Enabling trustworthy personal data protection in eHealth and well-being services through privacy-by-design

Users are each day more aware of their privacy and data protection. Although this problem is transversal to every digital service, it is especially relevant when critical and personal information is managed, as in eHealth and well-being services. During the last years, many different innovative services in this area have been proposed. However, data management challenges are still in need of a solution. In general, data are directly sent to services but no trustworthy instruments to recover these data or remove them from services are available. In this scheme, services become the users’ data owners although users keep the rights to access, modify, and be forgotten. Nevertheless, the adequate implementation of these rights is not guaranteed, as services use the received data with commercial purposes. In order to address and solve this situation, we propose a new trustworthy personal data protection mechanism for well-being services, based on privacy-by-design technologies. This new mechanism is based on Blockchain networks and indirection functions and tokens. Blockchain networks execute transparent smart contracts, where users’ rights are codified, and store the users’ personal data which are never sent or given to external services. Besides, permissions and privacy restrictions designed by users to be applied to their data and services consuming them are also implemented in these smart contracts. Finally, an experimental validation is also described to evaluate the Quality of Experience (in terms of user satisfaction) and Quality of Service (in terms of processing delay) compared to traditional service provision solutions.

[1]  K. Clauson,et al.  Pragmatic, Interdisciplinary Perspectives on Blockchain and Distributed Ledger Technology: Paving the Future for Healthcare , 2018 .

[2]  Borja Bordel,et al.  Blockchain Technologies for Private Data Management in AmI Environments , 2018, UCAmI.

[3]  Andrew Lippman,et al.  A Case Study for Blockchain in Healthcare : “ MedRec ” prototype for electronic health records and medical research data , 2016 .

[4]  Carl A. Gunter,et al.  Privacy and Security in Mobile Health: A Research Agenda , 2016, Computer.

[5]  Chunxiao Jiang,et al.  Information Security in Big Data: Privacy and Data Mining , 2014, IEEE Access.

[6]  Robert H. Deng,et al.  Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control , 2018, IEEE Internet of Things Journal.

[7]  Jiguo Li,et al.  Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation , 2014, International Journal of Information Security.

[8]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[9]  M. Cowles,et al.  On the Origins of the . 05 Level of Statistical Significance , 2005 .

[10]  D. Upton,et al.  Improving data transparency in clinical trials using blockchain smart contracts , 2016, F1000Research.

[11]  Borja Bordel,et al.  A Blockchain-Based Authorization System for Trustworthy Resource Monitoring and Trading in Smart Communities , 2018, Sensors.

[12]  Mahadev Satyanarayanan,et al.  The Emergence of Edge Computing , 2017, Computer.

[13]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[14]  Alptekin Küpçü,et al.  Research issues for privacy and security of electronic health services , 2017, Future Gener. Comput. Syst..

[15]  Jizhong Zhao,et al.  Secure and Efficient Control Transfer for IoT Devices , 2013, Int. J. Distributed Sens. Networks.

[16]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[17]  Iván González,et al.  m-Health: Lessons Learned by m-Experiences , 2018, Sensors.

[18]  Jianfeng Ma,et al.  A privacy preserving three-factor authentication protocol for e-Health clouds , 2016, The Journal of Supercomputing.

[19]  Vishal Patel,et al.  A framework for secure and decentralized sharing of medical imaging data via blockchain consensus , 2019, Health Informatics J..

[20]  H. Vincent Poor,et al.  Community-Structured Evolutionary Game for Privacy Protection in Social Networks , 2018, IEEE Transactions on Information Forensics and Security.

[21]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[22]  Mihir Bellare,et al.  Hash Function Balance and Its Impact on Birthday Attacks , 2004, EUROCRYPT.

[23]  Jun Du,et al.  Distributed Data Privacy Preservation in IoT Applications , 2018, IEEE Wireless Communications.

[24]  Paul Voigt,et al.  The EU General Data Protection Regulation (GDPR) , 2017 .

[25]  Paul Voigt,et al.  The Eu General Data Protection Regulation (Gdpr): A Practical Guide , 2017 .

[26]  Sreeram Kannan,et al.  Coded Merkle Tree: Solving Data Availability Attacks in Blockchains , 2019, IACR Cryptol. ePrint Arch..

[27]  Diego Sánchez de Rivera,et al.  Recognition of activities of daily living in Enhanced Living Environments , 2017 .

[28]  Wei Jiang,et al.  Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control , 2016, Journal of Medical Systems.

[29]  Zheng Zhou,et al.  Development and validation of an instrument to measure user perceived service quality of information presenting Web portals , 2005, Inf. Manag..

[30]  Borja Bordel,et al.  Provision of next-generation personalized cyber-physical services , 2018, 2018 13th Iberian Conference on Information Systems and Technologies (CISTI).

[31]  Daisuke Ichikawa,et al.  Tamper-Resistant Mobile Health Using Blockchain Technology , 2017, JMIR mHealth and uHealth.

[32]  T. Robles,et al.  Digital Food Product Traceability: Using Blockchain in the International Commerce , 2018, Advances in Intelligent Systems and Computing.

[33]  Borja Bordel,et al.  Assessment of human motivation through analysis of physiological and emotional signals in Industry 4.0 scenarios , 2017 .

[34]  Anastasiia Pika,et al.  Privacy-Preserving Process Mining in Healthcare † , 2020, International journal of environmental research and public health.

[35]  Jörg Becker,et al.  Can We Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency , 2012, WEIS.

[36]  Josip Car,et al.  Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment , 2015, BMC Medicine.

[37]  O. Ben-Assuli,et al.  Electronic health records, adoption, quality of care, legal and privacy issues and their implementation in emergency departments. , 2015, Health policy.

[38]  J. L. Bender,et al.  Ethics and Privacy Implications of Using the Internet and Social Media to Recruit Participants for Health Research: A Privacy-by-Design Framework for Online Recruitment , 2017, Journal of medical Internet research.

[39]  Borja Bordel,et al.  Cyber-physical systems: Extending pervasive sensing from control theory to the Internet of Things , 2017, Pervasive Mob. Comput..

[40]  Markus Jakobsson,et al.  Security of Signed ElGamal Encryption , 2000, ASIACRYPT.

[41]  Borja Bordel,et al.  Protecting Industry 4.0 Systems Against the Malicious Effects of Cyber-Physical Attacks , 2017, UCAmI.

[42]  Borja Bordel,et al.  A Blockchain-based Water Control System for the Automatic Management of Irrigation Communities , 2019, 2019 IEEE International Conference on Consumer Electronics (ICCE).

[43]  Kim-Kwang Raymond Choo,et al.  Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy? , 2018, IEEE Cloud Computing.

[44]  Borja Bordel,et al.  Stochastic and Information Theory Techniques to Reduce Large Datasets and Detect Cyberattacks in Ambient Intelligence Environments , 2018, IEEE Access.

[45]  Ramón Alcarria,et al.  Protecting Private Communications in Cyber-Physical Systems through Physical Unclonable Functions , 2019, Electronics.

[46]  Yvonne O'Connor,et al.  Privacy by Design: Informed Consent and Internet of Things for Smart Health , 2017, EUSPN/ICTH.

[47]  Sai Teja Kadiyala,et al.  Security/Privacy in Health Care Monitoring Using Wireless Sensor Networks , 2017 .

[48]  Borja Bordel,et al.  Process execution in Cyber-Physical Systems using cloud and Cyber-Physical Internet services , 2018, The Journal of Supercomputing.

[49]  Craig Costello,et al.  Selecting elliptic curves for cryptography: an efficiency and security analysis , 2016, Journal of Cryptographic Engineering.

[50]  S. Katz,et al.  STUDIES OF ILLNESS IN THE AGED. THE INDEX OF ADL: A STANDARDIZED MEASURE OF BIOLOGICAL AND PSYCHOSOCIAL FUNCTION. , 1963, JAMA.

[51]  Matthew B Hoy An Introduction to the Blockchain and Its Implications for Libraries and Medicine , 2017, Medical reference services quarterly.