A Review of Secure and Privacy-Preserving Medical Data Sharing

In the digital healthcare era, it is of the utmost importance to harness medical information scattered across healthcare institutions to support in-depth data analysis and achieve personalized healthcare. However, the cyberinfrastructure boundaries of healthcare organizations and privacy leakage threats place obstacles on the sharing of medical records. Blockchain, as a public ledger characterized by its transparency, tamper-evidence, trustlessness, and decentralization, can help build a secure medical data exchange network. This paper surveys the state-of-the-art schemes on secure and privacy-preserving medical data sharing of the past decade with a focus on blockchain-based approaches. We classify them into permissionlessblockchain-based approaches and permissioned blockchain-based approaches and analyze their advantagesand disadvantages. We also discuss potential research topics on blockchain-based medical data sharing.

[1]  Benjamin Fabian,et al.  Collaborative and secure sharing of healthcare data in multi-clouds , 2015, Inf. Syst..

[2]  Yun Peng,et al.  Lightweight Backup and Efficient Recovery Scheme for Health Blockchain Keys , 2017, 2017 IEEE 13th International Symposium on Autonomous Decentralized System (ISADS).

[3]  Li Xiong,et al.  HIDE: An Integrated System for Health Information DE-identification , 2008, 2008 21st IEEE International Symposium on Computer-Based Medical Systems.

[4]  Rui Guo,et al.  Secure Attribute-Based Signature Scheme With Multiple Authorities for Blockchain in Electronic Health Records Systems , 2018, IEEE Access.

[5]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[6]  Qi Xia,et al.  BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments , 2017, Inf..

[7]  R. Kalaiselvi,et al.  SCALABLE AND SECURE SHARING OF PERSONAL HEALTH RECORDS IN CLOUD COMPUTING , 2016 .

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[10]  Yan Luo,et al.  CareNet: Building a Secure Software-defined Infrastructure for Home-based Healthcare , 2017, SDN-NFV@CODASPY.

[11]  Alysson Neves Bessani,et al.  State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[12]  Mohsen Guizani,et al.  MeDShare: Trust-Less Medical Data Sharing Among Cloud Service Providers via Blockchain , 2017, IEEE Access.

[13]  Xiao Wang,et al.  Blockchain-Powered Parallel Healthcare Systems Based on the ACP Approach , 2018, IEEE Transactions on Computational Social Systems.

[14]  Wei Jiang,et al.  Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control , 2016, Journal of Medical Systems.

[15]  Joseph K. Liu,et al.  Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption , 2015, Future Gener. Comput. Syst..

[16]  Aiqing Zhang,et al.  Towards Secure and Privacy-Preserving Data Sharing in e-Health Systems via Consortium Blockchain , 2018, Journal of Medical Systems.

[17]  Jian Pei,et al.  A brief survey on anonymization techniques for privacy preserving publishing of social network data , 2008, SKDD.

[18]  Panos Kalnis,et al.  Privacy-preserving anonymization of set-valued data , 2008, Proc. VLDB Endow..

[19]  Kai Fan,et al.  MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain , 2018, Journal of Medical Systems.

[20]  Sachin Shetty,et al.  Integrating blockchain for data sharing and collaboration in mobile healthcare applications , 2017, 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).

[21]  Geong Sen Poh,et al.  Searchable Symmetric Encryption , 2017, ACM Comput. Surv..

[22]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[23]  Philip S. Yu,et al.  Anonymizing transaction databases for publication , 2008, KDD.

[24]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[25]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX ATC.

[26]  Chrissa McFarlane,et al.  Patientory : A Healthcare Peer-to-Peer EMR Storage Network v 1 . 1 , 2017 .

[27]  Ninghui Li,et al.  Slicing: A New Approach for Privacy Preserving Data Publishing , 2009, IEEE Transactions on Knowledge and Data Engineering.

[28]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[29]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[30]  Kevin J. Peterson,et al.  A Blockchain-Based Approach to Health Information Exchange Networks , 2016 .

[31]  Alysson Bessani,et al.  A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform , 2017, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[32]  Kim-Kwang Raymond Choo,et al.  Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy? , 2018, IEEE Cloud Computing.

[33]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[34]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[35]  Khaled M. Khan,et al.  Establishing Trust in Cloud Computing , 2010, IT Professional.

[36]  Yogesh L. Simmhan,et al.  Cryptonite: A Secure and Performant Data Repository on Public Clouds , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[37]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[38]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[39]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[40]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[41]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[42]  Lucila Ohno-Machado,et al.  ModelChain: Decentralized Privacy-Preserving Healthcare Predictive Modeling Framework on Private Blockchain Networks , 2018, ArXiv.

[43]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[44]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[45]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.

[46]  Josep Domingo-Ferrer,et al.  Utility-preserving differentially private data releases via individual ranking microaggregation , 2015, Inf. Fusion.

[47]  Miguel A. Labrador,et al.  Privacy-Preserving Mechanisms for Crowdsensing: Survey and Research Challenges , 2017, IEEE Internet of Things Journal.

[48]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[49]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[50]  Xin Huang,et al.  A Secure System For Pervasive Social Network-Based Healthcare , 2016, IEEE Access.

[51]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[52]  Rajiv Ranjan,et al.  Trustworthy Processing of Healthcare Big Data in Hybrid Clouds , 2015, IEEE Cloud Computing.

[53]  Viju Raghupathi,et al.  Big data analytics in healthcare: promise and potential , 2014, Health Information Science and Systems.

[54]  Hong Jiang,et al.  Full integrity and freshness for cloud data , 2018, Future Gener. Comput. Syst..

[55]  Josep Domingo-Ferrer,et al.  Enhancing data utility in differential privacy via microaggregation-based k\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{docume , 2014, The VLDB Journal.

[56]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[57]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[58]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[59]  Yu Zhang,et al.  T-Closeness Slicing: A New Privacy Preserving Approach for Transactional Data Publishing , 2018, INFORMS J. Comput..

[60]  Alex Pentland,et al.  Verifiable Anonymous Identities and Access Control in Permissioned Blockchains , 2019, ArXiv.

[61]  Tharam S. Dillon,et al.  Cloud Computing: Issues and Challenges , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[62]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[63]  M. Shamim Hossain,et al.  Software defined healthcare networks , 2015, IEEE Wireless Communications.

[64]  Bian Yang,et al.  A Blockchain-based Approach to the Secure Sharing of Healthcare Data , 2017 .

[65]  Doan B. Hoang,et al.  Novel Data Protection Model in Healthcare Cloud , 2011, 2011 IEEE International Conference on High Performance Computing and Communications.

[66]  Jian Shen,et al.  An Efficient and Secure Identity-Based Authentication and Key Agreement Protocol with User Anonymity for Mobile Devices , 2017, Wirel. Pers. Commun..

[67]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[68]  Avishai Wool,et al.  Long-Lived Broadcast Encryption , 2000, CRYPTO.

[69]  Yan Luo,et al.  CareNet: Building Regulation-Compliant Home-Based Healthcare Services with Software-Defined Infrastructure , 2017, 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[70]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[71]  John Liagouris,et al.  Disassociation for electronic health record privacy , 2014, J. Biomed. Informatics.

[72]  Christian Cachin,et al.  Architecture of the Hyperledger Blockchain Fabric , 2016 .

[73]  Grammati E. Pantziou,et al.  A k-anonymity privacy-preserving approach in wireless medical monitoring environments , 2012, Personal and Ubiquitous Computing.