Abstract
Purpose
Coronavirus Disease 2019 (COVID-19) necessitated the need for “Hospital-at-home” improvisations that involve wearable technology to classify patients within households before visiting health institutions. Do-It-Yourself wearable devices allow for the collection of health data leading to the detection and/or prediction of the prevalence of the disease. The sensitive nature of health data requires safeguards to ensure patients’ privacy is not violated. The previous work utilized Hyperledger Fabric to verify transmitted data within Smart Homes, allowing for the possible implementation of legal restrictions through smart contracts in the future. This study aims to explore privacy-enhancing authentication schemes that are operated by multiple credential issuers and capable of integration into the Hyperledger ecosystem.
Design/methodology/approach
Design Science Research is the methodology that was used in this study. An architecture for ABC-privacy was developed and evaluated.
Findings
While the privacy-by-design architecture enhances data privacy through edge and fog computing architecture, there is a need to provide an additional privacy layer that limits the amount of data that patients disclose. Selective disclosure of credentials limits the number of information patients or devices divulge.
Originality/value
The evaluation of this study identified Coconut as the most suitable attribute-based credentials scheme for the Smart Homes Patients and Health Wearables use case Coconut user-centric architecture Hyperledger integration multi-party threshold authorities public and private attributes re-randomization and unlinkable revelation of selective attribute revelations.
Keywords
Citation
Kembo, S.H., Mpofu, P., Jacques, S., Chitiyo, N. and Mukorera, B. (2023), "Patient and wearable device authentication utilizing attribute-based credentials and permissioned blockchains in smart homes", International Journal of Industrial Engineering and Operations Management, Vol. 5 No. 2, pp. 148-160. https://doi.org/10.1108/IJIEOM-02-2023-0021
Publisher
:Emerald Publishing Limited
Copyright © 2023, Solomon Hopewell Kembo, Patience Mpofu, Saulo Jacques, Nevil Chitiyo and Brighton Mukorera
License
Published in International Journal of Industrial Engineering and Operations Management. Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and no commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
1. Introduction
The emergence of COVID-19 in Wuhan in December 2019 paralyzed the global health system, as evidenced by infected patients, hospital ward shortages, increased us of artificial ventilators and face masks. The World Health Organization (WHO) guidelines for isolating or quarantining COVID-19-infected or exposed individuals, respectively, increased the demand for remote health monitoring options. To address the need for remote healthcare models, numerous IoT innovations, such as wearable devices, drones, robots, IoT buttons and smartphone applications, are being investigated to combat COVID-19 at various stages of the pandemic, including, early diagnosis, quarantine and recovery (Nasajpour et al., 2020). IoT-powered wearable devices offer a low-cost option for remote monitoring of physiological and biochemical parameters. This option has the potential to supplement existing health facilities while also effectively dealing with the logistical challenges associated with mass testing.
When it comes to technology, the cost is a deciding factor in the global south, which is characterized by low disposable income. However, consumers’ desire to purchase low-cost devices frequently leads them to purchase equipment from untrustworthy vendors. In addition to the security risks associated with purchasing low-cost devices, consumers will face interoperability issues because most low-tech vendors do not use universal standards when developing their products. Blockchain technology has recently been implemented in a variety of use cases other than cryptocurrency. Previously, we used private Blockchains to demonstrate that installed devices were not invading consumers’ privacy (Kembo et al., 2020). Such a system must allow for interoperability while also identifying instances of security violations that involve invading the privacy of owners. While private Blockchains provide a layer of local privacy, global privacy becomes a challenge when requiring integration with public platforms that support smart contracts (Sonnino et al., 2019).
In the digital economy, the more individuals conduct digital activities, the more their digital trials increase. As digital footprints increase chances of abuse of the personal data divulged also inadvertently increase.
Studies that include (Micheli et al., 2018) reveal that literature on digital inequalities tends not to consider the effect of digital footprints as social differentiators. While an increase in digital footprint has high commercial value for collectors of data, it also has the effect of violating fundamental human rights. Consequently, Cheng and Wang (2018) propose the awarding of semi-fundamental human right status to digital footprint privacy. “Notice and Choice” while aimed at empowering users to protect private data results in a “Privacy Paradox” which limits consumers’ ability to protect their privacy (Dorri et al., 2017). A possible workaround for the “Privacy Paradox” is to empower users at the authentication stage of digital interaction.
An effective ABC system must provide essential features that include anonymity, untraceability, unlinkability, selective disclosure of attributes, non-transferability, revocation and malicious user identification (Hajny and Malina, 2012). The “minimum information disclosure principle” guarantees users’ privacy by ensuring that collaboration among service providers will not allow them to obtain new information about the user (Maria de Fuentes et al., 2018). However, a major hindrance to the adoption of the ABC scheme within practical applications is the complexity of cryptographic protocols (Camenisch et al., 2013). Another challenge of utilizing ABC privacy scheme is the difficulty in switching the underlying cryptographic algorithms when an application has been designed. In order to implement data minimization in decentralized privacy-preserving schemes, it is also imperative to mitigate the need for interactive proofs between the user and the verifier (Schanzenbach et al., 2019).
1.1 Objectives
The specific objectives of the study include
To customize an Internet of Things (IoT) platform that can connect and collect data from health wearable devices within households.
To evaluate mature, robust ABC technologies in order to identify the most suitable scheme that integrates with our previous work on permissioned Blockchains.
To develop a privacy-preserving IoT architecture for smart homes that implements the multi-party ABC paradigm as well as works with private Blockchains.
1.2 Contributions
The key contributions of this study include privacy-preserving ABC architecture for permissioned and permissionless Blockchains that implement local and global privacy for Smart Homes’ Patients and Health Wearables use case. Previous work (Kembo et al., 2020) considered the use of an interoperable Mozilla web of things gateway and permissioned Blockchain for privacy without the use of multi-party authentication.
The remainder of the essay is organized as follows after this introduction: The literature on Wearables for Early Presymptomatic and Asymptomatic Detection of COVID-19 is reviewed in Section 2. The Security Vulnerabilities of Wearable Devices, Evaluation of Privacy-ABC Implementations and the technologies employed are also covered. The research science research is applied in the third stage, which is referred to as methodology, to provide knowledge that professionals in the relevant field may use to develop answers to their practical problems. The notion of Testbed and Adapted Architectural Design is introduced. The conclusion is offered in the final phase of our endeavour to complete it.
2. Literature review
In this section, we review some of the recent work related to IoT wearable devices for health and device authentication using selected attributes.
Next-generation sequencing, quantitative reverse transcription-polymerase chain reaction (qRT-PCR), point of care testing (POCT) and In Vitro Diagnostics (IVDs) are among the conventional diagnostic tools used to detect COVID-19 (Kumar et al., 2020). The requirement to meet qualified health personnel within health facilities, which is currently a challenge given the lack of capacity in the existing health infrastructure, is a major impediment to the use of these diagnostic tools. Another issue with traditional COVID-19 detection methods is their lack of accuracy, as evidenced by numerous cases of false-positive results (Surkova et al., 2020). While mass testing for COVID-19 became necessary during the public health crisis, costs constrained developing countries from testing citizens on a long-term basis (Songok, 2020). Radin et al. (2020) state that collecting and collating physiological and activity data within a population has the potential to improve the timeliness and accuracy of public health interventions.
2.1 Wearables for early presymptomatic and asymptomatic detection of COVID-19
Persons infected with the highly contagious Severe Acute Respiratory Syndrome Coronavirus 2 (SARS-CoV-2), the virus that causes COVID-19, are divided into five groups: asymptomatic, mild, moderate, severe and critical. Asymptomatic patients, despite being infected with the virus, never show symptoms. Asymptomatic SARS-CoV-2 patients pose a significant challenge because they can inadvertently infect others. According to one study (Oran and Topol, 2020), asymptomatic people account for 40% to 45% of SARS-CoV-2 infections. Presymptomatic patients, who do not initially show signs of COVID-19 infection despite being infected, run the risk of the virus spreading benignly.
Before the COVID-19 pandemic, numerous research initiatives were investigating the use of wearables in digital health. The Stanford Healthcare Innovation Lab is one institution leading COVID-19 research efforts using precision medicine. The innovation lab pioneered the multi-omic, longitudinal baseline profiling approach to healthcare, deriving precision medicine from both biology and data science, with over 693 publications. In one study (Li et al., 2017), 40 adults were tracked using wearable technology to gather genomic and biochemical information about disease and health. Big data, as evidenced by 250,000 bodily measurements per person per day, was capable of detecting early infections based on changes in heart rate. Over two years, the study evolved into a more rigorous assessment of seven of the wearables. The sensors were strapped to one volunteer’s wrist, belt, shirt and finger, continuously measuring his steps, physical activity, calories, heart rate, skin temperature, sleep, blood oxygen, radiation exposure and weight. In one case, the volunteer was able to detect changes in heart rate and consulted a physician, who assisted in the treatment of a Lyme infection.
The difficulties associated with identifying early asymptomatic and presymptomatic individuals, insufficient healthcare coupled with insufficient infrastructure and high health costs have necessitated the need for remote healthcare and detection methods that employ various types of wearable computing.
Several COVID-19 studies are using various types of wearables from various vendors to measure physiological parameters related to the disease. Fitbit, Oura, Apple, WHOOP, Beurer, AIO, Garmin and VivaLNK are among the wearable vendors and brands that sell wearable devices (Seshadri et al., 2020). While the most comprehensive studies combine high-end technology and big data, other studies use simple technology such as pulse oximeters to detect potential infections (Manshaei et al., 2013).
2.2 Security vulnerabilities of wearable devices
A typical wearable computing architecture involves data from devices travelling across short, unlicensed Body Area Networks (BAN) and Personal Area Networks (PAN) to a monitoring hub in the patient’s home. In turn, the monitoring hub will offload data to a broadband network, which will then route it to a third-party cloud analytics provider for further processing. The processing of data in the cloud is necessary due to limited memory and processing power of most wearables. As a result of the limited form factor and battery size of wearable devices, there are fewer options for implementing standard security on standard computing platforms.
While popular wearables brands such as Fitbit, Garmin, Apple, Xiaomi and Samsung provide some level of security, these devices are beyond reach for the majority of individuals in poor countries. Citizens in the Global South are forced to settle for wearable clones and counterfeits that fit their budgets, which brings security vulnerabilities (Mark et al., 2017). According to Young (2019), counterfeit device manufacturers have harmed the healthcare industry by abusing the medical community’s universal barcode, the Unique Device ID (UDI). Unscrupulous device manufacturers deceive the medical community by affixing the UDI values of newer devices to older devices, jeopardizing their security. Vulnerabilities occur when, for example, a newer patch is applied to an older device, potentially “bricking” the device, exposing vulnerabilities and causing the device to malfunction.
While the device producer has a responsibility of secrecy, it is the consumer’s “right to be left alone”. Regulations like the European Union’s General Data Protection Regulation (GDPR) make it possible to impose confidentiality requirements on approved wearable device manufacturers. However, unlike developed countries that use GDPR, countries in the Global South lack a solid public policy that safeguards citizens utilizing IoT and wearable devices. As a result, consumers of wearable devices in developing countries have easier but riskier access to uncertified alternatives, necessitating the development of tools to ensure that they retain control over their personal settings when purchasing cloned, uncertified wearables in unregulated jurisdictions.
2.3 IoT wearable devices’ interoperability challenges
Vertical IoT ecosystems provide the most dominant IoT paradigm, in which interoperability across devices from different verticals becomes more difficult. Protocols that assure comprehensive, interoperable and simplified IoT stacks are being developed, led by Standards Developing Organizations such as the Internet Engineering Task Force (IETF) (Moniruzzaman et al., 2020). The original Internet protocols were not intended for IoT devices with limited capabilities. Constrained Application Protocol (CoAP), IPv6 over Low Power WPAN (6LoPAN) and Constrained Binary Object Representation (CBOR) are among the newer IoT-specific protocols in development. Semantic interoperability is also being worked on, which allows devices to be discovered transparently using metadata (context-based) and/or device values (content-based) (Cimmino et al., 2020).
The World Wide Web, which allows users to explore multiple types of content, is credited with bringing the Internet out of research institutions and into the public sphere. The World Wide Web Consortium (W3C) (Kovatsch et al., 2020) is working on a set of Web of Things (WoT) standards to address IoT interoperability challenges across platforms and application domains. Smart devices will be able to communicate with online apps as a result of WoT. Mozilla created the WebThings gateway, which allows smart devices to communicate with each other in a vendor-neutral manner. Web things have a Representational State Transfer (REST) Application Programming Interface (API) that follows the WoT standard (Mozilla, 2020a, b). Due to the fact that the WebThings gateway can be installed on a Raspberry Pi single-board computer, it is ideal for home use, potentially powering future Smart Homes in the global south.
2.4 Private and permissioned blockchain on single-board computers
Blockchain is a Distributed Ledger Technology (DLT) that creates an immutable and verifiable record of transactions between two parties. The Bitcoin cryptocurrency was the first to use Blockchain. Various efforts, however, are investigating the use of DLT technology in a variety of use cases, including smart homes (Dorri et al., 2017; Xue et al., 2018; Lee et al., 2020; Khezr et al., 2020). Furthermore, the use of blockchain in healthcare demonstrates the technology’s ability to ensure anonymity for personal and sensitive patient data, as evidenced by studies that include (Dwivedi et al., 2019). Currently, Raspberry Pi is being utilized for purposes other than what it was designed for, which is as an educational tool. The use of Raspberry Pi in several sectors has aided Blockchain researchers who are deploying private Blockchains. For example, Fernando et al. (2019) created an Ethereum private Blockchain application for a pharmaceutical use case that ran on a Raspberry Pi.
The euphoria around Blockchain technology, on the other hand, has cast doubt on its utility in a variety of practical situations. On multiple occasions, technology opportunists have been chastised for exploiting DLT by turning Blockchain into a “solution looking for a problem”. Wust and Gervais (2018) developed a flowchart-based methodology for evaluating the utility of different types of Blockchain. The flow chart works by asking a series of questions to determine if a certain problem is best solved using Blockchain.
2.5 Digital footprints
Our previous work (Mpofu et al., 2020) proposes a “Privacy by Design” IoT Edge and Fog Computing architecture as a privacy solution for a community aquaponics project. Privacy-by-Design provides a game theory approach to tackling privacy issues. Manshaei et al. (2013) stated that game theory provides a framework that allows for a design mechanism that limits “free riders” from utilizing systems. It, in turn, balances privacy concerns with commercial interests and can be used to explain the need for a design mechanism to avoid “free riders”. Game theory provides a way for users to make their own decisions on whether to participate and the extent of participation in a privacy-preserving system. Users’ ability, provided by the system, to specify the precise extent of participation and amount of digital trail to leave behind, makes privacy-enhancing systems user-centric and intuitive.
Previous studies (Dimaggio et al., 2004; Cai and Van Dijk, 2008), on digital inequalities, identified a deeper understanding of various depths of Internet access as a narrowing to the widening digital divide. However, Micheli et al. (2018) demonstrate how different communities experience advantages or disadvantages arising from their digital footprints. The study identifies the role played by digital footprints created by big data and algorithms in reproducing inequalities. The study recommends that systems should be designed to prevent the widening of the “digital footprint” gap.
2.6 Evaluation of privacy-ABC implementations
One of the goals of this study is to evaluate mature, robust ABC technologies in order to identify the most suitable scheme that integrates with our previous work on permissioned Blockchains. We explore the key Privacy-ABC concepts that underpin mature, robust ABC technologies.
In a privacy-specific security scheme, when a user generates a private key, unlike in a Public Key Infrastructure (PKI) in which a single public is generated, multiple public keys can be generated. The multiple public keys which cannot be linked are known as pseudonyms (Lysyanskaya et al., 2000). Multiple pseudonyms ensure that it is impossible to link or deduce whether they were generated from the same or from different secret keys.
Anonymity within the privacy domain ensures that a subject cannot be identified within an anonymity set. Unlinkability, additionally, ensures that transactions are executed in such a way that private data cannot be linked to any other set of privacy-relevant data outside of the domain or requires a lot of effort to establish a linkage. Unlinkability, an integral part of data minimization, supports the purpose-binding principle which allows for separating data from persons through anonymization, pseudonymization, erasure or non-availability of data altogether (Pfitzmann, 2010).
A credential is a collection of attributes that have been certified and issued by an issuer. Key binding enables attributes to be secured by binding them to the user’s private keys. Effective privacy-ABC schemes initiate the authentication process for verifiers by receiving presentation policies stating the required attributes from the credentials (Camenisch et al., 2013). On presentation of credentials, the user will obtain a presentation token. Users will only show the requested attributes on verification while keeping the rest of the attributes secret. Presentation tokens will also be unlinkable and untraceable in order to protect the user from possible collusion by issuers and verifiers.
We evaluated two mature and robust ABC implementations, namely, ABC4Trust and Coconut using the benchmarking framework developed by Veseli et al. (2014). We constrained the factors from the benchmark to what is relevant to our study which is the functionality and practical viability of permissioned Blockchains.
2.6.1 ABC4Trust
ABCTrust is an EU-supported project that aims to achieve the federation and interchangeability of technologies that implement privacy-preserving Attribute-Based Credentials (ABC). ABC4Trust’s architecture functionally decomposes its components in such a way that they are independent of the underlying algorithms or cryptographic components used underneath. The layered ABC engine is modular allowing extensions to be added in the future. ABC4Trust crypto architecture replaced IBM’s Identity Mixer (Idemix) library which added modularity to the scheme. ABC4Trust’sAPI enables application developers to implement their own user interface and to integrate Privacy-ABCs in their applications while abstracting away their cryptographic realization. Core Privacy-ABC features available in ABC4Trust include basic presentation, key binding, pseudonyms, inspection, credential issuance and revocation (Sabouri and Rannenberg, 2015).
2.6.2 Coconut
Coconut is a novel approach to Privacy-ABC whose features include threshold authorities, blind issuance, unlinkability, non-interactivity, liveness and short credentials. Coconut balances the provision of fully functional selective disclosure credentials and distributed trust assumptions. Instead of entrusting a single issuer with the credential signature keys, Coconut implements threshold issuance in addition to re-randomization and blind issuance to prevent malicious issuers from forging credentials. The complete set of Privacy-ABC features in Coconut makes it possible to develop a platform that supports smart contracts that include Ethereum, Chainspace and Hyperledger (Sonnino et al., 2019).
2.7 Summary and synthesis
Recent work reveals different efforts to develop “Hospital-at-home” solutions utilizing Smart Homes’ IoT and wearables technology to combat the COVID-19 disease (Seshadri et al., 2020; Nasajpour et al., 2020). Most of the studies make use of wearable devices from traditional ecosystems including Fitbit, Apple, Garmin and Xiaomi. While these systems have guaranteed quality, they are out of reach for most homes in developing communities. In the case of homes in the global south that access average quality and inexpensive brands, there is a risk that different brands might not work together. There is a need, therefore, to explore inexpensive ways to provide interoperability between cheap wearables beyond the current per-vendor integrations. WoT is the most common solution to interoperability challenges in IoT.
Incidents have been recorded in which wearable devices leak data or are used to attack other devices. Thus, permissioned Blockchain technology, with its localization and immutability attributes, can potentially address privacy issues, as a mechanism to monitor the traffic generated by wearables and at the same time provides tools to preserve privacy within smart homes. From the Privacy-ABC schemes evaluated, Coconut stood out among the reference implementations as having the most thorough, feature-full, and decentralized ABC framework. It, therefore, follows that a new architecture that adds Coconut to prior work ought to be developed for future experimentation and testing.
3. Methodology
In this research, the methodology employed is Design Science Research (DSR). The reason for opting for DSR is that it is a paradigm for solving problems that seek to improve human understanding through the creation of physical products (Hevner, 2007). It also generates information about both the object of the design process and the method utilized to create a product in 3 different cycles as illustrated in Figure 1.
3.1 DSR as an artefact
An IT-enabled artefact Attribute-Based Credentials and Permissioned Blockchains in Smart Homes is developed and evaluated in this article using the DSR approach. This is because the methodology allows for a pragmatic and iterative design process to create an IT-enabled artefact. The DSR mainly consists of three interconnected cycles: relevance, rigour and design. The DSR cycles are illustrated in Figure 1.
3.2 Relevance cycle
In our earlier work, Hyperledger Fabric was used to validate data transmission within Smart Homes, enabling the future implementation of legal constraints via smart contracts to incorporate a privacy barrier that restricts the quantity of information that patients divulge. The idea was to use a Blockchain-based Hyperledger Fabric application to store data shared by IoT devices in a networked home. Additionally, it offers a user application (based on NodeJS) that enables homeowners to search the Blockchain for illicit sharing of sensitive information that raises suspicion.
3.3 Rigor cycle
The knowledge base, which includes supporting theories, strategies, domain experiences and expertise, was investigated. The game-theoretic Attribute-Based Credentials architecture, which makes use of the previously created Privacy by Design Edge and Fog architecture, has advanced the subject of game theory. The adoption of Coconut, which offers the complete set of needed Privacy-ABC features focused on issuing general-purpose selective disclosure credentials without compromising acceptable distributed trust assumptions, has broadened the realm of cryptography. Embedded devices were used in conjunction with a framework that is appropriate for our distributed edge and fog computing architecture since it can be combined with similar environments.
3.4 Design cycle
The research design comprised multiple design cycles conducted to test application functionality, improve the design and achieve the requirements from the knowledge base and the environment (Figure 2).
The first step comprises a Hyperledger Fabric application that uses Blockchain technology to store data shared by IoT devices in a connected house. Additionally, it offers a user application (based on NodeJS) that enables homeowners to search the Blockchain for illicit sharing of sensitive information that raises suspicion. On the GitHub source, there are instructions for recreating the setup (Makerspace, 2018).
The architecture was then designed into four subsystems: the IoT Wearable Devices subsystem; the Permissioned Blockchain subsystem; the Fog subsystems subsystem; and the Privacy-ABC layer subsystem.
The second step was to come up with the IoT Wearable Devices Subsystem layer which consisted of Wearable devices, a Wazihub LoRa gateway and the WebThings gateway software. This resource contains a complete list of devices, adapters and hardware for supported gateways (Mozilla, 2020a, b) and a Wazihub LoRa gateway that can send and receive messages from up to 200 devices and supports LoRaWAN.
The Blockchain subsystem was the second step which consisted of a permissioned distributed ledger framework implemented as a docker container. The subsystem provides identity management, event management and smart contracts.
Fourth, a cluster of Raspberry Pis running the K3s Kubernetes software to provide data aggregation services makes up the fog subsystem, and finally the ABC layer for privacy: A Coconut implementation that offers ABC authorities for privacy features.
3.4.1 Testbed and adapted architectural design
The initial prototype was submitted as ISOC Zimbabwe’s submission for the 2018 Chapterthon whose theme was “IoT Security”. It consists of a Hyperledger Fabric application to record data shared by IoT gadgets within a connected home using Blockchain technology. It also has a user application (based on NodeJS), which will allow homeowners to query the Blockchain for suspicious, unauthorized sharing of private data. Instructions to replicate the setup are available on the GitHub repository (Makerspace, 2018). A Privacy-ABC layer will be added to adapt the architecture further.
3.5 Choice of a traditional database or blockchain
The first step in deploying study objective 2 involved evaluating the most appropriate storage media for recorded data. The flowchart-based methodology developed by Wust and Gervais (2018) was utilized in answering questions as shown:
Is there a need to write state?
Yes, Wearables need to record measurements and the destination of data to write to.
Are there multiple writers?
Yes, multiple wearables will be measuring various activity, physiological and biochemical parameters at the same time.
Is there an Online Trusted Third Party?
No, the system uses an offline-first paradigm or multiple issuers
Are the writers known?
Yes, every wearable added to the Smart Home will be known
Are the writers trusted?
No, because Zimbabwe does not have an IoT Policy that vets IoT hardware and Smart Home to safeguard consumers who occasionally buy unbranded, cheap wearables.
Is there a need for verifiability?
No, the system prioritizes the privacy of patient data over transparency
Answers to these questions confirmed the suitability of utilizing a private Blockchain to augment data storage for the application.
3.6 Patients and wearables authentication architectural overview
The overall system can be viewed as four subsystems, namely (1) IoT Wearable Devices; (2) Permissioned Blockchain, (3) Fog subsystems and (4) the Privacy-ABC layer. Figure 2 represents the proposed system architecture containing the following components:
IoT Wearable Devices Subsystem: this layer comprises wearable devices, a Wazihub LoRa gateway and the WebThings gateway software. A full list of supported gateway hardware, adapter and devices is found in this resource (Mozilla, 2020a, b). A Wazihub LoRa gateway that supports LoRaWAN and is capable of sending and receiving messages from up to 200 devices.
Blockchain subsystem: a permissioned distributed ledger framework implemented as a docker container. The subsystem provides identity management, event management and smart contracts.
Fog subsystem: a cluster of Raspberry Pis implementing k3s Kubernetes distribution that provides data aggregation services.
Privacy-ABC layer: Coconut implementation that provides Privacy-ABC features characterized by multiple ABC authorities.
3.7 Hyperledger and coconut
Our previous study (Kembo et al., 2020) utilized the permissioned Hyperledger for a subset of privacy functions. Internally, Hyperledger uses a centralized authentication scheme utilizing a trusted third-party issuer through the public Blockchain for verification. However, as this scheme is vulnerable to an issuer going rogue, this study utilizes threshold issuance within Coconut. Coconut allows joint issuance of private and public attributes by a subset of mutually distrusting authorities. Coconut also enables conditional issuance of credentials using smart contracts based on the prevailing state of the Blockchain. Important steps within the architecture’s authentication workflow include the following steps:
Request: The user sends a coconut request, containing encrypted private and public attributes, to a set of signing authorities
Issue: each authority issues partial credentials
Aggregation and Re-Randomization: The user receives a threshold number of shares, consolidates them into an aggregate credential and re-randomizes them to protect them from possible collusion by authorities.
Show: The user, in possession of private attributes such as private key, selectively reveals attributes.
4. Conclusion
We present an improved game-theoretic Attribute-Based Credentials architecture that leverages the previously developed Privacy-by-Design Edge and Fog architecture. Coconut, unlike existing selective credential disclosure schemes, provides the full set of desired Privacy-ABC properties that are centred on issuing general-purpose selective disclosure credentials without sacrificing desirable distributed trust assumptions. The framework suits our distributed edge and fog computing architecture as it can also be integrated with distributed settings such as distributed ledgers. Ultimately our enhanced architecture minimizes the data divulged by users as it supports important functions that include distributed threshold issuance, public and private attributes, re-randomization and multiple unlinkable selective attribute revelations. While the edge and fog architecture preserve local privacy, the use of the Coconut framework ensures no natural single trusted third-party issues credentials, and the system is capable of interoperating with modern transparent computation platforms.
Figures
Figure 1
DSR interconnected cycles: relevance, rigour and design
Figure 2
System architecture
References
Cai, X. and Van Dijk, J.A.G.M. (2008), “The deepening divide: inequality in the information society”, Mass Communication and Society, Vol. 11 No. 2, pp. 221-224, doi: 10.1080/15205430701528655.
Cimmino, A., Poveda-Villalón, M. and García-Castro, R. (2020), “EWOT: a semantic interoperability approach for heterogeneous IoT ecosystems based on the web of things”, Sensors, Vol. 20 No. 3, p. 822, doi: 10.3390/s20030822.
Camenisch, J., Dubovitskaya, M., Lehmann, A., Neven, G., Paquin, C. and Preiss, F. (2013), “Concepts and languages for privacy-preserving attribute-based authentication”, HAL Open Science, pp. 34-52.
Cheng, F.-C. and Wang, Y.S. (2018), “The do not track mechanism for digital footprint”, Journal of Business Economics and Management, Vol. 19 No. 2, pp. 253-267.
Dimaggio, P., Hargittai, E., Celeste, C. and Shafer, S. (2004), “Digital inequality: from unequal access to differentiated use”, Social Inequality, pp. 355-400.
Dorri, S.S., Jurdak, R. and Gauravaram, P. (2017), “Blockchain for IoT security and privacy: the case study of a smart home”, IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 618-623, doi: 10.1109/PERCOMW.2017.7917634.
Dwivedi, A., Srivastava, G., Dhar, S. and Singh, R. (2019), “A decentralized privacy-preserving healthcare blockchain for IoT”, Sensors, Vol. 19 No. 2, p. 326, doi: 10.3390/s19020326.
Fernando, E., Meyliana and Surjandy (2019), “Blockchain technology implementation in Raspberry Pi for private network”, 2019 International Conference on Sustainable Information Engineering and Technology (SIET), doi: 10.1109/siet48054.2019.8986053.
Hajny, J. and Malina, L. (2012), “Unlinkable attribute-based credentials with practical revocation on smart-cards”.
Hevner, A. (2007), “A three cycle view of design science research”, Scandinavian Journal of Information Systems, Vol. 19.
Kembo, S.H., Mpofu, P., Mukorera, B.T. and Jacques, S. (2020), “Blockchain-secured health wearables in smart homes utilising Raspberry Pi web of things gateways”, International Conference on Industrial Engineering and Operations Management.
Khezr, S., Benlamri, R. and Yassine, A. (2020), “Blockchain-based model for sharing activities of daily living in healthcare applications”, 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress, pp. 627-633, doi: 10.1109/DASC-PICom-CBDCom-CyberSciTech49142.2020.00109.
Kovatsch, M., Matsukura, R., Lagally, M.T.K. and Kunihiko Toumura, K.K. (2020), “Web of things (WoT) architecture”. doi: 10.1109/MCOMSTD.001.1900014, available at: https://www.w3.org/TR/2020/REC-wot-architecture- 20200409/
Kumar, R., Nagpal, S., Kaushik, S. and Mendiratta, S. (2020), “COVID-19 diagnostic approaches: different roads to the same destination”, VirusDisease, Vol. 31 No. 2, pp. 97-105, doi: 10.1007/s13337-020-00599-7.
Lee, Y., Rathore, S. and Park, H.J. (2020), “A blockchain-based smart home gateway architecture for preventing data forgery”, Human-Centric Computing and Information Sciences, Vol. 10 No. 9, doi: 10.1186/s13673-020-0214-5.
Li, X., Dunn, J., Salins, D., Zhou, G., Zhou, W., Schüssler-Fiorenza Rose, S.M., Perelman, D., Colbert, E., Runge, R., Rego, S., Sonecha, R., Datta, S., McLaughlin, T. and Snyder, M.P. (2017), “Digital health: tracking physiomes and activity using wearable biosensors reveals useful health-related information”, PLOS Biology, Vol. 15 No. 1, e2001402, doi: 10.1371/journal.pbio.2001402.
Lysyanskaya, A., Rivest, R.L., Sahai, A. and Wolf, S. (2000), “Pseudonym systems”, Selected Areas in Cryptography.
Makerspace, S.P.M.I. (2018), “Proof of privacy”, available at: https://github.com/st-peters-mbare-iot-makerspace/proof-of-privacy
Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T. and Hubaux, J.P. (2013), “Game theory meets network security and privacy”, ACM Computing Surveys, Vol. 45 No. 3, pp. 1-39, doi: 10.1145/2480741.2480742.
Maria de Fuentes, J., Gonzalez-Manzano, L., Solanas, A. and Veseli, F. (2018), “Attribute-based credentials for privacy-aware smart health services in IoT-based smart cities”, Computer, Vol. 51 No. 7, pp. 44-53, doi: 10.1109/mc.2018.3011042.
Mark, M., Tehranipoor, U.G. and Swarup, B. (2017), “Invasion of the hardware snatchers: cloned electronics pollute the market fake hardware could open the door to malicious malware and critical failures, IEEE spectrum”, available at: https://spectrum.ieee.org/computing/hardware/invasion-of-the-hardware-snatchers-cloned-electronics-pollute-the-market
Micheli, M., Lutz, C. and Büchi, M. (2018), “Digital footprints: an emerging dimension of digital inequality”, Journal of Information, Communication, and Ethics in Society, Vol. 16 No. 3, pp. 242-251, doi: 10.1108/jices-02-2018-0014.
Moniruzzaman, M., Khezr, S., Yassine, A. and Benlamri, R. (2020), “Blockchain for smart homes: review of current trends and research challenges”, Computers and Electrical Engineering, Vol. 83, 106585, doi: 10.1016/j.compeleceng.2020.106585.
Mozilla (2020a), “Supported hardware”, available at: https://github.com/WebThingsIO/wiki/wiki/Supported-Hardware
Mozilla (2020b), “WebThings REST API”, available at: https://iot.mozilla.org/wot/
Mpofu, P., Kembo, S.H., Jacques, P. and Chitiyo, N. (2020), “Utilizing a privacy-preserving IoT edge and fog architecture in automated household aquaponics”, International Conference on Industrial Engineering and Operations Management.
Nasajpour, M., Pouriyeh, S., Parizi, R.M., Dorodchi, M., Valero, M. and Arabnia, H.R. (2020), “Internet of Things for current COVID-19 and future pandemics: an exploratory study”, Journal of Healthcare Informatics Research.
Oran, D.P. and Topol, E.J. (2020), “Prevalence of asymptomatic SARS-CoV-2 infection: a narrative review”, Annals of Internal Medicine, Vol. 173 No. 5, pp. 362-367, doi: 10.7326/M20-3012.10.1016/S2589-7500(19)30222-5.
Pfitzmann, A. (2010), “A terminology for talking about privacy by data minimization: pseudonymity, and identity management”, pp. 1-98.
Radin, M.J., Wineigner, N.E., Topol, E.J. and Steinhubl, S.R. (2020), “Harnessing wearable device data to improve state-level real-time surveillance of influenza-like illness in the USA: a population-based study”, Lancet Digital Health, Vol. 2 No. 2, pp. 85-93.
Sabouri, A. and Rannenberg, K. (2015), “ABC4Trust: protecting privacy in identity management by bringing privacy-ABCs into real-life”, IFIP Advances in Information and Communication Technology, pp. 3-16, doi: 10.1007/978-3-319-18621-4_1.
Schanzenbach, M., Kilian, T., Schutte, J. and Banse, C. (2019), “ZKlaims: privacy-preserving attribute-based credentials using non-interactive zero-knowledge techniques”, Proceedings of the 16th International Joint Conference on e-Business and Telecommunications.
Seshadri, D.R., Davies, E.V., Harlow, E.R., Hsu, J.J., Knighton, S.C., Walker, T.A., Voos, J.E. and Drummond, C.K. (2020), “Wearable sensors for COVID-19: a call to action to harness our digital infrastructure for remote patient monitoring and virtual assessments”, Frontiers in Digital Health, Vol. 2, doi: 10.3389/fdgth.2020.00008.
Songok, E. (2020), “A locally sustainable approach to COVID-19 testing in Africa”, The Lancet Microbe, Vol. 1 No. 5, p. e197, doi: 10.1016/s2666-5247(20)30118-x.
Sonnino, A., Al-Bassam, M., Bano, S., Meiklejohn, S. and Danezis, G. (2019), “Coconut: threshold issuance selective disclosure credentials with applications to distributed ledgers”, EU H2020 DECODE.
Surkova, E., Nikolayevskyy, V. and Drobniewski, F. (2020), “False-positive COVID-19 results: hidden problems and costs”, The Lancet Respiratory Medicine, Vol. 8 No. 12, pp. 1167-1168, doi: 10.1016/s2213-2600(20)30453-7.
Veseli, F., Vateva-Gurova, T., Krontiris, I., Rannenberg, K. and Suri, N. (2014), “Towards a framework for benchmarking privacy-ABC technologies”, IFIP International Information Security Conference.
Wust, K. and Gervais, A. (2018), “Do you need a blockchain?”, Proceedings - 2018 Crypto Valley Conference on Blockchain Technology, CVCBT, Vol. 2018 No. i, pp. 45-54, doi: 10.1109/CVCBT.2018.00011.
Xue, J., Xu, C. and Zhang, Y. (2018), “Private blockchain-based secure access control for smart home systems”, KSII Transactions on Internet and Information Systems, Vol. 12 No. 12, pp. 6057-6078.
Young, G. (2019), “Cybersecurity leaders are talking A lot about counterfeit devices, simply security”, available at: https://blog.trendmicro.com/cybersecurity-leaders-are-talking-a-lot-about-counterfeit-devices/
Further reading
Camenisch, J. and Lysyanskaya, A. (2001), “An efficient system for non-transferable anonymous credentials with optional anonymity revocation”, pp. 93-118.
Howell, G., Ledgerwood and Griffith, J. (2020), “Security analysis of first responder mobile and wearable devices”, available at: https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8196.pdf
Zhuo, K., Gao, C., Wang, X. and Wang, Z. (2020), “Stress and sleep: a survey based on wearable sleep trackers among medical and nursing staff in Wuhan during the COVID-19 pandemic”, General Psychiatry, Vol. 33 No. 3, pp. 1-6, doi: 10.1136/gpsych-2020-100260.