Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things

Pal, Shantanu; Hitchens, Michael; Varadharajan, Vijay; Rabehaja, Tahiry

doi:10.4108/eai.20-3-2018.154370

Cited by 16 publications

(7 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a centralized IIoT system, a user's confidential data are stored inside a traditional server,; however, in the case of a large-scale IIoT system, sensitive information can also be stored in distributed locations. Therefore, IIoT systems experence issues, e.g., protecting business's confidential information and individual confidential information [105,106] One of the common ways to get a user's confidential and private information (e.g., username, password, bank details, etc.) unlawfully is a phishing attack.…”

Section: Security Issue 8-data Confidentialitymentioning

confidence: 99%

Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

Pal

Jadidi

2021

Applied Sciences

Self Cite

View full text Add to dashboard Cite

Industrial Internet of Things (IIoT) can be seen as an extension of the Internet of Things (IoT) services and applications to industry with the inclusion of Industry 4.0 that provides automation, reliability, and control in production and manufacturing. IIoT has tremendous potential to accelerate industry automation in many areas, including transportation, manufacturing, automobile, marketing, to name a few places. When the benefits of IIoT are visible, the development of large-scale IIoT systems faces various security challenges resulting in many large-scale cyber-attacks, including fraudulent transactions or damage to critical infrastructure. Moreover, a large number of connected devices over the Internet and resource limitations of the devices (e.g., battery, memory, and processing capability) further pose challenges to the system. The IIoT inherits the insecurities of the traditional communication and networking technologies; however, the IIoT requires further effort to customize the available security solutions with more focus on critical industrial control systems. Several proposals discuss the issue of security, privacy, and trust in IIoT systems, but comprehensive literature considering the several aspects (e.g., users, devices, applications, cascading services, or the emergence of resources) of an IIoT system is missing in the present state of the art IIoT research. In other words, the need for considering a vision for securing an IIoT system with broader security analysis and its potential countermeasures is missing in recent times. To address this issue, in this paper, we provide a comparative analysis of the available security issues present in an IIoT system. We identify a list of security issues comprising logical, technological, and architectural points of view and consider the different IIoT security requirements. We also discuss the available IIoT architectures to examine these security concerns in a systematic way. We show how the functioning of different layers of an IIoT architecture is affected by various security issues and report a list of potential countermeasures against them. This study also presents a list of future research directions towards the development of a large-scale, secure, and trustworthy IIoT system. The study helps understand the various security issues by indicating various threats and attacks present in an IIoT system.

show abstract

Section: Security Issue 8-data Confidentialitymentioning

confidence: 99%

Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

Pal

Jadidi

2021

Applied Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…It typically demands precise user assignment to specific roles and holds only pre-defined, including static, policies. In an IoT context, this is difficult given the high dynamics (for both users and devices) present in the system [17].…”

Section: Motivation and Problem Statementmentioning

confidence: 99%

Protocol-Based and Hybrid Access Control for the IoT: Approaches and Research Opportunities

Pal

Jadidi

2021

Sensors

Self Cite

View full text Add to dashboard Cite

Internet of Things (IoT) applications and services are becoming more prevalent in our everyday life. However, such an interconnected network of intelligent physical entities needs appropriate security to sensitive information. That said, the need for proper authentication and authorization is paramount. Access control is in the front line of such mechanisms. Access control determines the use of resources only to the specified and authorized users based on appropriate policy enforcement. IoT demands more sophisticated access control in terms of its usability and efficiency in protecting sensitive information. This conveys the need for access control to serve system-specific requirements and be flexibly combined with other access control approaches. In this paper, we discuss the potential for employing protocol-based and hybrid access control for IoT systems and examine how that can overcome the limitations of traditional access control mechanisms. We also focus on the key benefits and constraints of this integration. Our work further enhances the need to build hierarchical access control for large-scale IoT systems (e.g., Industrial IoT (IIoT) settings) with protocol-based and hybrid access control approaches. We, moreover, list the associated open issues to make such approaches efficient for access control in large-scale IoT systems.

show abstract

“…The solution proposed by the developers of the mHealth application [22] is also quite similar to ours, the main differences being that its policy engine is deployed as part of the cloud services and the engine is an implementation of the NIST NGAC framework, with the evaluation process based on traversing a Neo4j graph database. The infrastructure and principle designed by Ray, I et al [27] also have similar features, with policy enforcement based on the XACML format.…”

Section: Related Workmentioning

confidence: 99%

Access Control of EHR Records in a Heterogeneous Cloud Infrastructure

Szabó

Bilicki

2021

Acta Cybern

View full text Add to dashboard Cite

Since the advent of smartphones, IoT and cloud computing, we have seen an industry-wide requirement to integrate different healthcare applications with each other and with the cloud, connecting multiple institutions or even countries. But despite these trends, the domain of access control and security of sensitive healthcare data still raises a serious challenge for multiple developers and lacks the necessary definitions to create a general security framework addressing these issues. Taking into account newer, more special cases, such as the popular heterogeneous infrastructures with a combination of public and private clouds, fog computing, Internet of Things, the area becomes more and more complicated. In this paper we will introduce a categorization of these required policies, describe an infrastructure as a possible solution to these security challenges, and finally evaluate it with a set of policies based on real-world requirements.

show abstract

Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things

Cited by 16 publications

References 32 publications

Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

Analysis of Security Issues and Countermeasures for the Industrial Internet of Things

Protocol-Based and Hybrid Access Control for the IoT: Approaches and Research Opportunities

Access Control of EHR Records in a Heterogeneous Cloud Infrastructure

Contact Info

Product

Resources

About