Attribute based access control (ABAC) scheme with a fully flexible delegation mechanism for IoT healthcare

Due to the meteoric rise of cloud computing and the Internet of Things (IoT) concepts, remote monitoring of patients in real-time has become possible, and patients can now get healthcare services at home. To accomplish this, the patient's medical records must be stored on a server on the cloud. However, patient medical records kept on a server are extremely sensitive, making the Cloud-enabled IoT (CE-IoT) network vulnerable to several threats. Therefore, it must ensure that patient's medical records are not exposed to malicious users. Therefore, advanced fine-grained access control systems are required to protect data for authorized users. To realize the full potential of IoT healthcare, flexible access control schemes are a current field of research. We propose the Attribute-Based Access Control (ABAC) model with completely flexible and programmable delegation capabilities to satisfy the aforementioned requirements. In our addressed delegation model, a delegator may delegate fully or partially, depending on the situation. The delegator can delegate read, write, and edit permissions for a given resource. Our proposed scheme manages this permission delegation further by the Quality Factor (QF) of authorized users. The proposed scheme can provide multi-level access delegation by restricting the number of further delegations of a particular attribute. Each delegator can manage further delegations by delegatee to compensate for suitable user behaviors. Thus, a user can gain access to cloud-based healthcare data by presenting evidence that they hold the relevant attribute set (attributes may be assigned or delegated) according to the access policies. The proposed scheme also includes a mechanism for attribute revocation on demand. Theoretical and practical analyses demonstrate that the proposed scheme is computationally efficient, safe against attribute collusion, impersonation attacks, and replay attacks, and meets its stated goals. We have demonstrated that the proposed access control scheme has greater delegation capabilities than the existing ABAC scheme with access delegation capabilities.