A Secure and Privacy-Preserving Data Collection (SPDC) Framework for IoT Applications

Abstract

Mobile patient monitoring systems monitor and treat chronic diseases by collecting health data from wearable sensors through mobile devices carried out by patients. In the future, these systems may be hosted by a third-party service provider. This would open a number of security and ID privacy issues. One of these issues is the inference attack. This attack allows a single service provider from inferring the patient’s identity by collecting a number of contextual information about the patient such as the pattern of interaction with the service provider. Thus a security and ID privacy mechanisms must be deployed. In this paper, we propose a framework called Secure and Privacy-Preserving Data Collection (SPDC) that allows the patient to encrypt the data and then upload the encrypted data on different service providers rather than one while allowing an anonymous linkage for the patient’s data which are scattered across different service providers. In this framework, each patient is allowed to select the service providers involved in the data collection, assigns one as the home while the others consider foreign. The patient uses the foreign to upload data while the home is responsible for anonymously collecting the patient’s data from multiple foreign service providers and deliver them to the healthcare provider. This framework also shows a novel mechanism to conduct anonymous authentication across different distributed service provides. The framework has been analyzed against the specified design requirements and security threats.