A Multilayered Hybrid Access Control Model for Cloud-Enabled Medical Internet of Things

Abstract

AbstractWith the wide use of Internet of Things (IoT) in healthcare which is also known as the Medical Internet of Things (MIoT), the amount of data generated by these IoT devices are getting increased day by day posing a huge question about the security and privacy of this data and the pervasive MIoT ecosystem, as the amount of value that this data holds. Therefore, this MIoT in healthcare is becoming an appealing target for various cyber-attacks. Hence, if no adequate security is in place, it will jeopardize the privacy and security of patients and the entire healthcare ecosystem. As of now, most of the MIoT data in healthcare is stored in the cloud for providing easy access and for the convenience and often, they are stored in the form of Electronic Health Records (EHR) or as raw data that requires further analysis. In this study, we came up with a novel robust access control model that can be adopted in a cloud-enabled MIoT environment to store the MIoT data. In addition, in this study, we also provide an analysis of existing access control models that we used to derive our novel access control model. As the final outcome of our research, we have come up with a novel role-based access control model with hybrid cloud architecture and hybrid cryptographic schema for MIoT environment, which can easily be implemented with minimum effort. As for that, we have used Advanced Encryption Standard (AES); symmetric-key algorithm and Rivest–Shamir-Adleman (RSA) public key algorithm to implement the cryptographic schema and also used public and private, hybrid cloud architecture to strengthen the security of our model.KeywordsIoTMedical IoTCloud computingAccess controlSecurityPublic cloudPrivate cloudEncryption