International Journal of Distributed Sensor Networks (Sep 2019)

Privacy-based medical data protection against internal security threats in heterogeneous Internet of Medical Things

  • Muhammad Asif Habib,
  • C M Nadeem Faisal,
  • Shahzad Sarwar,
  • Muhammad Ahsan Latif,
  • Farhan Aadil,
  • Mudassar Ahmad,
  • Rehan Ashraf,
  • Muazzam Maqsood

DOI
https://doi.org/10.1177/1550147719875653
Journal volume & issue
Vol. 15

Abstract

Read online

Data and information security is considered to be an important and challenging task for any field of life. But it becomes more critical especially when it deals with the medical field due to life and health hazards. The ratio of internal security threats to external threats always remains high. A huge number of efforts and technical expertise are required in the case of attacking the system from the external environment. But it requires fewer efforts if a system is attacked internally by the stakeholders of the system. This article presents an access control model that secures the medical data of patients against internal cybersecurity threats. It allows only the legitimate users, that is, authorized patients and doctors to communicate despite the fact of physical boundaries. The proposed model implements authorization in combination with permissions and roles instead of roles only for medical staff. It removes the discrepancies in the existing access control models. The proposed model ensures communication among doctors and patients in a secure, private, and efficient manner. The model is demonstrated by using mathematical modeling along with implementation examples. The proposed model outperformed in comparison with state-of-the-art access control models.