Blockchain: Research and Applications 5 (2024) 100178

Contents lists available at ScienceDirect

Blockchain: Research and Applications

journal homepage: www.journals.elsevier.com/blockchain-research-and-applications

Research Article

A critical literature review of security and privacy in smart home healthcare

schemes adopting IoT & blockchain: Problems, challenges and solutions
Olusogo Popoola a, * , Marcos Rodrigues b , Jims Marchang a , Alex Shenfield b ,
Augustine Ikpehai b , Jumoke Popoola a
a
Department of Computing, Sheffield Hallam University, Sheffield, S1 1WB, UK
b
Department of Engineering and Math, Sheffield Hallam University, Sheffield, S1 1WB, UK

A R T I C L E I N F O A B S T R A C T

Keywords: Protecting private data in smart homes, a popular Internet-of-Things (IoT) application, remains a significant data
IoT security and privacy challenge due to the large-scale development and distributed nature of IoT networks.
Smart home healthcare Recently, smart healthcare has leveraged smart home systems, thereby compounding security concerns in terms
PoA-based permissioned blockchain
of the confidentiality of sensitive and private data and by extension the privacy of the data owner. However,
Authorisation framework
Fine-grained access control
proof-of-authority (PoA)-based blockchain distributed ledger technology (DLT) has emerged as a promising
Interception solution for protecting private data from indiscriminate use and thereby preserving the privacy of individuals
Privacy model residing in IoT-enabled smart homes. This review elicits some concerns, issues, and problems that have hindered
Consent the adoption of blockchain and IoT (BCoT) in some domains and suggests requisite solutions using the aging-in-
place scenario. Implementation issues with BCoT were examined as well as the combined challenges BCoT can
pose when utilised for security gains. The study discusses recent findings, opportunities, and barriers, and
provides recommendations that could facilitate the continuous growth of blockchain applications in healthcare.
Lastly, the study explored the potential of using a PoA-based permission blockchain with an applicable consent-
based privacy model for decision-making in the information disclosure process, including the use of publisher-
subscriber contracts for fine-grained access control to ensure secure data processing and sharing, as well as
ethical trust in personal information disclosure, as a solution direction. The proposed authorisation framework
could guarantee data ownership, conditional access management, scalable and tamper-proof data storage, and a
more resilient system against threat models such as interception and insider attacks.

1. Introduction terms of comfort and convenience in daily living. For instance,

The application of the Internet of Things (IoT) in smart homes pre­
sents a significant challenge in terms of data security and user privacy,
owing to the vast scale and distributed nature of IoT networks. IoT-
enabled homes, i.e., smart home, comprising a network of uniquely
identifiable connected devices, are capable of automatically acquiring
implicit data [1]. Such data include sensor data from IoT devices in the
environment surrounding the homeowner, data obtained through ap­
plications installed in mobile devices, or information gleaned from
server log files that register the details of the network interactions be­
tween the homeowner and controller services (e.g., IP addresses). These
IoT systems are capable of auto-organizing, sharing data and resources,
and acting and reacting to environmental changes, with or without
human intervention. IoT deployment in smart homes is increasing in
IoT-enabled homes are integrable with digital healthcare facilities to
benefit from smart healthcare using edge devices such as tablet PCs or
PDAs installed with well-being monitoring applications, and in some
cases, wearable technologies are installed to collect and share physio­
logical data from home occupants in a transformative manner, e.g.,
aging-in-place (Fig. 1). This approach often enables continuous health­
care to individuals by linking the home to mobile, and in-clinic health
monitoring [2]. Sensing devices could be utilised in medical healthcare
IoT-CPS to collect patients’ routine health and physiological [3,4] in­
formation classified as private [5]. However, the Internet of Health
Things (IoHT) has emerged and leveraged the real-time access protocols
of the Internet to provide comfort in well-being monitoring while also
posing security challenges data confidentiality and in preserving patient
privacy [6].

* Corresponding author.
E-mail address: [email protected] (O. Popoola).

https://doi.org/10.1016/j.bcra.2023.100178
Received 27 April 2023; Received in revised form 10 December 2023; Accepted 12 December 2023
Available online 20 December 2023
2096-7209/© 2023 The Author(s). Published by Elsevier B.V. on behalf of Zhejiang University Press. This is an open access article under the CC BY-NC-ND license
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Challenges faced in smart healthcare include those of compromised The terms “sensitive data” and “private data” are often used inter­
devices, unauthorized access to personally identifiable information changeably, but there can be subtle differences, especially in the context
(PII), and the inability of homeowners to selectively disclose their in­ of data privacy regulations, cybersecurity, and ethical standards. In the
formation, thereby leading to concerns about indiscriminate exposure to context of smart home well-being monitoring (Fig. 2), both terms are
sensitive and contextual information. The heterogeneous environment highly relevant, and understanding their implications is crucial for data
of IoT systems contributes to security and privacy challenges encoun­ management, protection, and compliance with legal standards.
tered in smart home systems [8,9]. The value chain of data management,
consisting of data acquisition or collection, processing, storage, and • Private Data: “Private data” refers to information that is meant to be
usage, requires privacy protection using enabling technologies, as these kept confidential within a defined group or setting. In a smart home
present target surfaces are susceptible to attacks. The increasing number context, this could be any data collected by smart devices that the
of internet-dependent devices in smart homes has led to a rise in privacy user or household members would not want to share with the wider
threats and attacks [10]. Such attacks can reveal sensitive information public. This can include general information like personal prefer­
about homeowners, compromising their lifestyle and well-being. As ences for music or room temperature, schedules, or even shopping
privacy norms dictate, users should have control over their data, rather lists.
than complete withdrawal or non-disclosure. Users should be able to
selectively disclose information and exercise control over who sees it.
While privacy infringement can sometimes be acceptable when the
eventual disclosure of the information is beneficial to the data owner, e.
g., in smart healthcare services where the data of monitored persons in
smart homes collected using medical sensors are revealed to eHealth
expert systems to ensure their safety and well-being [11–16]. Moreover,
intangible benefits of ethical disclosure of personal information for
medical research, therapy logistics and design, marketing purposes, etc.,
could be supervised and controlled based on informed consent and
acceptance [17], and the tenure of use as agreed by data owners [18,19].
The increasing number of IoT devices in smart homes, such as wearables
and nearables, has led to growing concerns over privacy and security
risks. More so, when smart things are getting smarter and more
vulnerable due to their small form factor and resource constraints,
which made conventional intrusion detection and protection schemes
are directly applicable. Moreover, in the health realm, where complex
data are used to produce values that enhance human health, it has been
established that standard strategies for addressing health data privacy
problems are insufficient for protecting users’ privacy. To lay some
emphasis on user privacy and confidentiality of data, sensitive and
private data will be defined and used interchangeably in the smart home
healthcare scenario being discussed regarding personally identifiable
information and their ethical disclosure.
The definition of sensitive and private data associated with ethical Fig. 2. Functionalities of a smart home healthcare scenario applicable for
monitoring the elderly [11].
disclosure being discussed is as follows.

Fig. 1. Evolution pathway of smart home concept, related technologies, and services [7].

2
O. Popoola et al.
• Sensitive Data: “Sensitive data” is generally a subset of private data
but refers specifically to information that, if disclosed, could poten­
tially cause harm or pose a risk to the security or rights of an indi­
vidual. Sensitive data often include information related to health,
racial or ethnic origin, political opinions, religious beliefs, or sexual
orientation, among others.
In the realm of smart home well-being monitoring, sensitive data
might refer to detailed health data, like information about an in­
dividual’s chronic conditions, mental health, medication schedules, or
biometric data (e.g., heart rates, blood pressure, sleep patterns). In smart
home well-being monitoring, systems often collect a vast amount of
data, some of which are intensely personal and potentially sensitive. For
example
• Biometric data collected by health monitors could be considered
both private and sensitive, as unauthorized access could not only
violate privacy but also potentially lead to identity theft or health
insurance fraud.
• Information on an individual’s daily routines or living habits could
be private data, as it is information that the resident would not want
to be shared publicly but is not necessarily sensitive, as it might not
pose a direct risk if disclosed.
Given the potential overlap and differences, companies behind the
design and deployment of smart home devices are yet to employ strict
data security measures and follow relevant regulations (like the GDPR in
Europe, the HIPAA in the USA for health-related information, or other
local data protection laws) to ensure that both private and sensitive
information is adequately protected against unauthorized access,
disclosure, or other forms of data breaches. Furthermore, the manage­
ment of such data should be transparent to the user, providing clear
options for consent, and the ability to control what data are shared and
with whom, ensuring the ethical handling of personal and sensitive in­
formation. Full compliance with these regulations requires privacy by
design or other means of supporting the user of IoT devices [14] to
secure their valuable personal information.
Fig. 3. Inside an IoT core.
3
Blockchain: Research and Applications 5 (2024) 100178
1.1. Strategies for IoT data protection
The IoT Core: A fundamental software component or service used in
an IoT environment is referred to as the IoT Core. Sometimes refers to
specific products or services, but the general idea is that an IoT Core is
central to connecting, managing, and securing the multitude of devices
in an IoT system. As a central engine, it connects and controls devices,
with tenets such as security emphasised as an important characteristic,
ensuring the deployment environment is secure (Fig. 3). The “core” in
these services generally refers to the essential capabilities they provide
in the context of IoT systems such as
• Connectivity and control services: These are features that allow IoT
devices to connect to the Internet or other networks and be managed
remotely.
• Security: This is crucial, as IoT devices can be vulnerable to hacking
and other security threats. The IoT Core often provides features to
ensure secure device connections and data transfers.
• Data processing and integration: IoT devices generate vast amounts
of data, which need to be processed, analyzed, and potentially in­
tegrated with other systems or databases.
• Device monitoring and management: This includes the ability to
monitor the status of devices, update their firmware or software, and
troubleshoot issues remotely.
“IoT Core” services are fundamental components in IoT architec­
tures, providing the necessary infrastructure to connect, manage, secure,
and integrate IoT devices at scale. Table 1 illustrates the need to secure
the complex software/hardware that supplies IoT functionalities. The
tenets can be applied to the processing of private and sensitive data in
the smart home healthcare ecosystem, such as personal and well-being
data collected, which are given the required protection to avoid non-
transparency of usage.
Blockchain technology (BCT): Blockchain is a type of distributed
ledger technology (DLT), and this technology relies on distributed
technology with built-in confidence mechanisms to ensure data integrity
to share both data and business processes. Certainly, blockchain is now
introducing a new evolutionary cycle to database management
O. Popoola et al.
Table 1
IoT Core description.
Component Description
Device Device registry of what is connecting to the user and how to identify
registry those devices. This is stored in a table.
Security Most importantly about how to ensure the device is allowed to
connect to the user and that the device is communicating according
to protocol, i.e., prevent authorised disclosure of information.
Messaging Messaging, at the heart, illustrates the transmission of messages
back and forth (full duplex) to these devices. Requires having a very
scalable and efficient Message Broker in the heart of the IoT Core.
Integrations The need for simple integrations into other services outside of the
core. These are things that the clouds provide such as integrations
into databases, AI engines, into enterprise systems; or at the edge,
integrations are needed into SCADA equipment, MES equipment,
etc.
Edges The edge concept has now been built in IoT Core. The ability to
orchestrate these edges requires working with them to move
processing between edge and core.
Monitoring The need to be able to monitor the performance of the core, monitor
the performance of devices, and monitor the overall health of how
the system operates.
development and it can be adopted as a solution for the ethical disclo­
sure of personal data in a smart home healthcare setting. Blockchain is
more than just a database that stores and verifies transaction data.
Although blockchain was originally conceived to address gaps in the
current architecture of financial systems, these limitations affect iden­
tities, currencies, and contracts. Likewise, blockchain architecture is
also designed for security. Its security features include the immutability
and fault tolerance of the database ledger, and the public key infra­
structure (PKI) which secures the digital assets of individual blockchain
users. Nevertheless, there have already been some high-profile hacks of
blockchain systems, and newer blockchain networks (BCNs) are
Fig. 4. Evolution of blockchain.
4
Blockchain: Research and Applications 5 (2024) 100178
implementing creative ways to mitigate ongoing risks. Research efforts
on addressing associated risks will be discussed extensively in the later
section of this study. However, the adoption of blockchain applications
is increasing as shown in Fig. 4, and several consensus algorithms
(Fig. 5) have evolved from the traditional proof-of work (PoW) to fit into
the security demand of domains that require blockchain to benefit from
its tenets of CIA.
Permissioned blockchain implementation presents a viable solution
due to blockchain’s internal mechanisms which are designed to ensure
data security and provide privacy through cryptography and consensus
algorithms. These built-in mechanisms convert data transactions into
hashes to compose blocks. Such blocks follow each other sequentially in
what can be described as a chain. This architecture is supported by
cryptography and ensures the integrity of the ledger. Although nodes in
a permissioned blockchain hardly trust each other, their identities are
authenticated, allowing the system to apply more efficient protocols for
withstanding Byzantine failure than in a permissionless blockchain. A
combination of lightweight cryptographic algorithms and secured pri­
vacy techniques has been a key enabler in the development of block­
chain and its emerging applications. Hence, issues of data privacy are
progressively being tackled in blockchain, providing data confidenti­
ality and immutability, and making the desirable security attribute in
private BCT duly applicable in the health sector [21–24].
This current study discusses the evolution of blockchain beyond
virtual currencies where other technologies such as smart contract
management, NFTs, and the digitization of commercial and organiza­
tional registries have been integrated. Smart contracts can be written on
the blockchain and executed by all nodes on the block. Table 2 illustrates
the different categories of blockchains, with differences in their speed of
consensus, trusted authority, and the number of TAs required. All cat­
egories of blockchain share common properties such as the usage of a
decentralized P2P network for transactions, digital signature re­
quirements, and reliance on consensus to sync the replicated distributed
ledger of transactions across the BCN.
A useful advantage of a permissioned blockchain is the possibility of
implementing it as both a private-permissioned blockchain where it
presents high scalability and a public-permissioned blockchain in which
medium scalability is achievable as against low scalability in the public
permissionless blockchain (Fig. 6).
This review therefore suggests a combination of IoT security tech­
niques and permissioned blockchain to propose a permissioned block­
chain and IoT (BCoT) authorization framework, emphasizing secure
data exchange and distribution among IoTs and computing nodes.
Hybrid cryptography techniques are utilised to ensure privacy preser­
vation, a potential solution to indiscriminate disclosure of private data
in smart home healthcare delivery. An overview of blockchain cate­
gories and development ecosystem is further illustrated in Fig. 7 and
explained in Table 3. The permissioned approach is beneficial due to
increased privacy control, higher transaction rates, scalability, and little
or no gas cost requirement, although there are arguments on the
counter-intuitiveness of private and permissioned blockchain to the goal
of decentralization [26]. Blockchain is built on asymmetric key
encryption, hash values, Merkle Tree, and P2P networks. Thus, block­
chain allows decentralized transactions to take place and acts as an
unchangeable record. Recently, BCT has emerged as a potential solution
for secure, trusted, efficient storage, and data sharing [27]. The
long-term factor supporting the excellent fit of BCoT integration in the
smart healthcare realm [28] is the decentralized nature and distributed
network of the technology. However, the computational intensity and
high energy consumption of traditional consensus mechanisms in
blockchain-based systems in securing data processes, e.g., Bitcoin,
which uses 707 kWh per transaction [29] makes it unsustainable and
unscalable.
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Fig. 5. Some consensus algorithms in blockchain technology [20].

higher security levels since distributed networks rarely suffer from a

Table 2
single point of failure, while asymmetric cryptography disallows unau­
Blockchain classification.
thorized access aimed at data fabrication, modification, and manipula­
Type Description Number SoC Scenario tion. Furthermore, the structure supports access management, device
of TA
binding, fine-grained access control, and data ownership. The imple­
Private Write privileges 1 Fast Information mentation of a smart contract adds another level of control that main­
blockchain under the control management and tains rules, authentication, and communication between the
of an sharing within an
organisation organisation
participating nodes of the system design. Earlier studies suggest that PoA
Public Anyone can be a 0 Slow Global can handle smart home communications at high transaction rates with
blockchain participant and it decentralized validation performed by randomly selected trustworthy, non-high-
is accessible scenarios performing, inexpensive nodes, thereby eliminating earlier energy-
globally
hungry, computationally intensive PoW and share-based proof-of-stake
Consortium Controlled by ≥ Slightly Businesses among a
blockchain pre-selected fast selected (PoS) [31]. The proposed framework provides an ethical data access
nodes within the organisation approval that is acceptable to all participating nodes, where access re­
consortium quests to the IoT devices within home network components are
considered the basic element of permissibility that could prevent data
leakage and uphold the privacy of individuals under observation.
1.2. Blockchain-enabled IoT
The connection of smart devices through blockchain enables
distributed devices to act autonomously as these devices generate
A framework that integrates data management in IoT devices with a
enormous amounts of dynamic and unstructured data, and these data,
lightweight blockchain implementation using the proof-of-authority
which are the true value of the IoT, need to be protected. Hence, BCT can
(PoA) consensus mechanism is considered in this paper. The PoA algo­
potentially douse security concerns of lack of data usage transparency,
rithm provides a considerably low computational, latency, and energy
traceability, and reliability posed by IoT data collection processes in
overhead during the data secure process, and is suitable for resource-
smart home systems. Yaga et al. [32] mentioned the utilization of
constrained IoT devices. Moreover, the introduced framework offers

5
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Fig. 6. Blockchain type matrix [25].

Fig. 7. Overview of distributed ledger technology (DLT) structures and aspects of DLT ecosystem as adapted from Ref. [30].

employ a deterministic consensus mechanism that can easily achieve

Table 3
fast consensus among the authenticated users [33]. Fig. 8 illustrates the
Comparison between permission and permissionless blockchain networks.
layered implementation of a permissioned blockchain.
Permissioned Permissionless

Permission is required before Anyone can participate

participation 1.3. Authorisation scheme through permissioned blockchain-enabled
Participants are well-known to others Participants not known smart home healthcare of things
The number of participants is limited Unlimited number of participants
Data security is offered Offers less data privacy
Instant consensus predictability Weak consensus inevitability This review discusses authorization framework and user-centric
Transaction rate is high (good Transaction rate is low (low privacy control scheme based on smart contracts and permissioned
throughput) throughput) blockchain. The goal is to prevent unauthorized data collection and
Highly scalable Scalable
disclosure while allowing users to specify their privacy preferences. The
Vulnerable to participant’s collusion Vulnerable to 51% attack
Enable finality of data No finality of data (51% attack) focus is on confidentiality, which is one of the three basic security re­
quirements (CIA), that explores the use of blockchain as a viable DLT to
ensure data immutability, transparency, traceability, and auditability.
Hyperledger Fabric’s chain code as an instance of smart contracts in The proposed approach is not limited to smart home healthcare systems
permissioned BCNs where the majority of permissioned blockchains but applies to several IoT-enabled applications.

6
O. Popoola et al.
Fig. 8. Layered implementation in the proposed proof-of-authority (PoA)-based permissioned blockchain as adapted from Ref. [19].
The proposed framework aims to apply BCT to address data security
challenges in smart home healthcare systems. The challenges include the
lack of fine-grained access control and data ownership schemes, which
often lead to credential stuffing and insider attacks [34,35]. The
framework proposes the use of a PoA-based permissioned blockchain
and smart contracts assigned to each node for role-based access control
and data management. The second challenge is the lack of data trans­
parency and auditability, which can be mitigated through blockchain’s
ability to provide a transparent and auditable regime for data collection
and storage in a private network. The main objective of the use of a
permissioned blockchain is to establish transparency in the sharing of
sensitive information such as medical records or behavioural data.
However, this transparency should be balanced with privacy preserva­
tion, as the degree of information disclosed is directly proportional to
the quality of care received. Therefore, a justifiable relationship must be
established between blockchain features of data immutability, trans­
parency, traceability, and privacy [36]. In a smart home healthcare
system, the information disclosed is stored in both on-chain and
off-chain locations, with details such as timestamp, degree of disclosure,
authorised recipient, the purpose of sharing, and information content
being recorded. The content of the information is often encrypted and
can only be decrypted by the authorized recipient.
The implementation of permissioned blockchain can help to reveal
cases of medical service denial, abuse, or negligence in healthcare de­
livery. Through the auditing processes, maltreatment, inappropriate
behaviour, or lack of professionalism can be made transparent, as
authorised network participants can monitor who gets what based on
their role in the blockchain ecosystem. The immutability and trace­
ability of data transactions in the blockchain also allow for the estab­
lishment of a reputation-based system, where each entity has a separate
smart contract to regulate data sharing. Overall, transparency in per­
missioned blockchain must constantly be redefined in the context of
privacy preservation, and the use of blockchain in healthcare should be
accompanied by transparent and ethical use of behavioural, implicit,
and physiological data.
The third challenge is the failure of the use of appropriate tamper-
resistant data storage facilities. The traditional database management
system (DBMS) is unable to protect against database breaches, data
manipulation, and corruption due to the limited database operation for
persistent storage the CRUD configuration (Create, Read, Update, and
Delete) offers. BCT’s immutability and append-only feature make it
more secure through the implementation of the CRAB model [37] for
7
Blockchain: Research and Applications 5 (2024) 100178
persistent storage applications. The four basic operations of CRAB
(Create, Retrieve, Append, and Burn) are more efficient and better suited
for data storage schemes with data privacy preservation motives. In
smart home healthcare delivery, keeping private data in off-the-chain
storage instead of on-the-chain is recommended for data scalability
because blockchain data storage capability, by default, is limited. A
permissioned or closed blockchain is also viable to complement the
tamper-resistance property of blockchain data. The data own­
ership/provenance scheme applied makes it relatively easier to delete
personal data based on an individual’s request through a process called
forking. Overall, exploiting blockchain characteristics of decentraliza­
tion, immutability, and asset management is central to this solution
delivery.
The use of both on-chain (blockchain) and off-chain (InterPlanetary
File System, IPFS) storage can improve data flow management and
scalability. Private and sensitive data can be stored in IPFS, while only
transaction-related data, i.e., hashes of encrypted data are stored on-
chain. This increases the number of transactions that can be accom­
modated within a block.
1.4. Motivation
Existing systems lack adequate access control for the disclosure of
sensitive and private data. In most cases, the consent of the data owner is
rarely considered, thereby making data ownership, sovereignty, and
provenance barely attainable. For instance, a lack of fine-grained access
control and data ownership schemes often leads to credential stuffing
and insider attacks [34,35]. Furthermore, discussions on integrable
privacy models as a means of achieving privacy by design in most
authorisation frameworks for ethical disclosure of private data in a
smart home system without any introduction of noise [22] or undue
randomness into data in transit has not gained sufficient attention. An
authorisation framework that is best suited for resource-constrained IoT
nodes and at the same time computational and energy efficient and
underpins net zero initiatives is also desirable in the pervasiveness of IoT
in the smart healthcare domain. This motivates the investigation of a
new authorisation framework for ethical disclosure of private data in a
smart home healthcare ecosystem using a combination of
publisher-subscriber smart contracts and PoA-based permissioned
blockchain as a service.
O. Popoola et al.
1.5. Contributions
The main contribution of this paper is how the combination of
lightweight solutions, e.g., a transport encryption scheme for IoT, PoA-
based blockchain, and specific smart contracts built on a consent-based
privacy model (privacy by design), can play a crucial role in improving
privacy preservation techniques in the smart healthcare through their
use as a recipe of an authorisation framework. The specific contribution
of the research is as follows:
• Considering several security issues, such as data confidentiality,
integrity, authentication, etc., and minimizing, the associated
computation and communication overheads in IoT-enabled smart
homes for well-being monitoring, we examine the best fit hybrid
transport encryption schemes of elliptic curve cryptography (ECC)
and advances encryption scheme (AES). This is based on a remote
user mutual authentication scheme for the IoT environment that
establishes authentication between home sensors and home gate­
ways, as well as between the home gateway, IPFS, and eHealth
monitoring nodes. This will also be the underlying encryption tech­
nique utilised in the blockchain.
This paper puts forward a consent-based privacy model as a decision-
making recipe for ethical disclosure of the homeowner’s sensitive or
private data during the continuum of care.
• A PoA-based permission blockchain is outlined in this paper as the
underlying security provision for supervised transparency, trace­
ability, immutability, and auditability of sensitive and private data
emanating from the smart homeowner being monitored and placed
on a care plan (continuum of care).
• A publisher-subscriber smart contract model is described in this
paper for fine-grained access control to ensure the disclosure of in­
formation that benefits the data owner, that is, the homeowner, and
all information stakeholders in a transparent manner.
Lastly, the study discussed the extensive threat model evaluation for
privacy preservation.
Using the approach of content analysis, this study highlights the
growing interest in the academic community and identifies three key
research areas:
1) IoT and blockchain implementation in smart home applications for
data security gains.
2) IoT and blockchain implementations for secure data storage and
management of private data in smart home-based healthcare
services.
3) IoT and blockchain implementation for privacy preservation in dig­
ital healthcare systems (internal consortium/secure disclosure of
transparent private data of the smart home user.
Another contribution of this survey is summarized as follows:
1) Discussion of the benefits and applications of integrative BCoT for
smart healthcare.
2) Introduction of the conceptual authorisation framework from
Blockchain-enabled IoT in (i) smart home well-being monitoring (ii)
data storage and management (i.e., electronic health record—EHR
and medical health record—MHR management), and (iii) digital
healthcare system analysis and diagnosis, where the BCN can guar­
antee ethical disclosure of information that is beneficial to infor­
mation stakeholders, i.e., data subject/publishers and subscribers in
the smart home healthcare ecosystem.
3) Highlighting the challenges and opportunities that require imple­
mentation in the digital healthcare domain by researchers.
8
Blockchain: Research and Applications 5 (2024) 100178
1.6. Research aim
This study aims to address security and privacy concerns in smart
home healthcare systems by proposing an authorization framework
using permissioned BCT. The research questions cover various aspects of
data security and privacy, such as access control mechanisms, secure
data storage, and threat evaluation. The study aims to examine security
threats to data privacy in smart homes, design middleware for access
control using BCT, and validate the system’s performance. The potential
impact of the study is significant, as it addresses the growing concern of
IoT-based attacks on vulnerable groups [38,39] and proposes a
consensus-based transaction endorsement equipped with a privacy
preservation model and data ownership to control selective disclosure of
personally identifiable information. The proposed model could be
applied across all smart home settings.
In this paper, the specific research questions raised, examined, and
proffered with solutions are
RQ1. How suitable are existing transport encryption techniques for
tackling emerging interception threat models targeted towards
depriving users of privacy due to unethical disclosure of personally
identifiable information when resource-constrained IoT devices are
used in the smart home healthcare delivery ecosystem?
RQ2. How can a consent-based privacy model be implemented for
decision-making in the ethical disclosure of sensitive or private data?
RQ3. How can IoT, BCT, and smart contracts be exploited to design
an authorisation framework for ethical disclosure of private data
during the acquisition and transmission of data in smart home
healthcare delivery processes that could improve users’ privacy?
Considerations include consent-based access control to safeguard
against the illegitimate collection of private data and the use of a storage
approach applicable to ensure secure storage of such data in a smart
home healthcare ecosystem.
The direction to follow in proffering a solution to this problem is to
control and protect:
1) The data acquisition, collection, monitoring, and sharing process.
2) The location(s) where and how the collected data are stored, and
installed across the P2P ecosystem if they are not secured.
3) To issue information to stakeholders with smart contracts for fine-
grained access control to publish, subscribe, and use such data (i.
e., nodes that can acquire, monitor, and store private data).
The questions above are further examined through a thematic
analysis of related work. Each theme section provides research outcomes
and areas that can be developed.
The potential impact of the research is as follows:
• The scenario of the elderly in a smart home is essential in a society
with an aging population.
• Telemetry is a foremost preventive care method rendered over the air
(remotely), attackers can take advantage of vulnerable IoT’s and
nodes.
• A consensus-based transaction endorsement will enable selective
disclosure of data owner’s (the elderly) information within the smart
home healthcare ecosystem. In the absence of this purpose, there is
most likely to be an abuse of information, whether deliberately or
unintentionally.
1.7. Organisation
The remainder of the paper is structured as follows. Section 2 is a
detailed literature review that explains the recent security and privacy
challenges and outlines related work that adopts BCoT in smart home
healthcare systems, including the current state of the art, focusing on
O. Popoola et al.
their contributions compared with this work. Discussion of viable so­
lutions through a descriptive authorisation framework, privacy model,
and evaluation procedures are presented in Section 3. Finally, Section 4
presents the conclusions, the paper’s limitations, and possible future
research.
2. Literature review
The issue of data privacy and security in healthcare data sharing is a
significant and concerning topic, particularly in the context of Machine-
to-Machine data transfer protocols. Consequently, numerous reviews,
research studies, and investigations have been conducted to address this
problem and offer effective solutions in the healthcare domain. This
research work tries to mitigate the persistent challenges and ensure the
protection of sensitive healthcare data. In this section, some of the
research papers written to address these issues in diverse domains,
including in healthcare, will be surveyed and analyzed, extracting the
findings made, the limitations experienced, the techniques employed,
evaluation methodologies, and characteristics investigated in their
respective research works.
2.1. Challenges and problems with smart home healthcare schemes and
BCoT adoption
There are various risks associated with introducing BCT to most
domains. The following are the most encountered risks: strategic risk,
information security risk, operational and IT risk, key management risk,
data confidentiality, and security risk. Thus, different sectors should be
prepared to encounter these risks and should implement a higher level of
risk management [40]. However, types of risks in blockchain can be
further categorised into three main risks, namely, standard risk, smart
contract risk, and value transfer risk.
Health record maintenance and sharing are one of the essential tasks
in the healthcare system. In this system, loss of confidentiality leads to a
passive impact on the security of health records whereas loss of integrity
leads can have a serious impact such as loss of a patient’s life. Therefore,
it is of prime importance to secure EHRs. For instance, the health records
are represented by Fast Healthcare Interoperability Resources standards
and managed by Health Level Seven International Healthcare Standards
Organization [40]. Centralized storage of health data is attractive for
cyber-attacks and constant viewing of patient records is challenging.
Therefore, it is necessary to design a system using efficient decentralized
data management technologies that helps to ensure authentication and
also provide integrity to health records.
Delivering health care to people has become revolutionized due to
technological advancement, such as seen in the smart home applications
where individuals live independently, are assisted, or aging in place with
the help of embedded systems and medical devices; these emerging
technologies are not without their challenges [28,41–46]. The incor­
poration of different health sensors, handheld devices (PDAs), and
Internet access to drive them has proven to be of great potential for the
significant improvement of the quality of service and experience in
remote health care. Instances of IoT devices used in physiological
sensing for monitoring vital and behavioural signs are emerging and
constantly gaining popularity. For instance, the growth of the Body
Sensor Networks (BSNs), a network of sensors, wearables, nearables,
and controllers in the smart home environment is attributed to the
proliferation of IoTs. Smart home residents’ or patients’ health infor­
mation constitutes the private data being transmitted over the air using
BSN and stored in database servers. Therefore, in the presence of
adversarial behaviour, the IoTs, as data publishers, and storage facilities
are potential attack surfaces and are all vulnerable to varying degrees of
interception threats. In addition, security attacks on communication
channels, e.g., interception, or malware injection into software appli­
cations running sensing devices could compromise devices, grant un­
authorized access to transparent data on the data publisher-subscriber
9
Blockchain: Research and Applications 5 (2024) 100178
network, and allow indiscriminate collection or infusion of incorrect
data to the data collection process (i.e., data modification or fabrica­
tion). Eventually, this can result in a wrong diagnosis, treatment, or
unethical disclosure of personal data revealing the lifestyle and
well-being of smart home healthcare system users. Therefore, an effi­
cient data protection strategy fosters interoperability along the value
chain of digital healthcare systems to reliably support the continuum of
care in the smart home healthcare ecosystem.
A viable solution is the integration of IoTs data processing with the
secure data storage possible with the use of BCT. However, the slow
adoption of IoT and blockchain integration (BCoT) in managing user
privacy in the digital healthcare domain is due to several reasons which
include strict guidelines on patient privacy rights as regards their con­
sent on personal information sharing, resource constraints on the
deployment of robust transport encryption on IoTs such as wearables,
and limited information on the underlying techniques applicable for
ascertaining privacy, classification of approaches—private or public,
and misconceptions on data management in BCT, making the combi­
nation of BCoT debatable as a solution to data security and privacy
preservation in the smart healthcare sector.
Navigating the trade-off between openness and privacy of user in­
formation represents a significant obstacle to the adoption of permis­
sionless blockchain for medical purposes. Although BCT is not without
its associated challenges, issues categorised in Fig. 9 are investigated by
the active research community on blockchain adaptation, resulting in a
gradual increase in the rate of adoption due to its potential widespread
application domain. For example, there is an ongoing discussion on the
possibility of implementing private permissionless blockchains [47]. It is
argued that deploying a smart contract on a permissionless private
network automatically creates a private (side) chain associated with that
contact.
Moreover, the advantages, expansion, and use of BCT in healthcare
applications have posed significant research challenges that necessitate
further exploration.
Some recent challenges stem from the environment of open data and
transparency observed in blockchain. This contributes to emerging
concerns that resulted in the slow adoption of BCT aside from the
challenges with conventional consensus algorithms that are not energy
efficient or eco-friendly. The benefits of blockchain classification, i.e.,
with variants of permissionless, permissioned, and hybrid, are currently
exploited to implement data security in many sectors including the
healthcare domain. When properly implemented, BCT could be a useful
solution to unauthorized information disclosure in digital healthcare
applications and limitations that adversely affects data confidentiality,
protection, sharing, usability, interoperability, and real-time medical
data updates. The combination of blockchain with artificial intelligence
(AI), machine learning (ML), and federated learning (FL) for protecting
personal data, authenticating IoT device information through transport
encryption of sensitive medical data, secure data storage, etc., is a
confirmation of the efficacy that Blockchain features can complement to
achieve. In essence, an adequate procedure for the implementation of a
lightweight authorisation framework, that is consent-centric and com­
bines CIA (confidentiality, Integrity, and availability) security algo­
rithms with access control mechanisms, that could guarantee ethical
disclosure of private data, is also achievable with BCT. Summaries of
recent related reviews that discussed challenges, opportunities, adop­
tions, and key contributions of BCT are illustrated in Tables 4 and 5.
This paper focuses on how blockchain is explored to achieve the
transparency in data collection processes and monitor the purpose of the
use of collected data to adequately preserve user’s privacy. This involves
integrating and optimizing the architecture of IoT-enabled smart homes
and blockchain specifically for healthcare-related applications, that is,
providing supervisory control of data acquisition, secure data access and
storage, and digital healthcare monitoring systems). This paper dis­
cusses the pros and cons of blockchain-enabled smart home systems for
well-being monitoring and healthcare delivery. The paper also classifies
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Fig. 9. Classification of problems associated with implementing blockchain technology in healthcare applications.

Table 4 Table 5
Challenges and opportunities of blockchain technology in the healthcare sector. Adoption of blockchain technology in the healthcare sector.
Direction of Highlight Reference Direction of Highlight Ref
discussion discussion

Stakeholders On smart healthcare system stakeholder [48–54] Integrity Merger of technologies to achieve data [90–98]
perception perspective. framework immutability and accuracy.
Fit-for-purpose On data management, provenance, and [55–61] Regulatory Openness, transparency, anonymity, [70,92–95,
approach security. framework confidentiality, and security of user’s 99–104]
Trustworthiness On trust, scalability, and governance. [62–64] information.
Privacy and On confidentiality, system transparency, [57,62,64–75] Scalable Transactional throughput, latency, [59,91,93,94,99,
authorisation privacy-preservation, and secure data framework information sharing, traceability, trust, 100,105–112]
management and storage, i.e., of electronic and distributed storage.
health record and electronic medical Privacy Privacy-preservation, access control, [22,80,81,92,94,
record. framework and interoperability. 96,101,107,
Technology On ecosystem interoperability and [68,76–81] 113–121]
integration resource constraints. Access control Fine-grained access control, smart [59,70,71,92,94,
Remote monitoring On applications for observing patients [64,66,67,69, framework contract, decentralized secure identity 102,106,114,
securely. 82] authentication, verification, and 122–127]
Intelligent sharing On transactional data intelligence, data [57,64,67,70, monitoring.
sharing, and mutual authentication. 77,83,84] Service Storage requirement, resource [96,128]
Control techniques On data ownership and access control. [64,73] availability constraints management
Efficient logistics On drug tracking, secure pharmaco- [56,66,69,85, framework
logistic, integrity, and anti-counterfeiting, 86] This work Authorisation framework for ethical
Distributed storage On secure storage of data in a distributed [64,87,88,89] disclosure of private data in smart home
environment. healthcare using permissioned
blockchain as a service

the technologies’ potential applications under this domain and in­

troduces a conceptual authorisation framework built on the synergy of
IoT in smart homes, smart contracts, and blockchain applications to
different domains in healthcare. In addition, a systematic analysis of
previous papers published on blockchain-based interventions in the
health-related domain is provided.
2.2. Related work
Several studies in the field of smart home security have focused
mostly on challenges experienced by vendors, implementers, and users
when adopting the IoT in smart homes, and measures taken to address
them. Emerging research has proposed various stand-alone architectures
and frameworks to secure IoT devices in smart homes while others
proposed a combination of technologies to enhance the security of de­
vices and guarantee data protection; with issues around device,
communication, service, and applications connected to devices identi­
fied as areas where the main security and privacy challenges in smart
connected homes are experienced [8,9]. Moreover, several papers
discuss common security issues of IoT-enabled smart homes such as
privacy, inter-compatibility, authentication, and secure end-to-end
connections in the presence of adversarial behaviour, and argue that
secure end-to-end cryptographic framework could be an elusive
panacea. The privacy framework proposed by the National Institute of
Science and Technology (NIST) states five core functionalities for
achieving data privacy [129] which include data control, communica­
tion, identification, governing data, and data protection. It is further
argued that privacy could be defined as freedom from intrusion and
possession of the ability to control personal data, while security refers to
data protection against unauthorized access to user data [130]. Some
even go as far as relating “Confidentiality” (which is a property of data)
to “Privacy” (which is a property of an individual).
In handling privacy issues, all phases of the data value chain are
considered, including acquisition/collection, analysis, storage, and
usage. Two possible practical solutions are to implement privacy by
design and privacy-enhancing technologies [131]. Techniques often
discussed to ensure privacy, as illustrated in Fig. 10, include

10
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Fig. 10. Security and privacy taxonomy.

Fig. 11. Security threats and information system assets in smart home.

1) Security, encryption, anonymisation, and accountability controls
(data provenance, policy enforcement, granular access control,
accountability, and auditability).
2) Ownership, consent management, transparency, and control (pri­
vacy preferences, consent, sticky policies, and personal data stores).
Furthermore, smart home system assets shown in Fig. 11 require
intrusion detection and prevention against threats to the triad of CIA
with emphasis on network and channel security as well. Mostly,
recommendation techniques involve protecting the OSI seven layers to
strengthen the security, tackle open Internet connection issues, and
reduce the risk of compromising a device on the smart home network
[132], but traditional security measures are computational intensive,
storage intensive, and energy-unfriendly for resource-constrained IoTs
in smart homes.
Therefore, resource-friendly approaches for securing P2P network

11
O. Popoola et al.
Fig. 12. Asymmetric cryptography and Merkle tree of blocks in the blockchain [133].
Fig. 13. Scope of related research work investigated.
entities in the smart home ecosystem are beneficial to this study, and
several related works are available in this regard. Specifically, the
motive for using blockchain as a service is on the premise that the
technology is built by providing asymmetric key encryption, hash
values, and Merkle tree in P2P networks as denoted in Fig. 12.
In essence, the background study as illustrated in Fig. 13 examines
lightweight methodologies and approaches that use cryptography
primitives, access control techniques, artificial intelligence algorithms,
BCT, and references to other DLTs as these are state-of-the-art technol­
ogies utilised in tackling privacy deprivation concerns encountered in
smart homes ecosystem. Furthermore, research agencies such as the
Open Web Application Security Project (OWASP) [134] have identified
privacy, insufficient authentication/authorization, lack of transport
encryption, and poor physical layer security among the top ten vulner­
abilities for IoT. The functional components of IoT reference architec­
ture emphasize [135] identity management, authentication,
authorization, key exchange and management, trust, and reputation,
while major thrust areas in the field of IoT security include authenti­
cation and access control non-repudiation apart from confidentiality,
integrity, and availability. Using cryptographic primitives, all of these
12
Blockchain: Research and Applications 5 (2024) 100178
objectives can be performed. Confidentiality and integrity of the infor­
mation can be achieved by cryptography. But traditional cryptographic
methods require a large allocation of resources limited power supply
and limited battery life.
2.2.1. Ethical analysis and synthesis in IoT security
There have been several attempts to address privacy issues anchored
on ethics, mostly in the smart home context [136] where there are
growing concerns about how collected data are used. This has been
examined from a legislative viewpoint [137,138], as well as from a
technological standpoint. The authors in Refs. [139–142] discussed
privacy as what is ethically defendable in the context of the application.
Specifically, Wirth and Kolain [141] elaborated the architectural blue­
print using legal concepts to propose the data subject’s consent on PII as
a matter of control rather than trust and emphasised the principle of best
practice for privacy by design (Art. 25 GDPR) using blockchain’s hybrid
cryptography to ensure individual data sovereignty and shared trans­
parency. The drawback is that the approach emphasize the non-legal
argument which makes blockchain data anonymous by reference,
thereby making a consensus-centric, smart contract-enabled
O. Popoola et al.
permissioned blockchain implementation a viable solution for securing
private and sensitive data from the threat of data interception.
Government policy on public safety does not fully accommodate
individual data ownership vis-à-vis data security and user privacy.
Existing methodologies on privacy preservation struggle to protect cit­
izens’ data because some legislation support backdoor activities of
government agencies (e.g., NSA) by the name of providing public se­
curity [140]. The Cybersecurity Improvement Act emphasize that IoTs
should be patchable, devoid of known security vulnerabilities, and
updatable, to forestall variants of Dyn’s attack occurrence where ISPs
experience a major Denial-of-Service (DoS) attack by an army of
compromised IoT machines. Likewise, normative ethical considerations
proposed in Ref. [115] focuse on device manufacturers, i.e., Original
Equipment Manufacturers (OEMs), and stakeholders both on micro­
scopic and macroscopic levels but have little or no consideration for end
user’s perception through end-user participation. Normative ethical
consideration is proposed as a means of identifying the true human good
(rightness and wrongness of actions) in software process enhancement
and smart factories. Application of Teleological (consequentialist ethics)
and Deontological ethic principles and theories are applied to serve as
normative guidelines ab initio, with the recommendation of some
defensible ethical obligations in smart factory deployment by stake­
holders/protagonists. To make these comprehensively applicable in
consumer IoT, these exemplary and fundamental ethical considerations
and recommendations will be adopted for privacy by a design approach
in this study. The authors in Refs. [143–145] emphasised the importance
of ethics relating it to the transparency in the use of collected data based
on the e-consent issue by the data owner as the reason for wanting to
employ a DLT such as blockchain which has variants of consensus al­
gorithms that make it applicable in the healthcare domain.
In Ref. [17], ethical considerations are discussed under two factors, i.
e., those concerning privacy, social support, and autonomy; and the
technology aspects of user context, usability, and training. The findings
conclude that the older adult community is more likely to adopt assistive
systems when the technology applied is personalised toward their needs,
protects their dignity and independence, provides user control, and does
not isolate them. Therefore, recommendations are made to researchers
and developers of assistive technologies to assist those ageing-in-place in
the adoption process [146]. Such recommendations bother on the
following
• Provision of interfaces via smart devices to control and configure the
monitoring system with feedback for the user,
• Inclusion of various sensors/devices in designing a smart home so­
lution to make it easier to integrate into daily life,
• Defining policies about data ownership.
2.2.2. Lightweight cryptography (LWC) primitives in IoT and use cases
Traditional cryptography techniques have played essential roles in
ensuring data confidentiality and integrity. Several research efforts have
gone into adapting transport encryption schemes with resource-
constrained IoT devices (wearables) and BSNs (nearables) used in digi­
tal healthcare delivery for the continuum of care. Moreover, asymmetric
key encryption, hash values, and Merkle Tree or a binary hash tree are
foundational and fundamental concepts to most distributed ledger
technologies especially blockchain in a P2P network. In Ref. [134],
lightweight cryptography (LWC) primitives where AES and ECC are
highlighted as ultra-lightweight schemes suitable for
resource-constrained systems. Consequently, blockchain implementa­
tions leverage hybrid cryptography in Refs. [141,147–151] to utilise
lightweight symmetric techniques such as AES and data encryption
standard (DES), with emphasis on ECC as a more efficient LWC asym­
metric approach and a suitable alternative to RSA because it requires a
much smaller key size to provide the same degree of security for privacy
by design, an identity-based stateful encryption scheme, searchable
encryption protocols, and unique data-dependent keys respectively.
13
Blockchain: Research and Applications 5 (2024) 100178
These methodologies achieve individual data sovereignty and shared
transparency, computational efficiency that boosts secure communica­
tion, confidentiality, privacy-preserving encrypted queries, and the
principle of least privilege. Jonsson and Tornkvist [152] revealed that
primitive RSA is too hefty for IoT devices while ECC is lightweight but
susceptible to replay and MITM attacks. Moreover, Pal [106] argued that
the use of LWC could assist in dealing with traditional security, trust,
and privacy issues in BCoT computing architecture for securing digital
healthcare data and infrastructure. In Ref. [153], a privacy-aware
PKI-based system developed for permissioned blockchain propose a
digital certificate publishing scheme that assisted in preserving the
privacy of user identity and provision of legitimate authorization. Dis­
cussion in Ref. [154] focuse on the lack of security and resource effi­
ciency as the two most important hindrances of large-scale application
of any authentication scheme in the IoT network, making it difficult to
find robust schemes appropriate for implementation in IoT networks. A
three-factor ECC-based lightweight remote user authentication scheme
for IoT networks is proposed to provide a legal mutual authentication
between the remote user, sensor node, and gateway. An ECDH-based
secure session key is established between the user and IoT node while
authentication is done before the data collection via the gateway. The
security analysis and formal verification performed using the AVISPA
tool prove the resilience of the scheme against cryptographic attacks and
demonstrate its lightweight compared to previous related schemes.
Arguments surrounding the integrity and confidentiality of medical
information in the IoMT platform, the integration of IoT with medical
systems used in medical applications for real-time diagnosis, remote
patient monitoring, and real-time medicine prescriptions, etc., are of
interest. The scenario is similar to that of a healthcare smart home in
Ref. [155], which propose a framework that encouraged ageing-in-place
for the elderly via a caring network, i.e., remote patient monitoring. The
LWC-based data hiding (LWC-DH) system is proposed in Ref. [156] as a
technique for attaining the security of patients’ medical records to
guarantee information confidentiality in IoMT by combining the LWC
approach with a steganography model that ensures both secrecy and
concealment to secure medical data. ECC is used to encrypt even medical
data, while the odd ones with Feistel block cipher (FBC) cryptography.
Lastly, the encrypted messages are hidden using redundant discrete
wavelet transforms (RDWT) based steganography. The approach per­
forme superior to contemporary schemes in terms of peak
signal-to-noise ratio (PSNR), structural similarity index measure (SSIM),
and mean square error (MSE) with better robustness, imperceptibility
performance and low computation time as compared to traditional
cryptography methods.
However, these aforementioned approaches do little to demonstrate
an authorisation framework used for information disclosure and
inherent control exercised by users that emphasize privacy by design,
but only utilise a private key generator (PKG), which is an appealing
single point of failure, presents issues of insecure key exchange among
multiple entities in the presence of adversarial behaviours and has
restricted application to non-sharable sensitive data respectively as
limiting factors. Furthermore, suggested tactics in Ref. [157] proposed
quality attributes for architecting IoT systems supported by Blockchain
based on functional and non-functional security requirements. In line
with this suggestion, hybrid cryptography was implemented using
RSA-1024, AES-256, etc., for smart contract-enabled asymmetric or
symmetric encryption, in combination with hash and digital signature
algorithms such as SHA-256 and ECDSA-SECP256K1 to ensure data
confidentiality and integrity respectively in Refs. [117,158–168].
2.2.3. Access control-based authorisation schemes in IoT and use cases
Several approaches have been proposed to optimise access control
schemes in smart home environments, which often involve many IoT
devices with varying levels of trustworthiness. One approach that has
been explored is the use of a private local blockchain for access control
of IoT devices in smart homes [159]. While this approach has the
O. Popoola et al.
potential to provide distributed trust and privacy, it introduces latency
due to the overlay tier and may be vulnerable to exploitation of trans­
actions with public keys that are stored off-chain. Another approach
involves repurposing blockchain into a non-trust-based automated ac­
cess control moderator that requires no trusted third party (TTP) and is
associated with an off-chain key-value store, such as a Distributed Hash
Table (DHT), for storing user’s data, including location data [163].
However, this approach also has limitations, including the use of PoW
consensus, which is computationally intensive and time-consuming, and
may not be suitable for resource-constrained smart home environments.
In Ref. [169], a profile-based access control model (PrBAC) is proposed
to minimise the issue of access control in a cloud environment. Before
this implementation, Data Owners (DO) are required to be online always
to supervise and oversee the permission granted to the user who wants to
access data from a cloud server. With PrBAC, the data decryption key
request-response process results in a secret key/password being issued
to the user for the first and only time to gain access rights, making it
unnecessary for the DO to be online always. Other benefits of the scheme
include significantly reduced data access costs, reduced data access
time, and minimised data redundancy. However, there is a huge scope of
work to improve the confidentiality and security of the system. More­
over, the scope of the authorised framework for ethical disclosure of
private data during patients’ remote monitoring in the smart home
healthcare ecosystem precludes the use of a cloud environment for the
storage of sensitive well-being data. Instead, an IPFS that exhibits a
similar ACID property and exhibits a relational off-shore versus on-chain
relationship with blockchain is more beneficial for the
privacy-awareness concerns of this study.
In this context, the present review explores the blockchain archi­
tecture that uses a lightweight consensus mechanism to securely manage
data-sharing processes of resource constraints IoTs used in the smart
home systems [164]. The examined PoA consensus algorithm is bene­
ficial as it would handle transactions amongst the nodes in the smart
home healthcare ecosystem at a higher rate, due to the absence of the
mining process [162]. High scalability is achieved since blocks are
generated in predictable sequence taking into consideration the number
of validators, which are also pre-approved, thus allowing for greater
efficiency and a higher throughput rate. The scenario presents a use case
where the home node proposes a transaction, and some trustworthy
nodes, e.g., the storage or monitoring nodes, are randomly chosen
(based on their reputation) to validate the transaction. The validator has
the right to create blocks and add transactions to them as the BCN builds
up. Since the validation process is simplified, this algorithm only re­
quires a limited number of block validators to maintain the network.
Moreover, the use of inexpensive/high-ended nodes since mining is not
required removes other complexities such as computational
Table 6
Comparison between proof-of-work (PoW), proof-of-stake (PoS), and proof-of-authority (PoA) consensus algorithms.
Evaluation parameter PoW
Security 51% of the computing power is susceptible to
attacking the network
Incentive 12.5 bitcoins and transaction fees of the product
block (gas fee)
Equipment Computationally Intensive (requires computer
power)
Energy consumption High
Validation latency of High latency (about 10 min)
transactions
Identity of the nodes Public, fully decentralized
Scalability Excellent (thousands of nodes), vertical
Performance Low transactions and performance,
(throughput) Limited due to the possibility of forking the
blockchain
Management of nodes Accessible
Frameworks/platforms Bitcoin
Blockchain: Research and Applications 5 (2024) 100178
intensiveness observed in traditional consensus algorithms such as PoW
and PoS. A possible beneficial trade-off with PoA is the sacrifice of some
characteristics of decentralization inherent in blockchain, with gains of
low overhead resulting in high transaction processing speed, high scal­
ability, lower energy spends, and eco-friendliness, as illustrated in
Table 6.
The proposed solution assumes a scenario of adversarial behaviors
within data generation, acquisition, collection, and transmission pro­
cesses in a smart home healthcare ecosystem. It introduces lightweight
transport cryptographic scheme systems for signing, authenticating, and
verifying transactional data among network participants. Adequate al­
gorithms would be designed for both off-chain and on-chain storage
where incremental data and their hash values will be respectively. The
framework offers several advantages, including the ability to achieve
distributed trust and privacy, handle high transaction rates, and reduce
energy consumption and computational requirements. Further research
is needed to explore the feasibility and effectiveness of the proposed
approach in real-world smart home environments.
Attribute-based access control utilise smart contracts for location
sharing [160], and data privacy is achieved. The approach resulted in
much lower computational overhead which met the set objective, except
for query inefficiency (i.e., indirect query of blockchain data), a chal­
lenge introduced by the misappropriation of on-chain/off-chain storage
of transaction data. Permissioned blockchain based on Practical
Byzantine Fault Tolerance (PBFT) consensus algorithm and ECIES/AES
in Ref. [161] provide traceability and privacy protection of access pol­
icy, both blockchain and group signature are integrated to anonymously
authenticate group members alongside the use of Message Authentica­
tion Code (MAC) to efficiently authenticate home gateway. However,
fine-grained access control can not be achieved, and besides, PBFT
employs PoW-like complex computations, where the efficiency degrades
due to the high communication overhead that increases exponentially
with every extra node in the network. Furthermore, blockchain’s smart
contracts use ECDSA for verification and anonymity, but they rarely
provide the identification assurance desired.
Another proposal implement a publisher-subscriber algorithm [117]
for notification to enhance a protocol for data access through smart
contracts among providers and consumers of data in the eHealth realm
because of the sensitivity of medical data. Only the response time
(mining time), i.e., systems response time variation against the rate of
transaction, is explicitly considered as a factor of performance evalua­
tion of this approach among many other elaborate performance evalu­
ation metrics such as packet and energy overhead that could ascertain
the efficacy of such a proposal. Access control-based authorisation
schemes in IoT [170–176] propose use cases in smart homes where
authentication protocols/services are used to grant authorisation, access
PoS PoA
51% of the network’s wealth is More centralization, and risk of attack
susceptible to attack it
Transaction fees of the product block Not applicable
Does not require powerful and Does not require powerful and expensive hardware
expensive hardware
Moderate Low
About 6 s to validate a block Excellent, as it corresponds to network latency
Random according to its wealth Identity is a basic criterion for validator selection, i.
e., identity-as-a-stake.
Excellent (thousands of nodes), vertical Unlimited and considerably scalable, horizontal
Comparatively lower transactions and High transactions and performance.
performance. Excellent, due to tens of thousands of transactions
Limited due to the possibility of the per sec
blockchain fork
Accessible Authorised
Ethereum, Peercoin VeChain, Hyperledger Fabric
14
O. Popoola et al.
tokens, and tickets to build a system that ensures data security and user
privacy. Blockchain is used for authentication, i.e., user authentication
scheme using Blockchain-enabled fog nodes where fog nodes interface to
Ethereum smart contracts to authenticate users to access IoT devices.
Such an authentication system come with an overall system architec­
ture, that is overloaded with the key role of different system partici­
pants, i.e., Admins, End-users, smart contract, Fog nodes, IoT Devices,
and Cloud.
Some other authorisation schemes use soft security mechanisms
through rules and attribute-based access control such as belief and
confidence scores [175] for fine-grained access control to thwart insider
attacks due to device sharing and the existence of complex social and
trust relationships between entities. However, an external attack is more
prominent due to the likely spread of the heterogeneous user entities
that subscribe remotely to request personal transactional data of smart
home subjects. Furthermore, the focus on trust rather than control is
inadequate in the presence of adversarial behaviour, where only the
data owner is judged to be the only entity that is not ‘honest-but-cu­
rious’, that is, the only trusted actor. Some other Auth schemes are
mostly used and are efficient but utilise centralised authorisation
schemes which makes them susceptible to a single point of failure
(SPOF) attacks such as DOS.
2.2.4. AI solution concept for securing IoT edge devices
AI solution concepts are proposed in Refs. [150,177–179] for
enhancing data security and privacy preservation in IoT-enabled eco­
systems, including smart home systems. In securing IoT edge devices,
the AI Cyber Kill Chain model [177] is utilised with modules to detect,
attribute, and identify stages of the attack life cycle. This solution is
capable of handling/dealing with new threats or current versions of
existing ones, including interception threats to data confidentiality.
Despite the 84.7% success rate among peer techniques, the focus is on
the edge layer and the evaluation metric was thematic. Various forms of
interception threat could be detected in the perception (sensing) layer of
smart home devices as demonstrated, but privacy concerns transverse
the entire ecosystem of devices, communication, and services in smart
homes. In Ambient Assisted Living [178], a solution that combine IoT
technologies and machine learning to provide services that are
context-aware and personalised, where anonymisation and data sharing
are examined to develop a privacy-preserving model using machine
learning and differential privacy. The privacy-preserving deep learning
mechanism provide flexible anonymisation and data sharing, with
evaluation methods that use various real and synthetic datasets. The
technique, though exemplary in application, present passive control
over user data privacy. Moreover, the application of differential privacy
relates more to the public sharing of data and the non-interactive zer­
o-knowledge proof concept.
A context-aware data allocation/controller mechanism via fuzzy
logic (AI) is utilised in Ref. [158] to effectively calculate the Rating of
Allocation (RoA) value and extract each IoT data request based on
multiple context parameters, i.e., data, network, and quality used as
threshold measurements, to assist with on-chain versus off-chain allo­
cation decisions, focused in real-world healthcare applications. An
evaluation of the data allocation mechanism suggest network usage,
latency, efficient blockchain storage allocation to on-chain or cloud
databases are improved, and energy consumption is reduced. However,
the approach is best described as a reactive data allocation mechanism
for calculating the RoA value, a dynamic and adaptive controller on how
self-adaptive mechanisms and AI are needed to provide user privacy.
The intelligent BCoT integration proposed in Ref. [27] present a layered
conceptual framework for smart applications to provide data reliability,
privacy, and scalability by introducing an intermediary layer in the IoT
ecosystem. The continuous stream of data generation, acquisition,
manipulation, distribution, processing, and encryption among IoT de­
vices is secured using a hybrid or private BCN. The whole trusted data
exchange and efficient storage involve the secure processing of all
15
Blockchain: Research and Applications 5 (2024) 100178
transactions with the introduction of a validator node in a P2P network.
Consequently, emerging studies in digital healthcare delivery have
investigated the concept that combines blockchain, AI, and machine
learning techniques [123,180–183]. Smartly secured data
privacy-preserving health monitoring in children [180] utilise block­
chain to provide data security and avoided non-repudiation services,
while different ML algorithms are used to obtain the acceptable output
with accuracy and performance measures; propose a secure healthcare
system using ML-based scalable blockchain framework [181], examine
blockchain-AI implementation to securely store digital health records, e.
g., EHR (Electronic Health Records) and EMR (Electronic Medical Re­
cords) in eHealth systems [69,182], maintain the source record to pro­
tect and preserve the identity of patients, uncover different ways of
sharing a decentralized view of health information to improve medical
accuracy and health, and prevent health disorders [184]. Evolving
IoT-AI technologies in Refs. [123,183] examine the potentialities of
privacy-aware smart healthcare informatics. Blockchain-based FL in
Refs. [185,186] allow for smarter simulations, lower latency, and lower
power consumption while maintaining privacy at the same time to build
a more reliable and robust IoMT model. Precision Healthcare (PHC)
ineffectiveness due to challenges regarding low opt-in rates for patients
is addressed with a blockchain-enabled PHC ecosystem.
To fend against the resurgent threats posed by attackers, cyber-
security professionals in Ref. [187] exploit AI methodologies that
made use of the Ant Colony Optimization Convolutional Neural Network
(ACO-CNN) mechanism. With the CNN algorithm, invaders and normal
qualities are detected more successfully. More exact features are pro­
vided while subjecting chosen qualities to a training and testing
approach, and performance metrics such as specificity, false alarm rate,
recall, and accuracy are used for evaluation. With the developed
framework, cyberattacks are detected more accurately by
better-identifying intrusions and tracking attacker behaviour in the
healthcare sector with more excellent performance. However, despite
the numerous assault detection technologies and approaches, network
infiltration is still unavoidable. Thus, a combination of advanced opti­
mization with classification algorithms and future iterations of this
approach is required to successfully detect more threats.
2.2.5. Blockchain as a service for IoT security and use cases
IoT represents one of the latest significant developments in the
evolution of the internet. While it is not the final evolution, it is a major
step in the ongoing transformation of the Internet. IoT represents the
next phase in this evolution. It involves connecting physical objects,
devices, and sensors to the Internet, allowing them to collect and ex­
change data. This connectivity enables real-time monitoring, automa­
tion, and the integration of the digital and physical worlds. IoT has
found applications in various domains, including smart homes, health­
care, manufacturing, agriculture, and transportation. While IoT is a
significant advancement, it is not the endpoint in the evolution of the
Internet. Technologies such as 5G, edge computing, artificial intelli­
gence, and blockchain are also contributing to the ongoing evolution of
the Internet. These technologies are likely to further enhance the ca­
pabilities and reach of the Internet, enabling new forms of connectivity,
automation, and data processing. In essence, IoT is a significant step in
the evolution of the Internet, but it is not the final evolution. The
Internet continues to evolve with the integration of new technologies
and innovations that expand its capabilities and potential.
IoT finds extensive applicability in numerous areas of healthcare. It
helps patients get better treatment and medical facilities to function
more competently. IoT in healthcare also enables machine-to-machine
communication, information exchange, and interoperability which
makes the delivery of healthcare effective. IoT can collect, report, and
analyze the data in real-time, thus removing the need to store the raw
data. Applications in real-time monitoring via connected devices can
save lives in emergencies like heart failure, diabetes, asthma attacks, etc.
Other instances include, smart continuous glucose monitoring (CGM)
O. Popoola et al.
and insulin pens, which are devices that help to continuously monitor
blood sugar levels for several days, by taking many readings. Smart­
watches are used to monitor depression, and lots of people take treat­
ment for depression every year. These watches detect depression levels
and suggest what needs to be done for depression. This application as­
sesses and monitors a patient’s depression level and stores data in a
cloud which enables psychologists to understand the patient’s problem
by monitoring from a distant place. Health data are one of the most
valuable data and are highly sensitive. Therefore, patients’ data are
classified as personal or private data and are to be securely collected,
stored, and accessed only by authorised personnel. Also, the issue of
ethical disclosure comes in when the data owner’s consent is sorted,
programmed into the collection process, and managed through fine-
grained access control by all information stakeholders to prevent
indiscriminate use of patients’ private data.
Blockchain has catalysed the transformational change in Industry
4.0, providing unparalleled security, authentication, asset traceability,
access control through smart contract exchange, and ease of information
exchange [188,189]. Originally developed for cryptocurrency trans­
actions, its usefulness has expanded through platforms such as Ether­
eum, which supports smart contracts and introduces a wide range of
usability for private permissioned blockchain. These contracts consist of
autonomous scripts that run on the blockchain, eliminating third-party
intermediaries and reducing human-induced errors [190]. Such im­
provements ensure that communications are secure and transparent.
Furthermore, the existence of multiple blockchain systems facilitates the
integration of these smart contracts, moving Industry 4.0 into a new era
of efficiency and trust [191,192]. Blockchain integration in Industry 4.0
is a game changer, revolutionising the centralised nature of various
ecosystems by providing innovative infrastructure for developing robust
distributed IoT-based applications including smart ecosystems in
healthcare [193], finance, supply chains, cities, manufacturing, gover­
nance, agriculture, transportation, grids [194], education, e-commerce,
etc. The evolutionary adoption of blockchain applications in these sec­
tors and their respective maturity trajectories from 2008 to 2023 are
depicted in Figs. 14 and 15. Two of these sectors are also discussed.
VeChain in Ref. [195] is an instance of blockchain usability in In­
dustry 4.0., e.g., in the smart supply chains, manufacturing, and trans­
portation. It introduces a value-seeking process for enterprise solutions,
Fig. 14. Evolutionary adoption of blockchain application in different sectors.
16
Blockchain: Research and Applications 5 (2024) 100178
i.e., a value chain that begins with provenance through ownership and
authorisation to value exchange. Use cases of VeChain Toolchain inte­
gration are as follows.
1) Provenance for food & beverage supply chain, e.g., Walmart China
Blockchain Traceability Platform (2019).
2) Anti-counterfeiting and digitization for high-value products, e.g.,
LVMH portfolio Luxury Maison (2016).
3) Digital vehicle passport: Stored and secured critical data on the
VeChain blockchain across the entire lifecycle of the automobile.
Examples include:
i) VerifyCar. BMW Group and VeChain’s collaborative mission to
counter odometer fraud in the secondary market. Use-case
extendable to track the entire health of individual cars by
involving manufacturers, authorized repair shops, insurance
companies, and financial institutions to upload, share, and verify
data.
ii) BYD. As a leader in electric vehicle production, BYD adopt the
VeChain automobile lifecycle management solution which in­
tegrates mileage, electricity, and gas consumption data with the
VeChainThor blockchain. Such information is used to compute
the carbon emission reduction and reward the driver with carbon
credits. To this effect, vehicle operators with carbon credits based
on their vehicles’ driving performance and carbon reduction are
rewarded through the digital low-carbon emission ecosystem
scheme. Hence, a solution with tools that introduce a blockchain-
based ecosystem targeted at reducing the global carbon footprint
are needed. This is a usecase against climate destruction, where
the footprint captured is recorded on the VeChainThor block­
chain and made available to clients interested in participating in
the initiative.
The white paper report in Ref. [196] demonstrate that the light­
weight of PoA consensus protocols in a private permissioned blockchain
are adaptable and suitable for the present study. It illustrates the value
chain of provenance, ownership, and authorisation. Value exchange
could mitigate issues of unauthorized identification (Sybil attack) as a
threat to confidentiality in the smart home authorisation scheme.
PoA-based blockchain is not a censorship-resistant solution as observed
O. Popoola et al.
Fig. 15. Maturity of blockchain technology across various sectors from 2008 to 2023.
in PoW-based Blockchain implementation where mining assists in vali­
dating transactions in a decentralized manner and is important for the
integrity of a permissionless blockchain where users are anonymous.
Similarly, in Hyperledger, a permissioned blockchain, nodes known to
be trustworthy are assigned mining rights, and this is a beneficial
concept to this study. PoA consensus mechanism is an ideal choice
because of its high transaction rate to secure processes and use less
energy. The privacy benefit of a permissioned distributed ledger is
useable and applicable to the PoA consensus algorithm.
Blockchain is emerging as a beacon of hope in the realm of smart
healthcare, addressing age-old challenges of secure medical record
storage and privacy protection. With the need to always protect sensitive
patient data, blockchain provides an immutable, localized platform to
ensure data integrity [197]. Moreover, its identity and management
mean that only authorized personnel can access specific medical re­
cords, protecting patient privacy. Such improvements not only facilitate
health care but also increase trust between patients and health care
providers [198]. As the healthcare industry grapples with data breaches
and privacy concerns, blockchain’s role in fostering a secure and
patient-centric ecosystem is increasingly important. A use case is seen
with ICON, which was used to implement the largest healthcare block­
chain consortium in Korea, that is, Precision Medical Hospital Infor­
mation System (P–HIS), which is joined by major domestic hospitals,
with loopchain providing the underlying BCT [199]. The goal of this is
to build a permissioned network to share precision medical data
Fig. 16. Blockchain adoption journey [202].
17
Blockchain: Research and Applications 5 (2024) 100178
securely, with a target to broaden the scope of medical data distribution
globally through global networks, including OHDSI (Observational
Health Data Sciences and Informatics). This consortium aims to build a
safe and transparent distribution system of medical information based
on blockchain, ensure interoperability between different hospital sys­
tems, manage access rights to data and records reliably, and promote the
introduction of cryptocurrencies to the ecosystem. Other use cases of
ICON include the capital market, insurance, university [200], and
ICONLOOP, an expert in blockchain services in Korea in partnership
with AWS [201]. Moreover, as shown in Fig. 16, the blockchain adop­
tion journey is increasingly progressing to a reasonable level of maturity
as new frontiers are been broken by researchers in this domain to tackle
unresolved challenges including interoperability, survivability, man­
ageability, and energy efficiency.
Tactics suggested in Ref. [157] propose quality attributes for archi­
tecting IoT systems supported by blockchain-based on functional and
non-functional security requirements. It reiterate architectural decisions
to consider in IoT systems supported by blockchain such as distribution
of computation and storage (e.g., on-chain or off-chain) and blockchain
configuration (types of blockchain, data structure, and consensus pro­
tocol). It also identified gaps such as lack of focus on the following:
architectural support for some quality attributes, integration of block­
chain and IoT, etc., and threat types to validity, e.g., external, internal,
construct, and conclusion validity. Although no experimental testbed
was used to shed light and evaluate the identified architectural tactics in
O. Popoola et al.
terms of their most important trade-offs and dependencies, the princi­
ples enumerated will be of immense benefit to the current research in
prototyping blockchain storage for transactional data and smart contract
implementation.
In response to the challenges of security and privacy in IoT, re­
searchers have explored the use of localized (private) BCT as a viable
solution. This approach offers several advantages, including the ability
to safeguard data and transactions, as well as improve IoT security as­
sessments, data integrity, and user privacy [53]. In particular, the PoA
consensus algorithm is suitable for use in permissioned (hybrid) block­
chain mechanisms as well. The application of such a tactically orches­
trated consensus algorithm has been identified as an effective means of
improving privacy preservation when blockchain-based solutions with
low overheads are required in smart home applications [157,195,196].
Unlike other consensus algorithms such as PoW, PoS, and PBFT, PoA
algorithms are lightweight, censorship-resistant solutions with an
inherent value chain of provenance, ownership, and authorization
which further underscores their potential for securing smart home data
transactions. Overall, the use of private BCT and PoA consensus algo­
rithms represent promising solutions to the security and privacy chal­
lenges associated with smart homes and IoT.
HomeChain in Ref. [161] utilise a permissioned blockchain based on
PBFT consensus and Elliptic Curve Integrated Encryption Scheme
(ECIES), an encryption standard based on the asymmetric key encryp­
tion algorithm, to ensure the confidentiality of the transmitted message.
To further provide traceability and privacy protection for the access
policy, both blockchain and group signatures are integrated to anony­
mously authenticate group members alongside the use of a message
authentication code (MAC) to efficiently authenticate the home
gateway. The scheme chains all request records from group members,
including revocation requests from the group manager to the BC,
thereby applying Blockchain immutability and group signature trace­
ability to make records tamper-proof as a measure of reliable behaviour
auditing. Moreover, privacy protection of access policy is possible
Fig. 17. Instance of Framework for blockchain and IoT Integration [204].
18
Blockchain: Research and Applications 5 (2024) 100178
without the use of an access control policy table but through a revoca­
tion list to revoke the rights of malicious users. The technique imple­
mented in HomeChain regarding privacy preservation is similar in scope
but was performed using the PBFT Consensus Algorithm, which employs
PoW-like complex computations, with a model that works efficiently
only when the number of nodes in the distributed network is small due
to the high communication overhead that increases exponentially with
every extra node in the network and is susceptible to Sybil attacks and
does not scale well because of its communication overhead (i.e., with all
the other nodes at every step).
The current study suggests a PoA consensus algorithm and ECC
asymmetric encryption processes, which are more lightweight and
handle data ownership of sensitive and private data more securely.
Furthermore, the PoA consensus family, i.e., based on identity-as-a-
stake, provides high performance and fault tolerance [29] more than
PBFT.
Patient-centric access control in Ref. [71] utilise a combination of a
private key, public key, and blockchain for remote patient monitoring,
although with the downside of high computational and energy costs.
Rana et al. [203] discussed the vital fusion of BC-IoMT as two emerging
technologies integrated into a decentralized access control system with
offers of privacy and security for the medical data of patients. Satamraju
[204] proposed a novel scalable framework shown in Fig. 17, that
integrate IoT network with permissioned (Ethereum-based) blockchain
in healthcare to address potential privacy and security threats for data
integrity. Smart contracts handle device authentication, authorization,
access control, and data management; off-chain data storage increases
the overall scalability and privacy concerns of the model.
A risk analysis of the threats of blockchain [205] investigate the role
of blockchain in safeguarding health data, identifying related risks of
BCT implementation in the eHealth sector through an empirical study
borne out of an extensive literature review, several authors’ arguments,
and examine discoveries. Through semi-structured qualitative in­
terviews, the emerging concept of enhancing the Health Information
O. Popoola et al.
Systems for storage and access control of health data for the continuum
of care along the patient path, is observed through the application of
BCT for EHRs, where existing centralization of stored health data, which
represents a single point of failure and trust is adequately replaced with
a secure decentralized approach build on consensus mechanisms and
immutable chains of blocks for validating and securing data trans­
actions. In line with seeking user opinion and perspective to enhance the
concept of data security and privacy by design, which is suggested in
Ref. [142], eleven risks or threats to the data integrity on blockchain
systems identified by interviewees include amongst others poorly writ­
ten smart contract code and misuse of the private key. The analysis
reveal that only a permission blockchain (private or consortium) seems
appropriate for EMR/EHR implementation, Implementation recom­
mendations suggest that the storage and sharing of data can be handled
using off-chain storage such as IPFS, web3 storage, DHTs, etc., to add an
extra layer of data integrity, while fine-grained access control is
achievable through the implementation of multiple smart contracts to
fulfil the EHR requirements. Thus, blockchain allows us to keep track of
each patient’s medical treatment, distribute data to relevant and
authorized parties, and store the audit log. In addition, the study
revealed that most threats arise from incorrect or incomplete data
leading to insufficient data integrity. However, the disadvantages of
high computational power requirements and scalability constraints are
considerable threat factors in implementing traditional blockchain
implementation in eHealth. Moreover, contrary to the limited view of
the six interviews, a higher number of highly qualified participants
would increase the number of identified threats and inaccuracy of some
users’ perceptions due to the language barrier.
The application of blockchain in healthcare (BoHT) in Refs. [58,64,
70–72,95,109,110,206,207] reveal the dynamics of security and privacy
frameworks possible with the integration of smart contracts, machine
learning, signature algorithms, and consortium blockchain architecture
to protect the process for the collection, tracking, and storage of medical
records pertaining to smart home healthcare systems. A summary of
related works where the blockchain-IoT framework has proposed pri­
vacy enhancement in healthcare record management using several
emerging technologies is presented in Table 7. These innovations rely on
the use of blockchain and/or smart contracts as an integral building
block for achieving various security objectives. The IoT, on the other
hand, has brought about dynamic growth in the digitization of health­
care systems, which has enabled remote well-being monitoring and data
collection procedures. Moreover, the IoT research space is increasingly
attracting research interest and proposes the integration of various
lightweight security techniques that could maintain the confidentiality
and integrity of patients’ personal and sensitive data from unauthorized
tampering. Blockchain, digital signatures, smart contracts, multi-factor
user authentication, etc., are emerging technologies being researched
to secure IoT platforms and by extension smart homes equipped with
sensors to render digital healthcare services. Table 8 is a comparison of
related work and recent contributions to security objectives of
privacy-preserving schemes within the IoT application domain.
2.2.5.1. Blockchain and the Battle against climate destruction. In
achieving net zero emissions by 2050, energy-efficient solutions are
being offered by BCT researchers. An open issue that has continuously
hampered the adoption of BCT is energy inefficiency. A concerted effort
is ongoing to achieve an acceptable trade-off between performance and
energy use, thereby making a blockchain that depends on mining to
reach consensus (e.g., PoW) unsuitable for adoption considerations in
any sector. Blockchain, after almost 15 years of growth and develop­
ment, has emerged as another disruptive technology that has further
increased the energy spending experienced with the advent of the 4th
industrial revolution (Industry 4.0), driven by corresponding advance­
ments in the IT sector. In tandem with stages of industrial and digital
transformation over the years, the Internet (web) has evolved
19
Blockchain: Research and Applications 5 (2024) 100178
significantly (from the 1980s to the 2020s) to what it is today, having
gone through about five stages of technological integration (Fig. 18).
Considering the challenges of data integration, blockchain integration
has contributed significantly to architecture and philosophies that shape
the design of web products, providing various degrees of data security
and management solutions to several emerging data-driven economies
globally at a cost–energy spend. Consequently, data centre network
energy spending is on the increase, accounting for 40% [1], excluding
other hardware infrastructure, in an industry that has just about the
highest energy consumption rate at par with the aviation sector, if it has
not been surpassed [227,228]. In a similar fashion to the VeChain
implementation in the automobile industry, Namasudra and Sharma
[229] deployed an architecture that utilised the Ethereum blockchain
platform using a smart contract for business process improvement in the
transportation sector thereby decreasing traffic congestion, reducing
travel costs, and limiting energy consumption. They proposed a decen­
tralized and secure cab-sharing system that provides ride-sharing ser­
vices eliminating TTP and, by this means, ensures the privacy of the
driver’s or rider’s information, e.g., personal details, travel price, transit
details, etc. The goal of the system is to secure user credentials through
an algorithm that ensures verifiability, confidentiality, and unidir­
ectionality features; and prevents collusion attacks; deploys a reputation
score system with effective logistic matching performance to manage
admin-user relationships; and reduces computational and communica­
tion overhead to ensure efficient system performance. Though the au­
thors recommend the proposed encryption algorithm for
implementation in domains such as IoT, big data, and healthcare, the
design framework lacks an adequate authentication mechanism to
complement the verifiability process in the proposed cab-sharing sys­
tem. Moreover, the admin is a prominent attack surface, posing a SPOF
threat. It is worth mentioning that though this study system is aimed at
decreasing traffic congestion vis-à-vis reducing carbon emissions,
lowering the carbon footprint in the blockchain industry is still a grave
concern. Having recognized these concerns, there have been efforts
within the industry to address the environmental impact. The ongoing
transition to alternative consensus mechanisms, like PoA or delegated
proof of stake (DPoS), which are less energy-intensive, is beginning to
catch the attention of prospective users.
The latest evolution of the Internet is the IoT and thereafter Internet
of Everything (IoE). IoTs have been adopted in many sectors for data
acquisition, data analytics, supervisory access control, automation, ro­
botics (IIoT), etc. BCoT are paradigms that have fostered blockchain
implementation in applications such as smart homes, smart healthcare,
smart irrigation, smart traffic, autonomous vehicles, etc. All ranges of
IoT devices (low, middle, or high-ended) are regarded as resource-
constrained [230] in terms of energy, storage, and processing capa­
bility, and as such their integration requires a whole new thinking on
energy management. However, these vastly distributed connected de­
vices can cumulatively consume a great deal of energy. Having the right
balance of performance versus energy consumption when implementing
data security algorithms is essential. Resource-constrained IoT is sus­
pectable to attacks due to the lightweightness of encryption schemes
they can accommodate, as opposed to the traditional cryptographic
methods, which employ high-ended and expensive hardware to achieve.
This concept of robust hardware architecture made the traditional
blockchain performance savvy bit energy inefficient for measuring cu­
mulative energy spent in decentralized finance applications; a reputable
source of studies and reports that specifically measure and analyze
Bitcoin and Ethereum’s energy consumption is the Cambridge Bitcoin
Electricity Consumption Index [231]. Table 9 illustrates the historical
Bitcoin and Ethereum network daily and annualised electricity con­
sumption obtained from the Cambridge BCN sustainability index.
The transformative potential of BCT promises more than just finan­
cial advancements; it holds the key to addressing some of the world’s
most pressing challenges, such as climate change [232]. However, the
significant energy consumption of blockchains, especially those using
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Table 7
Comparison of related works that are blockchain-based.
Ref. Architecture Application Adversarial model SS STT EE FT TAI CPA AAAC VIITU TP Limitations
domain

[113] Permissioned - Electronic health ✓ ✓ ✓ P AA VI No specific threat model

Hyperledger Fabrics record addressed
smart contracts
[22] ANCILE framework Electronic health P AAC VII Computationally
and advanced record intensive, arduous
cryptography - verification
ethereum smart
contracts
[208] Permissioned - Electronic health ✓ ✓ CP A P Computational
Ethereum smart record complexities.
contracts
[209] Permissionless - MIT’s Medical health ✓ ✓ P AC ✓ The consensus
publication on public record algorithm used is not
blockchain known
[210] Blockchain-IoT Medical health ✓ CP AA VIU Transacting nodes are
federated learning - record not uniquely identified.
smart contracts-based
[130] IoT, cloud/fog, Secure embedded External attack ✓ CP ✓ II P4 lacks performance,
machine learning, living and P4Runtime is
blockchain vulnerable to MIIT
attacks and channel
flooding.
[211] Malware recovery ✓ ✓ ✓ CP AA II ✓ Data verification is
(MalRec) backup slow, the process could
policies enforcement compromise the data’s
framework - privacy
Hyperledger Fabric,
smart contract
[212] Private blockchain Private x ✓ ✓ Considered three
Benchmarking blockchain consensus algorithms
framework analytics for workload
BLOCKBENCH - performance evaluation
blockchain evaluation with little emphasis on
framework privacy-related security
requirements
[117] Private - Ethereum Smart home Interception ✓ ✓ CP AAC TU P PoC, and consensus
publisher-subscriber sensitive data algorithm not specified
Smart Contracts (eHealth realm)
[213] Consortium, group Electronic ✓ CP Deficient in handling
signature, and medical record the ownership of
asymmetric and medical big private and sensitive
encryption. - PBFT & bata data
Hyperledger Fabric
[161] Group signature, and Authentication Impersonation, ✓ ✓ ✓ A PoC, deficient in fine-
message system for smart DDOS, grained access control
authentication code - home Modification,
smart contract, PBFT Replay, MIIT
Attack
[214] Permissionless, Merkel Decentralized x ✓ ✓ P ITU ✓ Unable to ensure
tree structure – smart healthcare efficient storage and
Ethereum, smart system (DSHS) integrity
contracts
[6] Permissionless, IoHT Realm Myriad of Attacks, x ✓ PA I Inaccessibility of data
certificateless (ECC) e.g., due to inefficient data
Impersonation, storage techniques.
Sybil, Replay
attacks
[215] Smart home-based IoT- Smart home ✓ S ✓ I P AAC Evaluation of latency
blockchain (SHIB) - environment awareness and energy
smart contract, spending not taken into
Ethereum consideration
[216] Permissionless (ELIB) - IoT-enabled smart ✓ ✓ x P A II Inefficient energy
certificateless home consumption
cryptography (CC), environment
distributed throughput
management (DTM)
scheme
[217] Lightweight scalable Smart home Resilient to 8 ✓ ✓ ✓ ✓ ✓ ✓ A ✓ P Performance
(LSB) - distributed setting relevant cyber understanding based on
time-based consensus attacks PoC
algorithm (DTC)
[218] Differential privacy- Smart home Side channel, ✓ ✓ ✓ P ✓ I P Loss of data and
based (DP-SGD), system Modification, inaccuracy
(continued on next page)

20
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Table 7 (continued )
Ref. Architecture Application Adversarial model SS STT EE FT TAI CPA AAAC VIITU TP Limitations
domain

attribute-based access DoS, data mining,

control, edge linking attacks
computing. - private
Ethereum smart
contracts, machine
learning algorithm,
[219] Permissioned, PoA- Healthcare DDoS, ✓ ✓ ✓ ✓ VI Lacks data filtering
based IoT, IPFS - smart system - disease Impersonation, mechanism and real-
contracts Ethereum management Message forgery, time data analysis
MIIT interface.
[116] Consortium - privacy- Analysis Adversary- ✓ PA A3C ✓ ✓ The review
preserving reputation framework for dishonest acknowledged the
systems privacy- participants exclusion of
preserving authorizability
reputation
systems
[220] Blockchain privacy- Abnormal ✓ TT ✓ PA P Smart contract not
preserving reputation behaviour (e.g., implemented
framework (BPRF) - fake reports),
group signature Sybil attack
algorithm, smart
contract
[221] Blockchain privacy- Healthcare Collusion, CP A V It only considered
preserving distributed document phishing, medical certificate and
application (DA) to management masquerade, Sybil mutual authentication
create and maintain via access control not
healthcare certificates achieved
[53] Private (local) - Smart home ✓ ✓ CPA AA Limited access control
decentralized private systems Implementation
blockchain
[143–145] Blockchain - smart Clinical trial Interception ✓ T P AC ITU TP Though aimed at
contract integration in complex data privacy by design,
clinical trial data workflow implemented based on
security encoding PoC using a fake
experimental study
[160] Blockchain-based Secure location- P AC VIIIU Fnode (verifier) must
multi-level location sharing scheme not collude with LD,
secure sharing scheme. query inefficiency of
light location demand
(LD) nodes,
PoW used to test the
robustness of the
scheme is
computationally
intensive.

Note: SS: secure storage; STT: scalability and transaction throughput; EE: energy efficiency; FT: fault tolerance; TAI: traceability/auditability/irrevocability; CPA:
confidentiality/privacy/anonymity; AAAC: authentication/authorisation/access control; VIITU: verifiability/integrity/immutability/tamper-resistance/
unforgeability; TP: transparency/provability; √: property satisfied; x: property not satisfied; Alphabet: indicating the security feature; Empty cell: property not
specified or not applicable.

the PoW consensus like Bitcoin, has been a cause for environmental
concern [233]. Current estimations suggest that Bitcoin’s energy con­
sumption rivals that of some countries [234], leading to concerns about
its sustainability amidst the global push for reduced carbon emissions.
This has sparked ongoing research and debates among experts, advo­
cates, and developers on transitioning from PoW-based blockchains to
more energy-efficient consensus algorithms, such as PoA [235,236] or
even considering alternative Distributed Ledger Technologies (DLTs)
like Holochain [237,238]. PoA-based authority master nodes in
Ref. [239] can reduce energy consumption and enhance data security
whereas a blockchain-based trust mechanism not only reduces energy
issues but also provides high-quality services such as security and data
privacy in IIoT.
In the quest for net-zero emissions, the blockchain sector’s current
energy consumption cannot be ignored. Bitcoin’s PoW consensus algo­
rithm consumes 707 kWh per transaction [240,29] and this is not sus­
tainable and scalable. The broader adoption of DLTs in industries like
healthcare, automotive, and supply chains [241] means that the cu­
mulative energy usage can be substantial. Recognizing this, networks
such as Ethereum are transforming to shift from energy-intensive PoW to
PoS [242], a more energy-friendly consensus mechanism. Such initia­
tives align with global carbon emission reduction targets and the
broader goal of achieving net-zero emissions [243]. These shifts are not
merely technical adjustments but resonate with the global urgency to
combat climate change [244,245]. However, the path to a greener
blockchain is not limited to consensus algorithm modifications.
Comprehensive approaches, integrating renewable energy sources
[246] and promoting energy-efficient blockchain applications, are
essential. For instance, while Bitcoin’s energy consumption is often
highlighted, many are unaware of the significantly lower energy re­
quirements of networks using PoA, like certain configurations of
Hyperledger Fabric [247]. By juxtaposing the energy consumption of
PoW (Bitcoin-like), PoS (Ethereum-like), and PoA (Hyperledger
Fabric-like) systems (Table 10), a clearer picture emerges, emphasizing
the potential of transitioning to more sustainable DLT configurations
[248].
Note as a clear disclaimer: The data used in Table 10 and graph in
Fig. 19 are hypothetical and are meant for illustrative purposes. Actual
energy consumption figures might differ based on numerous factors.
However, the Cambridge Bitcoin Electricity Consumption Index [231]

21
 O. Popoola et al.
Table 8
Comparison of related works that are signature-based systems.
Ref. Architecture Application domain Adversarial model SS STT EE FT TAI CPA AAAC VI- TP Limitations
TUI–
IT

[222] LSITA framework Neural Network – E- Healthcare, IoT Communication Interception ✓ ✓ A IT logistic regression function used was
ECDH sparsely done
[91] Hash-based Message Authentication Healthcare IoT ✓ ✓ C A ✓ P The consensus algorithm & threat
Code (HMAC) DS and blockchain’s evaluation made unknown
smart contracts
[2] Federated learning (FL) and ring- Smart Healthcare Systems PA V Lacks incentive mechanism
signature (FRESH)-certificateless ring
signature schema (ECC)
[141] Blockchain-enabled GDPR-compliant Sandbox for close collaboration Insider/external attack T ✓ AC VT ✓ blueprints for developers’ solution
approach between computer sciences and compliance with the principle of Privacy by
legal studies Design (Art. 25 GDPR).
[154] ECC-based three-factor remote user Smart device, IoT Service Cryptographic attacks S TT CPA A U P Exclusion of the gateway from data
authentication scheme publishing is a security risk, limiting access
22

control
[147] Identity-based and stateful encryption Lightweight Encryption Scheme Chosen plaintext attack (i. TT CP A I P Focused mainly on intruder attacks on
without complex certificate handling LES for Smart home system e., IND-CPA secure) resource-constrained devices
[223] Advanced lightweight privacy- Remote Health Monitoring MITM, DOS, Replay, T ✓ AA I Evaluation of noise consideration in PUF
preserving using PUF-based impersonation attacks unknown as well as storage location of
authentication protocol sensitive information
[175] Context-aware, behavior-based Home IoT Systems Insider threat CP ✓ I multiuser home IoT environment with user-
authorization framework centric anomalous request detection by the
insiders not considered
[224, Keyless signatures Infrastructure Hash-base e-health record ✓ ✓ ✓ CP ✓ VIIU privacy of small data chunks through
40, Blockchain (KSIBC) management federated cloud missing
225]
[226] Enhanced lightweight and secure IoT environment KC, MIIT, Replay, DOS, TT I CP A VI P Testbed limitation versus real-world IoT

Blockchain: Research and Applications 5 (2024) 100178

certificateless authentication scheme Eavesdropping, environment
(ELWSCAS) Impersonation

Note: SS: secure storage; STT: scalability and transaction throughput; EE: energy efficiency; FT: fault tolerance; TAI: traceability/auditability/irrevocability; CPA: confidentiality/privacy/anonymity; AAAC: authenti­
cation/authorisation/access control; VIITU: verifiability/integrity/immutability/tamper-resistance/unforgeability; TP: transparency/provability; √: property satisfied; x: property not satisfied; Alphabet: indicating the
security feature; Empty cell: property not specified or not applicable.
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Fig. 18. Evolutionary trend from data integration to blockchain integration.

PoA, being more energy-efficient, does not attract the same level of
Table 9 scrutiny or detailed tracking. Some individual projects or chains that
Instances of blockchain network power demand [231].
utilise PoA might provide their energy consumption estimates or
Cryptocurrency Energy Theoretical Estimated Theoretical benchmarks, but these would be specific to that particular chain and not
Rating/Time lower bound upper bound
a general measure of PoA’s energy consumption.
Bitcoin network Daily (GW) 8.73 14.18 25.09 Fig. 18 illustrates the energy consumption trends of different
power demand Annualised 76.56 124.27 219.94 consensus mechanisms from 2010 to 2022:
(TWh)
Ethereum Daily(kW) 269.39 830.59 1984.62
network power Annualised 2.36 7.28 17.40 • PoW (Bitcoin-like): As shown in red, the energy consumption for
demand (GWh) PoW mechanisms has seen significant growth, plateauing in recent
years. This reflects the massive energy requirements of networks like
Bitcoin, which rely on PoW.
Table 10 • PoS (Ethereum 2.0-like): The blue line shows the energy consump­
Comparison of energy consumption of different consensus mechanisms. tion for PoS mechanisms, which, while growing, remains signifi­
Consensus mechanism Estimated energy consumption (TWh/
cantly lower than that for PoW. Ethereum’s ongoing transition to PoS
year) is a notable example of this shift towards more energy-efficient
consensus mechanisms.
Proof-of-Work (Bitcoin-like) 120
Proof-of-Stake (Ethereum 2.0-like) 5 • PoA (Hyperledger Fabric-like): The green line represents PoA, which
Proof-of-Authority (Hyperledger Fabric- 0.05 consumes minimal energy compared to PoW and PoS. It has been
like) stable over the years, indicating a consistent, low energy footprint.

This visualization underscores the need for the blockchain industry

presents an actual energy consumption monitoring process that preludes
to steer towards more sustainable consensus mechanisms, especially as
that of PoA. Moreover, Fig. 20 is another realistic visualization produced
DLTs find more extensive applications across various sectors. By
by the UCL Centre for Blockchain on an energy consumption comparison
adopting energy-efficient solutions, the blockchain ecosystem can
chart [249]. PoA is inherently more energy-efficient than PoW, but
contribute significantly to global efforts against climate destruction.
quantifying the exact energy consumption for a PoA-based blockchain is
Metrics used to measure the energy efficiency of blockchain algo­
challenging, and it varies based on the specifics of the implementation,
rithms compare the energy consumption per transaction (ECT)—the
the hardware used by the validators, the network’s overall activity, and
amount of energy required to process one transaction on the blockchain,
other factors. There is no widely recognized and dedicated site similar to
and the energy consumption per second (ECS)—the amount of energy
the CBECI that tracks energy consumption specifically for PoA-based
consumed by the network in 1 s, to evaluate how much energy is wasted
blockchain systems. Most of the discussions around blockchain energy
or conserved by different algorithms. For instance, estimates of the ECT
consumption focus on PoW because of its significant energy demands.

Fig. 19. Illustration of energy consumption trends of different blockchain consensus mechanisms from 2010 to 2022.

23
O. Popoola et al.
Fig. 20. Energy consumption comparison chart [249]. (Courtesy: UCL Centre for Blockchain Technologies).
and ECS of Bitcoin’s algorithm (PoW-based) and that of Ethereum’s al­
gorithm (PoS-based) can be computed from the Bitcoin energy con­
sumption index (BECI) and the Ethereum energy consumption index
(EECI) respectively. Alternatively, online calculators or simple formulas
useable to compute the ECT and ECS of different algorithms include:
• For ECT of Bitcoin’s algorithm: ECT = ECS/TPS
where ECS is in kilowatt-hours (kWh), and TPS is the transactions per
second processed by the network.
• To calculate the ECS of Bitcoin’s algorithm: ECS = H × P/E
where H is the hash rate in tera hashes per second (TH/s), P is the
power consumption per hash in joules (J), and E is the energy efficiency
in joules per kilowatt-hour (J/kWh).
2.2.5.2. Comparison of blockchain with other DLT applications: Hol­
ochain. Recent advancements in DLTs have prompted researchers to
explore novel approaches to ensure data privacy and security in the
healthcare sector. While blockchain remains the most widely recog­
nized, DLT, characterized by its immutability and decentralized
consensus mechanisms, its limitations have become apparent, especially
in contexts demanding high scalability and more granular data sover­
eignty [248]. These concerns have led to the rise of Holochain, an
emerging technology that adopts an agent-centric approach, whereby
each participant maintains their chain, thus allowing for more scalable
and adaptable solutions [250]. Holochain’s design does not necessitate
global consensus, potentially offering enhanced efficiency and reduced
energy consumption compared to traditional blockchain systems [251].
Furthermore, the healthcare sector, characterized by its need for
secure, real-time data sharing and stringent privacy standards, stands to
benefit from the unique features of Holochain. Sensitive patient data,
requiring stringent access controls, may be better managed through
Holochain’s agent-centric model, ensuring that only authorized entities
can access specific datasets [252]. Additionally, Holochain’s modularity
can support various healthcare applications, from patient record man­
agement to real-time monitoring [192]. While blockchain’s merits,
particularly in terms of data integrity and transparency, remain unde­
niable, researchers and practitioners need to consider the potential of
Holochain as an alternative or complementary solution in the quest for
optimizing healthcare data privacy and security [253,254]. The ad­
vantages of Holochain over permissioned blockchain with PoA for smart
home healthcare ecosystem.
24
Blockchain: Research and Applications 5 (2024) 100178
1) Scalability: Holochain is designed to be more scalable than tradi­
tional blockchains. Since it does not require global consensus, there
is no need for every node to process every transaction. This can be
advantageous in a smart home scenario where numerous devices
may make frequent data updates.
2) Energy efficiency: Holochain does not employ energy-intensive
consensus mechanisms like PoW. Although it is compared to PoA,
which is also more energy-efficient than PoW. Homochain’s lack of a
need for consensus at all can be seen as a plus in terms of energy
usage.
3) Data sovereignty: Holochain emphasizes agent-centricity, meaning
each participant (or device) in the network has its chain. This can
ensure that devices in a smart home can have their data histories,
ensuring more granular control over data.
4) Modularity: Holochain allows for the creation of different ‘hApps’ or
Holochain applications, which can be useful for different function­
alities within a smart home system.
5) No cryptocurrency requirement: Unlike many blockchain systems,
Holochain does not inherently require a cryptocurrency to function.
This can be useful in scenarios where token economics might be
complicated or not necessary for the intended application.
In considering Holochain for secure data management in smart
healthcare systems, it is well known that Holochain is gaining attention
as an alternative to blockchain for various applications, including those
related to privacy and security. Here is why it might be worth consid­
ering for a healthcare system.
1) Fine-grained access control: Holochain’s architecture allows for
detailed and specific rules about who can access what data and when.
This can be crucial in healthcare, where specific patient data might
need to be shared with certain professionals but not others.
2) Data redundancy: Holochain’s DHT (Distributed Hash Table) en­
sures that data are redundantly stored across nodes, which can add
resilience to the system. This might be crucial for critical healthcare
data.
3) Interoperability: Holochain’s modular approach can be advanta­
geous for integrating various healthcare systems or platforms.
4) Data authenticity: Since every agent has its chain, it is easier to
verify the source and authenticity of data, which is crucial in
healthcare scenarios.
5) Less centralization: While PoA blockchains can offer efficiency and
scalability, they might also introduce central points of control or
failure. Holochain’s design minimizes centralized control.
However, it is worth mentioning that every technology has its trade-
O. Popoola et al.
offs. Therefore, for specific use cases, a permissioned blockchain with
PoA might offer benefits in terms of established infrastructure, easier
integration with existing systems, or specific security guarantees. When
considering any technology for such a critical application, it is vital to
conduct thorough research, testing, and validation to ensure it meets the
required needs and standards. In developing an authorisation frame­
work, fine-grained access control [117,163] was achieved using a
publisher-subscriber smart contract to ensure privacy, trust, and
decision-making in blockchains. Therefore, implementing a PoA-based
and smart contract as a 2-in-1 approach to ensure consent-based
disclosure of private information could be more beneficial than
relying solely on Holochain for all the privacy-preservation re­
quirements in the smart home healthcare ecosystem. Using a
publisher-subscriber smart contract model atop a blockchain that im­
plements the PoA consensus algorithm can indeed offer fine-grained
access control, and in many cases, this might be an excellent solution.
The advantages (Fig. 21) and potential challenges of such an approach
are as follows.
Advantages:
1) Consent-based disclosure: Smart contracts can be coded to ensure
that access to specific data requires explicit consent from the owner
(publisher) of the data. This provides a clear mechanism for consent-
based disclosure.
2) Transparency and immutability: The use of blockchain ensures
that all interactions (such as granting or revoking access) are
recorded on an immutable ledger. This can be particularly important
for auditability and traceability in healthcare scenarios.
3) Established infrastructure: Many enterprise blockchain solutions
that use PoA already have infrastructure, tooling, and libraries in
place to facilitate the creation and management of smart contracts.
Fig. 21. Proof-of-authority (PoA) characteristic of scalability and high transaction throughput.
25
Blockchain: Research and Applications 5 (2024) 100178
4) Security guarantees: PoA blockchains can offer specific security
guarantees due to their consensus mechanism, and if managed
correctly, they can mitigate the risk of malicious actors.
5) Integration with tokens: If needed, tokenized incentives or pay­
ments can be seamlessly integrated into the publisher-subscriber
model on a blockchain.
Potential challenges:
1) Scalability concerns: While PoA blockchains can handle a higher
transaction throughput than, say, PoW systems, they might still face
scalability issues, especially if the smart home healthcare ecosystem
has numerous devices producing a large volume of data transactions.
2) Centralization risks: PoA systems introduce validators or author­
ities that have the power to validate or deny transactions. This can
introduce central points of control or failure.
3) Complexity: Implementing a publisher-subscriber model with all the
necessary privacy and consent features on a blockchain might be
complex and require rigorous testing to ensure no vulnerabilities.
4) Potential latency: Depending on the implementation and the
number of authorities in the PoA system, there might be latency in
recording and validating transactions, which could be a concern in
time-sensitive healthcare scenarios.
Holochain in comparison:
Holochain’s agent-centric approach inherently provides each agent
(or device) with its chain, making consent-based sharing more intrinsic
to its design. However, it is a newer technology compared to many
blockchain solutions, and its adoption in critical applications like
healthcare would require thorough vetting.
Therefore, the suggestion of using a 2-in-1 approach with a
publisher-subscriber model on a PoA blockchain is certainly valid and
might offer the right balance of transparency, control, and security for a
O. Popoola et al.
smart home healthcare ecosystem. However, the best choice often de­
pends on the specific requirements of the system, including factors like
transaction volume, required response times, and the existing techno­
logical infrastructure. Both blockchain and Holochain have their merits,
and a hybrid approach, or even using them in tandem, might also be
worth exploring.
2.2.5.3. Hybrid approach—blockchain and Holochain. Combining the
strengths of both blockchain and Holochain can yield a robust system,
especially in a domain as critical as healthcare, that is, in the smart home
healthcare ecosystem as regards privacy preservation of healthcare users
and their data security. Here are some methodologies to consider.
1. Layered architecture
• Blockchain layer: This layer can be used for storing critical,
immutable records like patient consent forms, treatment history,
or medication logs. The blockchain’s strength in transparency and
immutability can be leveraged here.
• Holochain layer: This layer can manage more dynamic and
frequent data updates, like real-time health metrics from wear­
ables or smart devices. Holochain’s scalability and agent-centric
approach can ensure real-time data processing without over­
burdening the system.
2. Dual validation
For highly sensitive operations, both systems can be used to cross-
validate transactions.
• A transaction (like granting access to medical records) is first
validated in the Holochain network.
• Once validated, it is recorded in the blockchain for added immu­
tability and traceability.
3. Decentralized identity management:
• Blockchain: Use blockchain to manage decentralized identities
of patients, healthcare providers, and devices. This ensures a
tamper-proof identity system with clear audit trails.
• Holochain: Use Holochain to manage permissions, access con­
trols, and dynamic data sharing based on these identities.
4. Data segregation:
• Blockchain: Store summarized or aggregated data, which can
be useful for research, public health insights, or statistical an­
alyses without revealing individual data.
• Holochain: Store detailed, individual-level data, ensuring only
authorized entities can access specific granular data.
5. Smart contract coordination:
• Blockchain: Implement smart contracts to automate consent-
based data sharing, payments, or other predefined actions in
the healthcare ecosystem.
• Holochain: Validate and execute the outcomes of these smart
contracts in real-time, using its efficient processing capabilities.
6. Backup and redundancy:
• Blockchain: Use as a backup system to periodically store
snapshots of critical data from the Holochain network. This
ensures data longevity and a recovery mechanism.
• Holochain: Handle the real-time, dynamic operations and data
flows of the healthcare ecosystem.
7. Token integration:
26
Blockchain: Research and Applications 5 (2024) 100178
• Blockchain: If there is a need for token-based incentives, pay­
ments, or penalties, this can be managed on the blockchain
layer.
• Holochain: While Holochain does not inherently require a
token system, it can recognize and respond to token-based ac­
tions initiated on the blockchain.
8. Interoperability bridges:
• Develop bridges or middleware that allow smooth data and
transaction flow between the blockchain and Holochain net­
works. This ensures the two systems can effectively commu­
nicate and collaborate.
9. Data encryption and security:
• Blockchain: Implement strong encryption for data stored on-
chain, ensuring only authorized entities can decrypt and ac­
cess it.
• Holochain: Use its agent-centric model to ensure data sover­
eignty and fine-grained access controls, complemented by
encryption for added security.
10. Audit and compliance:
• Blockchain: Regularly record audit logs and compliance checks
to the blockchain, ensuring a tamper-proof history of all system
activities.
• Holochain: Used to manage and execute real-time compliance
checks, automating many aspects of healthcare regulatory
adherence.
In essence, the methodologies revolve around leveraging the
strengths of each system where they shine best and ensuring they
complement each other. Such a hybrid approach requires careful design,
thorough testing, and continuous monitoring to ensure the privacy and
security of healthcare users and their data. Moreover, a private block­
chain scheme (PoA-based) is highly favored for the combination of these
two technologies to drastically reduce likely complexity that could
result, including energy efficiency.
2.2.5.4. Blockchain risks and mitigating techniques. There are various
risks associated with introducing BCT to most organizations. The
following are the most encountered risks: strategic risk, information
security risk, operational and IT risk, business continuity, supplier risk,
key management risk, data confidentiality, and security risk. Thus, or­
ganizations should be prepared to encounter these risks and should
implement a higher level of risk management. The three main domains
of risk are as follows.
Standard risks:
The stage at which the institution aims to adopt BCT, the choice of
the network in which the participants must be, and the constraints in the
products being developed in the existing platform are covered under
strategic risk. As BCT reduces the period of processes involved in the
business, the business continuity plan should ensure minimal response
and recovery time even if it fails. BCT provides security for transacting
data, whereas it does not guarantee any security against a particular
account. An additional concern could be the execution of this new
technology along with legacy systems, along with maintenance and
improvement of parameters such as scalability and accountability.
Smart contract risks:
Business processes, legal, and other financial details are bound to the
blockchain, which depends on the external Oracle base for its operation.
Therefore, any attack on the Oracle base will be a significant issue.
Value transfer risks:
The major property of BCT is that there is no central authority, and
the architecture is decentralized; therefore, the transfer of value can be
done among different peers without any hindrance. These risks need to
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

be efficiently managed to harness the advantages of BCT. Table 11

Differences and relationship among PFS, ZKPs, and smart contract.
2.3. Solution direction Perfect forward secrecy (PFS) Zero-knowledge proofs (ZKPs)

- Refers to protocols where compromise - Allow one party (prover) to prove

Based on the existing literature review and their solutions, it is of a session key does not compromise knowledge of some information to
identified that a dynamic model of privacy that provides a pattern of past or future session keys. For another party (verifier) without
computing data transaction processes as expected by nodes designated instance, it ensures that a session key revealing the actual information, i.e.,
derived from a set of long-term keys beyond the fact that the statement is
for data acquisition (collection), storage, and remote monitoring using
cannot be compromised if one of the true. The ‘zero-knowledge’ aspect
appropriate BCT has not been considered in decision making for ethical long-term keys is compromised in the refers to the fact that the verifier gains
disclosure of private data in the smart home digital healthcare future. Essentially, even if an attacker no knowledge about the aspects of the
ecosystem. This assessment is based on the analysis of various data se­ gains access to the server’s private key, statement, except that it is true.
curity and privacy concerns arising from the need to limit the trans­ they cannot decrypt past
communications.
parency of sensitive data in transit to only authorised parties through a
- Typically uses ephemeral key - Uses cryptographic methods to
model that dictates the actions of data publishers and grants due access exchanges to derive unique keys per essentially “encrypt” the sensitive data
to data subscribers on a need-to-know basis. session. into a proof.
Therefore, the motive of this review paper is to suggest a solution - Protects past encrypted data even if - Can be used to preserve the privacy of
long-term keys are compromised. all data, not just exchanges.
direction where an authorisation framework can be applied to ensure
- Does not hide metadata like who is - Hide metadata as well as data
ethical disclosure of private data in a smart home installed with a digital communicating contents.
healthcare IoT that collects and sends data to the air. The emphasis of - Usage Scenario: commonly used in - Usage Scenario: ZKPs are used in
ethical disclosure is on the transparency of use (purpose) of the collected secure communication protocols various applications, including
private data to guarantee both data confidentiality and user privacy. The (Sadhukhan), including those used for authentication systems and
secure web browsing, emails, and blockchain transactions (Kayvan/
framework is broken down into the following dimensions:
messaging. Jims), to preserve privacy. E.g., Zcash,
a cryptocurrency, uses ZKPs to allow
• Approach for securing private data against threat model. users to verify transactions without
• Architecture of approach. revealing any information about the
amount, the sender, or the recipient.
• Privacy model for decision-making in Blockchain implementation.
Smart contracts as an authorisation protocol
• Performance evaluation of the approach towards privacy - PFS could be implemented by deriving - ZKP is better suited to prove identities
preservation. session keys on-chain from ephemeral and credentials in zero knowledge.
key pairs. - ZKP allows selectively revealing
Ethical usage of data should be factored into privacy and security - PFS protects past communications information like access rights, without
- Smart contracts are one way to achieve exposing entire user profiles or
discussions, more so, when generated data need to be protected because
PFS transactions.
it is IoT’s true value in the scenario of smart home application. Ethical - While smart contracts can enforce - ZKP can hide all sensitive data
concerns about privacy preservation based on the consent of home certain aspects of key management, the - ZKP methods are better suited for fully
residents (i.e., data subjects) are encapsulated in the smart contracts to typical use case for PFS is in the private authorization
implement, as this will grant due permission to the use of the data based transmission of data, which is a - Smart contracts can be written to
function more closely associated with conduct certain types of ZKP,
on the purpose of use. The compliance with the purpose of use, and the communication protocols than with especially on blockchains that support
use pattern will be visible and transparent to all stakeholders through smart contracts. more complex cryptographic
the traceability feature of the utilised blockchain, the consensus algo­ operations. This is particularly
rithm, and the smart contracts deployed. Informed consent and accep­ relevant for privacy-preserving block­
chains or for conducting confidential
tance of the data/information to collect, store, monitor, and share
transactions.
among parties (i.e., data subscriber or consumers) are determined by the - Functionality: Smart contracts are self-executing contracts with the terms directly
publisher-subscriber model of smart contracts, and access to the data written into code and stored on the blockchain. They automatically execute actions
request is granted based on the role of each participating nodes, con­ when predefined conditions are met, without requiring intermediaries.
cerning the data to share, whom to share with, the tenure of sharing, - Suitability: Smart contracts could be used to facilitate or enforce privacy-preserving
mechanisms by stipulating those certain protocols or methods be used within
reasons/when to opt-out or stop sharing and what to remain secret. transactions. However, the smart contract itself is not what provides PFS or ZKPs,
Hence, this brings the concept of privacy and secrecy under one um­ rather it would be the cryptographic methods that the smart contract stipulates or
brella, the umbrella of smart contracts, to support emerging techniques enforces.
for data ownership, sovereignty, and provenance required to promote - In essence, while PFS and ZKPs are cryptographic mechanisms for securing data and
ensuring privacy, smart contracts serve as facilitators or enforcers of predefined
the adoption of blockchain in domains such as healthcare.
rules. Smart contracts can be designed to integrate or interact with PFS and ZKPs by
However, some concepts have suggested the use of perfect forward embedding these conditions into their code, thus leveraging the benefits of these
secrecy (PFS) [154] and zero-knowledge proof (ZKP) [255] in the pri­ cryptographic principles in a decentralized and transparent manner. However, the
vacy preservation of sensitive data and the possibility of using smart implementation of such features requires a deep understanding of cryptography, as
contracts to achieve a similar feat when deployed as an authorisation well as a blockchain platform that supports these complex operations.

protocol. In light of this comparison, PFS and ZKPs are cryptographic

principles used to enhance privacy and security, but they serve different
purposes and operate in different ways. In Table 11 are some key dif­
ferences and their relationships with smart contracts in terms of privacy
preservation and authorization protocols:
The features and functionality of the suggested smart contract and
permissioned blockchain-based architecture depicted in Fig. 22 are
capable of tackling certain challenges in healthcare applications such as
in data confidentiality, sharing, usability, interoperability, and real-time
medical data updates, thereby delivering improved secure data man­
agement and privacy preservation schemes. A similar approach imple­
mented in Ref. [256] utilised Hyperledger Fabric to securely and
scalably manage data acquisition, storage, and monitoring process of
home residents’ sensitive data to preserve their privacy and deliver
efficient permission management among stakeholders for enhancing
collaborative clinical decision support and comprehensive continuum of
care via the smart home system.
The proposed solution addresses concerns in the areas of
• Acquisition of data from residents, monitoring, and intervention at
home using IoT devices.
• Decentralized data management and storage to avoid data manipu­
lation issues, mistrust among network participants, and SPOF.

27
O. Popoola et al.
Fig. 22. Identifiable features of blockchain for improved privacy preservation in a smart home healthcare system.
• Privacy and security aspects of the overall smart home ecosystem
during the cross-continuum of care.
The solution strategies of this paper are summarized as follows:
1) At first, this research introduces a user-centric interoperable
authorisation framework that allows residents to have control over
data management processes in a smart home’s healthcare scenario to
maintain the security, privacy, and integrity of their well-being data.
This framework could utilise Hyperledger fabrics, private Ethereum,
or blockchain implementation using the PoA consensus algorithm as
a decentralized data distribution technique. Moreover, permissioned
distributed ledger solutions can as well utilise Hyperledger composer
and store well-being data in IPFS to achieve scalability in the pro­
posed private BCN. The decentralization feature of this framework
ensures no SPOF, transparency of data usage, and integrity of data
along its value chain of transaction within the participating nodes.
2) The well-being transactions are hashed, encrypted, and stored on the
IPFS off-chain storage, while the location of the storage in the IPFS is
turned into hashes to compose blocks. Such blocks follow and are
linked to each other sequentially in what can be described as a chain
of blocks - blockchain. Moreover, the IPFS is a form of a distributed
hash table (DHT) used to maintain the scalability efficiency, and
integrity of the blockchain. IPFS and blockchain both offer decen­
tralized storage solutions, but they differ in their fundamental
design, purpose, and storage patterns. Below (Table 12) is a
descriptive analysis of the storage management, retrieval, and
transfer distinctions between IPFS (often used for off-chain storage)
and blockchain (on-chain storage).
Therefore, while both blockchain and IPFS offer decentralized so­
lutions, their storage patterns and use cases differ significantly. Block­
chain excels at creating an immutable record of transactions, while IPFS
offers a more scalable solution for storing and retrieving larger datasets
or files.
3) The design emphasizes a user-centric approach with data ownership
and provenance where the data subject (home resident) has complete
access control over their data, and grants access permissions to the
28
Blockchain: Research and Applications 5 (2024) 100178
authorized stakeholders. Access-right to transactional data are based
on smart contracts that encapsulate agreements inculcating deonto­
logical normative ethical regulation to derive an acceptable consent
with proof of acceptance from data subject for data sharing and
monitoring, leading to more resilient systems against data inter­
ception or leakage.
Hence, this study introduces an authorisation framework that ex­
ploits features of blockchain to ensure IoT data access protection vis-
à-vis user’s privacy during the well-being monitoring process where
physiological and environmental data in a smart home are securely
managed.
3. The solution methodology
Providing the requisite solution to challenges faced that could war­
rant adopting emerging technologies such as blockchain, cryptographic,
AI-based, and authorisation schemes in the IoT ecosystem is majorly
influenced by the scenario and the prioritization of security concerns to
alleviate. Managing trade-offs encountered when certain evaluation
metrics are put in place to achieve significant security and privacy
benefits is of utmost importance and is the focus of this paper. Moreover,
the evolution pathway of smart home concepts in Ref. [7] is vast, and to
secure the related technologies and services in this pathway, e.g., in
smart healthcare, this paper presents a “privacy-by-design” procedure to
achieve an authorisation scheme through a framework, and thereby
complement earlier work cited, including several others who have uti­
lised blockchain-based approaches for securing transactional informa­
tion systems.
3.1. System development approach
This proposed tactic suggests an emerging research method that is
applicable and could further interpret existing methods. The solution
approach complements scientific theories, concepts, and models on how
to protect data management processes in smart home systems, identity
the components responsible for collecting, storing, and sharing sensitive
data of residents, and devise means to ensure the confidentiality of data
and user’s privacy is preserved. Hence, data ownership and access
O. Popoola et al.
Table 12
Storage distinctions between IPFS and blockchain.
Criteria Blockchain (on-chain)
Purpose and design - Primarily designed to create an immutable ledger of transactions.
- Ensures data integrity and authenticity through cryptographic means.
- Utilises consensus algorithms to validate and agree upon the state of
data across nodes.
Storage patterns - Data are stored in blocks, linked together cryptographically to form a
chain.
- Every node on the network stores a complete copy of the blockchain,
making it highly redundant.
- Due to redundancy and the need for consensus, on-chain storage is
expensive and slow, making it unsuitable for large files or high vol­
umes of data.
Immutability and - Data stored on the blockchain is immutable; once recorded, it cannot
persistence be altered or deleted
- High durability and persistence due to the distributed and redundant
nature of the network.
Usage in - Blockchain’s expensive on-chain storage costs often lead implementers to store only essential transaction data on-chain.
combination - For larger datasets or files (like images, documents, etc.), a common pattern is to store the data on IPFS and then store the IPFS hash of that data on the
blockchain.
- This provides a balance between the immutability and authenticity guarantees of the blockchain and the more efficient and scalable storage of IPFS.
control scheme are functional requirements. To design a requisite
framework of lightweight key exchange and access control systems, an
agile prototyping approach with iterative processes consisting of pro­
totyping-feedback-improvement modules is considered to reach the
basic goal of providing overall system functionality. Stages include
Planning, Analysis, Design, Deployment, and Implementation with
mnemonic ‘PADDI’. In this design process, end-user participation is
needed to determine the desired level of privacy preservation. The
methodology of this research contains
1) Introduction of suitable lightweight transport encryption among
nodes responsible for data acquisition, storage, and monitoring on
the private blockchain implementing a PoA consensus algorithm.
2) Derivation of a privacy model to design an authorization framework.
3) Design of a publisher-subscriber smart contract for fine-grained ac­
cess control.
3.2. Defining the scenario
To proffer a solution to the unresolved diverse issues of data pro­
tection and user privacy in IoT-enabled homes, a potential case study
scenario of a smart home with a digital healthcare facility installed to
remotely monitor and offer instant/prompt care assistance to occupants
(also referred to as smart home healthcare system) is specified to
adequately identify the needed components and processes. Such a home
is equipped with numerous connected wearables and nearables, i.e.,
activity and environmental sensors to remotely monitor the well-being
of an elderly resident. Wearables such as smartwatches are used to
track all key health metrics [257] and allow continuous collection and
recording of the data streams of physiological parameters, i.e., move­
ment of occupants and relevant environmental variables [258].
In essence, the datasets of interest are typically described as follows.
• Element: The data subject being monitored (on which data are
collected, and stored), a resident or inhabitant smart home; IPFS and
eHealth Expert System.
• Variable: An attribute/characteristic of interest for the element, e.g.,
lifestyle or well-being data.
• Observation: The set of measurements defining collected data for a
particular element, e.g., set of personal activity data (SoPAD) and
Environmental Data (ED) being collected and exchanged between
29
Blockchain: Research and Applications 5 (2024) 100178
IPFS (off-chain)
- A peer-to-peer distributed file system designed to make the web faster, safer, and
more open.
- Focuses on content-addressable storage, where data are retrieved by its hash
rather than its location.
- Does not have a built-in consensus mechanism like blockchain
- Data are broken into blocks, and each block is addressed by its cryptographic
hash.
- Nodes store only the content they’re interested in, plus some indexing
information to help locate data.
- Data retrieval is done using its hash, allowing for faster, peer-to-peer data
fetching, ideal for large files or data sets.
- While the content-addressing ensures that the data has not been tampered with,
there is no inherent guarantee of data persistence. If no node on the network
holds a piece of data, it could be lost.
- Systems like Filecoin aim to incentivise storage on IPFS, thereby providing more
durability guarantees.
authorized parties, i.e., healthcare providers (i.e., doctors, hospitals,
pharmacies, laboratories, health insurance companies, etc.).
IoT devices collect, share data and resources; act and react to envi­
ronmental changes, with or without human intervention. Therefore,
discriminatory disclosure and use of the resident’s information is
possible. Data leakage of their well-being status during the process of
data acquisition, monitoring, or storage should be prevented. Thus, the
solution direction is tailored to resolve the following research questions:
RQ4. How can the monitored resident ensure that their set of per­
sonal sensitive data and data collected from their private environ­
ment sent outside their home is only accessed by authorized parties
(e.g., authorised storage nodes and a stack of carers in the monitoring
nodes) and that sensitive data are not altered for any maliciously by a
third party?
Illegitimate collection of smart home users’ sensitive (health) data
comes under questioning and should be addressed alongside safe­
guarding and securely sharing the home user’s data with healthcare
providers (i.e., doctors, hospitals, pharmacies, laboratories, health in­
surance companies, etc.).
RQ5. How can the transparency of the use of the data collection be
ascertainable, and made beneficial to the data owner in terms of
service delivery, i.e., care offered and received?
The purpose of collection of the monitored data should be justified
through a transparent process that reveals the use of the data including
the processing techniques, disclosure terms, who the data subscribers
are and their usage pattern, and the benefit of sharing such sensitive
information with the data owner.
The direction to follow in proffering a solution to this problem is to
protect the data acquisition process, and the location where the
collected data are stored, provide shared transparency of data processes
and define entities with an acceptable authorisation that can subscribe
to and use the data through a contractual agreement, i.e., smart
contracts.
3.3. Framework description
To handle issues relating to deprivation of privacy, all stages of the
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Table 13
Inter-related dimensions of the proposed authorisation framework.
Security feature Technique Benefit

The architecture of the approach
Approach for scalable data storage
and fine-grained access control
Approach for performance and
threat evaluation
- Node Composition: Publisher, Subscriber and
Client Nodes
- Lightweight hybrid encryption scheme between
nodes. ECES mode of ESDSA/ECDH and AES-
EAX
- PoA-based blockchain data distribution
technique
- Permissioned blockchain technology (On-chain
DB Storage)
- Inter Planetary File System (Off-chain DB
Storage)
- Smart Contracts
Performance - Evaluation Metrics (latency, time,
and energy)
Resilience Testing – Shellcode injection
Privacy Assessment - LINDDUN and STRIDE
- Logical connection of nodes based on role, i.e., the home gateway is the data
publisher, while the IPFS and monitoring node are data subscribers.
- Efficient transport encryption of sensitive data transaction data between publisher
and subscriber nodes using secure hashing, and digital signature for data
authentication and verification.
- Pre-authentication of nodes, selection of validating nodes based on trustworthiness.
E.g., for the encrypted sensitive data stored on the blockchain, access to the
decryption key can be limited to the authorised nodes only based on the
implemented privacy model.
- Each block contains a cryptographic hash of the previous block, a timestamp, and
transaction data.
- Makes blockchain suitable for the recording of events, medical records, and other
records management activities, such as identity management, transaction
processing, documenting provenance, etc.
- Content-addressed storage model, which means the content itself is addressed by the
hash of the file, making the network more efficient, secure, and decentralized.
- Each file and all the blocks within it are given a unique fingerprint called a
cryptographic hash.
- Controlled disclosure of sensitive data based on e-consent authorisation, on top of
the blockchain to govern who has access to the data stored on IPFS.
- To determine the overheads that could delay the response time to secure data in
transit.
- To determine the performance to detect and respond to interception threat.
- To utilise LINDDUN’s six steps which provide a systematic approach to privacy
assessment.
- Evaluate resilience to know threats using the STRIDE mnemonic

data value chain are considered, including acquisition/collection, stor­
age, processing, and use. In addition, two possible practical solutions,
namely: privacy by design, and privacy-enhancing technologies [131]
are investigated. The former is a concept that takes place before the
development of a product or service and signifies the integration of
privacy protection into both technology (devices, networking platforms,
etc.) and regulatory policies (privacy impact assessments); while the
latter permits embedding of enhanced privacy technologies to avoid
personal data compromise and rebuild trust among users and service
providers. To this effect, a dynamic model of privacy that provides a
pattern of computing data transaction process as expected by nodes
designated for data acquisition (collection), storage, and remote moni­
toring using permissioned PoA-based BCT will be employed in decision
making for ethical disclosure of private data in the smart home digital
healthcare ecosystem. The hierarchical structure and distributed trust
mechanism considered with this approach are viable solutions that
could maintain blockchain compatibility with the specific requirements
of IoT for the provision of data security and users’ privacy in the context
of smart homes. In essence, the framework is viewed from three inter­
related dimensions (Table 13).
First, through an architecture that defines the composition of the
role-based peer-to-peer logical network of participating nodes, imple­
mentation techniques of the lightweight hybrid encryption scheme, the
data distribution technique of the PoA-based blockchain, and execution
of authorisation protocol.
Second, deploy an approach for scalable storage techniques that
supports ethical disclosure of sensitive data. Using IPFS/blockchain is a
means of utilising the synergy of these two technologies to handle large
amounts of sensitive data in a secure, transparent, and efficient manner
that reduces redundancy and ensures data availability. To ensure
controlled disclosure, otherwise referred to as ethical disclosure, smart
contracts on the blockchain can govern who has access to the data stored
on IPFS. In this way, the disclosure of sensitive data are controlled and
automated, and the permissions can be transparently verified on the
blockchain. Transparency of the use of data is evaluated with a decision-
making model for privacy designed for the proposed blockchain
implementation that uses an authorisation-based consensus algorithm
(PoA).
Last, an approach for performance and threat evaluation to prove the
resilience of the proposed authorisation scheme is introduced. Thus, the
proposed authorisation framework classification aims to ensure the
ethical disclosure of the private data of a smart homeowner using BCoT
is depicted in Fig. 23 and described as follows.
3.3.1. On the architecture of approach
The network topology of the smart home healthcare ecosystem is
designed based on a data publisher-subscriber model (Fig. 24). A logical
network of peer-to-peer nodes is established for the PoA-based BCN,
where a hybrid cryptography scheme is applied for secure data ex­
change, and a reputation-based consensus algorithm for the distribution
of personal data transaction among the nodes on the blockchain. The
arrangement of the blockchain is such that.
• The 3 nodes have a copy of the ledger of blocks.
• Data transactions within the blocks are encrypted with complex
algorithms.
• Secure transport of P2P transactions through lightweight encryption
key exchange.
• Unauthorized Node(s) are unable to intercept or alter data.
3.3.1.1. Network composition. The overview of the proposed smart
home ecosystem and the setup of the BCN are duly discussed. As illus­
trated in Fig. 25, the three nodes describing the smart home healthcare
scenario considered in this study are as follows.
1) Smart home (Publisher node) contains low-end IoT devices, i.e.,
wearable sensors for remote health monitoring [259] and environ­
mental sensors, that generate infinite data within the smart home.
The home gateway, a high-end IoT device aggregates all data
collected and publishes the data to the permission BCN. This setup is
to overcome the network constraint of connected objects (low-end
IoTs) in a smart home not able to directly connect to the BCN due to
their limited processing capacity and energy power. Thus, the
introduction of an intermediary high-end edge category of IoT [230],
called the gateway connects the smart home to the blockchain. The
data owners and the monitored elderly persons living in smart homes
can access these data as well.

30
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Fig. 23. Authorisation framework classification for ethical disclosure of personal data in a smart home healthcare ecosystem using smart contract-based blockchain.

Fig. 24. A layout of blockchain in smart home healthcare service delivery identifying the gateway to the blockchain, the owners (data subject), and the authorized
subscribers (e-health and storage nodes) to access the private data.

These individuals would have specified earlier on through an e-
consent a set of authorised persons or organisation permitted to access
their data. Table 14 illustrates the IoT devices to use in the data acqui­
sition process and information stakeholders (actors).
A major contribution of this study borders around the non-
transparency of the use of collected private data, which becomes an
ethical concern when the purpose of usage is undefined, and the sub­
scribers/consumers of such data are unknown. Therefore, mechanisms
that allow data owners to monitor who has access to their data and to
regulate who has this access are paramount. The privacy scheme and
transparency features of permission blockchain are more of centralised
approaches to data management rather than decentralized, and there­
fore are counterintuitive. However, the transparency of data
management processes is of utmost importance in this scenario. A
meaningful disclosure comes with a desired level of access control that
permits as much data as is needed to authorised parties only. In such a
way, the user’s private data are adequately preserved while necessary
information is revealed to data subscribers, which is a win-win situation
for the data owner. Similarly, data anonymity could conceal the identity
of the data owner, meaning the confidentiality of personal data, when
anonymised, is equally a justifiable means of preserving the privacy of
user data. However, the application of statistical models in emerging
studies has revealed how relatively easy it is to reidentify an individual
from a supposedly anonymised dataset, even when such datasets are
incomplete [260].
Ethics is of concern when personal data are collected and are to be

31
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Fig. 25. Authorisation framework made up of nodes (Home gateway—Publisher; IPFS, Client node, and e-Health expert system—Subscribers).

Table 14
Smart home actors and data collection process.
Actor Description Datatypes

SoPAD ED

Symptoms monitored Sensor Ambient Sensor

monitored

Data subject – In smart home whose personally identifiable information (well- Body Composition, e.g., BIA* Sensor Temperature, BMP280
elderly being data) is to be selectively disclosed, a fully trusted entity and BMI* & BMR* Samsung Pressure
homeowner owns a PDA. Watch4
Data collectors low- end IoT devices (sensors) ECG* Samsung Air Quality MQ 135Gas
Watch4 Sensor
Data publishers High-end IoT nodes (Home Gateway, Rasp Pi4); semi-trusted Movement Samsung Humidity Envi & AQ
Watch4 Air Quality RaspPi
Data subscribers Requester(s) of home data; semi-trusted Heartbeat Rate Samsung
Watch4
Smart contracts Defines authorisation policies among participants for fine-grained Gait Appraisal Samsung Camera Rasp Pi Camera
access control Watch4 Module V2.1.
Consensus Nodes on the BCN: Home Gateway, IPFS, eHealth Expert Stack,
participants Clients (Apps)

Note:*BMI: body mass index; *BMR: basal metabolic rate; *BIA: bioelectrical impedance analysis; *ECG: electrocardiogram.

protected to avoid non-transparency of how they are used. Privacy is the
option to limit the access others have to the data owner’s information, e.
g., on PII. The question is, what happens if the confidentiality of private
data in a smart home system cannot be guaranteed? Private data may be
under the threat of interception without the knowledge of the smart
home user (i.e., devices, communication, storage, and services could
become compromised). Confidentiality is the specific security require­
ment considered in addressing the data security and user privacy con­
cerns in our scenario.
Thus, smart contracts application to such a scenario extends and
leverages blockchain solution earlier introduced, i.e., contracts are
hosted on the blockchain. The contract is a collection of code and data
(occasionally referred to as functions and states) that is deployed using
cryptographically signed transactions on the BCN; and is/are executed
by nodes within the BCN. All nodes that execute the smart contract are
expected to derive the same results from the execution, and the results of
execution are recorded on the blockchain [32]. In defining the requisite
access control technique for this smart home healthcare ecosystem
which includes specifying the formal relation between data owners and
data subscribers, smart contracts are considered as the cornerstone of
the proposed BCoT architecture. Consequently, three types of contracts
are defined for this scenario.
2) Off-chain database storage (Storage node) is the distributed storage
service provider for infinite data with an efficient and similar storage
schema relational to blockchain data storage scheme, and as a peer
connection on the permission BCN. However, the storage node can
also be identified as a data subscriber.
3) eHealth expert system (Subscriber node). This peer represents care­
givers and affiliates that subscribe to the smart home data publisher
and IPFS to monitor private data. Examples of actors in this domain
include clinicians, therapists, pharmacies, health insurance agencies,
relatives, and any other party granted permission to access the data
publisher directly or query IPFS storage for data. This subscriber
node(s) is also a node on the permission BCN and is pre-
authenticated. The subscriber’s smart contract defines the access

32
O. Popoola et al.
Fig. 26. Illustration of the fields of e-Health expert system, adapted from Ref. [205].
level privilege a particular data subscriber is authorised with. elec­
tronic health (eHealth) comprises the fields of telemedicine, eHealth
in prevention, health promotion and care, eHealth and economics,
digitalisation of information and content, and eHealth for research
and health reporting [205]. Thus, the main fields of IT, telehealth,
and health management are depicted in Fig. 26. The IT leverages
blockchain for a secure business process management of data in the
two other fields, making it a crucial component of the value chain of
care rendered through the health sector [80,81].
4) Clients. These are device or service applications connected to the
subscriber nodes or directly to the permission BCN. Clients are sub­
scribers as well participating in data requests and access transactions
from both the sensors via the gateway, the off-chain, and on-chain
storages.
Fig. 27. Lightweight user authentication scheme for IoT using elliptic curve cryptography.
33
Blockchain: Research and Applications 5 (2024) 100178
3.3.1.2. Proposed cryptography scheme. Blockchain implementations
leverage hybrid cryptography. The use of efficient transport encryption
on sensitive data (i.e., SoPAD and ED) emanating from wearables to the
home gateway is crucial for ensuring the integrity of the in-house data
collection process. Moreover, lightweight hybrid encryption schemes
are needed to guarantee the desired confidentiality, integrity, and
availability of data in transit. ECC is well suited for this scenario as it
provides a wide range of flexible and efficient encryption schemes for
resource-constrained IoT environments. The elliptic curve integrated
encryption scheme (ECES) integrates ECC asymmetric and symmetric
cryptography to ensure scalable transport encryption with minimal
overhead. ECDSA of a reasonable key length can be used to generate key
pairs and provide digital signatures for authentication and verification.
ECDH can enable secret key establishment through key agreement and
derivation (e.g., HMAC-KDF, a hash-based message Authentication Code
-key derivation function), and implement EAX(Encryption-
Authenticate-Translate) or GCM (Galois Counter Mode) mode of AES,
O. Popoola et al.
since these two modes are most preferred for the inherent authenticated
encryption, confidentiality and integrity they provide. The combined
use of ECC and AES allows for the security benefits of both public-key
and symmetric encryption. ECC provides a secure key agreement,
ensuring that even if an attacker observes the exchanged public keys,
they cannot deduce the shared secret. Once the shared key is established,
AES provides a fast, scalable, and efficient encryption of data. Fig. 27
illustrates the lightweight user authentication scheme [154] process
logic for sending encrypted activity level data (gyroscope and acceler­
ometer data) from a smartwatch to the home gateway (data publisher),
in the presence of adversarial behavior, i.e., the home is semi-trusted.
The need to protect the personal activity data (SoPAD) of the elderly
is of interest for the following reasons.
1) Fall Detection: Accelerometers are widely used for fall detection al­
gorithms. Falls are a significant concern for elderly individuals and
detecting them promptly is essential for their safety and well-being.
Accelerometers can detect rapid changes in acceleration, which are
indicative of a fall event.
2) Daily Living Activities: Accelerometers can help monitor the per­
formance of daily living activities such as walking, climbing stairs, or
sitting down. Understanding these activities is essential for assessing
an individual’s mobility and well-being.
To maximize data insights, a combination of both accelerometer and
gyroscope data are often used. By integrating data from both types of
sensors, a more comprehensive understanding of the elderly person’s
motion and activities can be obtained. For example.
• Accelerometer data can provide information about the intensity of
physical activities, such as walking or climbing stairs.
• Gyroscope data can help assess gait quality, detect abnormalities in
posture or balance, and identify potential risks of falling.
Furthermore, integrated data from both sensors can enable more
accurate activity recognition, improve fall detection algorithms, and
provide a richer context for understanding the elderly people’s move­
ments and well-being. While gyroscopes are valuable for detecting
rotational movements and can be useful for gait analysis in specific
scenarios, they are not as directly relevant for general activity moni­
toring in a smart home setting.
In summary, for monitoring the well-being of the elderly in a smart
home setting using a Samsung S4 watch as a wearable, the accelerom­
eter data will provide more data insights and be more practical for ac­
tivity recognition, fall detection, and overall activity monitoring.
Having ensured data transactions within the smart home, it is
important to perform the same for the peer-to-peer data transfer among
nodes on the BCN architecture. Aside from the ECC/AES key exchange
and data encryption-decryption between the three specified nodes, the
data stored on the blockchain can be encrypted to add a layer of privacy
protection. Sensitive health data can be stored in encrypted form, and
access to the decryption keys can be limited to authorized parties only.
This is one of the several crucial roles a PoA-based blockchain can play
in providing an authorization framework for ethical disclosure of private
data in the scenario of a smart home healthcare system for the well-
being monitoring of an elderly person. This data encryption and pri­
vacy preservation technique decreases the likelihood of the information
within records being accessible to unauthorized actors provided the
private keys of BCN participants are not misplaced or compromised.
Stolen, lost private keys or misplaced contract calls in permissionless
blockchain used in cryptocurrencies such as Bitcoin, Ethereum, etc.,
have led to high-profile hacks in the blockchain systems [261,262],
where “Poly Network breach would be among biggest heists to target
cryptocurrency industry”. However, due to the traceability and trans­
parency features of blockchain, the reversal of stolen asset was possible
after security researchers said they had identified a trial of digital clues
34
Blockchain: Research and Applications 5 (2024) 100178
left by the hackers. In addition, SlowMist, a blockchain security firm,
confirmed it managed to identify “the attacker’s mailbox, IP, and device
fingerprints through on-chain and off-chain tracking” [263]. Due to the
transparency of the blockchain and the use of blockchain analytics,
laundering or cashing out stolen crypto assets is extremely difficult
[264].
Consequentially, newer BCNs are implementing creative measures to
mitigate ongoing risk. In essence, the implementation of PoA-based
blockchain is not entirely immune to consequences of loss of a private
key or its compromise, only that the likelihood of occurrence is lower
since all nodes are pre-authenticated and validating nodes or approved
accounts that approve transactions and create blocks that are reputable,
well-known to other nodes and trusted entities on the network. A grave
repercussion in the case of loss of private key by the validators which
they use to sign off on transactions and blocks is loss of trust. PoA-based
blockchain effectiveness depends on the trust placed in its validators. If a
validator’s key is compromised, it could lead to a loss of trust in the
network, as users may no longer believe in the validator’s ability to
secure their keys and, by extension, the network. In addition, the
centralization in PoA-based blockchain can create a single point of
failure, and the loss or theft of a private key can be a significant systemic
risk. On the flip side, the more centralised, permissioned nature of PoA
blockchains may allow for swifter response and intervention in the case
of a compromised key. The governing entities could potentially freeze
the account associated with the lost or stolen key, or the network par­
ticipants could agree to ignore or roll back fraudulent transactions,
depending on the governance rules.
However, in permissioned blockchains, there might be advanced key
management systems in place, with multi-signature protocols or hard­
ware security modules (HSMs) to provide extra layers of security. These
can prevent a single point of compromise from having system-wide ef­
fects. While the theft or loss of private keys is a security concern in both
permissionless and permissioned blockchains, the nature of a PoA-based
system creates unique challenges and opportunities. The more central­
ized control allows for rapid response but also places significant re­
sponsibility on validators to safeguard their private keys. As such, the
security protocols, key management systems, and governance policies
around key compromises are critical components of maintaining a
secure PoA-based BCN.
The P2P PoA-based BCN proposes to employ an ECES hybrid
encryption scheme more suitable for scalable data transactions, i.e., in
terms of the message size limitation observed in RSA when padding
schemes (OAEP) are used with SHA256, to leverage on the deterministic
and high rate of transaction in the PoA-based blockchain. Moreover, the
deprecated use of 1024-bit RSA keys in 2010 by NIST due to an increase
in computational power and advancements in cryptanalytic techniques,
made the once-considered secure key length vulnerable to cryptographic
attacks. Instead, the industry standard recommendation for security-
sensitive applications is a transition to longer key lengths, such as
2048-bit RSA or the equivalent 224-bit ECC to ensure a higher level of
security against potential cryptographic attacks. For instance, some key
considerations of RSA and ECC are.
• ECC relies on the elliptic curve discrete logarithm problem, which is
mathematically harder than RSA’s integer factorization problem.
This allows ECC to achieve the same security with much shorter keys.
• A 192-bit ECC key has a strength of around 96 bits, compared to a
3072-bit RSA key which provides about 128 bits of strength.
• 96 bits and 128 bits are considered close enough in strength for most
practical purposes.
• Recommendations often match a 192-bit ECC key with a 3072-bit
RSA key as offering a comparable security level.
• NIST recommends both 3072-bit RSA and 192-bit ECC keys through
2030 for sensitive information.
• For even shorter ECC keys like 160-bit, a 2048-bit, or 3072-bit RSA
key is typically considered comparable.
O. Popoola et al.
Therefore, for a security level roughly equivalent to a 192-bit ECC
key, RSA would need to use a significantly longer key size of around
3072 bits. The large RSA size required makes ECC more efficient for
many use cases.
ECC and AES are two cryptographic primitives, which are typically
used for public-key cryptography and symmetric encryption, respec­
tively. In addition, AES encryption modes such as EAX, GCM, CBCC,
OFB, and CFB have been applied to complement ECC to provide a viable
lightweight hybrid cryptographic solution in resource-constrained net­
works. However, the RSA limitation of having a maximum message size
that can be encrypted especially when using SHA 256 with OAEP is often
encountered especially in a situation where the smart home healthcare
ecosystem has numerous devices producing a large volume of data
transactions. In practice, when aiming for “privacy by design” in
transport encryption, GCM or EAX are block cipher schemes considered
suitable and secure when implemented correctly since the two modes
use similar security evaluation descriptors, e.g., the underlying
encryption mode, authentication mechanism, and nonce. The choice
between them might be influenced by factors like performance, library
support, and specific requirements of the application.
Choosing a key size for cryptography is of the utmost importance.
The key length does not affect the encryption/decryption speed signif­
icantly. The performance is more dependent on the underlying processor
performance. However, there are some points to consider regarding key
lengths for transport encryption. Longer keys are more secure but
slower. So, for instance, RSA 4096-bit keys are more secure than 2048-
bit keys, but 2048-bit operations will be faster. For optimal security,
transacting device keys should be equal. Using mismatched key lengths
can potentially weaken security in some cases. For a 2048/4096
mismatch, the security level will be limited by the weaker 2048-bit
client key. So, there is no real benefit in the server using a 4096-bit
key. For client-server RSA encryption, typically the client encrypts
data with the server’s public key and the server decrypts with its private
key. The client key length does not directly affect encryption/decryption
speed in this flow. The server’s private key length determines the
decryption time. So, a 4096-bit server key will have slower decryption
than a 2048-bit server key. In summary, the 2048 client/2048 server will
have faster performance than the 4096 client/4096 server. 2048 client/
4096 server provides no real security benefit over 2048 client/2048
server.
In Ref. [163], ECDSA with secp256k1 is implemented for the key pair
generator, signature, and verification algorithm, and SHA 256 is used as
a cryptographic hash function. The k1 curves are a specific class of
Koblitz curves used in ECC implementation that have some special
properties desirable for cryptographic implementations. But k1 variants
have only been standardized for some key sizes. SECP256k1 - 256-bit
Koblitz curve is of interest, and 256-bit ECC keys are considered spe­
cial and widely used in cryptography for reasons such as.
• 256-bit is a sort of “sweet spot” for balancing security, performance,
and interoperability.
• A 256-bit ECC key provides a very high-security level of around 128
bits of strength. This is sufficient security for the foreseeable future.
• 256-bit ECC keys are much faster in software than equivalent
strength RSA keys (3072 bits or higher).
• 256-bit ECC is widely standardized and supported across platforms
and protocols.
• The secp256r1 and secp256k1 curves were specially designed for
optimal performance and security at 256 bits.
• secp256k1 is used extensively in Blockchain and cryptocurrencies
like Bitcoin and Ethereum due to its speed and security.
• 256-bit security is the minimum recommended by NIST for US
government applications beyond 2030.
• Going higher than 256-bit only provides marginal security im­
provements while impacting performance significantly.
35
Blockchain: Research and Applications 5 (2024) 100178
In summary, 256-bit ECC combines versatility, performance, and
future-proof security. It offers a balance suitable for a wide range of
cryptographic applications. The standardization and special curves at
256-bit also make it efficient to implement. These advantages make 256-
bit keys very popular for ECC across the industry.
SECP: SECP (Standards for Efficient Cryptography Group) provides
standardised, secure, and interoperable elliptic curves that are opti­
mized for the efficient implementation of public-key cryptography
schemes like ECDSA and ECDH. SECP has the R1 and K1 variants.
• SECP curves are carefully chosen and vetted for cryptographic se­
curity and implementation efficiency.
• SECP256k1 uses a Koblitz curve. The discreet logarithm problem on
Koblitz curves is theoretically harder, providing higher security.
• SECP256k1 is designed specifically for efficient high-security digital
signatures, especially for Blockchain. It belongs to the SECP family of
standardized curves by SECG.
• SECP256k1 has distinct mathematical properties optimized for dig­
ital signatures rather than encryption. SECP256k1 is defined over a
256-bit prime field.
• SECP256k1 provides strong security with 128 bits of strength.
Comparable to 192-bit SECP or 224-bit prime field curves.
• SECP256k1 has some specialized use cases, but SECP256r1 is meant
for general elliptic curve cryptographic implementations such as in
traditional cryptography or protocols like TLS.
The k1 curves are a specific class of Koblitz curves that have some
special properties desirable for cryptographic implementations. But k1
variants have only been standardized for some key sizes. The relevant k1
curves are.
• SECP160k1 for 160-bit Koblitz curve.
• SECP192k1 for 192-bit Koblitz curve.
• SECP224k1 for 224-bit Koblitz curve.
• SECP256k1 for 256-bit Koblitz curve.
The r1 curves on the other hand are more general-purpose elliptic
curves over prime fields. The r1 variants exist for more key sizes.
Common SECP curves that are widely used for ECC include SECP160R1,
SECP192R1, SECP224R1, SECP256R1, SECP384R1, and SECP521R1.
The SECP curves are standardised and widely supported in crypto­
graphic libraries and protocols like TLS, SSH, S/MIME, etc.
3.3.1.3. Distribution technique. The implementation of a proposed PoA
consensus algorithm does not require mining, therefore, high-
performance nodes are not required to spend computational resources
to solve complex mathematical puzzles, as shown in Fig. 28. This
consensus algorithm does not involve any form of mining incentives
beyond rewarding nodes with access-right to transact data once the
legitimacy of the request is proven as defined in their associated contract
based on their reputation and the efficient utilization of roles with the
BCN. In addition, these characteristics in PoA provide a high transaction
rate, high performance, and fault tolerance.
Other benefits of PoA include.
1) The right to generate new blocks is awarded to a node with proven
authority to do so and has passed a preliminary authentication.
• Built-in identity attestation
2) The interval of time at which new blocks are generated is predict­
able, i.e., performed in sequence at appointed time intervals by
authorized nodes, leading to the increase in the speed at which
transactions are validated.
• POA Network can do up to 30,000 TPS with <3 s finality.
• Higher transactions per second (tens of thousands of TPS)
• Predictable block times (sub-second)
O. Popoola et al.
Fig. 28. Sequence diagram for the proposed PoA BCN in the smart home healthcare ecosystem.
• Transaction finality—blocks are deterministic, not probabilistic.
3) tolerance to compromised and malicious nodes.
4) Only selected trustworthy nodes known as validating nodes can
generate new blocks, and their list is stored in the BC registry.
5) Validating nodes maintain the BCN (distributed ledger), and the
order of nodes in the list of validators determines the sequence in
which new blocks are generated by nodes.
6) Energy consumption is far lower than mining-based chains.
• Lower energy use without mining.
Thus, PoA can offer better performance and finality guarantees due
to its permissioned nature and authority-based consensus. But there are
centralization tradeoffs.
3.3.2. On the approach for scalable data storage and fine-grained access
control
Interception is a major threat to confidentiality, data privacy, and by
extension an adversarial model that grants unauthorized access to an
individual’s private data. To ensure users’ privacy in the smart home
healthcare scenario presented, supervised authorisation is provided
using a combination of secure and scalable data storage mechanisms,
and role-based smart contracts (Table 15).
3.3.2.1. P2P permissioned BCT (on-chain DB storage). In the permis­
sioned BCN proposed, all nodes are pre-authenticated, which is like it is
in a controlled corporate intranet, limiting participation to specific
parties or nodes, and allowing for fine-grained controls [32]. This type
of BCN is often deployed for a group of organizations and individuals,
typically referred to as a consortium, and such is considered for the
public eHealth expert system in this study.
3.3.2.2. Inter planetary file system (off-chain DB storage). IPFS is a P2P
network for storing and sharing data in a distributed file system using a
distributed hash table (DHT) and is designed to work together with
existing blockchain protocols. Though not specifically built on Block­
chain, it uses content-addressing to uniquely identify each file within the
global namespace that connects IPFS hosts. These contents are accessible
via peers located globally and can relay and store information. IPFS
discovers information using content address (identify content by what is
in it) rather than the information location [265]. The basic principles of
IPFS use the concept of unique identification through content address­
ing, content linkage using directed acyclic graphs (DAGs), and content
discovery utilising distributed hash tables (DHTs).
The hash of the personal data storage location is kept on the
36
Blockchain: Research and Applications 5 (2024) 100178
Table 15
Proposed data storage and access control mechanism for the smart home
healthcare ecosystem.
Technology Description
Permissioned blockchain - Each block contains a cryptographic hash of
technology (On-chain DB the previous block, a timestamp, and
storage) transaction data.
- Makes blockchain suitable for the recording
of events, medical records, and other records
management activities, such as identity
management, transaction processing,
documenting provenance, etc.
Inter Planetary File System – - Content-addressed storage model, which
IPFS (Off-chain DB storage) means the content itself is addressed by the
hash of the file, making the network more
efficient, secure, and decentralized.
- Each file and all the blocks within it are given
a unique fingerprint called a cryptographic
hash.
Smart contracts (Fine-grained - Controlled disclosure of sensitive data based
access control) on e-consent authorisation, on top of the
blockchain to govern who has access to the
data stored on IPFS.
blockchain, while the actual encrypted data are stored off-chain on the
IPFS decentralized storage. For instance, newly generated well-being
data from any sensor (i.e., SoPAD) and those from the environment (i.
e., ED) are occasionally forwarded through the publisher (gateway) to
the IPFS (off-chain) storage. The gateway also broadcasts a message
containing the hash pointing to the location of data stored on the IPFS to
the blockchain (on-chain store). Thus, the IPFS is used as a secure
decentralized data storage hub for sharing generated sensitive data
emanating from a data subject in the smart home. This two-storage as­
sociation is exploited to maintain the security and privacy of data
collected within the smart healthcare ecosystem.
3.3.2.3. Smart contract. This solution proposes the use of smart con­
tracts to maintain rules, authentication, and communication between
the different nodes and parties in the healthcare smart home system.
Smart contracts are associated with each of the BCN participants to
allow for fine-grained access control based on the management of pri­
vate data in the smart home healthcare ecosystem. The smart contracts
are described as follows.
1) Publisher contract description. This contract will first be specified
before a user (his) subscribes to the system and connects their smart
O. Popoola et al.
home gateway to the BCN. Since all nodes in a permission BCN are
pre-authenticated, a unique ID mapped to his blockchain address is
received once the publisher contract is accepted. The list of the IoT
devices to connect to the blockchain must also be specified using
names for ease of access and identification of the generated data. In
addition, the type of sharing mechanism to manage the publisher-
subscriber association and the list of permissible addresses to ac­
cess data, i.e., addresses of authorised subscribers to the data, are
specified.
The publisher’s smart contract comprises the data subject’s consent,
which allows any subscribing party to request a subset of or a full SoPAD
and ED. This service allows the data subject to decide on how to react to
requests and which subsets of personal data they have agreed to share or
want to share. The smart contract manages each request type of SoPAD/
ED a data publisher provides to subscriber parties. The third party
(subscriber) initializes contact with the publisher’s smart contract once,
requesting a certificate for future access to the SoPAD/ED. Upon the data
subject’s consent to the subscriber’s request, an up-to-date SoPAD/ED
can then be subsequently requested just in time whenever it is needed
for processing.
The publisher smart contract provides the SoPAD/ED instanta­
neously once the certificate of the subscribing party is valid. Hence, it is
no longer necessary to store the actual personal data of the subscriber.
2) Subscriber contract description. This second contract should contain
the address of the subscriber(s) in the blockchain and the list of
publishers to which it subscribes and should also state the specific list
of sensors to subscribe to. The sensors are chosen by type, name, or
the use of a wildcard to select all the available sensors associated
with a certain publisher. This happens to be the critical component of
the publisher-subscriber procedure since the generated data can be
filtered before being sent to a subscriber based on the information
recorded in this contract.
3) Client contract description. The client contract is the third contract,
serving as a mapping contract between normal nodes or clients
connected to the blockchain, and their respective subscriber con­
tracts. The client’s name is used here for ease of communicating with
one another through a front-end application. This name is also
mapped to the corresponding address in blockchain. For instance,
the client connects to the IPFS node whenever it is requested by the
end user, using the hash code to fetch the data generated by the
sensor.
The proposed smart contract is expected to meet the following
minimal requirements:
• The smart contracts are to have an interface that handles the initial
request of a certificate for future requests of a SoPAD/ED.
• The smart contract should have access to a securely hosted decryp­
tion function, which will provide the function Dec(X) = Enc (SoPAD/
ED), where X is the element of Enc (SoPAD/ED).
The data owner is a single source that provides the smart contracts
capable of decrypting the SoPAD/ED in question. This ensures they get a
notification whenever SoPAD/ED is processed.
This functionality is handled by a blockchain functioning as an
immutable access log. Described below is a model for the minimal
interface for a smart contract to allow a subscriber to request a SoPAD/
ED of the data subject and ensure they are notified whenever any of their
SoPAD/ED is revealed to any subscriber.
• Request_Certificate (SubscriberID, Reason_For_Request).
• Request_SoPAD/ED (Certificate, Requested_Subset_Of_SoPAD/ED).
• Access to blockchain for Dec(X), where X is the element of Enc
(SoPAD/ED).
37
Blockchain: Research and Applications 5 (2024) 100178
• Check_Validity_Of_Certificate (Certificate) checks if the requesting
subscriber is allowed to be granted access to the SoPAD/ED based on
the certificate provided with the request.
The data subject utilises the BCoT to ascertain high availability while
maintaining full control over their data. To guarantee that copies of
SoPAD/ED are up to date once the hash of SoPAD, i.e., H(SoPAD/ED)
has changed, the timestamp in the SoPAD/ED can be modified whenever
it is requested. This is simply because changing only the timestamp
(without interfering with related personal data) results in a different
hash forcing the subscriber to file a new request against the data pub­
lisher smart contract, should such a subscriber want to process an up-to-
date SoPAD/ED. Thus, any processing of SoPAD/ED without the consent
(or with prior request) of the data subject is easily identifiable because
such a dataset is outdated. This mechanism assists in identifying sub­
scribers who store personal data without the data subject’s consent.
Thus, for efficiency, the publisher smart contract could also inform the
subscriber if a previous request of a SoPAD/ED is still up to date.
Therefore, to withdraw a once-given consent, changing the hash H
(SoPAD/ED) and invalidating the subscriber’s certificate will suffice.
Moreover, for every smart contract, a separate key pair is generated for
security reasons, thereby making it possible to invalidate the public key
supposing the private key for a particular SoPAD/ED is compromised.
Fig. 29 illustrates the model of the publisher-subscriber contracts with
workflow explanation.
a) Contracts with hardcoded participant addresses
This code defines two smart contracts, ‘publisherContract’ and
‘subscriberContract’, where ‘subscriberContract’ inherits from ‘pub­
lisherContract’. These contracts are meant to manage permissions for
nodes in a BCN, specifically concerning viewing and storing healthcare
data within a smart home healthcare ecosystem. The system is designed
to ensure that data are ethically disclosed only to those entities that have
the appropriate permissions. The breakdown is as follows:
1) publisherContract
• State Variables.
- ‘publisher’: Stores the Ethereum address of the publisher (the
entity that deploys the contract).
- ‘authorisedNodes’: A mapping to keep track of which addresses
(nodes) are authorized.
- ‘permissions’: A mapping from addresses to their specific per­
missions. Permissions are represented as an enum, which can be
either ‘view_data’ or ‘store_data’.
- ‘dataHash’: A string that is meant to hold an IPFS hash, repre­
senting the location of data stored off-chain.
- ‘participant1’: An example participant’s address for testing
purposes.
• Events.
- ‘hashUpdated’: Triggered when the IPFS hash is updated.
- ‘permissionGranted’: Triggered when permission is granted to a
participant.
• Constructor.
- Initializes the ‘publisher’ with the address of the contract creator
(‘msg.sender’).
- Sets an example ‘participant1’ as an authorized node and assigns
permissions to the ‘msg.sender’ and ‘participant1’.
• Functions and Modifiers.
- ‘updatePermissionToView’: Allows the publisher to grant an
address permission to view data.
- ‘updateHash’: Allows the publisher to update the ‘dataHash’
variable (IPFS hash). This function can only be called by the
publisher and the address with the ‘store_data’ permission.
- ‘onlyPublisher’: A modifier that restricts function access to only
the publisher.
O. Popoola et al.
Fig. 29. Model of the publisher-subscriber contracts.
- ‘hasPermissionToStore’: A modifier that checks if the message
sender has permission to store data.
2) subscriberContract
This contract is inherit from ‘publisherContract’ and thus has access
to its state variables, events, and functions.
• Event.
- ‘dataRequested’: Triggered when data are requested, logging the
requester’s address and the timestamp.
• Functions and Modifiers.
- ‘getDataHash’: Function that returns the current data hash; it
checks if the message sender has the necessary permission to view
data.
- ‘checkPermissions’: Allows an address to check what permissions it
has.
- ‘hasPermissionToView’: A modifier that checks if the message
sender has permission to view data.
An explanation of the workflow of the publisher-subscriber contracts
is as follows:
- The publisher deploys the ‘publisherContract’, and during deploy­
ment, the constructor sets the publisher’s address and initializes
permissions for the publisher and an example participant.
- The publisher can grant “view” permissions to other addresses using
the ‘updatePermissionToView’ function.
- The publisher can update the IPFS hash, which represents the
healthcare data, using the ‘updateHash’ function. This hash might
38
Blockchain: Research and Applications 5 (2024) 100178
refer to patient data, healthcare records, etc., stored securely on
IPFS.
- Participants in the network can then interact with the ‘sub­
scriberContract’ to request the data hash (if they have view per­
missions) and check their permissions.
- Access control is enforced through modifiers, ensuring that only
authorized participants can access specific functions based on their
roles and permissions.
Security Considerations:
- The contract currently uses an example participant’s address hard­
coded into the contract, which is non-ideal for a production envi­
ronment. Dynamic addition and verification of participants are
better suited for a production scenario.
- The permissions are currently set in the constructor and can be
modified through ‘updatePermissionToView’. A more comprehen­
sive system for managing different permissions levels, possibly
including a way to revoke permissions is expedient.
- The system’s reliance on correct address input is crucial. Adequate
off-chain security measures will ensure that addresses correspond to
the correct, authenticated participants.
- The contract lacks functions to remove permissions or to update the
list of authorized nodes. In addition, emergency stop (“circuit
breaker”) patterns could be implemented for added security.
For real-world applications, especially concerning sensitive health­
care data, it is worth mentioning that rigorous security audits, testing,
and contract code reviews will be performed before deployment.
O. Popoola et al.
b) Contract with dynamic addition and verification of participants
The breakdown of a dynamic and applicable smart contract model,
with a focus on the ‘AccessControl’ and ‘DataContract’ is as follows:
These contracts aim to manage permissions for nodes in a BCN,
specifically for viewing and storing healthcare data within a smart home
healthcare ecosystem. The dynamic design ensures that data are ethi­
cally disclosed only to those entities that have the appropriate permis­
sions, with enhanced security, flexibility, and data privacy provisions.
1) AccessControl Contract
• State Variables.
- ‘owner’: Stores the Ethereum address of the owner — the account
that deploys the contract.
- ‘authorisedNodes’: A mapping to keep track of which addresses
(nodes) are authorized, it remains unused in the provided code
and could be removed or implemented as needed.
- ‘permissions’: A private mapping from addresses to an integer
representation of their specific permissions, which can be None
(0), View (1), or Store (2).
• Events.
- ‘PermissionUpdated’: Triggered when the permission of a
participant is updated (set or revoked).
• Modifiers.
- ‘onlyOwner’: Ensures that only the contract’s owner can execute
the function to which it is applied to.
- ‘authorisedToStore’: Ensures that the function can only be
executed by an address with the ‘Store’ permission.
- ‘authorisedToView’: Ensures that the function can only be
executed by an address with the ‘View’ permission.
• Constructor.
- Sets the contract’s deployer as the owner and assigns them the
‘Store’ permission by default.
• Functions.
- ‘setPermission’: Allows the owner to grant a specific permission
(View or Store) to an address. It checks for valid input and
triggers the ‘PermissionUpdated’
event.
- ‘revokePermission’: Allows the owner to revoke any permissions
assigned to an address, setting it to ‘None’, and triggers the
‘PermissionUpdated’ event.
- ‘getPermission’: Returns the permission type of a specific
address.
2) DataContract (inherits from AccessControl).
• State Variable.
- ‘dataHash’: A private string meant to hold an IPFS hash, repre­
senting the location of data stored off-chain. It is made private to
ensure controlled access.
• Event.
- ‘HashUpdated’: Triggered when the IPFS hash (‘dataHash’) is
updated.
• Functions.
- ‘updateDataHash’: Allows an address with ‘Store’ permission to
update ‘dataHash’. It requires that the new hash is not empty and
triggers the ‘HashUpdated’ event.
- ‘getDataHash’: Returns the current ‘dataHash’ value but only for
addresses with ‘View’ permission.
An explanation of the workflow of the publisher-subscriber contracts
is as follows:
- The contract owner deploys the ‘AccessControl’ contract. By default,
the owner has ‘Store’ permission.
- The owner can then set or revoke permissions for participants using
‘setPermission’ and ‘revokePermission’, providing flexible and
39
Blockchain: Research and Applications 5 (2024) 100178
dynamic access control. The changes in permissions are publicly
logged through the ‘PermissionUpdated’ event.
- Once participants have the appropriate permissions, they interact
with the ‘DataContract’:
o Participants with ‘Store’ permission can update the IPFS hash
using ‘updateDataHash’, which holds the off-chain data (poten­
tially sensitive healthcare information). The update is logged
through the ‘HashUpdated’ event.
o Participants with ‘View’ permission can access the current data
hash using ‘getDataHash’, ensuring they only access data they are
authorized to view.
- The system ensures data privacy by keeping ‘dataHash’ private and
making it accessible only through controlled functions.
Security considerations:
- The updated contract enhances security by allowing dynamic
permission management and enforcing strict access control to critical
functions.
- It introduces input validation and error messages, providing clearer
insights into any issues that participants encounter.
- The contract ensures data privacy by making the data hash a private
variable.
- Despite these improvements, rigorous testing and a professional se­
curity audit are still paramount, especially when dealing with sen­
sitive healthcare data.
This dynamic contract code version promotes a more secure, flexible,
and privacy-focused approach to managing permissions and data access
in the smart home healthcare ecosystem. However, continuous
improvement and adherence to best practices are vital for maintaining
robust security and functionality.
In comparing the two approaches for designing an applicable
publisher-subscriber contract, the dynamic addition and verification of
participants is better suited, and here are the key changes and im­
provements over the hardcoded version:
For encapsulation of access control:
• Introduction of a dedicated AccessControl contract to handle
permission-related logic, improving the modularity and readability
of the code.
For improved permission management:
• Added a None type to the PermissionType enum to represent the
absence of permissions explicitly.
• Introduced a setPermission function to dynamically set permissions
for an address.
• Added a revokePermission function to remove an address’s permis­
sions, enhancing the security and flexibility of permission
management.
• Permissions are now directly mapped to an enum type, removing
ambiguity and improving readability.
For data privacy:
• Made dataHash a private variable, ensuring it is only accessible
through the getDataHash function, which includes appropriate ac­
cess control checks.
For validation and error messages:
• Added requirements are checked with descriptive error messages to
ensure that functions are called with valid arguments.
For event enhancement:
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

• PermissionUpdated event now also emits the type of permission encrypted from the point of collection (e.g., the smartwatch) to its final
granted or revoked. destination (e.g., IPFS or the eHealth expert node). This encryption
should persist while data are in transit through intermediate points like
It is worth mentioning that smart contract codes require thorough the home gateway. Testing the resilience of E2EE involves attempting to
testing, auditing, and potentially more features depending on the use intercept the data at various points in its journey and verifying that it
case requirements, such as different levels of access control, sophisti­ remains unintelligible due to encryption.
cated permission management, and emergency stop mechanisms. Cryptanalysis is the study of analyzing information systems to study
Moreover, the principle of least privilege could be considered, i.e., grant the hidden aspects of systems. It is used to breach cryptographic security
only the permissions necessary for participants to perform their tasks. systems and gain access to the contents of encrypted messages, even if
More importantly, because this scenario involves medical data, the cryptographic key is unknown. In other words, cryptanalysis is the
compliance with healthcare regulations and data privacy standards like art of deciphering encrypted data without access to the secret key used
HIPAA or GDPR should be taken into consideration. to initially encrypt the data. The experience in the cryptanalysis domain
has revealed that evaluating the security level of a cryptosystem in­
3.3.3. On the strategies for evaluating the solution’s performance volves not only understanding the mathematical concept but also the
To effectively evaluate the performance of the proposed author­ application of the best possible cryptographic attacks on such a cryp­
isation framework, some evaluation metrics could be considered. tosystem to test its resilience by using the best available techniques
[266]. Therefore, with the application of an appropriate attack on the
3.3.3.1. Performance evaluation. The permission BC-based framework is resource-constrained platform, the security limits of the studied cryp­
proposed for providing and ensuring improved data security and privacy tographic algorithms can be determined, and this allows for recom­
in the smart home setting through a lightweight hybrid encryption mendable adjustments to be made to the corresponding parameters of
scheme as described earlier. In addition, though the PoA consensus al­ the proposed algorithm. In essence, cryptanalytical tasks in the scenario
gorithm does not perform mining, the blockchain-based architecture is of study will be tailored towards constrained systems and those not
likely to still incur slight computational and packet overhead on the high-end, requiring massive computations but rather nodes fitting the
nodes for the processes involved. To provide an appreciable evaluation characteristics of the PoA consensus algorithm for privacy preservation
at this stage, two different and logical traffic flow patterns classified as in smart home settings. Furthermore, PKI (Public Key Infrastructure)
periodic and query-based could be implemented to evaluate these and Key Management can be implemented to test a robust PKI to ensure
overheads [159,217]. The evaluation metric of the packet, time, and that only the intended recipients can decrypt the data. This can include
energy overheads is applicable for performance evaluation. To assess the using digital certificates for authenticating the communicating parties.
security resilience, scalability, and storage query efficiency, the over­ This test procedure can make the key exchange mechanism robust and
head of the PoA-based blockchain architecture can be compared to those resilient to attacks like Man-in-the-Middle (MiTM), where an attacker
recorded from a baseline scenario that handles data transactions of might try to impersonate one of the nodes. Table 16 illustrates some
SoPAD/ED without any tangle form of transport encryption, which in­ exploited vulnerabilities in DLT, including those related to theft/loss of
cludes using a traditional DBMS. However, the focus should be not only private keys.
on low overheads but on other trade-offs to achieve significant security IPFS Security checks can be performed to make certain that any
and privacy benefits. sensitive data are encrypted before being stored on IPFS. While IPFS
provides content addressing and tamper-proofing, it does not natively
3.3.3.2. Resilience testing procedure. This test is required to assess the encrypt data. It is equally important to test the access controls of the
resilience of the authorisation security framework. Threat models such IPFS node and ensure that data cannot be accessed by unauthorized
as interception attacks often threaten the confidentiality and integrity of parties. A thorough audit and testing of the smart contracts code could
data, and by extension deprive smart homeowner of their data (SoPAD/ also ascertain smart contract security. This should include known vul­
ED) privacy. Therefore, to investigate the performance efficiency of the nerabilities like reentrancy attacks, and overflow/underflow bugs, etc.
proposed authorisation framework towards ensuring privacy, the use of Additionally, given the concern with data interception, safeguards
cryptoanalysis is performed when testing the resilience of the proposed should be in place to make sure contract logic does not inadvertently
security framework in securing private data. On one hand, a shellcode
injection (i.e., via malware and botnet) can be launched into the system
Table 16
through a simulation that mimics an infected PDA that has been used on
Recent blockchain attacks and exploits.
a public Wi-Fi infrastructure. The code injection attacks employed are to
assess if the pattern of data collection and transport within the smart Top five blockchain attacks Loss and “in-actions” Five DLT vulnerabilities
home healthcare ecosystem can be eavesdropped on before a brute force Wormhole—February $326 M, fund Exitscam
attack is used to intercept data, and, if possible, to modify the data 2022, Solana Platform returned in24hrs
Bit Mart—2021, Ethereum $150,000 asset, 51% Attack—majority
before an off-chain or on-chain storage. Another attack scenario is to
Platform Hacked private key attack, - Control of more
gain access to steal the private keys used for signing data in transit or than 50% of the hashing
gain access to search exposure/misplaced contract calls. Lastly, the power on a blockchain.
smartwatch can be compromised through a corrupted version of the API Poly Network —August $ 600 m, misplaced Defi—Decentralized
developed for collecting the activity level data. A malicious prompt for 2021 “contract call” finance
intercepted. Hacked - P2P system using smart
an update of the app if executed, could infect the watch with a botnet.
private key returned contracts in decentralized
The home Wi-Fi is semi-trusted, but it can be assumed that an HTTPS by some anonymous blockchain networks.
protocol is configured as the transport service for sending data to the MT Gox, 2011–February Up to $4.7 billion, the Exchange hack
home gateway from the watch and indoor environment sensor, at least 2014 greatest Bitcoin
to alleviate further fear of interception within the home network, exchange robbery, - Social engineering hacks
MT Gox bankrupted and persuasion tricks.
including insider attacks. The code injection attacks can be used to Liquid Global—August $97 M unauthorized Phishing
simulate targeted interception attacks on the smart care home ecosystem 2021, Japanese user(s) access to
to compromise devices, infiltrate networks, truncated services or ap­ Cryptocurrency Exchange wallet,
plications (i.e., for interruption attack/DDOS), or masquerade as an > 78% of damage
due to Ethereum-
authorised entity. End-to-end encryption (E2EE) ensures that data are
based asset

40
O. Popoola et al.
expose sensitive information, and only permitted addresses can execute
certain functions. Wi-Fi security, network segmentation within the
home, penetration testing, and blockchain node security are possible
ways to perform resilience evaluation of toughened networks that
parade private data.
Furthermore, input validation approaches such as whitelisting vali­
dation (inclusion or positive validation) and blacklist validation
(exclusion or negative validation) are applicable. However, blacklist
validation is favored since signature algorithms (binary patterns) not
allowed to gain access to the smart home system are predefined. In this
way, the proposed secure framework should be resilient enough to
detect, attribute, and identify stages of interception attack life cycle, and
deal with new or current versions of existing threats. Moreover, the el­
ements within the publisher-subscriber-client smart contract algorithm
contain the privacy-aware fine-grained access control mechanism ex­
pected to exclude smart home actors/entities that do not follow proto­
col. A privacy model underpins this concept and will be presented
during the privacy assessment criteria.
3.3.3.3. Procedure for privacy assessment. Given the complexity of the
smart home healthcare ecosystem system and the paramount impor­
tance of privacy, particularly in the context of healthcare data, there is
no single testing procedure that can act as a panacea. However, a
comprehensive approach that combines various methodologies could
provide a robust defense strategy. Among these, privacy impact assess­
ment (PIA) stands out as a particularly effective tool for identifying and
mitigating privacy concerns in information systems, especially when
used in combination with other methods like LINDDUN and STRIDE.
PIA is a systematic assessment that identifies the impact a design
might have on the privacy of individuals and sets forth recommenda­
tions for managing, minimizing, or eliminating that impact. While PIA
itself is a broad framework, it can be particularly effective when tailored
to the specific needs of your healthcare ecosystem. Methods that can be
adopted to structure a PIA are as follows.
1) Description of the information flow: This clearly describes how in­
formation is collected, stored, used, and shared in the system. It in­
cludes data from the smartwatch, through the home gateway, within
the blockchain, and in off-chain storage (IPFS). This also includes
understanding who has access to what data, under what circum­
stances, and what controls are in place to prevent unauthorized
access.
2) Identification of privacy risks: This identifies risks to individual
privacy by considering how information is managed throughout its
life cycle. This includes risks from unauthorized access, disclosure,
alteration, and destruction. The LINDDUN framework is suitable
here because it is designed to uncover privacy threats in software
systems.
3) Assessment of privacy risks: This is applied to assess the potential
impact of risks on the privacy of individuals. It considers both non-
technical and technical aspects, including how data encryption,
smart contract logic, or blockchain access controls might fail or be
circumvented.
4) Mitigation strategies: This involves developing strategies to mitigate
each identified risk. The process could include technical measures,
such as enhancing encryption or access controls, and non-technical
measures, e.g., establishing policies for how data should be
handled or shared.
5) Documentation and compliance: This involves documenting the
process and outcomes of the PIA, ensuring compliance with relevant
health data protection regulations (e.g., GDPR, HIPAA). Such docu­
mentation can be vital for regulatory compliance and for commu­
nicating privacy practices to stakeholders.
6) Regular review: Since privacy risks can evolve, the designed system
can as well. Therefore, it is necessary to regularly review and update
41
Blockchain: Research and Applications 5 (2024) 100178
the PIA to handle new threats, vulnerabilities, or changes in the
smart home healthcare system.
The use of a PIA in conjunction with threat modeling tools like
LINDDUN and STRIDE can provide a comprehensive view of privacy
risks. While LINDDUN is focused on privacy, STRIDE provides a broader
view of security threats. Using both can assist in ensuring a wide range of
potential issues are being considered.
In implementing these methodologies, collaboration with stake­
holders, including cybersecurity experts, legal advisors, healthcare
professionals, and patient advocates, can enhance the effectiveness of
privacy protection measures and adoption. The goal is not just to protect
data from interception or unauthorized access, but also to maintain trust
among users and stakeholders by ensuring that the system respects and
upholds individuals’ privacy rights.
A combination of LINDDUN and SRIDE is suggested as a means of
evaluating the threat model of the secure authorisation framework
designed for our scenario. Fig. 30 depicts the threat analysis of both
models with the LINDDUN framework more focused on the provision of
extensive procedural and knowledge support to systematically tackle
privacy threat elements and for the elicitation and mitigation of privacy
threats in software application systems. LINDDUN’s methodology con­
sists of three main steps: (1) model the system, (2) elicit threats, and (3)
manage threats. The six steps of this privacy assessment tool are cat­
egorised into problem and solution spaces.
LINDDUN is mnemonic for Linkability, Identifiability, Non­
repudiation, Detectability, Disclosure of Information, Unawareness and
Noncompliance. These six steps provide a systematic approach to pri­
vacy assessment, but disclosure of information is the primary focus
considered to handle privacy concerns as well as data security examined
in the course of this study. Moreover, as a suitable and alternative pri­
vacy assessment criterion, identity spoofing, data tampering, informa­
tion disclosure and elevation of privilege are specific threats violating
authentication, integrity, confidentiality, and authorisation among
others when examined using STRIDE for threat evaluation. Table 17
further illustrates the applicability of STRIDE.
3.4. Decision-making scheme to enhance a privacy-preserving smart home
healthcare system
A dynamic model of privacy that provides a pattern of computing
data transaction process as expected by nodes designated for acquisition
(collection), storage, and monitoring using underlying PoA-based
blockchain is considered in decision-making for ethical disclosure of
private data in our smart home healthcare scenario. This solution
assessment is based on the analysis of various data security and privacy
issues encountered when transporting sensitive data in IoT-based smart
home systems. To this effect, the anticipated authorisation framework
for the ethical disclosure of private data approaches the deprivation of
user privacy from the perspective of data leakage or lack of data
confidentiality.
To proffer solutions to privacy issues, all phases of the data value
chain are considered, including acquisition/collection, storage, and use.
Proponents of privacy preservation in Refs. [131,267] suggested two
practicable solutions, e.g., privacy by design, and privacy enhancing
technologies (PET). However, an approach that adopts the concept of
privacy by design/default is a better fit for the smart home healthcare
system. Sfar et al. [268] studied and proposed a similar implementation
that integrated privacy protection into both technologies such as com­
puter chips, networking platforms, and organizational policies, i.e., in
privacy impact assessments. Therefore, a precise privacy model is
considered to preserve data privacy while maintaining the utility of the
system. In a similar manner, Dagher et al. [22] utilised differential
privacy to ensure the confidentiality of viewable data in a
privacy-preserving framework for access control and interoperability of
EHRs, but the differential privacy scheme added noise to the
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Fig. 30. Overview of LINDDUN [181].

These independent variables influence the level of access granted to

Table 17
different entities trying to interact with the data owner’s private
Illustration of STRIDE application to privacy assessment.
information.
Mnemonic Threat Security Threat description
violated
2) Dependent variable (Y)—Authorisation-level: This represents the
S Spoofing Authentication Identity pretense, level of access granted and is influenced by the independent vari­
masquerading, e.g., Sybil
ables. It is categorised into three levels: Access, Store, and Monitor.
attack.
T Tampering Integrity Data, software or network
modification, fabrication. This dependent variable is binary, meaning each level can either be
R Repudiation Non- Denial of actions, honest but allowed (1) or denied (0), representing the data owner’s decision to
repudiation curious behaviours. permit or refuse the respective actions on their private data.
I Information Confidentiality Unauthorized information
The relationship between the independent and dependent variables
disclosure access.
D Denial of Availability Exhausting resources required is examined using a Multinomial Logistic Regression model. This model
services for services provision or theft of is particularly suitable because the dependent variable is categorical
resources. with more than two categories, and the outcome is binary. The model
E Elevation of Authorisation Granting unauthorized access.
estimates the probabilities of different possible outcomes of a categori­
privilege
cally distributed dependent variable, given a set of independent
variables.
blockchain’s transactions, thereby, limiting the transaction scalability of In summary, one can say logit regression references the binomial
the blockchain from storing data on-chain. Hence, a decision-making distribution and estimates the probability (π) of an event occurring (Y =
model for privacy preservation is proposed as an integral component 1) rather than not occurring (Y = 0) from a knowledge of relevant in­
of the underlying smart contract-enabled blockchain implementation. dependent variables, e.g., (k1[Accelero_data], k2[Gyro_data], and
k3[AQ_data]). Maximum Likelihood (MLE) is an iterative process used to
3.4.1. Process model for data classification in smart home healthcare estimate regression coefficients. Therefore,
system
In discussing a model for ensuring the security of private data within π is for probability that Y = 1, and
a smart home healthcare system. The system’s process hinges on two 1- π for probability that Y = 0
primary components: Permissibility and Authorisation-level, which are then the logistic model is:
determined by the data owner. This security model is inherently sto­ ( π )
chastic, meaning it is probabilistic and considers the randomness and Ω = f(X) = log = β0 + β1 X (1)
1− Ω
unpredictability of certain variables. The process is broken down as
follows: where

1) Independent variables (X): These are factors classified as ‘Permissi­ • Ω is the log-odds (the logarithm of the odd π/(1− π)),
bility,’ which are further divided into two categories: • π is the probability of the event occurring (Y = 1),
i) Set of personal activity data (SoPAD): This could include any data • X represents the independent variables,
related to the personal activities of the elderly individual residing • β0 and β1 are the coefficients to be estimated in the model
in the smart home, such as their activity level data (most espe­
cially those that a smartwatch can collect, e.g., accelerometer and Thus, if the antilog (exponential operator) e is applied to both sides
gyroscope data), daily routines, health data, personal prefer­ of Eq. (1), we get the value of the odd:
ences, etc. ( )
π
ii) Environmental data (Ambient Data): This encompasses data Ο=е
log
1− π
= еβ0 +β1 X (2)
related to the environment of the smart home, possibly including
temperature, pressure, humidity, lighting, air quality (AQ), gas, Taking the antilog gives the odds ratio, not the probability, but it is
sound levels, etc. related to the probability and changes in a predictable way with X, the
independent variable.

42
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

The final logistic model expression used for prediction is: • For the sigmoid function, the profile of the limits of the sigmoid
function is utilised to re-evaluate the privacy model of every node, as
eβ0+β1x1+β2x2+⋯+βnxn
Y= (3) seen in Eq. (4).
1 − eβ0+β1x1+β2x2+⋯+βnxn

where Y is the predicted probability that the event of interest occurs. With this procedure, the BCN attaches more importance (e.g., gives
The decision-making regarding privacy preservation is then based on more weight) to trusted nodes that decide and validate transactions by
modeling the expected security of private data, considering the behavior either allowing or denying them. Table 18 is a summary of the proposed
of each node in the network. The expectation is binary: either deny (0) or privacy model descriptions.
allow (1) access. The “privacy” for each node in a BCN is evaluated using
a sigmoid function, which considers the number of allow and deny ac­ 4. Conclusion
tions a node performs. This is encapsulated in the Eq. (4).
The article provides a critical review of unresolved issues and open
1 challenges faced on data security and user privacy in IoT-based appli­
Privacy(i) = (4)
n
1 + e− α(#allow− #deny)
cations, such as in the smart home healthcare system, a combination of
both smart home and smart healthcare. Smart healthcare is a potential
where
use case where security requirement analysis and authorisation frame­
work have been proposed to provide the requisite solution. The exam­
• Privacy(i)
n represents the privacy model for every node, ined technique considered the adoption of BCT as an underlying service
• α is a parameter of the model (potentially relating to the sensitivity of to improve data integrity and to deploy a privacy model borne out of
the response to changes in the difference between allow and deny consent (e-consent) and acceptance of the data owner to enhance data
actions),
• #allow − #deny represents the net trustworthiness measure of a
node, based on its previous actions.
Table 18
Summary of the system process model for data classification to demonstrate the
This model thus provides a dynamic and probabilistic assessment of planned privacy preservation process in the presented scenario.
each node’s privacy level in the network, which can be used to make
Model Action
informed decisions about data security and access permissions in the
smart home healthcare system. Functional input data (X) are identified as independent variables categorised
factors of permissibility: into SOPAD and AD
The decision is to know how we can effectively model the relation­ (Y) represents authorisation- identified as a single dependent variable,
ship between permissibility and authorisation-level variables by level: categorised into three levels, namely store,
modeling the expected security of private data that is suggested from the access, and monitor transactions of data
behavior of each node in the future as authorisation policies are put in subjects.
place. The behaviour of authorisation-level in the future has only binary
- Each level has a binary outcome, i.e., to either
outcomes to either deny (0) or allow (1) access. The expected value of allow (1) or deny (0) the transaction.
privacy of personal data are a probability P since it involves a binary Regression Analysis: used to describe the nature of the relationship
random variable. This probability is approximated by considering the between (X) and (Y) above
number of allow and deny actions a trustworthy node performs and then Logistic (logit) Regression: to test if changes in the predictor variables (X)
of permissibility are associated with changes in
utilise a sigmoid function to squash it into a probability. Thus, for every
the response variable (Y) of authorisation-
block i which decides the node weight to select the allow or deny level.
transaction, the privacy model for every node of the permissioned BCN is Regression coefficients - estimates the probability (π) of an event
re-evaluated. Hence, the following: estimated using Maximum occurring (Y = 1) rather than probability
Likelihood Estimation (i.e., (1 − π) of not occurring (Y = 0), having
iterative process): knowledge of relevant independent variables
• A new dynamic measure of privacy is proposed which represents the (k1,k2 and k3).
expected value of privacy in each node (n) for every block (i) that The logistic model is: Ω = f(X) = log
( π )
= β0 + β1 X (1)
predicts the probability of a node behaving well in the future. This is ( ) 1− Ω
the value of the odd:
simply the estimate of the probability P where allowable transactions
π
log 1− π
antilog (exponential operator) Ο=е = еβ0 +β1 X (2)
that follow the protocol are rewarded with access rights and is e applied to both sides of Eq.
explained by the sigmoid function. (1)
• The sigmoid function plays an important role in the context of lo­ where β0 is now the value of
the odd when X = 0
gistic regression, where logistic regression is a technique to predict Multinomial logistic regression eβ0+β1x1+β2x2+⋯+βnxn
the outcome of binary classification problems. model (log of odd ratio) is the
Y=
1 − eβ0+β1x1+β2x2+⋯+βnxn
(3)
• In this study, the multinomial logistic regression model explains specific regression analysis for
the relationship between functional input X as factors of permissi­ understanding variation in the
probabilities for examining the
bility as an independent variable and the single dependent variable Y
system process of
for authority level, which has three levels, namely, acquire (access), permissibility and access-right
store, and monitor transactions of the data subject, and each level has and expressed as:
a binary outcome, i.e., to either allow (1) or deny (0) the transaction. Sigmoid function: we re-evaluate the privacy model of every node
• The sigmoid function plays the role of an activation function by as:
- to make predictions for data 1
taking the weighted sum of the functional input factors and outputs security and decision-making
Privacy(i)
n =
1 + e− α(#allow− #deny)
(4) where α is
the probability value. For any value of X, the sigmoid function will in BC. the step size
output a value between 0 and 1. - by counting the number of
• The limits of the power of the exponential in the multinomial logistic allow and deny actions a
trustworthy node, n, performs;
regression model are expressed in Eq. (3); and using the sigmoid
the sigmoid function is used to
function, Eq. (3) can be squashed into Eq. (4). squash(summarizes) it into a
probability. i.e.,
Privacy ∝ Resources(n)

43
O. Popoola et al.
distribution and transaction validation performed within the PoA
consensus algorithm process that validates transactions and creates
blocks; an efficient lightweight hybrid encryption scheme fit for
resource-constrained environments to provide data confidentiality and
by extension users’ privacy; provide efficient, decentralized and secure
data storage and fine-grained access control through smart contracts to
ensure ethical disclosure of private data in smart home health
ecosystem. Moreover, the paper also reviewed opportunities and solu­
tions that focused on the integration of BCoT with other technologies to
prevent data interception and leakage and ensure privacy preservation
in several domains with similar data security concerns to that of smart
healthcare. In several use cases, the adoption of blockchain was useful,
efficient, and suitable. However, it is necessary to continue to test out if
the healthcare domain requires the integration of blockchain or not, due
to the volatility of relevant health data protection regulations (e.g.,
HIPAA, GDPR), which at times requires a whole new thinking. More­
over, privacy concerns in healthcare require stringent ethical analysis,
approval, and documentation since privacy risks can evolve, thereby
provoking new regulatory compliance for communicating privacy
practices to stakeholders.
Specific problems addressed in the research questions investigated in
this article revealed the need for an authorisation framework that im­
plements a permissioned PoA-based blockchain as a building block and a
privacy model for decision-making within the BCN to support ethical
disclosure of private data in the healthcare realm. Publisher-subscriber
smart contract algorithm is also introduced to ensure access control
from the context of patient empowerment and information stakeholder
engagement. Moreover, several approaches toward implementation can
be done using different features of blockchain to achieve the aims
desired in RQ 1–5. The suggested approach leverages publisher-
subscriber contracts for access control. In addition, the classification
of permission authority, specific layers of smart contracts, control au­
thority, ethics, and governance rules across multiple healthcare services
is explorable and extensible for future work. Ongoing research work
aims to provide more findings from test-bed implementation.
In conclusion and further critiquing blockchain DLT, one of the most
frequently asked questions when presenting BCT is “When will this
technology be widely used?” In some ways, the technology is already
well-established. Blockchain-based cryptocurrencies are an undeniable
force within the payment world, with a market value of several billion
dollars and multiple well-funded exchanges. They have been a success
even if they may eventually be replaced. Most firms and sectors can
continue to thrive even if they do not implement blockchain into their
operations. Aside from that, this review highlights cases that are not
limited to payment services or digital currencies. People are concerned
about blockchain 2.0 implementations and how they will affect their
sector, as well as the possibility that competitors will incorporate these
technologies more quickly, putting them at a disadvantage. On the other
hand, organizations do not want to invest in a volatile trend, so the fact
that prestigious firms are investing heavily in these technologies is a
testimony to their relevance. The most pressing question is not if but
when blockchain resources will progress from being cutting-edge tech­
nology to enterprise-ready solutions. It is too soon to speculate; how­
ever, it is worth considering that blockchain solutions will have many
applications. Every business is unique and requires different tools, and it
is almost guaranteed that no ”one-size-fits-all” blockchain system will
ever exist.
Investment in BCT, albeit coming mainly from private sources, is
expected to increase and be extended by governmental initiatives.
Blockchain has brought together many of the brightest and most
enterprising individuals across different sectors, transforming into a
shining hub of enterprising and technological advances. It connects
three of the greatest fields of our time: technology, currency, and de­
mocracy. Its power for transformation means that individuals like our­
selves can achieve more control over our information, data, and,
ultimately, our lives. This is what democracy is supposed to look like in
44
Blockchain: Research and Applications 5 (2024) 100178
the Information Age. In a world where internet companies are monop­
olizing our online identities, blockchain may be able to empower users
to take back this perceived lack of control. However, we should be
prepared for the insecurities that it might bring with it.
Funding
This research did not receive any specific grant from funding
agencies in the public, commercial, or not-for-profit sectors.
Data availability
No data was used for the research described in the article.
CRediT authorship contribution statement
Olusogo Popoola: Writing – original draft, Writing – review &
editing. Marcos Rodrigues: Writing – review & editing. Jims March­
ang: Writing – review & editing. Alex Shenfield: Writing – review &
editing. Augustine Ikpehai: Writing – review & editing. Jumoke
Popoola: Writing – review & editing.
Declaration of competing interest
The authors declare that they have no known competing financial
interests or personal relationships that could have appeared to influence
the work reported in this paper.
Acknowledgments
I would like to thank my supervisory team for the inspiration and
assistance offered during the development and revision of this article.
References
[1] R. Neisse, G. Steri, I. Nai-Fovino, A blockchain-based approach for data
accountability and provenance tracking, in: Proceedings of the 12th International
Conference on Availability, Reliability and Security, 2017, pp. 1–10, https://doi.
org/10.1145/3098954.3098958.
[2] W. Wang, X. Li, X. Qiu, et al., A privacy-preserving framework for federated
learning in smart healthcare systems, Inf. Process. Manag. 60 (1) (2023) 103167,
https://doi.org/10.1016/j.ipm.2022.103167.
[3] T.K. Landauer, Research methods in human-computer interaction, in: Handbook
of Human-Computer Interaction, North-Holland., 1988, pp. 905–928, https://doi.
org/10.1016/B978-0-444-70536-5.50047-6.
[4] J. Lazar, J.H. Feng, H. Hochheiser, Research Methods in Human-Computer
Interaction, Morgan Kaufmann, 2017.
[5] L.K. Ramasamy, F. Khan, M. Shah, et al., Secure smart wearable computing
through artificial intelligence-enabled internet of things and cyber-physical
systems for health monitoring, Sensors 22 (3) (2022) 1076, https://doi.org/
10.3390/s22031076.
[6] A.S. Rajasekaran, A. Maria, M. Rajagopal, et al., Blockchain enabled anonymous
privacy-preserving authentication scheme for internet of health things, Sensors
23 (1) (2022) 240, https://doi.org/10.3390/s23010240.
[7] W. Li, T. Yigitcanlar, A. Liu, et al., Mapping two decades of smart home research:
a systematic scientometric analysis, Technol. Forecast. Soc. Change 179 (2022)
121676, https://doi.org/10.1016/j.techfore.2022.121676.
[8] J. Bugeja, A. Jacobsson, P. Davidsson, On privacy and security challenges in
smart connected homes. 2016 European Intelligence and Security Informatics
Conference (EISIC), IEEE, 2016, pp. 172–175, https://doi.org/10.1109/
EISIC.2016.044.
[9] W. Ali, G. Dustgeer, M. Awais, et al., IoT based smart home: security challenges,
security requirements and solutions. 2017 23rd International Conference on
Automation and Computing (ICAC), IEEE, 2017, pp. 1–6, https://doi.org/
10.23919/IConAC.2017.8082057.
[10] I. Butun, A. Sari, P. Österberg, Security implications of fog computing on the
internet of things. 2019 IEEE International Conference on Consumer Electronics
(ICCE), IEEE, 2019, pp. 1–6, https://doi.org/10.1109/ICCE.2019.8661909.
[11] O. Cheikhrouhou, O.B. Fredj, N. Atitallah, et al., Intrusion detection in industrial
iot. 2022 15th International Conference on Security of Information and Networks
(SIN), IEEE, 2022, pp. 1–4, https://doi.org/10.1109/SIN56466.2022.9970535.
[12] E.M. Schomakers, H. Biermann, M. Ziefle, Users’ preferences for smart home
automation–investigating aspects of privacy and trust, Telematics Inf. 64 (2021)
101689, https://doi.org/10.1016/j.tele.2021.101689.
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

[13] J.K. Burgoon, Privacy and communication, in: Communication Yearbook, vol. 6, [41] S. Cannizzaro, R. Procter, How is the internet of things industry responding to the
Routledge, 2012, pp. 206–249. cybersecurity challenges of the smart home?, in: Ubiquitous and Pervasive
[14] T. Wong, Review Essay—Helen Nissenbaum’s privacy in context: technology, Computing-New Trends and Opportunities IntechOpen, 2022 https://doi.org/
policy, and the integrity of social life (2010), German Law Journal 12 (3) (2011) 10.5772/intechopen.106012.
957–967, https://doi.org/10.1017/S2071832200017168. [42] O. d’Angelis, L. Di Biase, L. Vollero, et al., IoT architecture for continuous long
[15] I. Altman, Privacy - a conceptual analysis, Environ. Behav. 8 (1) (1976) 7–29. term monitoring: Parkinson’s Disease case study, Internet of Things 20 (2022)
[16] S. Lahlou, Identity, social status, privacy and face-keeping in digital society, Soc. 100614, https://doi.org/10.1016/j.iot.2022.100614.
Sci. Inf. 47 (3) (2008) 299–330, https://doi.org/10.1177/0539018408092575. [43] J. Zhao, S. Zhang, Y. Sun, et al., Wearable optical sensing in the medical internet
[17] P. Pirzada, A. Wilde, G.H. Doherty, et al., Ethics and acceptance of smart homes of things (MIoT) for pervasive medicine: opportunities and challenges, ACS
for older adults, Inf. Health Soc. Care 47 (1) (2022) 10–37, https://doi.org/ Photonics 9 (8) (2022) 2579–2599, https://doi.org/10.1021/
10.1080/17538157.2021.1923500. acsphotonics.2c00898.
[18] T. Dinev, M. Bellotto, P. Hart, et al., Privacy calculus model in e-commerce–a [44] Y. Padarthi, R.R.P. Kuppusamy, IoT-based embedded sensor system for real-time
study of Italy and the United States, Eur. J. Inf. Syst. 15 (4) (2006) 389–402, health monitoring of composite structures for large-scale industrial operations, in:
https://doi.org/10.1057/palgrave.ejis.3000590. Industrial Automation and Robotics, CRC Press, 2022, pp. 3–32.
[19] F. Kehr, T. Kowatsch, D. Wentzel, et al., Blissfully ignorant: the effects of general [45] A.J. Perez, F. Siddiqui, S. Zeadally, et al., A review of IoT systems to enable
privacy concerns, general institutional trust, and affect in the privacy calculus, independence for the elderly and disabled individuals, Internet of Things 21
Inf. Syst. J. 25 (6) (2015) 607–635, https://doi.org/10.1111/isj.12062. (2023) 100653, https://doi.org/10.1016/j.iot.2022.100653.
[20] Himanshi, Consensus mechanisms in blockchain. https://www.shiksha.com/onli [46] S.A. Ali, R. Khan, IoT-based technologies for addressing the unique healthcare
ne-courses/articles/consensus-mechanisms-in-blockchain, 2023. needs of the elderly population. https://doi.org/10.20944/preprints202303.00
[21] M. Singh, A. Singh, S. Kim, Blockchain: a game changer for securing IoT data. 88.v1, 2023.
2018 IEEE 4th World Forum on Internet of Things (WF-IoT), IEEE, 2018, [47] A. Daniels, The rise of private permissionless blockchains — part 1. https
pp. 51–55, https://doi.org/10.1109/WF-IoT.2018.8355182. ://medium.com/ltonetwork/the-rise-of-private-permissionless-blockchains-part-
[22] G.G. Dagher, J. Mohler, M. Milojkovic, et al., Ancile: privacy-preserving 1-4c39bea2e2be, 2018. (Accessed 10 September 2023).
framework for access control and interoperability of electronic health records [48] M. Hamza and M. A. Akbar. Smart Healthcare System Implementation
using blockchain technology, Sustain. Cities Soc. 39 (2018) 283–297, https://doi. Challenges: A Stakeholder Perspective. arXiv. 2022. Preprint. arXiv: 2208.12641.
org/10.1016/j.scs.2018.02.014. [49] X. Du, B. Chen, M. Ma, et al., Research on the application of blockchain in smart
[23] R. Zhang, R. Xue, L. Liu, Security and privacy on blockchain, ACM Comput. Surv. healthcare: constructing a hierarchical framework, Journal of Healthcare
52 (3) (2019) 1–34, https://doi.org/10.1145/3316481. Engineering 2021 (2021), 10.1155%2F2021%2F6698122.
[24] A. Jøsang, A consistent definition of authorization. Security and Trust [50] A.I. Florea, I. Anghel, T. Cioara, A review of blockchain technology applications
Management: 13th International Workshop, STM 2017, Oslo, Norway, September in ambient assisted living, Future Internet 14 (5) (2022) 150, https://doi.org/
14–15, 2017, Proceedings 13, Springer International Publishing, 2017, 10.3390/fi14050150.
pp. 134–144, https://doi.org/10.1007/978-3-319-68063-7_9. [51] H.M. Hussien, S.M. Yasin, S.N.I. Udzir, et al., A systematic review for enabling of
[25] M. Kucharczyk, What is a private blockchain and why do you need it?. https develop a blockchain technology in healthcare application: taxonomy,
://softwaremill.com/what-is-private-blockchain-why-do-you-need-it/, 2021. substantially analysis, motivations, challenges, recommendations and future
(Accessed 14 June 2021). direction, J. Med. Syst. 43 (2019) 1–35, https://doi.org/10.1007/s10916-019-
[26] V. Buterin, On Public and Private Blockchains, 2015. https://blog.ethereum.org/ 1445-8.
2015/08/07/on-public-and-private-blockchains. (Accessed 1 December 2020). [52] W. Viriyasitavat, L. Da Xu, Z. Bi, et al., Blockchain technology for applications in
[27] A. Badshah, M. Waqas, F. Muhammad, et al., A novel framework for smart internet of things—mapping from system design perspective, IEEE Internet
systems using blockchain-enabled Internet of Things, IT Professional. 24 (3) Things J. 6 (5) (2019) 8155–8168, https://doi.org/10.1109/JIOT.2019.2925825.
(2022) 73–80, https://doi.org/10.1109/MITP.2022.3143658. [53] K. Gaikwad, K. Kulkarni, S. Kohle, et al., Implementation of blockchain
[28] C.V.S. Aishwarya, J. Caleb Joel Raj, S.K. Mandal, et al., Smart health care by technology in IOT based smart home. 2022 5th International Conference on
harnessing the internet of things (IoT): applications, challenges, and future Advances in Science and Technology (ICAST), IEEE, 2022, pp. 6–10, https://doi.
aspects, in: IoT Based Smart Applications, Springer International Publishing, org/10.1109/ICAST55766.2022.10039525.
Cham, 2022, pp. 35–54, https://doi.org/10.1007/978-3-031-04524-0_3. [54] Z.K. Taha, C.T. Yaw, S.P. Koh, et al., A survey of federated learning from data
[29] R. Krishnamurthy, Bitcoin Mining Unsustainable; Climate Damages Comparable perspective in the healthcare domain: challenges, methods, and future directions,
to Beef, Natural Gas, Crude Oil: Study, downtoearth.org.in/news/renewable- IEEE Access 11 (2023), https://doi.org/10.1109/ACCESS.2023.3267964.
energy/bitcoin-mining-unsustainable-climate-damages-comparable-to-beef- [55] T.K. Mackey, T.T. Kuo, B. Gummadi, et al., ‘Fit-for-purpose?’–challenges and
natural-gas-crude-oil-study-85266#:~:text=Roughly%20707%20kilowatt% opportunities for applications of blockchain technology in the future of
20hour%20(kWh,and%20natural%20gas%2C%20said%20Jones, 2022. healthcare, BMC Med. 17 (2019) 1–17, https://doi.org/10.1186/s12916-019-
(Accessed 10 October 2022). 1296-7.
[30] ITU-T, Technical Report FG DLT D1.2 Distributed ledger technology overview, [56] K.A. Clauson, E.A. Breeden, C. Davidson, et al., Leveraging blockchain technology
concepts, ecosystem. https://www.itu.int/en/ITU-T/focusgroups/dlt/Document to enhance supply chain management in healthcare:: an exploration of challenges
s/d12.pdf, 2019. (Accessed 1 March 2021). and opportunities in the health supply chain, Blockchain in healthcare today 1
[31] M. Xie, J. Liu, S. Chen, et al., A survey on blockchain consensus mechanism: (2018), https://doi.org/10.30953/bhty.v1.20.
research overview, current advances and future directions, International Journal [57] S.A. Bennacer, K. Sabiri, A. Aaroud, et al., A comprehensive survey on
of Intelligent Computing and Cybernetics 16 (2) (2023) 314–340, https://doi. blockchain-based healthcare industry: applications and challenges, Indones. J.
org/10.1108/IJICC-05-2022-0126. Electr. Eng. Comput. Sci. 30 (3) (2023) 1558–1571, https://doi.org/10.11591/
[32] D. Yaga, P. Mell, N. Roby and K. Scarfone. Blockchain Technology Overview.,” ijeecs.v30.i3.pp1558-1571.
arXiv. 2019. preprint. arXiv:1906.11078. [58] R. Pathak, B. Soni, N.B. Muppalaneni, Role of blockchain in health care: a
[33] X. Xu, G. Sun, L. Luo, et al., Latency performance modeling and analysis for comprehensive study. Proceedings of 3rd International Conference on Recent
hyperledger fabric blockchain network, Inf. Process. Manag. 58 (1) (2021) Trends in Machine Learning, IoT, Smart Cities and Applications: ICMISC 2022,
102436, https://doi.org/10.1016/j.ipm.2020.102436. Springer Nature Singapore, Singapore, 2023, pp. 137–154, https://doi.org/
[34] T. Wall, The risk of “credential stuffing” to the smart home. https://www.iotforall 10.1007/978-981-19-6088-8_13.
.com/credential-stuffing, 2019. (Accessed 19 June 2021). [59] A. Pattanayaka, S. Dhala, Blockchain in Healthcare. Preprint, Elsevier, 2021.
[35] B. Ali, A.I. Awad, Cyber and physical security vulnerability assessment for IoT- [60] M.S. Mahmood, N.B. Al Dabagh, Blockchain technology and internet of things:
based smart homes, Sensors 18 (3) (2018) 817, https://doi.org/10.3390/ review, challenge and security concern, Int. J. Electr. Comput. Eng. 13 (1) (2023)
s18030817. 718–735, https://doi.org/10.11591/ijece.v13i1.pp718-735.
[36] L. Ziani, M.E. Khanouche, A. Belaid, Internet of Behaviors: a literature review of [61] N. Kuriakose, D. Midhunchakkaravarthy, A review on IoT blockchain technology,
an emerging technology. 2022 First International Conference on Big Data, IoT, Indian Journal of Data Communication and Networking (IJDCN) 3 (1) (2022)
Web Intelligence and Applications (BIWA), IEEE, 2022, pp. 42–47, https://doi. 2582, https://doi.org/10.54105/ijdcn.F3719.123122, 760X.
org/10.1109/BIWA57631.2022.10037987. [62] D. Marbouh, M.C.E. Simsekler, K. Salah, et al., Blockchain for patient safety: use
[37] D. Zafar, The blockchain & data privacy (GDPR). https://cybersecurity.att.com cases, opportunities and open challenges, Data 7 (12) (2022) 182, https://doi.
/blogs/security-essentials/the-blockchain-data-privacy-gdpr, 2022. (Accessed 13 org/10.3390/data7120182.
February 2023). [63] Z. Wenhua, F. Qamar, T.A.N. Abdali, et al., Blockchain technology: security
[38] Gartner, Leading in a digital world: the dawn of the digital industrial economy, issues, healthcare applications, challenges and future trends, Electronics 12 (3)
in: Gartner Symposium/ITxpo 2013, Gold Coast, Australia, 2013, pp. 28–31 (2023) 546, https://doi.org/10.3390/electronics12030546.
October. [64] B.S. Egala, A.K. Pradhan, P. Dey, et al., Fortified-chain 2.0: intelligent blockchain
[39] R. Meulen, Gartner says 4.9 billion connected “things” will Be in Use in 2015, for decentralized smart healthcare system, IEEE Internet Things J. 10 (14) (2023),
Available: https://www.gartner.com/en/newsroom/press-releases/201 https://doi.org/10.1109/JIOT.2023.3247452.
4-11-11-gartner-says-nearly-5-billion-connected-things-will-be-in-use-in-201 [65] S.G. Alonso, J. Arambarri, M. López-Coronado, et al., Proposing new blockchain
5.2014. (Accessed 15 March 2021). challenges in ehealth, J. Med. Syst. 43 (3) (2019) 64, https://doi.org/10.1007/
[40] G. Nagasubramanian, R.K. Sakthivel, R. Patan, et al., Securing e-health records s10916-019-1195-7.
using keyless signature infrastructure blockchain technology in the cloud, Neural [66] A. Odeh, I. Keshta, Q.A. Al-Haija, Analysis of blockchain in the healthcare sector:
Comput. Appl. 32 (3) (2020) 639–647, https://doi.org/10.1007/s00521-018- application and issues, Symmetry 14 (9) (2022) 1760, https://doi.org/10.3390/
3915-1. sym14091760.

45
O. Popoola et al.
[67] K.M. Abiodun, E.A. Adeniyi, J.B. Awotunde, et al., Blockchain and internet of
things in healthcare systems: Prospects, issues, and challenges, in: Digital Health
Transformation with Blockchain and Artificial Intelligence, CRC Press, 2022, [93]
pp. 1–22.
[68] M.S. Arbabi, C. Lal, N.R. Veeraragavan, et al., A survey on blockchain for
healthcare: challenges, benefits, and future directions, IEEE communications
surveys & tutorials 25 (1) (2022) 386–424, https://doi.org/10.1109/
COMST.2022.3224644.
[69] R. KumarArjunaditya, D. Singh, et al., AI-powered blockchain technology for
public health: a contemporary review, open challenges, and future research
directions, Healthcare. MDPI. 11 (1) (2022) 81, https://doi.org/10.3390/
healthcare11010081.
[70] K. Pal, A decentralized privacy preserving healthcare blockchain for iot,
challenges, and solutions, in: Prospects of Blockchain Technology for Accelerating [96]
Scientific Advancement in Healthcare, IGI Global, 2022, pp. 158–188.
[71] A.D. Dwivedi, G. Srivastava, S. Dhar, et al., A decentralized privacy-preserving
healthcare blockchain for IoT, Sensors 19 (2) (2019) 326, https://doi.org/
10.3390/s19020326.
[72] Z. Ilyas, M.I. Tariq, S.K. Shahzad, et al., Resolving smart health security issues
using ontologies and blockchain services, Pakistan Journal of Emerging Science [98]
And Technologies (PJEST) 3 (2) (2022), https://doi.org/10.56819/pjest.v3i2.74.
[73] R. Myrzashova, S.H. Alsamhi, A.V. Shvetsov, et al., Blockchain meets federated
learning in healthcare: a systematic review with challenges and opportunities, [99]
IEEE Internet Things J. 10 (16) (2023) 14418–14437, https://doi.org/10.1109/
JIOT.2023.3263598.
[74] C. Choudhary, I. Singh, M. Shafiq, Blockchain for IoT security and privacy: [100]
challenges, application areas and implementation issues, Cross-Industry
Blockchain Technology: Opportunities and Challenges in Industry 4.0 1 (2022).
[75] H.D. Zubaydi, P. Varga, S. Molnár, Leveraging blockchain technology for ensuring [101]
security and privacy aspects in internet of things: a systematic literature review,
Sensors 23 (2) (2023) 788, https://doi.org/10.3390/s23020788.
[76] M. Attaran, Blockchain technology in healthcare: challenges and opportunities, [102]
Int. J. Healthc. Manag. 15 (1) (2022) 70–83, https://doi.org/10.1080/
20479700.2020.1843887.
[77] J. Andrew, D.P. Isravel, K.M. Sagayam, et al., Blockchain for healthcare systems: [103]
architecture, security challenges, trends and future directions, J. Netw. Comput.
Appl. 215 (2023) 103633, https://doi.org/10.1016/j.jnca.2023.103633.
[78] Y.I. Alzoubi, A. Al-Ahmad, H. Kahtan, et al., Internet of things and blockchain [104]
integration: security, privacy, technical, and design challenges, Future Internet 14
(7) (2022) 216, https://doi.org/10.3390/fi14070216.
[79] N. Adhikari, M. Ramkumar, IoT and blockchain integration: applications, [105]
opportunities, and challenges, Network 3 (1) (2023) 115–141, https://doi.org/
10.3390/network3010006.
[80] A.S. Makinde, S. Omaji, A.O. Agbeyangi, et al., Impact of blockchain on the
security and privacy of IoT-empowered healthcare systems, in: Contemporary
Applications of Data Fusion for Advanced Healthcare Informatics, IGI Global, [106]
2023, pp. 319–349, https://doi.org/10.4018/978-1-6684-8913-0.ch014.
[81] A.S. Makinde, A.O. Agbeyangi, S. Omaji, Integration of blockchain into medical
data security: key features, use cases, technical challenges, and future directions, [107]
in: Contemporary Applications of Data Fusion for Advanced Healthcare
Informatics, IGI Global, 2023, pp. 137–165, https://doi.org/10.4018/978-1-
6684-8913-0.ch006.
[82] S. Gupta, H.K. Sharma, M. Kapoor, Application and challenges of blockchain in [108]
IoMT in smart healthcare system, in: Blockchain for Secure Healthcare Using
Internet of Medical Things (IoMT), Springer International Publishing, Cham,
2022, pp. 39–53, https://doi.org/10.1007/978-3-031-18896-1_4.
[83] M. Alarjani, M. Alhaider, A review of challenges of block chain with COVID-19: a
review paper. European Journal of Health Sciences, European Journal of Health [109]
Sciences 8 (2) (2023) 32–49, https://doi.org/10.47672/ejhs.1384.
[84] W. Issa, N. Moustafa, B. Turnbull, et al., Blockchain-based federated learning for
securing internet of things: a comprehensive survey, ACM Comput. Surv. 55 (9)
(2023) 1–43, https://doi.org/10.1145/3560816.
[85] K. Zoughalian, J. Marchang, B. Ghita, A blockchain secured pharmaceutical
distribution system to fight counterfeiting, Int. J. Environ. Res. Publ. Health 19
(7) (2022) 4091, https://doi.org/10.3390/ijerph19074091.
[86] M. Aslam, S. Jabbar, Q. Abbas, et al., Leveraging Ethereum platform for
development of efficient tractability system in pharmaceutical supply chain,
Systems 11 (4) (2023), https://doi.org/10.3390/systems11040202.
[87] D. Komarasamy, M.K. Dharani, R. Thamilselvan, et al., Challenges, progress and [112]
opportunities of blockchain in healthcare data, in: Healthcare 4.0, Chapman and
Hall/CRC, 2022, pp. 111–130.
[88] T. Alam, Blockchain-based internet of things: review, current trends, applications,
and future challenges, Computers 12 (1) (2022), https://doi.org/10.3390/
computers12010006.
[89] S.A. Yousiff, R.A.A.H. Muhajjir, A review of blockchain-based internet of things,
Iraqi Journal for Electrical and Electronic Engineering 6 (8) (2022) 22–28,
https://doi.org/10.37917/ijeee.19.1.3.
[90] A.K. Yadav, V.P. Vishwakarma, Adoptation of blockchain of things (BCOT):
oppurtunities & challenges, in: 2022 IEEE International Conference on
Blockchain and Distributed Systems Security (ICBDS), IEEE, 2022, pp. 1–5.
[91] S. Lipsa, T.N. Nguyen, R.K. Dash, A new signature-based blockchain paradigm: [115]
foreseeable impact on healthcare applications, IEEE Internet of Things Magazine
5 (3) (2022) 146–151, https://doi.org/10.1109/IOTM.001.2200017.
[92] A. Razzaq, S.A.H. Mohsan, S.A.K. Ghayyur, et al., Blockchain in healthcare: a
decentralized platform for digital health passport of COVID-19 based on
46
Blockchain: Research and Applications 5 (2024) 100178
vaccination and immunity certificates, Healthcare 12 (10) (2022) 2453, https://
doi.org/10.3390/healthcare10122453.
M.H. Yekta, A. Shahidinejad, M. Ghobaei-Arani, Blockchain for transparent,
privacy preserved, and secure health data management, in: Implementation of
Smart Healthcare Systems Using AI, IoT, and Blockchain, Academic Press, 2023,
pp. 219–242, https://doi.org/10.1016/B978-0-323-91916-6.00011-4.
[94] A.B. Tello, J. Xing, A.L. Patil, Blockchain technologies in healthcare system for
real time applications using IoT and deep learning techniques, Int. J. Commun.
Network. Inf. Secur. 4 (3) (2023) 257–268, https://doi.org/10.17762/ijcnis.
v14i3.5621.
[95] S.S. Nath, S. Sadagopan, D.V. Babu, et al., Block chain-based security and privacy
framework for point of care health care IoT devices, Soft Comput. (2023) 1–13,
https://doi.org/10.1007/s00500-023-07932-4.
L. Abdelgalil, M. Mejri. HealthBlock, A modular framework for a collaborative
sharing of electronic health records based on blockchain, Future Internet 15 (3)
(2023) 87, https://doi.org/10.3390/fi15030087.
[97] G.M. Karthik, A.S. Kalyana Kumar, A.B. Karri, et al., Deep intelligent blockchain
technology for securing IoT-based healthcare multimedia data, Wireless Network
29 (2023) 2481–2493, https://doi.org/10.1007/s11276-023-03333-5.
A. Hasselgren, K. Kralevska, D. Gligoroski, et al., Blockchain in healthcare and
health sciences—a scoping review, Int. J. Med. Inf. 134 (2023) 104040, https://
doi.org/10.1016/j.ijmedinf.2019.104040.
D. Marbouh, M.C.E. Simsekler, K. Salah, et al., A blockchain-based regulatory
framework for mHealth, Data 7 (12) (2022) 177, https://doi.org/10.3390/
data7120177.
A.E. Smail, F. Harmali, Electronic Health Record (EHR) Management Blockchain-
Based in Healthcare Systems, Doctoral dissertation, université akli mohand
oulhadj-bouira, 2022.
B. Balusamy, N. Chilamkurti, L.A. Beena, et al., Blockchain and Machine Learning
for E-Healthcare Systems, IET, London, UK, 2020, https://doi.org/10.1049/
PBHE029E.
J. Zhang, How Do Trust and Decentralization Impact Adoption? an Agent-Based
Model for Diffusion of Blockchain-Based COVID-19 Contact Tracing Apps,
Doctoral dissertation, University of British Columbia, 2023.
S. Meisami, S. Meisami, M. Yousefi, et al. Combining Blockchain and IoT for
Decentralized Healthcare Data Management. arXiv. 2023. preprint. arXiv:
2304.00127.
S. Gupta, M. Shabaz, A. Gupta, et al., Personal healthcare of things: a novel
paradigm and futuristic approach, CAAI Transactions on Intelligence Technology
(2023) 1–17, https://doi.org/10.1049/cit2.12220.
I. Azogu, A. Norta, I. Papper, et al., A framework for the adoption of blockchain
technology in healthcare information management systems: a case study of
Nigeria, in: Proceedings of the 12th International Conference on Theory and
Practice of Electronic Governance, 2019, pp. 310–316, https://doi.org/10.1145/
3326365.3326405.
K. Pal, Blockchain with the internet of things for secure healthcare service using
lightweight cryptography, in: Blockchain Applications in Cryptocurrency for
Technological Evolution. IGI Global, 2023, pp. 60–93.
L. Javed, B.M. Yakubu, M. Waleed, et al., A survey on healthcare IoT security
issues and blockchain-based solution, International Journal of Electrical and
Computer Engineering Research 2 (4) (2022) 1–9, https://doi.org/10.53375/
ijecer.2022.302.
X. Yang, C. Wu, X. Yan, et al. Blockchain-based healthcare and medicine data
sharing and service system. In: D. Svetinovic, Y. Zhang, X. Luo, et al. (Eds.)
Blockchain and Trustworthy Systems. BlockSys 2022. Communications in
Computer and Information Science, vol vol 1679. Springer, Singapore. https://
doi.org/10.1007/978-981-19-8043-5_6.
B. Sharma, Kawalpreet. Blockchain: remaking the healthcare sector, in: 2022 11th
International Conference on System Modeling & Advancement in Research Trends
(SMART), IEEE, 2022, pp. 779–785, https://doi.org/10.1109/
SMART55829.2022.10047807.
[110] L. Abdelgalil, M. Mejri. HealthBlock, A framework for a collaborative sharing of
electronic health records based on blockchain, Future Internet 15 (3) (2023) 87,
https://doi.org/10.3390/fi15030087.
[111] A. Tiwari, U. Batra, Internet of medical things enabled by permissioned
blockchain on distributed storage, in: R. Agrawal, P. Mitra, A. Pal, et al. (Eds.),
International Conference on IoT, Intelligent Computing and Security, Springer,
Singapore, 2023, pp. 3–17, https://doi.org/10.1007/978-981-19-8136-4_1.
S. Showkat, S. Qureshi, Securing the internet of things through blockchain
approach: security architectures, consensus algorithms, enabling technologies,
open issues, and research directions, International Journal of Computing and
Digital Systems 13 (1) (2023) 97–129, https://doi.org/10.12785/ijcds/130109.
[113] S. Chenthara, K. Ahmed, H. Wang, et al., Healthchain: a novel framework on
privacy preservation of electronic health records using blockchain technology,
PLoS One 15 (12) (2020) e0243043, https://doi.org/10.1371/journal.
pone.0243043.
[114] S. Biswas, K. Sharif, F. Li, et al., Globechain: an interoperable blockchain for
global sharing of healthcare data—a covid-19 perspective, IEEE Consumer
Electronics Magazine 10 (5) (2021) 64–69, https://doi.org/10.1109/
MCE.2021.3074688.
K. Pal, IoT applications with cryptography and blockchain technology in
healthcare digital twin design, in: Role of 6G Wireless Networks in AI and
Blockchain-Based Applications, IGI Global, 2023, pp. 220–249, https://doi.org/
10.4018/978-1-6684-5376-6.ch009.
O. Popoola et al.
[116] O. Hasan, L. Brunie, E. Bertino, Privacy-preserving reputation systems based on
blockchain and other cryptographic building blocks: a survey, ACM Comput.
Surv. 55 (2) (2022), https://doi.org/10.1145/3490236.
[117] N. Rifi, N. Agoulmine, N. Chendeb Taher, et al., Blockchain technology: is it a [142]
good candidate for securing iot sensitive medical data? Wireless Commun. Mobile
Comput. (2018) 1–11, https://doi.org/10.1155/2018/9763937.
[118] F.I. Anik, N. Sakib, H. Shahriar, et al., Unraveling a blockchain-based framework
towards patient empowerment: a scoping review envisioning future smart health
technologies, Smart Health 29 (2023) 100401, https://doi.org/10.1016/j.
smhl.2023.100401.
[119] Y. Liu, F. Ju, Q. Zhang, et al., Overview of Internet of Medical Things security [144]
based on blockchain access control, J. Database Manag. 34 (3) (2023) 1–20,
https://doi.org/10.4018/JDM.321545.
[120] B.B. Sezer, H. Turkmen, U. Nuriyev. Ppfchain, A novel framework privacy- [145]
preserving blockchain-based federated learning method for sensor networks,
Internet of Things 22 (1) (2023) 100781, https://doi.org/10.1016/j.
iot.2023.100781. [146]
[121] S. Uppal, B. Kansekar, S. Mini, et al., HealthDote: a blockchain-based model for
continuous health monitoring using interplanetary file system, Healthcare
Analytics 3 (2023) 100175, https://doi.org/10.1016/j.health.2023.100175.
[122] P. Bedi, S.B. Goyal, J. Kumar, Secure medical data transmission over wireless
body area network using blockchain, in: S. Kautish, G. Dhiman (Eds.), AI-enabled
Multiple-Criteria Decision-Making Approaches for Healthcare Management, IGI [148]
Global, Hershey, 2020, pp. 70–84, https://doi.org/10.4018/978-1-6684-4405-4.
ch004.
[123] H.K. Sharma, A. Kumar, S.R.M. Pant, Artificial Intelligence, Blockchain and IoT [149]
for Smart Healthcare, CRC Press, New York, NY, 2022.
[124] S. Baskar, P.V. Gopirajan, Application of blockchain in digital healthcare. 2023
International Conference on Intelligent and Innovative Technologies in
Computing, Electrical and Electronics (IITCEE), IEEE, 2023, pp. 591–595, https:// [150]
doi.org/10.1109/IITCEE57236.2023.10091070.
[125] H.B. Mahajan, A.A. Junnarkar, Smart healthcare system using integrated and
lightweight ECC with private blockchain for multimedia medical data processing, [151]
Multimed. Tool. Appl. (2023) 1–24, https://doi.org/10.1007/s11042-023-15204-
4.
[126] S. Shree, C. Zhou, M. Barati, Data protection in Internet of Medical Things using
blockchain and secret sharing method, J. Supercomput. 80 (2024) 5108–5135, [152]
https://doi.org/10.1007/s11227-023-05657-7.
[127] N.K. Dewangan, P. Chandrakar. TempChain, A blockchain scheme for telehealth
data sharing between two blockchains using property mapping function, [153]
J. Supercomput. 79 (2023) 14808–14826, https://doi.org/10.1007/s11227-023-
05259-3.
[128] A. Ali, M.F. Pasha, O.H. Fang, et al., Big data based smart blockchain for
information retrieval in privacy-preserving healthcare system, in: Y. Baddi, [154]
Y. Gahi, Y. Maleh, et al. (Eds.), Big Data Intelligence for Smart Applications,
Springer, Cham, 2022, pp. 279–296, https://doi.org/10.1007/978-3-030-87954-
9_13.
[129] K. Boeckl, N. Lefkovitz, NIST privacy framework: an overview. https://tsapps.nist
.gov/publication/getpdf.cfm?pubid=930470.2020. (Accessed 28 February 2021).
[130] S. Mazumdar, T. Dreibholz, Secure embedded living: towards a self-contained
user data preserving framework, IEEE Commun. Mag. 60 (11) (2022) 74–80, [156]
https://doi.org/10.1109/MCOM.001.2200165.
[131] G. D’Acquisto, J. Domingo-Ferrer, P. Kikiras, et al. Privacy by Design in Big Data:
an Overview of Privacy Enhancing Technologies in the Era of Big Data Analytics. [157]
arXiv. 2015. preprint. arXiv: 1512.06000.
[132] C. Lee, L. Zappaterra, K. Choi, et al., Securing smart home: technologies, security
challenges, and security requirements. 2014 IEEE Conference on Communications [158]
and Network Security, IEEE, 2014, pp. 67–72, https://doi.org/10.1109/
CNS.2014.6997467.
[133] Z. Zeng, Y. Li, Y. Cao, et al., Blockchain technology for information security of the [159]
energy internet: fundamentals, features, strategy and application, Energies 13 (4)
(2020) 881, https://doi.org/10.3390/en13040881.
[134] S.S. Dhanda, B. Singh, P. Jindal, Lightweight cryptography: a solution to secure
IoT, Wireless Pers. Commun. 112 (3) (2020) 1947–1980, https://doi.org/
10.1007/s11277-020-07134-3.
[135] R. Kamal, Internet of Things: Architecture and Design Principles, McGraw Hill
Education (India), Delhi, Delhi, 2017. [161]
[136] N. Guhr, O. Werth, P.P.H. Blacha, et al., Privacy concerns in the smart home
context, SN Appl. Sci. 2 (2020) 247, https://doi.org/10.1007/s42452-020-2025-
8. [162]
[137] E. Commission, Commission proposes a comprehensive reform of data protection
rules to increase users’ control of their data and to cut costs for businesses. https [163]
://ec.europa.eu/commission/presscorner/detail/en/IP_12_46.2012. (Accessed 20
March 2021).
[138] Rt.com, President Obama announces initiatives on data security and student [164]
privacy. https://www.huntonprivacyblog.com/2015/01/12/president
-obama-announces-initiatives-data-security-student-privacy/, 2015. (Accessed 20
March 2021). [165]
[139] G. Corser, G.A. Fink, M. Aledhari, et al., Internet of things (IoT) security best
practice, IEEE Internet Technology Policy Community White Paper (2017).
[140] J. Wolff, At long last, a sensible internet of things security bill has been introduced
in the senate. http://www.slate.com/blogs/future_tense/2017/08/03/the_senate_
is_considering_an_internet_of_things_security_bill.html, 2017. (Accessed 12
January 2018).
[141] C. Wirth, M. Kolain, Privacy by blockchain design: a blockchain-enabled GDPR-
compliant approach for handling personal data, in: W. Prinz, P. Hoschka (Eds.),
47
Blockchain: Research and Applications 5 (2024) 100178
Proceedings of the 1st ERCIM Blockchain Workshop 2018, European Society for
Socially Embedded Technologies, Amsterdam, 2018, https://doi.org/10.18420/
blockchain2018_03.
H. Rahanu, E. Georgiadou, K. Siakas, et al., Ethical issues invoked by Industry 4.0,
in: M. Yilmaz, P. Clarke, R. Messnarz, et al. (Eds.), Software and Services Process
Improvement. EuroSPI 2021. Communications in Computer and Information
Science, Springer, Cham, 2021, pp. 589–606, https://doi.org/10.1007/978-3-
030-85521-5_39.
[143] M. Benchoufi, P. Ravaud, Blockchain technology for improving clinical research
quality, Trials 18 (1) (2017) 335, https://doi.org/10.1186/s13063-017-2035-z.
M. Benchoufi, R. Porcher, P. Ravaud, Blockchain protocols in clinical trials:
transparency and traceability of consent, F1000Research 6 (2017) 66, https://
doi.org/10.12688/f1000research.10531.5.
T. Nugent, D. Upton, M. Cimpoesu, Improving data transparency in clinical trials
using blockchain smart contracts, F1000Research 5 (2016) 2541, https://doi.org/
10.12688/f1000research.9756.1.
S. Furnell, R. Esmael, W. Yang, et al., Enhancing security behaviour by supporting
the user, Comput. Secur. 75 (2018) 1–9, https://doi.org/10.1016/j.
cose.2018.01.016.
[147] S.A. Salami, J. Baek, K. Salah, et al., Lightweight encryption for smart home, in:
2016 11th International Conference on Availability, Reliability and Security
(ARES), IEEE, 2016, pp. 382–388, https://doi.org/10.1109/ARES.2016.40.
M.A. Rodrigues, M.M. Siddeq, Information system: secure access and storage in
the age of cloud computing, Athens Journal of Sciences 3 (4) (2016) 267–284,
https://doi.org/10.30958/ajs.3-4-1.
G.S. Poh, P. Gope, J. Ning. PrivHome, privacy-preserving authenticated
communication in smart home environment, IEEE Trans. Dependable Secure
Comput. 18 (3) (2019) 1095–1107, https://doi.org/10.1109/
TDSC.2019.2914911.
M. Rodrigues, AI deep learning and data security in the internet of everything, in:
Kelaniya International Conference on Advances in Computing and Technology
KICACT, 2016. Colombo, Sri Lanka.
S. Lee, J. Choi, J. Kim, et al., FACT: functionality-centric access control system for
IoT programming frameworks, in: Proceedings of the 22nd ACM on Symposium
on Access Control Models and Technologies, 2017, pp. 43–54, https://doi.org/
10.1145/3078861.3078864.
F. Jonsson, M. Tornkvist, RSA authentication in internet of things: technical
limitations and industry expectations. http://www.diva-portal.org/smash/get/
diva2:1112039/FULLTEXT01.pdf, 2017. (Accessed 12 January 2018).
R. Wang, J. He, C. Liu, et al., A privacy-aware PKI system based on permissioned
blockchains, in: 2018 IEEE 9th International Conference on Software Engineering
and Service Science (ICSESS), IEEE, 2018, pp. 928–931, https://doi.org/10.1109/
ICSESS.2018.8663738.
D. Sadhukhan, S. Ray, G.P. Biswas, et al., A lightweight remote user
authentication scheme for IoT communication using elliptic curve cryptography,
J. Supercomput. 77 (2) (2021) 1114–1151, https://doi.org/10.1007/s11227-020-
03318-7.
[155] R. Creaney, L. Reid, M. Currie, The contribution of healthcare smart homes to
older peoples’ wellbeing: a new conceptual framework. Wellbeing, Space and
Society 2 (2021) 100031, https://doi.org/10.1016/j.wss.2021.100031.
S. Pesaru, N.K. Mallenahalli, B.V. Vardhan, Light weight cryptography-based data
hiding system for internet of medical things, Int. J. Healthc. Manag. (2022) 1–14,
https://doi.org/10.1080/20479700.2022.2161145.
W. Yánez, R. Bahsoon, Y. Zhang, et al., Architecting internet of things systems
with blockchain: a catalog of tactics, ACM Trans. Software Eng. Methodol. 30 (3)
(2021) 1–46, https://doi.org/10.1145/3442412.
W. Yánez, R. Mahmud, R. Bahsoon, et al., Data allocation mechanism for internet-
of-things systems with blockchain, IEEE Internet Things J. 7 (4) (2020)
3509–3522, https://doi.org/10.1109/JIOT.2020.2972776.
A. Dorri, S.S. Kanhere, R. Jurdak, et al., Blockchain for IoT security and privacy:
the case study of a smart home, in: 2017 IEEE International Conference on
Pervasive Computing and Communications Workshops (PerCom Workshops),
2017, pp. 618–623, https://doi.org/10.1109/PERCOMW.2017.7917634.
[160] Q. Wang, T. Xia, Y. Ren, et al., A new blockchain-based multi-level location secure
sharing scheme, Appl. Sci. 11 (5) (2021) 2260, https://doi.org/10.3390/
app11052260.
C. Lin, D. He, N. Kumar, et al., HomeChain: a blockchain-based secure mutual
authentication system for smart homes, IEEE Internet Things J. 7 (2) (2019)
818–829, https://doi.org/10.1109/JIOT.2019.2944400.
Alpa, Proof-of-Authority consensus. https://apla.readthedocs.io/en/latest/conce
pts/consensus.html, 2018. (Accessed 10 October 2021).
G. Zyskind, O. Nathan, Decentralizing privacy: using blockchain to protect
personal data, in: 2015 IEEE Security and Privacy Workshops, IEEE, 2015,
pp. 180–184, https://doi.org/10.1109/SPW.2015.27.
D. Schreckling, J.D. Parra, C. Doukas, et al., Data-centric security for the IoT, in:
International Internet of Things Summit, Springer, Cham, 2015, pp. 77–86,
https://doi.org/10.1007/978-3-319-47075-7_10.
A. Outchakoucht, E. Hamza, J. Leroy, Dynamic access control policy based on
blockchain and machine learning for the internet of things, Int. J. Adv. Comput.
Sci. Appl. 8 (7) (2017) 417–424, https://doi.org/10.14569/
IJACSA.2017.080757.
[166] W. Han, Y. Zhang, Z. Guo, et al. Fine-grained business data confidentiality control
in cross-organizational tracking. In Proceedings of the 20th ACM Symposium on
Access Control Models and Technologies. ACM. pp. 135-145. https://doi.org/1
0.1145/2752952.2752973.
O. Popoola et al.
[167] P. Zhong, Q. Zhong, H. Mi, et al., Privacy-protected blockchain system, in: 2019
20th IEEE International Conference on Mobile Data Management (MDM), IEEE,
2019, pp. 257–461, https://doi.org/10.1109/MDM.2019.000-2.
[168] R. Almadhoun, M. Kadadha, M. Alhemeiri, A user authentication scheme of IoT
devices using blockchain-enabled fog nodes, in: 2018 IEEE/ACS 15th
International Conference on Computer Systems and Applications (AICCSA), IEEE, [194]
2018, pp. 1–8, https://doi.org/10.1109/AICCSA.2018.8612856.
[169] S. Namasudra, S. Nath, A. Majumder, Profile based access control model in cloud
computing environment, in: 2014 International Conference on Green Computing [195]
Communication and Electrical Engineering, 2014, pp. 1–5, https://doi.org/
10.1109/ICGCCEE.2014.6921420. [196]
[170] Ch. Mohan, Security in the internet of things: lessons from the past for the
connected future, WIND River (2015).
[171] T. Hardjono, Kerberos for internet-of-things. MIT Kerberos & Internet Trust [197]
Consortium, IETF89, 2014. http://www.tschofenig.priv.at/tutorials/Kerbe
ros-Tutorial.pdf. (Accessed 13 February 2020).
[172] H. Kim, A. Wasicek, B. Mehne, et al., A secure network architecture for the [198]
internet of things based on local authorization entities. 2016 IEEE 4th
International Conference on Future Internet of Things and Cloud (FiCloud), IEEE,
2016, pp. 114–122, https://doi.org/10.1109/FiCloud.2016.24.
[173] H. Kim, E.A. Lee, Trusting the internet of things: authentication and authorization
for the internet of things, IT Professional. 19 (5) (2017) 27–33, https://doi.org/
10.1109/MITP.2017.3680960. [200]
[174] W. He, V. Zhao, O. Morkved, et al., SoK: context sensing for access control in the
adversarial home IoT, in: 2021 IEEE European Symposium on Security and [201]
Privacy (EuroS&P), IEEE, 2021, pp. 37–53, https://doi.org/10.1109/
EuroSP51992.2021.00014. [202]
[175] N. Ghosh, S. Chandra, V. Sachidananda, et al., SoftAuthZ: a context-aware,
behavior-based authorization framework for home IoT, IEEE Internet Things J. 6
(6) (2019) 10773–10785, https://doi.org/10.1109/JIOT.2019.2941767.
[176] A.S.J. Ukil, S. Koilakonda, Embedded security for internet of things, in: 2011 2nd
National Conference on Emerging Trends and Applications in Computer Science,
IEEE, 2011, pp. 1–6, https://doi.org/10.1109/NCETACS.2011.5751382.
[177] H. HaddadPajouh, R. Khayami, A. Dehghantanha, et al., AI4SAFE-IoT: an AI- [204]
powered secure architecture for edge layer of Internet of things, Neural Comput.
Appl. 32 (20) (2020) 16119–16133, https://doi.org/10.1007/s00521-020-04772-
3. [205]
[178] I. Psychoula, Privacy Modelling and Preservation for Assisted Living within Smart
Homes, DeMortfort University, Leicester, 2020. Ph.D Thesis.
[179] A. Verma, K. Sahay, S. Prakash, et al., A systematic review on machine learning [206]
fundamentals for smart home, Towards Smart City Solution (2023) 2023020130,
https://doi.org/10.20944/preprints202302.0130.v1. Preprint.
[180] K.P.M.T. Revathi, A smart and secured approach for children’s health monitoring
using machine learning techniques enhancing data privacy, IETE J. Res. 69 (3) [207]
(2022) 1–12, https://doi.org/10.1080/03772063.2022.2150697.
[181] M.M. Salim, L. Park, J.H. Park, A machine learning based scalable blockchain
architecture for a secure healthcare system, in: 2022 13th International [208]
Conference on Information and Communication Technology Convergence (ICTC),
IEEE, 2022, pp. 2231–2234, https://doi.org/10.1109/ICTC55196.2022.9952962.
[182] G. Velliyangiri, V. Krishnamoorthy, C. Inbaraj, et al., Blockchain and artificial [209]
intelligent for internet of things in e-Health, in: The Convergence of Artificial
Intelligence and Blockchain Technologies: Challenges and Opportunities, 2022,
pp. 23–42, https://doi.org/10.1142/9789811225079_0002.
[183] J. Mandala, R. Ganeshan, B. Maram, et al., IoT and artificial intelligence for [210]
healthcare informatics: evolving technologies, in: Handbook of Research on
Mathematical Modeling for Smart Healthcare Systems, IGI Global, 2022,
pp. 110–120, https://doi.org/10.4018/978-1-6684-4580-8.ch006.
[184] C. Pirtle, J. Ehrenfeld, Blockchain for healthcare: the next generation of medical
records? J. Med. Syst. 42 (9) (2018) 1–3, https://doi.org/10.1007/s10916-018-
1025-3.
[185] K. Farooq, H.J. Syed, S.O. Alqahtani, et al., Blockchain federated learning for in- [212]
home health monitoring, Electronics 12 (1) (2022) 136, https://doi.org/10.3390/
electronics12010136.
[186] V.K. Prasad, P. Bhattacharya, D. Maru, et al., Federated learning for the internet-
of-medical-things: a survey, Mathematics 11 (1) (2022) 151, https://doi.org/
10.3390/math11010151.
[187] A.A. Alzahrani, Using artificial intelligence and cybersecurity in medical and
healthcare applications 12 (3) (2023) 1579–1590, https://doi.org/10.18576/isl/
120343.
[188] S.B. ElMamy, H. Mrabet, H. Gharbi, et al., A survey on the usage of blockchain
technology for cyber-threats in the context of industry 4.0, Sustainability 12 (21) [215]
(2020) 9179, https://doi.org/10.3390/su12219179.
[189] K. Hameed, M. Barika, S. Garg, et al., A taxonomy study on securing blockchain-
based industrial applications: an overview, application perspectives,
requirements, attacks, countermeasures, and open issues, Journal of Industrial [216]
Information Integration 26 (1) (2022) 100312, https://doi.org/10.1016/j.
jii.2021.100312.
[190] M. Alwabe, Y. Kwon, Blockchain consistency check protocol for improved [217]
reliability, Comput. Syst. Sci. Eng. 36 (2) (2021) 281–292, https://doi.org/
10.32604/csse.2021.014630.
[191] D. Cocîrlea, C. Dobre, L.A. Hîrţan, et al., Blockchain in intelligent transportation [218]
systems, Electronics 9 (10) (2020) 1682, https://doi.org/10.3390/
electronics9101682.
[192] A.S. Bale, T.P. Purohit, M.F. Hashim, et al., Blockchain and its applications in
industry 4.0, in: J.M. Chatterjee, H. Garg, R.N. Thakur (Eds.), A Roadmap for [219]
48
Blockchain: Research and Applications 5 (2024) 100178
Enabling Industry 4.0 by Artificial Intelligence, Willey, 2022, pp. 295–313,
https://doi.org/10.1002/9781119905141.ch16.
[193] A.O. Almagrabi, R. Ali, D. Alghazzawi, et al., Blockchain-as-a-Utility for next-
generation healthcare internet of things, Comput. Mater. Continua (CMC) 68 (1)
(2021) 359–376, https://doi.org/10.32604/cmc.2021.014753.
Q. Wang, R. Li, L. Zhan, Blockchain technology in the energy sector: from basic
research to real world applications, Computer Science Review 39 (2021) 100362,
https://doi.org/10.1016/j.cosrev.2021.100362.
VeChain, VeChain Whitepaper 2.0. http://www.vechain.org/qfy-content/uploa
ds/2020/01/VeChainWhitepaper_2.0_en.pdf, 2019.
VeChain. VeChain Whitepaper 2.0 - CreatingValuableTXs on The VechainThor
Blockchain. VeChain Foundation. https://www.vechain.org/wh
itepaper/#bit_65sv8. Accessed: 2 December 2021.
D. Das, S. Banerjee, U. Ghosh, et al., A decentralized vehicle anti-theft system
using Blockchain and smart contracts, Peer-to-Peer Networking and Applications
14 (5) (2021) 2775–2788, https://doi.org/10.1007/s12083-021-01097-3.
J. Karamachoski, N. Marina, P. Taskov, Blockchain-based application for
certification management, Tehnički glasnik 14 (4) (2020) 488–492, https://doi.
org/10.31803/tg-20200811113729.
[199] Paradigm, ICON: detailed review on the project. https://medium.com/paradig
m-research/icon-detailed-review-on-the-project-2efd550779ff, 2018. (Accessed
18 August 2023).
I. Foundation, Icon Hypeconnect the world. http://docs.icon.foundation/ICON-
Whitepaper-EN-Draft.pdf, 2017. (Accessed 18 August 2023).
J. Jeong, AWS partner case study: ICONLOOP. https://aws.amazon.com/partner
s/success/iconloop/. (Accessed 18 August 2023).
R. Doshi, Blockchain adoption journey and impact on financial services industry.
https://www.infosys.com/insights/ai-automation/blockchain-adoption-journey.
html. (Accessed 18 August 2023).
[203] S.K. Rana, A.K. Rana, S. Dhawan, A vital fusion of internet of medical things and
blockchain to transform data privacy and security, in: A. Rana, A.K. Rana,
S. Dhawan, et al. (Eds.), Convergence of Deep Learning and Artificial Intelligence
in Internet of Things, CRC Press, 2022, pp. 293–308.
K.P. Satamraju, Proof of concept of scalable integration of internet of things and
blockchain in healthcare, Sensors 20 (5) (2020) 1389, https://doi.org/10.3390/
s20051389.
C. Ploder, T. Spiess, R. Bernsteiner, et al., A risk analysis on blockchain
technology usage for electronic health records, Cloud Computing and Data,
Science 2 (2) (2021) 20–35, https://doi.org/10.37256/ccds.222021777.
D. Yonathan, D. Husna, F.A. Ekadiyanto, et al., Design of decentralized
application for telemedicine image record system with smart contract on
ethereum, Int. J. Adv. Comput. Sci. Appl. 12 (10) (2021) 272–281, https://doi.
org/10.14569/IJACSA.2021.0121030.
M. Paul, L. Maglaras, M.A. Ferrag, et al., Digitization of healthcare sector: a study
on privacy and security concerns, ICT Express 9 (4) (2023) 571–588, https://doi.
org/10.1016/j.icte.2023.02.007.
A. Ekblaw, A. Azaria, J.D. Halamka, et al., A Case Study for Blockchain in
Healthcare: “MedRec” prototype for electronic health records and medical
research data, Proceedings of IEEE open & big data conference 13 (2016) 13.
L.A. Linn, M.B. Koo, Blockchain for health data and its potential use in health it
and health care related research. ONC/NIST Use of Blockchain for Healthcare and
Research Workshop, ONC/NIST, Gaithersburg, Maryland, United States, 2016,
pp. 1–10.
S. Tiwari, N. Dhanda, H. Dev, An intelligent healthcare framework for data
security based on blockchain and internet of things, International Journal of
Intelligent Systems and Applications in Engineering 10 (3) (2022) 95–102.
[211] A. Lekssays, G. Sirigu, B. Carminati, et al., MalRec: a blockchain-based malware
recovery framework for internet of things. Proceedings of the 17th International
Conference on Availability, Reliability and Security, 2022, pp. 1–8, https://doi.
org/10.1145/3538969.3544446.
T.T.A. Dinh, J. Wang, G. Chen, et al., Blockbench: a framework for analyzing
private blockchains. Proceedings of the 2017 ACM International Conference on
Management of Data, 2017, pp. 1085–1100, https://doi.org/10.1145/
3035918.3064033.
[213] B. Wang, Z. Li, Healthchain: a privacy protection system for medical data based
on blockchain, Future Internet 13 (10) (2021) 247, https://doi.org/10.3390/
fi13100247.
[214] A. Raj, S. Prakash, Smart contract-based secure decentralized smart healthcare
system, Int. J. Software Innovat. 11 (1) (2023) 1–20, https://doi.org/10.4018/
ijsi.315742.
T.L.N. Dang, M.S. Nguyen, An approach to data privacy in smart home using
blockchain technology. 2018 International Conference on Advanced Computing
and Applications (ACOMP), 2018, pp. 58–64, https://doi.org/10.1109/
ACOMP.2018.00017.
S.N. Mohanty, K.C. Ramya, S.S. Rani, et al., An efficient Lightweight integrated
Blockchain (ELIB) model for IoT security and privacy, Future Generat. Comput.
Syst. 102 (2020) 1027–1037, https://doi.org/10.1016/j.future.2019.09.050.
A. Dorri, S.S. Kanhere, R. Jurdak, et al., LSB: a lightweight scalable blockchain for
IoT security and anonymity, J. Parallel Distr. Comput. 134 (2019) 180–197,
https://doi.org/10.1016/j.jpdc.2019.08.005.
A. Qashlan, P. Nanda, X. He, et al., Privacy-preserving mechanism in smart home
using blockchain. Privacy-preserving mechanism in smart home using blockchain,
IEEE Access 9 (2021) 103651–103669, https://doi.org/10.1109/
ACCESS.2021.3098795.
K. Azbeg, O. Ouchetto, S.J. Andaloussi, Access control and privacy-preserving
blockchain-based system for Diseases management, IEEE Transactions on
O. Popoola et al. Blockchain: Research and Applications 5 (2024) 100178

Computational Social Systems 10 (4) (2023) 1515–1527, https://doi.org/ [244] T. AlSkaif, B. Holthuizen, W. Schram, et al., A blockchain-based configuration for
10.1109/TCSS.2022.3186945. balancing the electricity grid with distributed assets, World Electric Vehicle
[220] H.J. Jo, W. Choi. Bprf, Blockchain-based privacy-preserving reputation Journal 11 (4) (2020) 62, https://doi.org/10.3390/wevj11040062.
framework for participatory sensing systems, PLoS One 14 (12) (2019) e0225688, [245] A. Lamba, Are carbon offsets the key to green cryptocurrencies? PLOS
https://doi.org/10.1371/journal.pone.0225688. Sustainability and Transformation 1 (3) (2022) e0000002 https://doi.org/
[221] P. Sharma, S. Namasudra, N. Chilamkurti, et al., Blockchain-based privacy 10.1371/journal.pstr.0000002.
preservation for IoT-enabled healthcare system, ACM Trans. Sens. Netw. 19 (3) [246] L. Belkhir, A. Elmeligi, Assessing ICT global emissions footprint: trends to 2040 &
(2023) 1–17, https://doi.org/10.1145/3577926. recommendations, J. Clean. Prod. 177 (2018) 448–463, https://doi.org/10.1016/
[222] M.I. Ahmed, G. Kannan, S.R. Polamuri. Lsita, An integrated framework for j.jclepro.2017.12.239.
leveraging security of internet of things application with remote patient [247] E. Androulaki, A. Barger, V. Bortnikov, et al., Hyperledger fabric: a distributed
monitoring system, Research Square (2022), https://doi.org/10.21203/rs.3.rs- operating system for permissioned blockchains. Proceedings of the Thirteenth
1948226/v1. EuroSys Conference, 2018, pp. 1–15, https://doi.org/10.1145/
[223] S. Das, S. Namasudra, S. Deb, et al., Securing IoT-based smart healthcare systems 3190508.3190538.
by using advanced lightweight privacy-preserving authentication scheme, IEEE [248] A. Narayanan, J. Bonneau, E. Felten, A. Miller, S. Goldfeder, Bitcoin and
Internet Things J. 10 (21) (2023) 18486–18494, https://doi.org/10.1109/ Cryptocurrency Technologies: A Comprehensive Introduction, Princeton
JIOT.2023.3283347. University Press, Princeton, 2016.
[224] A. Buldas, A.L.R. Kroonmaa, Keyless signatures’ infrastructure: how to build [249] The European Union Blockchain Observatory & Forum, Energy Efficiency of
global distributed hash-trees. Nordic Conference on Secure IT System, Springer, Blockchain Technologies: A Thematic Report, orbilu.uni.lu/bitstream/10993/
Berlin, Heidelberg, 2013, pp. 313–320, https://doi.org/10.1007/978-3-642- 49463/1/Energy%20Efficiency%20of%20Blockchain%20Technologies_1_0.pdf,
41488-6_21. 2021. (Accessed 10 September 2023).
[225] I. Allison, Guardtime secures over a million Estonian healthcare records on the [250] S. Gaba, H. Khan, K.J. Almalki, et al., Holochain: an agent-centric distributed
blockchain. http://www.ibtimes.co.uk/guardtime-secures-over-millionestonia hash table security in smart IoT applications, IEEE Access 11 (2023)
n-healthcare-records-blockchain-1547367, 2012. 81205–81223, https://doi.org/10.1109/ACCESS.2023.3300220.
[226] U. Ali, M.Y.I.B. Idris, J. Frnda, et al., Enhanced lightweight and secure [251] K.A. Awan, I.U. Din, A. Almogren, et al., EdgeTrust: a lightweight data-centric
certificateless authentication scheme (ELWSCAS) for internet of things trust management approach for IoT-based healthcare 4.0, Electronics 12 (1)
environment, Internet of Things 24 (2023) 100923, https://doi.org/10.1016/j. (2023) 140, https://doi.org/10.3390/electronics12010140.
iot.2023.100923. [252] A. Aftab, C. Chrysostomou, H.K. Qureshi, et al., Holo-block chain: a hybrid
[227] W.E. Forum, The aviation sector wants to reach net zero by 2050. How will it do approach for secured IoT healthcare ecosystem. Proceedings of the 2022 18th
it?. https://www.weforum.org/agenda/2022/12/aviation-net-zero-emissions/, International Conference on Wireless and Mobile Computing, Networking and
2022. Communications (WiMob), IEEE, 2022, pp. 243–250, https://doi.org/10.1109/
[228] M. Lawford, The Industry More Damaging to the Environment than Airlines, WiMob55322.2022.9941553.
elegraph.co.uk/business/2023/05/30/silicon-valley-data-giants-net-zero- [253] S. Zaman, M.R.A. Khandaker, R.T. Khan, et al., Thinking out of the blocks:
sustainability-risk/#:~:text=The%20world’s%20computing%20and% holochain for distributed security in IoT healthcare, IEEE Access 10 (2022)
20information,much%20electricity%20as%2050%2C000%20homes, 2023. t. 37064–37081, https://doi.org/10.1109/ACCESS.2022.3163580.
[229] S. Namasudra, P. Sharma, Achieving a decentralized and secure cab sharing [254] K. Janjua, M.A. Shah, A. Almogren, et al., Proactive forensics in IoT: privacy-
system using blockchain technology, IEEE Trans. Intell. Transport. Syst. 24 (12) aware log-preservation architecture in fog-enabled-cloud using holochain and
(2022) 15568–15577, https://doi.org/10.1109/TITS.2022.3186361. containerization technologies, Electronics 9 (7) (2020) 1172, https://doi.org/
[230] S. Bansal, D. Kumar, IoT ecosystem: a survey on devices, gateways, operating 10.3390/electronics9071172.
systems, middleware and communication, Int. J. Wireless Inf. Network 27 (3) [255] A.D. Dwivedi, R. Singh, U. Ghosh, et al., Privacy preserving authentication system
(2020) 340–364, https://doi.org/10.1007/s10776-020-00483-7. based on non-interactive zero knowledge proof suitable for Internet of Things,
[231] C.C.f.A. Finance. Cambridge Bitcoin Electricity Consumption Index. https://ccaf. J. Ambient Intell. Hum. Comput. 13 (2022) 4639–4649, https://doi.org/10.1007/
io/cbnsi/cbeci. Accessed: 10 September 2023. s12652-021-03459-4.
[232] N. Radziwill, Blockchain revolution: how the technology behind Bitcoin is [256] T. Kuhrt, Hyperledger Projects- Hyperledger Foundation, 2022. https://wiki.
changing money, business, and the world, Qual. Manag. J. 25 (1) (2018) 64–65, hyperledger.org/display/TSC/Hyperledger+Projects. (Accessed 12 January
https://doi.org/10.1080/10686967.2018.1404373. 2022).
[233] M.J. Krause, T. Tolaymat, Quantification of energy and carbon costs for mining [257] R. Pandey, How to measure your body composition on the Samsung Galaxy Watch
cryptocurrencies, Nat. Sustain. 1 (11) (2018) 711–718. 4 and Watch 5 series. https://www.androidpolice.com/measure-body-compositio
[234] K.J. O’Dwyer, D. Malone, Bitcoin mining and its energy footprint. 25th IET Irish n-samsung-galaxy-watch/, 2022. (Accessed 13 January 2023).
Signals & Systems Conference 2014 and 2014 China-Ireland International [258] S.C. Mukhopadhyay, Wearable sensors for human activity monitoring: a review,
Conference on Information and Communications Technologies (ISSC 2014/CIICT IEEE Sensor. J. 15 (3) (2014) 1321–1330, https://doi.org/10.1109/
2014), 2014, pp. 280–285, https://doi.org/10.1049/cp.2014.0699. JSEN.2014.2370945.
[235] P.K. Singh, R. Singh, S.K. Nandi, et al., Managing smart home appliances with [259] S. Majumder, T. Mondal, M.J. Deen, Wearable sensors for remote health
proof of authority and blockchain, in: K.H. Lüke, G. Eichler, C. Erfurth, monitoring, Sensors 17 (1) (2017) 130, https://doi.org/10.3390/s17010130.
G. Fahrnberger (Eds.), Innovations for Community Services, Springer, Cham, [260] S. Bushwick, “Anonymous” data won’t protect your identity. https://www.scient
2019, pp. 221–232, https://doi.org/10.1007/978-3-030-22482-0_16. ificamerican.com/article/anonymous-data-wont-protect-your-identity/, 2019.
[236] E. Karaarslan, E. Konacaklı, Data storage in the decentralized world: blockchain (Accessed 23 December 2021).
and derivatives, arXiv 2012 (2012) 10253, https://doi.org/10.48550/ [261] B. News, Hackers steal $600m in major cryptocurrency heist. https://www.bbc.
arXiv.2012.10253. co.uk/news/business-58163917, 2021. (Accessed 12 August 2021).
[237] A. Brock, D. Atkinson, E. Friedman, et al., Holo Green Paper, 2018. https://holo. [262] S. Venkataramakrishnan, P. Stafford, Hackers siphon $600m in digital tokens,
host/wp-content/uploads/Holo-Green-Paper-April-2021.pdf. crypto network says, https://www.ft.com/content/47329261-afec-4cf7-840e
[238] C. Diallo, Opportunities and challenges of IoT security using distributed ledger -5eee0c70ba61, 2021. (Accessed 12 August 2021).
technology, Sensors & Transducers 256 (2) (2022) 27–35. [263] L. Harley-McKeown, Hackers Begin Returning Funds from Sensational $600m
[239] A. Sasikumar, S. Vairavasundaram, K. Kotecha, et al., Blockchain-based trust Crypto Heist, 2021. https://uk.news.yahoo.com/cryptocurrency-poly-network-h
mechanism for digital twin empowered Industrial Internet of Things, Future ackers-return-funds-defi-ethereum-110935552.html?guccounter=1. (Accessed 12
Generat. Comput. Syst. 141 (2023) 16–27, https://doi.org/10.1016/j. August 2021).
future.2022.11.002. [264] T. Robinson, A. Krishnakumar, Institutions seek detailed blockchain analytics for
[240] G. Habib, S. Sharma, S. Ibrahim, et al., Blockchain technology: benefits, crypto adoption — elliptic. https://cointelegraph.com/news/institutions-seek-det
challenges, applications, and integration of blockchain technology with cloud ailed-blockchain-analytics-for-crypto-adoption-elliptic, 2023, 17 Septemeber
computing, Future Internet 14 (11) (2022) 341, https://doi.org/10.3390/ 2023.
fi14110341. [265] How IPFS works. https://docs.ipfs.tech/concepts/how-ipfs-works/#content-a
[241] S.S. Kamble, A. Gunasekaran, S.A. Gawankar, Achieving sustainable performance ddressing, 2022. (Accessed 9 January 2023).
in a data-driven agriculture supply chain: a review for research and applications, [266] E. Saleh, S. Rajesh, High-performance cryptanalysis: a comparative study of code-
Int. J. Prod. Econ. 219 (2020) 179–194, https://doi.org/10.1016/j. breaking techniques. Proceedings of the International Conference on Innovative
ijpe.2019.05.022. Computing & Communication (ICICC), SSRN, 2021, https://doi.org/10.2139/
[242] P. Woitschig, G.S. Uddin, T. Xie, W.K. Härdle, The energy consumption of the ssrn.3833299 preprint.
Ethereum-ecosystem, SSRN (2023), https://doi.org/10.2139/ssrn.4526732 [267] S. Becher, A. Gerl, B. Meier, et al., Big picture on privacy enhancing technologies
preprint. in e-health: a holistic personal privacy workflow, Information 11 (7) (2020) 356,
[243] M. Crippa, E. Solazzo, D. Guizzardi, et al., Food systems are responsible for a third https://doi.org/10.3390/info11070356.
of global anthropogenic GHG emissions, Nature Food 2 (3) (2021) 198–209, [268] A.R. Sfar, E. Natalizio, S. Mazlout, et al., Privacy preservation using game theory
https://doi.org/10.1038/s43016-021-00225-9. in e-health application, J. Inf. Secur. Appl. 66 (2022) 103158, https://doi.org/
10.1016/j.jisa.2022.103158.

49