Wiki » History » Revision 26
Revision 25 (Lan Wang, 11/23/2025 11:58 PM) → Revision 26/50 (Lan Wang, 11/24/2025 12:00 AM)
# MGuard: A Secure mHealth Infrastructure for Real-Time Data transfer with Fine-grained Access Control over NDN **MGuard** is an NDN-based system designed to support high-frequency mHealth data sharing with **fine-grained contextual access control** and **real-time data distribution**. It is built on name-based access control (NAC/NAC-ABE) and PSync to enable timely access to sensitive mobile health data. --- ## Purpose MGuard addresses two core challenges in mHealth data sharing: 1. **Access to privacy-sensitive data is limited to authorized users based on well defined polcies** 2. **Supporting real-time sharing of high-frequency sensor data** --- ## Core Components ### **Producer** Receives data from the MD2K ecosystem or directly from device sensors. The producer: - converts raw or derived data streams into NDN-named data objects, - associates each object with appropriate attributes, and - stores encrypted data into the NDN repository, - notifies repository. It is also responsible for notifying subscribers when new data is available (via published manifest names). ### **Controller** Policy Manager - defines **who** can access **which** data streams, - parses and manages access control policies, and - collaborates with the Attribute Authority to issue decryption keys (DKEYs) to validated data requesters. Attribute Authority (AA) - validates requester identities (using the system’s trust anchor), - issues policy-compliant decryption keys based on KP-ABE, and - publishes public parameters required for encryption. ### **Consumer** Subscribes to mHealth data streams according to the access rights defined for the requester. The consumer: - receives notifications for new manifests, - fetches the corresponding encrypted data objects from the repository, and - decrypts data based on issued keys and permitted attributes. ### **Repository** Persistent storage for all published mHealth data objects, content keys, and manifests. The repository allows consumers to: - retrieve data independently of the producer, - fetch CKs needed for decryption, and - access previously published (historical) data. --- ## Navigation - **[[Architecture]]** - **[[Architecture_Details|Architecture Details]]** - **[[Design_Elements|Design Elements]]** - **[[Naming_Scheme|Naming Scheme]]** - **[[Trust_Model|Trust Model]]** - **[[Access_Control|Access Control]]** - **[[NAC-ABE_Design|NAC-ABE Design]]** - **[[Manifest_Design|Manifest Design]]** - **[[PSync_Design|PSync Design]]** - **[[Pub-Sub API|Pub-Sub API Design]]** - **[[Repo|Repo Design]]** - **[[Developer_Guide|Developer Guide]]** - [Open editable Figma diagram](https://www.figma.com/design/I2SLqGN17XJHh8KsyAJ88l/Untitled?node-id=0-1&t=xWqhvwrDlUOlkeVU-1)