Omolola Akinola,Akintunde Akinola,Bairat Oyekan,Omowunmi Oyerinde,Halimat Folashade Adebiyi,Busola Sulaimon

DOI: https://doi.org/10.38124/ijisrt/ijisrt24apr225

2024-04-16

Abstract:The current period of medicine using digital technology for patient care presents a new level of integration of monitoring devices with the cloud computing environment that enables the collection, storage and access to data in ways that were never possible earlier. As the obvious part of this development, it is worth noting that the objective of such innovation is mostly on the integrity of data, provenance and security. Data integrity from as well as security of the Internet connected healthcare devices should be assured in the first place to keep patient safety and protect data privacy along with improve data-based decision-making. The centralized system and crowded nature of the current equipment are susceptible to single point of failure, data breach and potential manipulations of data, which raise questions and create doubts with regards data management processes pertaining to medical device systems. This work is addressed to the analysis of a novel security system based on blockchain that guarantees the implementation of a high performance with the solution of two medical device integrity and provenance safety issues in the cloud ecosystem. Fundamentally differentiating from the centralized systems that exist today, blockchain technology that is based on distributed database architectures, immutable logs, and consensus mechanisms provides for a new way to bring reliability and traceability to the entire medical device data chain. The suggested procedure is based on properties of blockchain technology. Such a solution can help to provide a clear and secure audit trail for medical devices. Storing, securing and accessing the device data can be carried out credibly, maintaining these data’s integrity and provenance. Ultimately, the solution, rely on the implementation of smart contracts, cryptocurrency processes, and the confidentiality and privacy of data, can be the answer which make up the practice of secure data sharing, data accessing and complying with regulations. The journal creates a modular system combining Medical devices, a cloud platform, and Blockchain solution. The architecture is intended to display the blockchain network's essential components, data validation and access control, and secure data storage mechanisms. Furthermore, the recommended solution implies state-of- the-art security tools, such as data encryption, access control, and abidance by regulatory systems, including HIPAA and GDPR. Implementation of an actual scenario of the proof-of-concept and performance evaluation are done to show the efficiency and performance of the blockchain-based solution provided. The results suggest that the proposed solution can establish the data reliability level, record all the various versions of modifications, and strengthen the security and transparency of medical device data processing in cloud computing. Through the exploration of the applications of blockchain for medical data management that this study proposes, we are laying the foundations of a future healthcare environment, which is expected to be more secure and trustworthy, where the sensor data of medical devices can be reliably controlled and accessed without jeopardizing the patient's safety or data privacy. To a great extent, the suggested solution can contribute to building trust in the digital tools utilized in health care, leading to more well-informed clinical decisions and ultimately improving the patients' results.

Sotirios Brotsis,Nicholas Kolokotronis,Konstantinos Limniotis,Stavros Shiaeles,Dimitris Kavallieros,Emanuele Bellini,Clement Pavue

DOI: https://doi.org/10.48550/arXiv.1903.10770

2019-03-26

Abstract:The technological evolution brought by the Internet of things (IoT) comes with new forms of cyber-attacks exploiting the complexity and heterogeneity of IoT networks, as well as, the existence of many vulnerabilities in IoT devices. The detection of compromised devices, as well as the collection and preservation of evidence regarding alleged malicious behavior in IoT networks emerge as a areas of high priority. This paper presents a blockchain-based solution, which is designed for the smart home domain, dealing with the collection and preservation of digital forensic evidence. The system utilizes a private forensic evidence database, where the captured evidence is stored, along with a permissioned blockchain that allows providing security services like integrity, authentication, and non-repudiation, so that the evidence can be used in a court of law. The blockchain stores evidences' metadata, which are critical for providing the aforementioned services, and interacts via smart contracts with the different entities involved in an investigation process, including Internet service providers, law enforcement agencies and prosecutors. A high-level architecture of the blockchain-based solution is presented that allows tackling the unique challenges posed by the need for digitally handling forensic evidence collected from IoT networks.

Cryptography and Security

Randhir Kumar,Rakesh Tripathi

DOI: https://doi.org/10.1007/s11227-020-03570-x

IF: 3.3

2021-01-12

The Journal of Supercomputing

Abstract:The Internet of Medical Things (IoMT) is the next frontier in the digital revolution and it leverages IoT in the healthcare domain. The underlying technology has changed the current healthcare system by collecting real-time data of patients and providing a patient motioning system. But IoMT also presents a big challenge for data storage management, security, and privacy due to cloud-based storage. Today, this large volume of IoMT generated medical data is stored in the centralized storage system. However, centralization of patient sensitive information leads to a single point of failure, privacy, and security concern. To address these issues, we propose a smart contracts enabled consortium blockchain network. We integrated interplanetary file systems (IPFS) cluster node where smart contracts are deployed at the initial stage for authentication of patient's and medical devices, the same cluster layer is also proposed as a distributed data storage layer for device-generated data after authentication and these data are securely transmitted over the consortium blockchain. The IPFS cluster node ensures the security and authentication of the devices and it also provides secure storage management in IoMT enabled healthcare system. The consortium network enables the privacy of data owing to hash-based storage in a block of IoMT enabled healthcare network.

Asad Abbas,Roobaea Alroobaea,Moez Krichen,Saeed Rubaiee,S. Vimal,Fahad M. Almansour

DOI: https://doi.org/10.1007/s00779-021-01583-8

2021-06-19

Personal and Ubiquitous Computing

Abstract:The Internet of Medical Things (IoMT) is a kind of associated smart-medical device infrastructure with applications, health services, and systems. These medical devices and applications are linked via the Internet to healthcare systems. The privacy and security for patient data, scalability, and data accessibility are the most complex IoT challenges (particularly in IoMT) and need to be considered. Blockchain can disrupt the current modes of patient data access, exchange, accumulation, control, and contribution. Hence, in this study, blockchain-assisted secure data management framework (BSDMF) has been suggested for health information based on the Internet of Medical Things to securely exchange patient data and enhance scalability and data accessibility healthcare environment. The proposed BSDMF provides secure data management between personal servers and implantable medical devices and between cloud servers and personal servers. The IoMT-based security framework utilizes blockchain to guarantee data transmission security and data management between linked nodes. The experimental results show that the suggested BSDMF method achieves a high accuracy ratio of 97.2%, a precision ratio of 97.9%, an average trust value of 98.3%, and less response time of 11.2%, and a latency ratio of 15.6% when compared to other popular methods.

computer science, information systems,telecommunications

Shancang Li,Tao Qin,Geyong Min

DOI: https://doi.org/10.1109/tcss.2019.2927431

2019-01-01

IEEE Transactions on Computational Social Systems

Abstract:The decentralized nature of blockchain technologies can well match the needs of integrity and provenances of evidences collecting in digital forensics (DF) across jurisdictional borders. In this paper, a novel blockchain-based DF investigation framework in the Internet of Things (IoT) and social systems environment is proposed, which can provide proof of existence and privacy preservation for evidence items examination. To implement such features, we present a block-enabled forensics framework for IoT, namely, IoT forensic chain (IoTFC), which can offer forensic investigation with good authenticity, immutability, traceability, resilience, and distributed trust between evidential entitles as well as examiners. The IoTFC can deliver a guarantee of traceability and track provenance of evidence items. Details of evidence identification, preservation, analysis, and presentation will be recorded in chains of block. The IoTFC can increase trust of both evidence items and examiners by providing transparency of the audit train. The use case demonstrated the effectiveness of the proposed method.

Ashutosh Dhar Dwivedi,Gautam Srivastava,Shalini Dhar,Rajani Singh

DOI: https://doi.org/10.3390/s19020326

2019-01-15

Abstract:Medical care has become one of the most indispensable parts of human lives, leading to a dramatic increase in medical big data. To streamline the diagnosis and treatment process, healthcare professionals are now adopting Internet of Things (IoT)-based wearable technology. Recent years have witnessed billions of sensors, devices, and vehicles being connected through the Internet. One such technology-remote patient monitoring-is common nowadays for the treatment and care of patients. However, these technologies also pose grave privacy risks and security concerns about the data transfer and the logging of data transactions. These security and privacy problems of medical data could result from a delay in treatment progress, even endangering the patient's life. We propose the use of a blockchain to provide secure management and analysis of healthcare big data. However, blockchains are computationally expensive, demand high bandwidth and extra computational power, and are therefore not completely suitable for most resource-constrained IoT devices meant for smart cities. In this work, we try to resolve the above-mentioned issues of using blockchain with IoT devices. We propose a novel framework of modified blockchain models suitable for IoT devices that rely on their distributed nature and other additional privacy and security properties of the network. These additional privacy and security properties in our model are based on advanced cryptographic primitives. The solutions given here make IoT application data and transactions more secure and anonymous over a blockchain-based network.

Xueping Liang,Nabid Alam,Tahmina Sultana,Eranga Bandara,Sachin Shetty

DOI: https://doi.org/10.2196/46556

2024-09-25

Abstract:Background: Telehealth played a critical role during the COVID-19 pandemic and continues to function as an essential component of health care. Existing platforms cannot ensure privacy and prevent cyberattacks. Objective: The main objectives of this study are to understand existing cybersecurity issues in identity management and trustworthy communication processes in telehealth platforms and to design a software architecture integrated with blockchain to improve security and trustworthiness with acceptable performance. Methods: We improved personal information security in existing telehealth platforms by adopting an innovative interdisciplinary approach combining design science, social science, and computer science in the health care domain, with prototype implementation. We used the design science research methodology to implement our overall design. We innovated over existing telehealth platforms with blockchain integration that improves health care delivery services in terms of security, privacy, and efficiency. We adopted a user-centric design approach and started with user requirement collection, followed by system functionality development. Overall system implementation facilitates user requirements, thus promoting user behavior for the adoption of the telehealth platform with decentralized identity management and an access control mechanism. Results: Our investigation identified key challenges to identity management and trustworthy communication processes in telehealth platforms used in the current health care domain. By adopting distributed ledger technology, we proposed a decentralized telehealth platform to support identity management and a trustworthy communication process. Our design and prototype implementation using a smart contract-driven telehealth platform to provide decentralized identity management and trustworthy communication with token-based access control addressed several security challenges. This was substantiated by testing with 10,000 simulated transactions across 5 peers in the Rahasak blockchain network. The proposed design provides resistance to common attacks while maintaining a linear time overhead, demonstrating improved security and efficiency in telehealth services. We evaluated the performance in terms of transaction throughput, smart contract execution time, and block generation time. To create a block with 10,000 transactions, it takes 8 seconds on average, which is an acceptable overhead for blockchain-based applications. Conclusions: We identified technical limitations in current telehealth platforms. We presented several design innovations using blockchain to prototype a system. We also presented the implementation details of a unique distributed architecture for a trustworthy communication system. We illustrated how this design can overcome privacy, security, and scalability limitations. Moreover, we illustrated how improving these factors sets the stage for improving and standardizing the application and for the wide adoption of blockchain-enabled telehealth platforms.

Wei Liu,Feng Zhao,Lewis Nkenyereye,Shalli Rani,Keqin Li,Jianhui Lv

DOI: https://doi.org/10.1109/JBHI.2024.3408215

2024-06-03

Abstract:The Internet of Medical Things (IoMT) has transformed traditional healthcare systems by enabling real-time monitoring, remote diagnostics, and data-driven treatment. However, security and privacy remain significant concerns for IoMT adoption due to the sensitive nature of medical data. Therefore, we propose an integrated framework leveraging blockchain and explainable artificial intelligence (XAI) to enable secure, intelligent, and transparent management of IoMT data. First, the traceability and tamper-proof of blockchain are used to realize the secure transaction of IoMT data, transforming the secure transaction of IoMT data into a two-stage Stackelberg game. The dual-chain architecture is used to ensure the security and privacy protection of the transaction. The main-chain manages regular IoMT data transactions, while the side-chain deals with data trading activities aimed at resale. Simultaneously, the perceptual hash technology is used to realize data rights confirmation, which maximally protects the rights and interests of each participant in the transaction. Subsequently, medical time-series data is modeled using bidirectional simple recurrent units to detect anomalies and cyberthreats accurately while overcoming vanishing gradients. Lastly, an adversarial sample generation method based on local interpretable model-agnostic explanations is provided to evaluate, secure, and improve the anomaly detection model, as well as to make it more explainable and resilient to possible adversarial attacks. Simulation results are provided to illustrate the high performance of the integrated secure data management framework leveraging blockchain and XAI, compared with the benchmarks.

Haibo Tian,Jiejie He,Yong Ding

DOI: https://doi.org/10.1007/s10916-018-1144-x

2019-01-03

Abstract:Medical data are important in diagnosis, treatment, recovery, and medical accident investigation. The integrity and availability of medical data are the basic guarantee for the smooth operation of these activities. The privacy of medical data is a natural demand from the sensitivity of medical data. At present, there are mainly two ways to protect the privacy of medical data. One way is to store medical data in a local database and set up an access control strategy of the database. The other way is to encrypt medical data with the patient's key and to share the key when needed. The problem with the first method is that the data in the local database may be modified or deleted. The problem with the second method is that the key cannot be shared when the patient dies during the diagnosis and treatment. These two problems will damage the availability of data. This paper proposes to establish a shared key that could be reconstructed by the legitimate parties before the process of diagnosis and treatment begins. The data in the diagnosis and treatment process is encrypted and stored in a blockchain using the shared key. The proposal meets the integrity, availability and privacy requirements of medical data. It uses the sibling intractable function families (SIFF) to establish a shared key, and uses the Hyperledger Fabric to store encrypted data. The simulation shows that the system has good efficiency. Additionally, it is the first time to introduce SIFF to a blockchain application.

Yingwen Chen,Linghang Meng,Huan Zhou,Guangtao Xue

DOI: https://doi.org/10.1155/2021/6685762

2021-06-29

Wireless Communications and Mobile Computing

Abstract:The rapid development of wearable sensors and the 5G network empowers traditional medical treatment with the ability to collect patients’ information remotely for monitoring and diagnosing purposes. Meanwhile, the health-related mobile apps and devices also generate a large amount of medical data, which is critical for promoting disease research and diagnosis. However, medical data is too sensitive to share, which is also a common issue for IoT (Internet of Things) data. The traditional centralized cloud-based medical data sharing schemes have to rely on a single trusted third party. Therefore, the schemes suffer from single-point failure and lack of privacy protection and access control for the data. Blockchain is an emerging technique to provide an approach for managing data in a decentralized manner. Especially, the blockchain-based smart contract technique enables the programmability for participants to access the data. All the interactions are authenticated and recorded by the other participants of the blockchain network, which is tamper resistant. In this paper, we leverage the K-anonymity and searchable encryption techniques and propose a blockchain-based privacy-preserving scheme for medical data sharing among medical institutions and data users. To be specific, the consortium blockchain, Hyperledger Fabric, is adopted to allow data users to search for encrypted medical data records. The smart contract, i.e., the chaincode, implements the attribute-based access control mechanisms to guarantee that the data can only be accessed by the user with proper attributes. The K-anonymity and searchable encryption ensure that the medical data is shared without privacy leaking, i.e., figuring out an individual patient from queries. We implement a prototype system using the chaincode of Hyperledger Fabric. From the functional perspective, security analysis shows that the proposed scheme satisfies security goals and precedes others. From the performance perspective, we conduct experiments by simulating different numbers of medical institutions. The experimental results demonstrate that the scalability and performance of our scheme are practical.

computer science, information systems,telecommunications,engineering, electrical & electronic

Luis B Elvas,Carlos Serrão,Joao C Ferreira

DOI: https://doi.org/10.3390/healthcare11020170

2023-01-05

Abstract:Data sharing in the health sector represents a big problem due to privacy and security issues. Health data have tremendous value for organisations and criminals. The European Commission has classified health data as a unique resource owing to their ability to enable both retrospective and prospective research at a low cost. Similarly, the Organisation for Economic Co-operation and Development (OECD) encourages member nations to create and implement health data governance systems that protect individual privacy while allowing data sharing. This paper proposes adopting a blockchain framework to enable the transparent sharing of medical information among health entities in a secure environment. We develop a laboratory-based prototype using a design science research methodology (DSRM). This approach has its roots in the sciences of engineering and artificial intelligence, and its primary goal is to create relevant artefacts that add value to the fields in which they are used. We adopt a patient-centric approach, according to which a patient is the owner of their data and may allow hospitals and health professionals access to their data.

Aitizaz Ali,Bander Ali Saleh Al-rimy,Faisal S. Alsubaei,Abdulwahab Ali Almazroi,Abdulaleem Ali Almazroi

DOI: https://doi.org/10.3390/s23156762

IF: 3.9

2023-07-29

Sensors

Abstract:The swift advancement of the Internet of Things (IoT), coupled with the growing application of healthcare software in this area, has given rise to significant worries about the protection and confidentiality of critical health data. To address these challenges, blockchain technology has emerged as a promising solution, providing decentralized and immutable data storage and transparent transaction records. However, traditional blockchain systems still face limitations in terms of preserving data privacy. This paper proposes a novel approach to enhancing privacy preservation in IoT-based healthcare applications using homomorphic encryption techniques combined with blockchain technology. Homomorphic encryption facilitates the performance of calculations on encrypted data without requiring decryption, thus safeguarding the data's privacy throughout the computational process. The encrypted data can be processed and analyzed by authorized parties without revealing the actual contents, thereby protecting patient privacy. Furthermore, our approach incorporates smart contracts within the blockchain network to enforce access control and to define data-sharing policies. These smart contracts provide fine-grained permission settings, which ensure that only authorized entities can access and utilize the encrypted data. These settings protect the data from being viewed by unauthorized parties. In addition, our system generates an audit record of all data transactions, which improves both accountability and transparency. We have provided a comparative evaluation with the standard models, taking into account factors such as communication expense, transaction volume, and security. The findings of our experiments suggest that our strategy protects the confidentiality of the data while at the same time enabling effective data processing and analysis. In conclusion, the combination of homomorphic encryption and blockchain technology presents a solution that is both resilient and protective of users' privacy for healthcare applications integrated with IoT. This strategy offers a safe and open setting for the management and exchange of sensitive patient medical data, while simultaneously preserving the confidentiality of the patients involved.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Liangxiao Ma,Yongxiang Liao,Haiwei Fan,Xianfeng Zheng,Jintao Zhao,Ziyi Xiao,Guangyong Zheng,Yun Xiong

DOI: https://doi.org/10.3389/fgene.2022.877870

IF: 3.7

2022-01-01

Frontiers in Genetics

Abstract:Currently, most of the personal health data (PHD) are managed and stored separately by individual medical institutions. When these data need to be shared, they must be transferred to a trusted management center and approved by data owners through the third-party endorsement technology. Therefore, it is difficult for personal health data to be shared and circulated over multiple medical institutions. On the other hand, the use of directly exchanging and sharing the original data has become inconsistent with the data rapid growth of medical institutions because of the need of massive data transferring across agencies. In order to secure sharing and managing the mass personal health data generated by various medical institutions, a federal personal health data management framework (PHDMF, ) has been developed, which had the following advantages: 1) the blockchain technology was used to establish a data consortium over multiple medical institutions, which could provide a flexible and scalable technical solution for member extension and solve the problem of third-party endorsement during data sharing; 2) using data distributed storage technology, personal health data could be majorly stored in their original medical institutions, and the massive data transferring process was of no further use, which could match up with the data rapid growth of these institutions; 3) the distributed ledger technology was utilized to record the hash value of data, given the anti-tampering feature of the technology, malicious modification of data could be identified by comparing the hash value; 4) the smart contract technology was introduced to manage users' access and operation of data, which made the data transaction process traceable and solved the problem of data provenance; and 5) a trusted computing environment was provided for meta-analysis with statistic information instead of original data, the trusted computing environment could be further applied to more health data, such as genome sequencing data, protein expression data, and metabolic profile data through combining the federated learning and blockchain technology. In summary, the framework provides a convenient, secure, and trusted environment for health data supervision and circulation, which facilitate the consortium establish over medical institutions and help achieve the value of data sharing and mining.

Yazeed Yasin Ghadi,Tehseen Mazhar,Tariq Shahzad,Muhammad Amir Khan,Alaa Abd-Alrazaq,Arfan Ahmed,Habib Hamam

DOI: https://doi.org/10.1038/s41598-024-68529-x

2024-08-08

Abstract:This study explores integrating blockchain technology into the Internet of Medical Things (IoMT) to address security and privacy challenges. Blockchain's transparency, confidentiality, and decentralization offer significant potential benefits in the healthcare domain. The research examines various blockchain components, layers, and protocols, highlighting their role in IoMT. It also explores IoMT applications, security challenges, and methods for integrating blockchain to enhance security. Blockchain integration can be vital in securing and managing this data while preserving patient privacy. It also opens up new possibilities in healthcare, medical research, and data management. The results provide a practical approach to handling a large amount of data from IoMT devices. This strategy makes effective use of data resource fragmentation and encryption techniques. It is essential to have well-defined standards and norms, especially in the healthcare sector, where upholding safety and protecting the confidentiality of information are critical. These results illustrate that it is essential to follow standards like HIPAA, and blockchain technology can help ensure these criteria are met. Furthermore, the study explores the potential benefits of blockchain technology for enhancing inter-system communication in the healthcare industry while maintaining patient privacy protection. The results highlight the effectiveness of blockchain's consistency and cryptographic techniques in combining identity management and healthcare data protection, protecting patient privacy and data integrity. Blockchain is an unchangeable distributed ledger system. In short, the paper provides important insights into how blockchain technology may transform the healthcare industry by effectively addressing significant challenges and generating legal, safe, and interoperable solutions. Researchers, doctors, and graduate students are the audience for our paper.

Jameel Almalki,Saeed M. Alshahrani,Nayyar Ahmed Khan

DOI: https://doi.org/10.7717/peerj-cs.1778

2024-01-10

PeerJ Computer Science

Abstract:Recently, the use of the Internet of Medical Things (IoMT) has gained popularity across various sections of the health sector. The historical security risks of IoMT devices themselves and the data flowing from them are major concerns. Deploying many devices, sensors, services, and networks that connect the IoMT systems is gaining popularity. This study focuses on identifying the use of blockchain in innovative healthcare units empowered by federated learning. A collective use of blockchain with intrusion detection management (IDM) is beneficial to detect and prevent malicious activity across the storage nodes. Data accumulated at a centralized storage node is analyzed with the help of machine learning algorithms to diagnose disease and allow appropriate medication to be prescribed by a medical healthcare professional. The model proposed in this study focuses on the effective use of such models for healthcare monitoring. The amalgamation of federated learning and the proposed model makes it possible to reach 93.89 percent accuracy for disease analysis and addiction. Further, intrusion detection ensures a success rate of 97.13 percent in this study.

computer science, information systems, artificial intelligence, theory & methods

Geetanjali Rathee,Ashutosh Sharma,Hemraj Saini,Rajiv Kumar,Razi Iqbal

DOI: https://doi.org/10.1007/s11042-019-07835-3

IF: 2.577

2019-06-03

Multimedia Tools and Applications

Abstract:Through the propagation of technology in recent years, people communicate in a range of ways via multimedia. The use of multimedia technique in healthcare system also makes it possible to store, process and transfer the patient's data presented in variety of forms such as images, text and audio through online using various smart objects. Healthcare organizations around the world are transforming themselves into more efficient, coordinated and user-centered systems through various multimedia techniques. However, the management of huge amount data such as reports and images of every person leads to increase the human efforts and security risks. In order to overcome these issues, IoT in healthcare enhances the quality of patients care and reduce the cost by allocating the medical resources in an efficient way. However, a number of threats can occur in IoT devices initiated by various intruders. Sometimes, in order to make their personal profit, even though the medical shop or pathology labs are not of good reputation, the doctors forced the patients to do the lab tests, or buy the medicines from those organizations only. Therefore, security should be at the staple of outlook in IoT elucidations. In order to prevent these issues, Blockchain technology has been encountered as the best technique that provides the secrecy and protection of control system in real time conditions. In this manuscript, we will provide a security framework of healthcare multimedia data through blockchain technique by generating the hash of each data so that any change or alteration in data or breaching of medicines may be reflected in entire blockchain network users. The results have been analyzed against conventional approach and validated with improved simulated results that offer 86% success rate over product drop ratio, falsification attack, worm hole attack and probabilistic authentication scenarios because of Blockchain technique.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Jiatao Li,Dezhi Han,Zhongdai Wu,Junxiang Wang,Kuan-Ching Li,Arcangelo Castiglione

DOI: https://doi.org/10.1016/j.future.2022.12.037

IF: 7.307

2023-01-02

Future Generation Computer Systems

Abstract:With the increasing sales of the medical device market, the medical incidents caused by passive medical devices are increasing, which needs to be solved from the medical device supply chain. In addition, there are complex rights retrieval and assignment problems in the medical device supply chain system, and the traditional Role-based Access Control (RBAC) model is no longer suitable for the actual application environment of the supply chain. This article combines the traditional RBAC model and the Attribute-based Access Control (ABAC) model for access control management in the medical device supply chain to overcome the limitations abovementioned, taking advantage of the ABAC model's flexibility to achieve granular and dynamic management of permissions, as also the RBAC model to simplify the permissions management of the entire system. Blockchain technology's traceability, non-tampering, and decentralization features are essential to eliminate passive and inferior medical equipment sales activities, solving the problem of mutual mistrust and 'Information Silo' between the two sides of medical device transactions. The access control model is implemented in the blockchain's smart contract, providing granular and dynamic authority management for the medical equipment supply chain and guaranteeing the security and privacy of medical device information in the supply chain. Three smart contracts on Hyperledger Fabric are designed for device management information, storage of implemented access control models, and implementation of access control policies. Experimental results show that the entire system is stable, ensuring high throughput and high security and promising.

May Alhajri,Carsten Rudolph,Ahmad Salehi Shahraki

DOI: https://doi.org/10.1109/ACCESS.2022.3154106

2022-03-03

Abstract:Wearable fitness devices are widely used to track an individual's health and physical activities to improve the quality of health services. These devices sense a considerable amount of sensitive data processed by a centralized third party. While many researchers have thoroughly evaluated privacy issues surrounding wearable fitness trackers, no study has addressed privacy issues in trackers by giving control of the data to the user. Blockchain is an emerging technology with outstanding advantages in resolving consent management privacy concerns. As there are no fully transparent, legally compliant solutions for sharing personal fitness data, this study introduces an architecture for a human-centric, legally compliant, decentralized and dynamic consent system based on blockchain and smart contracts. Algorithms and sequence diagrams of the proposed system's activities show consent-related data flow among various agents, which are used later to prove the system's trustworthiness by formalizing the security requirements. The security properties of the proposed system were evaluated using the formal security modeling framework SeMF, which demonstrates the feasibility of the solution at an abstract level based on formal language theory. As a result, we have empirically proven that blockchain technology is suitable for mitigating the privacy issues of fitness providers by recording individuals' consent using blockchain and smart contracts.

Cryptography and Security,Computers and Society,Distributed, Parallel, and Cluster Computing,Logic in Computer Science,Systems and Control

Arijit Sengupta,Hemang Subramanian

DOI: https://doi.org/10.2196/32104

2022-01-20

Abstract:Background: Integrating pervasive computing with blockchain's ability to store privacy-protected mobile health (mHealth) data while providing Health Insurance Portability and Accountability Act (HIPAA) compliance is a challenge. Patients use a multitude of devices, apps, and services to collect and store mHealth data. We present the design of an internet of things (IoT)-based configurable blockchain with different mHealth apps on iOS and Android, which collect the same user's data. We discuss the advantages of using such a blockchain architecture and demonstrate 2 things: the ease with which users can retain full control of their pervasive mHealth data and the ease with which HIPAA compliance can be accomplished by providers who choose to access user data. Objective: The purpose of this paper is to design, evaluate, and test IoT-based mHealth data using wearable devices and an efficient, configurable blockchain, which has been designed and implemented from the first principles to store such data. The purpose of this paper is also to demonstrate the privacy-preserving and HIPAA-compliant nature of pervasive computing-based personalized health care systems that provide users with total control of their own data. Methods: This paper followed the methodical design science approach adapted in information systems, wherein we evaluated prior designs, proposed enhancements with a blockchain design pattern published by the same authors, and used the design to support IoT transactions. We prototyped both the blockchain and IoT-based mHealth apps in different devices and tested all use cases that formed the design goals for such a system. Specifically, we validated the design goals for our system using the HIPAA checklist for businesses and proved the compliance of our architecture for mHealth data on pervasive computing devices. Results: Blockchain-based personalized health care systems provide several advantages over traditional systems. They provide and support extreme privacy protection, provide the ability to share personalized data and delete data upon request, and support the ability to analyze such data. Conclusions: We conclude that blockchains, specifically the consensus, hasher, storer, miner architecture presented in this paper, with configurable modules and software as a service model, provide many advantages for patients using pervasive devices that store mHealth data on the blockchain. Among them is the ability to store, retrieve, and modify ones generated health care data with a single private key across devices. These data are transparent, stored perennially, and provide patients with privacy and pseudoanonymity, in addition to very strong encryption for data access. Firms and device manufacturers would benefit from such an approach wherein they relinquish user data control while giving users the ability to select and offer their own mHealth data on data marketplaces. We show that such an architecture complies with the stringent requirements of HIPAA for patient data access.