یک طرح جدید و امن برای اشتراک گذاری داده های پزشکی مبتنی‌بر فناوری زنجیره‌بلوکی و رمزنگاری مبتنی بر ویژگی

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشگاه جامع امام حسین (ع)

2 دانشکده کامپیوتر، دانشگاه شاهد، ایران

3 دانشکده کامپیوتر، دانشگاه قم

چکیده

با توسعه فناوری اطلاعات الکترونیک، استفاده از پرونده سلامت الکترونیک (EMR) یک رویکرد رایج برای ثبت اطلاعات پزشکی بیماران محسوب می­شود. این اطلاعات در پایگاه­های اطلاعاتی بیمارستان­ها و نهاد­های پزشکی مختلف به­صورت مجزا ثبت و ذخیره می­شود و بیماران هیچ­گونه کنترلی نسبت به اطلاعات پزشکی خود ندارند، با توجه به این‌که اطلاعات پزشکی از دارایی­های مهم افراد و نظام سلامت محسوب می­شود، بنابراین، نگرانی­هایی جدی در خصوص امنیت و حفظ حریم خصوصی داده­های پزشکی و چگونگی دسترسی به این اطلاعات وجود دارد. یکی از چالش­های مهم حوزه سلامت الکترونیک نحوه ذخیره­سازی و دسترسی کنترل­شده به اطلاعات پزشکی می­باشد. ما در این مقاله یک طرح جدید، امن و کارآمد به نام SBA-PHR مبتنی­بر فناوری زنجیره‌بلوکی و رمزنگاری مبتنی­بر ویژگی را برای ثبت و ذخیره­سازی داده‌های پزشکی ارائه کرده­ایم به گونه­ای که در این طرح حریم خصوصی کاربران حفظ شده و اجازه کنترل دسترسی دقیق و دانه­ای به اطلاعات پزشکی بیماران در آن وجود دارد. در طرح SBA-PHR با استفاده از زنجیره‌بلوک­های خصوصی توانسته­ایم حق ابطال دسترسی آنی که از چالش­های رمزنگاری مبتنی­بر ویژگی است را بهبود بخشیم. ما امنیت طرح پیشنهادی خود را در مدل فرمال و درستی عملکرد آن را مبتنی­بر منطق BAN به اثبات می­رسانیم و نشان می­دهیم که طرح پیشنهادی ما محرمانگی داده­های کاربر، گمنامی بیماران و حریم خصوصی آن­ها را به خوبی برآورده می­کند، همچنین پیچیدگی محاسباتی و ذخیره­سازی طرح پیشنهادی ما بیانگر کارا بودن طرح        SBA-PHR و مقیاس­پذیر بدون آن می­باشد.

کلیدواژه‌ها


عنوان مقاله [English]

A Novel and Secure Model for Sharing Protected Health Record (PHR) Based on Blockchain and Attribute Based Encryption

نویسندگان [English]

  • S. M. Pournaghi 1
  • M. Bayat 2
  • Y. Farjami 3
1 IMAM HOSSEIN UNIVERSITY
2 Department of Computer Engineering, shahed university, iran
3 Department of Computer Engineering, University of Qom, Qom, Iran,
چکیده [English]

With the development of electronic information technology, electronic medical records (EMRs) are considered a common way to store the patients’ data in hospitals. This information is recorded and stored in the databases of various hospitals and medical institutions, so patients do not have any control over their medical information. Due to the fact that medical information is one of the important assets of the people and the health system, there are serious concerns about the security and privacy of medical data and how to access this information. One of the most important challenges in e-Health is the storage and access control of medical data. In this paper, we propose a novel, secure and efficient model named SBA-PHR which is based on blocking technology and attribute-based encryption to share and store medical data in such a way as to maintain the user's privacy and fine grain access control. In SBA-PHR we have improved the revocation phase in ABE by using private blockchain. We prove the security of our proposed scheme in the formal model and its proper functioning based on BAN logic and establish its user data confidentiality, patient anonymity and privacy. Moreover, the computational and storage complexity of our proposed scheme demonstrates its efficiency and scalability.

کلیدواژه‌ها [English]

  • Electronic health
  • Blockchain
  • Attribute based encryption
  • security
  • BAN logic
[1] Wu, Hsin-Te, and Chun-Wei Tsai. “Toward Blockchains for Health-Care Systems: Applying the Bilinear Pairing Technology to Ensure Privacy Protection and Accuracy in Data Sharing,” IEEE Consumer Electronics Magazine vol. 7.4, pp. 65-71, 2018.##
[2] L. Cartwright-Smith, E. Gray, and J. H. Thorpe, “Health information ownership: legal theories and policy implications,” Vand. J. Ent. & Tech. L., vol. 19, p. 207, 2016.##
[3] Kshetri, Nir. “Blockchain's roles in strengthening cybersecurity and protecting privacy,” Telecommunications Policy 41.10, pp. 1027-1038, 2017.##
[4] Azaria, Asaph, et al., “Medrec: Using blockchain for medical data access and permission management,” Open and Big Data (OBD), International Conference on. IEEE, pp. 25-30, 2016.##
[5] Dagher, Gaby G., et al., “Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology,” Sustainable Cities and Society, vol. 39, pp. 283-297, 2018.##
[6] Yue, Xiao, et al., “Healthcare data gateways: found healthcare intelligence on blockchain with novel privacy risk control,” Journal of medical systems, vol. 40.10, pp. 218, 2016.##
[7] Banerjee, Mandrita, Junghee Lee, and Kim-Kwang Raymond Choo, “A blockchain future for internet of things security: a position paper,” Digital Communications and Networks, vol. 4.3, pp. 149-160, 2018.##
[8] K. Harleen, et al., “A Proposed Solution and Future Direction for Blockchain-Based Heterogeneous Medicare Data in Cloud Environment,” Journal of medical systems, vol. 42.8, pp. 156, 2018.##
[9] X. Yue, H. Wang, D. Jin, et al., “Healthcare data gateways: Found healthcare intelligence on blockchain with novel privacy risk control,” Journal of Medical Systems, vol. 40(10), p. 218, 2016.##
[10] Q. Xia, E. B. Sifah, K. O. Asamoah, J. Gao, X. Du, and M. Guizani, “MeDShare: Trust-less medical data sharing among cloud service providers via blockchain,” IEEE Access, vol. 5, pp. 757–767, July 2017.##
[11] P. Kevin, et al., “A blockchain-based approach to health information exchange networks,” Proc. NIST Workshop Blockchain Healthcare, vol. 1, 2016.##
[12] D. Alevtina, et al., “Secure and trustable electronic medical records sharing using blockchain,” AMIA Annual Symposium Proceedings, vol. 2017, American Medical Informatics Association, 2017.##
[13] Karafiloski and A. Mishev, “Blockchain solutions for big data challenges: A literature review,” In Proc. Int. Conf. Smart Technologies, pp. 763–768, 2017.##
[14] A. Shamir, “Identity-based cryptosystems and signature protocols,” Proceedings of CRYPTO1984, vol. 196, LNCS, California, USA, 1984, pp. 47–53, 1984.##
[15] D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” Proceedings of CRYPTO’01, LNCS, vol. 2139, California, USA, pp. 213–229, 2001##.
[16] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” In EUROCRYPT2005, vol. 3494, Cramer R (ed.), LNCS. Springer: Heidelberg, pp. 457–473, 2005.##
[17] G. Vipul, et al., “Attribute-based encryption for fine-grained access control of encrypted data,” Proceedings of the 13th ACM conference on Computer and communications security, Acm, 2006.##
[18] Nakamoto, Satoshi, “Bitcoin: A peer-to-peer electronic cash system,” Consulted, vol. 1, 2012, 2008.##
[19] A. Kosba, et al., “Hawk: The blockchain model of cryptography and privacy-preserving smart contracts,” IEEE symposium on security and privacy (SP). IEEE, 2016.##
[20] C. Cachin, “Architecture of the hyperledger blockchain fabric,” In Workshop on Distributed Cryptocurrencies and Consensus Ledgers, 2016.##
[21] D. Schwartz, N. Youngs, and A. Britto, “The ripple protocol consensus algorithm,” Ripple Labs Inc White Paper, vol. 5, 2014.##
[22] H. Sukhwani, J. M. Mart´ınez, X. Chang, et al., “Performance modeling of PBFT consensus process for permissioned blockchain network (hyper- ledger fabric),” In: Reliable Distributed Systems, pp.        253-255, 2017.##
[23] C. Miguel and B. Liskov, “Practical Byzantine fault tolerance,” OSDI., vol. 99, 1999.##
[24] L. Lamport, R. Shostak, and M. Pease, “The byzantine generals prob- lem,” ACM Transactions on Programming Languages and Systems (TOPLAS), vol. 4, no. 3, pp. 382–401, 1982.##
[25] N. Szabo, “Smart contracts: Building blocks for     dig- ital markets,” EXTROPY: The Journal of Transhumanist Thought, vol. 16, 1996.##
[26] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” Security and Privacy, SP'07. IEEE Symposium on. IEEE, 2007.##
[27] Fujisaki, Eiichiro, and Tatsuaki Okamoto, “Secure integration of asymmetric and symmetric encryption schemes,” Annual International Cryptology Conference, Springer, Berlin, Heidelberg, 1999.##
[28] M. Burrows, M. Abadi, and R. M. Needham, “A logic of authentication,” Proc. R. Soc. Lond. A 426.1871, pp. 233-271, 1989.##
[29] N. Aitzhan and D. Svetinovic, “Security and privacy in decentralized en- ergy trading through             multi-signatures, blockchain and anonymous messag- ing streams,” IEEE Transactions on Dependable and Secure Computing, PP(99):1, 2016.##
[30] S. H. Hosseinian Barzi and H. Maleki, “Hierarchical Fuzzy Identity-Based Encryption,” Electronic and Cyber Defense Magazine, vol. 6, no. 3, 2018. (in Persian)##
[31] D. Hankerson, S. Vanstone, and A. J. Menezes, “Guide to elliptic curve cryptography,” New York, Springer, 2004.##
[32] D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” In: Advances in cryptology CRYPTO, New York: Springer, pp. 213–229, 2001.##
 [33] Y. Yang and M. Ma, “Conjunctive keyword search with designated tester and timing enabled proxy      re-encryption function for e-Health clouds,” IEEE Transactions on Information Forensics and Security, vol. 11(4), pp. 746–759, 2016.##
[34] J. Zhang, N. Xue, and X. Huang, “A secure system for pervasive social network-based healthcare,” IEEE Access 4(99), pp. 9239–9250, 2016.##
[35] Q. Xia, E. Sifah, A. Smahi, S. Amofa, and X. Zhang, “BBDS: Blockchain-Based data sharing for electronic medical records in cloud environments,” Information 8(44), pp. 1–16, 2017.##
[36] Zhang, Aiqing, and Xiaodong Lin, “Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain,” Journal of medical systems, vol. 42.8, p. 140, 2018.##