BTG-AC: Break-the-Glass Access Control Model for Medical Data in Wireless Sensor Networks

Wireless sensor networks (WSNs) have recently attracted much interest in the research community because of their wide range of applications. An emerging application for WSNs involves their use in healthcare where they are generally termed wireless medical sensor networks. In a hospital, outfitting every patient with tiny, wearable, wireless vital sign sensors would allow doctors, nurses, and other caregivers to continuously monitor the state of their patients. In such a scenario, patients are expected to be treated in reasonable time, so an access control model is needed, which will provide both real-time access to comprehensive medical records and detect unauthorized access to sensitive data. In emergency situations, a doctor or nurse needs to access data immediately. The loss in data availability can result in further decline in the patient's condition or can even lead to death. Therefore, the availability of data is more important than any security concern in emergency situations. To address that research issue for medical data in WSNs, we propose the break-the-glass access control (BTG-AC) model that is a modified and redesigned version of the break-the-glass role-based access control (BTG-RBAC) model to address data availability issue and to detect the security policy violations from both authorized and unauthorized users. Several changes within the access control engine are made in BTG-RBAC in order to make the new BTG-AC to apply and fit in WSNs. This paper presents the detailed design and development of the BTG-AC model based on a healthcare scenario. The evaluation results show that the concepts of BTG, prevention and detection mechanism, and obligation provide more flexible access than other current access control models in WSNs. Additionally, we compare the BTGAC model with an adaptive access control (A(2)C) model, which has similar properties, for further evaluation. Alongside with the comparison, the advantages and disadvantages of BTG-AC over current WSN access control models are presented.