Conference PaperPDF Available

Leveraging Fine-grained Access Control in Blockchain-based Healthcare System


Abstract and Figures

Due to the development of health care industry and digitization of medical data, recent years have experienced major changes in storage of electronic health record on cloud environment, making data exchange feasible between patient and healthcare provider. However, this new shift comes with the risk of security and privacy concerns of patient and data. The exchange of healthcare data among patients and healthcare provider with high level of security is a challenging task. In this paper, we proposed a novel system with the combination of blockchain and inter-planetry file system for data sharing and uploading. We design a fine-grained access control mechanism using smart contract which provide a different level of access rights to the users in the network. We implement our system on Ethereum private blockchain and use proof of authority for consensus mechanism.
Content may be subject to copyright.
Leveraging Fine-grained Access Control in
Blockchain-based Healthcare System
Fatima Tariq, Zahoor Ali Khan, Tanzeela Sultana, Mubariz Rehman, Qaiser
Shahzad, and Nadeem Javaid
Abstract Due to the development of health care industry and digitization of medi-
cal data, recent years have experienced major changes in storage of electronic health
record on cloud environment, making data exchange feasible between patient and
healthcare provider. However, this new shift comes with the risk of security and pri-
vacy concerns of patient and data. The exchange of healthcare data among patients
and healthcare provider with high level of security is a challenging task. In this
paper, we proposed a novel system with the combination of blockchain and inter-
planetry file system for data sharing and uploading. We design a fine-grained access
control mechanism using smart contract which provide a different level of access
rights to the users in the network. We implement our system on Ethereum private
blockchain and use proof of authority for consensus mechanism.
1 Introduction
Over the time, the healthcare industry is expected to experience a remarkable evo-
lution. In most of the countries, medical patients are increasing dramatically, and
it is becoming problematic for patients to access doctors. In traditional healthcare
systems, medical records of the patients are scattered throughout different hospi-
tals. The data standards of different hospitals are not the same, which result in a
low level of interoperability. When the patient requests to view or access his/her
medical data, institutions are not allowed to provide access or transfer the medical
data outside them. All of these problems become a big hurdle in the sharing and
exchanging of medical data. So, the digital transformation of medical data is sub-
stantial. Due to digitization, a lot of medical data is being transferred from paper to
electronic devices. Usually, medical records are saved on a private database, which
Fatima Tariq, Zahoor Ali Khan, Tanzeela Sultana, Mubariz Rehman, Qaiser Shahzad, and Nadeem
Javaid (Corresponding Author)
Nadeem Javaid, COMSATS University Islamabad, Pakistan; email:
2 Fatima et al.
brings the privacy issues of patients and hospitals. At first, cloud servers are used
for processing demands and to meet the requirements of data sharing. Such kind
of systems only depend on a large enterprise or company known as Cloud Service
Provider (CSP) with enormous storage space for storing and transmitting data. CSP
acts as trusted third party, which leads to the issue of single point of failure and due
to its centralization, it comes with serious risk of exposing data content. Despite
the fact that cloud storage systems are backed up by CSP for full time availability
of data; however they also encounter with unavoidable accidents that lead to the
unavailability of data for their own users [1]. Some cryptographic techniques have
also been proposed for secure data sharing. However, they are also insufficient and
the future requires decentralized system for securing sharing and storage of data.
Fortunately, with the emergence of Bitcoin technology, it’s foundational technology
,i.e., blockchain comes with sophisticated implementation of decentralized storage
system. It was first proposed for digital transactions with bitcoins, and at present it
is accepted by different cryptocurrencies [2]. The blockchain technology comes up
with many compelling features, such as tamper proof storage of data which can be
attained by hashing and consensus mechanism. Recently, many blockchain-based
solutions have been widely discussed [3]. Blockchain is used in many scenarios for
service provisioning [4, 5], data sharing [6, 7, 8] and many others. However, there
are still some problems with the adoption of blockchain technology and efficient
sharing of healthcare data.
Authors in [9] provide a blockchain-based secure and efficient mechanism for
sharing medical data. However, authors do not provide decentralized storage for a
large amount of data and used cloud or database storage to store patient’s medical
data. These are centralized storage system, and there is a fear of single point of
failure. The centralized storage system suffers from high latency for data retrieval.
Authors in [9, 10] provide coarse-grained access control, which does not provide
different access rights to a set of users or clients and is unable to provide the re-
quired privacy of users. In [9], authors used asymmetric encryption for data sharing.
Asymmetric encryption algorithms are very complex and require a high computa-
tion power. In [11], the proposed system is not energy efficient because PoW is used.
So, a system is needed for secure data sharing with decentralized and distributed
storage as an additional medium of storage with fine-grained access control.
The organization of this work is as follows. Section 2 highlights the related work.
Section 3 provides the proposed system model in detail. Section 4 discusses the
performance of our work and Section 5 concludes this work.
2 Related work
In this section, we summarize the efforts and initiatives of the authors in literature
realted to blockvhain and it’s applications.
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 3
2.1 Blockchain in VANets
Authors in [12] proposed a method based on Local Dynamic Blockchain (LDB)
and main blockchain with Intelligent Vehicle Trust Point (IVTP), which is a unique
and secure crypto ID and provides trustworthiness among Intelligent Vehicles (IVs).
Branching of LDB is also introduced to divide the blockchain in multiple chains to
increase efficiency. Branching comes with limitation of large number of duplicate
state changes lodged in blocks which results in wastage of storage and process-
ing power. In [13], authors proposed a vehicular network in smart city based on
blockchain and named it as Block-VN. Block-VN let vehicles to share their re-
sources and create a network to generate value-added services. However, the pro-
posed system can be enhanced in terms of scalability and security analysis is also
2.2 Blockchain in WSNs
Authors in [14] proposed a rolling blockchain in WSN with an element of IoT. In
this concept, blockchain without PoW is proposed which can build WSN with the
involvement of smart cars as nodes in the network. The mathematical model is cre-
ated for the formation of blocks and it’s structure in the chain. Authors ignored the
security analysis of proposed system against malicious acts and the performance of
the system is also not optimized. Crowd Sensing Network (CSN) poses a problem
of privacy leakage of user. To avoid this, users may not involve in the network or
upload false information for privacy protection. To solve this problem, authors in
[15] proposed an incentive mechanism which integrates location privacy protection
and virtual credit and is called blockchain-based incentive mechanism for privacy
protection in CSNs. The experiments performed show that the proposed system sig-
nificantly increases user participation. However, the experiments performed are on
small scale and can be one-sided.
2.3 Blockchain based Data Sharing
In [16], authors proposed a method for digital data reuse and to manage their rights.
The method is based on blockchain and smart contracts, which provides permanent
records of agreement between authors and the person who wants to reuse. The im-
plementation of workflow is also provided by using solidity language. The work
can be improved by integrating incentive mechanism to keep the participants in line
with the agreement. In [17], authors described a implementation of blockchain in
energy sector and proposed a resilient overlay network. In the proposed system, au-
thors used chord based distributed system to find the location of nodes surrounded
by neighboring nodes in decentralized energy trading system. Authors analyzed the
4 Fatima et al.
security problems and also mentioned the performance of security attacks in the sys-
tem. However, strategy is still needed to prevent the overlay network from various
other attacks. In [18], authors proposed a data sharing system to break data barri-
ers between Mobile Network Operators (MNOs). The proposed system provides a
fine-grained access control via smart contract. Immutable access records are also
provided to achieve high level of security. However, cloud storage is used to store
the data, which results in single point of failure and latency in data retrieval.
2.4 Blockchain based Data Storage
The authors in [19] proposed a network coded distributed storage to solve the stor-
age bloating problem in blockchain. Authors presented a low complexity design
called binary field random shift encoding. However, the proposed scheme is vulner-
able to pollution attack. In [20], authors proposed a secure storage system based on
IPFS and blockchain. The proposed system provides an effcient query and data stor-
age mechanism for the provenance of agricultural products. The malicious user is
prevented by presenting a blockchain-based authentication mechanism. The prove-
nance data of IoT devices in agricultural products is stored in IPFS and correspond-
ing hash addresses are stored in blockchain.
2.5 Blockchain in IoT
In [21], authors presented a distributed management framework by applying blockchain.
The performance of proposed system is compared with the existing access man-
agement solutions. The results show that the proposed system is efficient in spe-
cific IoT scenarios and it is favorable when the load is distributed among nodes in
blockchain network. In [22], authors proposed a cross-chain framework to fuse mul-
tiple blockchains for efficient and secure management of IoT data. Authors used a
Byzantine Fault Tolerance (BFT) consensus algorithm which occurs in a huge net-
work traffic overhead and privacy protection of user is ignored. In [23], authors
proposed a unique hybrid architecture for smart cities by applying Software De-
fined Network (SDN) and blockchain. An Argon2 based PoW scheme is used in
this system to guarantee security and privacy. However, the proposed system can be
made more efficient by deploying edge nodes efficiently.
2.6 Blockchain in Healthcare
In [11], authors proposed a blockchain-based secure storage framework for Elec-
tronic Health Records (EHRs) and service framework for secure sharing of medical
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 5
data is presented. The proposed scheme is analyzed and compared with the tradi-
tional systems. However, the proposed scheme is not energy efficient as PoW is
used for consensus mechanism amnd it is also not proved that the system is inter-
operable. In [10], authors proposed a data sharing system which consists of two
decentralized network for the separation of mutable and immutable data. P2P stor-
age stores description of session and data and blockchain stores immutable data such
as data digest. The proposed scheme reduced storage and communication overhead
and provides scalability. In this scheme, EHRs are uploaded manually by hospitals
which results in inefficiency. Every time when someone requests for data, there is a
need of manual approval by patient, this results in latency for data access. In [9], au-
thors presented a secure and efficient system for medical data sharing. This system
provides access of EHRs to patients from different hospitals. In this work, authors
provide a same level of access to all the authorized users which results in low level
3 System model
In this section, we highlight a system architecture and present the process of data
uploading and data sharing. We consider a scenario for sharing EHRs among autho-
rized users. EHRs may include the medical history and personal information which
are given by the patients. We consider a scenario where community hospitals are
small hospitals and usually do not have their own databases. They only perform
the task of consensus nodes and sending requests. Some authorized hospitals in a
community can serve as consensus nodes. The different departments in the hospi-
tal also upload the encrypted EHRs by the clients in hospital. If all the hospitals
simultaneously send the request for data uploading, network congestion can occur.
So, a community hospital is made dominant for a period of time, who initiates the
request for data uploading and sharing. The community hospital is selected on the
base of number of acknowledgments (successful transactions performed) received
by the clients. EHR manager performs the major task in the system. The proposed
system model consists of three layers as shown in Figure 1. The Layer 1 is com-
posed of IPFS which is maintained by a national hospital and Layer 2 consists of
a user who wants to access data such as patients, clients from different department
of hospitals, who wants to upload and access data. Layer 3 is mainly composed of
the following components: Certificate Authority (CA), Endorser, Orderer, Commit-
ter and two types of blockchains. The components of the Layer 3 are elaborated in
detail as follows:
CA: CA handles client or user registration. It supplies a digital certificate when a
new entity enters the system and authenticates it. It avoids adding malicious node
or user in the system to ensure the strength of the system. CA is also responsible
for generating public-private key pair for key exchange.
Endorser: The national hospital plays a significant role in the system. An en-
dorser is chosen from the proper mechanism proposed in this work. The main
6 Fatima et al.
Layer 1 Layer 2
Layer 3
Key distribution
Certificate Authority
EHR Manager Client
Fig. 1: Proposed system model
task played by this node is the initialization of request. Endorser receives the en-
crypted and digitally signed data from the user and send it to the consensus nodes
or orderers.
Orderer: Orderer can be a national hospital or from authorized community or
sub-community hospital. Orderers receive the request from endorser and perform
consensus and pass the request to the EHR manager.
EHR Manager: EHR manager is responsible for arranging the order of transac-
tions and for maintaining the consistency of the ledger. It passes the encrypted
data to the IPFS and saves the corresponding hash of the encrypted data on the
Blockchain: Blockchain is used to provide secure data sharing and hashes of
data are stored in it.
In our work, we are using the AES-256 to encrypt the medical data, and Diffie-
Hellman Key Exchange (DHKE) is used to encrypt the symmetric key. Client (com-
munity hospitals, different department of hospitals) encrypts the data by symmetric
key and ciphertext is obtained. After data encryption, the key is encrypted. The
client uses the patients’ public key to encrypt the symmetric key and send it along
with ciphertext. For the digital signature, the client sends the data file to create the
hash function. Then, the client signs the data using his/her private key and data is
passed to the endorser. After receiving the encrypted data file, endorser verifies the
signature to check the integrity of the data file.
The endorser arranges all the received data according to the time. When the en-
dorser becomes primary, it sends the request to the orderers to perform consensus
and add blocks. After completing their task, the result of consensus is sent to the
EHR manager; who saves the hash of data on blockchain according to the consensus
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 7
results. When all confirmation receipts of uploaded data are received from orderers,
the endorser sends the receipt of successful upload to the client and broadcast the
information to the whole network, so that the next endorser is chosen to become
dominant in the network.
Fine-grained access control is provided by setting different levels of access rights
as follows:
L0: Data can only be accessed by the user.
L1: Only authorized entities can access the data.
L2: Data is visible publicly.
When data is first logged on the blockhchain, the level of access right by default
is selected to L0and can only be changed by the owner of the data. The access
control permissions are changed by calling the smart contract. According to the
smart contract, the user’s identity is checked, if the user is authorized access is
granted. If not, the request is denied. If any authorized entity wants to access the
data, the entity provides its digital signature and the reason to access the data. The
smart contract verifies the identity and level of access right of the requester entity.
If the requester has the permission to access the data, EHR manager and blockchain
provide the data to the requester. If the requester does not holds the permission,
notification is sent to the data owner. If owner of the data agrees to provide the
request, access right level changes and data is sent to the requester.
4 Performance
To assess the performance of blockchain based data sharing in healthcare system, we
used Remix along with Ganache and Metamask, and solidity language is used for
writing smart contracts. The specifications of the system are: Intel core i3, with 2.4
Ghz processor, 8Gb RAM and 756 GB storage. When experiments were conducted
the gas price was set to 1Gwei where 1Gwei = 109wei = 109ether according to
ethereum yellow paper [24].
In order to circumvent the problems of network abuse and to avoid questions
originating from Turing completeness, all the computations performed in Ethereum
are dependent on fees. The fees is specified in units of gas. When a amount of
gas is specified in Ethereum, two parameters are taken into consideration. One is
gas limit and other is gas price. The amount of gas is purchased according to gas
price. Transactors are free to specify gas price that they wish, and miners can set
aside transactions as they choose. The higher the gas price, the transaction will more
likely be added to block quickly. The gas price does not affect the execution of smart
contract but the speed at which the transaction is added to block. When sending and
executing smart contract two main costs known as transaction and execution costs
are associated with it. Execution cost is included in transaction cost and it is the cost
linked to internal storage and manipulation of smart contract. Transaction cost as
stated above includes execution cost and the cost of sending data on blockchain.
8 Fatima et al.
Fig. 2: Gas consumption of functions
Fig. 3: Execution time (sec) vs. key size (bits)
Figure 2 shows the gas consumption of access control functions. When the
user enters the system, registerUser operation is performed and the gas used is
greater than other funtions. The gas used for initiateBlockchain function is less than
registerUser function, but greater than dataPermission and dataRequest functions.
This is because these two functions send data on blockchain and need to perform
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 9
Fig. 4: Symmetric encryption
more operations than dataPermission and dataRequest functions. As Fig 3, 4 show
that asymmetric encryption takes more execution time as compared to the symmet-
ric encryption. Figure 4 shows that the execution time of symmetric encryption with
DHKE is almost same as compared to the symmetric encryption without DHKE.
So, for privacy and security concerns symmetric encryption is used and DHKE is
used for transferring symmetric key securely.
The paper presented a secure data sharing system for healthcare data. IPFS is used
to avoid single point of failure and to achieve data availability. EHRs are encrypted
by AES-256 and the symmetric key is encrypted by using Diffie-Hellman key ex-
change and helps in achieving efficiency of the system. We defined different levels
of access rights for data sharing which provides fine-grained access control and pro-
vides privacy of data. Every user in the network have different level of access rights.
However, our proposed system can be enhanced by introducing anonymity of user
and data delivery mechanism for organizations, who want to buy data for research
10 Fatima et al.
1. Wang, Shangping, Yinglong Zhang, and Yaling Zhang. “A blockchain-based framework for
data sharing with fine-grained access control in decentralized storage systems.” IEEE Access
6 (2018): 38437-38450.
2. Salah, Khaled, M. Habib Ur Rehman, Nishara Nizamuddin, and Ala Al-Fuqaha. “Blockchain
for AI: review and open research challenges.” IEEE Access 7 (2019): 10127-10149.
3. Gordon, William J., and Christian Catalini. “Blockchain technology for healthcare: facilitat-
ing the transition to patient-driven interoperability.” Computational and structural biotechnol-
ogy journal 16 (2018): 224-230.
4. Mubariz Rehman, Nadeem Javaid, Muhammad Awais, Muhammad Imran, and Nidal Naseer.
“Cloud based secure service providing for IoTs using blockchain.” In IEEE Global Commu-
nications Conference (GLOBCOM 2019). 2019.
5. Turki Ali Alghamdi, Ishtiaq Ali, Nadeem Javaid, and Muhammad Shafiq. “Secure Service
Provisioning Scheme for Lightweight IoT Devices with a Fair Payment System and an Incen-
tive Mechanism based on Blockchain.” IEEE Access (2019).
6. Omaji Samuel, Nadeem Javaid, Muhammad Awais, Zeeshan Ahmed, Muhammad Imran, and
Mohsen Guizani. “A blockchain model for fair data sharing in deregulated smart grids.” In
IEEE Global Communications Conference (GLOBCOM 2019). 2019.
7. Tanzeela Sultana, Ahmad Almogren, Mariam Akbar, Mansour Zuair, Ibrar Ullah, and
Nadeem Javaid. “Data Sharing System Integrating Access Control Mechanism using
Blockchain-Based Smart Contracts for IoT Devices.” Applied Sciences 10, no. 2 (2020): 488.
8. Muqaddas Naz, Fahad A. Al-zahrani, Rabiya Khalid, Nadeem Javaid, Ali Mustafa Qamar,
Muhammad Khalil Afzal, and Muhammad Shafiq. “A Secure Data Sharing Platform Using
Blockchain and Interplanetary File System.” Sustainability 11, no. 24 (2019): 7054.
9. Fan, Kai, Shangyang Wang, Yanhui Ren, Hui Li, and Yintang Yang. “Medblock: Efficient and
secure medical data sharing via blockchain.” Journal of medical systems 42, no. 8 (2018): 1-
10. Shen, Bingqing, Jingzhi Guo, and Yilong Yang. “MedChain: Efficient Healthcare Data Shar-
ing via Blockchain.” Applied Sciences 9, no. 6 (2019): 1-23.
11. Chen, Yi, Shuai Ding, Zheng Xu, Handong Zheng, and Shanlin Yang. “Blockchain-based
medical records secure storage and medical service framework.” Journal of medical systems
43, no. 1 (2019): 1-9.
12. Singh, Madhusudan, and Shiho Kim. “Branch based blockchain technology in intelligent
vehicle.” Computer Networks 145 (2018): 219-231.
13. Sharma, Pradip Kumar, Seo Yeon Moon, and Jong Hyuk Park. “Block-VN: A distributed
blockchain-based vehicular network architecture in smart City.” JIPS 13, no. 1 (2017): 184-
14. Kushch, Sergii, and Francisco Prieto-Castrillo. “A Rolling Blockchain for a Dynamic WSNs
in a Smart City.” arXiv preprint arXiv:1806.11399 (2018): 1-8.
15. Jia, Bing, Tao Zhou, Wuyungerile Li, Zhenchang Liu, and Jiantao Zhang. “A Blockchain-
Based Location Privacy Protection Incentive Mechanism in Crowd Sensing Networks.” Sen-
sors 18, no. 11 (2018): 1-13.
16. Panescu, Adrian-Tudor, and Vasile Manta. “Smart contracts for research data rights man-
agement over the ethereum blockchain network.“ Science & Technology Libraries 37, no. 3
(2018): 235-245.
17. Rahmadika, Sandi, Diena Rauda Ramdania, and Maisevli Harika. “Security Analysis on the
Decentralized Energy Trading System Using Blockchain Technology.” Jurnal Online Infor-
matika 3, no. 1 (2018): 44-47.
18. Zhang, Guozhen, Tong Li, Yong Li, Pan Hui, and Depeng Jin. “Blockchain-based data shar-
ing system for ai-powered network operations.” Journal of Communications and Information
Networks 3, no. 3 (2018): 1-8.
19. Dai, Mingjun, Shengli Zhang, Hui Wang, and Shi Jin. “A low storage room requirement
framework for distributed ledger in blockchain.” IEEE Access 6 (2018): 22970-22975.
Leveraging Fine-grained Access Control in Blockchain-based Healthcare System 11
20. Hao, JinTao, Yan Sun, and Hong Luo. “A Safe and Efficient Storage Scheme Based on
BlockChain and IPFS for Agricultural Products Tracking.” Journal of Computers 29, no. 6
(2018): 158-167.
21. Novo, Oscar. “Scalable Access Management in IoT using Blockchain: a Performance Evalu-
ation.” IEEE Internet of Things Journal (2018): 4694-4701.
22. Jiang, Yiming, Chenxu Wang, Yawei Wang, and Lang Gao. “A Cross-Chain Solution to Inte-
grating Multiple Blockchains for IoT Data Management.” Sensors 19, no. 9 (2019): 1-18.
23. Sharma, Pradip Kumar, and Jong Hyuk Park. “Blockchain based hybrid network architecture
for the smart city.” Future Generation Computer Systems 86 (2018): 650-655.
24. Wood, Gavin. “Ethereum: A secure decentralised generalised transaction ledger.” Ethereum
project yellow paper 151, no. 2014 (2014): 1-32.
... Privacy-based data access was developed by Fatima Tariq et al. [16] with the advantage of incurring the reduced cost for execution. In this, Diffie-Hellman Key Exchange (DHKE) is employed for encrypting the key. ...
... The DR reads the corresponding transaction data based on the search results provided by the smart contract. 16. In this step, the DR decrypts the transaction data. ...
... The methods considered to be compared with the proposed AB-DAM strategy for the evaluation of the performance of the proposed AB-DAM strategy is, the enhanced Bell-LaPadula model [6], ECDSA based access control [10], and the fine-grained access control [16], in terms of the performance metrics, namely the responsiveness and the genuine user detection rate. ...
Full-text available
This research introduces a novel attribute-based data access model in Blockchain (AB-DAM) Framework in Healthcare Systems to enhance the authentication of the users before data transmission. The proposed AB-DAM strategy and the smart contract assure secure communication. The Data requestor (DR) requests access using a unique ID and password to the Data holder (DH), who processes the request and authenticates the Data user. The information of the DH is embedded in the blockchain using an encrypted master key. The DH does the data encryption process through attribute-based Encryption (ABE), and the encrypted files are uploaded to the Interplanetary File System (IPFS). When the smart contract identifies the user as valid, the DH sends the requested data to the DR through the IPFS. The proposed model obtained the responsiveness and genuine user detection rate value of 24.1578 s and 43.38%, respectively.
... Moncrieff et al. [25] proposed a framework that eliminates major roadblocks by discovering healthcare system complications through technology acceptance. Blockchain-based fine-grained access control ensures that only authorised users have access to healthcare data closely related to data ownership [26][27][28][29]. The construction of this framework does not state whether any verified privacy standards are incorporated or not to develop this framework. ...
... Healthcare providers should obtain consent when looking for patients' data using Ethereum and smart contracts [51][52][53][54]. Tariq et al. proposed blockchain-based fine-grained access control that ensures only authorised users have access to healthcare data closely related to data ownership [26][27][28][29]. By applying this framework, emphasising information confidentiality concerns to overcome the challenges is crucial [55]. ...
Full-text available
Privacy in Electronic Health Records (EHR) has become a significant concern in today’s rapidly changing world, particularly for personal and sensitive user data. The sheer volume and sensitive nature of patient records require healthcare providers to exercise an intense quantity of caution during EHR implementation. In recent years, various healthcare providers have been hit by ransomware and distributed denial of service attacks, halting many emergency services during COVID-19. Personal data breaches are becoming more common day by day, and privacy concerns are often raised when sharing data across a network, mainly due to transparency and security issues. To tackle this problem, various researchers have proposed privacy-preserving solutions for EHR. However, most solutions do not extensively use Privacy by Design (PbD) mechanisms, distributed data storage and sharing when designing their frameworks, which is the emphasis of this study. To design a framework for Privacy by Design in Electronic Health Records (PbDinEHR) that can preserve the privacy of patients during data collection, storage, access and sharing, we have analysed the fundamental principles of privacy by design and privacy design strategies, and the compatibility of our proposed healthcare principles with Privacy Impact Assessment (PIA), Australian Privacy Principles (APPs) and General Data Protection Regulation (GDPR). To demonstrate the proposed framework, ‘PbDinEHR’, we have implemented a Patient Record Management System (PRMS) to create interfaces for patients and healthcare providers. In addition, to provide transparency and security for sharing patients’ medical files with various healthcare providers, we have implemented a distributed file system and two permission blockchain networks using the InterPlanetary File System (IPFS) and Ethereum blockchain. This allows us to expand the proposed privacy by design mechanisms in the future to enable healthcare providers, patients, imaging labs and others to share patient-centric data in a transparent manner. The developed framework has been tested and evaluated to ensure user performance, effectiveness, and security. The complete solution is expected to provide progressive resistance in the face of continuous data breaches in the patient information domain.
... This approach is demonstrated to prevent data leakage risks that may be occasioned by improper operation during processing. Similarly, a fine-grained access control scheme for medical records [134] is introduced in [112] based on the blockchain. Here, the medical records are stored in the cloud and proxy re-encryption is utilized for data sharing [135]. ...
The adoption of electronic healthcare in hospital environment can potentially reduce costs and improve the quality of life of the patients. However, numerous security and privacy issues arise when sensitive patient data is shared among multiple devices and users. Owing to its vulnerable nature, electronic health records seem to be more attractive to attackers compared to other forms of records such as financial transactions. Consequently, the patient data collected at the sensors, transmitted across communication channels and residing in hospital servers is susceptible to various threats. The goal of this paper was to carry out a survey of the electronic healthcare environment and attempt to understand the various weaknesses that can be exploited. This is followed by some descriptions of the various preventive mechanisms as well as the noted gaps. Therefore, numerous recommendations are given that are deemed fit for enhanced security and privacy posture in electronic healthcare domain.
Full-text available
In this thesis, a blockchain-based data sharing and access control system is proposed, for communication between the Internet of Things (IoT) devices. The proposed system is intended to overcome the issues related to trust and authentication for access control in IoT networks. Moreover, the objectives of the system are to achieve trustfulness, authorization, and authentication for data sharing in IoT networks. Multiple smart contracts such as Access Control Contract (ACC), Register Contract (RC), and Judge Contract (JC) are used to provide efficient access control management. Where ACC manages overall access control of the system, and RC is used to authenticate users in the system, JC implements the behavior judging method for detecting misbehavior of a subject (i.e., user). After the misbehavior detection, a penalty is defined for that subject. Several permission levels are set for IoT devices' users to share services with others. In the end, performance of the proposed system is analyzed by calculating cost consumption rate of smart contracts and their functions. A comparison is made between existing and proposed systems. Results show that the proposed system is efficient in terms of cost. The overall execution cost of the system is 6,900,000 gas units and the transaction cost is 5,200,000 gas units.
Full-text available
Healthcare information exchange is an important research topic, which can benefit both healthcare providers and patients. In healthcare data sharing, many cloud-based solutions have been proposed, but the trustworthiness of a third-party cloud service is questionable. Recently, blockchain has been introduced in healthcare record sharing, which does not rely on trusting a third party. However, existing approaches only focus on the records collected from medical examination. They are not efficient in sharing data streams continuously generated from sensors and other monitoring devices. Today, IoT devices have been widely deployed and sensors and mobile applications can monitor patients’ body conditions. The collected data are shared to laboratories and institutions for diagnosis and further study. Moreover, existing approaches are too rigid to efficiently support metadata change. In this paper, an efficient data-sharing scheme is proposed, called MedChain, which combines blockchain, digest chain, and structured P2P network techniques to overcome the above efficiency issues in the existing approaches for sharing both types of healthcare data. Based on MedChain, a session-based healthcare data-sharing scheme is devised, which brings flexibility in data sharing. The evaluation results show that MedChain can achieve higher efficiency and satisfy the security requirements in data sharing.
Full-text available
In this paper, a blockchain-based data sharing and access control system is proposed, for communication between the Internet of Things (IoT) devices. The proposed system is intended to overcome the issues related to trust and authentication for access control in IoT networks. Moreover, the objectives of the system are to achieve trustfulness, authorization, and authentication for data sharing in IoT networks. Multiple smart contracts such as Access Control Contract (ACC), Register Contract (RC), and Judge Contract (JC) are used to provide efficient access control management. Where ACC manages overall access control of the system, and RC is used to authenticate users in the system, JC implements the behavior judging method for detecting misbehavior of a subject (i.e., user). After the misbehavior detection, a penalty is defined for that subject. Several permission levels are set for IoT devices' users to share services with others. In the end, performance of the proposed system is analyzed by calculating cost consumption rate of smart contracts and their functions. A comparison is made between existing and proposed systems. Results show that the proposed system is efficient in terms of cost. The overall execution cost of the system is 6,900,000 gas units and the transaction cost is 5,200,000 gas units.
Full-text available
The Internet of Things (IoT) industry is growing very fast to transform factories, homes, farms and practically everything else to make them efficient and intelligent. IoT is applied in different resilient scenarios and applications. IoT faces lots of challenges due to lack of computational power, battery and storage resources. Fortunately, the rise of blockchain technology facilitates IoT in many security solutions. Using blockchain, communication between IoT and emerging computing technologies is made efficient. In this work, we propose a secure service provisioning scheme with a fair payment system for Lightweight Clients (LCs) based on blockchain. Furthermore, an incentive mechanism based on reputation is proposed. We use consortium blockchain with the Proof of Authority (PoA) consensus mechanism. Furthermore, we use Smart Contracts (SCs) to validate the services provided by the Service Providers (SPs) to the LCs, transfer cryptocurrency to the SPs and maintain the reputation of the SPs. Moreover, the Keccak256 hashing algorithm is used for converting the data of arbitrary size to the hash of fixed size. AES128 encryption technique is used to encrypt service codes before sending to the LCs. The simulation results show that the LCs receive validated services from the SPs at an affordable cost. The results also depict that the participation rate of SPs is increased because of the incentive mechanism.
Full-text available
In a research community, data sharing is an essential step to gain maximum knowledge from the prior work. Existing data sharing platforms depend on trusted third party (TTP). Due to the involvement of TTP, such systems lack trust, transparency, security, and immutability. To overcome these issues, this paper proposed a blockchain-based secure data sharing platform by leveraging the benefits of interplanetary file system (IPFS). A meta data is uploaded to IPFS server by owner and then divided into n secret shares. The proposed scheme achieves security and access control by executing the access roles written in smart contract by owner. Users are first authenticated through RSA signatures and then submit the requested amount as a price of digital content. After the successful delivery of data, the user is encouraged to register the reviews about data. These reviews are validated through Watson analyzer to filter out the fake reviews. The customers registering valid reviews are given incentives. In this way, maximum reviews are submitted against every file. In this scenario, decentralized storage, Ethereum blockchain, encryption, and incentive mechanism are combined. To implement the proposed scenario, smart contracts are written in solidity and deployed on local Ethereum test network. The proposed scheme achieves transparency, security, access control, authenticity of owner, and quality of data. In simulation results, an analysis is performed on gas consumption and actual cost required in terms of USD, so that a good price estimate can be done while deploying the implemented scenario in real set-up. Moreover, computational time for different encryption schemes are plotted to represent the performance of implemented scheme, which is shamir secret sharing (SSS). Results show that SSS shows the least computational time as compared to advanced encryption standard (AES) 128 and 256.
Conference Paper
Full-text available
The emergence of smart homes appliances has generated a high volume of data on smart meters belonging to different customers which, however, can not share their data in deregulated smart grids due to privacy concern. Although, these data are important for the service provider in order to provide an efficient service. To encourage customers participation, this paper proposes an access control mechanism by fairly compensating customers for their participation in data sharing via blockchain and the concept of differential privacy. We addressed the computational issues of existing ethereum blockchain by proposing a proof of authority consensus protocol through the Pagerank mechanism in order to derive the reputation scores. Experimental results show the efficiency of the proposed model to minimize privacy risk, maximize aggregator profit. In addition, gas consumption, as well as the cost of the computational resources, is reduced. Index Terms-Blockchain, consensus mechanism, proof of authority, privacy preserving and smart grid. I. INTRODUCTION Presently, because of the rapid growth of the world population and the technological innovations, a lot of energy is needed in a short period of time and during peak hours, and its effect increases the cost of production. Customers can, therefore, optimize their utilization based on the current energy demand and supply. As a result, demand response and dynamic pricing proposal are subject to privacy issues. In a smart grid, customers will share their hourly information load profile with a service provider only to allow a certain level of privacy to be maintained, which is a major barrier for customer participation. In order to efficiently aggregate customer data, while preserving their privacy, Liu et al. [1] propose a privacy-preserving mechanism for data aggregation. The proposed solution minimizes the cost of communication and computational overhead. However, a trusted environment is not considered. To achieve a trusted environment, several studies in [2]-[8] used blockchain as privacy-preserving mechanism for data aggregation; privacy protection and energy storage; secure classification of multiple data; incentive announcement network for smart vehicle; crowdsensing applications; dynamic tariff decision and payment mechanism for vehicle-to-grid. A survey concerning privacy protection using blockchain is discussed in [9]. The survey highlights all the existing
Full-text available
With the rapid development of the internet of things (IoT), traditional industries are setting off a massive wave of digitization. In the era of the Internet of Everything, millions of devices and links in IoT pose more significant challenges to data management. Most existing solutions employ centralized systems to control IoT devices, which brings about the privacy and security issues in IoT data management. Recently, blockchain has attracted much attention in the field of IoT due to its decentralization, traceability, and non-tamperability. However, it is non-trivial to apply the current blockchain techniques to IoT due to the lack of scalability and high resource costs. Different blockchain platforms have their particular advantages in the scenario of IoT data management. In this paper, we propose a cross-chain framework to integrate multiple blockchains for efficient and secure IoT data management. Our solution builds an interactive decentralized access model which employs a consortium blockchain as the control station. Other blockchain platforms customized for specific IoT scenarios run as the backbone of all IoT devices. It is equivalent to opening the off-chain channels on the consortium blockchain. Our model merges transactions in these channels for confirmation based on the notary mechanism. Finally, we implement a prototype of the proposed model based on hyperledge Fabric and IOTA Tangle. We evaluate the performance of our method through extensive experiments. The results demonstrate the effectiveness and efficiency of our framework.
Full-text available
Recently, Artificial Intelligence (AI) and blockchain have become two of the most trending and disruptive technologies. Blockchain technology has the ability to automate payment in cryptocurrency and to provide access to a shared ledger of data, transactions, and logs in a decentralized, secure, and trusted manner. Also with smart contracts, blockchain has the ability to govern interactions among participants with no intermediary or a trusted third party. AI, on the other hand, offers intelligence and decision-making capabilities for machines similar to humans. In this paper, we present a detailed survey on blockchain applications for AI. We review the literature, tabulate, and summarize the emerging blockchain applications, platforms, and protocols specifically targeting AI area. We also identify and discuss open research challenges of utilizing blockchain technologies for AI.
Full-text available
Accurate and complete medical data are one valuable asset for patients. Privacy protection and the secure storage of medical data are crucial issues during medical services. Secure storage and making full use of personal medical records has always been a concern for the general population. The emergence of blockchain technology brings a new idea to solve this problem. As a hash chain with the characteristics of decentralization, verifiability and immutability, blockchain technology can be used to securely store personal medical data. In this paper, we design a storage scheme to manage personal medical data based on blockchain and cloud storage. Furthermore, a service framework for sharing medical records is described. In addition, the characteristics of the medical blockchain are presented and analyzed through a comparison with traditional systems. The proposed storage and sharing scheme does not depend on any third-party and no single party has absolute power to affect the processing.
Full-text available
Crowd sensing is a perception mode that recruits mobile device users to complete tasks such as data collection and cloud computing. For the cloud computing platform, crowd sensing can not only enable users to collaborate to complete large-scale awareness tasks but also provide users for types, social attributes, and other information for the cloud platform. In order to improve the effectiveness of crowd sensing, many incentive mechanisms have been proposed. Common incentives are monetary reward, entertainment & gamification, social relation, and virtual credit. However, there are rare incentives based on privacy protection basically. In this paper, we proposed a mixed incentive mechanism which combined privacy protection and virtual credit called a blockchain-based location privacy protection incentive mechanism in crowd sensing networks. Its network structure can be divided into three parts which are intelligence crowd sensing networks, confusion mechanism, and blockchain. We conducted the experiments in the campus environment and the results shows that the incentive mechanism proposed in this paper has the efficacious effect in stimulating user participation.
The adoption of agricultural products traceability management based on Internet of Things (IoT) technology provides excellent benefits for the current food safety issues. The provenance data can demonstrate agricultural products movement process from the countryside to the dining table. However, the massive provenance data incurs an inefficient query. Meanwhile, the provenance data can be tampered deliberately which affect food safety. There are seldom reported approaches that can solve the above problem effectively. In this paper, we propose a data storage model based on Inter-Planetary File System (IPFS) and blockchain. First, IPFS is used to store video, images, and real-time monitoring data reported from the sensors. Then, in order to avoid a malicious user in case of data faking attack, we exploit the blockchain to store the IPFS hash address of the provenance data. Based on that, we design an authentication mechanism based on blockchain. It can verify the data and ensures effective data security. The experimental results show that the proposed approach can outperforms the existing methods. © Computer Society of the Republic of China. All rights reserved.