Based on the survey and analysis of WSN access control models from the previous chapter, the following research gaps are identified.
• Lack of Flexibility
Current WSN access control models use predefined policies and roles to make ac- cess decisions on user requests. However, it is impossible to predict in advance all the possible policies and roles that may be needed for unexpected and unanticipated events. Some access control models proposed for sensor nodes to perform some ac- tions but there is a lack of capability to make decisions regarding data access locally at the sensor nodes for emergency and unexpected situations. Current WSN access control models need much more flexibility to make access decisions on unanticipated events. In the WSN content, flexibility is important in an access control engine to make decisions on user requests quickly and efficiently, when unanticipated situa- tions occur. Therefore, a flexible access control model is important and desirable in terms of providing efficient, accountable and immediate data access for emergency and unanticipated situations.
• Conflict between Data Availability and Data Privacy
Current WSN access control models suffer from a conflict between data availability and data privacy, especially in emergencies. There is a lack of data availability when data privacy is the first priority. Conversely, data privacy is easily breached when data availability is the first consideration. There are two WSN access control models that consider decision-making processes in emergency situations. The Context-Aware Role-Based Access Control (CA-RBAC) model [43] was proposed to provide an ef- fective access control decision when the users need to access data in emergency sit- uations. The CA-RBAC model tried to reduce communication time for emergencies.
3.2 Research Gaps 35 In it, the encryption, decryption, and verification of the digital certificates are not in- volved in emergency situations. In CA-RBAC, it is assumed that immediate patient welfare is more important than privacy and confidentiality of patient information and medical records in emergency situations. There might be some cases, however where privacy is of primary importance. For example, a user does not want to give access to his or her medical record to other doctors and nurses apart from his or her personal or private doctor and nurse. Generally, privacy and confidentiality of data still needs to be maintained even in emergency situations.
Ferreira introduced the Break-The-Glass Role-Based Access Control (BTG-RBAC) [38] model to make access decisions for emergency situations based on the BTG role; however, there is no provision to defect security policy violations. This means that both CA-RBAC and BTG-RBAC are considered to provide data availability when the users need data access for emergency situations but there is no prevention or detec- tion mechanism and no verification process to check the user’s data access such as identification, contextual information, etc. Therefore, data privacy and confidentiality of patients’ information and medical record can be circumvented easily. This con- flict between data availability and data privacy is a central issue to address, whenever a new access control model and security mechanism is proposed and developed for security-oriented applications such as medical and military. The question is how an access control model and security mechanism can provide both data availability and data privacy at the same time.
• Prevention and Detection Mechanism
One of the proposed access control models [43] in Wireless Medical Sensor Networks (WMSNs) used RBAC with modular context information for medical applications. In that approach, when a patient is in emergency or critical situations, anyone in the system can access the patient’s medical record without involving any authentication process. From a user’s aspect, the system needs to provide some kind of prevention and detection mechanism to protect the privacy of patient information and confiden- tiality of medical records even in emergency situations. As well, current WSN access control models do not check any recorded or log files to see who has tried to access sensed and collected data with or without authorised access and when or where this situation has happened. Auditing of data usage and data access have been neglected by researchers in WSNs. Therefore, a prevention and detection mechanism to keep
36 An Overview of the Research Problem records of access requests needs to be introduced for auditing purposes in WSNs.
• User Behaviour Monitoring and Trust
In current WSN access control models, users with access privileges can access data at any time. The assumption that all users are trustworthy to access needed data at any time, however, is unsupported by experience. It is impossible to predict a user’s intention for accessing data at a particular time. For example, in a medical scenario, a doctor can be a researcher at an organisation. He or she may try to access his or her patient’s data at different times and locations for research purposes or his or her benefit. Normally, WSN access control models will allow doctors to access data be- cause of their access right and privilege. However, when doctors misuse patient data for their own benefit, how can those situations be detected? How can such situations be prevented?
One method of preventing this kind of situation is to apply a user behaviour-monitoring model to check user actions, location, time, etc., whenever a user attempts to ac- cess data. In addition, trust management can be applied with the users’ behaviour- monitoring model to provide a flexible approach and to monitor the user behaviour patterns. Therefore, the user behaviour trust model can be another important research aspect in WSNs. Using a behaviour trust value in decision-making processes re- garding data access is new in WSNs and other wireless technologies and will be a challenge.
• User Privacy and Sensor Node Privacy
Among current WSN access control models, few address user privacy and sensor node privacy. There is no access control model that provides both user privacy and data confidentiality in WSNs. The privacy of users is important to provide in WSNs be- cause of their broadcast and distributed nature. In some cases, users may want to hide their identity and information because they do not want to share it with other users in the network. Some privacy-preserving access control models such as Distributed Pri- vacy Preserving Access Control (DP2AC) [150] and distributed PRIvacy-preserving aCCESS control (PRICCESS) [54] used blind or ring signatures to provide privacy of user ID and information. DP2AC provides privacy preserving for users but there might be problems in a WSN storing all used tokens for the token detection mecha- nism because of limited resources and storage.