A scalable and secure outsourced IoT electronic health records with efficient user revocation using fog-assisted cloud model

With the integration of IoT technology and cloud computing in healthcare, outsourcing Electronic Health Records (EHRs) generated by IoT devices becomes a critical issue. This is due to multiple stages of data transfer and storage in the cloud. Typically, EHRs from IoT medical devices are sent to a data aggregation service, where the aggregated data are encrypted before being stored in the cloud. However, initial data transfers from IoT devices to the aggregation service often occur in a closed network environment. Despite this, EHRs may be collected by various hospital units and transmitted over intranets or public networks, making them vulnerable to privacy breaches. Existing cloud-based access control models typically focus on preserving the privacy of aggregated EHRs but often neglect the privacy of the data before it is transferred to the aggregation service. However, in an IoT cloud data sharing environment, where data originate from numerous devices and user authorization statuses frequently change, there is a need for a comprehensive and systematic integration of secure data transfer, aggregation, and efficient user revocation. In this research, we propose a fine-grained, secure cloud-based access control scheme with efficient and scalable revocation for IoT-based EHRs using Ciphertext Policy Attribute-Based Encryption (CP-ABE) and fog-assisted computing. We introduce an IoT data encryption and secure aggregation algorithm. Our scheme leverages outsourced encryption and decryption to enable secure and lightweight access control in fog-cloud computing. Additionally, we develop a revocation protocol using a graph database to facilitate an efficient user revocation mechanism in a dynamic access control system. To enhance transaction processing, we also introduce a secure load-sharing protocol to distribute computation burdens among fog nodes. Finally, we present security analysis, comparative computation analysis, and experimental results to demonstrate that our scheme is both secure and efficient in practice.