Wiki » History » Version 20
Lan Wang, 11/23/2025 11:53 PM
| 1 | 1 | Suravi Regmi | # MGuard: A Secure mHealth Infrastructure for Real-Time Data transfer with Fine-grained Access Control over NDN |
|---|---|---|---|
| 2 | |||
| 3 | |||
| 4 | 15 | Lan Wang | **MGuard** is an NDN-based system designed to support high-frequency mHealth data sharing with **fine-grained contextual access control** and **real-time data distribution**. It is built on name-based access control (NAC/NAC-ABE) and PSync to enable timely access to sensitive mobile health data. |
| 5 | 1 | Suravi Regmi | |
| 6 | --- |
||
| 7 | |||
| 8 | ## Purpose |
||
| 9 | MGuard addresses two core challenges in mHealth data sharing: |
||
| 10 | |||
| 11 | 1. **Access to privacy-sensitive data is limited to authorized users based on well defined polcies** |
||
| 12 | |||
| 13 | 2. **Supporting real-time sharing of high-frequency sensor data** |
||
| 14 | |||
| 15 | --- |
||
| 16 | |||
| 17 | ## Core Components |
||
| 18 | |||
| 19 | ### **Producer** |
||
| 20 | Receives data from the MD2K ecosystem or directly from device sensors. |
||
| 21 | The producer: |
||
| 22 | - converts raw or derived data streams into NDN-named data objects, |
||
| 23 | - associates each object with appropriate attributes, and |
||
| 24 | - stores encrypted data into the NDN repository. |
||
| 25 | |||
| 26 | It is also responsible for notifying subscribers when new data is available (via published manifest names). |
||
| 27 | 19 | Lan Wang | |
| 28 | 1 | Suravi Regmi | ### **Controller** |
| 29 | Represents the policy and access management logic. |
||
| 30 | The controller: |
||
| 31 | - defines **who** can access **which** data streams, |
||
| 32 | - parses and manages access control policies, and |
||
| 33 | - collaborates with the Attribute Authority to issue decryption keys (DKEYs) to validated data requesters. |
||
| 34 | |||
| 35 | It enforces the name-based access control structure. |
||
| 36 | |||
| 37 | ### **Attribute Authority (AA)** |
||
| 38 | Part of the controller-side security infrastructure. |
||
| 39 | The AA: |
||
| 40 | - validates requester identities (using the system’s trust anchor), |
||
| 41 | - issues policy-compliant decryption keys based on KP-ABE, and |
||
| 42 | - publishes public parameters required for encryption. |
||
| 43 | |||
| 44 | ### **Consumer** |
||
| 45 | Subscribes to mHealth data streams according to the access rights defined for the requester. |
||
| 46 | The consumer: |
||
| 47 | - receives notifications for new manifests, |
||
| 48 | - fetches the corresponding encrypted data objects from the repository, and |
||
| 49 | - decrypts data based on issued keys and permitted attributes. |
||
| 50 | |||
| 51 | ### **Repository** |
||
| 52 | Persistent storage for all published mHealth data objects, content keys, and manifests. |
||
| 53 | The repository allows consumers to: |
||
| 54 | - retrieve data independently of the producer, |
||
| 55 | - fetch CKs needed for decryption, and |
||
| 56 | - access previously published (historical) data. |
||
| 57 | |||
| 58 | --- |
||
| 59 | |||
| 60 | ## Navigation |
||
| 61 | 8 | Suravi Regmi | |
| 62 | 1 | Suravi Regmi | - **[[Architecture]]** |
| 63 | 8 | Suravi Regmi | - **[[Architecture_Details|Architecture Details]]** |
| 64 | - **[[Design_Elements|Design Elements]]** |
||
| 65 | - **[[Naming_Scheme|Naming Scheme]]** |
||
| 66 | - **[[Trust_Model|Trust Model]]** |
||
| 67 | - **[[Access_Control|Access Control]]** |
||
| 68 | - **[[NAC-ABE_Design|NAC-ABE Design]]** |
||
| 69 | - **[[Manifest_Design|Manifest Design]]** |
||
| 70 | - **[[PSync_Design|PSync Design]]** |
||
| 71 | 12 | Suravi Regmi | - **[[Pub-Sub API|Pub-Sub API Design]]** |
| 72 | 13 | Suravi Regmi | - **[[Repo|Repo Design]]** |
| 73 | 8 | Suravi Regmi | - **[[Developer_Guide|Developer Guide]]** |
| 74 | 11 | Suravi Regmi | - [Open editable Figma diagram](https://www.figma.com/design/I2SLqGN17XJHh8KsyAJ88l/Untitled?node-id=0-1&t=xWqhvwrDlUOlkeVU-1) |