Blockchain-Based Logging to Defeat Malicious Insiders: The Case of Remote Health Monitoring Systems

Hamza Javed; Zainab Abaid; Shahid Akbar; Kifayat Ullah; Ashfaq Ahmad; Aamir Saeed; Hashim Ali; Yazeed Yasin Ghadi; Tahani Jaser Alahmadi; Hend Khalid Alkahtani; Ali Raza

doi:10.1109/ACCESS.2023.3346432

IEEE Access (Jan 2024)

Blockchain-Based Logging to Defeat Malicious Insiders: The Case of Remote Health Monitoring Systems

Hamza Javed,
Zainab Abaid,
Shahid Akbar,
Kifayat Ullah,
Ashfaq Ahmad,
Aamir Saeed,
Hashim Ali,
Yazeed Yasin Ghadi,
Tahani Jaser Alahmadi,
Hend Khalid Alkahtani,
Ali Raza

Affiliations

Hamza Javed: Department of Computer Science, National University of Computer and Emerging Science, Islamabad, Pakistan
Zainab Abaid: Department of Computer Science, National University of Computer and Emerging Science, Islamabad, Pakistan
Shahid Akbar: ORCiD; Department of Computer Science, Abdul Wali Khan University Mardan, Mardan, Pakistan
Kifayat Ullah: Department of Electrical Engineering, Sarhad University of Science and Information Technology, Peshawar, Pakistan
Ashfaq Ahmad: ORCiD; Department of Computer Science, MY University, Islamabad, Pakistan
Aamir Saeed: ORCiD; Department of Computer Science and IT, University of Engineering and Technology, Peshawar, Pakistan
Hashim Ali: ORCiD; Department of Computer Science, Abdul Wali Khan University Mardan, Mardan, Pakistan
Yazeed Yasin Ghadi: ORCiD; Department of Computer Science, Al Ain University, Abu Dhabi, United Arab Emirates
Tahani Jaser Alahmadi: ORCiD; Department of Information Systems, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia
Hend Khalid Alkahtani: ORCiD; Department of Information Systems, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, Saudi Arabia
Ali Raza: Department of Computer Science, MY University, Islamabad, Pakistan

DOI: https://doi.org/10.1109/ACCESS.2023.3346432
Journal volume & issue: Vol. 12
pp. 12062 – 12079

Abstract

Read online

IoT-based remote health monitoring is a promising technology to support patients who are unable to travel to medical facilities. Due to the sensitivity of health data, it is important to secure it against all possible threats. While a great deal of work has been done to secure IoT device-cloud communication and health records on the cloud, insider attacks remain a significant challenge. Malicious insiders may tamper, steal or change patients’ health data, which results in a loss of patient trust in these systems. Audit logs in the cloud, which may point to illegal data access, may also be erased or forged by malicious insiders as they tend to have technical knowledge and privileged access to the system. Thus, in this work, we propose a Cloud Access Security Broker (CASB) model that (a) logs every action performed on user data and (b) secures those logs by placing them in a private blockchain that is viewable by the data owners (i.e., patients). Patients can query the blockchain, track their data’s movement, and be alerted if their data has been accessed by an administrator or moved outside the cloud storage. In this work, we practically implement a web application that receives health data from patients, a CASB that securely stores the records in the cloud, and integrate a private blockchain that immediately logs all actions happening in the backend of the web application and CASB. We evaluate the system’s security and performance under varying numbers of patients and actions.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords