A Secure Remote Monitoring Framework Supporting Efficient Fine-Grained Access Control and Data Processing in IoT

  • Yaxing ChenEmail author
  • Wenhai Sun
  • Ning Zhang
  • Qinghua Zheng
  • Wenjing Lou
  • Y. Thomas Hou
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 254)


As an important application of the Internet-of-Things, many remote monitoring systems adopt a device-to-cloud network paradigm. In a remote patient monitoring (RPM) case, various resource-constrained devices are used to measure the health conditions of a target patient in a distant non-clinical environment and the collected data are sent to the cloud backend of an authorized health care provider (HCP) for processing and decision making. As the measurements involve private patient information, access control, confidentiality, and trustworthy processing of the data become very important. Software-based solutions that adopt advanced cryptographic tools, such as attribute-based encryption and fully homomorphic encryption, can address the problem, but they also impose substantial computation overhead on both patient and HCP sides. In this work, we deviate from the conventional software-based solutions and propose a secure and efficient remote monitoring framework using latest hardware-based trustworthy computing technology, such as Intel SGX. In addition, we present a robust and lightweight “heartbeat” protocol to handle notoriously difficulty user revocation problem. We implement a prototype of the framework for PRM and show that the proposed framework can protect user data privacy against unauthorized parties, with minimum performance cost compared to existing software-based solutions with such strong privacy protection.


Remote patient monitoring Internet-of-Things (IoT) Fine-grained access control Secure hardware Trusted computing 



This work was sponsored by National Key Research and Development Program of China under Grant No. 2016YFB1000303, Innovative Research Group of the National Natural Science Foundation of China (61721002), Innovation Research Team of Ministry of Education (IRT_17R86), the National Science Foundation of China under Grant Nos. 61502379, 61532015 and 61672420, Project of China Knowledge Center for Engineering Science and Technology, and China Scholarship Council under Grant No. 201606280105. This work was also supported in part by US National Science Foundation under grants CNS-1446478 and CNS-1443889.


  1. 1.
    Hassanalieragh, M., Page, A., Soyata, T.: Health monitoring and management using Internet-of-Things (IoT) sensing with cloud-based processing: opportunities and challenges. In: IEEE SCC 2015 (2015)Google Scholar
  2. 2.
    Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE TPDS 24(1), 131–143 (2013)Google Scholar
  3. 3.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM 2010, pp. 1–9 (2010)Google Scholar
  4. 4.
    Sun, W., Yu, S., Lou, W., Hou, Y.T., Li, H.: Protecting your right: attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud. In: IEEE INFOCOM 2014, pp. 226–234 (2014)Google Scholar
  5. 5.
    Wan, A., Liu, J., Deng, R.H.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE TIFS 7(2), 743–754 (2012)Google Scholar
  6. 6.
    Yao, A.C.: Protocols for secure computations. In: IEEE SFCS 1982, pp. 160–164 (1982)Google Scholar
  7. 7.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: ACM STOC 2009, pp. 97–105 (2009)Google Scholar
  8. 8.
    Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: IEEE S&P 2016, pp. 636–654 (2016)Google Scholar
  9. 9.
    Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive, 86 (2016)Google Scholar
  10. 10.
    McKeen, F., Alexandrovich, L., Berenzon, A., Rozas, C., Shafi, H.: Innovative instructions and software model for isolated execution. In: Hardware and Architectural Support for Security and Privacy (2013)Google Scholar
  11. 11.
    Anati, I., Gueron, S., Johnson, S.P., Scarlata, V.R.: Innovative technology for CPU based attestation and sealing. In: Hardware and Architectural Support for Security and Privacy (2013)Google Scholar
  12. 12.
    Lee, S., Shih, M., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In: USENIX Security Symposium, pp. 557–574 (2017)Google Scholar
  13. 13.
    Wang, W., et al.: Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: ACM CCS 2017, pp. 2421–2434 (2017)Google Scholar
  14. 14.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). Scholar
  15. 15.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM CCS 2006, p. 89 (2006)Google Scholar
  16. 16.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE S&P 2007, pp. 321–334 (2007)Google Scholar
  17. 17.
    Wang, X., Zhang, J., Schooler, E.M., Ion, M.: Performance evaluation of attribute-based encryption: toward data privacy in the IoT. In: IEEE ICC 2014, pp. 725–730 (2014)Google Scholar
  18. 18.
    Yang, L., Humayed, A., Li, F.: A multi-cloud based privacy-preserving data publishing scheme for the Internet of Things. In: ACM ACSAC 2016, pp. 30–39 (2016)Google Scholar
  19. 19.
    Huang, Q., Yang, Y., Wang, L.: Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things. IEEE Access 5, 12941–12950 (2017)CrossRefGoogle Scholar
  20. 20.
    Zhang, P., Chen, Z., Liu, J.K., Liang, K., Liu, H.: An efficient access control scheme with outsourcing capability and attribute update for fog computing. Future Gener. Comput. Syst. 78(2), 753–762 (2018)CrossRefGoogle Scholar
  21. 21.
    Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with Haven. ACM TCS 33(3), 1–26 (2015)CrossRefGoogle Scholar
  22. 22.
    Abadi, M., Barham, P., Chen, J., et al.: TensorFlow: a system for large-scale machine learning. In: USENIX OSDI 2016, pp. 265–284 (2016)Google Scholar
  23. 23.
    Shinde, S., Tien, D.L., Tople, S., Saxena, P.: PANOPLY: low-TCB Linux applications with SGX enclaves. In: NDSS 2017 (2017)Google Scholar
  24. 24.
    Fisch, B.A., Vinayagamurthy, D., Boneh, D., Gorbunov, S.: Iron: functional encryption using Intel SGX. In: ACM CCS 2017, pp. 765–782 (2017)Google Scholar
  25. 25.
    Sun, W., Zhang, R., Lou, W., Hou, Y.T.: REARGUARD: secure keyword search using trusted hardware. In: IEEE INFORM 2018 (2018)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Yaxing Chen
    • 1
    • 2
    Email author
  • Wenhai Sun
    • 2
  • Ning Zhang
    • 2
  • Qinghua Zheng
    • 1
  • Wenjing Lou
    • 2
  • Y. Thomas Hou
    • 2
  1. 1.School of Electronic and Information EngineeringXi’an Jiaotong UniversityXi’anChina
  2. 2.Department of Computer ScienceVirginia Polytechnic Institute and State UniversityBlacksburgUSA

Personalised recommendations