Information Technology Reference
In-Depth Information
Figure 6. Biometric key agreement and data confidentiality and integrity protocol steps
information categories these entities are
allowed to access.
3. Preventing a compromised or stolen body
sensor from revealing the human subject's
data or any information that may jeopardize
the privacy of this data.
data by querying the storage site, and 4) a PKG
responsible of generating the IBE private keys.
The main principle behind using IBE is for the
sensor nodes to encrypt data by a public key that
is generated on-the-fly using a string identifier
containing the required access control informa-
tion. For instance, if the patient wants Doctor John
Smith to access its ECG data only two days after
this data is released, she informs the BSN sensors
to use the following string to derive the public key.
Tan et al. (2008) present a security model based
on the ECC and IBE cryptographic primitives
(a description of ECC and IBE cryptographic
schemes is presented in the second section) to
address the above mentioned BSN privacy require-
ments. The work in (Tan et al., 2008) is not the
first to propose using IBE for protecting medical
content (Malan et al., 2004; Mont, Bramhall, &
Harrison, 2003), however the contribution of this
work resides in developing a light-weight IBE
model (IBE-Lite) that can be efficiently imple-
mented on resource-constrained body sensors.
The IBE privacy-preserving scheme consists
of four main players: 1) the patient whose medical
status is monitored using a BSN, 2) a storage site
for storing the patient's collected physiological
data, 3) a doctor that accesses the patient's medical
str
= (
15:23;3-21-2010;2;John Smith; ECG).
The public key
y
str
derived from
str
will be used
by the sensors to encrypt the ECG data before
sending it to the storage site.
When the medical doctor requires access to
the encrypted data, he authenticates to the PKG
to prove that he is John Smith. As part of the au-
thentication process, the PKG also ensures that the
data type is ECG and that the access time belongs
to the two day authorization period. If all the ac-
cess conditions are satisfied, the PKG generates
the private key
x
str
and securely releases it to the
requesting doctor.
Search WWH ::
Custom Search