A Blockchain-Based Medical Data Sharing and Protec

Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2017.DOI

A Blockchain-based Medical Data


Sharing and Protection Scheme
XIAOGUANG LIU1,2,3 , ZIQING WANG3 , CHUNHUA JIN4 , FAGEN LI3 ,(Member, IEEE), and
GAOPING LI1,2
1
The Key Laboratory for Computer Systems of State Ethnic Affairs Commission, Southwest Minzu University, Chengdu, Sichuan 610041, P. R. China
2
School of Computer Science and Technology, Southwest Minzu University, Chengdu, Sichuan 610041, P. R. China
3
Center for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731,
P. R. China
4
The Laboratory for Internet of Things and Mobile Internet Technology of Jiangsu Province, Huaiyin Institute of Technology, Huaian, Jiangsu, 223003, P. R.
China
Corresponding author: Xiaoguang Liu (e-mail: [email protected]).
This work is supported by the Fundamental Research Funds for the Central Universities of Southwest University for Nationalities (No:
2019NQN26), Key Fund Project of Sichuan Provincial Department of Education (No: 17ZA0414), the Laboratory for Internet of Things
and Mobile Internet Technology of Jiangsu Province (No: JSWLW-2017-006), and the National Natural Science Foundation of China (No:
61273311).

ABSTRACT Electronic health record (EHR) has recorded the process of occurrence, development, and
treatment of diseases. So it has high medical value. Owing to the private and sensitive nature of medical data
for patients, the data sharing and privacy preservation are critical issues in EHR. Blockchain technology
may be a promising solution for the problems above since it holds the features of decentralization and
tamper resistance. In the paper, we propose a medical data sharing and protection scheme based on the
hospital’s private blockchain to improve the electronic health system of the hospital. Firstly, the scheme
can satisfy various security properties such as decentralization, openness, and tamper resistance. A reliable
mechanism is created for the doctors to store medical data or access the historical data of patients while
meeting privacy preservation. Furthermore, a symptoms-matching mechanism is given between patients.
It allows patients who get the same symptoms to conduct mutual authentication and create a session key
for their future communication about the illness. The proposed scheme is implemented by using PBC and
OpenSSL libraries. Finally, the security and performance evaluation of the proposed scheme is given.

INDEX TERMS Blockchain, Electronic health record, Medical data, Sharing and protection, Symptoms-
matching.

I. INTRODUCTION managed, and accessed securely. Notably, the doctor usually


needs to know the medical history of the patient when he/she
ITH the development of computer and communica-
W tion technology, EHR has become an indispensable
tool for medical services [1]. The system utilizes some
makes the diagnosis or treatment. However, the patient can
not professionally describe his/her medical history, which
will affect the latest treatment. Thus, in EHR, historical med-
electronic devices such as the computer to deal with digital ical data generated by different doctors in different hospitals
medical records, and it has the advantages of easy to use, should be capable of being securely and timely queried by a
stronger timeliness, and low cost. EHR not only provides legitimate doctor with the patient’s consent, please see [4]–
the most useful data for diagnosis and scientific research but [7] for more details.
also it gives one kind of judgment basis for handling medical
disputes. So, it has attracted a wide range of attention includ- In recent years, the EHR system is markedly developed
ing the government, the medical community, cybersecurity with the rise of cloud computing. For example, in [8], authors
department, and so on [2], [3]. Because the medical data is first expounded the security requirements of the EHR system
crucial for the diagnosis, and it is personal and sensitive for based on cloud computing. Also, some suggestions are sug-
patients. Thus, data sharing and privacy preservation issues gested to ensure the security of medical data in the cloud.
are critical in EHR. The medical data should be stored, In [9], the attribute-based encryption is utilized to protect

VOLUME 4, 2016 1

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

the data in the cloud, and then the proposed EHR system Zhang et al. proposed a medical data sharing scheme based
is implemented in an android phone. In [10], Xhafa et al. on blockchain to improve the diagnosis level. They utilize the
proposed an attribute-based EHR with privacy awareness in private blockchain possessed by the hospital to store personal
cloud computing. However, as mentioned in [11], [12], these health data of patients while the consortium blockchain is
cloud-based schemes have some flaws. For example, they used to keep the security indexes. Notably, authors have
have a dependency on the cloud provider. If some targeted described the details of the scheme and implemented it on
attacks to cloud provider are carried out, then the infor- JUICE. Nevertheless, it needs substantial computational and
mation leakage is likely to occur. Additionally, the server communication cost.
may suddenly stop if the cloud providers would go bankrupt
or be swallowed up by the larger companies. That is, the B. MOTIVATION AND CONTRIBUTION
security of EHR will be threatened. In 2008, the blockchain Research on medical sharing schemes based on blockchain is
structure was proposed [13]. It can be viewed as a distributed still in its infancy at present. The existing schemes have the
database and satisfies the features of decentralization, tamper following drawbacks: (1) Most schemes only give the frame-
resistance, and asymmetric encryption. This technology can work and don’t describe the specific details for implemen-
provide a reliable way to manage and store data. So it may be tation [21], [22]. (2) Although the details are given in some
a promising solution for EHR. At present, the blockchain- schemes, the cost of computation and communication is high
based researches for EHR have already started attracting [25]. The motivation of this paper is to design a medical
attention from medicine. How to design an efficient and data sharing scheme based on blockchain. It is helpful to the
secure EHR system by using blockchain is their core task storage, management, and sharing of the medical data. The
[14]–[17]. scheme should satisfy the security requirements in medical
data sharing schemes. Also, it should have low computational
A. RELATED WORK and communication cost. The main contributions of this
In 2015, a decentralized personal data management system paper are listed as follows.
was presented in [18]. It can ensure the users own and man-
1) A lightweight medical data sharing and protection
age their data. In the system, the blockchain is converted into
model is proposed, which is based on blockchain. U-
an automatic access control manager in the protocol without
tilizing the proxy re-encryption technology, the model
a trusted-third-party. In 2016, a decentralized “MedRec” sys-
could make data sharing among doctors from different
tem based on blockchain was proposed to handle EHR [19].
hospitals. The stored medical information is very se-
MedRec has contributed to the emergence of data economics.
cure and could not be easily tampered since they are
It also provides researchers with big data while allowing
stored in the blockchain.
patients and providers to choose to publish metadata. In
2) An improved consensus mechanism is proposed by
2017, Xue et al. [20] designed a blockchain-based sharing
improving the traditional delegated proof of stake. It
model for medical data. The scheme solves the problem of
is secure, reliable, and efficient.
checking, saving, and synchronizing medical data among
3) We design a symptoms-matching mechanism for pa-
different medical institutions by improving the consensus
tients who register in different hospitals and have
mechanism. But it has some disadvantages in data storage
the same disease symptoms. One session key could
since the scheme does not possess the ability of machine
be set between the patients after they make mutual
learning algorithm. Xia et al. [21] designed a blockchain-
authentication. The mechanism can help patients to
based data sharing framework. It takes the advantages of
communicate the disease information.
blockchain’s immutability and the built-in autonomy to ad-
dress access control challenges related to sensitive data stored
C. ORGANIZATION OF THIS PAPER
in the cloud. At the same year, Xia et al. [22] also proposed a
system named MeDShare, which is based on blockchain and The rest of paper is organized as follows. Firstly, some
has minimal data privacy risks. It is used to solve the problem preliminaries are presented in section II. In section III, we
of medical data sharing among healthcare big data custodians give one medical data sharing and protection model based
(e.g., cloud service providers) in the untrusted environment. on blockchain. In section IV, we offer the security and
The two schemes have the weaknesses of the cloud since performance analysis of the proposed scheme. Finally, the
they still need the assistance of the cloud. In 2018, Yang et paper is concluded in section V.
al. [23] presented a blockchain-based architecture for EHR.
It prevents tampering and misuse of EHR by keeping track II. PRELIMINARIES
of all events occurring in the database. Also, the system A. BLOCKCHAIN
introduces a new incentive mechanism to create new blocks Blockchain mainly solves the trust and security issues of
in the blockchain. In [24], a medical data storage system transactions, and it is a kind of distributed database com-
based on blockchain was proposed. The system not only can bining data blocks in chronological order. Generally, the
guarantee the originality and verifiability of stored medical blockchain is divided into three classes: private blockchain,
data but also can preserve the privacy of patients. In [25], consortium blockchain, and public blockchain [15], [26]. As
2 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

Timestamp Timestamp Timestamp ......


Block Previous Hash Block Previous Hash
Block Previous Hash User User User
header header
Hash Hash header Hash

Г Г Г
Hospital 1 Hospital k

Server Server

......
System .... ....
Block Block manager
Data Block Doctor Doctor Doctor Doctor
Data body Data
body body

.... ....
Block i-1 Block i Block i+1 ......
Blockchain of hospital 1 Blockchain of hospital k

FIGURE 1: The structure of the blockchain


FIGURE 2: General network model of the blockchain-based
medical data sharing and protection scheme
shown in Figure 1, each blockchain consists of many blocks,
and each block contains a block header and a block body.
Block header contains multiple meta-information about the the hospital will arrange for a doctor to make a diagnosis
current block. For example, timestamp, a hash value for the for him/her. When the visit is over, the doctor will store
blockchain body, and a hash value for the previous block. them in the blockchain if the medical results have passed the
Block body is usually used to record the real data of the verification by the verifiers. Especially, any doctor with the
current transactions. The main features of the blockchain are patient’s permission can access the patient’s historical data
as follows [26]: stored in the blockchain when needed.
1) Decentralization: there is no central node, and each
C. BASIC REQUIREMENTS FOR MEDICAL DATA
node is equal. Transaction records are done by multiple
SHARING AND PROTECTION SCHEME
nodes that distributed in different places, and each node
records and keeps a complete account. All nodes can Ideal medical data sharing and protection scheme should
supervise the transaction and jointly testify for it. satisfy the following basic requirements, i.e., security and
2) Tamper resistance: the Hash value of the previous privacy protection, data access, patient control (user engage-
block is contained in the latter block. If one of the ment), and unified standard [20], [22].
blocks is modified, then all the blocks after that will 1) Security and privacy protection: medical data could not
be recalculated. So the modification of the database by be illegally used by anyone. The scheme should be able
a single node is invalid. to resist malicious attacks, and illegal behavior could
3) Openness: in addition to the private information of be traced.
all parties involved in the transaction being encrypted, 2) Data access: after being authorized, patients can see
the data of the blockchain are open to all. Anyone all their medical records and doctors can access pre-
can query block data and develop relevant applications vious medical information under the authorization of
through the public interface. patients.
4) Autonomy: the blockchain adopts a consensual pro- 3) Patient control: the patient could manage his/her his-
tocol (such as an open and transparent algorithm), torical medical records, i.e., anyone could not acquire
which enables all nodes in the system to freely and the historical data without the patient’s agreement.
securely exchange data. So, it will not be intervened 4) Unified standard: in the model, all participants should
by a human. use unified data standard and management scheme,
5) Anonymity: the exchange between nodes follows a which are helpful to implement the data sharing and
fixed algorithm, so the counter party does not need to improve system stability.
make the other party trust it through public identity.
D. DELEGATED PROOF-OF-STAKE
B. GENERAL NETWORK MODEL OF THE Blockchain utilizes the consensus mechanism to ensure that
BLOCKCHAIN-BASED MEDICAL DATA SHARING AND all legitimate nodes maintain the same global ledger. Del-
PROTECTION SCHEME egated Proof-of-Stake (DPOS) is an efficient and reliable
As shown in Figure 2, the general network model of consensus mechanism [27], [28]. Similar to the board vote,
the blockchain-based medical data sharing and protection holders of coins select some nodes to vote on behalf of ev-
scheme is composed of three parties, i.e., system manager, eryone in DPOS. It could improve the efficiency of reaching
user (patient), and hospital. In the model, the role of system a consensus. DPOS’s process is that everyone who owns the
manager (denoted as SM ) is usually played by some trusted coins to vote and generate 101 delegates firstly. The delegates
authorities such as government departments. It is responsible could be seen as supernodes that have equal rights to each
for the management of the whole system. When a user needs other. Then these supernodes are responsible for generating
to see a doctor, he/she first registers with the hospital. Then, a new block in turn. If delegates fail to perform their duties
VOLUME 4, 2016 3

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

(e.g., when their turn comes, they fail to compute the right 6. Session
value), the network will select new supernodes to replace User User
them, and the old nodes will be punished.
1. Initialization
3. User join SM
E. PROXY RE-ENCRYPTION 5.1 Request
re-encrypt 2. Hospital join
To ensure the security in the data sharing, the proxy re-
encryption was presented in [29]. In these schemes [29]– 5.3 Re-encrypted
ciphertext
[31], one party A entrusts a trusted third party or a semi-
honest agent to transform the ciphertext encrypted with its
Server Server
public key into ciphertext encrypted with the other party B’s
public key. Then, B could decrypt the ciphertext with own 4.1 Verify
private key, i.e., the data sharing is realized. During the whole
process, the data encrypted is very secure, and A’s private key Doctors  Doctors

does not have to be disclosed. The specific steps are listed as


follows: 4.2 Data join

1) A encrypts the plaintext M with own public key, i.e.,


CA = EA (M ), where M is what A wants to give B,
and E is an asymmetric encryption algorithm such as
classical RSA. 
2) B sends the request to A, and then A (or the agent) Blockchain Blockchain


generates one conversion key P KA↔B . Hospital i Hospital k


3) A sends CA and P KA↔B to the agent.
4) The agent converts the ciphertext CA into CB using FIGURE 3: Proposed architecture
P KA↔B . Here, CB is the ciphertext of M encrypted
with B’s public key. In the step, the agent only pro- TABLE 1 Notations
vides transformation service, and it cannot obtain the
Notations Description
plaintext. p, q Two large prime numbers
5) The agent sends the ciphertext CB to B. SM The system manager
HOi The ith hospital
6) B decrypts CB with own private key to get the plaintext U Si,j The jth user of the ith hospital
M. ID(.) The identity
P ID(.) The pseudo identity
P K(.) The public key
SK(.) The private key
F. BILINEAR MAPS G1 , G2 Two multiplicative groups with same order p
k, l, l1 Three security parameters
Let G1 and G2 denote two cyclic multiplicative groups with g A generator of the group G1
same prime order p. The mapping e : G1 × G1 → G2 is a F A random function
E(.) Encryption
bilinear map if it satisfies the following conditions [32]: D(.) Decryption
k String concatenation
1) Bilinear: e(U a , V b ) = e(U, V )ab holds for any two T ⊂ Zp∗ The set of disease symptoms
points U, V ∈ G1 and any two points a, b ∈ Z∗p . H1 , H 2 , H 3 Three secure hash functions
M AC The message authentication code
2) Nondegeneracy: there exists two points U, V ∈ G1 K The session key
such that e(U, V ) 6= 1G2 , where 1G2 is the identity e The bilinear maps

element of G2 .
3) Computability: e(U, V ) could be calculated efficiently As shown in Figure 3, the system manager SM , the hospi-
in polynomial time for any two points U, V ∈ G1 . tal HOi , and the user U Si,j are the three kinds of participants
in the network. SM is played by the health management
III. THE PROPOSED MEDICAL DATA SHARING AND department that is a trusted third party and responsible for
PROTECTION SCHEME generating the master key and system parameters. Hospital
In this section, we will propose a medical data sharing HOi first registers with SM and then generates its private
and protection scheme based on the private blockchain of key and public key. If a user U Si,j sees a doctor in the
the hospital. The two-way proxy re-encryption technology hospital HOi , he/she must register with HOi and set his/her
in [31] is utilized in the scheme. Also, it has provided a private key and public key. When the diagnosis has finished,
symptoms-matching mechanism for patients with the same the doctor will broadcast the results in the blockchain. If they
disease symptoms. The notations used in this paper are given have passed the verification by the server, the medical results
in Table 1. of U Si,j will be stored in the blockchain of HOi . If a doctor
in any hospital wants to query the historical records of the
4 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

patient U Si,j , he/she and the patient should apply to the SM S inputs P Ki,j , Y , m, and ti,j , randomly select-
simultaneously. SM will compute the conversion key and s r ∈ Z∗p , computes C1 = g1r , C2 = P Ki,j r
,
ti,j r
generate the ciphertext of the historical records re-encrypted U = e(g, g2 ) , C3 = H2 (U ), K = e(g, g)r ,
by the doctor’s public key. Then SM sends the ciphertext to C4 = [F (K, C1 , C3 )]l−l1 k ([F (K, C1 , C3 ))]l1 ⊕ m),
the doctor. Finally, any two patients U Si,j and U Si+1,j+1 h = H3 (C1 , C3 , C4 ), and C5 = (uh vd)r . Thus, the
could conduct a mutual authentication and set a session key ciphertext of m is Ci,j = (C1 , C2 , C3 , C4 , C5 ). S
for their future session. Our scheme includes the following sends (P IDi , P IDi,j , ti,j ) to U Si,j securely. Also,
six phases, i.e., the initialization phase, the hospital join S computes Xi,j = Ei (αkIDi,j kP IDi kIDs ) with
phase, the user join phase, the data join blockchain phase, the HOi ’s public key and sends it to the server of the
data search and sharing phase, and patients session phase. hospital.

A. INITIALIZATION PHASE D. DATA JOIN BLOCKCHAIN PHASE


1) SM first inputs a security parameter 1k (k ∈ N ), In DPOS, legitimate participants need to ballot 101 delegates
chooses two multiplicative groups G1 and G2 , and the to record data in the blockchain in turn. In the hospital,
bilinear map e, where the two groups have the same doctors from different departments have unique professional
prime order p, and g is a generator of G1 . Then SM knowledge. So, the general DPOS is not very suitable for
picks three secure hash functions H1 : {0, 1}∗ → G1 , the blockchain of hospital since how to elect delegates is a
H2 : G2 → {0, 1}k , and H3 : G1 ×{0, 1}k ×{0, 1}l → thorny problem. Also, the election of delegates will consume
Z∗p , and a random function F : G2 × G1 × {0, 1}k → computational cost and communication cost. In our scheme,
{0, 1}l−l1 k{0, 1}l1 , where l and l1 both are security pa- a lightweight and efficient consensus mechanism is proposed,
rameters. Finally, SM randomly selects x ∈ Z∗p as the please see Algorithm 1. It could be regarded as an improve-
system master key, sets the public key Y = g x , chooses ment of DPOS. Every doctor is seen as the delegate and
random elements g1 , g2 , u, v, d ∈ G1 , and publishes responsible for broadcasting and recording data generated by
{p, g, g1 , g2 , u, v, d, Y, H1 , H2 , H3 , F, l, l1 , G1 , G2 }. themselves in the blockchain. The server of the hospital is
2) The user U Si,j randomly selects xj ∈ Z∗p as his/her chosen as the only supernode, i.e., the verifier. Especially,
private key and computes the public key P Ki,j = g xj . we set up one credit score scheme for hospitals and doctors
3) The hospital HOi randomly selects xi ∈ Z∗p as the to ensure our mechanism is reliable. SM and server of the
private key and its public key is set as P Ki = g xi . hospital have the right to check the effectiveness of every
4) The doctor S of HOi randomly selects xs ∈ Z∗p as the record of the doctor. When there are wrong records, the credit
private key and computes its public key P Ks = g xs . score of the doctor will be reduced. If this score reaches a
lower bound, the doctor will be expelled from the hospital.
B. HOSPITAL JOIN PHASE Similarly, hospitals are supervised by SM and doctors. The
If a new hospital HOi plans to join into the network, it must SM will punish the hospital if it has some illegal behaviors.
execute the following steps combining with SM . Doctors have the right to report these behaviors of the hospi-
1) HOi sends its identity IDi to SM . tal to SM .
2) If the identity is legal, SM randomly selects λi ∈ Z∗p
and computes P IDi = ESM (IDi ⊕ λi kλi ) as HOi ’s Algorithm 1 Improved consensus mechanism
pseudo identity. 1: a doctor in hospital HOi broadcasts the diagnosis result
3) SM sends P IDi to HOi through a secure channel. Ci,j in the blockchain
2: the server of HOi verifies the data
3: if the data passes the verification
C. USER JOIN PHASE 4: the data is placed in one new block of the blockchain
If a patient U Si,j sees a doctor in the hospital HOi , he/she 5: else
needs to do the following steps, where the index j indicates 6: return FALSE
the patient is the jth patient of HOi . 7: end if

1) U Si,j submits the identity IDi,j to the server of HOi ,


and then the server assigns a doctor S to give the In the hospital, one doctor generates the medical data for
diagnosis for U Si,j . Meanwhile, the server randomly U Si,j , i.e., Ci,j = (C1 , C2 , C3 , C4 , C5 ) and he/she also re-
selects α ∈ Z∗p as the evidence for the user, sends α to sponsible for broadcasting the data in the private blockchain
U Si,j , and stores it for the doctor S. of HOi . The server of HOi is selected as the only verifier
2) When U Si,j visits the doctor S, U Si,j will show α since it is supervised by SM and managed by the core
as the consent to make a diagnosis or access his- division of the hospital. The process is that the server first
torical records of U Si,j . S gives the diagnosis re- decrypts the ciphertext Xi,j by HOi ’s private key and checks
sult m, extracts a symptom ti,j ∈ T , random- the identity information of the doctor and patient. If it passes
ly selects λi,j ∈ Z∗p , computes U Si,j ’s pseudo i- verification, the data is accepted in the blockchain, and all
dentity P IDi,j = Es (IDi,j ⊕ λi,j kλi,j ). Then, nodes update the records. The structure of the block is shown
VOLUME 4, 2016 5

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

Block ID
communication about their illness. We only consider weak
Block Block size security requirements here since the following two reasons.
header
Previous ID (a) Since the information can be used to interact with each
Previous hash Every record other, so it has no very strong privacy. (b) It can reduce the
Hash
Timestamp
Block ID
computational cost and communication cost. The details are
Hospital ID
User pseudo identity given below.
Block Ciphertext Ci,j
body Ten records
Doctor public key 1) U Si,j sends P IDi and P IDi,j to U Si+1,j+1 , and then
Hospital signature
Doctor signature
U Si+1,j+1 sends P IDi+1 and P IDi+1,j+1 to U Si,j .
2) U Si,j selects a secret integer ni,j ∈ Z∗p and a prime
FIGURE 4: The structure of a block in the blockchain number z ∈ Z∗p randomly, computes w = z −1 mod
p, Pi,j = g zni,j , and Qi,j = g wni,j . Then U Si,j
sends (z, Pi,j , Qi,j ) to Pi+1,j+1 . Pi+1,j+1 randomly
in Figure 4. The specific steps are listed as follows. choose ni+1,j+1 ∈ Z∗p , computes w = z −1 mod p,
1) Doctor S broadcasts the medical data in the private Pi+1,j+1 = g zni+1,j+1 and Qi+1,j+1 = g wni+1,j+1 ,
blockchain of the hospital. and sends message (Pi+1,j+1 , Qi+1,j+1 ) to U Si,j .
ni,j
2) The server of the hospital verifies the data every 3) U Si,j computes ki,j = Qi+1,j+1 , M ACi,j =
minute, and then every ten legitimate records are M ACki,j (Qi,j , w, Pi+1,j+1 , P IDi+1,j+1 , ti,j ) and
placed in one new block of the blockchain. sends M ACi,j to U Si+1,j+1 . Then U Si+1,j+1 com-
n
3) Other nodes of blockchain update their stored data. putes ki+1,j+1 = Qi,ji+1,j+1 and M ACi+1,j+1 =
M ACki+1,j+1 (P IDi+1,j+1 , Pi+1,j+1 , Qi,j , ω, ti,j ). If
E. DATA SEARCH AND SHARING PHASE M ACi+1,j+1 = M ACi,j holds, U Si+1,j+1 com-

When the patient U Si,j interacts with a doctor S in hospital putes M ACi+1,j+1 = M ACki+1,j+1 (P IDi,j , Pi,j ,
HOi , S may need to know the historical medical records of Qi+1,j+1 , ki+1,j+1 , ti+1,j+1 ) and sends it to U Si,j .
the patient in hospital HOk for more precise diagnosis. Thus, Otherwise, the prase is terminated.

the following steps should be executed by inputting P Ki,j = 4) U Si,j computes M ACi,j = M ACki,j (P IDi,j , Pi,j ,
† †
g xj and P Ks = g xs if the doctor has obtained the permission Qi+1,j+1 , ki,j , ti,j ). If M ACi,j = M ACi+1,j+1 is
of U Si,j . true, then U Si,j computes the session key K =
ni,j
1) S and U Si,j send their private keys and identities to Pi+1,j+1 , the ciphertext K e = Ek (K), and sends K
i,j
e
SM respectively, then SM computes the re-encryption to U Si+1,j+1 . Otherwise, it is terminated.
key rkj↔s = xs /xj mod p. 5) U Si+1,j+1 decrypts ciphertext K e to get the session key
2) SM sends an extraction instruction about U Si,j ’s med- K.
ical records to the hospital HOk . If the disease symptoms ti,j and ti+1,j+1 are same, the cor-
3) The server of HOk sends the encrypted historical rectness of the protocol is based on the following equation.
records to SM .
n n
4) SM first computes h = H3 (C1 , C3 , C4 ), if ki+1,j+1 = Qi,ji+1,j+1 = g ωni+1,j+1 ni,j = Qi+1,j+1
i,j
= ki,j .
e(C1 , P Ki,j uh vd) = e(g1 , C2 C5 ) holds, SM com-
rk
putes C20 = C2 j↔s = P Ksr , sends the ciphertext IV. ANALYSIS OF THE MODEL
0
Cs = (C1 , C2 , C3 , C4 , C5 ) to S through the server of In this section, we will evaluate the proposed scheme from
HOi . Otherwise, SM outputs ⊥. the following three aspects. (1) Whether the proposed scheme
0 t 0
5) U Si,j computes U1 = g r , U2 = (g2i,j )1/xj H1 (P Kir ), can satisfy the basic requirements described for medical
and sends Uα = (U1 , U2 ) to the server of HOi , where data sharing and protection scheme. (2) According to six
r0 ∈ Z∗p is a random number. factors (no payment, the consensus mechanism, based on the
6) The server of HOi ensures e(C1 , P Ki,j uh vd) = private blockchain, reduce the pressure of the main chain,
e(g1 , C2 C5 ) holds. If not, the phase is terminated. the demand for calculating power, and symptoms-matching),
Otherwise, the server computes U = U2 /H1 (U1xi ) and the comparative analysis method is adopted to compare the
ensures C3 = H2 (e(C2 , U )) is true. Otherwise, the proposed scheme with the existing blockchain-based medical
phase is terminated. data sharing and protection schemes [16], [20], [25]. (3) The
7) S computes K = e(C20 , g)1/xs , if [F (K, C1 , C3 )]l−l1 = comparison of the computational cost and communication
[C4 ]l−l1 , then S recovers m = [C4 ]l1 ⊕ cost about the scheme [25] and the proposed scheme will be
[F (K, C1 , C3 )]l1 . Otherwise, this phase is terminated. given (as mentioned in [25], few details are given in the ex-
isting blockchain-based medical data sharing and protection
F. PATIENTS SESSION PHASE schemes including [16], [20], so we only select the scheme in
As shown in Figure 5, an interaction program will be giv- [25] as the comparative scheme for computational cost and
en for users U Si,j and U Si+1,j+1 in this section. They communication cost). Additionally, we will implement the
have the same disease symptoms and hope to make further proposed scheme by using PBC and OpenSSL libraries.
6 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

U Si,j U Si+1,j+1

P IDi , P IDi,j
−−−−−−−−−−−−−−−→
P IDi+1 , P IDi+1,j+1
←−−−−−−−−−−−−−−−
Select: ni,j , z
Compute: w = z −1 mod p
Pi,j = g zni,j , Qi,j = g wni,j
(z, Pi,j , Qi,j )
−−−−−−−−−−−−−−−→
Choose: ni+1,j+1
Compute: w = z −1 mod p
Pi+1,j+1 = g zni+1,j+1
Qi+1,j+1 = g wni+1,j+1
(Pi+1,j+1 , Qi+1,j+1 )
←−−−−−−−−−−−−−−−
i,j n
Compute: ki,j = Qi+1,j+1
M ACi,j = M ACki,j (Qi,j , w,
Pi+1,j+1 , P IDi+1,j+1 , ti,j )
M ACi,j
−−−−−−−−−−−−−−−→
n
Compute: ki+1,j+1 = Qi,ji+1,j+1
M ACi+1,j+1 =
M ACki+1,j+1 (P IDi+1,j+1 ,
Pi+1,j+1 , Qi,j , ω, ti,j )
Check: M ACi,j = M ACi+1,j+1

Compute: M ACi+1,j+1 =
M ACki+1,j+1 (P IDi,j , Pi,j ,
Qi+1,j+1 , ki+1,j+1 , ti+1,j+1 )

M ACi+1,j+1
←−−−−−−−−−−−−−−−

Compute:M ACi,j =
M ACki,j (P IDi,j , Pi,j ,
Qi+1,j+1 , ki,j , ti,j )
† †
Check:M ACi,j = M ACi+1,j+1
Compute: K = ni,j Pi+1,j+1
Encrypt: K
e = Ek (K)
i,j

Ke
−−−−−−−−−−−−−−−→
Decrypt: K = Dki+1,j+1 (K)
e

FIGURE 5: The protocol for patients session

A. THE SOLUTIONS FOR THE BASIC REQUIREMENTS cryption scheme, which could prevent unauthorized
Our scheme satisfies the five important features described in nodes from accessing the medical information. When
subsection A of the preliminaries section since it is based a doctor queries the historical data of a patient, the
on the blockchain. Next, we will analyze the solutions of proxy re-encryption technology is used. It allows the
the proposed model for the basic requirements listed in stored information in the blockchain to be transmitted
subsection C of the preliminaries section. in the ciphertext state. So, the security of the proposed
scheme is further improved. If two patients with the
1) Security and privacy. At the time of registration, the same symptoms want to communicate the disease in-
hospital or patient will be checked to ensure that all formation, and they must make mutual authentication
participators of the network are legitimate. After the and set a session key to preventing information leak-
hospital registers with SM , SM will generate a pseu- age. In all phases, anyone except the doctor and the
do identity for the hospital. When one patient sees patient is unable to obtain the plaintext of medical
a doctor, doctor will also compute a pseudo identity data. So, the proposed scheme has better security and
for the patient. Thus, user privacy will be protected stability.
since the pseudo identity is used instead of true identity 2) Data access. The proxy re-encryption is utilized in
in the subsequent processes. All information placed the proposed scheme. If a doctor has obtained the
in the blockchain is encrypted by the asymmetric en-
VOLUME 4, 2016 7

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

patient’s consent, he/she will get the ciphertext en- data in the private blockchain while the security indexes of
crypted by himself/herself public key. Then, the doctor personal health data are put in the consortium blockchain.
could access the data by decrypting the ciphertext. The scheme could satisfy many requirements, but it has a
The proposed scheme can realize data access between high computational cost (please see Table 3) and could not
different medical institutions. Patients also can query provide the symptoms-matching function. Thus, our scheme
their medical records after applying to the hospital. has better performance according to the six factors.
3) Patient control. The medical records are stored in the Now, we will first compare the computational and commu-
blockchain of the hospital. If one legal doctor wants to nication cost of the scheme in [25] with the proposed scheme.
obtain the stored data in the blockchain, he/she must Generally, the server and SM both could be regarded as a
have the re-encryption key issued by SM . The key cluster head with sufficient computational and communica-
is generated by SM utilizing the doctor and patient’s tion resource. So, we will only consider the burden of the
private keys. So, patients could control access to data. patient and doctor. Three operators are considered, i.e., the
4) Unified standard. In the proposed model, we use the scale multiplication operator in G1 (m), the exponentiation
uniform standard of data such as the keywords of operator in the prime finite field (e), and the bilinear pairing
disease symptoms, which is beneficial to data sharing operator (b). Then, we will implement the proposed scheme
and protection. by using PBC and OpenSSL libraries.

B. PERFORMANCE ANALYSIS
In the proposed data sharing and protection scheme, an TABLE 3 The comparison of the computational cost
improved DPOS mechanism is proposed. It does not need Scheme Patient Doctor
nodes to vote and generate delegates, which could reduce the [25] 7m (17 + n)m + 7e + 4b
computational cost and communication cost. Every doctor is Ours 4e 11e + 5b
responsible for broadcasting the message generated by him-
self/herself in the hospital’s private blockchain. The server
of the hospital is seen as the only supernode and used to In Table 3, we have listed the computational cost of the two
check the information. Then, other nodes in the blockchain schemes. It should be noted that the patients session phase
will update the stored data if the information has passed does not necessarily occur, so we ignore it here. We can know
the verification. Especially, doctors and hospitals both are that the patient’s computational cost in [25] is 7m. In the
supervised by the credit score mechanism. proposed scheme, the patient’s computational cost is 4e. We
As shown in Table 2, we will first compare the based- can note that the cost both is constant for different n and the
blockchain three medical data sharing schemes [16], [20], gap is very small [33]. Here, the parameter n is the size of the
[25] with the proposed scheme from the following six factors, disease keyword set, and it is usually a large number such as
i.e., no payment, based on the private blockchain, the consen- 1000 set in [25]. On the side of the doctor, the computational
sus mechanism, reduce the pressure for the main chain, the cost of our scheme is 11e + 5b. But the computational cost
demand for calculating power, and symptoms-matching, they of the scheme [25] increases linearly with the large number
are denoted as F1, F2, F3, F4, F5, and F6 for convenience. n, so it has higher computational cost on this side. Thus
our scheme is satisfactory for practical medical data sharing
scheme.
TABLE 2 Comparison of the six factors
The specific experimental environment for implementing
F1 F2 F3 F4 F5 F6 the proposed scheme is as follows. The cryptographic primi-
[16] ×
√ ×
√ POW ×
√ Big ×
[20] Improved DPOS Small × tives are implemented on a computer with Intel(R) Core(TM)
√ √ √
[25] √ √ DBFT √ Big ×
√ i5-5200U CPU @ 2.20Ghz 2.19Ghz, 8 GB RAM, Manjaro
Ours Improved DPOS Small

Support , Not-support × Linux 64 bit operating system with KDE desktop, using C++
language. PBC library and OpenSSL library are used for
the simulation. The version of PBC library is 0.5.14, and
The scheme in [16] uses the POW consensus mechanism the version of OpenSSL library is 1.1.1c. We deployed five
and needs to pay for the nodes that participate in the consen- blockchain nodes to receive block information. One of the
sus mechanism. It could not satisfy F1, F2, F4, and F6, and nodes is deployed on the computer used for the simulation
requires a big calculating power. In [20], Xue et al. proposed and runs on a different port than the server program. We
a blockchain-based data sharing and protection scheme. The created four identically configured virtual machines on a
scheme could satisfy F1, F2, and F4, but it has no symptoms- computer running Windows 10 operating system to deploy
matching function between patients. Besides, an improved the other four blockchain nodes. The computer running the
DPOS consensus mechanism is also proposed and used, but virtual machine is configured as Intel(R) Core(TM) i5-8400
only the delegate nodes can record data. It will consume extra CPU @ 2.80GHz, 8 GB RAM and running Windows 10
communication cost and time. In [25], the scheme adopt- 64-bit Home Chinese version operating system. The virtual
s DBFT consensus mechanism. It stores personal medical machine software is Oracle VM VirtualBox 5.2.22. The vir-
8 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

6
x 10
180 2.5
Ours
160 [25]

2
140
Total time consumption(ms)

Communication cost (bit)


120
1.5
100

80
1
60

40
0.5

20

0 0
80bit 112bit 128bit 0 500 1000 1500 2000
Security level The size of the keyword set n

FIGURE 6: The total computational cost of experiments of FIGURE 7: Communication cost comparison versus the size
the proposed scheme with different security levels of the keyword set

tual machine we created uses the Ubuntu 18.04.1 operating TABLE 6 The comparison of the communication cost
system with 1024MB of RAM and one CPU. The virtual Scheme Communication cost
machine uses the bridge mode to join the LAN segment [25] (n + 12)|G1 | + |G2 | + 5|Z∗p | + 13b 32 np c+
where the computer running the server program is located. |t| + |x| + |ID| + 2|Hash|
Ours 9|G1 | + 2|Z∗p | + 2|x| + |ID| + 2k + 2l

TABLE 4 Experimental security level for different p and q


For the communication cost, we give the comparison re-
Security level (bit) Size of p (bit) Size of q (bit)
sults in Table 6. Here, the communication cost for the patient
80 160 1024
112 224 2048 and doctor in the following three main phases is considered,
128 256 3072 i.e., the data broadcast, the data verification, and the data
search and access. In the proposed scheme, the patient Ui,j
needs to send the trapdoor Uα = (U1 , U2 ) to the server of
The Ate pairing has been widely utilized in the public key the hospital HOi , where U1 and U2 are elements of G1 .
cryptography. In this paper, we use a super singular curve If the doctor wants to query Ui,j ’s a historical record, Ui,j
E(Fq ) with order p over the finite field Fq , where p and q will send the private key xj to SM , where xj is an element
two large prime numbers. We have considered three kinds of Z∗p . For the doctor S, he/she needs to send the private
of AES key size security level, i.e., 80bit, 112bit, and 128bit key xs to SM , and receives the encrypted historical record
[34]. Please refer to the corresponding p and q values in Table stored in another hospital, where xs is the element of Z∗p ,
4. Additionally, three security parameters k, l, l1 are set as and the ciphertext of the historical record has the same size
256bit, 1024bit, and 512bit, respectively. The experimental with Ci,j . Also, doctor S is responsible for broadcasting
results of computational cost are summarized in Table 5. the ciphertext Ci,j = (C1 , C2 , C3 , C4 , C5 ), block ID, user
We can know from the results that the computational cost pseudo identity, doctor’s public key, and doctor’s signature
difference is very small in the hospital join and data join in the blockchain, where C1 , C2 , and C5 are the elements
two phases. The reason is that they do not involve three of G1 , C3 is an element with size k, C4 is an element
types of operators that have high computational costs, i.e., with size l, the user pseudo identity is an element of the
e, m, and b. However, the other three phases are different. general ciphertext space (the length of the element is denoted
Their computational cost gradually increases as the level of as |x|), the doctor’s public key is an element of G1 , and
safety increases. In Figure 6, the total computational cost of the signature could be seen as an element of the general
experiments for different security levels is given. All values ciphertext space. So the communication cost of our scheme
are the average result of 100 times experiments. is 9|G1 | + 2|Z∗p | + 2|x| + |ID| + 2k + 2l.
In [25], a lot of communication cost need to be consumed
TABLE 5 Experimental results of the proposed scheme (ms) on the patient side and doctor side. Known from the experi-
mental results in [25], the communication cost of the scheme
Security level is (n + 12)|G1 | + |G2 | + 5|Z∗p | + 13b 32 np c + |t| + |x| +
Phases 80bit 112bit 128bit
Initialization 3.568 13.334 26.189
|ID| + 2|Hash| in the three main phases, where np is the
Hospital join 0.004 0.006 0.006 number of the private blockchain’s verifiers, t is a timestamp.
User join 3.366 11.259 25.150 Apparently, the communication cost of [25] is higher than the
Data join 1.956 1.892 1.902 proposed scheme since n is a large number. So the proposed
Data search and sharing 9.449 48.149 120.742 scheme has better performance. Finally, in order to clearly
VOLUME 4, 2016 9

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

show the cost of communication, we set p and q two large [10] F Xhafa, J L Feng, Y H Zhang, X F Chen, and J Li, “Privacy-aware
prime numbers are 160 bits and 1024 bits respectively. The attribute-based PHR sharing with user accountability in cloud computing,”
J Supercomput., vol.71, no.5, 2015, pp. 1607–1619.
lengths of elements in G1 and G2 are 1024 bits and 512 bits [11] N Leavitt, “Is cloud computing really ready for prime time?,” Computer,
separately. We assume that the lengths of the identity and vol.42, no.1, 2009, pp. 15–20.
the timestamp both are 32 bits, the point in the ciphertext [12] N Sultan, “Making use of cloud computing for healthcare provision:
opportunities and challenges,” International Journal of Information Man-
space is 160 bits, the np = 3, and the hash value is 256 bits. agement, vol.34, no.2, 2014, pp. 177–184.
The comparison diagram of communication cost is given in [13] S Nakamoto. “Bitcoin: a peer-to-peer electronic cash system,” 2008.
Figure 7. It is easy to find that the communication cost of [Online] Available: http://bitcoin.org/bitcoin.pdf.
[14] C Lin, D B He, X Y Huang, K R Choo, and A V Vasilakos, “BSeIn: A
the proposed scheme is constant. However, as the size n of
blockchain-based secure mutual authentication with fine-grained access
the keyword set increases, the communication cost of the control system for industry 4.0,” J Netw. Comput. Appl., vol.116, no.15,
scheme in [25] increases linearly. The communication cost 2018, pp. 42–52.
of our scheme is significantly low. [15] M Mettler, “Blockchain technology in healthcare: the revolution starts
here,” 2016 IEEE 18th International Conference on e-Health Networking,
Applications and Services (Healthcom), Munich, Germany, 2016, pp.1-3.
V. CONCLUSION [16] A Azaria, A Ekblaw, T Vieira, and A Lippman, “MedRec: using
blockchain for medical data access and permission management,” 2016
The features of blockchain technology such as the de- 2nd International Conference on Open and Big Data (OBD), Vienna,
centralization and tamper resistance make it very suitable Austria, 2016, pp.25-30.
[17] X Yue, H J Wang, D W Jin, M Q Li, and W Jiang, “Healthcare data
for the protection and sharing of medical data. In this gateways: found healthcare intelligence on blockchain with novel privacy
paper, a lightweight medical data sharing scheme based risk control,” J Med. Syst., vol.40, no.218, 2016, pp. 1–8.
on blockchain is proposed and implemented. Proxy re- [18] G Zyskind, O Nathan, and A Pentland, “Decentralizing privacy: using
blockchain to protect personal data,” 2015 IEEE Security and Privacy
encryption technology is used to help the doctors to access Workshops, San Jose, USA, 2015, pp.180-184.
historical records of patients. It can ensure the security of [19] A Ekblaw, A Azaria, J D Halamka, and A Lippman, “A case study
the proposed scheme since the inquired information is trans- for blockchain in Healthcare: "MedRec" prototype for electronic health
mitted in the ciphertext form. Besides, an improved DPOS records and medical research data,” the 2016 IEEE of International Con-
ference on Open and Big Data, Iscataway, USA, 2016, pp.25-30.
mechanism is proposed to act as the consensus mechanism [20] T F Xue, Q C Fu, C Wang, and X Y Wang, “A medical data sharing model
that is lightweight and reliable. Finally, our scheme provided via blockchain,” Acta Automat. Sinica, vol.43, no.9, 2017, pp.1555–1562.
the symptoms-matching mechanism that allows two patients [21] Q Xia, E B Sifah, K O Asamoah, J Gao, X J Du, and M Guizani„
“MeDShare: trust-less medical data sharing among cloud service providers
with the same symptoms can make communication about via blockchain,” IEEE Access, vol.5, 2017, pp.14757-14767.
their illness. The analysis results show that the proposed [22] Q Xia, E B Sifah, A Smahi, S Amofa, and X S Zhang, “BBDS:Blockchain-
scheme satisfies many requirements and has a low compu- based data sharing for electronic medical records in cloud environments,”
Information, vol.8, no.44, 2017, pp.1-16.
tational and communication cost. [23] G Yang and C L Li, “A design of blockchain-based architecture for the
security of electronic health record (EHR) systems,” 2018 IEEE Interna-
tional Conference on Cloud Computing Technology and Science, Nicosia,
A. REFERENCES Cyprus, 2018, pp.261-265.
REFERENCES [24] H Y Li, L H Zhu, M Shen, F Gao, X L Tao, and S Liu, “Blockchain-based
data preservation system for medical data,” J Med. Syst., vol.42, 2018,
[1] A K Jha, D Doolan, D Grandt, T Scott, and D W Bates, “The use of health pp.141.
information technology in seven nations,” Int. J Med. Inform., vol.77, [25] A Q Zhang and X D Lin, “Towards secure and privacy-preserving data
no.12, 2008, pp. 848–854. sharing in e-health systems via consortium blockchain,” J Med. Syst.,
[2] Y Guo and C Liang, “Blockchain application and outlook in the banking vol.42, 2018, pp.140.
industry,” Financ. Innov., vol.2, no.24, 2016, pp. 1–12. [26] Z B Zheng, S A Xie, H N Dai, X P Chen, and H M Wang, “An overview of
[3] Y Yuan and F Y Wang, “Blockchain: the state of the art and future trends,” blockchain technology: architecture, consensus, and future trends,” 2017
Acta Automat. Sinica, vol.42, no.4, 2016, pp. 481–494. IEEE International Congress on Big Data, Honolulu, USA, 2017, pp.557-
[4] B Shickel, P J Tighe, A Bihorac, and P Rashidi, “Deep EHR: a survey of 564.
recent advances in deep learning techniques for electronic health record [27] I Bentov, C Lee, A Mizrahi, and M Rosenfeld, “Proof of activity: extending
(EHR) analysis,” IEEE J Biomed Health, vol.22, no.5, 2018, pp. 1589– bitcoin’s proof of work via proof of stake [extended abstract]y,” Acm
1604. Sigmetrics Performance Evaluation Review, vol.42, no.3, 2014, pp.34-37.
[5] G S Birkhead, M Klompas, and N. R. Shah, “Uses of electronic health [28] Y Yuan and F Y Wang, “Blockchain: the state of the art and future trends,”
records for public health surveillance to advance public health,” Annu. Acta Automat. Sinica, vol.42, no.4, 2016, pp.481-494.
Rev. Publ. Health, vol.36, no.1, 2015, pp. 345–359. [29] M Blaze, G Bleumer, and M Strauss, “Divertible protocols and atomic
[6] F G Li, Y N Han, and C H Jin, “Cost-effective and anonymous access proxy cryptography,” International Conference on the Theory and Appli-
control for wireless body area networks,” IEEE Syst. J., vol.12, no.1, 2018, cations of Cryptographic Techniques, Espoo, Finland, 1998, pp.127-144.
pp. 747–758. [30] R Canetti and S Hohemberger, “Chosen-ciphertext secure proxy reencryp-
[7] M M Hassan, K Lin, X Yue, and J Wan, “A multimedia healthcare data tion,”14th ACM conference on Computer and communications security,
sharing approach through cloud-based body area network,” Future Gener. Alexandria, USA, 2007, pp.185-194.
Comp. Sy., vol.66, 2017, pp. 48–58. [31] L F Guo and B Lu, “Efficient proxy re-encryption with keyword search
[8] J J P C Rodrigues, I D L Torre, and G Fernández, and M L Coronado, scheme,” Journal of Computer Research and Development, vol.51, no.6,
“Analysis of the security and privacy requirements of cloud-based elec- 2014, pp.1221-1228.
tronic health records systems,” J Med. Internet Res., vol.15, no.8, 2013, [32] T Okamoto, “Cryptography based on bilinear maps,” International Sym-
pp. 418–426. posium on Applied Algebra, Algebraic Algorithms, and Error-Correcting
[9] M Preethi and R Balakrishnan, “Cloud enabled patient-centric EHR Codes, Las Vegas, USA, 2006, pp.35-50.
management system,” 2014 IEEE International Conference on Advanced [33] H Xiong and Z G Qin, “Revocable and scalable certificateless remote
Communications, Control and Computing Technologies, Ramanathapu- authentication protocal with anonymity for wireless body area networks,”
ram, India, 2014, pp.1678-1680. IEEE T. Inf. Foren. Sec., vol.10, no.7, 2015, pp.1442-1455.

10 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access

Author et al.: Preparation of Papers for IEEE TRANSACTIONS and JOURNALS

[34] J Daemen and V Rijmen, “The design of rijndael: AES-the advanced


encryption standard,” Springer, Berlin.

XIAOGUANG LIU is now a lecturer in the School


of Computer Science and Technology, Southwest
Minzu University, Chengdu, P.R. China. He re-
ceived his Ph.D. degree in mathematics from
Shaanxi normal university, Xi’an, P.R. China in
2014. From 2017 to now, he is a postdoctoral
fellow in the School of Computer Science and
Engineering, University of Electronic Science and
Technology of China (UESTC), Chengdu, P.R.
China. His recent research interests include cryp-
tography, network security, and optimization computation.

ZIQING WANG is now a master student in the


School of Computer Science and Technology of
the University of Electronic Science and Technol-
ogy of China (UESTC), Chengdu, P.R. China. He
received his B.S. degree in Information Security
from UESTC in 2019. His current research inter-
ests include blockchain and identity authentica-
tion.

CHUNHUA JIN is now a lecturer in the Faculty


of Computer and Software Engineering, Huaiyin
Institute of Technology, Huai’an, P.R. China. She
received her Ph.D. degree in Information Security
from University of Electronic Science and Tech-
nology of China (UESTC), Chengdu, P.R. China
in 2016. Her recent research interests include cryp-
tography and network security.

FAGEN LI is now a professor in the School of


Computer Science and Engineering, University
of Electronic Science and Technology of China
(UESTC), Chengdu, P.R. China. He received his
Ph.D. degree in Cryptography from Xidian Uni-
versity, Xi’an, P.R. China in 2007. From 2008
to 2009, he was a postdoctoral fellow in Future
University-Hakodate, Hokkaido, Japan, which is
supported by the Japan Society for the Promotion
of Science (JSPS). He worked as a research fellow
in the Institute of Mathematics for Industry, Kyushu University, Fukuoka,
Japan from 2010 to 2012. His recent research interests include cryptography
and network security. He has published more than 80 papers in international
journals and conferences. He is a member of the IEEE.

GAOPING LI is now a professor in the School


of Computer Science and Technology, Southwest
Minzu University, Chengdu, P.R. China. He re-
ceived his M.S. degree in application mathematics
from Chongqing University, Chongqing, P.R. Chi-
na in 2005. His recent research interests include
fractal theory and its applications in image pro-
cessing, and Compressed sensing.

VOLUME 4, 2016 11

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.

You might also like