A Secure and Privacy-Preserving Data Collection (SPDC) Framework for IoT Applications

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Mobile patient monitoring systems monitor and treat chronic
diseases by collecting health data from wearable sensors through mobile
devices carried out by patients. In the future, these systems may be
hosted by a third-party service provider. This would open a number of
security and ID privacy issues. One of these issues is the inference attack.
This attack allows a single service provider from inferring the patient’s
identity by collecting a number of contextual information about the patient
such as the pattern of interaction with the service provider. Thus a
security and ID privacy mechanisms must be deployed. In this paper, we
propose a framework called Secure and Privacy-Preserving Data Collection
(SPDC) that allows the patient to encrypt the data and then upload
the encrypted data on di↵erent service providers rather than one while
allowing an anonymous linkage for the patient’s data which are scattered
across di↵erent service providers. In this framework, each patient is allowed
to select the service providers involved in the data collection, assigns
one as the home while the others consider foreign. The patient uses
the foreign to upload data while the home is responsible for anonymously
collecting the patient’s data from multiple foreign service providers and
deliver them to the healthcare provider. This framework also shows a
novel mechanism to conduct anonymous authentication across di↵erent
distributed service provides. The framework has been analyzed against
the specified design requirements and security threats.

Bibliographical metadata

Original languageEnglish
Title of host publication15th International Conference on Critical Information Infrastructures Security (CRITIS 2020)
Publication statusAccepted/In press - 26 Jun 2020
Event15th International Conference on Critical Information Infrastructures Security - Bristol, United Kingdom
Event duration: 2 Sep 20203 Sep 2020

Conference

Conference15th International Conference on Critical Information Infrastructures Security
Abbreviated titleCRITIS 2020
CountryUnited Kingdom
CityBristol
Period2/09/203/09/20