ABSTRACT
Protecting patient information's confidentiality is paramount considering the widespread use of Internet of Things (IoT) gadgets in medical settings. This study's subjects are decentralized identifiers (DIDs) and verifiable credentials (VCs) in conjunction with an OAuth-based authorization framework, as they are the key to protecting IoT healthcare devices. DIDs enable autonomous authentication and trust formation between IoT devices and other entities. To authorize users and enforce access controls based on verified claims, VCs offer a secure and adaptable solution. Through the proposed framework, medical facilities can improve the privacy and security of their IoT devices while streamlining access control administration. An Smart pill dispenser in a hospital setting is used to illustrate the advantages of this method. The findings demonstrate the value of DIDs, VCs, and OAuth-based delegation in protecting the IoT devices. Improved processes for authorizing and controlling access to IoT devices are possible thanks to the research findings, which also help ensure patient confidentiality in the healthcare sector.
Supplemental Material
Available for Download
- C. Allen, The path to self-sovereign identity. 2016.Google Scholar
- F. Wang and P. De Filippi, ‘Self-sovereign identity in a globalized world: Credentials-based identity systems as a driver for economic inclusion’, Front. Blockchain, vol. 2, 2020.Google Scholar
- A. Mühle, A. Grüner, T. Gayvoronskaya, and C. Meinel, ‘A survey on essential components of a Self-Sovereign Identity’, arXiv [cs.CR], 2018.Google ScholarCross Ref
- A. Abraham, C. Schinnerl, and S. More, SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance: In: Proceedings of the 18th International Conference on Security and Cryptography. 2021.Google Scholar
- N. Naik and P. Jenkins, ‘Self-sovereign identity specifications: Govern your identity through your digital wallet using blockchain technology’, in 2020 8th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2020.Google ScholarCross Ref
- F. Schardong and R. Custódio, ‘Self-Sovereign Identity: A systematic review, mapping and taxonomy’, Sensors (Basel), vol. 22, no. 15, 2022.Google Scholar
- ‘Decentralized Identifiers (DIDs) v1.0’, Github.io. [Online]. Available: https://w3c.github.io/did-core/. [Accessed: 30-May-2023].Google Scholar
- M. Sharma and J. Lim, ‘A survey of methods guaranteeing user privacy based on blockchain in internet-of -things’, in Proceedings of the 2019 2nd International Conference on Data Science and Information Technology, 2019.Google ScholarDigital Library
- ‘Verifiable credentials data model v2.0’, Github.io. [Online]. Available: https://w3c.github.io/vc-data-model/. [Accessed: 30-May-2023].Google Scholar
- T. Zhou, X. Li, and H. Zhao, ‘EverSSDI: blockchain-based framework for verification, authorisation and recovery of self-sovereign identity using smart contracts’, Int. J. Comput. Appl. Technol., vol. 60, no. 3, p. 281, 2019.Google ScholarDigital Library
- L. Bathen , ‘SelfIs: Self-Sovereign Biometric IDs’, in 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), 2019.Google ScholarCross Ref
- D. Hardt, ‘The OAuth 2.0 authorization framework’, RFC Editor, 2012.Google Scholar
- ‘What is OAuth 2.0 and what does it do for you?’, Auth0. [Online]. Available: https://auth0.com/intro-to-iam/what-is-oauth-2. [Accessed: 30-May-2023].Google Scholar
- Auth, ‘Which OAuth 2.0 flow should I use?’, Auth0 Docs. [Online]. Available: https://auth0.com/docs/get-started/authentication-and-authorization-flow/which-oauth-2-0-flow-should-i-use. [Accessed: 30-May-2023].Google Scholar
- L. Seitz, S. Gerdes, G. Selander, M. Mani, and S. Kumar, ‘RFC 7744: Use cases for authentication and authorization in constrained environments’, IETF Datatracker, 29-Jan-2016. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc7744. [Accessed: 31-May-2023].Google Scholar
- M. B. Jones, E. Wahlstroem, S. Erdtman, and H. Tschofenig, ‘RFC 8392: CBOR Web Token (CWT)’, IETF Datatracker, 08-May-2018. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc8392. [Accessed: 31-May-2023].Google Scholar
- ‘Federated authorization for user-managed access (UMA) 2.0’, Kantarainitiative.org. [Online]. Available: https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html. [Accessed: 31-May-2023].Google Scholar
- ‘OpenID Connect Core 1.0 incorporating errata set 1’, Openid.net. [Online]. Available: https://openid.net/specs/openid-connect-core-1_0.html. [Accessed: 31-May-2023].Google Scholar
- S. C. Tamane, V. K. Solanki, and M. S. Joshi, ‘The basics of big data and security concerns’, in Privacy and Security Policies in Big Data, IGI Global, 2017, pp. 1–12.Google Scholar
- M. Yamin and A. A. A. Sen, ‘Improving privacy and security of user data in location Based Services’, in Research Anthology on Privatizing and Securing Data, IGI Global, 2021, pp. 1411–1437.Google Scholar
- P. Mahalle, S. Babar, N. R. Prasad, and R. Prasad, ‘Identity management framework towards internet of things (IoT): Roadmap and key challenges’, in Recent Trends in Network Security and Applications, Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 430–439.Google ScholarCross Ref
- N. Ambritta P, P. N. Railkar, P. N. Mahalle, Department of Computer Engineering, Smt. Kashibai Navale College of Engineering,University of Pune, Pune, India-411041, Department of Computer Engineering, Smt. Kashibai Navale College of Engineering,University of Pune, Pune, India-411041, and Department of Computer Engineering, Smt. Kashibai Navale College of Engineering,University of Pune, Pune, India-411041, ‘Proposed identity and access management in future internet (IAMFI): A behavioral modeling approach’, J. ICT Stand., vol. 2, no. 1, pp. 1–36, 2014.Google Scholar
- S. Ben Mokhtar, P.-G. Raverdy, A. Urbieta, and R. S. Cardoso, ‘Interoperable semantic and syntactic service discovery for ambient computing environments’, in Innovative Applications of Ambient Intelligence, IGI Global, 2011, pp. 213–232.Google Scholar
- P. A. Shelar, P. N. Mahalle, and G. Shinde, ‘Secure data transmission in underwater sensor network: Survey and discussion’, in Studies in Systems, Decision and Control, Cham: Springer International Publishing, 2020, pp. 323–360.Google Scholar
- ‘Vehicular networks security: attacks, requirements, challenges and current contributions’, Int. J. Ambient Comput. Intell.Google Scholar
- M. B. Salunke, P. N. Mahalle, and P. S. Dhotre, ‘Comprehensive threat analysis and activity modelling of physical layer attacks in internet of things’, in Handbook on ICT in Developing Countries, 1st Edition., New York: River Publishers, 2022, pp. 237–267.Google ScholarCross Ref
- K. Assa-Agyei, F. Olajide, and A. Lotfi, ‘Security and privacy issues in IoT healthcare application for disabled users in developing economies’, J. Internet Technol. Secur. Trans., vol. 10, no. 1, pp. 770–779, 2022.Google ScholarCross Ref
- I. Keshta, ‘AI-driven IoT for smart health care: Security and privacy issues’, Inform. Med. Unlocked, vol. 30, no. 100903, p. 100903, 2022.Google ScholarCross Ref
- I. Sadek, J. Codjo, S. U. Rehman, and B. Abdulrazak, ‘Security and privacy in the internet of things healthcare systems: Toward a robust solution in real-life deployment’, Comput. Methods Programs Biomed. Update, vol. 2, no. 100071, p. 100071, 2022.Google ScholarCross Ref
- I. Makhdoom, I. Zhou, M. Abolhasan, J. Lipman, and W. Ni, ‘PrivySharing: A blockchain-based framework for privacy-preserving and secure data sharing in smart cities’, Comput. Secur., vol. 88, no. 101653, p. 101653, 2020.Google ScholarDigital Library
- I. Sadek, S. U. Rehman, J. Codjo, and B. Abdulrazak, ‘Privacy and security of IoT based healthcare systems: Concerns, solutions, and recommendations’, in How AI Impacts Urban Living and Public Health, Cham: Springer International Publishing, 2019, pp. 3–17.Google ScholarDigital Library
- A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, and B. Parno, ‘Cinderella: Turning shabby X.509 certificates into elegant anonymous credentials with the magic of verifiable computation’, in 2016 IEEE Symposium on Security and Privacy (SP), 2016.Google ScholarCross Ref
- E. Rescorla, K. Oku, N. Sullivan, and C. A. Wood, ‘Encrypted Server Name Indication for TLS 1.3’, IETF Datatracker. [Online]. Available: https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-02. [Accessed: 31-May-2023].Google Scholar
- ‘Decentralized identifiers (DIDs) v1.0’, Www.w3.org. [Online]. Available: https://www.w3.org/TR/did-core/. [Accessed: 31-May-2023].Google Scholar
- ‘Verifiable credentials data model v1.1’, Www.w3.org. [Online]. Available: https://www.w3.org/TR/vc-data-model/. [Accessed: 31-May-2023].Google Scholar
- L. Seitz, G. Selander, E. Wahlstroem, S. Erdtman, and H. Tschofenig, ‘Authentication and authorization for constrained environments using the OAuth 2.0 framework (ACE-OAuth)’, RFC Editor, 2022.Google Scholar
- D. Lagutin, Y. Kortesniemi, N. Fotiou, and V. A. Siris, ‘Enabling decentralised identifiers and verifiable credentials for constrained IoT devices using OAuth-based delegation’, in Proceedings 2019 Workshop on Decentralized IoT Systems and Security, 2019Google ScholarCross Ref
- P. Wouters, H. Tschofenig, J. Gilmore, S. Weiler, and T. Kivinen, “Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS),” IETF RFC7250, 2014Google ScholarDigital Library
Index Terms
- Enhancing Secure Access and Authorization in Healthcare IoT through an Innovative Framework: Integrating OAuth, DIDs, and VCs
Recommendations
An authorization mechanism for a relational database system
A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...
A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things
IoTDI '17: Proceedings of the Second International Conference on Internet-of-Things Design and ImplementationThe challenges posed by the Internet of Things (IoT) render existing security measures ineffective against emerging networks and devices. These challenges include heterogeneity, operation in open environments, and scalability. In this paper, we propose ...
Comments