An Enhanced Context-aware Capability-based Access Control Model for the Internet of Things in Healthcare

Abstract

Security and privacy are inherent issues that should be attended when the Internet of Things (IoT) network is deployed. Authentication and access control are two main challenges regarding the security and privacy that need an immediate solution in the heterogeneous environment of IoT. With IoT being applied in many fields, the healthcare system is an emerging field to rely more on internet computing for sharing and analysing the patient's health data. Context-Based authentication is selected to integrate authentication and access control in a distributed environment for achieving scalability and flexibility. The proposed model is Enhanced Context-aware Capability based Access Control (ECCAPAC) with Elliptic Curve Cryptography for authentication. The existing Capability access control model is enhanced by adding trust value in capability tag or token. The session key generated by ECC between the entities of IoT achieves resilience which the medical field is highly prone to. The access control incorporates social relationship based trust value which is very important to be considered in a distributed environment. The proposed model is analysed by comparing with standard Role-based Access Control Model. The proposed model proves to be efficient in terms of security analysis and computing time.