Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system

Abstract

Abstract In this paper, a privacy-preserving smart IoT-based healthcare big data storage system with self-adaptive access control is proposed. The aim is to ensure the security of patients’ healthcare data, realize access control for normal and emergency scenarios, and support smart deduplication to save the storage space in big data storage system. The medical files generated by the healthcare IoT network are encrypted and transferred to the storage system, which can be securely shared among the healthcare staff from different medical domains leveraging a cross-domain access control policy. The traditional access control technology allows the authorized data users to decrypt patient’s sensitive medical data, but also hampers the first-aid treatment when the patient’s life is threatened because the on-site first-aid personnel are not permitted to get patient’s historical medical data. To deal with this dilemma, we propose a secure system to devise a novel two-fold access control mechanism, which is self-adaptive for both normal and emergency situations. In normal application, the healthcare staff with proper attribute secret keys can have the data access privilege; in emergency application, patient’s historical medical data can be recovered using a password-based break-glass access mechanism. To save the storage overhead in the big data storage system, a secure deduplication method is designed to eliminate the duplicate medical files with identical data, which may be encrypted with different access policies. A highlight of this smart secure deduplication method is that the remaining medical file after the deduplication can be accessed by all the data users authorized by the different original access policies. This smart healthcare big data storage system is formally proved secure, and extensive comparison and simulations demonstrate its efficiency.