Abstract
As an important application of the Internet-of-Things, many remote monitoring systems adopt a device-to-cloud network paradigm. In a remote patient monitoring (RPM) case, various resource-constrained devices are used to measure the health conditions of a target patient in a distant non-clinical environment and the collected data are sent to the cloud backend of an authorized health care provider (HCP) for processing and decision making. As the measurements involve private patient information, access control, confidentiality, and trustworthy processing of the data become very important. Software-based solutions that adopt advanced cryptographic tools, such as attribute-based encryption and fully homomorphic encryption, can address the problem, but they also impose substantial computation overhead on both patient and HCP sides. In this work, we deviate from the conventional software-based solutions and propose a secure and efficient remote monitoring framework using latest hardware-based trustworthy computing technology, such as Intel SGX. In addition, we present a robust and lightweight “heartbeat” protocol to handle notoriously difficulty user revocation problem. We implement a prototype of the framework for PRM and show that the proposed framework can protect user data privacy against unauthorized parties, with minimum performance cost compared to existing software-based solutions with such strong privacy protection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The trusted computing base (TCB) of SGX only comprises the CPU and several privileged enclaves.
- 2.
The project is available to access through the GitHub via the following link: https://github.com/yxChen1990/SGXLAB.git.
References
Hassanalieragh, M., Page, A., Soyata, T.: Health monitoring and management using Internet-of-Things (IoT) sensing with cloud-based processing: opportunities and challenges. In: IEEE SCC 2015 (2015)
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE TPDS 24(1), 131–143 (2013)
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM 2010, pp. 1–9 (2010)
Sun, W., Yu, S., Lou, W., Hou, Y.T., Li, H.: Protecting your right: attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud. In: IEEE INFOCOM 2014, pp. 226–234 (2014)
Wan, A., Liu, J., Deng, R.H.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE TIFS 7(2), 743–754 (2012)
Yao, A.C.: Protocols for secure computations. In: IEEE SFCS 1982, pp. 160–164 (1982)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: ACM STOC 2009, pp. 97–105 (2009)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: IEEE S&P 2016, pp. 636–654 (2016)
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive, 86 (2016)
McKeen, F., Alexandrovich, L., Berenzon, A., Rozas, C., Shafi, H.: Innovative instructions and software model for isolated execution. In: Hardware and Architectural Support for Security and Privacy (2013)
Anati, I., Gueron, S., Johnson, S.P., Scarlata, V.R.: Innovative technology for CPU based attestation and sealing. In: Hardware and Architectural Support for Security and Privacy (2013)
Lee, S., Shih, M., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In: USENIX Security Symposium, pp. 557–574 (2017)
Wang, W., et al.: Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: ACM CCS 2017, pp. 2421–2434 (2017)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM CCS 2006, p. 89 (2006)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE S&P 2007, pp. 321–334 (2007)
Wang, X., Zhang, J., Schooler, E.M., Ion, M.: Performance evaluation of attribute-based encryption: toward data privacy in the IoT. In: IEEE ICC 2014, pp. 725–730 (2014)
Yang, L., Humayed, A., Li, F.: A multi-cloud based privacy-preserving data publishing scheme for the Internet of Things. In: ACM ACSAC 2016, pp. 30–39 (2016)
Huang, Q., Yang, Y., Wang, L.: Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things. IEEE Access 5, 12941–12950 (2017)
Zhang, P., Chen, Z., Liu, J.K., Liang, K., Liu, H.: An efficient access control scheme with outsourcing capability and attribute update for fog computing. Future Gener. Comput. Syst. 78(2), 753–762 (2018)
Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with Haven. ACM TCS 33(3), 1–26 (2015)
Abadi, M., Barham, P., Chen, J., et al.: TensorFlow: a system for large-scale machine learning. In: USENIX OSDI 2016, pp. 265–284 (2016)
Shinde, S., Tien, D.L., Tople, S., Saxena, P.: PANOPLY: low-TCB Linux applications with SGX enclaves. In: NDSS 2017 (2017)
Fisch, B.A., Vinayagamurthy, D., Boneh, D., Gorbunov, S.: Iron: functional encryption using Intel SGX. In: ACM CCS 2017, pp. 765–782 (2017)
Sun, W., Zhang, R., Lou, W., Hou, Y.T.: REARGUARD: secure keyword search using trusted hardware. In: IEEE INFORM 2018 (2018)
Acknowledgement
This work was sponsored by National Key Research and Development Program of China under Grant No. 2016YFB1000303, Innovative Research Group of the National Natural Science Foundation of China (61721002), Innovation Research Team of Ministry of Education (IRT_17R86), the National Science Foundation of China under Grant Nos. 61502379, 61532015 and 61672420, Project of China Knowledge Center for Engineering Science and Technology, and China Scholarship Council under Grant No. 201606280105. This work was also supported in part by US National Science Foundation under grants CNS-1446478 and CNS-1443889.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Chen, Y., Sun, W., Zhang, N., Zheng, Q., Lou, W., Hou, Y.T. (2018). A Secure Remote Monitoring Framework Supporting Efficient Fine-Grained Access Control and Data Processing in IoT. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 254. Springer, Cham. https://doi.org/10.1007/978-3-030-01701-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-01701-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01700-2
Online ISBN: 978-3-030-01701-9
eBook Packages: Computer ScienceComputer Science (R0)