Leveraging Fine-grained Access Control in
Blockchain-based Healthcare System
Fatima Tariq, Zahoor Ali Khan, Tanzeela Sultana, Mubariz Rehman, Qaiser
Shahzad, and Nadeem Javaid
Abstract Due to the development of health care industry and digitization of medi-
cal data, recent years have experienced major changes in storage of electronic health
record on cloud environment, making data exchange feasible between patient and
healthcare provider. However, this new shift comes with the risk of security and pri-
vacy concerns of patient and data. The exchange of healthcare data among patients
and healthcare provider with high level of security is a challenging task. In this
paper, we proposed a novel system with the combination of blockchain and inter-
planetry ﬁle system for data sharing and uploading. We design a ﬁne-grained access
control mechanism using smart contract which provide a different level of access
rights to the users in the network. We implement our system on Ethereum private
blockchain and use proof of authority for consensus mechanism.
Over the time, the healthcare industry is expected to experience a remarkable evo-
lution. In most of the countries, medical patients are increasing dramatically, and
it is becoming problematic for patients to access doctors. In traditional healthcare
systems, medical records of the patients are scattered throughout different hospi-
tals. The data standards of different hospitals are not the same, which result in a
low level of interoperability. When the patient requests to view or access his/her
medical data, institutions are not allowed to provide access or transfer the medical
data outside them. All of these problems become a big hurdle in the sharing and
exchanging of medical data. So, the digital transformation of medical data is sub-
stantial. Due to digitization, a lot of medical data is being transferred from paper to
electronic devices. Usually, medical records are saved on a private database, which
Fatima Tariq, Zahoor Ali Khan, Tanzeela Sultana, Mubariz Rehman, Qaiser Shahzad, and Nadeem
Javaid (Corresponding Author)
Nadeem Javaid, COMSATS University Islamabad, Pakistan; email: firstname.lastname@example.org
2 Fatima et al.
brings the privacy issues of patients and hospitals. At ﬁrst, cloud servers are used
for processing demands and to meet the requirements of data sharing. Such kind
of systems only depend on a large enterprise or company known as Cloud Service
Provider (CSP) with enormous storage space for storing and transmitting data. CSP
acts as trusted third party, which leads to the issue of single point of failure and due
to its centralization, it comes with serious risk of exposing data content. Despite
the fact that cloud storage systems are backed up by CSP for full time availability
of data; however they also encounter with unavoidable accidents that lead to the
unavailability of data for their own users . Some cryptographic techniques have
also been proposed for secure data sharing. However, they are also insufﬁcient and
the future requires decentralized system for securing sharing and storage of data.
Fortunately, with the emergence of Bitcoin technology, it’s foundational technology
,i.e., blockchain comes with sophisticated implementation of decentralized storage
system. It was ﬁrst proposed for digital transactions with bitcoins, and at present it
is accepted by different cryptocurrencies . The blockchain technology comes up
with many compelling features, such as tamper proof storage of data which can be
attained by hashing and consensus mechanism. Recently, many blockchain-based
solutions have been widely discussed . Blockchain is used in many scenarios for
service provisioning [4, 5], data sharing [6, 7, 8] and many others. However, there
are still some problems with the adoption of blockchain technology and efﬁcient
sharing of healthcare data.
Authors in  provide a blockchain-based secure and efﬁcient mechanism for
sharing medical data. However, authors do not provide decentralized storage for a
large amount of data and used cloud or database storage to store patient’s medical
data. These are centralized storage system, and there is a fear of single point of
failure. The centralized storage system suffers from high latency for data retrieval.
Authors in [9, 10] provide coarse-grained access control, which does not provide
different access rights to a set of users or clients and is unable to provide the re-
quired privacy of users. In , authors used asymmetric encryption for data sharing.
Asymmetric encryption algorithms are very complex and require a high computa-
tion power. In , the proposed system is not energy efﬁcient because PoW is used.
So, a system is needed for secure data sharing with decentralized and distributed
storage as an additional medium of storage with ﬁne-grained access control.
The organization of this work is as follows. Section 2 highlights the related work.
Section 3 provides the proposed system model in detail. Section 4 discusses the
performance of our work and Section 5 concludes this work.
2 Related work
In this section, we summarize the efforts and initiatives of the authors in literature
realted to blockvhain and it’s applications.
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 3
2.1 Blockchain in VANets
Authors in  proposed a method based on Local Dynamic Blockchain (LDB)
and main blockchain with Intelligent Vehicle Trust Point (IVTP), which is a unique
and secure crypto ID and provides trustworthiness among Intelligent Vehicles (IVs).
Branching of LDB is also introduced to divide the blockchain in multiple chains to
increase efﬁciency. Branching comes with limitation of large number of duplicate
state changes lodged in blocks which results in wastage of storage and process-
ing power. In , authors proposed a vehicular network in smart city based on
blockchain and named it as Block-VN. Block-VN let vehicles to share their re-
sources and create a network to generate value-added services. However, the pro-
posed system can be enhanced in terms of scalability and security analysis is also
2.2 Blockchain in WSNs
Authors in  proposed a rolling blockchain in WSN with an element of IoT. In
this concept, blockchain without PoW is proposed which can build WSN with the
involvement of smart cars as nodes in the network. The mathematical model is cre-
ated for the formation of blocks and it’s structure in the chain. Authors ignored the
security analysis of proposed system against malicious acts and the performance of
the system is also not optimized. Crowd Sensing Network (CSN) poses a problem
of privacy leakage of user. To avoid this, users may not involve in the network or
upload false information for privacy protection. To solve this problem, authors in
 proposed an incentive mechanism which integrates location privacy protection
and virtual credit and is called blockchain-based incentive mechanism for privacy
protection in CSNs. The experiments performed show that the proposed system sig-
niﬁcantly increases user participation. However, the experiments performed are on
small scale and can be one-sided.
2.3 Blockchain based Data Sharing
In , authors proposed a method for digital data reuse and to manage their rights.
The method is based on blockchain and smart contracts, which provides permanent
records of agreement between authors and the person who wants to reuse. The im-
plementation of workﬂow is also provided by using solidity language. The work
can be improved by integrating incentive mechanism to keep the participants in line
with the agreement. In , authors described a implementation of blockchain in
energy sector and proposed a resilient overlay network. In the proposed system, au-
thors used chord based distributed system to ﬁnd the location of nodes surrounded
by neighboring nodes in decentralized energy trading system. Authors analyzed the
4 Fatima et al.
security problems and also mentioned the performance of security attacks in the sys-
tem. However, strategy is still needed to prevent the overlay network from various
other attacks. In , authors proposed a data sharing system to break data barri-
ers between Mobile Network Operators (MNOs). The proposed system provides a
ﬁne-grained access control via smart contract. Immutable access records are also
provided to achieve high level of security. However, cloud storage is used to store
the data, which results in single point of failure and latency in data retrieval.
2.4 Blockchain based Data Storage
The authors in  proposed a network coded distributed storage to solve the stor-
age bloating problem in blockchain. Authors presented a low complexity design
called binary ﬁeld random shift encoding. However, the proposed scheme is vulner-
able to pollution attack. In , authors proposed a secure storage system based on
IPFS and blockchain. The proposed system provides an effcient query and data stor-
age mechanism for the provenance of agricultural products. The malicious user is
prevented by presenting a blockchain-based authentication mechanism. The prove-
nance data of IoT devices in agricultural products is stored in IPFS and correspond-
ing hash addresses are stored in blockchain.
2.5 Blockchain in IoT
In , authors presented a distributed management framework by applying blockchain.
The performance of proposed system is compared with the existing access man-
agement solutions. The results show that the proposed system is efﬁcient in spe-
ciﬁc IoT scenarios and it is favorable when the load is distributed among nodes in
blockchain network. In , authors proposed a cross-chain framework to fuse mul-
tiple blockchains for efﬁcient and secure management of IoT data. Authors used a
Byzantine Fault Tolerance (BFT) consensus algorithm which occurs in a huge net-
work trafﬁc overhead and privacy protection of user is ignored. In , authors
proposed a unique hybrid architecture for smart cities by applying Software De-
ﬁned Network (SDN) and blockchain. An Argon2 based PoW scheme is used in
this system to guarantee security and privacy. However, the proposed system can be
made more efﬁcient by deploying edge nodes efﬁciently.
2.6 Blockchain in Healthcare
In , authors proposed a blockchain-based secure storage framework for Elec-
tronic Health Records (EHRs) and service framework for secure sharing of medical
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 5
data is presented. The proposed scheme is analyzed and compared with the tradi-
tional systems. However, the proposed scheme is not energy efﬁcient as PoW is
used for consensus mechanism amnd it is also not proved that the system is inter-
operable. In , authors proposed a data sharing system which consists of two
decentralized network for the separation of mutable and immutable data. P2P stor-
age stores description of session and data and blockchain stores immutable data such
as data digest. The proposed scheme reduced storage and communication overhead
and provides scalability. In this scheme, EHRs are uploaded manually by hospitals
which results in inefﬁciency. Every time when someone requests for data, there is a
need of manual approval by patient, this results in latency for data access. In , au-
thors presented a secure and efﬁcient system for medical data sharing. This system
provides access of EHRs to patients from different hospitals. In this work, authors
provide a same level of access to all the authorized users which results in low level
3 System model
In this section, we highlight a system architecture and present the process of data
uploading and data sharing. We consider a scenario for sharing EHRs among autho-
rized users. EHRs may include the medical history and personal information which
are given by the patients. We consider a scenario where community hospitals are
small hospitals and usually do not have their own databases. They only perform
the task of consensus nodes and sending requests. Some authorized hospitals in a
community can serve as consensus nodes. The different departments in the hospi-
tal also upload the encrypted EHRs by the clients in hospital. If all the hospitals
simultaneously send the request for data uploading, network congestion can occur.
So, a community hospital is made dominant for a period of time, who initiates the
request for data uploading and sharing. The community hospital is selected on the
base of number of acknowledgments (successful transactions performed) received
by the clients. EHR manager performs the major task in the system. The proposed
system model consists of three layers as shown in Figure 1. The Layer 1 is com-
posed of IPFS which is maintained by a national hospital and Layer 2 consists of
a user who wants to access data such as patients, clients from different department
of hospitals, who wants to upload and access data. Layer 3 is mainly composed of
the following components: Certiﬁcate Authority (CA), Endorser, Orderer, Commit-
ter and two types of blockchains. The components of the Layer 3 are elaborated in
detail as follows:
•CA: CA handles client or user registration. It supplies a digital certiﬁcate when a
new entity enters the system and authenticates it. It avoids adding malicious node
or user in the system to ensure the strength of the system. CA is also responsible
for generating public-private key pair for key exchange.
•Endorser: The national hospital plays a signiﬁcant role in the system. An en-
dorser is chosen from the proper mechanism proposed in this work. The main
6 Fatima et al.
Layer 1 Layer 2
EHR Manager Client
Fig. 1: Proposed system model
task played by this node is the initialization of request. Endorser receives the en-
crypted and digitally signed data from the user and send it to the consensus nodes
•Orderer: Orderer can be a national hospital or from authorized community or
sub-community hospital. Orderers receive the request from endorser and perform
consensus and pass the request to the EHR manager.
•EHR Manager: EHR manager is responsible for arranging the order of transac-
tions and for maintaining the consistency of the ledger. It passes the encrypted
data to the IPFS and saves the corresponding hash of the encrypted data on the
•Blockchain: Blockchain is used to provide secure data sharing and hashes of
data are stored in it.
In our work, we are using the AES-256 to encrypt the medical data, and Difﬁe-
Hellman Key Exchange (DHKE) is used to encrypt the symmetric key. Client (com-
munity hospitals, different department of hospitals) encrypts the data by symmetric
key and ciphertext is obtained. After data encryption, the key is encrypted. The
client uses the patients’ public key to encrypt the symmetric key and send it along
with ciphertext. For the digital signature, the client sends the data ﬁle to create the
hash function. Then, the client signs the data using his/her private key and data is
passed to the endorser. After receiving the encrypted data ﬁle, endorser veriﬁes the
signature to check the integrity of the data ﬁle.
The endorser arranges all the received data according to the time. When the en-
dorser becomes primary, it sends the request to the orderers to perform consensus
and add blocks. After completing their task, the result of consensus is sent to the
EHR manager; who saves the hash of data on blockchain according to the consensus
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 7
results. When all conﬁrmation receipts of uploaded data are received from orderers,
the endorser sends the receipt of successful upload to the client and broadcast the
information to the whole network, so that the next endorser is chosen to become
dominant in the network.
Fine-grained access control is provided by setting different levels of access rights
•L0: Data can only be accessed by the user.
•L1: Only authorized entities can access the data.
•L2: Data is visible publicly.
When data is ﬁrst logged on the blockhchain, the level of access right by default
is selected to L0and can only be changed by the owner of the data. The access
control permissions are changed by calling the smart contract. According to the
smart contract, the user’s identity is checked, if the user is authorized access is
granted. If not, the request is denied. If any authorized entity wants to access the
data, the entity provides its digital signature and the reason to access the data. The
smart contract veriﬁes the identity and level of access right of the requester entity.
If the requester has the permission to access the data, EHR manager and blockchain
provide the data to the requester. If the requester does not holds the permission,
notiﬁcation is sent to the data owner. If owner of the data agrees to provide the
request, access right level changes and data is sent to the requester.
To assess the performance of blockchain based data sharing in healthcare system, we
used Remix along with Ganache and Metamask, and solidity language is used for
writing smart contracts. The speciﬁcations of the system are: Intel core i3, with 2.4
Ghz processor, 8Gb RAM and 756 GB storage. When experiments were conducted
the gas price was set to 1Gwei where 1Gwei = 109wei = 10−9ether according to
ethereum yellow paper .
In order to circumvent the problems of network abuse and to avoid questions
originating from Turing completeness, all the computations performed in Ethereum
are dependent on fees. The fees is speciﬁed in units of gas. When a amount of
gas is speciﬁed in Ethereum, two parameters are taken into consideration. One is
gas limit and other is gas price. The amount of gas is purchased according to gas
price. Transactors are free to specify gas price that they wish, and miners can set
aside transactions as they choose. The higher the gas price, the transaction will more
likely be added to block quickly. The gas price does not affect the execution of smart
contract but the speed at which the transaction is added to block. When sending and
executing smart contract two main costs known as transaction and execution costs
are associated with it. Execution cost is included in transaction cost and it is the cost
linked to internal storage and manipulation of smart contract. Transaction cost as
stated above includes execution cost and the cost of sending data on blockchain.
8 Fatima et al.
Fig. 2: Gas consumption of functions
Fig. 3: Execution time (sec) vs. key size (bits)
Figure 2 shows the gas consumption of access control functions. When the
user enters the system, registerUser operation is performed and the gas used is
greater than other funtions. The gas used for initiateBlockchain function is less than
registerUser function, but greater than dataPermission and dataRequest functions.
This is because these two functions send data on blockchain and need to perform
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 9
Fig. 4: Symmetric encryption
more operations than dataPermission and dataRequest functions. As Fig 3, 4 show
that asymmetric encryption takes more execution time as compared to the symmet-
ric encryption. Figure 4 shows that the execution time of symmetric encryption with
DHKE is almost same as compared to the symmetric encryption without DHKE.
So, for privacy and security concerns symmetric encryption is used and DHKE is
used for transferring symmetric key securely.
The paper presented a secure data sharing system for healthcare data. IPFS is used
to avoid single point of failure and to achieve data availability. EHRs are encrypted
by AES-256 and the symmetric key is encrypted by using Difﬁe-Hellman key ex-
change and helps in achieving efﬁciency of the system. We deﬁned different levels
of access rights for data sharing which provides ﬁne-grained access control and pro-
vides privacy of data. Every user in the network have different level of access rights.
However, our proposed system can be enhanced by introducing anonymity of user
and data delivery mechanism for organizations, who want to buy data for research
10 Fatima et al.
1. Wang, Shangping, Yinglong Zhang, and Yaling Zhang. “A blockchain-based framework for
data sharing with ﬁne-grained access control in decentralized storage systems.” IEEE Access
6 (2018): 38437-38450.
2. Salah, Khaled, M. Habib Ur Rehman, Nishara Nizamuddin, and Ala Al-Fuqaha. “Blockchain
for AI: review and open research challenges.” IEEE Access 7 (2019): 10127-10149.
3. Gordon, William J., and Christian Catalini. “Blockchain technology for healthcare: facilitat-
ing the transition to patient-driven interoperability.” Computational and structural biotechnol-
ogy journal 16 (2018): 224-230.
4. Mubariz Rehman, Nadeem Javaid, Muhammad Awais, Muhammad Imran, and Nidal Naseer.
“Cloud based secure service providing for IoTs using blockchain.” In IEEE Global Commu-
nications Conference (GLOBCOM 2019). 2019.
5. Turki Ali Alghamdi, Ishtiaq Ali, Nadeem Javaid, and Muhammad Shaﬁq. “Secure Service
Provisioning Scheme for Lightweight IoT Devices with a Fair Payment System and an Incen-
tive Mechanism based on Blockchain.” IEEE Access (2019).
6. Omaji Samuel, Nadeem Javaid, Muhammad Awais, Zeeshan Ahmed, Muhammad Imran, and
Mohsen Guizani. “A blockchain model for fair data sharing in deregulated smart grids.” In
IEEE Global Communications Conference (GLOBCOM 2019). 2019.
7. Tanzeela Sultana, Ahmad Almogren, Mariam Akbar, Mansour Zuair, Ibrar Ullah, and
Nadeem Javaid. “Data Sharing System Integrating Access Control Mechanism using
Blockchain-Based Smart Contracts for IoT Devices.” Applied Sciences 10, no. 2 (2020): 488.
8. Muqaddas Naz, Fahad A. Al-zahrani, Rabiya Khalid, Nadeem Javaid, Ali Mustafa Qamar,
Muhammad Khalil Afzal, and Muhammad Shaﬁq. “A Secure Data Sharing Platform Using
Blockchain and Interplanetary File System.” Sustainability 11, no. 24 (2019): 7054.
9. Fan, Kai, Shangyang Wang, Yanhui Ren, Hui Li, and Yintang Yang. “Medblock: Efﬁcient and
secure medical data sharing via blockchain.” Journal of medical systems 42, no. 8 (2018): 1-
10. Shen, Bingqing, Jingzhi Guo, and Yilong Yang. “MedChain: Efﬁcient Healthcare Data Shar-
ing via Blockchain.” Applied Sciences 9, no. 6 (2019): 1-23.
11. Chen, Yi, Shuai Ding, Zheng Xu, Handong Zheng, and Shanlin Yang. “Blockchain-based
medical records secure storage and medical service framework.” Journal of medical systems
43, no. 1 (2019): 1-9.
12. Singh, Madhusudan, and Shiho Kim. “Branch based blockchain technology in intelligent
vehicle.” Computer Networks 145 (2018): 219-231.
13. Sharma, Pradip Kumar, Seo Yeon Moon, and Jong Hyuk Park. “Block-VN: A distributed
blockchain-based vehicular network architecture in smart City.” JIPS 13, no. 1 (2017): 184-
14. Kushch, Sergii, and Francisco Prieto-Castrillo. “A Rolling Blockchain for a Dynamic WSNs
in a Smart City.” arXiv preprint arXiv:1806.11399 (2018): 1-8.
15. Jia, Bing, Tao Zhou, Wuyungerile Li, Zhenchang Liu, and Jiantao Zhang. “A Blockchain-
Based Location Privacy Protection Incentive Mechanism in Crowd Sensing Networks.” Sen-
sors 18, no. 11 (2018): 1-13.
16. Panescu, Adrian-Tudor, and Vasile Manta. “Smart contracts for research data rights man-
agement over the ethereum blockchain network.“ Science & Technology Libraries 37, no. 3
17. Rahmadika, Sandi, Diena Rauda Ramdania, and Maisevli Harika. “Security Analysis on the
Decentralized Energy Trading System Using Blockchain Technology.” Jurnal Online Infor-
matika 3, no. 1 (2018): 44-47.
18. Zhang, Guozhen, Tong Li, Yong Li, Pan Hui, and Depeng Jin. “Blockchain-based data shar-
ing system for ai-powered network operations.” Journal of Communications and Information
Networks 3, no. 3 (2018): 1-8.
19. Dai, Mingjun, Shengli Zhang, Hui Wang, and Shi Jin. “A low storage room requirement
framework for distributed ledger in blockchain.” IEEE Access 6 (2018): 22970-22975.
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 11
20. Hao, JinTao, Yan Sun, and Hong Luo. “A Safe and Efﬁcient Storage Scheme Based on
BlockChain and IPFS for Agricultural Products Tracking.” Journal of Computers 29, no. 6
21. Novo, Oscar. “Scalable Access Management in IoT using Blockchain: a Performance Evalu-
ation.” IEEE Internet of Things Journal (2018): 4694-4701.
22. Jiang, Yiming, Chenxu Wang, Yawei Wang, and Lang Gao. “A Cross-Chain Solution to Inte-
grating Multiple Blockchains for IoT Data Management.” Sensors 19, no. 9 (2019): 1-18.
23. Sharma, Pradip Kumar, and Jong Hyuk Park. “Blockchain based hybrid network architecture
for the smart city.” Future Generation Computer Systems 86 (2018): 650-655.
24. Wood, Gavin. “Ethereum: A secure decentralised generalised transaction ledger.” Ethereum
project yellow paper 151, no. 2014 (2014): 1-32.