Auditable Healthcare Data Sharing Based on Decentralized Identity

Song Wenpeng; Zhang Liang; Ma Yuhang

doi:10.7544/issn1000-1239.202440351

Journal of Computer Research and Development > 2024 > 61(10): 2501-2513. > DOI: 10.7544/issn1000-1239.202440351 CSTR: 32373.14.issn1000-1239.202440351

Song Wenpeng, Zhang Liang, Ma Yuhang. Auditable Healthcare Data Sharing Based on Decentralized Identity[J]. Journal of Computer Research and Development, 2024, 61(10): 2501-2513. DOI: 10.7544/issn1000-1239.202440351

Citation:

PDF (1370 KB)

Auditable Healthcare Data Sharing Based on Decentralized Identity

Song Wenpeng^{1, 2,},
Zhang Liang^{1, 2, 3},
Ma Yuhang³

1.
School of Computer Science, Fudan University, Shanghai 200433
2.
Shanghai Engineering Research Center of Blockchain, Shanghai 200433
3.
School of Cyberspace Security (School of Cryptology), Hainan University, Haikou 570228

Funds: This work was supported by the National Key Research and Development Program of China (2019YFB2101703), the National Natural Science Foundation of China (62272107, U19A2066), the Innovation Action Plan of Shanghai Science and Technology (21511102200), the National Natural Science Foundation of China for Young Scientists (62302129), and the Hainan Provincial Key Research and Development Program (ZDYF2024GXJS030).

More Information

Author Bio:
Song Wenpeng: born in 1982. PhD candidate. His main research interests include proxy re-encryption and blockchain

Zhang Liang: born in 1989. PhD, associate professor, PhD supervisor. His main research interests include applied cryptography and blockchain

Ma Yuhang: born in 2000. Master candidate. His main research interest includes cross-chain technology for blockchain
Received Date: May 26, 2024
Revised Date: July 13, 2024
Available Online: July 17, 2024

Graphical Abstract

Abstract

Abstract

The continuous rapid development of Internet technology has brought increasing convenience for data sharing. However, data security and privacy issues have also emerged. Taking healthcare as an example, people hope to seek treatment quickly and claim reimbursement promptly, but do not want to disclose their medical records and expenses in hospitals. To adapt to the above data sharing scenarios, we propose a decentralized identity (DID) model based on blockchain and proxy re-encryption (PRE). Further, we achieve a data sharing framework for smart healthcare. Blockchain is leveraged to avoid the problem of single-node failure, ensuring data availability and data consistency. PRE is employed to achieve the separation of data generation, management and usage. This character is identical to that of the DID model, where verifiable credential (VC) issuance and verification are separated. Besides, PRE helps to achieve the goal of patient-centered healthcare. Furthermore, we obtain verifiable presentation (VP) by using the BLS aggregation signatures, which enable us to combine and authenticate multiple VCs. We incorporate blockchain as a decentralized trusted third party to check the correctness of cryptographic operations, achieving data verifiability and audibility in an encrypted mode. Also, we make a scrupulous security analysis of the proposed framework and compare it with related work. Finally, we conduct comprehensive experiments based on Ethereum and IPFS (inter-planetary file system), demonstrating the feasibility and efficiency of our solution.
- proxy re-encryption,
- data sharing,
- blockchain,
- smart healthcare,
- decentralized identity

FullText(HTML)

References (29)

References

[1]	Saxena A, Sharma T, Gupta H, et al. Revamping healthcare with Web 3.0[C]//Proc of the Int Conf on Innovative Computing & Communication (ICICC). Berlin: Springer, 2022. http://dx.doi.org/10.2139/ssrn.4381964
[2]	Garzon S R, Yildiz H, Küpper A. Decentralized identifiers and self-sovereign identity in 6G[J]. IEEE Network, 2022, 36(4): 142−148 doi: 10.1109/MNET.009.2100736
[3]	Avellaneda O, Bachmann A, Barbir A, et al. Decentralized identity: Where did it come from and where is it going?[J]. IEEE Communications Standards Magazine, 2019, 3(4): 10−13 doi: 10.1109/MCOMSTD.2019.9031542
[4]	Reed D, Sporny M, Longley D, et al. Decentralized identifiers (DIDs) v1.0. Draft Community Group Report[S/OL]. 2020 [2024-03-24]. https://www.w3.org/TR/did-core/#references
[5]	Szalachowski P. Password-authenticated decentralized identities[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 4801−4810 doi: 10.1109/TIFS.2021.3116429
[6]	Costan V, Devadas S. Intel SGX explained[J/OL]. Cryptology ePrint Archive. 2016 [2024-03-24]. https://eprint.iacr.org/2016/086
[7]	Fathalla E S, Azab M, Xin Chunsheng, et al. PT-SSIM: A proactive, trustworthy self-sovereign identity management system[J]. IEEE Internet of Things Journal, 2023, 10(19): 17155−17169 doi: 10.1109/JIOT.2023.3273988
[8]	Maram S K D, Zhang Fan, Wang Lun, et al. CHURP: Dynamic-committee proactive secret sharing[C]//Proc of the 2019 ACM SIGSAC Conf on Computer and Communications Security. New York ACM, 2019: 2369−2386
[9]	Khalili M, Dakhilalian M, Susilo W. Efficient chameleon Hash functions in the enhanced collision resistant model[J]. Information Sciences, 2020, 510: 155−164 doi: 10.1016/j.ins.2019.09.001
[10]	Zhang Liang, Kan Haibin, Huang Honglan. Patient-centered cross-enterprise document sharing and dynamic consent framework using consortium blockchain and ciphertext-policy attribute-based encryption[C]//Proc of the 19th ACM Int Conf on Computing Frontiers. New York: ACM, 2022: 58−66
[11]	Rouselakis Y, Waters B. Efficient statically-secure large-universe multi-authority attribute-based encryption[C]//Proc of Int Conf on Financial Cryptography and Data Security. Berlin: Springer, 2015: 315−332
[12]	Wood G. A secure decentralised generalised transaction ledger[J]. Ethereum Project Yellow Paper, 2014, 151: 1−32
[13]	Benet J. IPFS-content addressed, versioned, P2P file system[J]. arXiv preprint, arXiv: 1407.3561, 2014
[14]	Thilakanathan D, Chen S, Nepal S, et al. A platform for secure monitoring and sharing of generic health data in the cloud[J]. Future Generation Computer Systems, 2014, 35: 102−113 doi: 10.1016/j.future.2013.09.011
[15]	Ge C, Susilo W, Baek J, et al. A verifiable and fair attribute-based proxy re-encryption scheme for data sharing in clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(5): 2907−2919
[16]	Zhou Yuyang, Zhao Liang, Jin Yuqiao, et al. Backdoor-resistant identity-based proxy re-encryption for cloud-assisted wireless body area networks[J]. Information Sciences, 2022, 604: 80−96 doi: 10.1016/j.ins.2022.05.007
[17]	Sharma B, Halder R, Singh J. Blockchain-based interoperable healthcare using zero-knowledge proofs and proxyre-encryption[C]//Proc of 2020 Int Conf on Communication Systems & Networks (COMSNETS). Piscataway, NJ: IEEE, 2020: 1−6
[18]	Gao Juntao, Yu Haiyong, Zhu Xiuqin, et al. Blockchain-based digital rights management scheme via multiauthority ciphertext-policy attribute-based encryption and proxy re-encryption[J]. IEEE Systems Journal, 2021, 15(4): 5233−5244 doi: 10.1109/JSYST.2021.3064356
[19]	Agyekum K O B O, Xia Qi, Sifah E B, et al. A proxy re-encryption approach to secure data sharing in the Internet of things based on blockchain[J]. IEEE Systems Journal, 2021, 16(1): 1685−1696
[20]	Yao Shimao, Dayot R V J, Ra I H, et al. An identity-based proxy re-encryption scheme with single-hop conditional delegation and multi-hop ciphertext evolution for secure cloud data sharing[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 3833−3848 doi: 10.1109/TIFS.2023.3282577
[21]	Boldyreva A. Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme[C]//Proc of the Int Workshop on Public Key Cryptography. Berlin: Springer, 2002: 31−46
[22]	Boneh D, Lynn B, Shacham H. Short signatures from the Weil pairing[C]//Proc of the Int Conf on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2001: 514−532
[23]	Keshta I, Aoudni Y, Sandhu M, et al. Blockchain aware proxy re-encryption algorithm-based data sharing scheme[J]. Physical Communication, 2023, 58: 102048 doi: 10.1016/j.phycom.2023.102048
[24]	Diffie W, Hellman M E. New directions in cryptography[J]. IEEE Transactions on Information Theory, 1976, 22(6): 365−390
[25]	Rahimi A, Maddah-Ali M A. Multi-Party proof generation in QAP-based zk-SNARKs[J]. IEEE Journal on Selected Areas in Information Theory, 2021, 2(3): 931−941 doi: 10.1109/JSAIT.2021.3102267
[26]	Karati A, Islam S K H, Biswas G P. A pairing-free and provably secure certificateless signature scheme[J]. Information Sciences, 2018, 450: 378−391 doi: 10.1016/j.ins.2018.03.053
[27]	Wang Xuan, Ma Jianfeng, Xhafa F, et al. Cost-effective secure E-health cloud system using identity based cryptographic techniques[J]. Future Generation Computer Systems, 2017, 67: 242−254 doi: 10.1016/j.future.2016.08.008
[28]	Sun Maosheng, Ge Chunpeng, Fang Liming, et al. A proxy broadcast re-encryption for cloud data sharing[J]. Multimedia Tools and Applications, 2018, 77: 10455−10469 doi: 10.1007/s11042-017-4448-9
[29]	Nunez D. UMBRAL: A threshold proxy re-encryption scheme[J/OL]. [2024-05-16]. https://raw.githubusercontent.com/nucypher/umbral-doc/master/umbral-doc.pdf

[1]	Cao Yiran, Zhu Youwen, He Xingyu, Zhang Yue. Utility-Optimized Local Differential Privacy Set-Valued Data Frequency Estimation Mechanism[J]. Journal of Computer Research and Development, 2022, 59(10): 2261-2274. DOI: 10.7544/issn1000-1239.20220504
[2]	Hong Jinxin, Wu Yingjie, Cai Jianping, Sun Lan. Differentially Private High-Dimensional Binary Data Publication via Attribute Segmentation[J]. Journal of Computer Research and Development, 2022, 59(1): 182-196. DOI: 10.7544/issn1000-1239.20200701
[3]	Wu Wanqing, Zhao Yongxin, Wang Qiao, Di Chaofan. A Safe Storage and Release Method of Trajectory Data Satisfying Differential Privacy[J]. Journal of Computer Research and Development, 2021, 58(11): 2430-2443. DOI: 10.7544/issn1000-1239.2021.20210589
[4]	Zhang Yuxuan, Wei Jianghong, Li Ji, Liu Wenfen, Hu Xuexian. Graph Degree Histogram Publication Method with Node-Differential Privacy[J]. Journal of Computer Research and Development, 2019, 56(3): 508-520. DOI: 10.7544/issn1000-1239.2019.20170886
[5]	Zhu Weijun, You Qingguang, Yang Weidong, Zhou Qinglei. Trajectory Privacy Preserving Based on Statistical Differential Privacy[J]. Journal of Computer Research and Development, 2017, 54(12): 2825-2832. DOI: 10.7544/issn1000-1239.2017.20160647
[6]	Wu Yingjie, Zhang Liqun, Kang Jian, Wang Yilei. An Algorithm for Differential Privacy Streaming Data Adaptive Publication[J]. Journal of Computer Research and Development, 2017, 54(12): 2805-2817. DOI: 10.7544/issn1000-1239.2017.20160555
[7]	Wang Liang, Wang Weiping, Meng Dan. Privacy Preserving Data Publishing via Weighted Bayesian Networks[J]. Journal of Computer Research and Development, 2016, 53(10): 2343-2353. DOI: 10.7544/issn1000-1239.2016.20160465
[8]	Lu Guoqing, Zhang Xiaojian, Ding Liping, Li Yanfeng, Liao Xin. Frequent Sequential Pattern Mining under Differential Privacy[J]. Journal of Computer Research and Development, 2015, 52(12): 2789-2801. DOI: 10.7544/issn1000-1239.2015.20140516
[9]	Ouyang Jia, Yin Jian, Liu Shaopeng, Liu Yubao. An Effective Differential Privacy Transaction Data Publication Strategy[J]. Journal of Computer Research and Development, 2014, 51(10): 2195-2205. DOI: 10.7544/issn1000-1239.2014.20130824
[10]	Ni Weiwei, Chen Geng, Chong Zhihong, Wu Yingjie. Privacy-Preserving Data Publication for Clustering[J]. Journal of Computer Research and Development, 2012, 49(5): 1095-1104.

Cited By

Cited by

Periodical cited type(5)

1.	张涵，于航，周继威，白云开，赵路坦. 面向隐私计算的可信执行环境综述. 计算机应用. 2025(02): 467-481 .
2.	付裕，林璟锵，冯登国. 虚拟化与密码技术应用:现状与未来. 密码学报(中英文). 2024(01): 3-21 .
3.	徐传康，李忠月，刘天宇，种统洪，杨发雪. 基于可信执行环境的汽车域控系统安全研究. 汽车实用技术. 2024(15): 18-25+73 .
4.	徐文嘉，岑孟杰，陈亮. 隐私保护下单细胞RNA测序数据细胞分类研究. 医学信息学杂志. 2024(10): 86-89 .
5.	孙钰，熊高剑，刘潇，李燕. 基于可信执行环境的安全推理研究进展. 信息网络安全. 2024(12): 1799-1818 .