Next Article in Journal
Cooperative SWIPT MIMO-NOMA for Reliable THz 6G Communications
Previous Article in Journal
Performance Evaluation of Machine Learning and Neural Network-Based Algorithms for Predicting Segment Availability in AIoT-Based Smart Parking
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Network
Volume 2
Issue 2
10.3390/network2020016
Review Report
network-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Towards Secure Searchable Electronic Health Records Using Consortium Blockchain

Network 2022, 2(2), 239-256; https://doi.org/10.3390/network2020016
by Muneera Alsayegh 1, Tarek Moulahi 1,*, Abdulatif Alabdulatif 2 and Pascal Lorenz 3
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Network 2022, 2(2), 239-256; https://doi.org/10.3390/network2020016
Submission received: 20 March 2022 / Revised: 16 April 2022 / Accepted: 18 April 2022 / Published: 20 April 2022

Round 1

Reviewer 1 Report

The article is well organized however there are certain unclear sections. Below I provide some suggestions for improving your work.

1) The title refers to a blockchain consortium however a private blockchain is also presented in the proposed framework, why?

2) Why do you introduce section 2.1 with IoT technology? The section should focus mainly on blockchain applications for the healthcare sector.

3) The reference to figure 2 is not present in the main text

4) The overview of the proposed framework is really unclear (Figure 3). Why is it necessary to use two types of blockchain? What is the role of the system manager in a decentralized solution? Why is the term "Patient's" ID present twice in the figure 3? The orientation of the arrows is unclear as the role of each of the actors is not well defined. Why are servers represented between the system manager and the blockchain?

5) In the discussion section it is necessary to compare the performance measurements achieved by the other works proposed in the table 2 to understand how much your system is computationally efficient.

6) The managerial and methodological implications of the study are missing

7) Check punctuation and grammar errors 

Author Response

 

Authors’ reply

Reviewer comments

Reviewer 1

Because the focus of this work is on secure EHR sharing via encryption and PRE scheme, as well as most processes in our proposed protocol based smart contract on the consortium blockchain. However, the private blockchain is only used for storing EHR as a medical server, whereas the consortium blockchain is used for all other schemes.

The title refers to a blockchain consortium however a private blockchain is also presented in the proposed framework, why?

We would thank the respected reviewer for this comment. In the new version of manuscript, we removed the introduction of IoT.

 

Why do you introduce section 2.1 with IoT technology? The section should focus mainly on blockchain applications for the healthcare sector.

We would thank the respected reviewer for this note, and we modified it in the manuscript.

 

The reference to figure 2 is not present in the main text

We thank the respected reviewer for this comment, and we modify the figure to solve the problem of present patient's ID twice. In the manuscript we add more details in each step of our proposed protocol and explain the roles of each actor as follows:

The proposed protocol is divided into 3 phases and each phase relay on the previous phase as shown in Figure 3. Phase 1 is called the registration phase, this step aimed to preserve the patient’s privacy and gained full access control over her/his data, the input of this step is the real identity of a patient, and the output is pro­ducing the patient’s blockchain address which will be used as visit card to avoid patient's identity disclosed. In this step, the system manager produces the pair of patient’s and doctor's private and public keys. The system manager also generates the keyword from the key server as the output of this phase. Phase 2 denoted by data storage is aimed to encrypt EHRs with the patient’s identity and send it to a private blockchain and encrypt the index by doctor's public key using Public Key encryp­tion with conjunctive Keyword Searchable (PKES) scheme and sent it to the smart contract in consortium blockchain, the inputs of this step are the patient’s address and his/her EHR, and the outputs storing the encrypted EHRs and the secure encrypted index.. Phase 3 denoted by data sharing is aimed to provide secure EHRs sharing based blockchain for the data users under the patient’s control, this step receives the trapdoor from the third party which is contained the private key of a patient, and the keyword ; the outputs are sending ordered EHRs to the third party and implements proxy re-encryption (PRE) by the system manager to re-encrypt the index by patient’s private key after each decrypt and renewal the keyword set after an epoch similar with [1]

 

The overview of the proposed framework is really unclear (Figure 3). Why is it necessary to use two types of blockchain? What is the role of the system manager in a decentralized solution? Why is the term "Patient's" ID present twice in the figure 3? The orientation of the arrows is unclear as the role of each of the actors is not well defined. Why are servers represented between the system manager and the blockchain?

In table 2, we compared the security aspects of our proposed protocol with other works, and in the experimental result section of the new version of our manuscript, we compared our work's experimental results to those of other papers as follows:

''In figure 5 we can see that the more the record size length the more computational time is similar with the results of [3].

In figure 7, we can see that the growth of record size impact on gas consuming similar with the results of [4].''

 

In the discussion section it is necessary to compare the performance measurements achieved by the other works proposed in the table 2 to understand how much your system is computationally efficient.

In problem statement section we explain the research gap and how our proposed protocol can help in need. This section presents the managerial and methodological implications of the study as follows:

''EHRs are important, sensitive, and private data that must be always kept secure and available. Intentional or unintended security risks may compromise healthcare systems. EHRs contain confidential data for medical diagnosis and care so, it must be exchanged regularly by various parties. Unauthorized people can access patient records then the data’s confidentiality and availability are compromised. The security goal of the healthcare industry is to ensure the availability, confidentiality, and integrity of their services. Besides that, access to EHRs should be restricted to protect the data’s security and privacy by preventing unauthorized entities from changing the meaning of EHR. However, all systems that interact with the patients must respect their privacy and the data owners (patients) must have full control of their EHRs. Recently, several studies have proposed blockchain technology as a practical solution that can protect data integrity and availability, but it does not protect data sharing confidentiality since any transaction in the blockchain is visible to the public [6] [7]. Besides, access authorization is needed to protect the privacy of EHRs and the interoperability can assist patients in managing their EHR access rights [4] [5].''

 

The managerial and methodological implications of the study are missing

We would thank the respected reviewer for this note, and we are re-reading the manuscript and modified the errors.

 

 

Check punctuation and grammar errors 

 

  • Zhang, Y., Xu, C., Ni, J., Li, H., Shen, X.S.: Blockchain-assisted public-key encryption with keyword search against keyword guessing attacks for cloud storage. IEEE Trans. Cloud Comput. 9(4), 1335–1348 (2021)

 

  • Mao, A.M., Using Smart and Secret Sharing for Enhanced Authorized Access to Medical Data in Blockchain. 2020, Carleton University.
  • Niu, S., Li, W., Liu, W.: Electronic health record data sharing crypto­graphic algorithm based on In: International Conference on Artificial Intelligence and Security, pp. 363–375 (2020). Springer

 

  • Wang, Y., Zhang, A., Zhang, P., Wang, H.: Cloud-assisted EHR sharing with security and privacy preservation via consortium IEEE Access 7, 136704–136719 (2019)
  • Fan, Y., Wang, J., Hong, Z., Lei, X., Xia, F., Ma, J., Peng, C., Sun, X.: A blockchain-based data-sharing architecture. In: International Conference on Blockchain and Trustworthy Systems, pp. 636–647 (2019). Springer
  • Hussien, M., Yasin, S.M., Udzir, N.I., Zaidan, A.A., Zaidan, B.B.: A systematic review for enabling of develop a blockchain technology in healthcare application: Taxonomy, substantially analysis, motiva­tions, challenges, recommendations and future direction. J. Medical Syst. 43(10), 320–132035 (2019)
  • Shen, , Zhu, L., Xu, K.: Blockchain: Empowering Secure Data Sharing. Springer, ??? (2020)

 

Reviewer 2 Report

The authors present a solution that can be applied in a consortium blockchain for secure searchable electronic health records. The topic is of great interest in general. The approach that is described advances the use of heavy encryption in addition to the one already provided by the blockchain. This results in a very complex solution that, in a way, cancels the functionality of the blockchain. In addition, the authors describe testing their solution using Ethereum blockchain while in the title, they are talking about consortium Blockchains. This in fact is something that should be more heavily presented, since a consortium solution is, often, less decentralized but decentralization is not covered enough for its role. Finally, there should be a heavy review of the language because it is often very difficult to follow the meaning of the text.

Author Response

Ref.: network-1667054

This protocol does not eliminate the blockchain's functionality because the blockchain ensures the integrity and availability of our proposed protocol, and during the data storage phase, EHR is encrypted and stored in a secure private blockchain relay only on blockchain techniques.

 

Reviewer 2

The approach that is described advances the use of heavy encryption in addition to the one already provided by the blockchain. This results in a very complex solution that, in a way, cancels the functionality of the blockchain.

We recommend using consortium blockchain to store the secure index since consortium is a combination of public and private blockchains and has faster transection [2] than public blockchains. Aside from that, Ethereum is a blockchain platform using with consortium blockchain, that we recommend using to create smart contracts.

 

In addition, the authors describe testing their solution using the Ethereum blockchain while in the title, they are talking about consortium Blockchains. This in fact is something that should be more heavily presented, since a consortium solution is, often, less decentralized but decentralization is not covered enough for its role.

We would like to appreciate the respected reviewer for this comment, and we are re-reading the manuscript and enhance the language.

 

Finally, there should be a heavy review of the language because it is often very difficult to follow the meaning of the text.

 

Reviewer 3 Report

In the submitted manuscript, titled "Towards Secure Searchable Electronic Health Records using Consortium Blockchain”, the authors propose a secure blockchain-based Electronic Health Records (EHRs) sharing system, which is aimed to face the significant data privacy implications associated with such a task.

In this context, after several experiments/analyses, they claim that the proposed system is able to grant the security goals, indicating also to be computationally efficient.

 

As a first observation, the authors use different ways to refer to their work (e.g., “our study”, “our paper”, “our system”, and “our proposed solution”), for reasons of clarity I suggest using only one (e.g., “proposed approach”).

 

The proposed manuscript is not carefully written, I suggest to the authors a careful re-reading of it in order to fix some typos and/or grammatical forms such as, for instance:

- “we simulate basic cryptographics” instead of “we simulate basic cryptography”;

- “is computationally efficient..” instead of “is computationally efficient.”;

- “the the system availability” instead of “the system availability”;

- “by hackers. leading” instead of “by hackers, leading”;

- “for example in” instead of “for example, in”;

- “In recent years two” instead of “In recent years, two”;

- “bring encouraging solution” instead of “bring an encouraging solution”;

- “Blockchain has revealed in 2018 [4] that facilitate ” instead of “Blockchain has revealed in 2018 [4] that facilitates”;

- “when try to encrypt” instead of “when trying to encrypt”;

- “in systems typically” instead of “in systems is typically”;

- “developed scheme promotes” instead of “developed a scheme that promotes”;

- incorrect use of “which/that”;

- “collection, analysis and surveillance” instead of “collection, analysis, and surveillance”, “Identification, Authentication and Authorization” instead of “Identification, Authentication, and Authorization” and, more generally, the entire manuscript is non-compliance with the rule related to the use of a comma before "and" (and other coordinating conjunctions);

- use of informal expressions s(e.g., “haven’t”) that are not appropriate in the context of a (formal) scientific article.

- … And many others, considering that I recognized all the above problems only in the first pages of the manuscript.

I suggest involving a native-English speaker in the above process in order to fix typos, grammatical form, and sentence construction.

 

The introductory part of the proposed manuscript should be revised and reorganized: in this regard, I suggest using the "Introduction" section only to provide an overview of the research area under consideration, providing detailed information in the "Related Work" section, which I suggest renaming as " Background and Related Work", where I also suggest moving many of the contents of the" Preliminaries "section, in order to better organize the manuscript contents and make the reading more understandable and fluent.

In addition, the authors should discuss further works that are relevant in the research area taken into account, as to provide an adequate overview to the readers.

 

The literature references are relevant and up-to-date but according to my previous observation, the authors should add and discuss additional works that are very close or directly related to the research field taken into account, such as, just by way of example:

(-) Shahnaz, Ayesha, Usman Qamar, and Ayesha Khalid. "Using blockchain for electronic health records." IEEE Access 7 (2019): 147782-147795.

(-) Behl, Dushyant, et al. "Trusted data notifications from private blockchains." 2020 IEEE International Conference on Blockchain (Blockchain). IEEE, 2020.

(-) Longo, Riccardo, et al. Analysis of a consensus protocol for extending consistent subchains on the bitcoin blockchain." Computation 8.3 (2020): 67.

(-) Saini, Akanksha, et al. "A smart-contract-based access control framework for cloud smart healthcare system." IEEE Internet of Things Journal 8.7 (2020): 5914-5925.

(-) Saia, Roberto, et al. "A Blockchain-Based Distributed Paradigm to Secure Localization Services." Sensors 21.20 (2021): 6814.

(-) Kiwelekar, Arvind W., et al. "Blockchain-based security services for fog computing." Fog/Edge Computing For Security, Privacy, and Applications. Springer, Cham, 2021. 271-290.

(-) … And so on.

 

About the “Conclusion” section, the authors should expand the given information by recapping all the main steps of their manuscript, in order to offer to the readers a brief but complete summary of the work carried out.

In this section, they should also better underline the possible advantages of the proposed work with regard to the state-of-the-art ones.

 

To summarize, apart from the minor issues I highlighted before, the main weakness I found in the proposed work is the absence of a “clear” and “strong” scientific contributions, also in light of the limitations declared by the authors but, above all, with regard to the current literature that offers similar solutions.

For this reason, the authors must define the scientific contributions clearly, with regard to the state-of-the-art solutions, underlining the differences between the existing works and the one they propose.

Author Response

We would thank the respected reviewer for this comment, and we are re-reading the manuscript and corrected the errors.

Reviewer 3

As a first observation, the authors use different ways to refer to their.

We would like to appreciate the respected reviewer for this comment, and we are re-reading the manuscript and modified the errors. Also, we reorganized the manuscript as what the reviewer suggest.

I suggest involving a native-English speaker in the above process in order to fix typos, grammatical form, and sentence construction. The introductory part of the proposed manuscript should be revised and reorganized

We would thank the respected reviewer for his suggestion references. we are providing in section 2.5.4 Blockchain-based searchable encryption and access control schemes, the most related works which used access control protocol and searchable encryption together and in above sections we are beginning with overview of using blockchain in EHR applications and in next two sections we are provide using searchable encryption schemes for EHR based blockchain and access control schemes for EHR based blockchain. The reviewer suggestion papers focus on EHR based blockchain without using cryptography or access control protocols, which are similar with the references we added it before in first section of related work.

the authors should add and discuss additional works that are very close or directly related to the research field taken into account

We would thank the respected reviewer for this comment, and conclude the paper as follows:

This paper investigated how this study preserves the privacy and security of sharing EHRs on the two types of blockchain network. The private blockchain to storing encrypted EHR and patient's identity, centurium blockchain based smart contract to storing encrypted index using public key encryption by implement ECDH algorithm with a conjunctive keyword searchable. We examined the performance of the blockchain-based EHR-sharing protocol in terms of patient access control, integrity, confidentiality, authentication, secure searches, and index protection from the KGA problem. We examined the proposed protocol with different record sizes and with different key encryption sizes to measure the time computational and gas consuming used.  The results shown the growth in record length and key size have a significant impact on the encryption algorithm's computational and communicational cost. To better understand the benefits and draw­backs of sharing EHR in the blockchain, we could benefit from using accurate patient data in our research but, the high costs of deploying our proposed protocol in a real blockchain environment like Ethereum constrained our work

About the “Conclusion” section, the authors should expand the given information by recapping all the main steps of their manuscript, in order to offer to the readers a brief but complete summary of the work carried out.

 

We provide the possible advantage by comparing our proposed protocol with existing works and display the results in table2 of our paper.

In this section, they should also better underline the possible advantages of the proposed work with regard to the state-of-the-art ones.

We would thank the respected reviewer for this comment,

 and we re-write the contributions as follows:

1.   To address the problem of poor AC of patients over their EHR, we suggest using a PRE-based blockchain to preserve the privacy of EHR and patients' fine-grained AC by re-encrypting the data by the patient's public key after each access by a third party (data researchers).

2.   To address the problem of patient identity disclosure, we suggest storing the real identity in a private blockchain and using a unique blockchain address as pointer to their identity.

3.   To address the problem of preserving confidentiality in an EHR-sharing blockchain, we suggest using PEKS with a conjunctive -keyword searchable scheme to store the encrypted index in the smart contract on a consortium Ethereum blockchain then storing the EHR in a private blockchain and periodically using a renewal key server technique to prevent compromising the key server and solve KGA problem

 

To summarize, apart from the minor issues I highlighted before, the main weakness I found in the proposed work is the absence of a “clear” and “strong” scientific contributions, also in light of the limitations declared by the authors but, above all, with regard to the current literature that offers similar solutions.

For this reason, the authors must define the scientific contributions clearly, with regard to the state-of-the-art solutions, underlining the differences between the existing works and the one they propose.

 

 

Round 2

Reviewer 1 Report

The authors addressed all my comments. Please check your grammar on the entire text (for example see line 525 "privacis y preservation" is not english).

Author Response

The whole paper was checked and corrected again

Back to TopTop