ANALYZING THE COST EFFICIENCY USING ATTRIBUTE BASED ENCRYPTION ON MEDICAL BLOCKCHAIN ... · 2020-06-02 · patients healthcare data. Blockchain will be able to manage integrated records,

http://www.iaeme.com/IJEET/index.asp 394 [email protected]

International Journal of Electrical Engineering and Technology (IJEET)

Volume 11, Issue 3, May 2020, pp. 394-407, Article ID: IJEET_11_03_042

Available online at http://www.iaeme.com/IJEET/issues.asp?JType=IJEET&VType=11&IType=3

ISSN Print: 0976-6545 and ISSN Online: 0976-6553

Journal Impact Factor (2020): 10.1935 (Calculated by GISI) www.jifactor.com

© IAEME Publication

ANALYZING THE COST EFFICIENCY USING

ATTRIBUTE BASED ENCRYPTION ON

MEDICAL BLOCKCHAIN PLATFORM

D. Nancy Kirupanithi

Research Scholar, Department of Computer Science and Engineering,

Hindustan Institute of Technology and Science, Chennai, India.

A. Antonidoss

Associate Professor, Department of Computer Science and Engineering,

Hindustan Institute of Technology and Science, Chennai, India

ABSTRACT

Blockchain technologies have been supporting Healthcare systems in improving the

experience of the user in using the complete system cost effectively. This paper provides

a focus on the various perspectives of blockchain applications and the various

modifying issues with its regarding solutions. There are many challenges in

administration of the electronic health records (EHR) in the method of enabling

manifold doctors who have admittance to the patient’s entire history record of the

patients healthcare data. Blockchain will be able to manage integrated records, serves

incase of data security, cost efficiency and privacy and also ensuring an effective

solution for the healthcare system challenges ensuring a trustworthy transactions. It

contributes in providing results using an attribute based encryption in implementation

of blockchain maintaining the Health records in health systems.

Key words: attribute based encryption, Blockchain, Healthcare, Electronic Health

records.

Cite this Article: D. Nancy Kirupanithi and A. Antonidoss, Analyzing the cost

efficiency using Attribute based Encryption on Medical Blockchain Platform,

International Journal of Electrical Engineering and Technology, 11(3), 2020, pp. 394-

407.

http://www.iaeme.com/IJEET/issues.asp?JType=IJEET&VType=11&IType=3

1. INTRODUCTION

Healthcare systems are under pressure in delivering public health services such as child care

services, maternal, syndromes related and vaccines. Due to high operating cost, outsized range

scope, and frequently scarce resources [1][2], there is disintegrate of the systems that has

bordered. Regrettably, the social security and private plans demand is superior to the assessment

that was established. Hence, there arises a need to develop a resiliency method in expectation

to the speedily growing number of threats to public health care system. For any healthcare

D. Nancy Kirupanithi and A. Antonidoss


intelligent system, the healthcare data is the most sensitive and priceless asset. These data are

mostly spread across diverse systems and allocating them is quite a governing task for

establishing an efficient and reliable healthcare system.A patient for instance could meet

diverse doctors in diverse medical networks for various medical conditions, which would help

the doctors to view the entire history of the patients. The data that are hosted by additional

institutions without the personal health information (PHI) in mutual sharing agreement would

reject the doctors access. And also a centralized cloud network based location can be a position

of attack in various security concerns [2]. Recent studies show that healthcare data has been a

profitable intention in case of the data breach, and hence patients are open to the elements of

economic threats, mental sufferings and also of possible social disgrace [2]. Personal Healthcare

Information is convoluted of the collaborative institutional distribution due to the order of a

immense range of interoperability. The provider does not access the result data even though

there is granting of permission [3]. Patients will have control over their own data and share their

data without any compromise of privacy and security. About 90% of Americans prefer much

on the online admittance to their health records which was taken in a survey. Blockchain

technology has neared to a thrust in the healthcare field to allocate the electronic healthcare

records (EHR) which is the rising identification in the distributed network of health records and

services. The healthcare systems have recently been concerned in blockchain, whether in

unification of group efforts such as Hyperledger or emerging their own system and services that

run in parallel. The potential and advantages of blockchain to develop transparency and sharing

health records securely that have been stated in various recent publications in scientific

databases. The objective of our work is having a perceptive of the different scenarios that

include in deployment of blockchain for Electronic Health records that benefit from the

integration and challenges.

This paper presents a realistic view from search that focuses on the promising features of

block chain for Electronic Health Records to answer the above-mentioned queries. The paper

is sectioned into four structures: section II provides background knowledge of block chain.

Section III provides a brief outline of the studies on block chain on Electronic health records

with their advantages and techniques. Section IV states the discussion. Section V is about the

system settings and section VI lists out about the construction. The implementation is explained

in section VII.

2. BLOCKCHAIN PLATFORM:

Blockchain platform is a rising expertise that has a add-on records in a distributed decentralized

ledger structure. New data are completely joined together with them at the end of the sequential

chain of blocks in the ledger. The characterization of blockchain technology is listed in fig1 as

follows:

• Immutable

• Decentralized

• Consensual.

• Pseudonymous

• Capacity

• Security

Blockchain is a set of transactions that are combined together which is time-stamped. Every

new block is attached to the previous block. They are combined with hashes which are basically

cryptographic digits. The time stamped Blockchain from the genesis block till the final block

will give a trustworthy and an immutable transaction of records in a network. This is completely

different from our traditional databases in which data can be modified or removed. There is no

Analyzing the cost efficiency using Attribute based Encryption on Medical Blockchain Platform


central authority such as a administrator in a blockchain to edit or delete the data that are

recorded.

A blockchain network is constructed by a group of nodes without the previous or accessible

trust associations and are coupled by a network that is peer to peer[3]. The exact copy of the

ledger is distributed to all the nodes in a blockchain forming a decentralized structure.

Figure 1 Characteristics of blockchain

2.1. Consensus Mechanism on Blockchain

The protocols in the consensus mechanisms make sure the blockchain are maintained by all the

nodes and they are synchronized with each other. Only when the transactions are legitimate and

validated by the consensus mechanism, then they are added to the blockchain. The consensus

mechanisms in a blockchain network include the following

• Proof of work,

• Proof of Capacity,

• Proof of chance,

• Proof of authority,

• Proof of Time,

• Proof of Work from human, and

• Proof of activity.

• Proof of identity

3. OVERVIEW ON BLOCKCHAIN IN HEALTHCARE

The acceptance of blockchain technology has become an extensive development in distributed

network. Many proven results are shown that using blockchain will secure the medical records

of patients and the management. We have evaluated and compared security metrics, architecture

metrics and functionality metrics. These schemes are categorized into two types: permissioned

blockchain related network and the second is permissionless blockchain network. The

Evaluation of Permissioned and permissionless Blockchain is listed out in table 1.

Table 1 Evaluation of Permissioned and Permissionless blockchain

Parameters Permissioned permissionless

Interoperability Poor Excellent

Data Privacy Good poor

Scalability Poor good

Robustness and resilience fair good

Transaction throughput good poor



Parameters Permissioned permissionless

Operational cost On redundancy requirements high

Security Very high high

Membership and read only Open to anyone controlled

A blockchain is either a permissionless blockchain also known as public blockchain or

permissioned blockchain also known as private blockchain. They are using smart contracts

which are basically a set of protocols that direct over the production transaction.

A permissionless blockchain is also a public network that enables anyone to access the

network.

A permissioned blockchain is also a private network that needs prior verification of the

involved parties who are included only within the network. The two types of network are mainly

obsessed by how the applications can categorize the level of trust. Some of the examples of

permissionless blockchain are Bitcoin and Ethereum where the transactions are carried out

without the verification of the participant’s identity. The permissioned blockchain’s ideal use

case is an Electronic Health Record. As most of the companies will always prefer data security

and privacy in the network.

3.1. Techniques Related to Permissionless Blockchain

Zyskind et al. [10] has constructed a blockchain network to improve protection and

confidentiality controlling sharing of data over users and the related service providers. The

transactions are of two types such as Tdata and Taccess. Tdata is for storing data and recovery

and Taccess is mainly for controlling access. MedRec[12] explains the distributed decentralized

ledger Health record management relying on the blockchain platform which provide a model

for functional execution. MedRec has considered ethereum smart contracts for storing patient

related medical account in different healthcare providers to permit other users to work on data

once after the authentication completion process. In specific the registrar smart contracts helps

in node identity string mapping to their ethereum addresses. The possession of a user's

healthcare information gets right to use permissions an strings query representing information

position is also included and defined in a patient-provider relationship (PPR). A contract

contains a list of patient relationship references to indicate engagement with patient or with

hospitals. Software components are involved for implementation and to deploy on the exact

node and to execute the sharing of data and organization’s business logic. Yang and Yang [14]

has done his work on MedRec which is by means of attribute-based encryption and sign

encryption to encourage secure sharing of health records. Symmetric key used to encrypt the

Electronic health records and again encrypted using a set of attribute keys. The ciphertexts are

combined and private key is being signed.

The key decryption and its signature are verified by the user and is performed for data

accessing and decryption is performed to obtain the plaintext of the Electronic Health Records.

A healthcare data gateway was proposed by Yue et al. [19], A purpose centric equipped

blockchain-based architecture that hasaccess control policy which allows the patients to obtain

ownership and sharing control of medical records without privacy violation. The lacking of this

scheme is a service that is not about permitting the data content when raw data is being

processed. Zhang et al. [20] projected a persistent PSN based health record environment, which

contains a PSN area and a wireless body area network. The design is implemented by an

authentication association protocol to begin a link between sensors that is very secure. Zhang

et al. [21] estimateda wireless area network and a PSN area consisting of all-encompassing

social network (PSN)-based healthcare system. An authenticated design protocol which has a

part in initiating a secure link between medical sensors.PSN coordinator nodeis responsible for

broadcasting a transaction andadding of new blocks. The limitation in this paper is that



particulars related to consensus protocol and smart contracts were not provided. A lightweight

backup and recovery scheme has been designed by Zhao et al. [22] that uses fuzzy vault

technology to manage keys. Body sensor networks (BSN) helps in encrypting health signals

that are collected and then stored on a health blockchain. Their work lacks in the health care

system working on a blockchain. Modelchain [23] was designed for adaptable blockchain for

machine learning related to privacy-preserving system to speed up the quality improvements of

medical research and facilitates. In this design, on the top of Pow, a proof-of-information

algorithm is added on to consensus protocol. This determines the ordering of machine learning

online. This is mainly to get better over the competence and accurateness of the structure. The

adoption of a permissionless or public blockchain is been planned in this scheme to protect

medical data sharing and in various other application. Mostly public blockchains are usually

crypto-currency driven which is stated to be bitcoins related to Bitcoin or ether related to

Ethereum. A certainamount has to be paid for transaction of crypto-currency addition and also

for block mining.Storing of data can be very expensive on a public blockchain. It is not possible

to store millions of patient’s detailed clinical information on a blockchain. Instead, only the

subset of critical metadatawhich a very tinycan be stored on the blockchain. It is much costlier

in a public blockchain that contains data-related behavior such as accessing policy request,

accessing policy validation and transferring of message, as they require connections that

describe them that are generated and finally integrated into blocks.

3.2. Techniques Related to Permissioned Blockchain

A blockchain related technique for institutional healthcare data interoperability that is crossed

was proposed by Peterson et al. [24]. A block structures and new transaction has been designed

to allow protected right to use of speed up fast healthcare interoperability of resources (FHIR)

stored in a system that is off-chain. Consensus algorithm is considered that are new to avoid

costly computational resources inspired by the Proof of Work consensus algorithm in Bitcoin.

Their design hasa block has about four phases to undergo, first is a allocation phase for

transaction, verification request phase of a block, returnphase of a signed block, and distribution

phase of a new blockchain before it is fixed to blockchain. The proof in interoperability concept

in concensus mechanism has proposed to guarantee data transaction to be in conformance to

semantic constraints and FHIR structural. A random miner election algorithm has also been

designed from where equal probability factor is calculated to become a miner in each node in

the network has been a concern in the future. This paper has some drawbacks that does not talk

about the data that are altered, stored, and modified in the healthcare system. The confidentiality

preserving keyword that is adoption in the framework searches and lacks details of the

algorithm. A high-level blockchain framework was designed by Xia et al. [25], allow users and

owners to access medical records only after trustful verification of their keys and identities from

a shared repository. L. Wu, Y. Zhang et al has proposed an identity-basedauthentication and

key agreement protocol in [26] which is usedto obtain authentication of user membership.

Anyways, theirsensitive medical information has secure sharing and is very limitedto

authenticated, verified and invited users alone. Xia et al has provided a MedShare [27], is a

framework for blockchain based on the sharing of medical information which provides

provenance of data, modification, data auditing, and managing repositories in cloud network

among providers of healthcare. MedBlock[28], projected by Fan et al, is a blockchain related

hybrid design for protection and security of electronic related Electronic medical records, in

which nodes are separated into orders appliers, official supporters and committed workers. This

architecture compromise protocol that is the consensus is an alternative of Byzantine Fault

Tolerant[29] consensus protocol. Access control ruling policy permits researchers who are

third party to have right to use medical data that were not explained by authors clearly. In this

paper asymmetric encryption algorithms are being used to encrypt medical related information



that is not good when considering their performance. A parallel healthcare system (PHS) was

presentedby Wang et al. [15] proposes explanatory intellect, prescriptive intelligence, and

predictive intellect over Healthcare systems that have achieved based on artificial intelligent

based systems, equivalent executions and computational related experiments. A consortium

based blockchain framework contain patient’s list, related hospital, wellbeing related bureau

and healthcare system community, and researchers can be implemented.

The deployment of smart contracts is to make the sharing of medical records, modifying,

evaluation, and audit. A framework that is user oriented over a blockchain that is permissioned

was proposed by Liang et al. [16] for sharing of health data, from which the channel formation

scheme and Hyperledger Fabric membership check are used to make certain identity

management and confidentiality protection. A mobile application is implemented to gather

health information from IOT gadgets and the information are synchronized over the storage in

cloud network and allocation by the providers. Zhang et al. [17] has proposed a blockchain

related secure privacy-preserving concept that is hybrid Personal healthcare information

allotment scheme, where a PHI store personal data in blockchain that is utilized by every

hospital and to maintain secure index of PHI a consortium blockchain is used. To secure the

PHI a keyword search scheme related to public encryption [18] is been adopted in this design

system and it also ensures privacy of the identities. Patientory [30] is a peer-to-peer Electronic

medical storage healthcare network that provides HIPAA yielding health care data exchange

by the blockchain and its smart contracts.The authors have also developed a software

framework to address system implementation process related to the authentication, access

control, authorization, data encryption, interoperability, enhancement and token creation

management. Anonymous identity verification is provided by the system [5] while performing

transactions in a permissioned blocchain for entities. Enhanced Privacy ID (EPID) zero-

knowledge proof schemeis been proven by deployment of the system. The schemes that are

mentioned above decide permissioned or consortium blockchain in protection of the healthcare

information storage. Approaches based on public blockchains are very different, some of them

are Bitcoin, Dash and Ethereum. They are completely a decentralized permissionless network.

Consortium based blockchain needs access permission to work on the blockchain. Only

authorized users can be permitted the right to use of the medical information stored on

blockchain.

Only healthcare stakeholders such as the patients, providers of healthcare, and medical

researchers those who are authorized can be permitted to access the data based on their

permission access and authorization. Although the throughput is at its highest, blockchain that

is permissioned has a better and a ideal solution in privacy and protected sharing of medical

data. The drawback of the requirement over a centralized servers, is that are usually comprised

with a shared interest of a group of companies that will be deployed on the blockchain and

supervision of overall system takes place. Thus concludes ,the immutability of data in a

permissionless blockchan inexpensiveness in blockchain that is consortium, which leaves way

to the opportunity to attacker’s rollback.

4. BLOCKCHAIN INMEDICAL DATA SHARING

4.1. Sharing of Medical Data in Blockchain

Our paper has made a study on the approaches that lists out latest methods related to protection

and confidentiality of the sharing of sharing of medical information with blockchain technology

implementation. The blockchain is permissioned or permissionless regardless of the

applications and schemes [32], [31],[53], [20], [21] that are focused sharing of medical

information and administration. Blockchain applications alone are not a resolution for sharing



of medical data confidentiality and protection problems. The limitations in blockchain

technology should be more in conscious than of its reward, so the compensation for those

disadvantages can be done by integrating with various other cryptographic techniques such as

the cryptographic primitives that deal with security issues in healthcare information system

organization. Sharing of healthcare data in a secure way involves healthcare providers, patients,

and medical researchers who are third-party. The confidentiality and protection regulations on

HIPAA leads to protected storage of raw medical data provided in medical healthcare system

that maintains confidentiality and Integrity. Privacy preserving data provision such as data

authenticity, user authentication, access control, audit ability, tracing, and data operability will

be considered. Blockchain is used for sharing healthcare information and the major techniques

will be investigated further.

4.2. Cryptographic Techniques for Sharing Medical Data

The blockchain currently used cannot contain healthcare information because of its inadequate

block size, and storing information off-chain is a possibly a reasonable solution. The challenge

is protecting the storage of off-chain data storage. The cryptographic primitives are used in

controlling access, privilege management and also key for digital health identity transaction as

shown in fig.2.

Figure 2 digital health identity transaction

4.2.1. Broadcast Encryption

This is explored in [6] and improved in [7], [8], where owner encrypts a part of subset

information of users. The subset users can bring back the data by broadcast message decryption.

In cryptographic data storage in cloud [9],[11], broadcast encryption helps in key encryption as



a substitute of directly encrypting data content. There are schemes to impose access whereas

unauthorized users cannot enforce access and there will be sufficient information to message

decryption.

4.2.2. Identity-Based Encryption

This encryption explains about a public key that may be arbitrary string. In 1984 this concept

was proposed by Shamir [44],later it was upgraded by Bonehand Franklin [45] by means of

elliptic curves paring with Weil. In identity-based encryption, a master private key pair that is

public for each string identity is produced by Private Key Generator, is the third party that is

trusted. A public key termed as master can be given in practice where any party corresponding

to their identity by merging the identity string along with the public key computed by master

public key. The authorized party with ID identity requests with the Private Key Generator PKG

to obtain an equivalent private key. These procedures in creation of the private key for identity

is enabled by the master private key. Identity-based encryption eradicates the necessity in public

key distribution infrastructure. It helps any group users in exchanging data steadily not

replacing public or private keys, that are idealistic in sharing information among network cluster

that is closed.

4.2.3. Attribute – Based Encryption

The data is shared according to the specified policywithout knowing the data receiver before

itself in most of the applications. To be specific to send data to a particular sender, using

attribute-based encryption [46] patients can encrypt medical data with the policy and define

their own policy, so users matching upto policy with attributes can obtain record decryption.

Encryption related to attribute-based is hopeful method of cryptography in accessing the

data encryption. It is separated into two main category such as encryption based on key-policy

attribute (KP-ABE) [13]and encryption based on ciphertext-policy attribute (CP-ABE)[13].

The keys are related to access policies, cipher text and its attribute sets. A central server is

necessary to approve the private keys and to issue it in both schemes. Any that is not suiting in

a distributed network then sharing of information taking place across various managerial

domains becomes difficult. To focus on one authority crisis in Attribute-Based Encryption,

Attribute-Based Encryption using Multi-Authority (MAABE)[43] schemes are deployed,

where there is no need of central authority and guarantee of resistance over collision is been

stated.

4.2.4. Re-encryption proxy

Blaze et al. [38] has estimated Proxy re-encryption (PRE), and then improved by Atenieseet al.

[39], [40],a cryptosystem which allows an unauthorized or third party.It can be decryptedby

other authorized party to alter cipher text encrypted by other party. The idea of it is the parties

by that allow a partially trusted intermediate proxy to transfer into ciphertext publish that proxy

key. It avoids decryption of data and re-encryption of sender. Finally, it states it is appropriate

for sharing of data across various platforms in which data owners can depart from re-encryption

task of data after revocations of user to a proxy.

4.2.5. Searchable symmetric encryption

Searchable symmetric encryption (SSE) [41] can enforceover outsourced data encryption by

the keyword search. It avoids decryption and therefore improves query effectiveness with no

leakage of data, which is a risk. The keys for data decryption are send to service providers by

the data owners first execute a query or else the data which is encrypted are downloaded nearby

and then decrypted to achieve operations on query. The methods are undesirable due to issues

of efficiency or security. The SSE design is to set up metadata which is a covered table of index



[42] that facilitate search on data encryption. The dataowner creates an table of index on

previously processed keyword pairs of messages. A search tokenis provided by the user s a

masked table of index with which the server makes a search in the index. The encrypted jhdata

is returned to the user if a match is found.

5. SYSTEM SETTINGS

The proposed system is evaluated and investigated using a proof of work implementation of

access control for the decentralized Electronic health record on cloud. The implementation

work is shown in the following subsections.

5.1. System model

The users are considered using storage for cloud and services based on data processing. The

attribute based encryption consists of data owner, users, server on cloud, and trust authority.

The file is been created by the owner and the information is encrypted before the cloud is

outsourcing the information. Even though the owner outsources his information, he is doubtful

about his data being leaked or whether the cloud server is treating his data based on the

requirements. Even after the deletion of the data, the data owner makes sure whether his data is

secure. The cloud server provides wide range of storage services to data owners as it has

unlimited storage and powerful computing. The cloud server is prone to data leakage and has a

stimulus to misbehave. The trusted authority is the key generation factor where the keys for the

users are generated and distributed. The ciphertext is decrypted only when the user enters the

genuine private key. The access rights are given based on the user’s key. Incase if the owner

wants to delete the data, he sends request for deletion to the trusted authority. Then re-

encryption key will be provided to data owner. Finally the cloud server will get the key for

deletion from data owner. Later the proof is sent to owner of data by the cloud server to validate

the exactness of the removal process.

5.2. System components

An Attribute encryption algorithm is constructed mainly on eight algorithms that are as follows:

The details are as follows.

• Setup (1 k). The Authority trusted helps in running algorithm for system initialization.

The security k is input parameter and PK as public key is the output and MSK as the master

secret key. Trusted Authority is responsible for keeping the MSK as private and PK will be

published.

• KeyGen (PK , MSK , A ). The trusted authority runs this key generation probabilistic

algorithm. The input system consists of PK as public key, A as access structure, MSK as master

secret key. The output is been associated with private key PK and the structure for access A.

Perfectly the access is integrated with the private key.

• Encrypt ( PK, α, Msg ). The data owner is responsible to run this probabilistic algorithm.

The algorithm take the input as message Msg, attribute set α, and system’s public key PK. It

outputs the ciphertext CT, message Msg related to α and signature sgR. R is root of Merkle

hash tree.

• Decrypt ( CT, SK,PK ). The users run this deterministic algorithm. The input is taken as

private key SK, CT as cipher text, M as message and PK as public key related to the access.

The access policy related to private key is contented by the attributes of cipher text then the

message M is given as output otherwise it does not returns the message.

•Request (α). The data owner compiles the request generation algorithm. The input is based

to the attribute set α and the output is based by the request made.



• ReKeyGen ( R, MSK ). The trusted authority operates on the key generation algorithm

based on reencryption. The input is the master key MSK and the request made R and the

output is key of re-encryption REk

• ReEncrypt( CT, REk ). The cloud server runs the re-encryption algorithm. The input

consists of re-encryption key REk, ciphertext CT. the output consists of MHT new root RT and

re-encrypted ciphertext.

• Verify ( DR, RT). The data owner runs on a data verification algorithm. The input is based

on the data request DR and root RT. The output of the algorithm is 1 orelse 0 to check whether

the execution is correctly or not related to the requested operation.

6. OUR CONSTRUCTION

The access controls been supported using the construction of attribute related encryption for

guaranteed request that is been projected in this section. In order to accomplish request

efficiency in our construction the private key is attached to the access structure is constructed

with AND gate over attributes. The attribute list has two values, they are unavailable and

available. The access structure of users consists of the value available by default and the

attributes are described in ciphertext. All the users access structure cannot be assured by the

cipher text even though by including owner of data or by the value being changed of ciphertext’s

attribute. By this way data request is achieved. The data owner builds a Merkle Hash Tree over

the components of the ciphertext and also produces the root of MHT, and uploads the cipher

text and root of the signature to have an assured data request response on the cloud. In re-

encryption the root of MHT is the request proof. The protocol that is proposed are given as

follows. The M1 and M2 are multiplicative groups that are cyclic prime order p and e: M1×

M1 → M2 be a bilinear mapping. The set of all related possible attributes {attr1, attr2,…attrn}

and the set of every possible attributes Ai={ AV i,1, AV i,2,….AVi,ni}. To denote all possible

values related to their attributes corresponding to Ai where ni=|Ai|. The access structure

W=[w1, w2,…wn] or and the attribute sets in ciphertext is α = [α 1 , α 2 , ··· α t ]. The set of

attribute α satisfy the access structure W where α belongs to W or it does not belong to W. the

hash function used to create MHT is H : {0, 1} ∗→ Z q.

Setup:(1 k ):The trusted authority chooses groups that are multiplicative M1 and M2 with

order P followed by a bilinear mapping M 1 ×M1 → M 2. The trusted authority randomly

chooses h belongs to M1, y belongs to Z p and computing y = e (g, h ) y. The trusted authority

picks values randomly, MSK as master secret key and PK as public key system parameter .

KeyGen (w, PK, MSK): The access structure w = [ w 1 , w 2 , ···w n ], system parameter

PK and MSK as master secret key, then trusted authority pick a value randomly r belongs to Z

p . The g is computed and returns private key SK W = (g , W ). A public-secret key pair that

is signed{ Spk, Ssk } is been generated by the data owner. This chooses a random number and

compute possible list of attributes. The owner’s private key is SK = (SK W , ssk, α).

Encrypt ( PK, msg, α ): The public key system parameter PK, α is the set of attributes, the

message Msg, the owner who pick a random number where s belongs to Zp. It computes the

input c1 = Msg ·Y s , c 2 = g s and c 3 = (∀ v a,b ∈ α, x a,b = T s a,b ) , and ciphertext is given

as the output CT = (c 1 , c2 , c3 ). The owner overbuilds Merkle hash tree where the leaf node

a real set of ordered pairs H ( x a,b ), where x a,b belongs to C3 and the root R of MHT is

obtained. The sig Ssk ( R ) is obtained by the owner who signs R using the private key that is

signed Ssk. The availability of attribute in C3 is denoted by X and the index of the available

attribute in leaf nodes of MHT is denoted as ind. The owner first chooses a Fnm that has a

unique name and generate tagged as σ = (H(fnm ||ind || x )) α to create a tag for M as a message.

The data owner upload { fnm, ind, CT, σ, AAI, sig Ssk ( R )}.At the end owner uploads over



the cloud where the the auxiliary authentication data x is denoted by AAI which is

corresponding to the availability of the attribute.

Decrypt ( PK, SK, CT ): Given the PK as public key parameter, CT as ciphertext, and SK

as private key for AS⊆α, AS=w . Finally the user will compute the message M.

Request (α): The data owner makes a request of the outsourced data on cloud, the trusted

authority gets the attributes that are to be modified are first sent by the owner. The owner send

a request R= (fnm, attr i , v a,b , v’a,b ) to the trusted authority where Fnm is the unique name,

attr denotes the availability of the attributes, va,b and v’a,b are the values that are available or

unavailable. The data owner based on the request wants modify the accessibility of the attribute

from available into unavailable. The data retrieval request { fnm, attr i }in the cloud server is

sent by the data owner where attr I symbolizes the accessibility of attribute. The attr i to the

data owner is been corresponded to the terms { X , σ, ind, ind’ , sig Ssk (R ) }reverted by the

server. The message is received from cloud and the owner validates if f(σ, g) = f(H(fnm||ind||X)

, v ). The owner uses the x and ind’ to produce root of merkle tree and verify sig Ssk (R ) = sig

Ssk (R’) holds the component of ciphertext for accessibility of attribute. The ind’ is legal AAI

of x as if it holds the equation.

ReKeyGen ( R, MSK ): The request and MSK as master key is given. The authority

calculates the random number and then trusted authority sends rk = (fnm, attr i , ck i ) to the

owner. Once the rk is received the owner sends rk through the server on cloud.

ReEncrypt (rk, CT ): The rk as proxy re-encryption key, ciphertext CT, the server

compute x’=xcki for i, j ∈ rk , and x is replaced by the real ciphertext with the x’. The new

ciphertext CT = (c 1 , c2 ,c 3 , α) is given as the output by the cloud server. Finally, server

computes H( x’ ) , and produces root that is new of the Merkle tree , and reverts new root Rt

to owner as proof of request.

Verify (AAI, Rt ) : The cloud server is verified and modified data and the owner of data

then re-encrypts x using rk , and gets the x’ . The owner of data is the process of running

Merkle Tree to get the new value of root Rt by updating algorithm. The root value Rt is

compared with the given by the server. By getting R’ , owner utilize x’ and AAI which is

established from the cloud server. This will help in producing root Rt that is new of Merkle

Tree. R’ = Rt is held, it indicate that server has modified the information.

7. IMPLEMENTATION

The experimental results of protocol are being reported in this phase. To explain the realism of

protocol, we have performed experiment on Win 10 64-bit system with i6-2450MQ CPU Intel

@ 3.50 GHz. The experiment is done with Visual Studio in which elliptic curves being recorded

on Miracl library API. The security parameter is set as α = 85 , that completes the security

necessities. Our protocol’s cost of computational factor is accessed and we report performance

implementation of our procedure. In this part, we have selected a file with 2MB of fixed size,

and by increasing attributes number in ciphertext, we have observed the cost of encryption and

cost of decryption of the user side. Three values are given to each attribute, the attribute list size

in ciphertext are altered from 5 to 10 with 1 for testing at every increment. We have practical

view that the cost encryption time is growing as the attributes number increases. Since the

decryption process involves the attribute set size in ciphertext, the cost time also grows when

attributes number increases.

8. CONCLUSION

Blockchain technology is used to secure off-chain medical data in a feasible way to rely on. To

achieve cost efficiency, integrity, privacy protection and access control, a secure healthcare



system have to be employed with appropriate attribute-based encryption. Mainly related to

encrypted data there should be advanced primitive cryptographic strategies. It is becoming

deployed widely to implement flexible and strict access control with the help of encryption

keys. Future would be predictable that cryptography participates in a major role of information

sharing in blockchain applications.

REFERENCES

[1] K. Walshe and S. M. Shortell, When Things Go Wrong: How Health Care Organizations

Deal with Major Failures, journal of Health Affairs, Vol:23 Issue: 3 2004.

[2] X. Yue, H. Wang, D. Jin, M. Li, and W. Jiang, Healthcare Data Gateways: Found

Healthcare Intelligence on Blockchain With Novel Privacy Risk Control, Journal of

Medical Systems, Vol:40 Issue: 10 2016.

[3] L. Cichosz, M. N. Stausholm, T. Kronborg, P. Vestergaard, and O. Hejlesen, How

to Use Blockchain for Diabetes Health Care Data and Access Management: An Operational

Concept, Journal of Diabetes Science and Technology, Vol:13 Issue: 2 2018.

[4] K. Fan, S. Wang, Y. Ren, H. Li, and Y. Yang, MedBlock: Efficient and Secure Medical

Data Sharing Via Blockchain, Journal of Medical Systems, Vol:42Issue: 8 2018.

[5] G. Subathra, A. Antonidoss, A Blockchain based scheme for improved availability

and security, International journal of Engineering and advanced technology,

vol:8,issue:6 2019.

[6] L. Chen and D. B. Hoang, IEEE Int. Conf. High Perform. Comput. Commun., ICCIDS

2019 - 2nd International Conference on Computational Intelligence in Data Science,

Proceedings,Issue: 550_5552011.

[7] M. Terrovitis, N. Mamoulis, and P. Kalnis, Privacy-preserving anonymization of set-

valued data, International Journal of Recent Technology and Engineering, Vol:1 Issue: 1

2008.

[8] Y. Xu, K. Wang, A. W.-C. Fu, and P. S. Yu, ``Anonymizing transaction databases

for publication,'' in Proc. 14th ACM SIGKDD Int. Conf. Knowl. Discovery Data

Mining. New York, NY, USA: ACM, 2008, pp. 767_775.

[9] R. A. Popa, J. R. Lorch, D. Molnar, H. J.Wang, and L. Zhuang, Enabling security in

cloud storage slas with cloud proof , USENIX Annu. Tech. Conf , Vol:242 Issue:

355_3682011.

[10] G. Zyskind, O. Nathan, and A. S. Pentland, Decentralizing privacy: Using blockchain

to protect personal data, IEEE Secur. Privacy Workshops (SPW) , Issue: 180_1842015.

[11] H. Jin, K. Zhou, H. Jiang, D. Lei, R. Wei, and C. Li, Full integrity and freshness for

cloud data, Future Gener. Comput. Syst , Vol:80Issue: 640_6522018.

[12] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, Medrec: Using blockchain for

medical data access and permission management , 2nd Int. Conf. Open Big Data (OBD),

Vol:Issue: 25_302016.

[13] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for

finegrained access control of encrypted data , IEEE Trans. Comput. Social Syst., vol. 5, no.

4, pp. 942_950, Dec. 2018., Vol:5 Issue: 42018.

[14] H. Yang and B. Yang, A blockchain-based approach to the secure sharing of healthcare

data, Norwegian Inf. Secur. Conf, Vol:Issue: 1_122017.

[15] S. Wang et al., Blockchain-powered parallel healthcare systems based on the ACP

approach, 4th International Conference on Electrical, Electronics, Communication,

Computer Technologies and Optimization Techniques (ICEECCOT-2019), Vol:5Issue:

42019.



[16] X. Liang, J. Zhao, S. Shetty, J. Liu, and D. Li, Integrating blockchain for data sharing

and collaboration in mobile healthcare applications, IEEE 28th Annu. Int. Symp. Pers.,

Indoor, Mobile Radio Commun. (PIMRC) , Issue: 1_52017.

[17] A. Zhang and X. Lin, Towards secure and privacy-preserving data sharing in e-health

systems via consortium Blockchain , J. Med. Syst, Vol:42 Issue: 8 2018.

[18] D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano, Public key encryption

with keyword search, Int. Conf. Theory Appl. Cryptograph. Techn. Interlaken, Switzerland:

Springer , Issue: 506_5222004.

[19] X. Yue, H. Wang, D. Jin, M. Li, andW. Jiang, Healthcare data gateways: Found

healthcare intelligence on blockchain with novel privacy risk control , J. Med. Syst,

Vol:40Issue: 102016.

[20] X. Liang, J. Zhao, S. Shetty, J. Liu, and D. Li, Integrating Blockchain for data sharing

and collaboration in mobile healthcare applications , IEEE 28th Annu. Int. Symp. Pers.,

Indoor, Mobile Radio Com-mun. (PIMRC), Issue: 1_52017.

[21] J. Zhang, N. Xue, and X. Huang, A secure system for pervasive social network-based

healthcare, IEEE Access, Vol:4Issue: 9239_92502016.

[22] H. Zhao, Y. Zhang, Y. Peng, and R. Xu, `` Lightweight backup and efficient recovery

scheme for health blockchain keys, IEEE 13th Int. Symp. Auton. Decentralized Syst.

(ISADS), Vol:Issue: 229_2342017.

[23] T.-T. Kuo and L. Ohno-Machado. (2018). ``Modelchain: Decentralized privacy-

preserving healthcare predictive modeling framework on private blockchain

networks.'' [Online]. Available: https://arxiv.org/ abs/1802.01746.

[24] K. Peterson, R. Deeduvanu, P. Kanjamala, and K. Boles, A blockchainbased approach

to health information exchange networks , NIST Workshop Blockchain Healthcare, Vol:1

Issue: 1_102016.

[25] Q. Xia, E. B. Sifah, A. Smahi, S. Amofa, and X. Zhang, BBDS:Blockchain-based data

sharing for electronic medical records in cloudenvironments,, Information, Vol:8 Issue:

22017.

[26] L. Wu, Y. Zhang, Y. Xie, A. Alelaiw, and J. Shen, An efficient and secure identity-

based authentication and key agreement protocol with user anonymity for mobile devices,

Wireless Pers. Commun., Vol:94 Issue: 42017.

[27] Q. Xia, E. B. Sifah, K. O. Asamoah, J. Gao, X. Du, and M. Guizani, MeDShare:

Trust-less medical data sharing among cloud service providers via blockchain,, IEEE

Access, Vol:5Issue: 14757_147672017.

[28] K. Fan, S. Wang, Y. Ren, H. Li, and Y. Yang, MedBlock: Efficient and secure medical

data sharing via blockchain, J. Med. Syst, Vol:42Issue: 8.

[29] K. Fan, S. Wang, Y. Ren, H. Li, and Y. Yang, MedBlock: Efficient and secure medical

data sharing via blockchain, J. Med. Syst, Vol:42Issue: 8.

[30] C. McFarlane, M. Beer, J. Brown, and N. Prendergast, Patientory: A Healthcare Peer-

to-Peer EMR Storage Network v1. Addison, TX, USA: Entrust ,Issue: 2017.

[31] K. Peterson, R. Deeduvanu, P. Kanjamala, and K. Boles, A blockchainbased approach

to health information exchange networks , NISTWorkshop Blockchain Healthcare,

Vol:1Issue: 1_102016.

[32] R. Guo, H. Shi, Q. Zhao, and D. Zheng, Secure attribute-based signature scheme with

multiple authorities for blockchain in electronic health records systems, IEEE Access,

Vol:6 Issue: 11676_116862018.

[33] A. Fiat and M. Naor, Broadcast encryption, Annu. Int. Cryptol. Conf. Santa Barbara, CA,

USA: Springer, Issue: 480_4911993.

https://arxiv.org/



[34] J. A. Garay, J. Staddon, and A. Wool, Long-lived broadcast encryption, Int. Cryptol.

Conf. Santa Barbara, CA, USA: Springer, Issue: 333_352 , 2000.

[35] D. Boneh, C. Gentry, and B.Waters, Collusion resistant broadcast encryption with short

ciphertexts and private keys, . Annu. Int. Cryptol. Conf. Santa Barbara, CA, USA: Springer,

Issue:258_2752005.

[36] A. Shamir, Identity-based cryptosystems and signature schemes, Workshop Theory Appl.

Cryptograph. Techn. Paris, France: Springer, Vol:Issue: 47_531984.

[37] D. Boneh and M. Franklin, Identity-based encryption from the weil pairing, Annu. Int.

Cryptol. Conf. Santa Barbara, CA, USA: Springer , Vol:Issue: 213_229.2001.

[38] M. Blaze, G. Bleumer, and M. Strauss, Divertible protocols and atomic proxy

cryptography, Int. Conf. Theory Appl. Cryptograph. Techn. Espoo, Finland: Springer,

Vol:Issue: 127_1441998.

[39] G.Ateniese, K. Fu, M. Green, and S. Hohenberger, Improved proxy re-encryption

schemes with applications to secure distributed storage, ACM Trans. Inf. Syst. Secur,

Vol:9Issue: 1 2006.

[40] M. Green and G. Ateniese, Identity-based proxy re-encryption, Int. Conf. Appl. Cryptogr.

Netw. Secur. Berlin, Germany: Springer,Issue: 2007.

[41] G. S. Poh, J.-J. Chin, W.-C. Yau, K.-K. R. Choo, and M. S. Mohamad, Searchable

Symmetric Encryption: Designs and Challenges, ACMCom-put. Surv, Vol:50 Issue: 3

2017.

[42] D. X. Song, D. Wagner, and A. Perrig, Practical techniques for searches on encrypted

data, IEEE Symp. Secur. Privacy, Vol:Issue: 44_552000.

[43] A. Lewko and B. Waters, Decentralizing attribute-based encryption, Int. Conf. Theory

Appl. Cryptograph. Techn. Tallinn, Estonia: Springer, Vol:Issue: 568_5882011.

[44] T. Li, N. Li, J. Zhang, and I. Molloy, Slicing: A new approach for privacy preserving

data publishing, IEEE Trans. Knowl. Data Eng, Vol:24Issue: 32012.

[45] B. Zhou, J. Pei, and W. Luk, A brief survey on anonymization techniques for privacy

preserving publishing of social network data , ACM SIGKDD Explorations Newslett ,

Vol:10 Issue: 2 2008.

[46] A. Sahai and B.Waters, Fuzzy identity-based encryption, Annu. Int. Conf. Theory Appl.

Cryptography Techn. Aarhus, Denmark: Springer, 2005, pp. . , Vol:Issue: 457_4732005.

[47] Irina Yakovenko, Lyazzat Kulumbetova, Irina Subbotina, Gaukhar Zhanibekova and

Kenzhegul Bizhanova, the Blockchain Technology as a Catalyst for Digital Transformation

of Education, International Journal of Mechanical Engineering and Technology, 10(01),

2019, pp.886–897

[48] Iryna Bashynska, Marina Malanchuk, Olena Zhuravel, Kateryna Olinichenko, Smart

Solutions: Risk Management of Crypto-Assets and Blockchain Technology, International

Journal of Civil Engineering and Technology (IJCIET) 10(2), 2019, pp. 1121–1131.

[49] Manisha Valera, Parth Patel and Shruti Chettiar, an Avant-Garde Approach of Blockchain

in Big Data Analytics, International Journal of Computer Engineering and Technology,

9(6), 2018, pp. (115)-(120).

Documents

ANALYZING THE COST EFFICIENCY USING ATTRIBUTE BASED ENCRYPTION ON MEDICAL BLOCKCHAIN ... · 2020-06-02 · patients healthcare data. Blockchain will be able to manage integrated records,