SDN-Based Security Enforcement Framework for Data Sharing Systems of Smart Healthcare

As novel healthcare paradiagm, smart healthcare can provide more efficient and high quality medical services for patients. However, smart healthcare needs patients to share their physiological information for online diagnoses, if the data sharing system of smart healthcare lacks effective security mechanisms, these sensitive information might be abused by illegal or malicious users. Moreover, smart healthcare needs to confront some brand-new challenges, such as resource-constrained IoT things, identity theft attacks and insider attacks. To tackle these problems, we propose a SDN-based security enforcement framework for data sharing systems of smart healthcare. In our framework, each patient has a dedicated virtual machine in data sharing system, each virtual machine provides a group data services which can be released to those authorized service consumers or IoT things. In additon, virtual machine is protected by the SDN-based gateway which provides a firewall mechanism and guarantees only authorized things can access patient's virtual machine. Since each thing has a unique MAC address, thus our framework can effectively authenticate resource-constrained IoT things and tackle the problems caused by identity theft. To validate the effectiveness and feasibility of our framework, we implement an experimental system using POX controller and Mininet emulator. The experimental results illustrate our framework is effective under different test scenarios. As increasing the scale of information flow model, the framework can still work well and its performance can be still acceptable.