RoFa: A Robust and Flexible Fine-Grained Access Control Scheme for Mobile Cloud and IoT Based Medical Monitoring

Yuling Chen,Min Lei,Wei Ren,Yi Ren,Zhiguo Qu
DOI: https://doi.org/10.3233/fi-2018-1624
2018-01-01
Fundamenta Informaticae
Abstract:Cloud computing paradigm is becoming very popular these days. However, it does not include wireless sensors and mobile phones which are needed to enable new emerging applications such as remote home medical monitoring. Therefore, a combined Cloud-Internet of Things (IoT) paradigm provides scalable on-demand data storage and resilient computation power at the cloud side as well as anytime, anywhere health data monitoring at the IoT side. As both the privacy of personal medical data and flexible data access should be provided,attackers exploit diverse social engineering and technology attacks ways, access to personal privacy information stored in the home medical monitoring cloud, with more and more social engineering attacks.Therefore, the data in the Cloud are always encrypted and access control must be operated upon encrypted data together with being fine-grained to support diverse accessibility. Since a plain combination of encryption before access control is not robust and flexible, we propose a scheme referred to as RoFa, with tailored design. The scheme is introduced in a step-by-step manner. The basic scheme (BaS) makes use of cipher-policy attributes based encryption to empower robustness and flexibility. We further propose an advanced scheme (AdS) to improve the computation efficiency by taking the advantages of proxy-reencryption. AdS can greatly decrease the computation overhead on hospital servers due to operation migration. We finally propose an enhanced scheme (EnS) to protect integrity by using aggregate signature. RoFa describes a general framework to solve the secure requirements, and leaves the flexibility of concrete constructions intentionally. We finally compare the robustness and the flexibility of the proposed schemes by performance analysis.
What problem does this paper attempt to address?