A Blockchain-Based Medical Data Sharing and Protec
A Blockchain-Based Medical Data Sharing and Protec
A Blockchain-Based Medical Data Sharing and Protec
fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2017.DOI
ABSTRACT Electronic health record (EHR) has recorded the process of occurrence, development, and
treatment of diseases. So it has high medical value. Owing to the private and sensitive nature of medical data
for patients, the data sharing and privacy preservation are critical issues in EHR. Blockchain technology
may be a promising solution for the problems above since it holds the features of decentralization and
tamper resistance. In the paper, we propose a medical data sharing and protection scheme based on the
hospital’s private blockchain to improve the electronic health system of the hospital. Firstly, the scheme
can satisfy various security properties such as decentralization, openness, and tamper resistance. A reliable
mechanism is created for the doctors to store medical data or access the historical data of patients while
meeting privacy preservation. Furthermore, a symptoms-matching mechanism is given between patients.
It allows patients who get the same symptoms to conduct mutual authentication and create a session key
for their future communication about the illness. The proposed scheme is implemented by using PBC and
OpenSSL libraries. Finally, the security and performance evaluation of the proposed scheme is given.
INDEX TERMS Blockchain, Electronic health record, Medical data, Sharing and protection, Symptoms-
matching.
VOLUME 4, 2016 1
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
the data in the cloud, and then the proposed EHR system Zhang et al. proposed a medical data sharing scheme based
is implemented in an android phone. In [10], Xhafa et al. on blockchain to improve the diagnosis level. They utilize the
proposed an attribute-based EHR with privacy awareness in private blockchain possessed by the hospital to store personal
cloud computing. However, as mentioned in [11], [12], these health data of patients while the consortium blockchain is
cloud-based schemes have some flaws. For example, they used to keep the security indexes. Notably, authors have
have a dependency on the cloud provider. If some targeted described the details of the scheme and implemented it on
attacks to cloud provider are carried out, then the infor- JUICE. Nevertheless, it needs substantial computational and
mation leakage is likely to occur. Additionally, the server communication cost.
may suddenly stop if the cloud providers would go bankrupt
or be swallowed up by the larger companies. That is, the B. MOTIVATION AND CONTRIBUTION
security of EHR will be threatened. In 2008, the blockchain Research on medical sharing schemes based on blockchain is
structure was proposed [13]. It can be viewed as a distributed still in its infancy at present. The existing schemes have the
database and satisfies the features of decentralization, tamper following drawbacks: (1) Most schemes only give the frame-
resistance, and asymmetric encryption. This technology can work and don’t describe the specific details for implemen-
provide a reliable way to manage and store data. So it may be tation [21], [22]. (2) Although the details are given in some
a promising solution for EHR. At present, the blockchain- schemes, the cost of computation and communication is high
based researches for EHR have already started attracting [25]. The motivation of this paper is to design a medical
attention from medicine. How to design an efficient and data sharing scheme based on blockchain. It is helpful to the
secure EHR system by using blockchain is their core task storage, management, and sharing of the medical data. The
[14]–[17]. scheme should satisfy the security requirements in medical
data sharing schemes. Also, it should have low computational
A. RELATED WORK and communication cost. The main contributions of this
In 2015, a decentralized personal data management system paper are listed as follows.
was presented in [18]. It can ensure the users own and man-
1) A lightweight medical data sharing and protection
age their data. In the system, the blockchain is converted into
model is proposed, which is based on blockchain. U-
an automatic access control manager in the protocol without
tilizing the proxy re-encryption technology, the model
a trusted-third-party. In 2016, a decentralized “MedRec” sys-
could make data sharing among doctors from different
tem based on blockchain was proposed to handle EHR [19].
hospitals. The stored medical information is very se-
MedRec has contributed to the emergence of data economics.
cure and could not be easily tampered since they are
It also provides researchers with big data while allowing
stored in the blockchain.
patients and providers to choose to publish metadata. In
2) An improved consensus mechanism is proposed by
2017, Xue et al. [20] designed a blockchain-based sharing
improving the traditional delegated proof of stake. It
model for medical data. The scheme solves the problem of
is secure, reliable, and efficient.
checking, saving, and synchronizing medical data among
3) We design a symptoms-matching mechanism for pa-
different medical institutions by improving the consensus
tients who register in different hospitals and have
mechanism. But it has some disadvantages in data storage
the same disease symptoms. One session key could
since the scheme does not possess the ability of machine
be set between the patients after they make mutual
learning algorithm. Xia et al. [21] designed a blockchain-
authentication. The mechanism can help patients to
based data sharing framework. It takes the advantages of
communicate the disease information.
blockchain’s immutability and the built-in autonomy to ad-
dress access control challenges related to sensitive data stored
C. ORGANIZATION OF THIS PAPER
in the cloud. At the same year, Xia et al. [22] also proposed a
system named MeDShare, which is based on blockchain and The rest of paper is organized as follows. Firstly, some
has minimal data privacy risks. It is used to solve the problem preliminaries are presented in section II. In section III, we
of medical data sharing among healthcare big data custodians give one medical data sharing and protection model based
(e.g., cloud service providers) in the untrusted environment. on blockchain. In section IV, we offer the security and
The two schemes have the weaknesses of the cloud since performance analysis of the proposed scheme. Finally, the
they still need the assistance of the cloud. In 2018, Yang et paper is concluded in section V.
al. [23] presented a blockchain-based architecture for EHR.
It prevents tampering and misuse of EHR by keeping track II. PRELIMINARIES
of all events occurring in the database. Also, the system A. BLOCKCHAIN
introduces a new incentive mechanism to create new blocks Blockchain mainly solves the trust and security issues of
in the blockchain. In [24], a medical data storage system transactions, and it is a kind of distributed database com-
based on blockchain was proposed. The system not only can bining data blocks in chronological order. Generally, the
guarantee the originality and verifiability of stored medical blockchain is divided into three classes: private blockchain,
data but also can preserve the privacy of patients. In [25], consortium blockchain, and public blockchain [15], [26]. As
2 VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
Г Г Г
Hospital 1 Hospital k
Server Server
......
System .... ....
Block Block manager
Data Block Doctor Doctor Doctor Doctor
Data body Data
body body
.... ....
Block i-1 Block i Block i+1 ......
Blockchain of hospital 1 Blockchain of hospital k
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
(e.g., when their turn comes, they fail to compute the right 6. Session
value), the network will select new supernodes to replace User User
them, and the old nodes will be punished.
1. Initialization
3. User join SM
E. PROXY RE-ENCRYPTION 5.1 Request
re-encrypt 2. Hospital join
To ensure the security in the data sharing, the proxy re-
encryption was presented in [29]. In these schemes [29]– 5.3 Re-encrypted
ciphertext
[31], one party A entrusts a trusted third party or a semi-
honest agent to transform the ciphertext encrypted with its
Server Server
public key into ciphertext encrypted with the other party B’s
public key. Then, B could decrypt the ciphertext with own 4.1 Verify
private key, i.e., the data sharing is realized. During the whole
process, the data encrypted is very secure, and A’s private key Doctors Doctors
element of G2 .
3) Computability: e(U, V ) could be calculated efficiently As shown in Figure 3, the system manager SM , the hospi-
in polynomial time for any two points U, V ∈ G1 . tal HOi , and the user U Si,j are the three kinds of participants
in the network. SM is played by the health management
III. THE PROPOSED MEDICAL DATA SHARING AND department that is a trusted third party and responsible for
PROTECTION SCHEME generating the master key and system parameters. Hospital
In this section, we will propose a medical data sharing HOi first registers with SM and then generates its private
and protection scheme based on the private blockchain of key and public key. If a user U Si,j sees a doctor in the
the hospital. The two-way proxy re-encryption technology hospital HOi , he/she must register with HOi and set his/her
in [31] is utilized in the scheme. Also, it has provided a private key and public key. When the diagnosis has finished,
symptoms-matching mechanism for patients with the same the doctor will broadcast the results in the blockchain. If they
disease symptoms. The notations used in this paper are given have passed the verification by the server, the medical results
in Table 1. of U Si,j will be stored in the blockchain of HOi . If a doctor
in any hospital wants to query the historical records of the
4 VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
patient U Si,j , he/she and the patient should apply to the SM S inputs P Ki,j , Y , m, and ti,j , randomly select-
simultaneously. SM will compute the conversion key and s r ∈ Z∗p , computes C1 = g1r , C2 = P Ki,j r
,
ti,j r
generate the ciphertext of the historical records re-encrypted U = e(g, g2 ) , C3 = H2 (U ), K = e(g, g)r ,
by the doctor’s public key. Then SM sends the ciphertext to C4 = [F (K, C1 , C3 )]l−l1 k ([F (K, C1 , C3 ))]l1 ⊕ m),
the doctor. Finally, any two patients U Si,j and U Si+1,j+1 h = H3 (C1 , C3 , C4 ), and C5 = (uh vd)r . Thus, the
could conduct a mutual authentication and set a session key ciphertext of m is Ci,j = (C1 , C2 , C3 , C4 , C5 ). S
for their future session. Our scheme includes the following sends (P IDi , P IDi,j , ti,j ) to U Si,j securely. Also,
six phases, i.e., the initialization phase, the hospital join S computes Xi,j = Ei (αkIDi,j kP IDi kIDs ) with
phase, the user join phase, the data join blockchain phase, the HOi ’s public key and sends it to the server of the
data search and sharing phase, and patients session phase. hospital.
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
Block ID
communication about their illness. We only consider weak
Block Block size security requirements here since the following two reasons.
header
Previous ID (a) Since the information can be used to interact with each
Previous hash Every record other, so it has no very strong privacy. (b) It can reduce the
Hash
Timestamp
Block ID
computational cost and communication cost. The details are
Hospital ID
User pseudo identity given below.
Block Ciphertext Ci,j
body Ten records
Doctor public key 1) U Si,j sends P IDi and P IDi,j to U Si+1,j+1 , and then
Hospital signature
Doctor signature
U Si+1,j+1 sends P IDi+1 and P IDi+1,j+1 to U Si,j .
2) U Si,j selects a secret integer ni,j ∈ Z∗p and a prime
FIGURE 4: The structure of a block in the blockchain number z ∈ Z∗p randomly, computes w = z −1 mod
p, Pi,j = g zni,j , and Qi,j = g wni,j . Then U Si,j
sends (z, Pi,j , Qi,j ) to Pi+1,j+1 . Pi+1,j+1 randomly
in Figure 4. The specific steps are listed as follows. choose ni+1,j+1 ∈ Z∗p , computes w = z −1 mod p,
1) Doctor S broadcasts the medical data in the private Pi+1,j+1 = g zni+1,j+1 and Qi+1,j+1 = g wni+1,j+1 ,
blockchain of the hospital. and sends message (Pi+1,j+1 , Qi+1,j+1 ) to U Si,j .
ni,j
2) The server of the hospital verifies the data every 3) U Si,j computes ki,j = Qi+1,j+1 , M ACi,j =
minute, and then every ten legitimate records are M ACki,j (Qi,j , w, Pi+1,j+1 , P IDi+1,j+1 , ti,j ) and
placed in one new block of the blockchain. sends M ACi,j to U Si+1,j+1 . Then U Si+1,j+1 com-
n
3) Other nodes of blockchain update their stored data. putes ki+1,j+1 = Qi,ji+1,j+1 and M ACi+1,j+1 =
M ACki+1,j+1 (P IDi+1,j+1 , Pi+1,j+1 , Qi,j , ω, ti,j ). If
E. DATA SEARCH AND SHARING PHASE M ACi+1,j+1 = M ACi,j holds, U Si+1,j+1 com-
†
When the patient U Si,j interacts with a doctor S in hospital putes M ACi+1,j+1 = M ACki+1,j+1 (P IDi,j , Pi,j ,
HOi , S may need to know the historical medical records of Qi+1,j+1 , ki+1,j+1 , ti+1,j+1 ) and sends it to U Si,j .
the patient in hospital HOk for more precise diagnosis. Thus, Otherwise, the prase is terminated.
†
the following steps should be executed by inputting P Ki,j = 4) U Si,j computes M ACi,j = M ACki,j (P IDi,j , Pi,j ,
† †
g xj and P Ks = g xs if the doctor has obtained the permission Qi+1,j+1 , ki,j , ti,j ). If M ACi,j = M ACi+1,j+1 is
of U Si,j . true, then U Si,j computes the session key K =
ni,j
1) S and U Si,j send their private keys and identities to Pi+1,j+1 , the ciphertext K e = Ek (K), and sends K
i,j
e
SM respectively, then SM computes the re-encryption to U Si+1,j+1 . Otherwise, it is terminated.
key rkj↔s = xs /xj mod p. 5) U Si+1,j+1 decrypts ciphertext K e to get the session key
2) SM sends an extraction instruction about U Si,j ’s med- K.
ical records to the hospital HOk . If the disease symptoms ti,j and ti+1,j+1 are same, the cor-
3) The server of HOk sends the encrypted historical rectness of the protocol is based on the following equation.
records to SM .
n n
4) SM first computes h = H3 (C1 , C3 , C4 ), if ki+1,j+1 = Qi,ji+1,j+1 = g ωni+1,j+1 ni,j = Qi+1,j+1
i,j
= ki,j .
e(C1 , P Ki,j uh vd) = e(g1 , C2 C5 ) holds, SM com-
rk
putes C20 = C2 j↔s = P Ksr , sends the ciphertext IV. ANALYSIS OF THE MODEL
0
Cs = (C1 , C2 , C3 , C4 , C5 ) to S through the server of In this section, we will evaluate the proposed scheme from
HOi . Otherwise, SM outputs ⊥. the following three aspects. (1) Whether the proposed scheme
0 t 0
5) U Si,j computes U1 = g r , U2 = (g2i,j )1/xj H1 (P Kir ), can satisfy the basic requirements described for medical
and sends Uα = (U1 , U2 ) to the server of HOi , where data sharing and protection scheme. (2) According to six
r0 ∈ Z∗p is a random number. factors (no payment, the consensus mechanism, based on the
6) The server of HOi ensures e(C1 , P Ki,j uh vd) = private blockchain, reduce the pressure of the main chain,
e(g1 , C2 C5 ) holds. If not, the phase is terminated. the demand for calculating power, and symptoms-matching),
Otherwise, the server computes U = U2 /H1 (U1xi ) and the comparative analysis method is adopted to compare the
ensures C3 = H2 (e(C2 , U )) is true. Otherwise, the proposed scheme with the existing blockchain-based medical
phase is terminated. data sharing and protection schemes [16], [20], [25]. (3) The
7) S computes K = e(C20 , g)1/xs , if [F (K, C1 , C3 )]l−l1 = comparison of the computational cost and communication
[C4 ]l−l1 , then S recovers m = [C4 ]l1 ⊕ cost about the scheme [25] and the proposed scheme will be
[F (K, C1 , C3 )]l1 . Otherwise, this phase is terminated. given (as mentioned in [25], few details are given in the ex-
isting blockchain-based medical data sharing and protection
F. PATIENTS SESSION PHASE schemes including [16], [20], so we only select the scheme in
As shown in Figure 5, an interaction program will be giv- [25] as the comparative scheme for computational cost and
en for users U Si,j and U Si+1,j+1 in this section. They communication cost). Additionally, we will implement the
have the same disease symptoms and hope to make further proposed scheme by using PBC and OpenSSL libraries.
6 VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
U Si,j U Si+1,j+1
P IDi , P IDi,j
−−−−−−−−−−−−−−−→
P IDi+1 , P IDi+1,j+1
←−−−−−−−−−−−−−−−
Select: ni,j , z
Compute: w = z −1 mod p
Pi,j = g zni,j , Qi,j = g wni,j
(z, Pi,j , Qi,j )
−−−−−−−−−−−−−−−→
Choose: ni+1,j+1
Compute: w = z −1 mod p
Pi+1,j+1 = g zni+1,j+1
Qi+1,j+1 = g wni+1,j+1
(Pi+1,j+1 , Qi+1,j+1 )
←−−−−−−−−−−−−−−−
i,j n
Compute: ki,j = Qi+1,j+1
M ACi,j = M ACki,j (Qi,j , w,
Pi+1,j+1 , P IDi+1,j+1 , ti,j )
M ACi,j
−−−−−−−−−−−−−−−→
n
Compute: ki+1,j+1 = Qi,ji+1,j+1
M ACi+1,j+1 =
M ACki+1,j+1 (P IDi+1,j+1 ,
Pi+1,j+1 , Qi,j , ω, ti,j )
Check: M ACi,j = M ACi+1,j+1
†
Compute: M ACi+1,j+1 =
M ACki+1,j+1 (P IDi,j , Pi,j ,
Qi+1,j+1 , ki+1,j+1 , ti+1,j+1 )
†
M ACi+1,j+1
←−−−−−−−−−−−−−−−
†
Compute:M ACi,j =
M ACki,j (P IDi,j , Pi,j ,
Qi+1,j+1 , ki,j , ti,j )
† †
Check:M ACi,j = M ACi+1,j+1
Compute: K = ni,j Pi+1,j+1
Encrypt: K
e = Ek (K)
i,j
Ke
−−−−−−−−−−−−−−−→
Decrypt: K = Dki+1,j+1 (K)
e
A. THE SOLUTIONS FOR THE BASIC REQUIREMENTS cryption scheme, which could prevent unauthorized
Our scheme satisfies the five important features described in nodes from accessing the medical information. When
subsection A of the preliminaries section since it is based a doctor queries the historical data of a patient, the
on the blockchain. Next, we will analyze the solutions of proxy re-encryption technology is used. It allows the
the proposed model for the basic requirements listed in stored information in the blockchain to be transmitted
subsection C of the preliminaries section. in the ciphertext state. So, the security of the proposed
scheme is further improved. If two patients with the
1) Security and privacy. At the time of registration, the same symptoms want to communicate the disease in-
hospital or patient will be checked to ensure that all formation, and they must make mutual authentication
participators of the network are legitimate. After the and set a session key to preventing information leak-
hospital registers with SM , SM will generate a pseu- age. In all phases, anyone except the doctor and the
do identity for the hospital. When one patient sees patient is unable to obtain the plaintext of medical
a doctor, doctor will also compute a pseudo identity data. So, the proposed scheme has better security and
for the patient. Thus, user privacy will be protected stability.
since the pseudo identity is used instead of true identity 2) Data access. The proxy re-encryption is utilized in
in the subsequent processes. All information placed the proposed scheme. If a doctor has obtained the
in the blockchain is encrypted by the asymmetric en-
VOLUME 4, 2016 7
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
patient’s consent, he/she will get the ciphertext en- data in the private blockchain while the security indexes of
crypted by himself/herself public key. Then, the doctor personal health data are put in the consortium blockchain.
could access the data by decrypting the ciphertext. The scheme could satisfy many requirements, but it has a
The proposed scheme can realize data access between high computational cost (please see Table 3) and could not
different medical institutions. Patients also can query provide the symptoms-matching function. Thus, our scheme
their medical records after applying to the hospital. has better performance according to the six factors.
3) Patient control. The medical records are stored in the Now, we will first compare the computational and commu-
blockchain of the hospital. If one legal doctor wants to nication cost of the scheme in [25] with the proposed scheme.
obtain the stored data in the blockchain, he/she must Generally, the server and SM both could be regarded as a
have the re-encryption key issued by SM . The key cluster head with sufficient computational and communica-
is generated by SM utilizing the doctor and patient’s tion resource. So, we will only consider the burden of the
private keys. So, patients could control access to data. patient and doctor. Three operators are considered, i.e., the
4) Unified standard. In the proposed model, we use the scale multiplication operator in G1 (m), the exponentiation
uniform standard of data such as the keywords of operator in the prime finite field (e), and the bilinear pairing
disease symptoms, which is beneficial to data sharing operator (b). Then, we will implement the proposed scheme
and protection. by using PBC and OpenSSL libraries.
B. PERFORMANCE ANALYSIS
In the proposed data sharing and protection scheme, an TABLE 3 The comparison of the computational cost
improved DPOS mechanism is proposed. It does not need Scheme Patient Doctor
nodes to vote and generate delegates, which could reduce the [25] 7m (17 + n)m + 7e + 4b
computational cost and communication cost. Every doctor is Ours 4e 11e + 5b
responsible for broadcasting the message generated by him-
self/herself in the hospital’s private blockchain. The server
of the hospital is seen as the only supernode and used to In Table 3, we have listed the computational cost of the two
check the information. Then, other nodes in the blockchain schemes. It should be noted that the patients session phase
will update the stored data if the information has passed does not necessarily occur, so we ignore it here. We can know
the verification. Especially, doctors and hospitals both are that the patient’s computational cost in [25] is 7m. In the
supervised by the credit score mechanism. proposed scheme, the patient’s computational cost is 4e. We
As shown in Table 2, we will first compare the based- can note that the cost both is constant for different n and the
blockchain three medical data sharing schemes [16], [20], gap is very small [33]. Here, the parameter n is the size of the
[25] with the proposed scheme from the following six factors, disease keyword set, and it is usually a large number such as
i.e., no payment, based on the private blockchain, the consen- 1000 set in [25]. On the side of the doctor, the computational
sus mechanism, reduce the pressure for the main chain, the cost of our scheme is 11e + 5b. But the computational cost
demand for calculating power, and symptoms-matching, they of the scheme [25] increases linearly with the large number
are denoted as F1, F2, F3, F4, F5, and F6 for convenience. n, so it has higher computational cost on this side. Thus
our scheme is satisfactory for practical medical data sharing
scheme.
TABLE 2 Comparison of the six factors
The specific experimental environment for implementing
F1 F2 F3 F4 F5 F6 the proposed scheme is as follows. The cryptographic primi-
[16] ×
√ ×
√ POW ×
√ Big ×
[20] Improved DPOS Small × tives are implemented on a computer with Intel(R) Core(TM)
√ √ √
[25] √ √ DBFT √ Big ×
√ i5-5200U CPU @ 2.20Ghz 2.19Ghz, 8 GB RAM, Manjaro
Ours Improved DPOS Small
√
Support , Not-support × Linux 64 bit operating system with KDE desktop, using C++
language. PBC library and OpenSSL library are used for
the simulation. The version of PBC library is 0.5.14, and
The scheme in [16] uses the POW consensus mechanism the version of OpenSSL library is 1.1.1c. We deployed five
and needs to pay for the nodes that participate in the consen- blockchain nodes to receive block information. One of the
sus mechanism. It could not satisfy F1, F2, F4, and F6, and nodes is deployed on the computer used for the simulation
requires a big calculating power. In [20], Xue et al. proposed and runs on a different port than the server program. We
a blockchain-based data sharing and protection scheme. The created four identically configured virtual machines on a
scheme could satisfy F1, F2, and F4, but it has no symptoms- computer running Windows 10 operating system to deploy
matching function between patients. Besides, an improved the other four blockchain nodes. The computer running the
DPOS consensus mechanism is also proposed and used, but virtual machine is configured as Intel(R) Core(TM) i5-8400
only the delegate nodes can record data. It will consume extra CPU @ 2.80GHz, 8 GB RAM and running Windows 10
communication cost and time. In [25], the scheme adopt- 64-bit Home Chinese version operating system. The virtual
s DBFT consensus mechanism. It stores personal medical machine software is Oracle VM VirtualBox 5.2.22. The vir-
8 VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
6
x 10
180 2.5
Ours
160 [25]
2
140
Total time consumption(ms)
80
1
60
40
0.5
20
0 0
80bit 112bit 128bit 0 500 1000 1500 2000
Security level The size of the keyword set n
FIGURE 6: The total computational cost of experiments of FIGURE 7: Communication cost comparison versus the size
the proposed scheme with different security levels of the keyword set
tual machine we created uses the Ubuntu 18.04.1 operating TABLE 6 The comparison of the communication cost
system with 1024MB of RAM and one CPU. The virtual Scheme Communication cost
machine uses the bridge mode to join the LAN segment [25] (n + 12)|G1 | + |G2 | + 5|Z∗p | + 13b 32 np c+
where the computer running the server program is located. |t| + |x| + |ID| + 2|Hash|
Ours 9|G1 | + 2|Z∗p | + 2|x| + |ID| + 2k + 2l
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
show the cost of communication, we set p and q two large [10] F Xhafa, J L Feng, Y H Zhang, X F Chen, and J Li, “Privacy-aware
prime numbers are 160 bits and 1024 bits respectively. The attribute-based PHR sharing with user accountability in cloud computing,”
J Supercomput., vol.71, no.5, 2015, pp. 1607–1619.
lengths of elements in G1 and G2 are 1024 bits and 512 bits [11] N Leavitt, “Is cloud computing really ready for prime time?,” Computer,
separately. We assume that the lengths of the identity and vol.42, no.1, 2009, pp. 15–20.
the timestamp both are 32 bits, the point in the ciphertext [12] N Sultan, “Making use of cloud computing for healthcare provision:
opportunities and challenges,” International Journal of Information Man-
space is 160 bits, the np = 3, and the hash value is 256 bits. agement, vol.34, no.2, 2014, pp. 177–184.
The comparison diagram of communication cost is given in [13] S Nakamoto. “Bitcoin: a peer-to-peer electronic cash system,” 2008.
Figure 7. It is easy to find that the communication cost of [Online] Available: http://bitcoin.org/bitcoin.pdf.
[14] C Lin, D B He, X Y Huang, K R Choo, and A V Vasilakos, “BSeIn: A
the proposed scheme is constant. However, as the size n of
blockchain-based secure mutual authentication with fine-grained access
the keyword set increases, the communication cost of the control system for industry 4.0,” J Netw. Comput. Appl., vol.116, no.15,
scheme in [25] increases linearly. The communication cost 2018, pp. 42–52.
of our scheme is significantly low. [15] M Mettler, “Blockchain technology in healthcare: the revolution starts
here,” 2016 IEEE 18th International Conference on e-Health Networking,
Applications and Services (Healthcom), Munich, Germany, 2016, pp.1-3.
V. CONCLUSION [16] A Azaria, A Ekblaw, T Vieira, and A Lippman, “MedRec: using
blockchain for medical data access and permission management,” 2016
The features of blockchain technology such as the de- 2nd International Conference on Open and Big Data (OBD), Vienna,
centralization and tamper resistance make it very suitable Austria, 2016, pp.25-30.
[17] X Yue, H J Wang, D W Jin, M Q Li, and W Jiang, “Healthcare data
for the protection and sharing of medical data. In this gateways: found healthcare intelligence on blockchain with novel privacy
paper, a lightweight medical data sharing scheme based risk control,” J Med. Syst., vol.40, no.218, 2016, pp. 1–8.
on blockchain is proposed and implemented. Proxy re- [18] G Zyskind, O Nathan, and A Pentland, “Decentralizing privacy: using
blockchain to protect personal data,” 2015 IEEE Security and Privacy
encryption technology is used to help the doctors to access Workshops, San Jose, USA, 2015, pp.180-184.
historical records of patients. It can ensure the security of [19] A Ekblaw, A Azaria, J D Halamka, and A Lippman, “A case study
the proposed scheme since the inquired information is trans- for blockchain in Healthcare: "MedRec" prototype for electronic health
mitted in the ciphertext form. Besides, an improved DPOS records and medical research data,” the 2016 IEEE of International Con-
ference on Open and Big Data, Iscataway, USA, 2016, pp.25-30.
mechanism is proposed to act as the consensus mechanism [20] T F Xue, Q C Fu, C Wang, and X Y Wang, “A medical data sharing model
that is lightweight and reliable. Finally, our scheme provided via blockchain,” Acta Automat. Sinica, vol.43, no.9, 2017, pp.1555–1562.
the symptoms-matching mechanism that allows two patients [21] Q Xia, E B Sifah, K O Asamoah, J Gao, X J Du, and M Guizani„
“MeDShare: trust-less medical data sharing among cloud service providers
with the same symptoms can make communication about via blockchain,” IEEE Access, vol.5, 2017, pp.14757-14767.
their illness. The analysis results show that the proposed [22] Q Xia, E B Sifah, A Smahi, S Amofa, and X S Zhang, “BBDS:Blockchain-
scheme satisfies many requirements and has a low compu- based data sharing for electronic medical records in cloud environments,”
Information, vol.8, no.44, 2017, pp.1-16.
tational and communication cost. [23] G Yang and C L Li, “A design of blockchain-based architecture for the
security of electronic health record (EHR) systems,” 2018 IEEE Interna-
tional Conference on Cloud Computing Technology and Science, Nicosia,
A. REFERENCES Cyprus, 2018, pp.261-265.
REFERENCES [24] H Y Li, L H Zhu, M Shen, F Gao, X L Tao, and S Liu, “Blockchain-based
data preservation system for medical data,” J Med. Syst., vol.42, 2018,
[1] A K Jha, D Doolan, D Grandt, T Scott, and D W Bates, “The use of health pp.141.
information technology in seven nations,” Int. J Med. Inform., vol.77, [25] A Q Zhang and X D Lin, “Towards secure and privacy-preserving data
no.12, 2008, pp. 848–854. sharing in e-health systems via consortium blockchain,” J Med. Syst.,
[2] Y Guo and C Liang, “Blockchain application and outlook in the banking vol.42, 2018, pp.140.
industry,” Financ. Innov., vol.2, no.24, 2016, pp. 1–12. [26] Z B Zheng, S A Xie, H N Dai, X P Chen, and H M Wang, “An overview of
[3] Y Yuan and F Y Wang, “Blockchain: the state of the art and future trends,” blockchain technology: architecture, consensus, and future trends,” 2017
Acta Automat. Sinica, vol.42, no.4, 2016, pp. 481–494. IEEE International Congress on Big Data, Honolulu, USA, 2017, pp.557-
[4] B Shickel, P J Tighe, A Bihorac, and P Rashidi, “Deep EHR: a survey of 564.
recent advances in deep learning techniques for electronic health record [27] I Bentov, C Lee, A Mizrahi, and M Rosenfeld, “Proof of activity: extending
(EHR) analysis,” IEEE J Biomed Health, vol.22, no.5, 2018, pp. 1589– bitcoin’s proof of work via proof of stake [extended abstract]y,” Acm
1604. Sigmetrics Performance Evaluation Review, vol.42, no.3, 2014, pp.34-37.
[5] G S Birkhead, M Klompas, and N. R. Shah, “Uses of electronic health [28] Y Yuan and F Y Wang, “Blockchain: the state of the art and future trends,”
records for public health surveillance to advance public health,” Annu. Acta Automat. Sinica, vol.42, no.4, 2016, pp.481-494.
Rev. Publ. Health, vol.36, no.1, 2015, pp. 345–359. [29] M Blaze, G Bleumer, and M Strauss, “Divertible protocols and atomic
[6] F G Li, Y N Han, and C H Jin, “Cost-effective and anonymous access proxy cryptography,” International Conference on the Theory and Appli-
control for wireless body area networks,” IEEE Syst. J., vol.12, no.1, 2018, cations of Cryptographic Techniques, Espoo, Finland, 1998, pp.127-144.
pp. 747–758. [30] R Canetti and S Hohemberger, “Chosen-ciphertext secure proxy reencryp-
[7] M M Hassan, K Lin, X Yue, and J Wan, “A multimedia healthcare data tion,”14th ACM conference on Computer and communications security,
sharing approach through cloud-based body area network,” Future Gener. Alexandria, USA, 2007, pp.185-194.
Comp. Sy., vol.66, 2017, pp. 48–58. [31] L F Guo and B Lu, “Efficient proxy re-encryption with keyword search
[8] J J P C Rodrigues, I D L Torre, and G Fernández, and M L Coronado, scheme,” Journal of Computer Research and Development, vol.51, no.6,
“Analysis of the security and privacy requirements of cloud-based elec- 2014, pp.1221-1228.
tronic health records systems,” J Med. Internet Res., vol.15, no.8, 2013, [32] T Okamoto, “Cryptography based on bilinear maps,” International Sym-
pp. 418–426. posium on Applied Algebra, Algebraic Algorithms, and Error-Correcting
[9] M Preethi and R Balakrishnan, “Cloud enabled patient-centric EHR Codes, Las Vegas, USA, 2006, pp.35-50.
management system,” 2014 IEEE International Conference on Advanced [33] H Xiong and Z G Qin, “Revocable and scalable certificateless remote
Communications, Control and Computing Technologies, Ramanathapu- authentication protocal with anonymity for wireless body area networks,”
ram, India, 2014, pp.1678-1680. IEEE T. Inf. Foren. Sec., vol.10, no.7, 2015, pp.1442-1455.
10 VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2937685, IEEE Access
VOLUME 4, 2016 11
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.