Pseudonym revocation system for IoT-based medical applications

Abstract

The Internet of Things (IoT) technology has revolutionized today’s healthcare systems and their medical services. It brings numerous benefits to healthcare organizations dedicated for enhancing patient health treatment and prevention. This technology has significantly contributed to alleviating the therapeutic suffering of patients by strengthening and enhancing remote surveillance options. Medical devices, wearable sensors, and smart objects can construct a wireless body area network (WBAN) to monitor patients’ health conditions. In WBAN, the objects continuously communicate with each other to send, collect, analyze, exchange patient health information, and make appropriate decisions. However, due to the nature of wireless communications, security and privacy issues can negatively affect a patient’s health status and personal life. Therefore, patients’ private and health data, including location, identity information, therapeutic actions, and e-healthcare records, must be safeguarded against misuse. Most existing privacy protocols, particularly those based on pseudonyms, aim to protect patients’ health and personal information using pseudonyms that are periodically renewed instead of their real identities. However, these protocols often lack discussions on pseudonym generation methods, revocation mechanisms and the life cycle management of pseudonyms in medical systems. In this paper, we propose a Pseudonym Revocation System (PRS) for IoT-based healthcare applications. Our approach addresses the limitations of current protocols by introducing a generic decentralized system that implements a complete life cycle of pseudonyms, from generation to revocation. It uses lightweight cryptography to secure pseudonym generation under the resource constraints of sensors. Unlike previous methods, our system is the first to ensure that pseudonyms can be seamlessly validated and verified using finite state machine without relying on a centralized authority. Pseudonym revocation has been either overlooked or inadequately addressed in previous works. In contrast, our approach incorporates both static and dynamic patient contexts, making it more dynamic and applicable in real-world scenarios.Through extensive simulations, we demonstrate that PRS outperforms existing solutions in terms of privacy protection, scalability, revocation time and performance, making it a robust solution for securing patient data in IoT healthcare environments.