A Secure and ID Privacy-Preserving Distributed Data Collection (SPDC) framework for Internet of Things Application

Abstract

We have witnessed a huge demand for remote provisioning of medical and healthcare services, where patients can access healthcare services via an application on their smartphones. With the rapid advance of IoT (Internet of Things) technologies, patients’ medical and health conditions will be monitored remotely in real-time via wearable devices or sensors worn by the patients. A core functional component in such a patient health monitoring system is the collection of a patient’s health data using wearable devices anywhere and anytime. Ensuring the security of data and identity (ID) privacy of the patient during this data collection process is paramount. This thesis investigates how to facilitate remote collection of a patient’s data anywhere and anytime while protecting the confidentiality of the data being collected and preserving the privacy of the patient’s ID. The investigation is carried out in a context in which the data collection service is provided by a third-party service provider. This opens up a number of security and ID privacy issues. To this end, the thesis has presented a novel framework for Secure and ID-Preserving distributed Data Collection (SPDC). In designing this framework, we have addressed three open questions which are identified based on our critical analysis of existing solutions: (i) how to support authorized use of the data collection service by a patient, that is provided by the third-party service provider without revealing the patient’s real ID (ii) how to prevent the inference of a patient’s ID from his/her contextual information and data collection service usage patterns and (iii) how to minimize processing load imposed on the end server thus reducing the risk of creating a performance bottleneck and supporting scalability. In addressing these questions, the thesis makes the following novel contributions. First, it presents a novel architecture for the framework which supports the use of a distributed set of data collection servers owned by different service providers and the healthcare provider. Second, the patient can select one server to be the home server, and select a number of servers to be the foreign servers. Third, the SPDC allows the patient to access any data collection servers using certificates generated by the patient. Fourth, the SPDC allows the patient to upload to the foreign servers using a swarming algorithm to hide the uploading pattern, the home server is responsible for collecting the patient's data from the foreign servers and sending them to the healthcare provider. Fifth, the SPDC proposes a method for efficient verification of each request (uploading) by the patient without searching the server’s database for the verification key to verify the request. The framework has been analyzed using a bench-marking tool and evaluated using queuing theory. The evaluation results indicate an efficient performance when the number of servers increases.

Date of Award	31 Dec 2022
Original language	English
Awarding Institution	The University of Manchester
Supervisor	Richard Banach (Supervisor) & Ning Zhang (Supervisor)