EPPDA: An Efficient and Privacy-Preserving Data Aggregation Scheme with Authentication and Authorization for IoT-Based Healthcare Applications

Abstract

Nowadays, IoT technology is used in various application domains, including the healthcare, where sensors and IoT enabled medical devices exchange data without human interaction to securely transmit collected sensitive healthcare data towards healthcare professionals to be reviewed and take proper actions if needed. The IoT devices are usually resource-constrained in terms of energy consumption, storage capacity, computational capability, and communication range. In healthcare applications, many miniaturized devices are exploited for healthcare data collection and transmission. Thus, there is a need for secure data aggregation while preserving the data integrity and privacy of the patient. For that, the security, privacy, and aggregation of health data are very important aspects to be considered. This paper proposes a novel secure data aggregation scheme called “An Efficient and Privacy-Preserving Data Aggregation Scheme with authentication for IoT-Based Healthcare applications” (EPPDA). EPPDA is based to verification and authorization phase to verify the legitimacy of the nodes that need to join the process of aggregation. EPPDA, also, uses additive homomorphic encryption to protect data privacy and combines it with homomorphic MAC to check the data integrity. The major advantage of homomorphic encryption is allowing complex mathematical operations to be performed on encrypted data without knowing the contents of the original plain data. The proposed system is developed using MySignals HW V2 platform. Security analysis and experimental results show that our proposed scheme guarantees data privacy, messages authenticity, and integrity, with lightweight communication overhead and computation.