mGuard

# MGuard: A Secure mHealth Infrastructure for Real-Time Data transfer with Fine-grained Access Control over NDN

**MGuard** is an NDN-based system designed to support high-frequency mHealth data sharing with **fine-grained contextual access control** and **real-time data distribution**.  It is built on name-based access control (NAC/NAC-ABE) and PSync to enable timely access to sensitive mobile health data.

---

## Purpose

MGuard addresses two core challenges in mHealth data sharing:

1. **Access to privacy-sensitive data is limited to authorized users based on well defined polcies**  

2. **Supporting real-time sharing of high-frequency sensor data**  

---

## Core Components

### **Producer**

Receives data from the MD2K ecosystem or directly from device sensors.  

The producer:

- converts raw or derived data streams into NDN-named data objects,

- associates each object with appropriate attributes, and  

- stores encrypted data into the NDN repository.

It is also responsible for notifying subscribers when new data is available (via published manifest names).  

<!-- Based on the “Data Adapter” and “Publisher” modules described in the system design. -->

### **Controller**

Represents the policy and access management logic.  

The controller:

- defines **who** can access **which** data streams,  

- parses and manages access control policies, and  

- collaborates with the Attribute Authority to issue decryption keys (DKEYs) to validated data requesters.

It enforces the name-based access control structure.

### **Attribute Authority (AA)**

Part of the controller-side security infrastructure.  

The AA:

- validates requester identities (using the system’s trust anchor),

- issues policy-compliant decryption keys based on KP-ABE, and  

- publishes public parameters required for encryption.  

### **Consumer**

Subscribes to mHealth data streams according to the access rights defined for the requester.  

The consumer:

- receives notifications for new manifests,  

- fetches the corresponding encrypted data objects from the repository, and  

- decrypts data based on issued keys and permitted attributes.  

### **Repository**

Persistent storage for all published mHealth data objects, content keys, and manifests.  

The repository allows consumers to:

- retrieve data independently of the producer,  

- fetch CKs needed for decryption, and  

- access previously published (historical) data.  

---

## Navigation

- **[[Architecture]]**

  - **[[Architecture_Details|Architecture Details]]**

- **[[Design_Elements|Design Elements]]**

  - **[[Naming_Scheme|Naming Scheme]]**

  - **[[Trust_Model|Trust Model]]**

  - **[[Access_Control|Access Control]]**

  - **[[NAC-ABE_Design|NAC-ABE Design]]**

  - **[[Manifest_Design|Manifest Design]]**

  - **[[PSync_Design|PSync Design]]**

  - **[[Pub-Sub API|Pub-Sub API Design]]**

  - **[[Repo|Repo Design]]**

- **[[Developer_Guide|Developer Guide]]**

- [Open editable Figma diagram](https://www.figma.com/design/I2SLqGN17XJHh8KsyAJ88l/Untitled?node-id=0-1&t=xWqhvwrDlUOlkeVU-1)