Sejong University (Dept. Computer Engineering)

The 8th IEEE Annual Computing and Communication Workshop and Conference

IoT Health Assistant

1Dept. CSE, Sejong University AND SECRET Lab, UAB

A Conceptual Framework for an IoT-Based Health

Assistant and Its Authorization Model

|SEJONGUNIV

CSE

S. M. Riazul Islam, Mahmud Hossain, Ragib Hasan, and Trung Q. Duong

Presented By

S. M. Riazul Islam, PhD

Assistant Professor, Dept. CSE

Sejong University, South Korea

Date: January 9, 2018 @University of Nevada, Las Vegas, USA

Contents

Introduction

IoT-Based Health Assistant Framework

Security System Design

Hybrid Access Control Approach

Delegation-based Authorization Scheme

Experiment and Evaluation

Concluding Remarks

2A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (Dept. Computer Engineering)Inside of This Presentation

Introduction

3A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (Dept. Computer Engineering)Outset

IoT-based healthcare systems can be applied to a diverse array of fields,including care for pediatric and elderly patients

SMR Islam et. al., "The Internet of Things for Healthcare: A Comprehensive Survey," IEEE Access, vol. 3, pp. 678-708, Jun. 2015.

IoTHealthcare

Services

Semantic Medical Access

Context Prediction

Adverse Drug Reactions

Applications

Single-Condition

ECG Monitoring

BP Monitoring

O2 Saturation Monitoring

Clustered-Condition

Medication Management

Wheelchair Management

Smartphone-based

Solutions

Introduction

IoT-based healthcare

Reduced Costs

Increased Quality of Life

Improved efficiency of healthcare services, providing easy and correctaction, on time.

IoT healthcare domain may become a target

IoT health devices and applications are expected to deal withimportant private information, including personal healthcare data.

Connected to worldwide information networks for access anytime andanywhere.

Proposed a conceptual IoT-based healthcare framework and designed asecurity system (authorization aspect).

4A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (Dept. Computer Engineering)Outset

IoT-Based Health Assistant Framework

5A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)IoT-Health Assistant

Proposed Security System Design

Authorization: we propose a Delegated Context-aware Capability-based Access Control(DCCapBAC) scheme for ensuring protected access to medical sensors and actuators operate in theedge of the networks.

A smart gateway, co-located with the personal area network, performs the SAT verification processon account of the medical devices.

6A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design

SAT=Security Access Token

SAT Generation and JSON Envelop

7A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design

SAT JSON EnvelopSAT JSON Envelop

Access Control in IoT: Limitations

Role based access control (RBAC)

It is challenging to assign and manage roles for billions of IoT devices

Centralized role management

Attributed based access control (ABAC)

Policies are defined in XACML

Centralized policy management

Does not provide good scalability

Capability-based access control (CapBAC)

Capability token are issued to IoT devices and users

Provides scalability at the cost of computation and communicationoverheads for token delivery and validation

8A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (Dept. Computer Engineering)Security System Design

Access Control in IoT: Proposed

Mashup ABAC and CapBAC

ABAC for managing access control policies

CapBAC for scalability and to eliminate communication withthe central entity

9A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (Dept. Computer Engineering)Security System Design

Contemporary SAT Verification Approaches

10A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design

Contemporary SAT Verification Approaches

In both the centralized and semi-distributed approaches, the ACLogic isimplemented by an external entity,such as a central authorization server,located in the Cloud.

11A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design

Proposed Delegation-based SAT Verification Approach

The gateway is located closer to the medical devices as compared to a Cloud authorization server used in the centralized, semi-distributed, and distributed approaches.

The delegation of the SAT verification task to the gateway, instead of delegating the task to the Cloud, results in a faster processing of a request.

12A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design

Token Verification Approaches: Comparison

Distributed approach

Is not suitable for IoT devices with limited processing power, memory, and communication bandwidth

Is not applicate for real-time requests

Centralized approach

Do not provide better scalability

Is not applicate for real-time requests

Proposed Approach

Delegate token validation to the Smart Gateway

Unburdens resource-constrained devices from computation and communication overheads

Reduces energy consumption

Enables devices to serve real-time requests.

13A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design

Experiment and Evaluation

14A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Experiment

Experimental SetupExperimental Setup

Experimental NetworkExperimental Network

Experimental Scenarios: U2D Interactions

15A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Experiment

Experimental Scenarios: D2D Interactions

16A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Experiment

Correlation bet. Service Count and Packet Fragmentation.

The more the number of packet fragments the more the packet processing delay and energyconsumption.

We avoid computation and communication overhead associated with packet fragmentationand reassembly by offloading the SAT verification to the Delegation Server.

17A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Results

Request Delivery Delay (RDD)

18A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Results

U2DU2D

D2DD2D

Energy consumption for U/D2D interactions

The CPU energy consumption increases as the size of a SAT increases for the distributed approach

19A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Results

Concluding Remarks

Health Assistant: The proposed theoretical framework for an IoT-basedhealth prescription assistant helps a patient to properly follow his/herdoctors recommendations.

Access Control: Existing CapBAC approaches cannot achieve the lowcommunication overhead, inexpensive computation, and load scalabilityrequirements. The proposed DCCapBAC model resolves these issues byintegrating ABAC model with the CapBAC model.

Token verification: Delegation of computation intensive operations to thesmart gateway co-located with the medical sensors and actuators in thedistributed medical IoT networks . The delegation-based SAT verificationapproach is found energy efficient than the distributed approach.

20A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model

Sejong University (CSE), Inha University (UWB ITRC)Conclusion

Discussion

21Web: www.riazulislam.com E-mail: islam.smriaz@gmail.com

Sejong University (Dept. Computer Engineering)Comments!