A Hierarchical Multi Blockchain for Fine Grained Access to Medical Data

Vangelis Malamas; Panayiotis Kotzanikolaou; Thomas K. Dasaklis; Mike Burmester

doi:10.1109/ACCESS.2020.3011201

IEEE Access (Jan 2020)

A Hierarchical Multi Blockchain for Fine Grained Access to Medical Data

Vangelis Malamas,
Panayiotis Kotzanikolaou,
Thomas K. Dasaklis,
Mike Burmester

Affiliations

Vangelis Malamas: ORCiD; Department of Informatics, University of Piraeus, Pireas, Greece
Panayiotis Kotzanikolaou: ORCiD; Department of Informatics, University of Piraeus, Pireas, Greece
Thomas K. Dasaklis: ORCiD; Department of Informatics, University of Piraeus, Pireas, Greece
Mike Burmester: ORCiD; Department of Computer Science, Florida State University, Tallahassee, FL, USA

DOI: https://doi.org/10.1109/ACCESS.2020.3011201
Journal volume & issue: Vol. 8
pp. 134393 – 134412

Abstract

Read online

The health care ecosystem involves various interconnected stakeholders with different, and sometimes conflicting security and privacy needs. Sharing medical data, sometimes generated by remote medical devices, is a challenging task. Although several solutions exist in the literature covering functional requirements such as interoperability and scalability, as well as security & privacy requirements such as fine-grained access control and data privacy, balancing between them is not a trivial task as off-the-shelf solutions do not exist. On one hand, centralized cloud architectures provide scalability and interoperable access, but make strong trust assumptions. On the other, decentralized blockchain based solutions favor data privacy and independent trust management, but typically do not support dynamic changes of the underlying trust domains. To cover this gap, in this paper, we present a novel hierarchical multi expressive blockchain architecture. At the top layer, a proxy blockchain enables independently managed trust authorities to interoperate. End-users from different health care domains, such as hospitals or device manufacturers are able to access and securely exchange medical data, provided that a commonly agreed domain-wise access policy is enforced. At the bottom layer, one or more domain blockchains allow each domain (e.g. a hospital or device manufacturer) to enforce their policy and allow fine-grained access control with attribute-based encryption. This architecture is designed to provide the autonomous management of trusted medical data/devices and the transactions of mutually untrusted stakeholders, as well as an inherent forensics mechanism tailored for granular auditing. Smart contracts are used to enforce decentralized policies. Ciphertext-policy attribute based encryption (CP-ABE) is used to distribute the decryption process among end users and the system, as well as support an efficient credential revocation mechanism. We demonstrate the efficiency of the proposed architecture through a proof of concept implementation. Finally we analyse the major security and performance characteristics.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords