A Blockchain-Based Scheme for Access Control in e-Health Scenarios

  • João Pedro DiasEmail author
  • Hugo Sereno Ferreira
  • Ângelo Martins
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 942)


Access control is a crucial part of a system’s security, restricting what actions users can perform on resources. Therefore, access control is a core component when dealing with e-Health data and resources, discriminating which is available for a certain party. We consider that current systems that attempt to assure the share of policies between facilities are mostly centralized, being prone to system’s and network’s faults and do not assure the integrity of policies lifecycle. Using a blockchain as store system for access policies we are able to ensure that the different entities have knowledge about the policies in place while maintaining a record of all permission requests, thus assuring integrity, auditability and authenticity.


e-Health Access control Blockchain Distributed Ledger Technology Security Distributed systems 



This work was supported by Project “NanoSTIMA: Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics/NORTE-01-0145-FEDER-000016” is financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF).


  1. 1.
    Bogaerts, J., Decat, M., Lagaisse, B., Joosen, W.: Entity-based access control: supporting more expressive access control policies. In: Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC 2015, pp. 291–300. ACM, New York (2015)Google Scholar
  2. 2.
    Boulos, M.N.K., Rocha, A., Martins, A., Vicente, M.E., Bolz, A., Feld, R., Tchoudovski, I., Braecklein, M., Nelson, J., Laighin, G.Ó., et al.: CAALYX: a new generation of location-based services in healthcare. Int. J. Health Geogr. 6(1), 9 (2007)CrossRefGoogle Scholar
  3. 3.
    Buterin, V.: On public and private blockchains, August 2015. Accessed 06 June 2017
  4. 4.
    Chepurnoy, A., Meshkov, D.: On space-scarce economy in blockchain systems. IACR Cryptology ePrint Archive 2017, 644 (2017)Google Scholar
  5. 5.
    Intel Corporation: Sawtooth lake latest documentation (2015). Accessed 06 Feb 2017
  6. 6.
    Deloitte: Bitcoin, blockchain & distributed ledgers: caught between promise and reality. Technical report, Centre for the Edge, Australia (2015)Google Scholar
  7. 7.
    Di Francesco Maesa, D., Mori, P., Ricci, L.: Blockchain based access control. In: Distributed Applications and Interoperable Systems: 17th IFIP WG 6.1 International Conference, pp. 206–220 (2017)Google Scholar
  8. 8.
    Buterin, V.: Ethereum: a next-generation smart contract and decentralized application platform (2014)Google Scholar
  9. 9.
    Godik, S., Moses, T.: OASIS extensible access control markup language (XACML). OASIS Committee Specification cs-xacml-specification-1.0 (2002)Google Scholar
  10. 10.
    Hu, V.C., Ferraiolo, D., Kuhn, D.R.: Assessment of access control systems. US Department of Commerce, National Institute of Standards and Technology (2006)Google Scholar
  11. 11.
    Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Special Publication 800(162) (2013)Google Scholar
  12. 12.
    IDC: The digital universe: driving data growth in healthcare. Report, EMC Corporation and International Data Corporation (2014)Google Scholar
  13. 13.
    Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Social-Informatics and Telecommunications Engineering. Lecture Notes of the Institute for Computer Sciences, pp. 89–106 (2010)Google Scholar
  14. 14.
    Lukowicz, P., Kirstein, T., Troster, G.: Wearable systems for health care applications. Methods Inf. Med.-Methodik der Inf. der Med. 43(3), 232–238 (2004)CrossRefGoogle Scholar
  15. 15.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system, p. 9 (2008)Google Scholar
  16. 16.
    Nijeweme-d’Hollosy, W.O., van Velsen, L., Huygens, M., Hermens, H.: Requirements for and barriers towards interoperable ehealth technology in primary care. IEEE Internet Comput. 19(4), 10–19 (2015)CrossRefGoogle Scholar
  17. 17.
    Patrick, K., Griswold, W.G., Raab, F., Intille, S.S.: Health and the mobile phone. Am. J. Prev. Med. 35(2), 177 (2008)CrossRefGoogle Scholar
  18. 18.
    Tan, L., Wang, N.: Future internet: the internet of things. In: 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), vol. 5, pp. V5-376–V5-380, August 2010Google Scholar
  19. 19.
    Tang, P.C., Ash, J.S., Bates, D.W., Overhage, J.M., Sands, D.Z.: Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J. Am. Med. Inform. Assoc. 13(2), 121–126 (2006)CrossRefGoogle Scholar
  20. 20.
    Underwood, S.: Blockchain beyond bitcoin. Commun. ACM 59(11), 15–17 (2016)CrossRefGoogle Scholar
  21. 21.
    Yue, X., Wang, H., Jin, D., Li, M., Jiang, W.: Healthcare data gateways: found healthcare intelligence on blockchain with novel privacy risk control. J. Med. Syst. 40(10), 218 (2016)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • João Pedro Dias
    • 1
    Email author
  • Hugo Sereno Ferreira
    • 1
  • Ângelo Martins
    • 1
  1. 1.Faculty of Engineering, INESC TEC and Department of Informatics EngineeringUniversity of PortoPortoPortugal

Personalised recommendations