MIoT-CDPS: Complete decentralized privacy-preserving scheme for medical internet of things

Abstract

Medical internet of things (MIoT) environments continue to expand, and numerous MIoT services are available to improve the quality of human life. However, these services, facilitated by a multitude of interconnected IoT devices analyzing the environment, face significant security challenges due to the volume of interconnected devices and the exchange of data through open channels. Moreover, the vulnerability is exacerbated by the centralized infrastructure commonly used by IoT services, where compromising a trusted third party (TTP) or service provider jeopardizes the entire system’s security. Existing privacy-preserving schemes for IoT, while aiming for decentralization, often rely on a TTP to sustain the system. In such environments, users typically either entrust their secret keys and parameters to a TTP or store their data in cloud servers. Consequently, as the TTP assumes control over the actual keys and data, a significant challenge arises regarding the assurance of user and data sovereignty. In this paper, we propose a complete decentralized privacy-preserving scheme for MIoT that ensures data self-sovereignty, transparency, and complete decentralization without TTP intervention. In the proposed scheme, users can directly manage their keys with secret parameters. Then, they can upload encrypted data directly to distributed storage and securely share it with other users based on the security levels they have set themselves. We perform informal and formal (mathematical and simulation) security analysis to prove the security of the proposed scheme and conduct comparative analysis to evaluate the security functionalities, communication costs, and computational costs of our scheme compared with those of previous schemes. Further, we implement our scheme in a practical setting through simulations on Ethereum blockchain networks, validating its complete decentralization, security, efficiency, and suitability for MIoT environments. The specificity of our research lies in addressing the critical security concerns inherent in MIoT through a complete decentralized, TTP-independent framework.