Sejong University (Dept. Computer Engineering)
The 8th IEEE Annual Computing and Communication Workshop and Conference
IoT Health Assistant
1Dept. CSE, Sejong University AND SECRET Lab, UAB
A Conceptual Framework for an IoT-Based Health
Assistant and Its Authorization Model
|SEJONGUNIV
CSE
S. M. Riazul Islam, Mahmud Hossain, Ragib Hasan, and Trung Q. Duong
Presented By
S. M. Riazul Islam, PhD
Assistant Professor, Dept. CSE
Sejong University, South Korea
Date: January 9, 2018 @University of Nevada, Las Vegas, USA
Contents
Introduction
IoT-Based Health Assistant Framework
Security System Design
Hybrid Access Control Approach
Delegation-based Authorization Scheme
Experiment and Evaluation
Concluding Remarks
2A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (Dept. Computer Engineering)Inside of This Presentation
Introduction
3A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (Dept. Computer Engineering)Outset
IoT-based healthcare systems can be applied to a diverse array of fields,including care for pediatric and elderly patients
SMR Islam et. al., "The Internet of Things for Healthcare: A Comprehensive Survey," IEEE Access, vol. 3, pp. 678-708, Jun. 2015.
IoTHealthcare
Services
Semantic Medical Access
Context Prediction
Adverse Drug Reactions
Applications
Single-Condition
ECG Monitoring
BP Monitoring
O2 Saturation Monitoring
Clustered-Condition
Medication Management
Wheelchair Management
Smartphone-based
Solutions
Introduction
IoT-based healthcare
Reduced Costs
Increased Quality of Life
Improved efficiency of healthcare services, providing easy and correctaction, on time.
IoT healthcare domain may become a target
IoT health devices and applications are expected to deal withimportant private information, including personal healthcare data.
Connected to worldwide information networks for access anytime andanywhere.
Proposed a conceptual IoT-based healthcare framework and designed asecurity system (authorization aspect).
4A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (Dept. Computer Engineering)Outset
IoT-Based Health Assistant Framework
5A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)IoT-Health Assistant
Proposed Security System Design
Authorization: we propose a Delegated Context-aware Capability-based Access Control(DCCapBAC) scheme for ensuring protected access to medical sensors and actuators operate in theedge of the networks.
A smart gateway, co-located with the personal area network, performs the SAT verification processon account of the medical devices.
6A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design
SAT=Security Access Token
SAT Generation and JSON Envelop
7A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design
SAT JSON EnvelopSAT JSON Envelop
Access Control in IoT: Limitations
Role based access control (RBAC)
It is challenging to assign and manage roles for billions of IoT devices
Centralized role management
Attributed based access control (ABAC)
Policies are defined in XACML
Centralized policy management
Does not provide good scalability
Capability-based access control (CapBAC)
Capability token are issued to IoT devices and users
Provides scalability at the cost of computation and communicationoverheads for token delivery and validation
8A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (Dept. Computer Engineering)Security System Design
Access Control in IoT: Proposed
Mashup ABAC and CapBAC
ABAC for managing access control policies
CapBAC for scalability and to eliminate communication withthe central entity
9A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (Dept. Computer Engineering)Security System Design
Contemporary SAT Verification Approaches
10A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design
Contemporary SAT Verification Approaches
In both the centralized and semi-distributed approaches, the ACLogic isimplemented by an external entity,such as a central authorization server,located in the Cloud.
11A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design
Proposed Delegation-based SAT Verification Approach
The gateway is located closer to the medical devices as compared to a Cloud authorization server used in the centralized, semi-distributed, and distributed approaches.
The delegation of the SAT verification task to the gateway, instead of delegating the task to the Cloud, results in a faster processing of a request.
12A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design
Token Verification Approaches: Comparison
Distributed approach
Is not suitable for IoT devices with limited processing power, memory, and communication bandwidth
Is not applicate for real-time requests
Centralized approach
Do not provide better scalability
Is not applicate for real-time requests
Proposed Approach
Delegate token validation to the Smart Gateway
Unburdens resource-constrained devices from computation and communication overheads
Reduces energy consumption
Enables devices to serve real-time requests.
13A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design
Experiment and Evaluation
14A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Experiment
Experimental SetupExperimental Setup
Experimental NetworkExperimental Network
Experimental Scenarios: U2D Interactions
15A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Experiment
Experimental Scenarios: D2D Interactions
16A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Experiment
Correlation bet. Service Count and Packet Fragmentation.
The more the number of packet fragments the more the packet processing delay and energyconsumption.
We avoid computation and communication overhead associated with packet fragmentationand reassembly by offloading the SAT verification to the Delegation Server.
17A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Results
Request Delivery Delay (RDD)
18A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Results
U2DU2D
D2DD2D
Energy consumption for U/D2D interactions
The CPU energy consumption increases as the size of a SAT increases for the distributed approach
19A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Security System Design: Results
Concluding Remarks
Health Assistant: The proposed theoretical framework for an IoT-basedhealth prescription assistant helps a patient to properly follow his/herdoctors recommendations.
Access Control: Existing CapBAC approaches cannot achieve the lowcommunication overhead, inexpensive computation, and load scalabilityrequirements. The proposed DCCapBAC model resolves these issues byintegrating ABAC model with the CapBAC model.
Token verification: Delegation of computation intensive operations to thesmart gateway co-located with the medical sensors and actuators in thedistributed medical IoT networks . The delegation-based SAT verificationapproach is found energy efficient than the distributed approach.
20A Conceptual Framework for an IoT-Based Health Assistant and Its Authorization Model
Sejong University (CSE), Inha University (UWB ITRC)Conclusion
Discussion
21Web: www.riazulislam.com E-mail: [email protected]
Sejong University (Dept. Computer Engineering)Comments!