Wiki » History » Version 3
Suravi Regmi, 11/20/2025 06:48 PM
| 1 | 1 | Suravi Regmi | # MGuard: A Secure mHealth Infrastructure for Real-Time Data transfer with Fine-grained Access Control over NDN |
|---|---|---|---|
| 2 | |||
| 3 | |||
| 4 | **MGuard** is an NDN-based system designed to support high-frequency mHealth data sharing with **fine-grained contextual access control** and **real-time data distribution**. |
||
| 5 | It builds on name-based access control (NAC/NAC-ABE)and PSync to enable timely access to sensitive mobile health data. |
||
| 6 | |||
| 7 | --- |
||
| 8 | |||
| 9 | ## Purpose |
||
| 10 | MGuard addresses two core challenges in mHealth data sharing: |
||
| 11 | |||
| 12 | 1. **Access to privacy-sensitive data is limited to authorized users based on well defined polcies** |
||
| 13 | |||
| 14 | 2. **Supporting real-time sharing of high-frequency sensor data** |
||
| 15 | |||
| 16 | --- |
||
| 17 | |||
| 18 | ## System Goals |
||
| 19 | - Provide secure sharing of heterogeneous, high-frequency sensor data. |
||
| 20 | - Enable real-time access to newly published mHealth data. |
||
| 21 | - Support fine-grained access control. |
||
| 22 | |||
| 23 | --- |
||
| 24 | |||
| 25 | ## Core Components |
||
| 26 | |||
| 27 | ### **Producer** |
||
| 28 | Receives data from the MD2K ecosystem or directly from device sensors. |
||
| 29 | The producer: |
||
| 30 | - converts raw or derived data streams into NDN-named data objects, |
||
| 31 | - associates each object with appropriate attributes, and |
||
| 32 | - stores encrypted data into the NDN repository. |
||
| 33 | |||
| 34 | It is also responsible for notifying subscribers when new data is available (via published manifest names). |
||
| 35 | Based on the “Data Adapter” and “Publisher” modules described in the system design. |
||
| 36 | 2 | Suravi Regmi | |
| 37 | 1 | Suravi Regmi | --- |
| 38 | |||
| 39 | ### **Controller** |
||
| 40 | Represents the policy and access management logic. |
||
| 41 | The controller: |
||
| 42 | - defines **who** can access **which** data streams, |
||
| 43 | - parses and manages access control policies, and |
||
| 44 | - collaborates with the Attribute Authority to issue decryption keys (DKEYs) to validated data requesters. |
||
| 45 | |||
| 46 | It enforces the name-based access control structure. |
||
| 47 | |||
| 48 | --- |
||
| 49 | |||
| 50 | ### **Attribute Authority (AA)** |
||
| 51 | Part of the controller-side security infrastructure. |
||
| 52 | The AA: |
||
| 53 | - validates requester identities (using the system’s trust anchor), |
||
| 54 | - issues policy-compliant decryption keys based on KP-ABE, and |
||
| 55 | - publishes public parameters required for encryption. |
||
| 56 | |||
| 57 | --- |
||
| 58 | |||
| 59 | ### **Consumer** |
||
| 60 | Subscribes to mHealth data streams according to the access rights defined for the requester. |
||
| 61 | The consumer: |
||
| 62 | - receives notifications for new manifests, |
||
| 63 | - fetches the corresponding encrypted data objects from the repository, and |
||
| 64 | - decrypts data based on issued keys and permitted attributes. |
||
| 65 | |||
| 66 | --- |
||
| 67 | |||
| 68 | ### **Repository** |
||
| 69 | Persistent storage for all published mHealth data objects, content keys, and manifests. |
||
| 70 | The repository allows consumers to: |
||
| 71 | - retrieve data independently of the producer, |
||
| 72 | - fetch CKs needed for decryption, and |
||
| 73 | - access previously published (historical) data. |
||
| 74 | |||
| 75 | --- |
||
| 76 | |||
| 77 | ## Navigation |
||
| 78 | 3 | Suravi Regmi | - **Architecture** [[Architecture]] ]] |
| 79 | 1 | Suravi Regmi | - **Design Elements** |
| 80 | - **Developer Guide** |
||
| 81 | - **API Reference** |