Multi-Level Privacy-Preserving Access Control as a Service for Personal Healthcare Monitoring

The Internet of Things (IoT) changes many sectors of our lives. In the healthcare domain, IoT presents as mobile medical applications over various sensors that update healthcare professionals on patients' health information. However, IoTbased healthcare systems also face major challenges in protecting patients' privacy via an effective access control system. This paper presents an ambient home solution framework for privacypreserving monitoring of patients' health status. We focus on two major points: 1) how to use the data collected from ambient and biometric sensors, to perform the high-level task of activity recognition, and 2) how to secure the collected healthcare data via effective access control. We achieve multi-level access control by using Public Key Infrastructure (PKI) for authentication and Attribute-Based Access Control (ABAC) for authorisation. Our access control system regulates access to healthcare data by classification over healthcare professionals and data. Our system provides guidelines to define data classes and healthcare professional groups and specifies security policies to control access to the data classes. The system is flexible and can incorporate more policy rules, professionals, and data classes.