Healthcare Internet-of-things (IoT) has been proposed as a promising means to greatly improve the efficiency and quality of patient care. Medical devices in healthcare IoT measure patients' vital signs and aggregate these data into medical files which are uploaded to the cloud for storage and accessed by healthcare workers. To protect patients' privacy, encryption is normally used to enforce access control of medical files by authorized parties while preventing unauthorized access. In healthcare, it is crucial to enable timely access of patient files in emergency situations. In this paper, we propose a lightweight break-glass access control (LiBAC) system that supports two ways for accessing encrypted medical files: attribute-based access and break-glass access. In normal situations, a medical worker with an attribute set satisfying the access policy of a medical file can decrypt and access the data. In emergent situations, the break-glass access mechanism bypasses the access policy of the medical file to allow timely access to the data by emergency medical care or rescue workers. LiBAC is lightweight since very few calculations are executed by devices in the healthcare IoT network, and the storage and transmission overheads are low. LiBAC is formally proved secure in the standard model and extensive experiments are conducted to demonstrate its efficiency.

中文翻译：

---

适用于医疗保健物联网的轻量级破玻璃访问控制系统


医疗保健物联网 (IoT) 被认为是一种有前途的手段，可以大大提高患者护理的效率和质量。医疗保健物联网中的医疗设备测量患者的生命体征，并将这些数据汇总到医疗文件中，这些文件上传到云端进行存储并供医护人员访问。为了保护患者的隐私，通常使用加密来强制授权方对医疗文件的访问控制，同时防止未经授权的访问。在医疗保健领域，在紧急情况下及时访问患者档案至关重要。在本文中，我们提出了一种轻量级的打破玻璃访问控制（LiBAC）系统，该系统支持两种访问加密医疗文件的方式：基于属性的访问和打破玻璃访问。在正常情况下，具有满足医疗文件访问策略的属性集的医务人员可以解密并访问该数据。在紧急情况下，打破玻璃访问机制绕过医疗档案的访问策略，以允许紧急医疗或救援人员及时访问数据。 LiBAC 是轻量级的，因为医疗保健物联网网络中的设备执行的计算很少，并且存储和传输开销很低。 LiBAC 在标准模型中被正式证明是安全的，并进行了大量的实验来证明其效率。