparty Computation (SMC), symmetric encryption, and randomization-based access control methods. PS-ABASC introduces a lightweight two-party set intersection technique to generate an access policy. The analysis shows that the proposed technique is efficient in computing access policy and session key generation, and less number of attributes based on randomness characteristics is appropriate for resource-constrained networks. Moreover, it demonstrates advancements by reducing memory usage up to 0.048 KB for 60 attributes. The framework generates session keys proficiently, encrypts data, and minimizes computational expenses through a randomized attribute vector. In terms of communication overhead, the framework surpasses expectations by supporting up to 100 attributes, resulting in a reduction of transmission costs to 1120 bits. Overall, this framework improves security, reduces resource consumption, and enhances data exchange efficiency in IoT ecosystems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Algorithm 1
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Availability of data and materials

Not applicable.

References

  1. Wang W, Huang H, Yin Z, Gadekallu TR, Alazab M, Su C (2023) Smart contract token-based privacy-preserving access control system for industrial internet of things. Digit Commun Netw 9(2):337–346

    Article  Google Scholar 

  2. Ali U, Idris MYIB, Frnda J, Ayub MNB, Khan MA, Khan N, Jasim AA, Ullah I, Babar M et al (2023) Enhanced lightweight and secure certificateless authentication scheme (elwscas) for internet of things environment. Internet of Things 24:100923

    Article  Google Scholar 

  3. Fatima MN, Obaidat MS, Mahmood K, Shamshad S, Saleem MA, Ayub MF (2023) Privacy-preserving three-factor authentication protocol for wireless sensor networks deployed in agricultural field. ACM Trans Sens Netw

  4. Chen D, Zhang L, Liao Z, Dai H-N, Zhang N, Shen X, Pang M (2023) Flexible and fine-grained access control for ehr in blockchain-assisted e-healthcare systems. IEEE Internet of Things J

  5. Abu-Salih B, Al-Qurishi M, Alweshah M, Al-Smadi M, Alfayez R, Saadeh H (2023) Healthcare knowledge graph construction: a systematic review of the state-of-the-art, open issues, and opportunities. J Big Data 10(1):81

    Article  Google Scholar 

  6. Alhaidari F, Rahman A, Zagrouba R (2023) Cloud of things: architecture, applications and challenges. J Ambient Intell Humaniz Comput 14(5):5957–5975

    Article  Google Scholar 

  7. Li C, Jiang B, Dong M, **n X, Ota K (2023) Privacy preserving for electronic medical record sharing in healthchain with group signature. IEEE Syst J

  8. Uddin R, Kumar SA, Chamola V (2024) Denial of service attacks in edge computing layers: taxonomy, vulnerabilities, threats and solutions. Ad Hoc Netw 152:103322

    Article  Google Scholar 

  9. Bakhtiary V, Mirabi M, Salajegheh A, Erfani SH (2024) Combo-chain: towards a hierarchical attribute-based access control system for iot with smart contract and sharding technique. Internet of Things 101080

  10. Trivedi C, Rao UP (2023) Secrecy aware key management scheme for internet of healthcare things. J Supercomput, 1–31

  11. Saxena D, Patel P (2023) Energy-efficient clustering and cooperative routing protocol for wireless body area networks (wban). Sādhanā 48(2):71

    Article  Google Scholar 

  12. Kiran MV, Nithya B (2023) Stable and energy-efficient next-hop router selection (se-nrs) for wireless body area networks. Int J Inf Technol 15(2):1189–1200

    Google Scholar 

  13. Verma P, Gupta DS (2023) An improved certificateless mutual authentication and key agreement protocol for cloud-assisted wireless body area networks. Wireless Pers Commun 131(4):2399–2426

    Article  Google Scholar 

  14. Anwar M, Abdullah AH, Butt RA, Ashraf MW, Qureshi KN, Ullah F (2018) Securing data communication in wireless body area networks using digital signatures. Technol J 23(02):50–55

    Google Scholar 

  15. Wang J, Han K, Fan S, Zhang Y, Tan H, Jeon G, Pang Y, Lin J (2020) A logistic map**-based encryption scheme for wireless body area networks. Futur Gener Comput Syst 110:57–67

    Article  Google Scholar 

  16. Wang K, **e S, Rodrigues J (2022) Medical data security of wearable telerehabilitation under internet of things. Internet of Things and Cyber-Physical Systems 2:1–11

    Article  Google Scholar 

  17. Le T-V (2023) Cross-server end-to-end patient key agreement protocol for dnabased u-healthcare in the internet of living things. Mathematics 11(7):1638

    Article  Google Scholar 

  18. Han D, Pan N, Li K-C (2020) A traceable and revocable ciphertextpolicy attribute-based encryption scheme based on privacy protection. IEEE Trans Dependable Secure Comput 19(1):316–327

    Article  Google Scholar 

  19. Chatterjee U, Ray S, Adhikari S, Khan MK, Dasgupta M (2023) An improved authentication and key management scheme in context of iot-based wireless sensor network using ecc. Comput Commun 209:47–62

    Article  Google Scholar 

  20. Saini KK, Kaur D, Kumar D, Kumar B (2024) An efficient threefactor authentication protocol for wireless healthcare sensor networks. Multimed Tools Appl, 1–23

  21. Kashmar N, Adda M, Atieh M (2020) From access control models to access control metamodels: a survey. In: Advances in information and communication: proceedings of the 2019 future of information and communication conference (FICC), vol 2. Springer, pp 892–911

  22. Liu X, Luo Y, Yang X (2020) Traceable attribute-based secure data sharing with hidden policies in mobile health networks. Mob Inf Syst 2020

  23. Zhang C, Shahriar H, Riad AK (2020) Security and privacy analysis of wearable health device. In: 2020 IEEE 44th Annual computers, software, and applications conference (COMPSAC). IEEE, pp 1767–1772

  24. Hussein SA, Abed IA, Hussien ZA (2022) Lightweight and secure authentication protocol for wearable device in smart healthcare. In: 2022 International conference on electrical, computer and energy technologies (ICECET). IEEE, pp 1–7

  25. Aghili SF, Sedaghat M, Singelée D, Gupta M (2022) Mls-abac: efficient multi-level security attribute-based access control scheme. Futur Gener Comput Syst 131:75–90

    Article  Google Scholar 

  26. Qin X, Huang Y, Li X (2020) An ecc-based access control scheme with lightweight decryption and conditional authentication for data sharing in vehicular networks. Soft Comput 24:18881–18891

    Article  Google Scholar 

  27. Wu F, Li X, Sangaiah AK, Xu L, Kumari S, Wu L, Shen J (2018) A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Futur Gener Comput Syst 82:727–737

    Article  Google Scholar 

  28. Azrour M, Mabrouki J, Chaganti R (2021) New efficient and secured authentication protocol for remote healthcare systems in cloud-iot. Secur Commun Netw 2021:1–12

    Google Scholar 

  29. Chen C-M, Li Z, Chaudhry SA, Li L (2021) Attacks and solutions for a two-factor authentication protocol for wireless body area networks. Secur Commun Netw 2021:1–12

    Google Scholar 

  30. Zhang L, Hu G, Mu Y, Rezaeibagha F (2019) Hidden ciphertext policy attribute-based encryption with fast decryption for personal health record system. IEEE Access 7:33202–33213

    Article  Google Scholar 

  31. Qiu J, Tian Z, Du C, Zuo Q, Su S, Fang B (2020) A survey on access control in the age of internet of things. IEEE Internet Things J 7(6):4682–4696

    Article  Google Scholar 

  32. Zerga H, Amraoui A, Benmammar B (2022) Distributed, dynamic and trustworthy access control for telehealth systems. Concurr Comput Pract Exp 34(28):7352

    Article  Google Scholar 

  33. Al Mamun A, Faruk Jahangir MU, Azam S, Kaiser MS, Karim A (2020) A combined framework of interplanetary file system and blockchain to securely manage electronic medical records. In: Proceedings of international conference on trends in computational and cognitive engineering: proceedings of TCCE 2020. Springer, pp 501–511

  34. Alshehri S, Bamasaq O, Alghazzawi D, Jamjoom A (2022) Dynamic secure access control and data sharing through trusted delegation and revocation in a blockchain-enabled cloud-iot environment. IEEE Internet Things J 10(5):4239–4256

    Article  Google Scholar 

  35. Daidone F, Carminati B, Ferrari E (2021) Blockchain-based privacy enforcement in the iot domain. IEEE Trans Dependable Secure Comput 19(6):3887–3898

    Article  Google Scholar 

  36. Fugkeaw S, Wirz L, Hak L (2023) An efficient medical records access control with auditable outsourced encryption and decryption. In: 2023 15th International conference on knowledge and smart technology (KST). IEEE, pp 1–6

  37. Liu J, Li X, Ye L, Zhang H, Du X, Guizani M (2018) Bpds: a blockchain based privacy-preserving data sharing for electronic medical records. In: 2018 IEEE Global communications conference (GLOBECOM). IEEE, pp 1–6

  38. Rahmadika S, Astillo PV, Choudhary G, Duguma DG, Sharma V, You I (2022) Blockchain-based privacy preservation scheme for misbehavior detection in lightweight iomt devices. IEEE J Biomed Health Inform 27(2):710–721

    Article  Google Scholar 

  39. Saini A, Zhu Q, Singh N, **ang Y, Gao L, Zhang Y (2020) A smartcontract-based access control framework for cloud smart healthcare system. IEEE Internet Things J 8(7):5914–5925

    Article  Google Scholar 

  40. Ullah Z, Raza B, Shah H, Khan S, Waheed A (2022) Towards blockchainbased secure storage and trusted data sharing scheme for iot environment. IEEE Access 10:36978–36994

    Article  Google Scholar 

  41. Zhang J, Yang Y, Liu X, Ma J (2022) An efficient blockchain-based hierarchical data sharing for healthcare internet of things. IEEE Trans Industr Inf 18(10):7139–7150

    Article  Google Scholar 

  42. Nasralla MM, Khattak SBA, Ur Rehman I, Iqbal M (2023) Exploring the role of 6g technology in enhancing quality of experience for m-health multimedia applications: a comprehensive survey. Sensors 23(13):5882

    Article  Google Scholar 

  43. Ali R, Pal AK, Kumari S, Sangaiah AK, Li X, Wu F (2018) An enhanced three factor based authentication protocol using wireless medical sensor networks for healthcare monitoring. J Ambient Intell Humaniz Comput, 1–22

  44. Mohamed AKYS, Auer D, Hofer D, Küng J (2024) A systematic literature review of authorization and access control requirements and current state of the art for different database models. Int J Web Inf Syst 20(1):1–23

    Article  Google Scholar 

  45. Ding Y, Huang P, Liang H, Yuan F, Wang H (2023) Output regeneration defense against membership inference attacks for protecting data privacy. Int J Web Inf Syst 19(2):61–79

    Article  Google Scholar 

  46. Ashraf Z, Mahmood Z, Iqbal M (2023) Lightweight privacy-preserving remote user authentication and key agreement protocol for nextgeneration iot-based smart healthcare. Future Internet 15(12):386

    Article  Google Scholar 

  47. Thomas M, BB M, (2024) Dos attack detection using aquila deer hunting optimization enabled deep belief network. Int J Web Inf Syst 20(1):66–87

    Article  Google Scholar 

  48. **e Q, Ding Z, Hu B (2021) A secure and privacy-preserving three-factor anonymous authentication scheme for wireless sensor networks in internet of things. Secur Commun Netw 2021:1–12

    Google Scholar 

  49. De Caro A, Iovino V (2011) jpbc: java pairing based cryptography. In: 2011 IEEE symposium on computers and communications (ISCC). IEEE, pp 850– 855

  50. Perazzo P, Righetti F, La Manna M, Vallati C (2021) Performance evaluation of attribute-based encryption on constrained iot devices. Comput Commun 170:151–163

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to thank Prince Sultan University for their support. The authors thank the anonymous reviewers and the editor for their valuable feedback on the paper which helped to improve its quality and presentation.

Funding

This work was supported by Intelligent and Sustainable Aerial-Terrestrial IoT Networks, INITIATE Grant agreement ID: [101008297] and Automotive and Secure System for Emergency Communication. Grant No. R22084, Funding Agency Zayed University Research Project Fund.

Author information

Authors and Affiliations

  1. Department of Computer Science & IT, University of Kotli, Azad Jammu & Kashmir, Kotli, Pakistan

    Zahid Mahmood & Beenish Farooq

  2. Department of Computer Science, The University of Chenab, Gujrat, Pakistan

    Zeeshan Ashraf

  3. Renewable Energy Lab, College of Engineering, Prince Sultan University, Riyadh, Saudi Arabia

    Muddesar Iqbal

Authors
  1. Zahid Mahmood
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zeeshan Ashraf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muddesar Iqbal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Beenish Farooq
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

ZM: was involved in the algorithm design, system design, analysis, results, and write-up. ZA: proofread, reviewed the work, re-structured, and re-constructed the paper. MI: supervised technical aspects. BF: performed experiments and write-up.

Corresponding authors

Correspondence to Zeeshan Ashraf or Muddesar Iqbal.

Ethics declarations

Ethics approval

Not applicable.

Conflict of interest

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mahmood, Z., Ashraf, Z., Iqbal, M. et al. User-trust centric lightweight access control for smart IoT crowd sensing applications in healthcare systems. Pers Ubiquit Comput (2024). https://doi.org/10.1007/s00779-024-01803-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00779-024-01803-x

Keywords

Search

Navigation