TY - GEN
T1 - An Efficient GDPR-Compliant Data Management for IoHT Applications
AU - Chuang, I-Hsun
AU - Huang, Shih Hao
AU - Hong, Wan Hsuan
AU - Kuo, Yau Hwang
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The rapid rise of Internet of Health Things (IoHT) makes preserving data privacy become a critical task. In 2016, European Union has published General Data Protection Regulation (GDPR) which urges service providers to protect user privacy. Existing fine-grained encryption methods, such as key-policy attribute-based encryption (KP-ABE), belong to pairing-based cryptography which is impractical in resource-constraint IoHT devices. Also, habitual data-sharing systems fail to satisfy the right to access, the right to data portability, and the right to erasure claimed by GDPR at the same time. Thus, this paper proposes the GDPR-compliant Data Management (GCDM) composed of pairing-free KP-ABE (PF-KP-ABE) and GDPR-compliant Revocable Blockchain (GRBC) to provide IoHT applications efficient and secure data-sharing service. PF-KP-ABE exploits the pairing-free mechanism to improve the performance of fine-grained access control on IoHT devices. GRBC applies the special-designed Create/ Read/ Update/ Delete (CRUD) operations to comply with GDPR. Security analysis demonstrates the GDPR compliance of GRBC as well as the correctness of PF-KP-ABE. Then, the Perfect Forward Secrecy of PF-KP-ABE is also proved. Experiment results show that the proposed PF-KP-ABE outperforms existing KP-ABE on both Control Centre and IoHT devices. Hence, GCDM is the most practical data management for various IoHT applications.
AB - The rapid rise of Internet of Health Things (IoHT) makes preserving data privacy become a critical task. In 2016, European Union has published General Data Protection Regulation (GDPR) which urges service providers to protect user privacy. Existing fine-grained encryption methods, such as key-policy attribute-based encryption (KP-ABE), belong to pairing-based cryptography which is impractical in resource-constraint IoHT devices. Also, habitual data-sharing systems fail to satisfy the right to access, the right to data portability, and the right to erasure claimed by GDPR at the same time. Thus, this paper proposes the GDPR-compliant Data Management (GCDM) composed of pairing-free KP-ABE (PF-KP-ABE) and GDPR-compliant Revocable Blockchain (GRBC) to provide IoHT applications efficient and secure data-sharing service. PF-KP-ABE exploits the pairing-free mechanism to improve the performance of fine-grained access control on IoHT devices. GRBC applies the special-designed Create/ Read/ Update/ Delete (CRUD) operations to comply with GDPR. Security analysis demonstrates the GDPR compliance of GRBC as well as the correctness of PF-KP-ABE. Then, the Perfect Forward Secrecy of PF-KP-ABE is also proved. Experiment results show that the proposed PF-KP-ABE outperforms existing KP-ABE on both Control Centre and IoHT devices. Hence, GCDM is the most practical data management for various IoHT applications.
UR - http://www.scopus.com/inward/record.url?scp=85177822114&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85177822114&partnerID=8YFLogxK
U2 - 10.1109/ICCWorkshops57953.2023.10283547
DO - 10.1109/ICCWorkshops57953.2023.10283547
M3 - Conference contribution
AN - SCOPUS:85177822114
T3 - 2023 IEEE International Conference on Communications Workshops: Sustainable Communications for Renaissance, ICC Workshops 2023
SP - 1950
EP - 1955
BT - 2023 IEEE International Conference on Communications Workshops
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE International Conference on Communications Workshops, ICC Workshops 2023
Y2 - 28 May 2023 through 1 June 2023
ER -