Incentive EMR Sharing System Based on Consortium Blockchain and IPFS
Abstract
:1. Introduction
1.1. Background
- Data integrity [13]: This term refers to data accuracy and dependability. To verify the integrity of the original medical data, peer-to-peer data transmission using Hyperledger Fabric channels can provide good protection against network attacks and prevent the leakage of sensitive information;
- Unauthorized access [14]: In a setting with multiple users, the system administrator denies the user access to system files or the system itself, and the user instead accesses resources secretly. To accomplish identity verification authorization, Hyperledger Fabric’s Membership Service Provider (MSP) identity management reads the X.509g format ID book; to accomplish access authorization to system resources, ABAC uses attribute-based access control;
- Human forgery and data tampering problem [15]: In the conventional paradigm, due to centralized storage of medical data, tampering or forgery of private medical data can seriously jeopardize the safety of patients’ lives if there are untrusted nodes or attacks by malevolent nodes in the network. Therefore, the original data can be protected by the tamper-proof and traceable characteristics of blockchain. To prevent data fabrication and manipulation, the medical data can be signed using the Elliptic Curve Digital Signature Algorithm (ECDSA) signature method and then the message digest algorithm can produce the hash;
- Collusion attack issue [16]: The proxy re-encryption method is used to safeguard the authorized party’s data security to prevent unauthorized third-party organizations from leaking the patient’s private key, which would allow the user’s encrypted data to be decrypted. It enables the authorized party to use its private key to decrypt the required material without disclosing its private key [17].
1.2. Related Works
Authors | Year | Technologies | Object | Merits | Demerits |
---|---|---|---|---|---|
Xia et al. [18] | 2017 | Blockchain | Solve the problem of data shareability and control in the cloud through blockchain. | Leverages the concept of shared request pools to share data and enhances the security of data in the cloud through secure encryption technology. | The mathematical formula process for detailed secure encryption is not specified. |
Wang et al. [19] | 2019 | Ethereum CP-ABE | Access control of data in cloud storage is achieved through Ethernet combined with secret attribute policy-based encryption. | A decentralized system is realized, and the resource management module is delivered to smart contracts for processing, which can effectively prevent the third-party platform from being vulnerable to attacks. | This solution increases the storage burden of the data owner to a certain extent to ensure data security. It is difficult to afford in the chain in case of excessive volume. |
Alsalamah et al. [20]. | 2021 | WIOT Blockchain Wholesome Coin | Use IoT devices to monitor people’s physical health data, issue medical currencies through blockchain technology, and create a reward mechanism between the two. | Secure circulation of coins is ensured through smart contracts. | Wholesome Coin is at risk of misuse and the access control model is vulnerable to human vulnerability. |
Mani et al. [21]. | 2021 | Hyperledger Fabric IPFS | Using IPFS to store medical data to solve the blockchain storage capacity problem. | Blockchain technology is used to solve the poor shareability of medical privacy data by adopting an on-chain and off-chain dual storage model to solve the storage capacity problem. | The data stored in IPFS is not encrypted using cryptographic techniques and the level of data security is not high enough. |
Kan et al. [22]. | 2020 | Proxy Re-Encryption Blockchain | Reduce the cost of re-encryption key replication in a decentralized storage environment with CAA-secure’s proxy re-encryption solution. | Simplifies its re-encryption key process compared to collusion proxy re-encryption and is collision-resistant. | Since there is only one set of key pairs for encryption and decryption, the keys need to be changed periodically to prevent collusion attacks, which causes inconvenience. |
2. Preliminary
2.1. Hyperledger Fabric
2.2. InterPlanetary File System (IPFS)
2.3. Proxy Re-Encryption
2.4. Attribute-Based Access Control (ABAC)
2.5. Elliptic Curve Digital Signature Algorithm (ECDSA)
- 1.
- Role A selects an elliptic curve and a base point ;
- 2.
- Role A chooses a random number ; is the order of ;
- 3.
- Role A calculates the information hash ;
- 4.
- Role A calculates a point ;
- 5.
- Role A calculates , ; ; is the ECDSA signature result of role A, which is sent to role B.
- 1.
- Role B computes the hash of m, ;
- 2.
- Role B calculates , ;
- 3.
- Role B calculates ;
- 4.
- If , then signature verification is successful.
3. System Overview
3.1. System Architecture
3.2. Application Scenario
3.3. Initial Phase
3.4. Registration Phase
3.5. Data Storage Phase
3.5.1. EMR Storage in IPFS
3.5.2. Transaction Storage in Chain
3.6. Attribute-Based Access Control
3.7. Hospital Request for Data Access Phase
3.8. Diagnosis Phase
3.9. Token Generation Phase
4. Analysis
4.1. Mutual Authentication
4.2. Data Integrity
4.3. Traceability
4.4. Non-Repudiation
4.5. Known Attacks
4.5.1. Man-in-the-Middle Attack
4.5.2. Replay Attack
4.5.3. Collusion Attack
5. Performance Evaluation
5.1. Communication Cost
5.2. Computation Cost
5.3. Performance Analysis
5.4. Comparison
5.5. Architecture Comparison
6. Conclusions
- The EMR sharing system may combine case data from various healthcare facilities, allowing case data to be exchanged when patients must transfer between hospitals and guaranteeing the availability of cases;
- Through the internet, patients can access their case information and track the status of their medications at any time;
- It can significantly increase the effectiveness of doctor consultations and prevent duplicate tests while transferring between hospitals;
- Patients can receive Medcoin to aid with medical costs by sharing their EMR data, and doing so will also advance public health monitoring;
- To the greatest extent possible, IPFS storage and a proxy re-encryption technique are utilized for data transport. This increases patient EMR security and privacy.
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Notations Glossary
The identity of X | |
The ECDSA private key of the party X | |
The ECDSA public key of the party X | |
A digital certificate of user X | |
The ith random number chosen by the user | |
Medical record data | |
Collection of encrypted EMR and patient information | |
The ith signature generated by user X | |
The ith hash generated by user X | |
Role stores the transaction information in the chain | |
Request information of role X | |
The re-encryption key authorized by the data holder to the applicant | |
User X ciphertext after encryption with encryption key | |
User X ciphertext after encryption with re-encryption key |
Appendix A
Algorithm A1. Encrypted algorithm. |
func Encrypted ( string, string) ( string) { |
} |
Algorithm A2. ECDSA signature. |
func Sign ( string, string, string) ( string, string){ |
} |
Algorithm A3. ECDSA verification. |
func Verify ( string, string, string) ( string){ |
} |
Algorithm A4. Insert a custom attribute in a digital certificate. |
public class RegisterUserWithAttribute { RegistrationRequest registrationRequest = new RegistrationRequest(newUser); registrationRequest.setAffiliation(“org.Hospital.XXXHospital”); registrationRequest.setEnrollmentID(“userID1”); registrationRequest.addAttribute(new Attribute(“ROLE”, “H”));//user-defined attr String enrollmentSecret = caClient.register(registrationRequest, admin); EnrollmentRequest enrollmentRequest = new EnrollmentRequest(); enrollmentRequest.addAttrReq(“hf.Affiliation”); enrollmentRequest.addAttrReq(“hf.EnrollmentID”); enrollmentRequest.addAttrReq(“hf.Type”); enrollmentRequest.addAttrReq(“ROLE”); Enrollment enrollment = caClient.enroll(“userID1”, enrollmentSecret, enrollmentRequest); Identity user = Identity.createIdentity(“OrgHMSP”, enrollment.getCert(), enrollment.getKey()); wallet.put(“userID1”, user); System.out.println(“Successfully enrolled user and imported it into the System”);}} |
Algorithm A5. Definition of the access control policy followed by the JSON format. |
rule EMRCAndUPermission { description: “Only doctor and patient can add and update EHR data, the researcher only can read” participant(m): “User” operation: READ, UPDATE resource(v): “TRANSACTION” subject: ((m.Role == “D” && v.Did == m.ID) || (v.Pid == m.ID)) environment: (BeginTime,EndTime) action: ALLOW } |
Algorithm A6. Re-encryption algorithm. |
func reEncrypted (string,string, string,string) ( string){ |
Algorithm A7. Decryption algorithm. |
func Decrypted (string) (data string){ Return data} |
Algorithm A8. Token generation. |
type Token struct { Owner string ‘json:”Owner”‘ TotalSupply unit ‘json:”TotalSupply”‘ TokenName string ‘json:”TokenName”‘ TokenSymbol string ‘json:”TokenSymbol”‘ BalanceOf map[string]uint ‘json:”BalanceOf”‘} func (token *Token) initialSupply(){ token.BalanceOf[token.Owner] = token.TotalSupply;} func (token *Token) transfer(_from string, _to string, _value uint){ if(token.BalanceOf[_from] >= _value){ token.BalanceOf[_from] -= _value; token.BalanceOf[_to] += _value;}} func (token *Token) balance(_from string) uint{ return token.BalanceOf[_from]} func (s *SmartContract) InitLedger(ctx contractapi.TransactionContextInterface) error { token: =&Token{ Owner: “medcoin”, TotalSupply: 100000000, TokenName: “MEDCOIN”, TokenSymbol: “MEDC”, BalanceOf: map[string]uint{}} token.initialSupply() |
References
- Nguyen, K.; Wright, C.; Simpson, D.; Woods, L.; Comans, T.; Sullivan, C. Economic Evaluation and Analyses of Hospital-Based Electronic Medical Records (EMRs): A Scoping Review of International Literature. npj Digit. Med. 2022, 5, 29. [Google Scholar] [CrossRef] [PubMed]
- Li, L.; Yue, Z.; Wu, G. Electronic Medical Record Sharing System Based on Hyperledger Fabric and InterPlanetary File System. In Proceedings of the 2021 the 5th International Conference on Compute and Data Analysis, Sanya, China, 2–4 February 2021. [Google Scholar]
- Li, C.; Xu, X.; Zhou, G.; He, K.; Qi, T.; Zhang, W.; Tian, F.; Zheng, Q.; Hu, J. Implementation of National Health Informatization in China: Survey About the Status Quo. JMIR Med. Inform. 2019, 7, e12238. [Google Scholar] [CrossRef] [PubMed]
- Enaizan, O.; Eneizan, B.; Almaaitah, M.; Al-Radaideh, A.; Saleh, A. Effects of privacy and security on the acceptance and usage of EMR: The mediating role of trust on the basis of multiple perspectives. Inform. Med. Unlocked 2020, 21, 100450. [Google Scholar] [CrossRef]
- Kiah, M.; Nabi, M.; Zaidan, B.; Zaidan, A. An Enhanced Security Solution for Electronic Medical Records Based on AES Hybrid Technique with SOAP/XML and SHA-1. J. Med. Syst. 2013, 37, 9971. [Google Scholar] [CrossRef]
- Routray, S.; Ganiga, R. Secure Storage of Electronic Medical Records(EMR) on Interplanetary File System(IPFS) Using Cloud Storage and Blockchain Ecosystem. In Proceedings of the 2021 Fourth International Conference on Electrical, Computer and Communication Technologies (ICECCT), Erode, India, 15–17 September 2021. [Google Scholar]
- Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https://bitcoin.org/en/bitcoin-paper (accessed on 20 August 2022).
- Aimblog—See How Healthcare Cryptocurrencies Are Transforming Healthcare Management. Available online: https://www.aimblog.io/2021/01/29/see-how-healthcare-cryptocurrencies-are-transforming-healthcare-management/ (accessed on 18 June 2022).
- Solve—Care to Help Businesses Manage Employee Wellbeing. Available online: https://solve.care/press-release/solve-care-launches-team-care-to-help-businesses-manage/ (accessed on 20 June 2022).
- Mediblock—A Place that Opens up the Endless Possibilities of Medical Information. Available online: https://medibloc.co.kr/ (accessed on 20 June 2022).
- Doc—Doc.com. Available online: https://doc.com/mtc/?hash=en (accessed on 20 June 2022).
- Blaze, M.; Bleumer, G.; Strauss, M. Divertible protocols and atomic proxy cryptography. In Lecture Notes in Computer Science Book Series; Springer: Berlin/Heidelberg, Germany, 1998; pp. 127–144. [Google Scholar]
- Sivathanu, G.; Wright, C.; Zadok, E. Ensuring data integrity in storage. In Proceedings of the 2005 ACM Workshop on Storage security and survivability (StorageSS ’05), Fairfax, VA, USA, 11 November 2005. [Google Scholar]
- Lawal, S.; Krishnan, R. Utilizing Policy Machine for Attribute-Based Access Control in Permissioned Blockchain. In Proceedings of the 2021 IEEE International Conference on Omni-Layer Intelligent Systems (COINS), Barcelona, Spain, 23–25 August 2021. [Google Scholar]
- Iqbal, M.; Matulevičius, R. Comparison of Blockchain-Based Solutions to Mitigate Data Tampering Security Risk. In Proceedings of the Business Process Management: Blockchain and Central and Eastern Europe Forum, Vienna, Austria, 1–6 September 2019; pp. 13–28. [Google Scholar]
- Zou, X.; Deng, X.; Wu, T.; Chen, C. A Collusion Attack on Identity-Based Public Auditing Scheme via Blockchain. In Advances in Intelligent Information Hiding and Multimedia Signal Processing; Springer: Berlin/Heidelberg, Germany, 2019; pp. 97–105. [Google Scholar]
- Ateniese, G.; Fu, K.; Green, M.; Hohenberger, S. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 2006, 9, 1–30. [Google Scholar] [CrossRef]
- Xia, Q.; Sifah, E.; Smahi, A.; Amofa, S.; Zhang, X. BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments. Information 2017, 8, 44. [Google Scholar] [CrossRef]
- Wang, S.; Wang, X.; Zhang, Y. A Secure Cloud Storage Framework With Access Control Based on Blockchain. IEEE Access 2019, 7, 112713–112725. [Google Scholar] [CrossRef]
- Alsalamah, H.; Nasser, S.; Alsalamah, S.; Almohana, A.; Alanazi, A.; Alrrshaid, F. Wholesome Coin: A pHealth Solution to Reduce High Obesity Rates in Gulf Cooperation Council Countries Using Cryptocurrency. Front. Blockchain 2021, 4. [Google Scholar] [CrossRef]
- Mani, V.; Manickam, P.; Alotaibi, Y.; Alghamdi, S.; Khalaf, O. Hyperledger Healthchain: Patient-Centric IPFS-Based Storage of Health Records. Electronics 2021, 10, 3003. [Google Scholar]
- Kan, J.; Zhang, J.; Liu, D.; Huang, X. Proxy Re-Encryption Scheme for Decentralized Storage Networks. Appl. Sci. 2022, 12, 4260. [Google Scholar] [CrossRef]
- Androulaki, E.; Barger, A.; Bortnikov, V.; Cachin, C.; Christidis, K.; De Caro, A.; Enyeart, D.; Ferris, C.; Laventman, G.; Manevich, Y.; et al. Hyperledger fabric. In Proceedings of the Thirteenth EuroSys Conference, Porto, Portugal, 23–26 April 2018. [Google Scholar]
- Available online: https://hyperledgerfabric.readthedocs.io/en/release-2.2 (accessed on 9 December 2021).
- Nizamuddin, N.; Salah, K.; Ajmal Azad, M.; Arshad, J.; Rehman, M. Decentralized document version control using ethereum blockchain and IPFS. Comput. Electr. Eng. 2019, 76, 183–197. [Google Scholar] [CrossRef] [Green Version]
- Thangam, V.; Chandrasekaran, K. Elliptic Curve Based Proxy Re-Encryption. In Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies (ICTCS ’16), Udaipur, India, 4–5 March 2016. [Google Scholar]
- Zhang, F.; Safavi-Naini, R.; Susilo, W. An Efficient Signature Scheme from Bilinear Pairings and Its Applications. In Public Key Cryptography—PKC 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 277–290. [Google Scholar]
- Udin, M.; Halim, S.; Jayes, M.; Kamarulhaili, H. Application of message embedding technique in ElGamal Elliptic Curve Cryptosystem. In Proceedings of the 2012 International Conference on Statistics in Science, Business and Engineering (ICSSBE), Langkawi, Malaysia, 10–12 September 2012. [Google Scholar]
- Yuan, E.; Tong, J. Attributed based access control (ABAC) for Web services. In Proceedings of the IEEE International Conference on Web Services (ICWS’05), Orlando, FL, USA, 11–15 July 2005. [Google Scholar]
- Johnson, D.; Menezes, A.; Vanstone, S. The Elliptic Curve Digital Signature Algorithm (ECDSA). Int. J. Inf. Secur. 2001, 1, 36–63. [Google Scholar] [CrossRef]
- Wang, R.; Ye, K.; Meng, T.; Xu, C. Performance Evaluation on Blockchain Systems: A Case Study on Ethereum, Fabric, Sawtooth and Fisco-Bcos. In Services Computing—SCC 2020; Springer: Berlin/Heidelberg, Germany, 2020; pp. 120–134. [Google Scholar]
- Blockchain—Wikipedia. Available online: https://en.wikipedia.org/wiki/Blockchain (accessed on 20 June 2022).
Item | Signature Value | Sender | Receiver | Signature Verification | |
---|---|---|---|---|---|
Phase | |||||
Data storage phase | Patient | Hyperledger Fabric | |||
Data access phase | Doctor | Hyperledger Fabric | |||
Patient | Doctor | ||||
Diagnosis phase | Doctor | Hyperledger Fabric |
Item | Message Length | 4G (100 Mbps) | 5G (20 Gbps) | |
---|---|---|---|---|
Phase | ||||
Registration phase | 960 bits | 9.6 μs | 0.048 μs | |
Data storage phase | 2880 bits | 29 μs | 0.114 μs | |
Data access phase | 3289 bits | 33 μs | 0.164 μs | |
Diagnosis phase | 4473 bits | 45 μs | 0.224 μs |
Party | Patient | Doctor | Hyperledger Fabric | |
---|---|---|---|---|
Phase | ||||
Data storage phase | ||||
Data access phase | ||||
Diagnosis phase |
Authors | Year | Objective | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
---|---|---|---|---|---|---|---|---|---|
Xia et al. [18] | 2017 | Solve the problem of data shareability and control in the cloud through blockchain. | Y | Y | Y | N | Y | N | N |
Wang et al. [19] | 2019 | Access control of data in cloud storage is achieved through Ethernet combined with secret attribute policy-based encryption. | Y | Y | Y | Y | Y | N | N |
Alsalamah et al. [20] | 2021 | Use IoT devices to monitor people’s physical health data, issue medical currencies through blockchain technology, and create a reward mechanism between the two. | Y | N | Y | N | Y | N | Y |
Mani et al. [21] | 2021 | Using IPFS to store medical data to solve the blockchain storage capacity problem. | Y | N | Y | N | Y | Y | N |
Kan et al. [22] | 2022 | Reduce the cost of re-encryption key replication in a decentralized storage environment with CAA-secure’s proxy re-encryption solution. | Y | Y | Y | N | Y | N | N |
Ours | 2022 | Propose a Fabric-based system with an incentive model for sharing and storing medical privacy data. | Y | Y | Y | Y | Y | Y | Y |
Comparison Items | Bitcoin | Ethereum | Hyperledger Fabric |
---|---|---|---|
Description | Quantitative blockchain platform | Modular blockchain platform | Generic blockchain platform |
Scene | Public chain | Public chain | Federation chain |
Consensus algorithm | Proof of work (POW) | Proof of work (PoW) | Practical byzantine fault tolerance (PBFT) |
Throughput | 7 TPS | 25 TPS | 1000 TPS |
Decentralization | Complete decentralization | Complete decentralization | Partial de-centralization |
Smart contract | No | Yes | Yes |
Scalability | No | No | Yes |
Authentication | No | No | Yes |
Privacy | No | No | Yes |
Pluggability | No | No | Yes |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhan, W.; Chen, C.-L.; Weng, W.; Tsaur, W.-J.; Lim, Z.-Y.; Deng, Y.-Y. Incentive EMR Sharing System Based on Consortium Blockchain and IPFS. Healthcare 2022, 10, 1840. https://doi.org/10.3390/healthcare10101840
Zhan W, Chen C-L, Weng W, Tsaur W-J, Lim Z-Y, Deng Y-Y. Incentive EMR Sharing System Based on Consortium Blockchain and IPFS. Healthcare. 2022; 10(10):1840. https://doi.org/10.3390/healthcare10101840
Chicago/Turabian StyleZhan, Wanbing, Chin-Ling Chen, Wei Weng, Woei-Jiunn Tsaur, Zi-Yi Lim, and Yong-Yuan Deng. 2022. "Incentive EMR Sharing System Based on Consortium Blockchain and IPFS" Healthcare 10, no. 10: 1840. https://doi.org/10.3390/healthcare10101840