Policy-controlled authenticated access to LLN-connected healthcare resourcesPolicy-controlled authenticated access to LLN-connected healthcare resources Peer-Reviewed Journal Publication Δημοσίευση σε Περιοδικό με Κριτές 2019-09-232018enUbiquitous devices comprising several resource-constrained nodes with sensors, actuators, and networking capabilities are becoming part of many solutions that seek to enhance user's environment smartness and quality of living, prominently including enhanced healthcare services. In such an environment, security issues are of primary concern as a potential resource misuse can severely impact user's privacy or even become life threatening. Access to these resources should be appropriately controlled to ensure that eHealth nodes are adequately protected and the services are available to authorized entities. The intrinsic resource limitations of these nodes, however, make satisfying these requirements a great challenge. This paper proposes and analyzes a service-oriented architecture that provides a policy-based, unified, cross-platform, and flexible access control mechanism, allowing authorized entities to consume services provided by eHealth nodes while protecting their valuable resources. The scheme is XACML driven, although modifications to the related standardized architecture are proposed to satisfy the requirements imposed by nodes that comprise low-power and lossy networks (LLNs). A proof-of-concept implementation is presented, along with the associated performance evaluation, confirming the feasibility of the proposed approach.http://creativecommons.org/licenses/by/4.0/IEEE Systems Journal12192-102 Rantos Konstantinos Fysarakis Konstantinos Φυσαρακης Κωνσταντινος Manifavas Charalabos Μανιφαβας Χαραλαμπος Askoxylakis Ioannis G. Institute of Electrical and Electronics Engineers Authentication Authorization Body sensor networks (BSNs) Devices Profile for Web Services (DPWS) EXtensible Access Control Markup Language (XACML) Healthcare Policy-based access control (PBAC) Security Web services