Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by Siva Sushma Battineni

INSE6615 Project report

advertisement 
Blockchain-Based Authentication in the Healthcare
Industry
Vishal Menon[40220758],
Vighnesh Srinivas Gumma[40227580],
Sivs Sushma Battineni[40235007]
Abstract—Blockchain-based authentication has the potential
to transform the healthcare industry by providing reliable,
efficient and secure ways to store the healthcare records of the
patients. This paper focuses on the benefits of blockchain
technology when used in the Electronic Healthcare Records
systems for authentication purposes. This is achieved by
specifying the benefits and the attacks that the Healthcare
systems can be prone to. The paper also discusses several
systems that were implemented according to the papers that
have been referred to. The highlight of this paper is explaining
how the blockchain-based authentication can revolutionize the
field of Healthcare by helping the patients have access to their
medical records electronically without compromising on the
security.
Keywords— Electronic healthcare records, Blockchain,
Authentication, Smart contracts, Healthcare industry
I. INTRODUCTION
Blockchain has transformed the tech industry in various
domains. It has primarily focused on the financial sector
namely cryptocurrencies, but the advancements and benefits
associated with a blockchain are not limited to it. Blockchain
has created a new medium to share data and information in a
safe manner. Various fundamental sciences are used to
achieve this common goal including cryptographic hash
functions, distributed consensus techniques and digital
signatures. Decentralized execution of all transactions
eliminates the requirement for intermediaries to confirm and
validate them, which was a necessary requirement in any
environment until the world of blockchain was introduced.
[23]
In the domain of healthcare, along with the various
advancements in the industry, EHR (Electronic Health
Records) have also started to gain traction [3] as a significantly
more effective alternative to traditional patient health records.
[2] The research community has also been interested in the
potential advantages of EHR systems, such as public
healthcare administration, online patient access, and patient
medical data sharing. A key example of the potential of EHR
systems have been demonstrated during the pandemic caused
by the novel coronavirus, also popularly recognized as
COVID-19. EHR has helped contain the virus partially by
enabling remote patient monitoring along with additional
means to make healthcare more accessible with minimal
contact. [3]
However, EHR systems follow traditional authentication
methods i.e., using a centralized system. Centralized server
scenarios are publicly known to have security and privacy
shortcomings due to their design. This may be an acceptable
risk today but as the adoption of such technology gains
traction, it could introduce larger issues as it primarily handles
sensitive information associated to the identities of a vast
number of individuals. [3]
With the introduction of blockchain-based technologies,
multiple studies have been conducted to achieve a common
goal of tackling most of the problems associated to the
traditional systems. [2] This is primarily possible due to the
fact that blockchain based technology is decentralized as it
uses a peer-to-peer network to enable transmission of data
unlike the centralized server models. [1] It is far from
perfection as these blockchain based technologies will have to
implement comprehensive safety and privacy features in
terms of interoperability, authentication and the exchange of
information within the environments it gets implemented on
to satisfy the strict legal requirements contained within the
1996 Health Insurance Portability and Accountability Act.
Nevertheless, this technology has gained a lot of attention and
also achieved success in a number of countries. It has been
able to solve the problem associated to single point of
failures.[2] However, along with the advantages of blockchain
based technology, there also exists multiple concerns mainly
concerns that are related to financial costs as most
organizations are categorized into small and medium sizes and
affording such a technology and its implementation is not a
small problem. [23] In this report we will go through the
different ways blockchain-based technology has been
implemented for authentication purposes within healthcare.
II. RELATED WORK
In this section, we analyze multiple studies that have been
performed in the past associated to the main aspects of our
research after which we will analyze these areas in detail to
understand its structure and design.
A. Blockchain-based implementations on EHR
One of the main topics that revolve around healthcare
today is the use of EHR systems which is meant to simply
digitalize the process of data sharing and storage as compared
to traditional systems that would generally be done on paper.
There have been multiple studies that have focused on
integrating blockchain into the EHR.
One such study [5] talks about how multilevel
authentication can be used to secure electronic health records.
According to this study, the proposed model splits the
modules into two categories, the user management layer and
the EHR generation and view layer. Under the user
management layer, the flow goes through three main
processes namely registration, validation and a QR image
generator. The user, i.e., the patient, would provide their
details to be recorded onto the system after which the
validation system checks the validity of the information
provided. Additionally, neither the patient nor the medical
professional would be able to access the records until it is
deemed to be valid after which a QR code will be generated.
Once the process moves forward into the next module, the
blockchain implementation is put into effect. The first step
involves the login function where the patient accesses their
respective account using a userid and a password and an
additional MFA scheme. When a consultation is completed
with the medical professional, the EHR record is created
within the system and a the patient is notified of the
generation. This is where the patient must approve the
generation of their record which avoids the possibility of
double spending attacks. [5] A double spending attack is
essentially a situation where an attacker tries to create a fork
by generating a new group of blocks. It is also necessary that
the group has a longer chain. If these conditions are met, a
successful double spending attack has been initiated. [25]
Once the patient approves the generation of the details, a new
block is created for the EHR. The key generator module is
responsible for generating a key which will then be used to
generate a hash for the respective block. [5]
Another such study [26] demonstrates a simpler scenario
as to how the EHR records will be generated using blockchain
based technology. In this model, a role-based hierarchy is
implemented.
Fig 1: Blockchain-based EHR implementation using rolebased restrictions. [26]
In the above figure, the flow of the record creation and
access management is demonstrated. Similar to the previously
mentioned study, the patient provides the details which
ultimately leads to the creation of records along with the
medical personnel’s inputs. Additionally, there exists an
administrator that is responsible for managing the blockchainbased implementation. The admin will be responsible to
handle all the functions from the deployment of the network
until the storage of data. Once the records have been created
and registered, the access is granted to specific personnel only.
The medical personnel can only access the information of a
patient directly associated to them. [26]
B. Smart Contracts
Smart contracts are essentially lines of code that are
executed when any transaction is made on the blockchain.
This study [1] describes smart contracts as an implementation
that brings about logic into the blockchain. In this model, the
smart contract will be used as a means to control and handle
access management to the patient’s medical records. It will be
deployed as a ledger feature that exists within the blockchain
network. [1]
In the below Fig 2, the flow of information is shown as to
how records are accessed. When the patient performs a
successful login attempt, the private key is fetched from the
Ethereum wallet. The Ethereum wallet is described to be a
cold storage wallet which means that the data is stored offline
which ultimately leads to a more secure model as this reduces
the risk of attacks and data leakage. The wallet can also be
further used to provide signatures on any document in a
similar manner. [1]
Fig 2: Flowchart showcasing the access management
process of records.
C. Authentication using tokens
Another interesting means to authenticate is by using
specially generated tokens. Medicalchain is platform that uses
the decentralized model of blockchain to share medical data
in a secure manner by making use of tokens known as
MedTokens. Medicalchain enables access to patients by
generating a smart contract. At its core, the means to pay if
done by using the MedTokens which can be either earned or
spent by the patient. The patient pays using the tokens when a
service is used or accessed within the system. When a patient
grants access to a third party, tokens are earned as a reward.
The Medicalchain system is already known to be implemented
in parts of the United Kingdom. This allows patients to
achieve any medical need remotely at their disposal and
convenience. [10]
III. ANALYSIS OF MODELS TO MANAGE EHR
In this section of the study, we analyze the different
models that could be implemented to manage the electronic
health records.
A. Using DIDs to authenticate in EHR systems
DID is one such method that can be used to perform
authentication functions within electronic health record
systems. DIDs are known as decentralized identifiers. They
are used to represent the identity of any entity whether an
individual, organization etc., in a decentralized system. DIDs
also allow complete control over their information to the
owner of the respective data. This allows the owner to perform
transactions in a simple manner without much concern
associated to privacy. DID-based authentication works on the
principle of the cryptographic challenge and response
mechanism. A challenge response mechanism is a scenario
where a verifier sends a challenge to the prover and expects a
response to that challenge that is usually generated by an
algorithm that both parties need to be aware of as per their
agreement. [12] However, another study [27] mentions that
the level of security and privacy that could be achieved using
DIDs can only be derived after performing a comprehensive
threat analysis.
According to this study [12], the most important part of
this model is the storage and usage of DIDs and keys. This
model uses DKMS wallets to store all the data including DIDs.
During the initial stages of account creation, the identity and
data associated to the patient is verified using DIDs and
Verifiable Credentials (VC). The VC is then distributed
amongst the required parties such as the medical
professionals. This helps create a more privacy oriented
system due to the absence of a centralized system managing
all the records. The transaction control is performed by
making use of the distributed ledger in the blockchain
network. These transactions will hold all the data such as DIDs
credentials etc. [12] It is also known that attacks can be
performed on blockchain based systems where the adversary
could access data by performing attacks such as replay attacks.
An example mentioned in another study shows that the attacks
need not be malicious but used to gain financial advantage. A
pharmacist could try to gain access to information associated
to prescription patterns in order to gain a financial advantage
by tailoring their marketing strategies based on the newly
learnt information. However, this study also proposes a
similar DID based system and deems it to be secure based on
the design to authenticate using a challenge response
mechanism. It also additionally adds an extra security layer by
introducing access control lists and policies into the network.
[27]
present proof of identity in response to the healthcare provider
after which the patient fetches the respective credential which
is stored in the ledger. The patient will then generate a request
using a secret and send it to the healthcare provider. The
patient will then fetch the verifiable credentials from the
wallet and further provide proof to the healthcare provider.
Finally, the healthcare provider will be able to verify the
received proof by performing a comparison with the public
key of the issuer from the blockchain network. [12]
An extra layer of security measure can also be
implemented on top of the discussed model. Another study
[28] mentions the presentation of only a part of the credential.
Essentially, a presentation of the credential is provided by
using a VCs that are to be generated by the respective
authority that is assumed to be trustworthy by the verifiers
involved. However, this information that is used in the
presentation does not initiate from the authority but the parties
involved such as the owner, researcher and the cryptographic
content in order to provide a means to ensure that the data
originates from a distributed ledger.
[11] According to this research and proposed framework,
the DID uses Hyperledger Indy blockchain which is built
around the DIDs. The Hyperledger Indy blockchain is built
around DIDs and is used for credentials setup and generating
the DIDs. There are two types of DIDs used namely; Verinym
and Pseudonym. Pseudonym, otherwise also known a
pairwise-unique DID or peer-DID, is generated uniquely for
each digital connection and is used in the context of that
particular connection. This DID is private. The Verinym DID
is public and visible to everyone. It is supposed to determine
owner’s legal identity. The peer DID generation includes a
verifying key, a signing key, and a DID. The signing key is
kept private and is stored in the user’s wallet, whereas the
verifying key and the DID are made public.
B. Security Analysis of Decentralized Identifiers
[11] Discusses some of the security implications of DIDs.
The paper mentions that the probability of a sybil attack or
Identity theft is minimum, as the users are responsible for
their identity. They decide whom to disclose their identity.
The peer-DID which ensures that the identity is only valid for
the ongoing digital connections, and the selective disclosure
of identity ensures that these kinds of attacks are not possible.
The paper does not use smart contracts in their
implementation and hence does not produce any kind of code
level vulnerabilities.
Fig 3: Access Control Consent Management for EHR
access [12]
The above figure 3 shows the flow of information involved
in managing consent associated to EHR record access. The
healthcare provider will first provide a credential based on the
identity to the patient. The patient will then be obliged to
C. Other Mechanisms
[6] A different paper suggests a decentralized framework
to maintain, manage and transfer healthcare records. The
framework relies on using Proof of Stake(PoS) instead of the
traditional Proof of Word(PoW). The authors inclined
towards using blockchain to manage healthcare records was
mostly due to the immutability nature of blockchain and
smart contracts deployed on blockchain. The paper mentions
the use of smart contracts in the framework to exchange the
health records between various healthcare providers purely
due to the privacy provided by blockchain. Although, the
paper at no point gives technical details about the kind of
smart contracts used, the algorithm used, or any other
specifics about the framework. It does mention that the
framework relies on usual cryptographic primitives used in
blockchain such as ECDSA for signature, hashchain for
immutability, SHA256 for hashing the values and such. There
are five active roles in the framework, each of which perform
various functions. Visitors nodes will request services
relating to the healthcare data which is carried out by Agent
nodes. Coordinator nodes approve these requests, and the
Administrator nodes performs the requested operation on the
data. The contributor nodes circulate the data in the network.
According to this framework, the block size is limited 30kb
and 15 transactions per block. Each block is created after 6
minutes, regardless of the number of transactions in the
block.
D. Medical Security System using Distributed Ledger
Blockchain and Distributed technology in systems
designed for Electronic Health Records has the potential to
revolutionize the security and the privacy to greater lengths.
The main of the system is to maximize the sharing rate of
these electronic records alongside very less impact caused by
the adversaries. When a medical system that maintains health
records electronically uses Bitcoin Technology, consist of a
medical server that protects the shared data like shown in the
picture below. On a general note, users might find it less
secure, when they know that their health records are on a
shared server however, the medical server is supposed to
serve the purpose of securing the shared patient information.
There will be authentication techniques that will be used in
order to maintain high level of security. [12]
cannot be modified or deleted without consensus from all
parties involved.
This system uses an end-user application where the
patients/users can access the files that they have the access to.
They provide communication to the system through
conventional communication standards. The initial
authorization for the end-user is provided using login
ID/name and password information, which is validated by the
medical server to ensure the reputation of the user. It is
designed to also fight against attacks like man-in-the middle
and data tampering. In general, the man-in-the-middle attack
is an attack where the adversary overlaps the user’s access to
the healthcare records. This will allow the adversary to access
the health records of any patient that is available on the
medical server. By doing this, the adversary is degrading the
security of the EHR system [12]. In the case of Data
tampering, the adversary will be able to breach the health care
records from the node that is communicating in the network
of the system. In data tampering, the data is either modified
or listened to. Either way, the security of the EHR is
compromised.
The authentication mechanism used in this system is
the above-mentioned linear decision making and concentric
authentication. Concentric authentication is a mechanism that
uses multiple levels of security to secure the system. The use
of concentric authentication allows several additional layers
of security than the existing one by requiring multiple levels
of authentication before granting access to healthcare
electronic records to the requested user. This will ensure that
the system prevents unauthorized access and only authorized
users have access to their records. In a nutshell, the use of
concentric authentication in conjunction with other security
measures such as blockchain technology and linear decision
making provides a highly secure way for patients to request
and access their records while maintaining privacy and data
security.
IV. FUTURE WORK
The trust model that is used in the medical server is based
on linear decision making. Apart from using bitcoin
technology, this model/system used different technologies
like Authentication, Classified-based learning and lineardecision making. This model involves linear decision making
which in turn involves assigning different set of weights
based on different options provided and provide a decision
based on the score obtained. This approach is applied to the
electronic healthcare records as the records of several patients
are recorded and to maintain successful access. When the
linear decision-making model assigns weights and gives a
score, it is indeed granting the access to the person that
obtained the right score to access their file. This is an
authentication technique and heavily relies on providing
more efficiency. This system uses a blockchain-based
distributed ledger to store and manage healthcare electronic
records. The distributed ledger is resistant to tampering,
which means that once data is added to the blockchain, it
The future work in the application of blockchain-based
authentication in healthcare from an authentication
perspective can focus on enhancing security, providing
greater user control, improving key management and
enabling decentralized identity management.
A. Standardized Protocols
Since the blockchain application in healthcare sector is
still in the beginning phase, standard protocols to follow will
rule out a lot of hassle for the upcoming systems that need
universal application.
B. Multi-factor Authentication
A lot of patient’s data is stored in the servers of these
systems and if necessary, authentication isn’t performed,
there is a high chance that the system can be prone to several
attacks that could steal and modify the data. To avoid this
from happening, the future work should focus on
implementing various authentication mechanisms.
C. Key Management
The secure management of keys is a necessity in systems
that are based on blockchain authentication. Future work can
focus on developing more secure and user-friendly key
management solutions.
D. Organizational Adoption
Although, the proposed system is still emerging, it is
important to expand the application to all the healthcare
organizations. This is because the security mechanisms and
the authentication mechanism can be better tested when there
is wider usage of the related systems.
V. CONCULSION
With the wide usage of blockchain technology in the
healthcare industry for better management of healthcare
records of patients, there are also challenges that the systems
are posed to. Despite being prone to security attacks and
several challenges, several successful implementations of
blockchain-based authentication in healthcare have
demonstrated that the application of blockchain technology
has enough potential to improve patient medical records and
reduce costs while maintaining patient privacy and security.
Therefore, healthcare organizations should carefully consider
the benefits and challenges of blockchain-based
authentication and carefully consider its potential for their
specific needs before implementing this technology. With
careful application, blockchain-based authentication can
transform the healthcare industry and provide significant
benefits to patients, healthcare providers, and other
stakeholders that deal with the medical records on a general
basis.
REFERENCES
[1]
[2]
[3]
[4]
[5]
https://www.hindawi.com/journals/js/2022/7299185/
https://www.mdpi.com/2673-8732/2/2/16
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7362828/
https://onlinelibrary.wiley.com/doi/10.1002/spy2.231?af=R
https://www.researchgate.net/publication/342639757_Securing_Block
chain_based_Electronic_Health_Record_using_Multilevel
[6] https://www.frontiersin.org/articles/10.3389/fpubh.2022.938707/full
[7] https://www.sciencedirect.com/science/article/pii/S131915782100105
1
[8] https://manipal.pure.elsevier.com/en/publications/a-blockchain-baseddecentralized-identifiers-for-entity-authentic
[9] https://stlpartners.com/articles/digital-health/5-blockchain-healthcareuse-cases/
[10] https://www.mdpi.com/2071-1050/12/22/9693
[11] http://www.truevaluemetrics.org/DBpdfs/Technology/Blockchain/5onc_blockchainchallenge_mitwhitepaper_copyrightupdate
[12] d.pdfhttps://iom3.tandfonline.com/doi/pdf/10.1080/23311916.2022.2
035134?needAccess=true&role=button
[13] https://www.mdpi.com/2227-9032/8/3/243
[14] https://www.hindawi.com/journals/js/2022/7299185/
[15] https://www.sciencedirect.com/science/article/abs/pii/S138912862100
4382
[16] http://www.truevaluemetrics.org/DBpdfs/Technology/Blockchain/5onc_blockchainchallenge_mitwhitepaper_copyrightupdated.pdf
[17] https://iom3.tandfonline.com/doi/pdf/10.1080/23311916.2022.203513
4?needAccess=true&role=button
[18] https://www.mdpi.com/2227-9032/8/3/243
[19] https://www.irjmets.com/uploadedfiles/paper/issue_6_june_2022/261
57/final/fin_irjmets1655372310.pdf
[20] https://www.emerald.com/insight/content/doi/10.1108/EL-05-20220104/full/html
[21] https://journals.plos.org/plosone/article?id=10.1371/journal.pone.024
3043
[22] http://mail.webology.org/datacms/articles/20211102103453amWEB18248.pdf
[23] https://www.mdpi.com/1424-8220/22/14/5274
[24] https://www.researchgate.net/publication/336393649_Using_Blockch
ain_for_Electronic_Health_Records
[25] https://www.researchgate.net/publication/351136583_Revisiting_Dou
ble-Spending_Attacks_on_the_Bitcoin_Blockchain_New_Findings
[26] https://arxiv.org/ftp/arxiv/papers/2203/2203.12837.pdf
[27] https://ieeexplore.ieee.org/abstract/document/9895264
[28] https://www.mdpi.com/2076-3417/11/19/8984
Related documents
Aim
Aim
APPLICATION OF BLOCKCHAIN TECHNOLOGY IN HEALTHCARE
APPLICATION OF BLOCKCHAIN TECHNOLOGY IN HEALTHCARE
Blockchain-Technology-Acc.9731182.powerpoint
Blockchain-Technology-Acc.9731182.powerpoint
Blockchain-Technology-App
Blockchain-Technology-App
ECOLOGICAL-FACTORS
ECOLOGICAL-FACTORS
NFTs and blockchain
NFTs and blockchain
Article-9-Diagrams
Article-9-Diagrams
IOT Armour is a next-gen cybersecurity solution designed explicitly for critical infrastructure and connected devices in the Internet of Things (IoT).
IOT Armour is a next-gen cybersecurity solution designed explicitly for critical infrastructure and connected devices in the Internet of Things (IoT).
Download
advertisement