MGuard: A Secure mHealth Infrastructure for Real-Time Data transfer with Fine-grained Access Control over NDN¶

MGuard is an NDN-based system designed to support high-frequency mHealth data sharing with fine-grained contextual access control and real-time data distribution. It is built on name-based access control (NAC/NAC-ABE) and PSync to enable timely access to sensitive mobile health data.

Purpose¶

MGuard addresses two core challenges in mHealth data sharing:

1. Access to privacy-sensitive data is limited to authorized users based on well defined polcies

2. Supporting real-time sharing of high-frequency sensor data

Core Components¶

Producer¶

Receives data from the MD2K ecosystem or directly from device sensors.

The producer:

• converts raw or derived data streams into NDN-named data objects,
• associates each object with appropriate attributes, and
  
• stores encrypted data into the NDN repository.

It is also responsible for notifying subscribers when new data is available (via published manifest names).

Controller¶

PolicyManager: represents the policy and access control management logic.

• defines who can access which data streams,
  
• parses and manages access control policies, and
  
• collaborates with the Attribute Authority to issue decryption keys (DKEYs) to validated data requesters.

Attribute Authority (AA)¶

Part of the controller-side security infrastructure.

The AA:

• validates requester identities (using the system’s trust anchor),
• issues policy-compliant decryption keys based on KP-ABE, and
  
• publishes public parameters required for encryption.
  

Consumer¶

Subscribes to mHealth data streams according to the access rights defined for the requester.

The consumer:

• receives notifications for new manifests,
  
• fetches the corresponding encrypted data objects from the repository, and
  
• decrypts data based on issued keys and permitted attributes.
  

Repository¶

Persistent storage for all published mHealth data objects, content keys, and manifests.

The repository allows consumers to:

• retrieve data independently of the producer,
  
• fetch CKs needed for decryption, and
  
• access previously published (historical) data.
  

Navigation¶

• Architecture
  • Architecture Details
• Design Elements
  • Naming Scheme
  • Trust Model
  • Access Control
  • NAC-ABE Design
  • Manifest Design
  • PSync Design
  • Pub-Sub API Design
  • Repo Design
• Developer Guide
• Open editable Figma diagram