Body area networks (BANs) frequently generate sensitive healthcare data from sensors and other devices. Security and privacy breaches in BAN systems can compromise information affecting patients’ physical health, emotional state, and financial well-being. The lack of well-defined security perimeters and qualified personnel to administer security in such dynamic environments requires an authorization framework for protecting patient data, where access depends on the users’ credentials, location, and time. Toward this end, this work aims to define a secure system architecture to incorporate fine-grained information access management. It also leverages a spatiotemporal attribute-based access control (STABAC) model to make it possible to enforce location and time factors with BAN policies and required attributes to make access decisions. The BAN policies have various dynamic constraints that may conflict with each other or introduce inconsistencies. Therefore, this work proposes a formal verification framework using timed colored Petri nets to ensure such errors are not introduced. The blockchain network is utilized to maintain policy integrity, where STABAC verifies policy integrity from the network through smart contract services before making access decisions. Finally, the policy and attribute management framework ensures that STABAC maintains a verified set of policies and attributes for authorizing uninterrupted care and services.
ChenMGonzalezSVasilakosA, et al. Body area networks: A survey. Mob Netw Appl2011; 16: 171–193.
2.
Matthew-MaichNHarrisLPloegJ, et al. Designing, implementing, and evaluating mobile health technologies for managing chronic conditions in older adults: A scoping review. JMIR Mhealth Uhealth2016; 4: e5127.
3.
UllahSKhanPUllahN, et al. A review of wireless body area networks for medical applications. arXiv preprint arXiv:1001.0831, 2010.
4.
BoulisASmithDMiniuttiD, et al. Challenges in body area networks for healthcare: The MAC. IEEE Commun Mag2012; 50: 100–106.
5.
MovassaghiSAbolhasanMLipmanJ, et al. Wireless body area networks: A survey. IEEE Commun Surv Tutor2014; 16: 1658–1686.
6.
MenonSCUmayalVSoniG, et al. A visual framework for an IoT-based healthcare system based on cloud computing. In: Using multimedia systems, tools, and technologies for smart healthcare services. USA: IGI Global, 2023, pp.83–95.
7.
LiMLouWRenK. Data security and privacy in wireless body area networks. IEEE Wirel Commun2010; 17: 51–58.
8.
AkbarMSHussainZShengM, et al. Wireless body area sensor networks: Survey of MAC and routing protocols for patient monitoring under IEEE 802.15. 4 and IEEE 802.15. 6. Sensors2022; 22: 8279.
9.
WarrenSLebakJYaoJ, et al. Interoperability and security in wireless body area network infrastructures. In: Proceedings of 2005 IEEE engineering in medicine and biology 27th annual conference, Shanghai, China, 17–18 January 2006, pp.3837–3840. USA: IEEE.
10.
KalpanaSAnnaduraiC. A novel energy efficient architecture for wireless body area networks. Pers Ubiquit Comput2023; 27: 1441–1452.
11.
GoyalRMittalNGuptaL, et al. Routing protocols in wireless body area networks: Architecture, challenges, and classification. Wirel Commun Mob Comput2023; 2023: 9229297, 1–19.
12.
DemroziFTurettaCKindtPH, et al. A low-cost wireless body area network for human activity recognition in healthy life and medical applications. IEEE Trans Emerg Top Comput2023; 11: 839–850.
13.
RadhaPSubadraMS. Ensemble learning based multiple mobile sink architecture for energy efficient wireless body area network towards disease centric patient group data management. J Pharm Negat Results2023; 13: 7096–7107.
14.
EspinaJBaldusHFalckT, et al. Towards easy-to-use, safe, and secure wireless medical body sensor networks. In: Mobile health solutions for biomedical applications. USA: IGI Global, 2009, pp.159–179.
15.
Marchand-MelsomANguyen MaiDB. Automatic repair of OWASP Top 10 security vulnerabilities: A survey. In: Proceedings of the IEEE/ACM 42nd international conference on software engineering workshops, Seoul, Republic of Korea, 5–11 October, 2020, pp.23–30.
16.
O.f.C. Rights (OCR). Top five issues in investigated cases closed with corrective action, by calendar year, 2008.
17.
SehAHZarourMAleneziM, et al. Healthcare data breaches: Insights and implications. In: Healthcare, Vol. 8. Multidisciplinary Digital Publishing Institute, U.S. National Institutes of Health's National Library of Medicine (NIH/NLM), 2020, p.133.
18.
ChernyshevMZeadallySBaigZ. Healthcare data breaches: Implications for digital forensic readiness. J Med Syst2019; 43: 1–12.
19.
MontonEHernandezJFBlascoJM, et al. Body area network for wireless patient monitoring. Inst Eng Technol2008; 2: 215.
20.
OttoCMilenkovicASandersC, et al. System architecture of a wireless body area sensor network for ubiquitous health monitoring. J Mob Multimed2006; 1: 307–326.
21.
KumarH. Wireless sensor networks in healthcare system: A systematic review. Wirel Pers Commun2024; 134: 1–22.
22.
Chávez-SantiagoRKhaleghiABalasinghamI, et al. Architecture of an ultra wideband wireless body area network for medical applications. In: Proceedings of ISABEL 2009. Second international symposium, Bratislava, Slovakia, 24–27 November 2009, pp.1–6. IEEE.
23.
WolfLSaadaouiS. Architecture concept of a wireless body area sensor network for health monitoring of elderly people. In: Proceedings of CCNC, 2007, pp.722–726. IEEE.
24.
FerraioloDFAtluriVGavrilaSI. The policy machine: A novel architecture and framework for access control policy specification and enforcement. J Syst Archit Embed Syst Des2011; 57: 412–424.
25.
HuVCFerraioloDKuhnR, et al. Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec Publ2013; 800: 1–54.
26.
ServosDOsbornSL. Current research and open problems in attribute-based access control. ACM Comput Surv (CSUR)2017; 49: 1–45.
27.
AmeerSBensonJSandhuR, et al. Hybrid approaches (ABAC and RBAC) toward secure access control in smart home IoT. IEEE Trans Dependable Secure Comput2022; 20: 4032–4051.
28.
YenI-LTiwariABastaniF. Access control in dynamic IoT scenarios. In: 2023 IEEE 15th international symposium on autonomous decentralized system (ISADS), Mexico City, Mexico, 15–17 March 2023, pp.1–8. USA: IEEE.
29.
GoyalGLiuPSuralS. Securing smart home iot systems with attribute-based access control. In: Proceedings of the 2022 ACM workshop on secure and trustworthy cyber-physical systems, Baltimore, MD, USA, 27 April 2022, pp.37–46. NY, USA: ACM.
30.
CremoneziBGomes FilhoARSilvaEF, et al. Improving the attribute retrieval on ABAC using opportunistic caches for Fog-based IoT networks. Comput Netw2022; 213: 109000.
31.
MonteiroJSáFBernardinoJ. Graph databases assessment: JanusGraph, Neo4j, and TigerGraph. In: Mesquita A, Abreu A, Carvalho JV, et al. (eds) Perspectives and trends in education and technology: Selected papers from ICITED 2022. Singapore: Springer, 2023, pp.655–665.
32.
JensenKKristensenLM. Timed coloured Petri nets. In: Coloured Petri nets. Berlin, Heidelberg: Springer, 2009, pp.231–255.
33.
SamuelAGhafoorABertinoE. A framework for specification and verification of generalized spatio-temporal role based access control model. 2007.
34.
ToahchoodeeMRayI. Using alloy to analyse a spatio-temporal access control model supporting delegation. Inst Eng Technol Inf Secur2009; 3: 75–113.
35.
ShafiqBMasoodAJoshiJ, et al. A role-based access control policy verification framework for real-time systems. In: 2005 10th IEEE international workshop on object-oriented real-time dependable systems , Sedona, AZ, USA, 2–4 February 2005, pp.13–20. USA: IEEE.
36.
RakkayHBouchenebH. Security analysis of role based access control models using colored Petri nets and CPNtools. In: Gavrilova ML, Tan CJK and Moreno ED (eds) Transactions on computational science IV. Berlin, Heidelberg: Springer, 2009, pp.149–176.
37.
Morales-SandovalMDe-La-Parra-AguirreRGaleana-ZapiénH, et al. A three-tier approach for lightweight data security of body area networks in E-health applications. IEEE Access2021; 9: 146350.
38.
JabeenTAshrafHKhatoonA, et al. A lightweight genetic based algorithm for data security in wireless body area networks. IEEE Access2020; 8: 183460.
39.
BuckCOlenbergerCSchweizerA, et al. Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Comput Secur2021; 110: 102436.
40.
DohertyNFFulfordH. Do information security policies reduce the incidence of security breaches: An exploratory analysis. Inf Resour Manag J2005; 18: 21–39.
41.
PriebeTDobmeierWKamprathN. Supporting attribute-based access control with ontologies. In: First international conference on availability, reliability and security (ARES’06), Vienna, Austria, 20–22 April 2006, p.8. USA: IEEE.
42.
JovanovEMilenkovicA. Body area networks for ubiquitous healthcare applications: Opportunities and challenges. J Med Syst2011; 35: 1245–1254.
43.
SaleemSUllahSYooHS. On the security issues in wireless body area networks. Int J Digit Content Appl2009; 3: 178–184.
44.
BaruaMAlamMSLiangX, et al. Secure and quality of service assurance scheduling scheme for WBAN with application to ehealth. In: Proceedings of 2011 IEEE wireless communications and networking conference (WCNC), Cancun, Mexico, 28–31 March 2011, pp.1102–1106. USA: IEEE.
45.
NandikantiASahuKNPanigrahiS. Security issues and solutions for reliable WBAN-based e-healthcare systems: A systematic review. In: Swarnkar T, Patnaik S, Mitra P, et al. (eds) Ambient intelligence in health care. Singapore: Springer, 2023, pp.21–32.
46.
LimSOhTHChoiYB, et al. Security issues on wireless body area network for remote healthcare monitoring. In: Proceedings of 2010 IEEE international conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC), Newport Beach, CA, USA, 7–9 June 2010, pp.327–332. USA: IEEE.
47.
RayIToahchoodeeM. A spatio-temporal role-based access control model. In: IFIP annual conference on data and applications security and privacy, Redondo Beach, CA, USA, 8–11 July 2007, pp.211–226. Berlin, Heidelberg: Springer.
48.
KuhnDRCoyneEJWeilTR. Adding attributes to role-based access control. Computer2010; 43: 79–81.
49.
ArdagnaCACremoniniMDamianiE, et al. Supporting location-based conditions in access control policies. In: Proceedings of the 2006 ACM symposium on information, computer and communications security, Taipei, Taiwan, 21–24 March 2006, pp.212–222. USA: ACM.
50.
ArdagnaCACremoniniMVimercatiSDCd, et al. Privacy-enhanced location-based access control. In: Handbook of database security: Applications and trends. Boston, MA: Springer, 2008, pp.531–552.
51.
Van CleeffAPietersWWieringaR. Benefits of location-based access control: A literature study. In: 2010 IEEE/ACM international conference on green computing and communications & international conference on cyber, physical and social computing, Hangzhou, China, 18–20 December 2010, pp.739–746. USA: IEEE.
52.
JiangMWangHZhangW, et al. Location-based data access control scheme for internet of vehicles. Comput Electr Eng2020; 86: 106716.
53.
ChenYRamamurthyKWenK-W. Organizations’ information security policy compliance: Stick or carrot approach?J Manag Inf Syst2012; 29: 157–188.
54.
SafaNSVon SolmsRFurnellS. Information security policy compliance model in organizations. Comput Secur2016; 56: 70–82.
55.
WhippleJArensmanWBolerMS. A public safety application of GPS-enabled smartphones and the Android operating system. In: IEEE international conference on Systems, Man and Cybernetics, 2009 (SMC 2009), San Antonio, TX, USA, 11–14 October 2009, pp.2059–2061. USA: IEEE.
56.
SposaroFTysonG. iFall: an Android application for fall monitoring and response. In: 2009 annual international conference of the IEEE Engineering in Medicine and Biology Society (EBMC), Minneapolis, MN, USA, 3–6 September 2009, pp.6119–6122. USA: IEEE.
57.
KüpperA. Location-based services: Fundamental and operation. UK: John Willey & Sons, Ltd, 2005.
58.
MainettiLPatronoLSergiI. A survey on indoor positioning systems. In: 22014 22nd international conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia, 17–19 September 2014, pp.111–120. USA: IEEE.
59.
HossainAMSohW-S. A survey of calibration-free indoor positioning systems. Comput Commun2015; 66: 1–13.
60.
HumphreysTELedvinaBMPsiakiML, et al. Assessing the spoofing threat: Development of a portable GPS civilian spoofer. In: Proceedings of the ION GNSS international technical meeting of the satellite division, Savannah, GA, USA, 16–19 September 2008, vol. 55, p.56. USA: Institute of Navigation.
61.
JansenKTippenhauerNOPöpperC. Multi-receiver GPS spoofing detection: Error models and realization. In: Proceedings of the 32nd annual conference on computer security applications, Los Angeles, California, USA, 5–8 December 2016, pp.237–250. USA: ACM.
62.
GhoshAMaederABakerM, et al. 5G evolution: A view on 5G cellular technology beyond 3GPP release 15. IEEE Access2019; 7: 127639.
63.
KeatingRYoonDTaoT, et al. Opportunities and challenges for NR rat-dependent based positioning. In: 2019 IEEE 90th vehicular technology conference (VTC2019-Fall), Honolulu, Hawaii, USA, 22–25 September 2019, pp.1–6. USA: IEEE.
64.
EzemaLSAniCI. Weighted multiple linear regression model for mobile location estimation in GSM network. Int J Interdiscip Telecommun Netw2020; 12: 57–69.
65.
FerraioloDChandramouliRHuV, et al. A comparison of attribute based access control (ABAC) standards for data services. Technical Report, Draft NIST Special Publication 800-178, National Institute of Standards and Technology, 2016.
66.
KayesAKalariaRSarkerIH, et al. A survey of context-aware access control mechanisms for cloud and fog networks: Taxonomy and open research issues. Sensors2020; 20: 2464.
67.
RydningDR-JG-JReinselJGantzJ. The digitization of the world from edge to core. Framingham: International Data Corporation. 2018, pp. 1–16.
68.
RizviSZRFongPW. Efficient authorization of graph-database queries in an attribute-supporting Rebac model. ACM Trans Privacy Secur2020; 23: 1–33.
69.
MohamedAAuerDHoferD, et al. Extended authorization policy for graph-structured data. SN Comput Sci2021; 2: 351.
70.
CandelCJFRuizDSGarcía-MolinaJJ. A unified metamodel for NoSQL and relational databases. Inf Syst2022; 104: 101898.
71.
MarsanMAConteGBalboG. A class of generalized stochastic Petri nets for the performance evaluation of multiprocessor systems. ACM Trans Comput Syst1984; 2: 93–122.
72.
JensenKKristensenLMWellsL. Coloured Petri nets and CPN tools for modelling and validation of concurrent systems. Int J Softw Tool Technol Transf2007; 9: 213–254.
73.
MilnerRTofteMHarperR, et al. The definition of standard ML: Revised. USA: MIT Press, 1997.
74.
HildenbrandtESaxenaMRodriguesN, et al. Kevm: A complete formal semantics of the Ethereum virtual machine. In: 2018 IEEE 31st computer security foundations symposium (CSF), Oxford, UK, 9–12 July 2018, pp.204–217. USA: IEEE.
75.
PandaSKSatapathySC. An investigation into smart contract deployment on Ethereum platform using Web3.js and solidity using blockchain. In: Data engineering and intelligent computing: Proceedings of ICICC 21–23 February 2020, New Delhi, India, 2021, pp.549–561. Singapore: Springer.
76.
WoodG, et al. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper2014; 151: 1–32.
