Scrybe: A Secure Audit Trail for Clinical Trial Data Fusion

Clinical trials are a multi-billion dollar industry. One of the biggest challenges facing the clinical trial research community is satisfying Part 11 of Title 21 of the Code of Federal Regulations [7] and ISO 27789 [40]. These controls provide audit requirements that guarantee the reliability of the data contained in the electronic records. Context-aware smart devices and wearable IoT devices have become increasingly common in clinical trials. Electronic Data Capture (EDC) and Clinical Data Management Systems (CDMS) do not currently address the new challenges introduced using these devices. The healthcare digital threat landscape is continually evolving, and the prevalence of sensor fusion and wearable devices compounds the growing attack surface. We propose Scrybe, a permissioned blockchain, to store proof of clinical trial data provenance. We illustrate how Scrybe addresses each control and the limitations of the Ethereum-based blockchains. Finally, we provide a proof-of-concept integration with REDCap to show tamper resistance.

[1]  J. A. Katili Sumatra , 1977, Geological Society, London, Special Publications.

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  H. Nakajima Bringing Health to Life , 1995, Promotion & education.

[4]  J Ranstam,et al.  Fraud in medical research: an international survey of biostatisticians. ISCB Subcommittee on Fraud. , 2000, Controlled clinical trials.

[5]  Dirk Fox,et al.  Digital Signature Standard (DSS) , 2001, Datenschutz und Datensicherheit.

[6]  Hhs Office for Civil Rights Standards for privacy of individually identifiable health information. Final rule. , 2002, Federal register.

[7]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[8]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[9]  Yogesh L. Simmhan,et al.  A survey of data provenance in e-science , 2005, SGMD.

[10]  Yogesh L. Simmhan,et al.  A survey of data provenance techniques , 2005 .

[11]  Gregor von Laszewski,et al.  Swift: Fast, Reliable, Loosely Coupled Parallel Computation , 2007, 2007 IEEE Congress on Services (Services 2007).

[12]  Klaus R. Dittrich,et al.  Data Provenance: A Categorization of Existing Approaches , 2007, BTW.

[13]  Brian E. Granger,et al.  IPython: A System for Interactive Scientific Computing , 2007, Computing in Science & Engineering.

[14]  Luc Moreau,et al.  The Open Provenance Model: An Overview , 2008, IPAW.

[15]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.

[16]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[17]  P. Harris,et al.  Research electronic data capture (REDCap) - A metadata-driven methodology and workflow process for providing translational research informatics support , 2009, J. Biomed. Informatics.

[18]  Jay Kreps,et al.  Kafka : a Distributed Messaging System for Log Processing , 2011 .

[19]  Stephen D. Gantz,et al.  FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security , 2012 .

[20]  Yolanda Gil,et al.  PROV Model Primer , 2012 .

[21]  Paul A. Harris,et al.  Procurement of shared data instruments for Research Electronic Data Capture (REDCap) , 2013, J. Biomed. Informatics.

[22]  Carole A. Goble,et al.  The Taverna workflow suite: designing and executing workflows of Web Services on the desktop, web or in the cloud , 2013, Nucleic Acids Res..

[23]  Alysson Neves Bessani,et al.  State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[24]  Margo I. Seltzer,et al.  A primer on provenance , 2014, CACM.

[25]  Hein Meling,et al.  BChain: Byzantine Replication with High Throughput and Embedded Reconfiguration , 2014, OPODIS.

[26]  Andrew W. Appel,et al.  Verification of a Cryptographic Primitive: SHA-256 , 2015, TOPL.

[27]  Quan Zhou,et al.  Komadu: A Capture and Visualization System for Scientific Data Provenance , 2015 .

[28]  Manfred Reichert,et al.  Using Smart Mobile Devices for Collecting Structured Data in Clinical Trials: Results from a Large-Scale Case Study , 2015, 2015 IEEE 28th International Symposium on Computer-Based Medical Systems.

[29]  Michael C. Frank,et al.  Estimating the reproducibility of psychological science , 2015, Science.

[30]  Marko Vukolic,et al.  The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication , 2015, iNetSeC.

[31]  Greg Irving,et al.  How blockchain-timestamped protocols could improve the trustworthiness of medical science , 2016, F1000Research.

[32]  Wei Jiang,et al.  Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control , 2016, Journal of Medical Systems.

[33]  Andrew Lippman,et al.  A Case Study for Blockchain in Healthcare : “ MedRec ” prototype for electronic health records and medical research data , 2016 .

[34]  D. Upton,et al.  Improving data transparency in clinical trials using blockchain smart contracts , 2016, F1000Research.

[35]  Anthony Skjellum,et al.  Provenance threat modeling , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[36]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[37]  Kevin J. Peterson,et al.  A Blockchain-Based Approach to Health Information Exchange Networks , 2016 .

[38]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[39]  Qi Xia,et al.  BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments , 2017, Inf..

[40]  Yun Peng,et al.  Lightweight Backup and Efficient Recovery Scheme for Health Blockchain Keys , 2017, 2017 IEEE 13th International Symposium on Autonomous Decentralized System (ISADS).

[41]  Mohsen Guizani,et al.  MeDShare: Trust-Less Medical Data Sharing Among Cloud Service Providers via Blockchain , 2017, IEEE Access.

[42]  Philippe Ravaud,et al.  Blockchain technology for improving clinical research quality , 2017, Trials.

[43]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[44]  Anirban Basu,et al.  MediBchain: A Blockchain Based Privacy Preserving Platform for Healthcare Data , 2017, SpaCCS Workshops.

[45]  Mattias Scherer,et al.  Performance and Scalability of Blockchain Networks and Smart Contracts , 2017 .

[46]  Pavlos S. Efraimidis,et al.  Notarization of Knowledge Retrieval from Biomedical Repositories Using Blockchain Technology , 2017, BHI 2017.

[47]  Philippe Ravaud,et al.  Blockchain protocols in clinical trials: Transparency and traceability of consent , 2017, F1000Research.

[48]  Michael M. Marefat,et al.  Leveraging blockchain for retraining deep learning architecture in patient-specific arrhythmia classification , 2018, 2018 IEEE EMBS International Conference on Biomedical & Health Informatics (BHI).

[49]  Peng Liu,et al.  Medshare: A Novel Hybrid Cloud for Medical Resource Sharing Among Autonomous Healthcare Providers , 2018, IEEE Access.

[50]  A. Skjellum,et al.  Scrybe : A Blockchain Ledger for Clinical Trials , 2018 .

[51]  Anthony Skjellum,et al.  Blockchain Tradeoffs and Challenges for Current and Emerging Applications: Generalization, Fragmentation, Sidechains, and Scalability , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[52]  Yury Yanovich,et al.  Converging blockchain and next-generation artificial intelligence technologies to decentralize and accelerate biomedical research and healthcare , 2015, Oncotarget.

[53]  Nitesh Nerlekar,et al.  Smart watches for heart rate assessment in atrial arrhythmias. , 2018, International journal of cardiology.

[54]  Minhee Kang,et al.  Recent Patient Health Monitoring Platforms Incorporating Internet of Things-Enabled Smart Devices , 2018, International neurourology journal.

[55]  Wenping Ma,et al.  MBPA: A Medibchain-Based Privacy-Preserving Mutual Authentication in TMIS for Mobile Medical Cloud Architecture , 2019, IEEE Access.

[56]  Nenghai Yu,et al.  Healthchain: A Blockchain-Based Privacy Preserving Scheme for Large-Scale Health Data , 2019, IEEE Internet of Things Journal.

[57]  Vishal Patel,et al.  A framework for secure and decentralized sharing of medical imaging data via blockchain consensus , 2019, Health Informatics J..

[58]  Benny Pinkas,et al.  SBFT: A Scalable and Decentralized Trust Infrastructure , 2018, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[59]  Eduardo Rocon,et al.  Smartwatch for the analysis of rest tremor in patients with Parkinson's disease , 2019, Journal of the Neurological Sciences.

[60]  Flavio D. Garcia,et al.  Plundervolt: Software-based Fault Injection Attacks against Intel SGX , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[61]  Anthony Skjellum,et al.  Scrybe: A Second-Generation Blockchain Technology with Lightweight Mining for Secure Provenance and Related Applications , 2020, Blockchain Cybersecurity, Trust and Privacy.