IEEE Access (Jan 2024)

Secure and Fine-Grained Access Control With Optimized Revocation for Outsourced IoT EHRs With Adaptive Load-Sharing in Fog-Assisted Cloud Environment

  • Somchart Fugkeaw,
  • Rohan Prasad Gupta,
  • Khanadech Worapaluk

DOI
https://doi.org/10.1109/ACCESS.2024.3412754
Journal volume & issue
Vol. 12
pp. 82753 – 82768

Abstract

Read online

With the employment of IoT technology and cloud computing in healthcare, outsourcing Electronic Health Records (EHRs) generated by IoT devices becomes the critical issue. In fact, as EHRs may be collected by different units within a hospital and traverse intranet or public networks, this introduces vulnerabilities to privacy breaches. Existing research efforts employ cloud-based access control with encryption solutions to secure outsourced EHRs. Nevertheless, in the context of an IoT cloud data-sharing environment, where data originates from numerous devices and user authorization status undergoes frequent changes, a gap persists in achieving a comprehensive and systematic integration of secure IoT data transfer and aggregation, coupled with efficient user revocation procedures. In this research, we proposed a blockchain-based access control scheme for outsourced IoT-enabled EHRs in fog-assisted cloud environment. Our proposed scheme achieves secure and fine-grained access control with scalable and efficient revocation based on the pseudo-random encryption, symmetric encryption, and ciphertext-policy attribute-based encryption (CP-ABE), and graph-based modeling. In our scheme, we utilized fog computing to transfer the resource-intensive tasks of encrypting and decrypting CP-ABE. Additionally, we introduced an adaptive load sharing algorithm to facilitate effective distribution of workloads among fog nodes. Moreover, we integrate blockchain technology to perform user authentication and verify the integrity of the EHRs within the system. Finally, we conducted a security analysis, comparative computation analysis, and experiments, demonstrating that the encryption and decryption costs of our scheme are comparable to related works. Furthermore, our proposed ciphertext retrieval mechanism, which is essential for ciphertext re-encryption resulting from user revocation, is more efficient than the traditional method.

Keywords