Abstract
Personal health records (PHRs) have significant value for health management, accurate diagnosis, and disease research. However, PHR sharing may raise owners’ concerns about security deficiency and privacy leakage. The current mainstream PHR sharing models rely on centralized systems with risks including data loss and tampering, unauthorized access, etc. Fortunately, blockchain possesses outstanding features such as decentralization, tamper-proof, and traceability, which endow it with great potential to solve sensitive data sharing issues. Based on this, we propose a blockchain-based PHR sharing scheme with security and privacy preservation. It utilizes a secure distributed storage system based on InterPlanetary File System (IPFS) and blockchain to avoid data tampering and single points of failure. We also design a decentralized attribute-based access control (ABAC) mechanism to achieve fine-grained controllable PHR sharing. In addition, the blockchain-based proxy re-encryption method can protect the confidentiality of PHR and prevent privacy leakage. Security analysis shows that our scheme achieves the expected security goals. Besides, we evaluated the proposed scheme on Hyperledger Fabric, and the results demonstrate that the scheme is feasible and efficient.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tenforde, M., Jain, A., Hickner, J.: The value of personal health records for chronic disease management: what do we know? Family Medicine-Kansas City 43(5), 351 (2011)
Keshta, I., Odeh, A.: Security and privacy of electronic health records: concerns and challenges. Egyptian Inform. J. 22(2), 177–183 (2021)
Casola, V., Castiglione, A., Choo, K.K.R., et al.: Healthcare-related data in the cloud: challenges and opportunities. IEEE Cloud Comput. 3(6), 10–14 (2016)
Xiong, H., Zhang, H., Sun, J.: Attribute-based privacy-preserving data sharing for dynamic groups in cloud computing. IEEE Syst. J. 13(3), 2739–2750 (2018)
Mubarakali, A., Ashwin, M., Mavaluru, D., et al.: Design an attribute-based health record protection algorithm for healthcare services in cloud environment. Multimed. Tools Appl. 79, 3943–3956 (2020)
Azeez, N.A., Van der Vyver, C.: Security and privacy issues in e-health cloud-based system: a comprehensive content analysis. Egyptian Inform. J. 20(2), 97–108 (2019)
Jansen, W.A.: Cloud hooks: security and privacy issues in cloud computing. In: 2011 44th Hawaii International Conference on System Sciences, vol. 44, pp. 1–10. IEEE (2011). https://doi.org/10.1109/HICSS.2011.103
Guo, R., Shi, H., Zhao, Q., et al.: Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems. IEEE Access 6, 11676–11686 (2018)
Cheng, X., Chen, F., Xie, D., et al.: Design of a secure medical data sharing scheme based on blockchain. J. Med. Syst. 44(2), 52 (2020)
Deepa, N., Pham, Q.V., Nguyen, D.C., et al.: A survey on blockchain for big data: approaches, opportunities, and future directions. Future Generation Computer Systems (2022)
Hepp, T., Sharinghousen, M., Ehret, P., et al.: On-chain vs. off-chain storage for supply-and blockchain integration. it - Inf. Technol. 60(5–6), 283–291 (2018). itit-2018-0014
Liang, X., Zhao, J., Shetty, S., et al.: Integrating blockchain for data sharing and collaboration in mobile healthcare applications. In: 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), vol. 28, pp. 1–5. IEEE (2017). PIMRC.2017.8292601
Li, H., Zhu, L., Shen, M., et al.: Blockchain-based data preservation system for medical data. J. Med. Syst. 42(8), 141 (2018)
Zou, R., Lv, X., Zhao, J.: SPChain: blockchain-based medical data sharing and privacy-preserving eHealth system. Inform. Process. Manage. 58(4), 102604 (2021)
Guo, R., Shi, H., Zhao, Q., et al.: Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems. IEEE Access 6, 11676–11686 (2018)
Grabis, J., Stankovski, V., Zariņš, R.: Blockchain enabled distributed storage and sharing of personal data assets. In: 2020 IEEE 36th International Conference on Data Engineering Workshops (ICDEW), vol. 36, pp. 11–17. IEEE (2020). https://doi.org/10.1109/ICDEW49219.2020.00-13
Naz, M., Al-zahrani, F.A., Khalid, R., et al.: A secure data sharing platform using blockchain and interplanetary file system. Sustainability 11(24), 7054 (2019). https://doi.org/10.3390/su11247054
Zyskind, G., Nathan, O.: Decentralizing privacy: Using blockchain to protect personal data. In: 2015 IEEE Security and Privacy Workshops, vol. 2015, pp. 180–184. IEEE (2015)
Yang, C., Tan, L., Shi, N., et al.: AuthPrivacyChain: a blockchain-based access control framework with privacy protection in cloud. IEEE Access 8, 70604–70615 (2020)
Liu, J., Wu, M., Sun, R., et al.: BMDS: a blockchain-based medical data sharing scheme with attribute-based searchable encryption. In: ICC 2021 - IEEE International Conference on Communications, vol. 2021, pp. 1–6. IEEE (2021). ICC42927.2021.9500573
Qin, X., Huang, Y., Yang, Z., et al.: A blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing. J. Syst. Architect. 112, 101854 (2021)
Kumar, P., Alphonse, P.J.A.: Attribute based encryption in cloud computing: a survey, gap analysis, and future directions[J]. J. Netw. Comput. Appl. 108, 37–52 (2018)
Fugkeaw, S.: A lightweight policy update scheme for outsourced personal health records sharing. IEEE Access 9, 54862–54871 (2021)
Liu, H., Han, D., Li, D.: Fabric-IoT: a blockchain-based access control system in IoT. IEEE Access 8, 18207–18218 (2020). ACCESS.2020.2968442
Dubovitskaya, A., Baig, F., Xu, Z., et al.: ACTION-EHR: patient-centric blockchain-based electronic health record data management for cancer care. J. Med. Internet Res. 22(8), e13598 (2020)
Zhang, A., Lin, X.: Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain. J. Med. Syst. 42(8), 140 (2018)
Manzoor, A., Braeken, A., Kanhere, S.S., et al.: Proxy re-encryption enabled secure and anonymous IoT data sharing platform based on blockchain. J. Netw. Comput. Appl. 176, 102917 (2021)
Song, J., Yang, Y., Mei, J., et al.: Proxy re-encryption-based traceability and sharing mechanism of the power material data in blockchain environment. Energies 15(7), 2570 (2022). https://doi.org/10.3390/en15072570
Chen, Z., Xu, W., Wang, B., et al.: A blockchain-based preserving and sharing system for medical data privacy. Futur. Gener. Comput. Syst. 124, 338–350 (2021)
Agyekum, K.O.B.O., Xia, Q., Sifah, E.B., et al.: A proxy re-encryption approach to secure data sharing in the internet of things based on blockchain. IEEE Syst. J. 16(1), 1685–1696 (2021)
Cryptopp Wiki: SM2. https://www.cryptopp.com/wiki/SM2. Accessed 12 Jun 2023
Keshta, I., Aoudni, Y., Sandhu, M., et al.: Blockchain aware proxy re-encryption algorithm-based data sharing scheme. Phys. Commun. 58, 102048 (2023). https://doi.org/10.1016/j.phycom.2021.102048
Acknowledgments
This work was supported by the National Key R&D Program of China (2021YFB2700503), the National Natural Science Foundation of China (62076125, 62032025, U20B2049, U20B2050, U21A20467, 62272228, U22B2029), the Shenzhen Science and Technology Program (JCYJ20210324134810028, JCYJ20210324134408023), the Key R &D Program of Guangdong Province (2020B0101090002), the Natural Science Foundation of Jiangsu Province (BK20200418), and the Shenzhen Virtual University Park Support Scheme (YFJGJS1.0).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Our security model of indistinguishability under chosen ciphertext attacks (IND-CCA) is the same as [32]. We define a series of challenge games to prove the security of the BPRE under this security model. In the following games, each one differs slightly from the previous one. The behavior of the random oracle will be simulated by challenger C. Adversary \(\mathcal A\) needs to guess \(b \in \{0,1\}\) corresponding to the ciphertext \(C_{m_b}\) in each game. Therefore, we define the advantage of adversary \(\mathcal A\) as: \(Ad{{v}_{\mathcal A}}\text {=}\left| Pr\left[ {b}'=b \right] -\frac{1}{2} \right| \).
Game 0: In this game, challenger C first generates the public parameters \(pp=\{q,p,l, E, P, G,H_1,H_2,H_3\}\). Adversary \(\mathcal A\) can query for any process of KeyGen, ReKeyGen, and Decrypt, and challenger C will provide the corresponding correct output. \(\mathcal A\) can obtain key pair \((sk_i,pk_i)\), decryption parameter d, re-encryption key \(rk_{i \rightarrow j}\) and data ciphertext \(C_i\). According to this information, the advantage that he wins this game is: \(Adv_{\mathcal A}^{{{G}_{0}}}=Ad{{v}_{\mathcal A}}\).
Game 1: Challenger C plays the game with Game 0, except for the following content. When adversary \(\mathcal A\) inputs x to query \(H_i\text { }(i=1,2,3)\), C looks up the hash list for a matching y and returns it if found. Otherwise, C picks a random number y, and sets \({{H}_{i}}\left( x \right) =y\). When the challenger C receives the challenge of \(\mathcal A\), if \(\mathcal A\) inquires about \(H_1\) with any input, C terminates the game. Otherwise, C returns the decrypted result. Since the hash function is a random process, Game 1 and Game 0 are indistinguishable based on the randomness of the hash functions. The advantage that adversary \(\mathcal A\) wins this game is: \(Adv_{\mathcal A}^{{{G}_{1}}}=Adv_{\mathcal A}^{{{G}_{0}}}\).
Game 2: Challenger C plays the game with Game 1, except there is a difference when calling Decrypt. When the input is (\(C_{m_b}, d'\)), and \(d'\) is a fake decryption parameter, if \(\mathcal A\) does not inquire about \(H_1\) with \(d'\), C terminates the game. Since the decryption algorithm is deterministic and \(H_1\) is a random process, the success of \(\mathcal A\) means that he has cracked the hash function. Therefore, the advantage that \(\mathcal A\) wins this game is: \(Adv_{\mathcal A}^{{{G}_{2}}}=Adv_{\mathcal A}^{{{G}_{0}}}\).
Game 3: Challenger C plays the game with Game 2, except there is a difference when calling ReKeyGen and ReEnc. In calling ReKeyGen, the input is \(d'\). Challenger C queries the key list according to the input, and if the re-encryption key exists, returns it to adversary \(\mathcal A\). If it does not exist, C generates the corresponding \(rk'_{i \rightarrow j}\) for \(\mathcal A\). Then, C checks whether the user’s private key is leaked, and if so, terminates the game. In calling ReEnc, the input is (\(C_i, rk'_{i \rightarrow j}\)). C checks the key list, if \(rk'_{i \rightarrow j}\) does not exist in the key list, terminate the game. In addition, if \(\mathcal A\)’s public key \(pk_i\) is illegally generated, C terminates the game. Considering that both ReKeyGen and ReEnc algorithms are deterministic, The difference between Game3 and Game2 is the possibility of cracking d. Based on the ECCDHP assumption, the advantage of \(\mathcal A\) satisfies \(\left| Adv_{\mathcal A}^{{{G}_{3}}}-Adv_{\mathcal A}^{{{G}_{2}}} \right| \le Adv_{\mathcal A}^{ECCDH}\).
Game 4: Challenger C plays the game with Game 3, except for the following content. After receiving the challenge \(\{ m_0, m_1 \}\) from \(\mathcal A\), C computes the ciphertext \(C_{m_b} = (C_1, C_2, C_3, C_4)\), \(C_1 = rP\), \(C_2 = m_b \oplus t = m_b \oplus rpk_{C}^{enc}\), \(C_3 = H_2 \left( {{m}_{b}}\left\| t \right. \right. )\), \({{C}_{4}}={{H}_{3}}\left( {{m}_{b}}\left\| {{C}_{1}}\left\| {{C}_{3}} \right. \right. \right) \). Since r is a random number and \(H_1\) is a random process, the re-encrypted ciphertext \(C'_{m_b}\) generated by C for \(\mathcal A\) is indistinguishable from \(C_{m_b}\). Therefore, Game 4 and Game 3 are indistinguishable, i.e., \(Adv_{\mathcal A}^{{{G}_{4}}}=Adv_{\mathcal A}^{{{G}_{3}}}\). Moreover, in the case that r is not leaked, \(\mathcal A\) can only randomly guess the value of b. The probability that \(\mathcal A\) wins this game is equal to 1/2. Therefore, we have the advantage of \(\mathcal A\) is: \(Adv_{\mathcal A}^{{{G}_{4}}}=\left| \frac{1}{2}-\frac{1}{2} \right| =0\).
In summary, we can conclude that \(Ad{{v}_{\mathcal A}}\le Adv_{\mathcal A}^{ECCDH}\). If the ECCDHP assumption holds, the advantage of adversary \(\mathcal A\) is negligible, and our proposed BPRE algorithm is IND-CCA secure.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Li, X., Luo, J., Zhou, L., Wang, H. (2024). A Blockchain-Based Personal Health Record Sharing Scheme with Security and Privacy Preservation. In: Ge, C., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2023. Lecture Notes in Computer Science, vol 14526. Springer, Singapore. https://doi.org/10.1007/978-981-97-0942-7_8
Download citation
DOI: https://doi.org/10.1007/978-981-97-0942-7_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-0941-0
Online ISBN: 978-981-97-0942-7
eBook Packages: Computer ScienceComputer Science (R0)