Enforcing Authorization Policy in Body Area Networks: A Blockchain and Smart Contract-Based Approach for Integrity Assurance

Health Care Information Systems leverage Body Area Networks (BANs) to provide real-time monitoring and automated medical interventions, significantly enhancing patient care. However, security and privacy concerns present significant barriers to widespread adoption, with broken access control being a considerable risk. This research proposes an authorization framework to secure BANs, addressing critical issues such as unauthorized access and policy enforcement failures in electronic health records (EHRs). Our study introduces a Multi-Modular System Architecture that enhances access control, incorporating a Spatio-Temporal Attribute-Based Access Control (STABAC) model to enforce dynamic location and time constraints for secure data access. We introduce the Spatio-Temporal Zone (STZone) concept, simplifying policy enforcement by integrating time and location attributes. To ensure policy integrity and security, we employ Time Colored Petri Nets (TCPN) for formal policy analysis, detecting violations, and ensuring compliance with real-time constraints. Additionally, blockchain technology is leveraged to maintain policy integrity, preventing unauthorized modifications. Experimental validation demonstrates the effectiveness of the proposed framework in enforcing secure access control while maintaining system usability. The findings highlight the framework’s potential in securing BANs, offering a scalable and adaptable approach to mitigating emerging security threats in healthcare information systems.