Abstract
The implementation of cloud computing to store and access electronic health records has shown substantial benefits for both clinical organizations and patients in managing electronic health records. The prime security issue of cloud-based electronic health records is that the patient is physically unable to own a medical record whereas a clinical organization can maintain one for them. The latter may collude with centralized cloud servers. So, there is a vulnerability of such records being tampered with in order to hide the medical malpractices. So, maintaining data integrity and data privacy becomes a significant challenge when deploying cloud computing. Therefore, in this paper, a consortium blockchain-based cloud-stored electronic health record is proposed which provides data integrity, data privacy, storage scalability, and fine-grained access control. Each process in outsourcing electronic health records to the cloud is incorporated as a transaction in a consortium ethereum blockchain through smart contracts. Through smart contracts, an attribute-based contract key is generated for the users that can decrypt the encrypted data stored in the cloud. The attribute-based contract key allows only users who are authorized to access the information ensuring data privacy and fine-grained access control. Moreover, the proposed scheme is proved to provide tamper-proof although the medical records are controlled by a group of clinical organizations.
Similar content being viewed by others
References
Bethencourt J, Sahai A, and Waters B (2007) Ciphertext-policy attribute-based encryption. Proceedings–IEEE Symposium on Security and Privacy, 321–334. https://doi.org/10.1109/SP.2007.11
Boneh D, and Franklin M (2001) Identity-based encryption from the Weil Pairing. 213–229.
Buterin BV (2009) A Next Generation Smart Contract & Decentralized Application Platform. January, 1–36.
Cachin C (2016) Architecture of the Hyperledger Blockchain Fabric ∗.
Cao S, Zhang G, Liu P, Zhang X, Neri F (2019) Cloud-assisted secure eHealth systems for tamper-proofing EHR via blockchain. Inf Sci 485:427–440. https://doi.org/10.1016/j.ins.2019.02.038
Chatterjee S, and Sarkar P (2011) Identity based encryption. Springer Science & Business Media
Chen L, Lee WK, Chang CC, Choo KKR, Zhang N (2019) Blockchain based searchable encryption for electronic health record sharing. Futur Gener Comput Syst 95:420–429. https://doi.org/10.1016/j.future.2019.01.018
Dagher GG, Mohler J, Milojkovic M, Marella PB (2018) Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain Cities Soc 39:283–297. https://doi.org/10.1016/j.scs.2018.02.014
Exceline CE, Norman J, Exceline CE, and Norman J (2019). EAI Endorsed Transactions Biometric based Multi-Authority Inner Product Encryption for Electronic Health Record. 5(20), 1–13.
Fan K, Wang S, Ren Y, Li H, Yang Y (2018) Systems-level quality improvement medblock: efficient and secure medical data sharing via blockchain. J Med Syst 42:1–11. https://doi.org/10.1007/s10916-018-0993-7
Guo F, Susilo W, Mu Y (2016) Distance-based encryption: how to embed fuzziness in biometric-based encryption. IEEE Trans Inf Forensics Secur 11(2):247–257. https://doi.org/10.1109/TIFS.2015.2489179
Guo R, Shi H, Zhao Q, Zheng D (2018) Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems. IEEE Access 6:11676–11686. https://doi.org/10.1109/ACCESS.2018.2801266
Hylock RH, Zeng X (2019) A blockchain framework for patient-centered health records and exchange (healthchain): evaluation and proof-of-concept study. J Med Internet Res 21(8):e13592. https://doi.org/10.2196/13592
Katz J, Sahai A, Waters B (2013) Predicate encryption supporting disjunctions, polynomial equations, and inner products. J Cryptol 26(2):191–224. https://doi.org/10.1007/s00145-012-9119-4
Kaur H, Alam MA, Jameel R, Mourya AK, Chang V (2018) A proposed solution and future direction for blockchain-based heterogeneous medicare data in cloud environment. J Med Sys. https://doi.org/10.1007/s10916-018-1007-5
Marco I, Karim L (2017) The Truth About Blockchain. Harvard University, Harvard Business Review
Nakamoto, S. (n.d.). Bitcoin : a Peer-to-Peer Electronic Cash System. 1–9.
Nguyen DC, Pathirana PN, Ding M, Seneviratne A (2019) Blockchain for secure EHRs sharing of mobile cloud based E-health systems. IEEE Access 7:66792–66806. https://doi.org/10.1109/ACCESS.2019.2917555
Szabo N (1996) Smart contracts: building blocks for digital markets. EXTROPY J Transhumanist Thought, 16. 18(2):28
Thwin TT, Vasupongayya S (2019) Blockchain-based access control model to preserve privacy for personal health record systems. Secur Commun Netw. https://doi.org/10.1155/2019/8315614
Wang S, Wang X, Zhang Y (2019a) A secure cloud storage framework with access control based on blockchain. IEEE Access 7:112713–112725. https://doi.org/10.1109/access.2019.2929205
Wang Y, Zhang A, Zhang P, Wang H (2019b) Cloud-assisted EHR sharing with security and privacy preservation via consortium blockchain. IEEE Access 7:136704–136719. https://doi.org/10.1109/access.2019.2943153
Wang H, and Song Y (2018) BAB 2 PITA ezahan. https://doi.org/10.1007/s10916-018-0994-6
Xia Q, Sifah EB, Asamoah KO, Gao J, Du X, Guizani M (2017a) MeDShare: trust-less medical data sharing among cloud service providers via blockchain. IEEE Access 5(July):14757–14767. https://doi.org/10.1109/ACCESS.2017.2730843
Xia Q, Sifah EB, Smahi A, Amofa S, Zhang X (2017b) BBDS: blockchain-based data sharing for electronic medical records in cloud environments. Inform. https://doi.org/10.3390/info8020044
Yang H, & Yang B (2017). A blockchain-based approach to the secure sharing of healthcare data. Norwgian information security conference. https://ojs.bibsys.no/index.php/NISK/article/view/462
Zhu L, Wu Y, Gai K, Choo KKR (2019a) Controllable and trustworthy blockchain-based cloud data management. Futur Gener Comput Syst 91:527–535. https://doi.org/10.1016/j.future.2018.09.019
Zhu X, Shi J, Lu C (2019b) Cloud health resource sharing based on consensus-oriented blockchain technology: Case study on a breast tumor diagnosis service. J Med Internet Res. https://doi.org/10.2196/13767
Zyskind G, Nathan O, Pentland AS (2015) Decentralizing privacy: using blockchain to protect personal data. Proceedings–2015 IEEE security and privacy workshops, SPW 2015, 180–184. https://doi.org/10.1109/SPW.2015.27
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
We, the authors of this manuscript have no conflicts of interest to disclose.
Human participants and/or animals
We, the authors ensure that no human or animal participation is involved in this research.
Informed consent
We haven’t used human participation or other personal information, informed consent is not required.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Exceline, C.E., Nagarajan, S. Flexible access control mechanism for cloud stored EHR using consortium blockchain. Int J Syst Assur Eng Manag 15, 503–518 (2024). https://doi.org/10.1007/s13198-022-01791-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-022-01791-2