Abstract
In Internet-of-Things (IoT)-based healthcare systems, real-time healthcare data are gathered from patients’ sensors with limited resources and transferred to end-users through gateways and healthcare service providers. Privacy of patients is a main challenge of these systems. Although privacy has already been considered in IoT-based healthcare systems, best centralized approaches yet suffer from collusion attack. Therefore, some researchers have come up with blockchain-based solutions to protect patients’ privacy in IoT-based healthcare systems. However, those methods assume that parts of the entities along the end-to-end communication path from patients’ sensors to the end-users are trusted or even assuming no privacy threats from internal attackers. Therefore, there is a lack of a blockchain-based approach in IoT-based healthcare systems to provide privacy for patients, assuming that all system entities are untrusted. To overcome these challenges, in this paper, we leverage a three-layered hierarchical blockchain, the zero-knowledge proof (ZKP), and the ring signature method to achieve data and location privacy of patients against both internal and external attackers. In addition, the proposed method provides anonymous authentication, authorization, and scalability, which are essential features in healthcare systems. Intuitive and formal security analyses demonstrate the resilience of our scheme against various attacks such as denial of service (DoS), modification, mining, storage, and replay attacks. The proposed method is compared to a recent blockchain-based method and also a centralized privacy-preserving scheme. Compared to the similar blockchain-based method, the computational overhead and delay of the authentication and data transfer phase are about 35% and 37% higher, respectively. Instead, the proposed method reduces memory usage of gateways by about 55% and diminishes the computational overhead and delay of information access phase by about 30% and 33% compared to the previous blockchain-based method. Therefore, the proposed method does not increase overhead and end-to-end delay considerably compared to the previous blockchain-based scheme, while some other performance metrics and security features are improved. Moreover, compared to a previous centralized method, the proposed approach shows more than 25% decrease in communication overhead and 22% improvement in memory usage of gateways, in average. Although the use of the blockchain imposes more computational overhead on service providers and may increase the latency compared to the centralized approach (depending on the type of the blockchain technology that is used), these weaknesses are negligible at the expense of increased security.
Similar content being viewed by others
Availability of data and materials
Data sharing is not applicable to this article as no datasets were generated or analyzed during the current study.
References
Zhao Z (2014) An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J Med Syst 38(2):13
Gope P, Hwang T (2015) Untraceable sensor movement in distributed IoT infrastructure. IEEE Sens J 15(9):5340–5348
Azaria A, Ekblaw A, Vieira T, Lippman A (2016) Medrec: using blockchain for medical data access and permission management. In: 2016 2nd International Conference on Open and Big Data (OBD). IEEE, pp 25–30
Xia Q, Sifah EB, Asamoah KO, Gao J, Du X, Guizani M (2017) MeDShare: trust-less medical data sharing among cloud service providers via blockchain. IEEE Access 5:14757–14767
Roehrs A, da Costa CA, da RosaRighi R (2017) OmniPHR: a distributed architecture model to integrate personal health records. J Biomed Inform 71:70–81
Zhang J, Xue N, Huang X (2016) A secure system for pervasive social network-based healthcare. IEEE Access 4:9239–9250
Yue X, Wang H, Jin D, Li M, Jiang W (2016) Healthcare data gateways: found healthcare intelligence on blockchain with novel privacy risk control. J Med Syst 40(10):218
Vanin FNS et al (2022) A blockchain-based end-to-end data protection model for personal health records sharing: a fully homomorphic encryption approach. Sensors 23(1):14
Mahapatra B, Krishnamurthi R, Nayyar A (2019) Healthcare models and algorithms for privacy and security in healthcare records. In: Tanwar S, Tyagi S, Kumar N (eds) Security and privacy of electronic healthcare records: concepts, paradigms and solutions. Institution of Engineering and Technology, Stevenage, p 183
Zhang A, Lin X (2018) Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain. J Med Syst 42(8):140
Zhang G, Yang Z, Liu W (2022) Blockchain-based privacy preserving e-health system for healthcare data in cloud. Comput Netw 203:108586
Boumezbeur I, Zarour K (2022) Privacy-preserving and access control for sharing electronic health record using blockchain technology. Acta Inform Pragensia 11(1):105–122
Yeh K-H (2016) BSNCare+: a robust IoT-oriented healthcare system with non-repudiation transactions. Appl Sci 6(12):418
Gope P, Hwang T (2016) BSN-care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens J 16(5):1368–1376
Shuai M, Liu B, Yu N, Xiong L, Wang C (2020) Efficient and privacy-preserving authentication scheme for wireless body area networks. J Inf Secur Appl 52:102499
Soufiene BO, Bahattab AA, Trad A, Youssef H (2019) RESDA: robust and efficient secure data aggregation scheme in healthcare using the IoT. In: 2019 International Conference on Internet of Things, Embedded Systems and Communications (IINTEC). IEEE, pp 209–213
Saha R, Kumar G, Rai MK, Thomas R, Lim S-J (2019) Privacy ensured ${e} $-healthcare for fog-enhanced IoT based applications. IEEE Access 7:44536–44543
Deebak BD, Al-Turjman F, Aloqaily M, Alfandi O (2019) An authentic-based privacy preservation protocol for smart e-healthcare systems in IoT. IEEE Access 7:135632–135649
Tang W, Ren J, Deng K, Zhang Y (2019) Secure data aggregation of lightweight e-healthcare IoT devices with fair incentives. IEEE Internet Things J 6(5):8714–8726
Jain SK, Kesswani N (2020) IoTP an efficient privacy preserving scheme for Internet of Things environment. Int J Inf Secur Priv (IJISP) 14(2):116–142
Li S, Zhao S, Min G, Qi L, Liu G (2021) Lightweight privacy-preserving scheme using homomorphic encryption in industrial Internet of Things. IEEE Internet Things J 9:14542–14550
Rana S, Mishra D, Arora R (2021) Privacy-preserving key agreement protocol for fog computing supported Internet of Things environment. Wirel Pers Commun. https://doi.org/10.1177/155014772171642
Baek S, Seo S-H, Kim S (2016) Preserving patient’s anonymity for mobile healthcare system in IoT environment. Int J Distrib Sens Netw 12(7):2171642
Yeh K-H (2016) A secure IoT-based healthcare system with body sensor networks. IEEE Access 4:10288–10299
Esfahani MN, Ghahfarokhi BS, Borujeni SE (2021) End-to-end privacy preserving scheme for IoT-based healthcare systems. Wirel Netw 27:4009–4037
Ekblaw A, Azaria A, Halamka JD, Lippman A (2016) A case study for blockchain in healthcare:“MedRec” prototype for electronic health records and medical research data. In: Proceedings of IEEE Open & Big Data Conference, vol 13, p 13
Linn LA, Koo MB (2016) Blockchain for health data and its potential use in health it and health care related research. In: ONC/NIST Use of Blockchain for Healthcare and Research Workshop. ONC/NIST, Gaithersburg, Maryland, United States, pp 1–10
Ivan D (2016) Moving toward a blockchain-based method for the secure storage of patient records. In: ONC/NIST Use of Blockchain for Healthcare and Research Workshop. ONC/NIST, Gaithersburg, Maryland, United States, pp 1–11
Brodersen C et al (2016) Blockchain: securing a new health interoperability experience. Accenture LLP, pp 1–11
Dagher GG, Mohler J, Milojkovic M, Marella PB (2018) Ancile: privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain Cities Soc 39:283–297
Guo R, Shi H, Zhao Q, Zheng D (2018) Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems. IEEE Access 6:11676–11686
Wang H, Song Y (2018) Secure cloud-based EHR system using attribute-based cryptosystem and blockchain. J Med Syst 42(8):1–9
Sun Y, Zhang R, Wang X, Gao K, Liu L (2018) A decentralizing attribute-based signature for healthcare blockchain. In: 2018 27th International Conference on Computer Communication and Networks (ICCCN). IEEE, pp 1–9
Lee CH, Kim K-H (2018) Implementation of IoT system using block chain with authentication and data protection. In: 2018 International Conference on Information Networking (ICOIN). IEEE, pp 936–940
Rahulamathavan Y, Phan RC-W, Rajarajan M, Misra S, Kondoz A (2017) Privacy-preserving blockchain based IoT ecosystem using attribute-based encryption. In: 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). IEEE, pp 1–6
Uddin MA, Stranieri A, Gondal I, Balasubramanian V (2018) A patient agent to manage blockchains for remote patient monitoring. Stud Health Technol Inform 254:105–115
Dorri A, Kanhere SS, Jurdak R (2017) Towards an optimized blockchain for IoT. In: 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, pp 173–178
Uddin MA, Stranieri A, Gondal I, Balasubramanian V (2020) Blockchain leveraged decentralized IoT eHealth framework. Internet Things 9:100159
Uddin MA, Stranieri A, Gondal I, Balasubramanian V (2018) Continuous patient monitoring with a patient centric agent: a block architecture. IEEE Access 6:32700–32726
Gordon WJ, Catalini C (2018) Blockchain technology for healthcare: facilitating the transition to patient-driven interoperability. Comput Struct Biotechnol J 16:224–230
Dwivedi AD, Srivastava G, Dhar S, Singh R (2019) A decentralized privacy-preserving healthcare blockchain for IoT. Sensors 19(2):326
Wang J et al (2020) A blockchain-based eHealthcare system interoperating with WBANs. Futur Gener Comput Syst 110:675–685
Fan K, Wang S, Ren Y, Li H, Yang Y (2018) Medblock: efficient and secure medical data sharing via blockchain. J Med Syst 42(8):1–11
Hossein KM, Esmaeili ME, Dargahi T (2019) Blockchain-based privacy-preserving healthcare architecture. In: 2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE). IEEE, pp 1–4
AlOmar A, Bhuiyan MZA, Basu A, Kiyomoto S, Rahman MS (2019) Privacy-friendly platform for healthcare data in cloud based on blockchain environment. Futur Gener Comput Syst 95:511–521
Luong DA, Park JH (2022) Privacy-preserving blockchain-based healthcare system for IoT devices using zk-SNARK. IEEE Access 10:55739–55752
Hossein KM, Esmaeili ME, Dargahi T, Khonsari A, Conti M (2021) BCHealth: a novel blockchain-based privacy-preserving architecture for IoT healthcare applications. Comput Commun 180:31–47
Sharavanan P, Sridharan D, Kumar R (2018) A privacy preservation secure cross layer protocol design for IoT based wireless body area networks using ECDSA framework. J Med Syst 42(10):196
Babu MSS, Balasubadra K (2018) Chronic privacy protection from source to sink in sensor network routing. Int J Appl Eng Res 13(5):2798–2808
Farouk A, Alahmadi A, Ghose S, Mashatan A (2020) Blockchain platform for industrial healthcare: vision and future opportunities. Comput Commun 154:223–235
Simić M, Sladić G, Milosavljević B (2017) A case study IoT and blockchain powered healthcare. In: Proceedings of ICET, pp 1–4
Brogan J, Baskaran I, Ramachandran N (2018) Authenticating health activity data using distributed ledger technologies. Comput Struct Biotechnol J 16:257–266
Tripathi G, Ahad MA, Paiva S (2020) S2HS-A blockchain based approach for smart healthcare system. Healthcare 8(1):100391
Hassan MU, Rehmani MH, Chen J (2019) Privacy preservation in blockchain based IoT systems: integration issues, prospects, challenges, and future research directions. Futur Gener Comput Syst 97:512–529
Escorcia-Gutierrez J et al (2023) Privacy Preserving blockchain with energy aware clustering scheme for IoT healthcare systems. Mobile Netw Appl. https://doi.org/10.1007/s11036-023-02115-9
Rais K, Derdour M, Amroune M (2022) A blockchain-based model for efficient, privacy-preserving online medical diagnoses. In: 2022 4th International Conference on Pattern Analysis and Intelligent Systems (PAIS). IEEE, pp 1–5
Jakhar AK, Singh M, Sharma R, Sharma A (2022) A blockchain-based privacy-preserving and access-control framework for electronic health records management
Tanwar S, Parekh K, Evans R (2020) Blockchain-based electronic healthcare record system for healthcare 4.0 applications. J Inf Secur Appl 50:102407
Zhang D, Wang S, Zhang Y, Zhang Q, Zhang Y (2022) A secure and privacy-preserving medical data sharing via consortium blockchain. Secur Commun Netw. https://doi.org/10.1155/2022/2759787
Qu Y, Chen S, Gao L, Cui L, Sood K, Yu S (2022) Personalized privacy-preserving medical data sharing for blockchain-based smart healthcare networks. In: ICC 2022-IEEE International Conference on Communications. IEEE, pp 4229–4234
Al Omar A, Rahman MS, Basu A, Kiyomoto S (2017) Medibchain: a blockchain based privacy preserving platform for healthcare data. In: International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage. Springer, pp 534–543
McGhin T, Choo K-KR, Liu CZ, He D (2019) Blockchain in healthcare applications: research challenges and opportunities. J Netw Comput Appl 135:62–75
Liang X, Zhao J, Shetty S, Liu J, Li D (2017) Integrating blockchain for data sharing and collaboration in mobile healthcare applications. In: 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC). IEEE, pp 1–5
Xu J et al (2019) Healthchain: a blockchain-based privacy preserving scheme for large-scale health data. IEEE Internet Things J 6(5):8770–8781
Zyskind G, Nathan O (2015) Decentralizing privacy: using blockchain to protect personal data. In: 2015 IEEE Security and Privacy Workshops. IEEE, pp 180–184
Fu J, Wang N, Cai Y (2020) Privacy-preserving in healthcare blockchain systems based on lightweight message sharing. Sensors 20(7):1898
Sharma P, Namasudra S, Chilamkurti N, Kim B-G, GonzalezCrespo R (2023) Blockchain-based privacy preservation for IoT-enabled healthcare system. ACM Trans Sens Netw 19(3):1–17
Wang H (2020) IoT based clinical sensor data management and transfer using blockchain technology. J ISMAC 2(03):154–159
Azbeg K, Ouchetto O, Andaloussi SJ (2022) Access control and privacy-preserving blockchain-based system for diseases management. IEEE Trans Comput Soc Syst. https://doi.org/10.1109/TCSS.2022.3186945
Chen S, Fu X, Si H, Wang Y, Gao S, Wang C (2022) Blockchain for health IoT: a privacy-preserving data sharing system. Softw Pract Exp 52(9):2026–2044
Badr S, Gomaa I, Abd-Elrahman E (2018) Multi-tier blockchain framework for IoT-EHRs systems. Proc Comput Sci 141:159–166
Sarier ND (2022) Privacy preserving biometric authentication on the blockchain for smart healthcare. Pervas Mob Comput 86:101683
Nie X, Zhang A, Chen J, Qu Y, Yu S (2022) Blockchain-empowered secure and privacy-preserving health data sharing in edge-based IoMT. Secur Commun Netw. https://doi.org/10.1155/2022/8293716
Moosavi SR et al (2015) SEA: a secure and efficient authentication and authorization architecture for IoT-based healthcare using smart gateways. Procedia Comput Sci 52:452–459
Moosavi SR et al (2015) Session resumption-based end-to-end security for healthcare internet-of-things. In: 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM). IEEE, pp 581–588
Chen M, Chen S (2015) An efficient anonymous authentication protocol for RFID systems using dynamic tokens. In: 2015 IEEE 35th International Conference on Distributed Computing Systems (ICDCS). IEEE, pp 756–757
Nakamoto S, Bitcoin A (2008) A peer-to-peer electronic cash system. Bitcoin. https://bitcoin.org/bitcoin.pdf, vol 4
Hasselgren A, Kralevska K, Gligoroski D, Pedersen SA, Faxvaag A (2020) Blockchain in healthcare and health sciences—a scoping review. Int J Med Inform 134:104040
Moin S, Karim A, Safdar Z, Safdar K, Ahmed E, Imran M (2019) Securing IoTs in distributed blockchain: analysis, requirements and open issues. Futur Gener Comput Syst 100:325–343
Dammak M, Senouci S-M, Messous MA, Elhdhili MH, Gransart C (2020) Decentralized lightweight group key management for dynamic access control in IoT environments. IEEE Trans Netw Serv Manag 17(3):1742–1757
Martín-Fernández F, Caballero-Gil P, Caballero-Gil C (2016) Authentication based on non-interactive zero-knowledge proofs for the internet of things. Sensors 16(1):75
Yang J, Onik MMH, Lee N-Y, Ahmed M, Kim C-S (2019) Proof-of-familiarity: a privacy-preserved blockchain scheme for collaborative medical decision-making. Appl Sci 9(7):1370
Shen B, Guo J, Yang Y (2019) MedChain: efficient healthcare data sharing via blockchain. Appl Sci 9(6):1207
Viganò L (2006) Automated security protocol analysis with the AVISPA tool. Electron Not Theor Comput Sci 155:61–86
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Mao W (2005) A structured operational semantic modelling of the Dolev–Yao threat environment and its composition with cryptographic protocols. Comput Stand Interfaces 27(5):479–488
Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2018) A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. J Supercomput 74(12):6428–6453
Lincoln NK. Hyperledger fabric 1.4.0 performance information report. https://hyperledger.github.io/caliper-benchmarks/fabric/resources/pdf/Fabric_1.4.0_javascript_node.pdf, vol 1.0
Gorenflo C, Lee S, Golab L, Keshav S (2020) FastFabric: scaling hyperledger fabric to 20000 transactions per second. Int J Netw Manag 30(5):E2099
Abbasinezhad-Mood D, Nikooghadam M (2018) Efficient design of a novel ECC-based public key scheme for medical data protection by utilization of NanoPi fire. IEEE Trans Reliab 67(3):1328–1339
Mahalle PN, Anggorojati B, Prasad NR, Prasad R (2013) Identity authentication and capability based access control (IACAC) for the internet of things. J Cyber Secur Mobil 1(4):309–348
Le XH et al (2009) An energy-efficient access control scheme for wireless sensor networks based on elliptic curve cryptography. J Commun Netw 11(6):599–606
Lai DTH, Palaniswami M, Begg R (2011) Healthcare sensor networks: challenges toward practical implementation. CRC Press, Boca Raton
Chatterjee S, Das AK (2015) An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Secur Commun Netw 8(9):1752–1771
Wander AS, Gura N, Eberle H (2005) Energy analysis of public-key cryptography on small wireless devices. In: Proceedings of the 3rd IEEE International Conference on Pervasive Computing and Communications. IEEE Computer Society Press, California, pp 324–328
Moosavi SR et al (2016) End-to-end security scheme for mobility enabled healthcare Internet of Things. Futur Gener Comput Syst 64:108–124
Calle M, Kabara J (2006) Measuring energy consumption in wireless sensor networks using GSP. In: 2006 IEEE 17th International Symposium on Personal, Indoor and Mobile Radio Communications. IEEE, pp 1–5
Cohen A, D’Oliveira RG, Salamatian S, Médard M (2021) Network coding-based post-quantum cryptography. IEEE J Sel Areas Inf Theory 2(1):49–64
Funding
Not applicable.
Author information
Authors and Affiliations
Contributions
MNE did methodology, software, validation, investigation, writing—original draft, visualization, and writing—review and editing. BSG performed conceptualization, methodology, investigation, writing—review and editing, supervision, and project administration. SEB done methodology, investigation, and writing—review and editing.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Ethical approval
Not applicable.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Nasr Esfahani, M., Ghahfarokhi, B.S. & Etemadi Borujeni, S. Blockchain-based end-to-end privacy-preserving scheme for IoT-based healthcare systems. J Supercomput 80, 2067–2127 (2024). https://doi.org/10.1007/s11227-023-05522-7
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-023-05522-7