Abstract
Sensor nodes and actuators are becoming ubiquitous and research efforts focus on addressing the various issues stemming from resources constraints and other intrinsic characteristics typically associated with such devices and their applications. In the case of wearable nodes, and especially in the context of e-Health applications, the security issues are exacerbated by the direct interaction with the human body and the associated safety and privacy concerns. This work presents a policy-based, unified, cross-platform and flexible access control framework. It adopts a web services-compliant approach to enable secure and authorized fine-grained access control to body sensor network resources and services. The proposed scheme specifically considers the very limited resources of so-called nano nodes that are anticipated to be used in such an environment. A proof-of-concept implementation is developed and a preliminary performance evaluation is presented.
Chapter PDF
Similar content being viewed by others
References
Enterprise Java XACML, http://code.google.com/p/enterprise-java-xacml/
PicketBox XACML, https://community.jboss.org/wiki/PicketBoxXACMLJBossXACML
Service-Oriented Architecture for Devices (SOA4D), http://cms.soa4d.org/
Sun Microsystems Laboratories, XACML, http://sunxacml.sourceforge.net
Web Services for Devices (WS4D), http://ws4d.e-technik.uni-rostock.de
WS4D-JMEDS DPWS Stack, http://sourceforge.net/projects/ws4d-javame/
Devices profile for web services, version 1.1 (2009), http://docs.oasis-open.org/ws-dd/dpws/1.1/os/
Alhaqbani, B., Fidge, C.: Access control requirements for processing electronic health records. In: ter Hofstede, A., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 371–382. Springer, Heidelberg (2008)
Box, D., Cabrera, L.F., Critchley, C., Curbera, F., Ferguson, D., Graham, S., Hull, D., Kakivaya, G., Lewis, A., Lovering, B., Niblett, P., Orchard, D., Samdarshi, S., Schlimmer, J., Sedukhin, I., Shewchuk, J., Weerawarana, S., Wortendyke, D.: Web Services Eventing, WS-Eventing (2006), http://www.w3.org/Submission/WS-Eventing/
Dierks, T.: Rescorla, E.: RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 (2008), http://tools.ietf.org/rfc/rfc5246.txt
El-Aziz, A.A.A., Kannan, A.: Access control for healthcare data using extended XACML-SRBAC model. In: 2012 International Conference on Computer Communication and Informatics. Dept. of Information & Science Technology, Anna University, pp. 1–4. IEEE (January 2012)
Faye, Y., Niang, I., Noel, T.: A survey of access control schemes in wireless sensor networks. In: Proc. World Acad. Sci. Eng. Tech (Laboratory LID), pp. 814–823 (2011)
He, D., Bu, J., Zhu, S., Chan, S., Chen, C.: Distributed Access Control with Privacy Support in Wireless Sensor Networks. IEEE Transactions on Wireless Communications 10(10), 3472–3481 (2011)
Lascelles, F., Flint, A.: WS-Security Performance (2006), http://websphere.sys-con.com/node/204424
Lawrence, K., Kaler, C., Nadalin, A., Monzilo, R., Hallam-Baker, P.: Web Services Security: SOAP Message Security 1.1 (2006), http://docs.oasis-open.org/wss/v1.1/
Maerien, J., Michiels, S., Huygens, C., Hughes, D., Joosen, W.: Access Control in Multi-party Wireless Sensor Networks. In: Demeester, P., Moerman, I., Terzis, A. (eds.) EWSN 2013. LNCS, vol. 7772, pp. 34–49. Springer, Heidelberg (2013)
Nixon, T., Regnier, A., Jeyaraman, R.: SOAP-over-UDP Version 1.1 (2009), http://docs.oasis-open.org/ws-dd/soapoverudp/1.1/
Parducci, B., Lockhart, H., Rissanen, E.: eXtensible Access Control Markup Language (XACML) Version 3.0 (2003), http://docs.oasis-open.org/xacml/3.0/
Rantos, K., Papanikolaou, A., Fysarakis, K., Manifavas, C.: Secure policy-based management solutions in heterogeneous embedded systems networks. In: 2012 International Conference on Telecommunications and Multimedia (TEMU), pp. 227–232. IEEE (July 2012)
Rantos, K., Papanikolaou, A., Manifavas, C., Papaefstathiou, I.: Ipv6 security for low power and lossy networks. In: Wireless Days (WD). IFIP, pp. 1–8 (November 2013)
Rantos, K., Papanikolaou, A., Manifavas, C.: Ipsec over ieee 802.15.4 for low power and lossy networks. In: Proceedings of the 11th ACM International Symposium on Mobility Management and Wireless Access, MobiWac 2013, pp. 59–64. ACM, New York (2013)
Ray, P., Wimalasiri, J.: The need for technical solutions for maintaining the privacy of EHR. In: Proceedings of the International Conference of IEEE Engineering in Medicine and Biology Society, vol. 1, pp. 4686–4689. IEEE (2006)
Raza, S., Duquennoy, S., Chung, T., Yazar, D., Voigt, T., Roedig, U.: Securing Communication in 6LoWPAN with Compressed IPsec. In: Proceedings of the 7th IEEE International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS 2011), Barcelona, Spain (June 2011)
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security (2012), http://tools.ietf.org/rfc/rfc6347.txt
Serbanati, A., Segura, A.S., Oliverau, A., Saied, Y.B., Gruschka, N., Gessner, D., Gomez-Marmol, F.: Internet of Things Architecture, Concept and Solutions for Privacy and Security in the Resolution Infrastructure. EU project IoT-A, Project report D4.2 (2012), http://www.iot-a.eu/
Smith, R.: SPOTWorld and the Sun SPOT. 2007 6th International Symposium on Information Processing in Sensor Networks (2007)
Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J., Waldbusser, S.: Terminology for Policy-Based Management (2001), http://www.ietf.org/rfc/rfc3198.txt
Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM) (2003), http://tools.ietf.org/rfc/rfc3610.txt
Yang, G., Yacoub, M.: Body sensor networks. 6. Springer, London (2006)
Yu, S., Ren, K., Lou, W.: FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks. IEEE Transactions on Parallel and Distributed Systems 22(4), 352–362 (2011)
Zhu, Y., Keoh, S., Sloman, M., Lupu, E.: A lightweight policy system for body sensor networks. IEEE Transactions on Network and Service Management 6(3), 137–148 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Manifavas, C., Fysarakis, K., Rantos, K., Kagiambakis, K., Papaefstathiou, I. (2014). Policy-Based Access Control for Body Sensor Networks. In: Naccache, D., Sauveron, D. (eds) Information Security Theory and Practice. Securing the Internet of Things. WISTP 2014. Lecture Notes in Computer Science, vol 8501. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43826-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-662-43826-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43825-1
Online ISBN: 978-3-662-43826-8
eBook Packages: Computer ScienceComputer Science (R0)