Toward Secure, Privacy-Preserving, and Interoperable Medical Data Sharing via Blockchain

In the era of cloud computing and big data analysis, how to efficiently share and utilize medical information scattered across various care providers has become a critical problem. This paper proposes a new framework for sharing medical data in a secure and privacy-preserving way. This framework holistically integrates multi-authority attribute based encryption, blockchain and smart contract, as well as software defined networking to define and enforce sharing policies. Specifically in our framework, patients' medical records are encrypted and stored in hospital databases, where strict access controls are enforced with attribute based encryption coupled with privacy level classification. Our framework leverages blockchain technology to connect scattered private databases from participating hospitals for efficient and secure data provision, smart contracts to enable the business logic of clinical data usage, and software defined networking to revoke sharing privileges. The performance evaluation of our prototype demonstrates that the associated computation costs are reasonable in practice.

[1]  Kevin J. Peterson,et al.  A Blockchain-Based Approach to Health Information Exchange Networks , 2016 .

[2]  Yan Luo,et al.  A Review of Secure and Privacy-Preserving Medical Data Sharing , 2019, IEEE Access.

[3]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[4]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[5]  Bian Yang,et al.  A Blockchain-based Approach to the Secure Sharing of Healthcare Data , 2017 .

[6]  Rui Guo,et al.  Secure Attribute-Based Signature Scheme With Multiple Authorities for Blockchain in Electronic Health Records Systems , 2018, IEEE Access.

[7]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[8]  Young-Sik Jeong,et al.  DistBlockNet: A Distributed Blockchains-Based Secure SDN Architecture for IoT Networks , 2017, IEEE Communications Magazine.

[9]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[10]  Joseph K. Liu,et al.  Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption , 2015, Future Gener. Comput. Syst..

[11]  Kai Fan,et al.  MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain , 2018, Journal of Medical Systems.

[12]  Yan Luo,et al.  A Blockchain Future for Secure Clinical Data Sharing: A Position Paper , 2019, SDN-NFV@CODASPY.

[13]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[14]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[15]  Xiaohua Jia,et al.  Attributed-Based Access Control for Multi-authority Systems in Cloud Storage , 2012, 2012 IEEE 32nd International Conference on Distributed Computing Systems.

[16]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[17]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[18]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[19]  Qi Xia,et al.  BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments , 2017, Inf..

[20]  Mohsen Guizani,et al.  MeDShare: Trust-Less Medical Data Sharing Among Cloud Service Providers via Blockchain , 2017, IEEE Access.

[21]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.