KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

BDSS: Blockchain-based Data Sharing Scheme With Fine-grained Access Control And Permission Revocation In Medical Environment

  • Zhang, Lejun (College of Information Engineering, Yangzhou University) ;
  • Zou, Yanfei (College of Information Engineering, Yangzhou University) ;
  • Yousuf, Muhammad Hassam (College of Information Engineering, Yangzhou University) ;
  • Wang, Weizheng (Computer Science Department, City University of Hong Kong) ;
  • Jin, Zilong (School of Computer and Software, Nanjing University of Information Science and Technology) ;
  • Su, Yansen (Key Laboratory of Intelligent Computing and Signal Processing of Ministry of Education, School of Computer Science and Technology, Anhui University) ;
  • Kim, Seokhoon (Dept. of Computer Software Engineering, Soonchunhyang University)
  • Received : 2021.11.29
  • Accepted : 2022.05.12
  • Published : 2022.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

Due to the increasing need for data sharing in the age of big data, how to achieve data access control and implement user permission revocation in the blockchain environment becomes an urgent problem. To solve the above problems, we propose a novel blockchain-based data sharing scheme (BDSS) with fine-grained access control and permission revocation in this paper, which regards the medical environment as the application scenario. In this scheme, we separate the public part and private part of the electronic medical record (EMR). Then, we use symmetric searchable encryption (SSE) technology to encrypt these two parts separately, and use attribute-based encryption (ABE) technology to encrypt symmetric keys which used in SSE technology separately. This guarantees better fine-grained access control and makes patients to share data at ease. In addition, we design a mechanism for EMR permission grant and revocation so that hospital can verify attribute set to determine whether to grant and revoke access permission through blockchain, so it is no longer necessary for ciphertext re-encryption and key update. Finally, security analysis, security proof and performance evaluation demonstrate that the proposed scheme is safe and effective in practical applications.

Keywords

1. Introduction

With the development of the Internet, the fourth industrial revolution comes. People have entered the era of using information technology to promote industrial transformation [1-2]. But how to store huge amounts of data effectively becomes an urgent problem to be solved. The emergence of cloud servers solves the storage problem of local devices while reducing costs and improving stability [3-4]. Therefore, cloud servers have become one of the indispensable applications for enterprises and individuals in work or study. In medical fields, with the continuous increase of medical data, traditional paper medical records can no longer meet people’s needs. Therefore, EMR, an emerging storage model, attracts people’s attention gradually. It has data integrity and low interaction costs so that it can provide supports in the fields of telemedicine, disease treatment, and research of new drugs in the medical field. EMR contains the personal data of patients. Once illegally leaked, it will bring huge losses to the spirit and reputation of the patient. To protect the safety of EMR, patients should encrypt and upload it to the cloud server, but encryption also means that the keyword search technology based on plaintext cannot be used.

The proposal of SSE technology allows people to search encrypted data without revealing document content [5-7]. The development of SSE technology can be traced back to 2000. Song et al. [8] first proposed a symmetric searchable encryption (SSE) scheme based on the symmetric encryption algorithm, but it takes a lot of expenses to restrict access to certain information.

ABE technology proposed by Sahai and Waters [9] is an emerging encryption technology based on identity-based encryption (IBE) technology, which can realize one-to-many encrypted communication and fine-grained access control to data. Therefore, researchers are devoted to combining the cloud server, SSE technology, and ABE technology to achieve searchable encryption and access control at the same time, but this method cannot control the access to the public and private parts of the same data, and it is difficult to revoke access permission.

Subsequently, blockchain proposed by Satoshi Nakamoto [10] is known by people gradually and applied in many fields later. As the underlying technology of Bitcoin, blockchain uses chained data structure to store data, consensus algorithm to upload data, cryptographic principles to ensure the security of data storage, and smart contract to program[11]. Therefore, it is decentralized, secure, and tamper-proof. The characteristics of blockchain can solve the problem of data tampering and collusion attack. However, the tamper-proof feature of the blockchain guarantees the integrity of the data, but it also leads to the permission revocation difficulty.

Therefore, a blockchain-based data sharing system applied in the medical environment is proposed in this paper. The main contributions of this paper are summarized as follows:

(1) This paper proposes a BDSS system model, which combines the traditional cloud server with the distributed blockchain. It not only solves security problems in the cloud server but also relieves storage pressure on the blockchain.

(2) Based on SSE and ABE technology, our scheme encrypts the public part and the private part of EMR with different access policies respectively, thereby enabling patients to control the sharing of different parts of EMR more precisely.

(3) By updating the latest attribute sets in the private blockchain, this paper verifies the identity of the patient and decide whether to grant or revoke his permission. This makes it impossible for adversary to use false attribute set to cheat hospital and obtain the data he wants.

The rest of this paper is organized as follows. Section 2 discusses the related works in our scheme. Section 3 shows the preliminaries of critical technologies in this paper. Section 4 introduces the system design of our scheme. Section 5 describes system implementation. Section 6 performs security analysis, security proof and performance analysis. Section 7 is the conclusion of this scheme.

2. Related Works

Great achievements have been made in the application of blockchain in the medical field. Azaria et al. [12] proposed a blockchain-based electronic medical record system that accesses medical information across providers and treatment sites. Fan et al. [13] designed an efficient and safe medical record sharing system on the blockchain. The system allows effective medical record access and retrieval and uses the ring signature algorithm and zero-knowledge proof technology to enhance data anonymity. Ji et al. [14] proposed a blockchain-based telemedicine information system that realizes multi-level privacy protection location sharing and ensures the retrievability of the complete location.

Since blockchain is decentralized and tamper-proof, the combination of blockchain and cloud becomes a hot topic. Many scholars successively put forward a large number of provable schemes with special properties in this field [15-16]. Tang et al. [15] designed a middleware system that secures cloud storage services using a minimally trusted blockchain. It hardens the cloud-storage security against forking attacks. Xia et al. [16] designed a data-sharing model between cloud service providers using the blockchain. The design employs the use of smart contracts and an access control mechanism to effectively trace the behavior of the data as well as revoke access to violated rules and permissions on data. However, these schemes do not take the problem of ciphertext query in the cloud-blockchain environment into account.

To solve this kind of problem, researchers discover the advantages of searchable encryption technology and add it into the cloud-blockchain environment. This technology implements keyword search on encrypted data and obtains the interested target data [17]. Under the premise of ensuring data security, it can make people search ciphertext more easily. Liu et al. [18] design an innovative decentralized public key searchable encryption scheme based on a three-layer blockchain network that uncovers illegal and criminal transactions and achieves crime traceability. Cai et al. [19] utilize searchable encryption techniques and smart contract in blockchain to preserves encrypted search capability and enforce ecosystem healthiness. Yang et al. [20] propose a multi-keyword searchable encryption scheme based on blockchain which locates encrypted files precisely and returns the desired files. It also ensures that users can receive accurate search results without any third-party verification. Chen et al. [21] propose a blockchain-based searchable scheme for electronic health records (EHRs). This scheme constructs an index for EHRs through complex logic expressions and stored in the blockchain so that the data user can utilize the expressions to search the index. The above schemes mainly focus on query optimization, but it is also important to ensure the data owner’s data access control rights while facilitating the query of the data requester.

Therefore, researchers propose searchable attribute encryption which combines searchable encryption and attribute-based encryption (ABE) to ensure data security while performing fine-grained access control. Feng et al. [22] propose a blockchain data privacy protection control scheme based on searchable attribute encryption, which solves the privacy exposure problem in traditional blockchain transactions. The attribute encryption combined with linear secret sharing performs fine-grained access control on transaction ciphertext in the blockchain. However, most existing attribute-based searchable encryption schemes are inefficient and not suitable for Internet of things devices because of the large amounts of attributes and keys. To solve the critical problems, Niu et al. [23] propose a key aggregation searchable encryption scheme based on blockchain with auxiliary input, which achieves secure data sharing on encrypted data.

Till now, the searchable attribute encryption scheme does not consider that the public and private parts of the data can be separately encrypted and controlled. In addition, the permission revocation problems in the blockchain still exist. Therefore, this paper is dedicated to building a blockchain-based data sharing scheme with fine-grained access control and permission revocation.

3. Preliminaries

3.1 Symmetric Searchable Encryption

Traditional SSE algorithm can be described as a quintuple [24]:

1) 𝑆SE_𝐾ey Gen(𝜆) → (𝐾): Executed by the hospital. Input security parameters 𝜆, output symmetric key 𝐾;

2) 𝑆SE_Encrypt(𝐾,𝐴) → (𝐵) : Executed by the hospital. Input symmetric key 𝐾 and plaintext set 𝐴 = {𝑎1, 𝑎2, ⋯ , 𝑎𝑛}, output ciphertext set 𝐵𝐵 = (𝑏1, 𝑏2, ⋯ , 𝑏𝑛).

3) SearchToken(𝐾,𝑤) → 𝑇𝑤 : Executed by the hospital. Input symmetric key 𝐾 and keyword 𝑤, output search token 𝑇𝑤;

4) Search(𝐼, 𝑇𝑤,𝐵) → 𝐵(𝑤): Executed by the cloud server. Input index 𝐼, trapdoor 𝑇𝑤 and encrypt file set 𝐵, output specific encrypted file set 𝐵(𝑤);

5)𝑆SE_Decrypt(𝐾, 𝐵𝑖) → 𝐴𝑖 : Executed by the hospital. Input symmetric key 𝐾 and encrypted file 𝐵𝑖, output corresponding plaintext 𝐴𝑖.

3.2 Attribute-Based Encryption

Traditional ABE algorithm can be described as a quaternion [25]:

1) ABE_Setup(α, β, g) → (MSK, PK): Executed by the hospital. Input random exponents 𝛼, 𝛽 ∈ 𝑍𝑝 and the generator of the bilinear group 𝑔, output system master key MSK and system public key PK;

2) ABE_KeyGen(MSK, PK, ω) → (SKω): Executed by the hospital. Input system master key MSK, system public key PK and attribute set 𝜔, output attribute private key SK𝜔;

3) ABE_Encrypt(M, AT, MSK) → (CM) : Executed by the hospital. Input message 𝑀, tree access structure 𝐴𝑇 and system master key MSK, output encrypted message CM;

4) ABE_Decrypt(CM, ω, AT, PK, SKω) → (M) : Executed by the hospital. Input encrypted message 𝐶𝑀, attribute set 𝜔, tree access structure 𝐴𝑇, system public key PK, and attribute private key SK𝜔, output message 𝑀.

4. BDSS System Design: Take the Medical Environment as the Application Scenario

4.1 Design Goalss 

In order to facilitate users to store and share data, we design a BDSS system based on cloud server and blockchain. We take the medical environment as the application scenario which makes this scheme more practical.

First of all, since the patient wants to guarantee the security and searchability of EMR at the same time when they share data with others, our scheme generates and with SSE technology. Thus, patient can share data more safely, and user can search data more efficiently than before.

Next, EMR includes Dpuand Dpr · Dpu refers to the data that the patient is willing to share with people who may research the treatment. Dpr refers to the data that the data owner only wants to share with specific people who may be doctors or relatives. For example, Dpu may include data such as diagnosis results and prescription. Dpr may include data such as personal information, insurance information, and medical history. In Fig. 1, we summarize the Dpu and Dpr of EMR in most cases. The green parts represent the Dpr of EMR, and the red parts represent the Dpu of EMR. In order to solve this problem, our scheme uses ABE technology to encrypt 𝐾1 and 𝐾2 which encrypt Dpu and Dpr with ATand ATrespectively, so thatpatients can guarantee the fine-grained sharing of their EMR.

Fig. 1. The public and private parts of Electronic Medical Records

Besides, since the storage of blockchain is limited, hospital stores large-scale ciphertext of EMR in the cloud server. In order to prevent malicious users from tampering with crucial data, hospital records access event in the blockchain. Not only solves security problems in the cloud storage server but also solves the problem of limited storage space on the blockchain.

Finally, blockchain is a double-edged sword. It prevents data tampering and makes it difficult for patients to revoke the access permission. Our scheme uses the smart contract to verify the attribute set ω, thus even if the user’s ω has changed after obtaining Tw, the smart contract can check the changes of ω and revoke the access permission.

4.2 BDSS System Model

In our scheme, the hospital is the trusted authorization center, which is responsible for the key generation and encryption of SSE and ABE. Medical record is the historical file of patient treatment, while electronic medical record is digital medical record. Medical record is the historical file of patient treatment, while EMR is digital medical record. As EHR records the patient's treatment history, patients and their families have the right to view the EHR and to determine the level of granular sharing of EMR. The main process of system model is shown in Fig. 2. Next, we describe these procedures in detail.

Fig. 2. System model

① After treating the patient, doctor generates EMR. Patient divides his own EMR into pubic part Dpu and private part Dpr . At the same time, patient sends ATand AT2 that can control the permissions of Dpu and Dpr of EMR to the doctor;

② Doctor collects and uploads ATand ATto the hospital;

③ Hospital encrypts Dpu and Dpr of EMR with SSE technology separately, and uploads Cpu, Cpr and I to cloud server. Then, hospital encrypts Kand K2 that encrypt Dpu and Dpr with ABE technology, and generates CK1 and CK2 so that the access of EMR can be controlled.

④ When user wants to search the data, the request with W for searching EMR is sent to the hospital. Hospital generates the corresponding Tw, and returns it to the user.

⑤ User submits the Tto the cloud server. The cloud server matches the corresponding index I according to Tand returns the Cpu, Cpr and IDto the user.

⑥ User submits ω, Cpu, Cpr to hospital. Hospital generates SKω by ω. If the user’s attribute satisfies AT1, then decrypt successfully generate K1; if the user property meets AT2, then decrypt successfully generates AT2 . Finally, the hospital decrypts Cpu and Cpr through Kand K2, and returns Dpu and Dpr to the user. In this way, our scheme implements fine-grained access control while protecting the symmetric key.

⑦ The hospital puts the ciphertext hash value H(Cpu) and H(Cpr), the public key of the hospital, the user's public key, and the signature of hospital to the data pool. The consensus node validates the data in the data pool and records the access event via the smart contract. Users can verify whether the ciphertext in the cloud server is complete and correct through the blockchain, and patients can also know the access of their own data through the blockchain.

At this point, the EMR sharing process is complete.

4.3 Notations

Many different notations are used in our scheme. For the convenience of reading, these notations and their descriptions are summarized in Table 1.

Table 1. Notations

5. BDSS System Implementation

The BDSS system is divided into two stages: EMR storage stage and EMR sharing stage. The detailed implementations of each stage are as follows.

5.1 EMR Storage Stage

At this stage, hospital runs SSE_KeyGen and ABE_Setup to initialize key parameters of SSE technology and ABE technology.

Hospital runs SSE_KeyGen(λ) to generate K1, Kand K· K1 is used to encrypt Dpu · K2 is used to encrypt Dpu · K3 is used to generate I and Tw.

Hospital runs to ABE_Setup(α, β, g) to generate MSK and PK. MSK is used to encrypt Ck1 and Ck2 · PK is used to decrypt Ck1 and Ck2.

 5.1.1 EMR Encryption and Index Generation

In real life, EMR includes public part and public part. Patient wants to share them with different people. However, traditional schemes cannot meet this need. In order to solve this problem, SSE technology is adopted in our scheme to encrypt and generate indexes for patients’ private data and public data respectively, as shown in Algorithm 1.

Algorithm 1 EMR Encryption

In this algorithm, the hospital extracts the keywords in the plaintext to form the keyword set W . For each keyword W in W , the hospital collated the public part set Dpuw and the private part set Dprw related to the keyword, and generated ciphertext Cpuw and Cprw using SSE technology.

5.1.2 Symmetric Keys Encryption

Note that the most important step to realizing ABE technology is the access structure. An access structure defines a combination of attributes with decryption authority. Only ω that meets the access structure can recover the correct SKw to decrypt the ciphertext. There are three access structures. They are threshold access structure [26], tree access structure (𝐴𝑇)[27], and linear secret sharing matrix structure [28] respectively. Because tree access structure represents a more flexible access control strategy which is more suitable for the cloud environment, we choose it as the access structure of our scheme. 𝐴𝑇 consists of leaf nodes and non-leaf nodes. Each leaf node is described by an attribute value. Each non-leaf node represents a threshold gate, such as ‘AND’ gate or ‘OR’ gate. When the root node in can meet its threshold, it means the ω satisfies the 𝐴𝑇.

In this scheme, symmetric keys of public and private parts are encrypted with different access control trees so that patients can control the fine-grained sharing of public and private parts. Fig. 3 shows the example of 𝐴𝑇1. Fig. 4 shows the example of 𝐴𝑇2.

Fig. 3. The example of 𝐴𝑇1

Fig. 4. The example of 𝐴𝑇2

In the above figures, we can find that 𝐴𝑇1 has broader requirements, while 𝐴𝑇2 has stricter requirements relatively. Through them, patients can control the access Dpu and Dpr more recisely.

The symmetric keys are very important for the security of EMR. Even if the system uses a highly secure encryption scheme, the adversary can attack it successfully when keys are leaked. Therefore, hospital executes ABE_Encrypt (K1, AT1, MSK) and ABE_Encrypt (K2, AT2, MSK) to generate CK1 and CK2, ​​​​​​and stores them in their own database.

5.2.1 Search Token Generation

To access the patient’s EMR, user needs to send an access request containing to the hospital. After verification, patient runs SSE E_Trapdoor (K3, w) to generate Tw. The generation of Tw is shown in (1) and (2).

E= F(w, K3)   (1)

T= (Ew)    (2)

Then, hospital sends to the authenticated user through the secure channel. 

5.2.2 EMR Investigation

User sends to  cloud server. Cloud server verifies whether the Ew in Tw is consistent with Ew in I . If they are consistent, cloud server runs SSESearch(I, Tw) to generates a file identifier collection D(w) , then finds ciphertext result Cpuw and Cprw according to D(w), and sends it to the user.

5.2.3 EMR Permission grant and revocation

The tamper-proof feature of the blockchain guarantees the integrity of the data, but it also leads to the permission revocation difficulty. The attributes of users will change over time, so their access permissions should be changed accordingly. For example, when user was a doctor in a certain hospital, he achieved Tw from the patients. But he resigns and becomes a personal physician now. He could access the medical data of that hospital before, but now he cannot access these data by Tw. Therefore, when ω of user has changed and not met any more, the system must revoke his access permission. Otherwise, private data may be leaked. Therefore,it is necessary to design a mechanism for EMR permission revocation.

Our solution uses the method in Fig. 5 to improve the incompatibility between the tamper proof feature of the blockchain and the permission revocation of ABE technology.

Fig. 5. EMR Permission grant and revocation mechanism

This mechanism combines private blockchain and public blockchain to achieve EMR permission revocation.

Step 1: Trust authority submits user’s latest ω and public key to the consensus node in the private blockchain. After consensus, the consensus nodes upload them to the private blockchain through cross-chain smart contracts. Trust authority is regulated by the government who tracks user and updates ω in time. The private blockchain protects the user’s attribute privacy from being seen by malicious external users.

Step 2: When the user requests data, he submits ω, Cpu and Cpr​​​​​​​ to the hospital. Hospital uses cross-chain smart contract to verify that whether the ω sent by users is consistent with the latest ω' in the private blockchain. If consistent, the ω submitted by the user is the latest, the hospital runs ABE_KeyGen(MSK, PK, ω) to generate SKω for the user. If it is inconsistent, it means that the ω sent by the user is fake, then the hospital will refuse to serve it. Then, the hospital will continue to verify whether ω meets the access control tree. If ω meets 𝐴𝑇1, hospital runs ABE_Decrypt (Dk1, ω, AT1, PK, SKω) to achieve 𝐾1 , and runs SSE Decrypt(K1, Cpuw) to achieve the plaintext of public part of EMR Dpuw. If ω meets 𝐴𝑇2,hospital runs ABE_Decrypt (CK2, ω, AT2, PK, SKω) to achieve 𝐾2, and runs SSE_Decrypt (K2, Cprw) to achieve the plaintext of private part of EMR Dprw. EMR Access Permissions Grant and Undo Algorithm is shown in Algorithm 2.

Algorithm 2 EMR access permissions grant and revocation

Step 3: In order to facilitate the user to verify the integrity of the EMR in the cloud server, the hospital calculates the hash value of Cpu and Cpr, which is represented as H(Cpu) and H(Cpr). The hash value is uploaded to the blockchain’s data pool along with the hospital’s public key, the user’s public key, and the hospital’s signature on the request. To store this data in the blockchain, consensus nodes take data from the data pool for processing. When consensus node reaches a consensus with other nodes, the data can be packaged into a block through smart contracts and stored in the blockchain.

6. Security and Performance Analysis

6.1 Security Analysis

Security is critical in EMR sharing systems. This part conducts a security analysis on the proposed scheme from five aspects: data segmentation confidentiality, attribute verification and privacy protection and collusion resistance.

(1) Data segmentation confidentiality

In the access control phase, patient separates the private part and the public part from the whole EMR and constructs the tree access structure for each part. Therefore, if the adversary’s attribute set meets 𝐴𝑇1but not meet𝐴𝑇2, he cannot access the plaintext of the private part of the EMR whose plaintext of the public part can be accessed by the smart contract. Thus, data segmentation confidentiality is fully achieved.

(2) Attribute verification and privacy protection

In our scheme, only if the adversary submits the latest attribute set honestly can he request data from the smart contract. Because the smart contract will find the block which includes the user’s latest attribute set by timestamp in the blockhead and verify the consistency of it once the user submits the request. If the attribute set is inconsistent, the smart contract will revoke its permission. Moreover, our scheme stores the attribute sets in the private blockchain which only can be accessed by specific people, so the attribute privacy is also protected. Therefore, the conclusion is valid.

(3) Collusion resistance

In our scheme, the cloud server is “honest but curious”, which means that the cloud server will perform its duties but remain curious about the patient’s EMR. For example, when user tries to collude with the cloud server to steal EMR, the cloud server cannot find the desired ciphertext by keyword from the massive ciphertext without 𝑇𝑤​​​​​​​, then the collusion cannot be reached. So, our scheme achieves collusion resistance.𝑤𝑤

6.2 Security Proof

In our scheme, if the adversary wants to tamper with the data in the blockchain, he must attack more than one-third of the normal nodes or all master nodes. In the blockchain network, assuring that the attack probability of the master node and normal node is \(p_{a} \text { and } p_{b}\), and the number of the master node and normal node is  \(n_{a} \text { and } n_{b}\). The tamper probability of data in the blockchain is as shown in (3).

\(p_{b c}=p_{a}^{n_{a}}+p_{b}^{\frac{n_{b}}{3}+1}\)         (3)

Once the cloud server is attacked, all the data may be leaked or even tampered with. Therefore, the tamper probability of the cloud server is the same as the attack probability of the primary node as shown in (4).

​​​​​​​\(p_{c s}=p_{a}\)         (4)

For the convenience of calculation, we assume that the attack probability of the primary node and normal node is 0.5% and 1% respectively. The tamper probability of index and decryption information in the two methods is shown in Fig. 6.

Fig. 6. Tamper probability of index and symmetric key ciphertext

In the above figure, when the number of primary nodes and normal nodes in the blockchain is small, the tamper probability of distributed blockchain is high relatively. The reason is that when the number of nodes in the blockchain is small, there is a high probability that the adversary attacks more than one-third of the ordinary nodes or all the master nodes successfully. When the number of ordinary nodes and master nodes increases gradually, it will be difficult for the adversary to attack more than one-third of the ordinary nodes or all master nodes simply. As a result, the tamper probability of distributed blockchains drops rapidly and approaches zero finally. However, since the tampering probability of scheme [29] is the tampering probability of the primary node, the tamper probability of cloud server will not be affected by the number of master nodes and ordinary nodes. That is, once the cloud server is attacked, the security of the data cannot be guaranteed.

In the real life, blockchain has a large number of normal nodes and primary nodes, so its tamper probability is quite low. Thus, our scheme achieves tamper-proof effectively.

6.3 Comparison of Computation Costs

In this part, we compute the computation costs of the EMR encryption and decryption to reflect the efficiency of fine-grained access control in our scheme.

Fig. 7 and Fig. 8 show the computation costs of EMR encryption and decryption of scheme [27] and our scheme, where we can see that the results of both schemes increase linearly with the file size of EMR and the number of attributes contained in tree access structure. It is worth noting that the three-dimensional plane of the scheme [27] intersects with the plane of our scheme. However, the computation cost of our scheme is lower than that of the scheme [27] in most cases, so it is obvious that our scheme is more efficient under the premise of achieving fine-grained access control.

Fig. 7. The computation cost of EMR encryption

Fig. 8. The computation cost of EMR decryption

In addition, the encryption and decryption costs of doctors and users in our scheme are not related to the file size and the number of attributes. This is because our scheme outsources encryption and decryption work to the hospital and smart contract. Doctors and users who do not have large computing power do not need to encrypt or decrypt EMR and symmetric keys, so our scheme is user-friendly.

6.4 Comparison of Permission Revocation

In addition, we compare permission revocation manipulations with other schemes to reflect the flexibility and efficiency of our scheme in Table 2.

Table 2. Comparison of permission revocation manipulations

Researchers have adopted different methods to achieve permission revocation. Scheme [30] re-encrypts the public key and updates the ciphertext of the public key and transaction on the blockchain. Scheme [31] requires user to generate attribute update-keys and attribute signing key, which puts a heavy computation burden on the user. Scheme [32] controls the permission revocation by updating the user revocation list while our scheme controls the permission revocation by updating the attribute set. These two schemes do not need to re-encrypt the ciphertext and key, which ensures the update efficiency. However, our scheme stores the attribute set in the private blockchain and searches information on the public blockchain. This not only makes the search more transparent but also protects the privacy of user’s attributes.

Scheme [26] re-encrypts ciphertext of symmetric keys, update access structure and ciphertext of symmetric keys, which involves multiple entities and huge space consumption. The space cost comparison of scheme [26] and our scheme is shown in Fig. 9. From this figure, we can see that the space consumption of scheme [26] grows faster than our scheme. With the increase in the number of users whose attribute sets were updated, the gap of space cost between the two schemes has widened.

Fig. 9. The space cost of EMR permission revocation

7. Conclusions

This paper proposes a blockchain-based data sharing system, BDSS. Compared with scheme [27], the method of our scheme improves the efficiency of EMR encryption and decryption while achieving further fine-grained access control. In addition, simulation experiment proves that blockchain ensures low data tampering rate as a storage environment. Moreover, the permission grant and revocation mechanism in our scheme updates attribute sets by trust institution and verify attribute sets by smart contract without ciphertext re-encryption and key update, which is better than scheme [26] in time cost and space cost. In the future, we plan to improve our system in terms of search efficiency and search accuracy.

References

  1. J. Qiu, Z. Tian, C. Du, Q. Zuo, S. Su and B. Fang, "A Survey on Access Control in the Age of Internet of Things," IEEE Internet of Things Journal, vol. 7, no. 6, pp. 4682-4696, Jun. 2020. https://doi.org/10.1109/jiot.2020.2969326
  2. M. Shafiq, Z. Tian, A. K. Bashir, X. Du and M. Guizani, "CorrAUC: a Malicious Bot-IoT Traffic Detection Method in IoT Network Using Machine Learning Techniques," IEEE Internet of Things Journal, vol. 8, no. 5, pp. 3242-3254, Jun. 2021. https://doi.org/10.1109/JIOT.2020.3002255
  3. L. A. Tawalbeh, R. Mehmood, E. Benkhelifa and H. Song, "Mobile Cloud Computing Model and Big Data Analysis for Healthcare Applications," IEEE Access, vol. 4, pp. 6171-6180, Sep. 2016. https://doi.org/10.1109/ACCESS.2016.2613278
  4. J. T. Sun and Y. G. Fang, "Cross-domain data sharing in distributed electronic heath record systems," IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 6, pp. 754-764, Aug. 2010. https://doi.org/10.1109/TPDS.2009.124
  5. C. Bosch, P. Hartel, W. Jonker and A. Peter, "A survey of provably secure searchable encryption," ACM Computing Surveys, vol. 47, no. 2, pp. 1-51, Jan. 2015.
  6. G. S. Poh, J. J. Chin, W. C. Yau and K. R. Choo, "Searchable symmetric encryption: Designs and challenges," ACM Computing Surveys, vol. 50, no. 3, pp. 1-37, May 2018.
  7. S. Li, M. Li, H. Xu and X. Zhou, "Searchable Encryption Scheme for Personalized Privacy in IoT-Based Big Data," Sensors, vol. 19, no. 5, pp. 1059, Jan. 2019. https://doi.org/10.3390/s19051059
  8. D. X. Song, D. Wagner and A. Perrig, "Practical Techniques for Searches on Encrypted Data," in Proc. of 2000 IEEE Symposium on Security and Privacy, May 2000.
  9. A. Sahai and B. Waters, "Fuzzy identity-based encryption," in Proc. of 24th annual international conference on the theory and applications of cryptographic techniques, May 2004.
  10. S. Nakamoto, "Bitcoin: a peer-to-peer electronic cash system," 2008. [Online]. Available: http://bitcoin.org/bitcoin.pdf
  11. X. L. Yang, Y. Chen and X. H. Chen, "Effective Scheme against 51% Attack on Proof-of-Work Blockchain with History Weighted Information," in Proc. of 2019 IEEE International Conference on Blockchain, July 2019.
  12. A. Azaria, A. Ekblaw, T. Vieira and A. Lippman, "MedRec: Using Blockchain for Medical Data Access and Permission Management," in Proc. of 2016 2nd International Conference on Open and Big Data, August 2016.
  13. K. Fan, S. Y. Wang, Y. H. Ren, H. Li and Y. T. Yang, "MedBlock: Efficient and Secure Medical Data Sharing Via Blockchain," Journal of Medical Systems, vol. 42, no. 8, pp. 136, Jun. 2018. https://doi.org/10.1007/s10916-018-0993-7
  14. Y. X. Ji, J. W. Zhang, J. F. Ma, C. Yang and X. Yao, "BMPLS: Blockchain-Based Multi-level Privacy-Preserving Location Sharing Scheme for Telecare Medical Information Systems," Journal of Medical Systems, vol. 42, no. 8, pp. 1-13, Jun. 2018. https://doi.org/10.1007/s10916-017-0844-y
  15. Y. Tang, Q. Zou, J. Chen, K. Li, C. Kamhoua, K. Kwiat and L. Njilla, "ChainFS: Blockchain-Secured Cloud Storage," in Proc. of 2018 IEEE 11th International Conference on Cloud Computing, July 2018.
  16. Q. Xia, E. B. Sifah, K. O. Asamoah, J. B. Gao, X. J. Du and M. Guizani, "MeDShare: Trust-Less Medical Data Sharing Among Cloud Service Providers via Blockchain," IEEE Access, vol. 5, pp. 14757-14767, Jul. 2017. https://doi.org/10.1109/ACCESS.2017.2730843
  17. Z. Fu, X. Sun, Q. Liu, L. Zhou and J. Shu, "Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing," Ieice Transactions on Communications, vol. 98, no. 1, pp. 190-220, Jan. 2015.
  18. C. Liu, Y. Xiao, V. Javangula, Q. Hu, S. Wang and X. Cheng, "NormaChain: A Blockchain-based Normalized Autonomous Transaction Settlement System for IoT-based E-commerce," IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4680-4693, Jun. 2019. https://doi.org/10.1109/jiot.2018.2877634
  19. C. Cai, J. Weng, X. Yuan and C. Wang, "Enabling Reliable Keyword Search in Encrypted Decentralized Storage with Fairness," IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 1, pp. 131-144, Feb. 2021. https://doi.org/10.1109/TDSC.2018.2877332
  20. X.Yang, G. Chen, M. Wang, T. Li and C. Wang, "Multi-keyword Certificateless Searchable Public Key Authenticated Encryption Scheme Based on Blockchain," IEEE Access, vol. 8, pp. 158765-158777, Sep. 2020. https://doi.org/10.1109/access.2020.3020841
  21. L. Chen, W. K. Lee, C. C. Chang, K.K. R. Choo and N. Zhang, "Blockchain based searchable encryption for electronic health record sharing," Future Generation Computer Systems, vol. 95, no. 6, pp. 420-429, Jan. 2019. https://doi.org/10.1016/j.future.2019.01.018
  22. T. Feng, H. Pei, R. Ma, Y. Tian and X. Feng, "Blockchain Data Privacy Access Control Based on Searchable Attribute Encryption," Computers, Materials and Continua, vol. 66, no. 1, pp. 871-890, 2021.
  23. J. Niu, X. Li, J. Gao and Y. Han, "Blockchain-Based Anti-Key-Leakage Key Aggregation Searchable Encryption for IoT," IEEE Internet of Things Journal, vol. 7, no. 2, pp. 1502-1518, 2020. https://doi.org/10.1109/jiot.2019.2956322
  24. J. W. Li, C. F. Jia, Z. L. Liu and J. Li, "Survey on the searchable encryption," Journal of Software, vol. 26, no. 1, pp. 109-128, 2015. https://doi.org/10.13328/j.cnki.jos.004700
  25. S. Wang, D. Zhang and Y. Zhang, "Blockchain-based personal health records sharing scheme with data integrity verifiable," IEEE Access, vol. 7, pp. 102887-102901, 2019. https://doi.org/10.1109/access.2019.2931531
  26. L. J. Zhang, M. H. Peng, W. Z. Wang, "Secure and Efficient Data Storage and Sharing Scheme Based on Double Blockchain," Computers, Materials and Continua, vol. 66, no. 1, pp. 499-515, 2021.
  27. S. F. Niu, L. X. Chen, J. F. Wang and F. Yu, "Electronic Health Record Sharing Scheme with Searchable Attribute-Based Encryption on Blockchain," IEEE Access, vol. 8, pp. 7195-7204, Dec. 2019. https://doi.org/10.1109/access.2019.2959044
  28. S. C. Bunker, M. Barasa and A. Ojha, "Linear Equation Based Visual Secret Sharing Scheme," in Proc. of 2014 IEEE International Advance Computing Conference, February 2014.
  29. Y. Hui, Q. Zheng, J. X. Zhang, H. Deng, F. M. Li and K. Q. Li, "A fine-grained authorized keyword secure search scheme with efficient search permission update in cloud computing," Journal of Parallel and Distributed Computing, vol. 135, pp. 56-69, Jan. 2020. https://doi.org/10.1016/j.jpdc.2019.09.011
  30. G. Yu, X. Zha, X. Wang, W. Ni, K. Yu, P. Yu, J. A. Zhang, R. P. Liu and Y. J. Guo, "Enabling Attribute Revocation for Fine-Grained Access Control in Blockchain-IoT Systems," IEEE Transactions on Engineering Management, vol. 67, no. 4, pp. 1213-1230, Nov. 2020. https://doi.org/10.1109/tem.2020.2966643
  31. Q. Su, R. Zhang, R. Xue and P. Li, "Revocable Attribute-Based Signature for Blockchain-Based Healthcare System," IEEE Access, vol. 8, pp. 127884-127896, Jul. 2020. https://doi.org/10.1109/access.2020.3007691
  32. S. Liu, J. Yu, Y. Xiao, Z. Wan, S. Wang and B. Yan, "BC-SABE: Blockchain-aided Searchable Attribute-based Encryption for Cloud-IoT," IEEE Internet of Things Journal, vol. 7, no. 9, pp. 7851-7867, Sept. 2020. https://doi.org/10.1109/jiot.2020.2993231