scholarly journals A Blockchain-Based Medical Data Sharing Mechanism with Attribute-Based Access Control and Privacy Protection

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Yingwen Chen ◽  
Linghang Meng ◽  
Huan Zhou ◽  
Guangtao Xue
Keyword(s):  
Access Control ◽  
Data Sharing ◽  
Privacy Protection ◽  
Rapid Development ◽  
Medical Data ◽  
Searchable Encryption ◽  
Prototype System ◽  
Smart Contract ◽  
Medical Institutions ◽  
Attribute Based Access Control

The rapid development of wearable sensors and the 5G network empowers traditional medical treatment with the ability to collect patients’ information remotely for monitoring and diagnosing purposes. Meanwhile, the health-related mobile apps and devices also generate a large amount of medical data, which is critical for promoting disease research and diagnosis. However, medical data is too sensitive to share, which is also a common issue for IoT (Internet of Things) data. The traditional centralized cloud-based medical data sharing schemes have to rely on a single trusted third party. Therefore, the schemes suffer from single-point failure and lack of privacy protection and access control for the data. Blockchain is an emerging technique to provide an approach for managing data in a decentralized manner. Especially, the blockchain-based smart contract technique enables the programmability for participants to access the data. All the interactions are authenticated and recorded by the other participants of the blockchain network, which is tamper resistant. In this paper, we leverage the K-anonymity and searchable encryption techniques and propose a blockchain-based privacy-preserving scheme for medical data sharing among medical institutions and data users. To be specific, the consortium blockchain, Hyperledger Fabric, is adopted to allow data users to search for encrypted medical data records. The smart contract, i.e., the chaincode, implements the attribute-based access control mechanisms to guarantee that the data can only be accessed by the user with proper attributes. The K-anonymity and searchable encryption ensure that the medical data is shared without privacy leaking, i.e., figuring out an individual patient from queries. We implement a prototype system using the chaincode of Hyperledger Fabric. From the functional perspective, security analysis shows that the proposed scheme satisfies security goals and precedes others. From the performance perspective, we conduct experiments by simulating different numbers of medical institutions. The experimental results demonstrate that the scalability and performance of our scheme are practical.

Social Credential-Based Role Recommendation and Patient Privacy Control in Medical Emergency

2012 ◽  
pp. 215-237
Author(s):  
Soon Ae Chun ◽  
Joon Hee Kwon ◽  
Haesung Lee
Keyword(s):  
Privacy Protection ◽  
Information Technologies ◽  
Medical Data ◽  
Medical Emergency ◽  
Prototype System ◽  
Privacy Policies ◽  
Health Records ◽  
Health Information Technologies ◽  
Emergency Situations ◽  
Role Based

Emerging Health Information Technologies (HIT), such as Electronic Health Records (EHR) and Personal Health Records (PHR) systems, facilitate access to and sharing of patients’ medical data in a distributed environment. The privacy protection of medical information is a pressing issue with the use of these medical technologies. In this paper, the authors present a Patient-controlled Privacy Protection Framework, which allows a patient to specify his or her own privacy policies on their own medical data no matter where they are stored. In addition, the authors extend this basic framework to medical emergency situations, where roles and users may not be limited to an organizational boundary. To enforce patient’s privacy policies even in emergency situations, the authors propose the Situation Role-based Privacy Control model and a social network-based user credential discovery method to recommend a situation role to candidate users. The authors present a mobile prototype system and two experiments to show the feasibility of our approach.

Privacy Protection and Intrusion Avoidance for Cloudlet-Based Medical Data Sharing

2020 ◽  
Vol 8 (4) ◽  
pp. 1274-1283 ◽  
Author(s):  
Min Chen ◽  
Yongfeng Qian ◽  
Jing Chen ◽  
Kai Hwang ◽  
Shiwen Mao ◽  
...  
Keyword(s):  
Data Sharing ◽  
Privacy Protection ◽  
Medical Data

A JSON-Based Fast and Expressive Access Control Policy Framework

2019 ◽  
pp. 70-91
Author(s):  
Hao Jiang ◽  
Ahmed Bouabdallah
Keyword(s):  
Access Control ◽  
Rapid Development ◽  
Control Policy ◽  
Policy Framework ◽  
Shared Resources ◽  
Policy Language ◽  
Memory Space ◽  
Fine Grained ◽  
Attribute Based Access Control ◽  
Time Critical

Along with the rapid development of ICT technologies, new areas like Industry 4.0, IoT, and 5G have emerged and brought out the need for protecting shared resources and services under time-critical and energy-constrained scenarios with real-time policy-based access control. To achieve this, the policy language needs to be very expressive but lightweight and efficient. These challenges are investigated and a set of key requirements for such a policy language is identified. JACPoL is accordingly introduced as a descriptive, scalable, and expressive policy language in JSON. JACPoL by design provides a flexible and fine-grained ABAC style (attribute-based access control) while it can be easily tailored to express other access control models. The design and implementation of JACPoL are illustrated together with its evaluation in comparison with other existing policy languages. The result shows that JACPoL can be as expressive as existing ones but more simple, scalable, and efficient. The performance evaluation shows that JACPoL requires much less processing time and memory space than XACML.

scholarly journals LIP-PA: A Logistics Information Privacy Protection Scheme with Position and Attribute-Based Access Control on Mobile Devices

2018 ◽  
Vol 2018 ◽  
pp. 1-14 ◽  
Author(s):  
Qi Gao ◽  
Junwei Zhang ◽  
Jianfeng Ma ◽  
Chao Yang ◽  
Jingjing Guo ◽  
...  
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Mobile Devices ◽  
Privacy Protection ◽  
Personal Information ◽  
Information Privacy ◽  
Smart Devices ◽  
Protection Scheme ◽  
Logistics Information ◽  
Attribute Based Access Control

With the fast development of Logistics Internet of Things and smart devices, the security of express information processed by mobile devices in Logistics Internet of Things has attracted much attention. However, the existing secure express schemes only focus on privacy protection of personal information but do not consider the security of the logistics information against couriers with malicious mobile devices. For example, a privacy-preserving delivery path should be required in order to prevent the privacy leakage in the express delivery procedure. Therefore, besides the security of personal information, the privacy protection of logistics information and authentication of mobile devices used in express company are important to security in Logistics Internet of Things. In this paper, we propose a secure logistics information scheme LIP-PA to provide privacy protection of both personal information and logistics information. First, we define the basic requirements of Logistics Internet of Things. Then, using attribute-based encryption and position-based key exchange, we propose a logistics information privacy protection scheme with position and attribute-based access control for mobile devices. The analysis results show that our scheme satisfies the defined requirements. Finally, the performance of our scheme is evaluated and the experiment results show that our scheme is efficient and feasible for mobile devices in real parcel delivery scenario.

scholarly journals A Threshold Signature Scheme Without Trusted Center for Blockchain-Based Medical Cyber-Physical Systems

2021 ◽  
Author(s):  
Xianfei Zhou ◽  
Jing Huang ◽  
Fulong Chen ◽  
Yuqing Tang ◽  
Canlin Wang ◽  
...  
Keyword(s):  
Data Sharing ◽  
Data Storage ◽  
Medical Information ◽  
Rapid Development ◽  
Medical Data ◽  
Group Signature ◽  
Signature Scheme ◽  
Threshold Signature ◽  
Shared Data ◽  
Rapid Transformation

Abstract With the rapid development of medical information technology, the medical cyber-physical system is undergoing a rapid transformation, and the safe storage and sharing of medical data are facing great challenges. It makes the work of safe medical data storage, privacy protection and data sharing get more difficult. In this paper, we propose the combination of private blockchain and consortium blockchain that can protect information security and realize data sharing. In the system, the medical records of each node are stored in the private blockchain, and the shared data is on the consortium blockchain so as to improve the data storage and reduce data redundancy. And the threshold signature scheme without trusted center is applied in the system. In order to initiate threshold signature, a set of nodes is constructed by the sponsoring doctor, in which the threshold signature process is initiated. When there are no less than $t$ nodes sending part-signatures, the signature can be synthesized to group signature. This scheme can be well applied to the scene of multidisciplinary joint consultation in the medical blockchain. The scheme proposed in this paper has high security and computing efficiency.

Sign in / Sign up

Export Citation Format

Share Document