Article Preview
TopIntroduction
IoT has gained widespread utility in the healthcare sector. Several medical devices, such as portable IoT and mobile-based devices can help monitor a patient's health. Resource-Constrained devices (RCD), such as implantable and wearable medical devices, can continuously monitor and log the health vitals of patients (Albahri et al. 2021, 2005, Liu et al., 2012). Resource-constrained mobile devices can also assist in healthcare, such as monitoring a user's health through health sensors and storing Electronic Health Records (EHR) as a contactless health card (D. Sethia, 2014). The user can share sensitive health information on these medical RCDs (IoT and mobile devices) with several healthcare professionals with different roles for accurate diagnostics and rehabilitation (Mohammadi et al., 2022). Figure 1 provides the details of such a healthcare architecture. However, it is essential to ensure privacy and security when several stakeholders access sensitive medical information. Different types of medical data must have specific role-based read and write access for healthcare professionals. For example, a pharmacist must be able to read only the medications and not access a patient's lab reports or diagnosis. The medical RCDs must encrypt all users' health data and share it selectively with stakeholders based on their roles. Standard encryption techniques such as symmetric and asymmetric algorithms are unsuitable for securing RCDs for access through multiple stakeholders. These techniques must share a secret key with the different stakeholders without selective access control.
Attribute-Based Encryption (ABE) (Sahai et al., 2005) is an encryption technique that efficiently supports one-to-many communication using public-key cryptography. It can assign multiple string-based descriptive identities to intended users. ABE schemes are of the following two variants: Key Policy Attribute-Based Encryption (KP-ABE) (Goyal et al., 2006, Sahai and Waters, 2005, Attrapadung et al., 2011) and Ciphertext Policy Attribute-Based Encryption (CP-ABE) (Bethencourt et al., 2007). KP-ABE requires all secret keys to define the access policy. A user can decrypt only those ciphertexts that satisfy the access policy associated with the decryption key. It makes the key generation step the most crucial phase in any KP-ABE scheme to ensure every user has the correct access privileges. While in the case of the CP-ABE scheme, the ciphertext defines the policy that a user needs to qualify to decrypt using the attributes on the decryption key. In the case of CP-ABE, the decryption key comprises the attributes. It can decrypt the ciphertext if the attributes on the decryption key satisfy the access policy. Hence CP-ABE can provide a solution to securing data and sharing it selectively with stakeholders with selective access.