BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments

Disseminating medical data beyond the protected cloud of institutions poses severe risks to patients’ privacy, as breaches push them to the point where they abstain from full disclosure of their condition. This situation negatively impacts the patient, scientific research, and all stakeholders. To address this challenge, we propose a blockchain-based data sharing framework that sufficiently addresses the access control challenges associated with sensitive data stored in the cloud using immutability and built-in autonomy properties of the blockchain. Our system is based on a permissioned blockchain which allows access to only invited, and hence verified users. As a result of this design, further accountability is guaranteed as all users are already known and a log of their actions is kept by the blockchain. The system permits users to request data from the shared pool after their identities and cryptographic keys are verified. The evidence from the system evaluation shows that our scheme is lightweight, scalable, and efficient.

[1]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[2]  Ryan Ausanka-Crues,et al.  Methods for Access Control : Advances and Limitations , 2006 .

[3]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[4]  Yong Wang,et al.  A survey of security issues in wireless sensor networks , 2006, IEEE Communications Surveys & Tutorials.

[5]  Deng Yun-hua,et al.  Advances and limitations of Construction Grammar , 2007 .

[6]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[7]  Hui-Feng Huang,et al.  A novel access control protocol for secure sensor networks , 2009, Comput. Stand. Interfaces.

[8]  Achim D. Brucker,et al.  SecureBPMN: modeling and enforcing access control requirements in business processes , 2012, SACMAT '12.

[9]  Zora Konjovic,et al.  Modeling context for access control systems , 2012, 2012 IEEE 10th Jubilee International Symposium on Intelligent Systems and Informatics.

[10]  Fan Wu,et al.  An adaptable and scalable group access control scheme for managing wireless sensor networks , 2013, Telematics Informatics.

[11]  Josep Domingo-Ferrer,et al.  Differential privacy via t-closeness in data publishing , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[12]  Bruce Christianson,et al.  A Survey of Access Control Models in Wireless Sensor Networks , 2014, J. Sens. Actuator Networks.

[13]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Bharat K. Bhargava,et al.  Multilabels-Based Scalable Access Control for Big Data Applications , 2014, IEEE Cloud Computing.

[15]  Prateek Saxena,et al.  SCP: A Computationally-Scalable Byzantine Consensus Protocol For Blockchains , 2015, IACR Cryptol. ePrint Arch..

[16]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[17]  Alex Pentland,et al.  Enigma: Decentralized Computation Platform with Guaranteed Privacy , 2015, ArXiv.

[18]  Wei Jiang,et al.  Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control , 2016, Journal of Medical Systems.

[19]  Aaron Elliott,et al.  Start Here: Engineering Scalable Access Control Systems , 2016, SACMAT.

[20]  Jian Shen,et al.  An Efficient and Secure Identity-Based Authentication and Key Agreement Protocol with User Anonymity for Mobile Devices , 2017, Wirel. Pers. Commun..

[21]  Abdellah Ait Ouahman,et al.  Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT , 2017 .

[22]  Alex Pentland,et al.  Verifiable Anonymous Identities and Access Control in Permissioned Blockchains , 2019, ArXiv.