skip to main content
10.1145/1809842.1809864acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

Modular context-aware access control for medical sensor networks

Published: 11 June 2010 Publication History

Abstract

Medical sensor networks allow for pervasive health monitoring of users in hospitals, at home, or on the way. The privacy and confidentiality of medical data need to be guaranteed at any moment to make sure that unauthorized parties cannot retrieve confidential information. This is a great challenge due to two main reasons. First, wireless sensors are resource-constrained devices that limit the applicability of traditional solutions. Second, the access control system must be context-aware and adapt its security settings to ensure the users' safety during, e.g., medical emergencies. To solve these issues, this paper presents a modular context-aware access control system tailored to pervasive medical sensor networks in which the access control decisions and the response delay depend upon the health acuteness of a user. Our system extends traditional role-based access control systems by allowing for context-awareness in critical, emergency, and normal access control situations. We further present a lightweight encoding for our modular access control policies as well as an access control engine efficiently running on resource-constrained sensor nodes. Finally, we analyze how the proposed access control system suits existing security architectures for medical sensor networks.

References

[1]
Anderson, R.: "A Security Policy Model for Clinical Information System," in proc. of the IEEE Symposium on Security and Privacy, 1996.
[2]
Benenson, Z., Gedicke, N., and Raivio, O.: "Realizing robust user authentication in sensor networks," in proc. of Real-World Wireless Sensor Networks (REAL-WSN), 2005.
[3]
Cordeiro, C. M. and Patel, M.: "Body Area Networking Standardization: Present and Future Directions," in proc. of ACM BodyNets, June 2007.
[4]
Corradi, A., Montanari, R., Tibaldi, D.: "Context-Based Access Control Management in Ubiquitous Environments," in proc. of the 3rd IEEE International Symposium on Network Computing and Applications (NCA 2004)
[5]
Damiani, M.L., Martin, H., Saygin, Y., Spada, M.R., and Ulmer, C.: "Spatio-Temporal Access Control: Challenges and Applications (Panel)," in proc. of ACM SACMAT 2009.
[6]
Dekker, M.A.C., Crampton, J., and Etalle, S.: "RBAC Administration in Distributed Systems," in proc. of ACM SACMAT 2009.
[7]
Directive 95/46/EC. http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm
[8]
Disjunctive Normal Form - http://mathworld.wolfram.com/DisjunctiveNormalForm.html
[9]
FP6 EU Funded ANGEL Project, Deliverable D2.3 - "Complete co-simulation framework and refined models of the components of the ANGEL platform," July 2008
[10]
Garcia-Morchon, O. and Wehrle, K.: "Efficient and Context-Aware Access Control for Pervasive Medical Sensor Networks," in proc. of the 1st IEEE PerCom Workshop on Pervasive Healthcare.
[11]
Garcia-Morchon, O., Falck, T., Heer, T., and Wehrle, K.: "Security for Pervasive Medical Sensor Networks," in proc. of MobiQuitous'09.
[12]
Garcia-Morchon, O., Heer, T., and Wehrle, K.: "Brief Announcement: Lightweight Key Establishment and Digital Certificates for Wireless Sensor Networks," in proc. of ACM PODC, 2009.
[13]
Gupta, S.K.S., Mukherjee, T., and Venkatasubramanian, K.: "Criticality Aware Access Control Model for Pervasive Applications," in proc. of IEEE PERCOM 2006.
[14]
Halperin, D., Heydt-Benjamin, T. S., Fu, K., Kohno, T., and Maisel, W. H.: "Security and Privacy for Implantable Medical Devices," in proc. of IEEE pervasive computing. Vol. 7, No. 1. January-March 2008.
[15]
Hu, J. and Weaver, A. C.: "A dynamic context-aware security infrastructure for distributed healthcare applications," in proc. of 5th Workshop on Pervasive Security Privacy and Trust (PSPT), MA, Boston, 2004.
[16]
Keoh, S. L., Lupu, E., and Sloman, M.: "Security Body Sensor Networks: Sensor Association and Key Management," in proc. of IEEE PERCOM 2009.
[17]
Kulkarni, D. and Tripathi, A.: "Context Aware Role-based Access Control in Pervasive Computing Systems," in proc. of ACM SACMAT 2009.
[18]
Liu, A., Kampanis, P., and Ning, P.: "TinyECC: Elliptic Curve Cryptography for Sensor Networks V. 0.3" Released on 02/06/07. DOI=http://discovery.csc.ncsu.edu/~pning/software/TinyECC/index.html.
[19]
Misic, J., and Misic, V. B.: "Wireless Sensor Networks for Clinical Information Systems: A Security Perspective," in proc. of 26th International Conference on Distributed Computing Systems, 2006.
[20]
Molla, M. M., Madiraju, P., Malladi, S., and Ahamed S.I.: "An XML Based Access Control for Pervasive Computing," in proc. of PERCOM 2009.
[21]
Sacramento, V., Endler, M., Nascimento, F.N.: "A Privacy Service for Context-aware Mobile Computing," in proc. of SECURECOMM '05
[22]
Sandhu, R., Ferraiolo, D., and Kuhn, R.: "The NIST Model for Role-Based Access Control: Towards a Unified Standard," in proc. of 5th ACM Workshop on Role Based Access Control, July 26-27, 2000, Berlin, pp.47--63
[23]
Shih, E., Bahl, P., and Sinclair, M. J.: "Wake on Wireless: An Event Driven Energy Saving Strategy for Battery Operated Devices," in proc. of ACM MOBICOM '02.
[24]
Sohr, K., Drouineaud, M., and Ahn, G.J.: "Formal Specification of Role-based Security Policies for Clinical Information Systems," in proc. of ACM Symposium on Applied Computing, 2005.
[25]
Summary of the HIPAA privacy rule. http://www.hhs.gov/ocr/privacysummary.pdf
[26]
Toahchoodee, M., Ray, I., Anastasakis, K., Georg, G., and Bordbar, B.: "Ensuring Spatio-Temporal Access Control for Real World Applications," in Proc. of ACM SACMAT 2009.
[27]
Turkmen, F. and Crispo. B.: "Performance Evaluation of XACML PDP Implementations," in proc. of 2008 ACM Workshop on Secure Web Services (SWS'08).
[28]
Varshney, U.: "Pervasive Healthcare," IEEE Computer 36(12): 138--140 (2003)
[29]
XACML 2.0 Core: eXtensible Access Control Markup Language (XACML) Version 2.0. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
[30]
Zhang, G. and Parashar, M.: "Context-aware Dynamic Access Control for Pervasive Applications," in proc. of Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2004), 2004.
[31]
Zhu, Y., Keoh, S.L., Sloman, M., Lupu, E., Dulay, N., and Pryce, N.: "An Efficient Policy System for Body Sensor Networks," in proc. of the 14th International Conference on Parallel and Distributed Systems (ICPADS), Melbourne, Australia, December 8 - 10, 200
[32]
Zhu, Y., Keoh, S.L., Sloman, M., Lupu, E., Zhang, Y., Dulay, N., and Pryce, N.: "Finger: An Efficient Policy System for Body Sensor Networks," in proc. of the 5th International Conference on Mobile Ad-hoc and Sensor Systems (MASS), Atlanta, Georgia, September 29 - October 2, 2008.

Cited By

View all
  • (2024)Pervasive User Data Collection from Cyberspace: Privacy Concerns and CountermeasuresCryptography10.3390/cryptography80100058:1(5)Online publication date: 31-Jan-2024
  • (2023)Access Control, Key Management, and Trust for Emerging Wireless Body Area NetworksSensors10.3390/s2324985623:24(9856)Online publication date: 15-Dec-2023
  • (2023)Structured Literature Review on Access Controls Mechanism in Block Chain Consensus Algorithm: State of Art and Future DirectionProceedings of the 5th International Conference on Information Management & Machine Intelligence10.1145/3647444.3647941(1-8)Online publication date: 23-Nov-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies
June 2010
212 pages
ISBN:9781450300490
DOI:10.1145/1809842
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access control
  2. medical sensor network
  3. security

Qualifiers

  • Research-article

Conference

SACMAT'10
Sponsor:

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)5
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Pervasive User Data Collection from Cyberspace: Privacy Concerns and CountermeasuresCryptography10.3390/cryptography80100058:1(5)Online publication date: 31-Jan-2024
  • (2023)Access Control, Key Management, and Trust for Emerging Wireless Body Area NetworksSensors10.3390/s2324985623:24(9856)Online publication date: 15-Dec-2023
  • (2023)Structured Literature Review on Access Controls Mechanism in Block Chain Consensus Algorithm: State of Art and Future DirectionProceedings of the 5th International Conference on Information Management & Machine Intelligence10.1145/3647444.3647941(1-8)Online publication date: 23-Nov-2023
  • (2022)Adapting Access Control for IoT SecurityIntelligent Security Management and Control in the IoT10.1002/9781394156030.ch7(163-196)Online publication date: Jul-2022
  • (2021)Survey on Delegated and Self-Contained Authorization Techniques in CPS and IoTIEEE Access10.1109/ACCESS.2021.30933279(98169-98184)Online publication date: 2021
  • (2021)E-Health Threat Intelligence Within Cyber-Defence Framework for E-Health OrganizationsSmart Systems for E-Health10.1007/978-3-030-14939-0_7(161-179)Online publication date: 16-Apr-2021
  • (2021)Enhanced dynamic team access control for collaborative Internet of Things using contextTransactions on Emerging Telecommunications Technologies10.1002/ett.408332:5Online publication date: 7-May-2021
  • (2020)A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research IssuesSensors10.3390/s2009246420:9(2464)Online publication date: 27-Apr-2020
  • (2020)From Conventional to State-of-the-Art IoT Access Control ModelsElectronics10.3390/electronics91016939:10(1693)Online publication date: 15-Oct-2020
  • (2020)A Context-Aware Break Glass Access Control System for IoT Environments2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)10.1109/IOTSMS52051.2020.9340209(1-8)Online publication date: 14-Dec-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media