MGuard: A Secure mHealth Infrastructure for Real-Time Data transfer with Fine-grained Access Control over NDN¶

MGuard is an NDN-based system designed to support high-frequency mHealth data sharing with fine-grained contextual access control and real-time data distribution. It is built on name-based access control (NAC/NAC-ABE) and PSync to enable timely access to sensitive mobile health data.

Purpose¶

MGuard addresses two core challenges in mHealth data sharing:

1. Access to privacy-sensitive data is limited to authorized users based on well defined polcies

2. Supporting real-time sharing of high-frequency sensor data

Core Components¶

Producer¶

The producer publishes mHealth data.

• converts raw or derived data streams into NDN-named data objects,
• associates each object with appropriate attributes,
• stores encrypted data into the NDN repository,
• notifies subscribers when new data is available (via published manifest names).

Controller¶

The controller manages access control policies. It has two sub components:

Access Manager¶

• defines who can access which data streams,
  
• parses and manages access control policies,
• collaborates with the Attribute Authority to issue decryption keys (DKEYs) to validated data requesters.

Attribute Authority (AA)¶

• validates consumer and producer identities (using the system’s trust anchor),
• issues policy-compliant decryption keys based on KP-ABE,
• publishes public parameters required for encryption and decryption.

Consumer retrieves mHealth data.¶

• receives notifications of new manifests (manifests contain new data names)
  
• fetches the corresponding encrypted data objects from the repository,
• decrypts data based on issued keys and permitted attributes.

Repository (Repo) stores all published mHealth data objects, content keys, and manifests.¶

It allows consumers to:

• retrieve data independently of the producer,
  
• fetch CKs needed for decryption, and
  
• access previously published (historical) data.
  

Navigation¶

• Architecture
  • Architecture Details
• Design Elements
  • Naming Scheme
  • Trust Model
  • Access Control
  • NAC-ABE Design
  • Manifest Design
  • PSync Design
  • Pub-Sub API Design
  • Repo Design
• Developer Guide
• Open editable Figma diagram