Skip to main content
SpringerLink
Log in

A Lightweight Authentication Protocol for a Blockchain-Based Off-Chain Medical Data Access in Multi-server Environment

  • Original Research
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

Presently, blockchain technology is used to secure electronic medical records (EMR) and an arrangement of multiple servers as off-chain storage is advocated to minimize the storage overhead of the medical blockchain. Therefore, an authorized access mechanism to the medical records stored on multiple servers needs a secure multi-server-based authentication system. However, existing blockchain-based systems for medical data storage do not consider an authentication system for a multi-server environment between patients and multiple medical servers. In this paper, a blockchain-based healthcare system is considered to ensure the scalability of the blockchain using off-chain storage. The blockchain contains the hash value of the medical data, while multiple servers are used as off-chain storage for storing the original data. A patient can access those servers in a single enrollment under a multi-server authentication system using fuzzy commitment and can share his or her healthcare data with an authorized healthcare service provider. Replay attacks are examined using formal security analysis, such as the AVISPA tool and the mutual authentication of the proposed protocol is examined using BAN logic. At the same time, a rigorous informal security analysis confirms that our scheme is secured against various known attacks. Moreover, we have investigated the transaction cost for block creation, and the proposed scheme is compared with the existing blockchain-based EMR systems. Again, the security functionality, computation cost, and communication cost of the proposed protocol are also compared with existing protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data Availability

Not applicable.

References

  1. Sumant Ugalmugle, Rupali Swain, Electronic Health Record (EHR) Market, Competitive Market Share & Forecast, 2021 - 2027. https://www.gminsights.com/industry-analysis/electronic-health-record-market. Accessed on 5-12-22

  2. Electronic Health Records Market Size, Share & Trends Analysis Report By Type, By End-use, By Product, By Business Models, And Segment Forecasts, 2021 - 2028. https://www.grandviewresearch.com/industry-analysis/electronic-health-records-ehr-market.

  3. Medical AI Database Containing More Than 800 Million Records Exposed Online,HIPPA Journal, October 28, 2021. Access on 29th2ctober, 2021. https://www.hipaajournal.com/medical-ai-database-containing-more-than-800-million-records-exposed-online/

  4. Blockchain Technology in Healthcare Market. Available at: https://www.marketsandmarkets.com/Market-Reports/blockchain-technology-healthcare-market-109977720.html, Accessed on: 15-Oct-21.

  5. Barman S, Chattopadhyay S, Samanta D, Barman S. A blockchain-based approach to secure electronic health records using fuzzy commitment scheme. Secur Privacy. 2022;5(4): e231.

    Article  Google Scholar 

  6. Li X, Niu J, Kumari S, Liao J, Liang W. An enhancement of a smart card authentication scheme for multi-server architecture. Wirel Pers Commun. 2015;80(1):175–92.

    Article  Google Scholar 

  7. He D, Wang D. Robust biometrics-based authentication scheme for multi-server environment. IEEE Syst J. 2015;9(3):816–23.

    Article  ADS  Google Scholar 

  8. Shahnaz A, Qamar U, Khalid A. Using blockchain for electronic health records. IEEE Access. 2019;7:147782–95.

    Article  Google Scholar 

  9. Wen F, Susilo W, Yang G. Analysis and improvement on a biometric-based remote user authentication scheme using smart-cards. Wirel Pers Commun. 2015;80(4):1747–60.

    Article  Google Scholar 

  10. Ali Rifaqat, Pal Arup. Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arab J Sci Eng. 2017;42:3655–72. https://doi.org/10.1007/s13369-017-2665-1.

    Article  MathSciNet  Google Scholar 

  11. Ali R, Pal AK. An efficient three factor-based authentication scheme in multiserver environment using ECC. Int J Commun Syst. 2018;31(4): e3484.

    Article  Google Scholar 

  12. Irshad, A.; Sher, M.;Nawaz, O.; Chaudhry, S. A.;Khan, I.;Kumari, S.: A secure and provable multi-server authenticated key agreement for tmis based on Amin et al. scheme. Multimed. Tools Appl.(2016). https://doi.org/10.1007/s11042-016-3921-1.

  13. Dolev D, Yao AC. On the security of public key protocols. IEEE Trans Inf Theory. 1983;29(2):198–208.

    Article  MathSciNet  Google Scholar 

  14. R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” in International Conference on the Theory and Applications of Cryptographic Techniques- Advances in Cryptology (EUROCRYPT 2001). Innsbruck (Tyrol), Austria: Springer, 2001, pp. 453-474.

  15. Guo D, Wen F. Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture. Wirel Pers Commun. 2014;78(1):475–90.

    Article  Google Scholar 

  16. Burrows M, Abadi M, Needham R. A logic of authentication. ACM Trans Comput Syst. 1990;8(1):18–36.

    Article  Google Scholar 

  17. Kocher P, Jaffe J, Jun B. Differential power analysis. In: Advances in Cryptology- CRYPTO99. Springer; 1999. p. 388-397.

  18. Messerges TS, Dabbish EA, Sloan RH. Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput. 2002;51(5):541–52.

    Article  MathSciNet  Google Scholar 

  19. Saho, Nelson Josias Gbètoho, and Eugène C. Ezin. "Comparative Study on the Performance of Elliptic Curve Cryptography Algorithms with Cryptography through RSA Algorithm." CARI 2020-Colloque Africain sur la Recherche en Informatique et en Mathématiques Apliquées. 2020.

  20. Barman S, Das AK, Samanta D, Chattopadhyay S, Rodrigues JJPC, Park Y. Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access. 2018;6:38578–94. https://doi.org/10.1109/ACCESS.2018.2854798.

    Article  Google Scholar 

  21. Barman S, Shum HPH, Chattopadhyay S, Samanta D. A secure authentication protocol for multi-server-based E-healthcare using a fuzzy commitment scheme. IEEE Access. 2019;7:12557–74. https://doi.org/10.1109/ACCESS.2019.2893185.

    Article  Google Scholar 

  22. Chenthara S, Ahmed K, Wang H, Whittaker F, Chen Z. Healthchain: a novel framework on privacy preservation of electronic health records using blockchain technology. PLoS ONE. 2020;15(12): e0243043. https://doi.org/10.1371/journal.pone.0243043.

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  23. Azaria A, Ekblaw A, Vieira T, Lippman A. Medrec: Using blockchain for medical data access and permission management. In: 2016 2nd International Conference on Open and Big Data (OBD). IEEE;2016. p. 25-30.

  24. Shen B, Guo J, Yang Y. MedChain: efficient healthcare data sharing via blockchain. Appl Sci. 2019;9(6):1207. https://doi.org/10.3390/app9061207.

    Article  Google Scholar 

  25. Dagher GG, Mohler J, Milojkovic M, Marella PB. Ancile: Privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain Cities Soc. 2018;39:283–97. https://doi.org/10.1016/j.scs.2018.02.014.

    Article  Google Scholar 

  26. Dwivedi AD, Srivastava G, Dhar S, Singh R. A decentralized privacy-preserving healthcare blockchain for IoT. Sensors. 2019;19(2):326. https://doi.org/10.3390/s19020326. (PMID: 30650612).

    Article  ADS  PubMed  PubMed Central  Google Scholar 

  27. Wang H, Song Y. Secure cloud-based EHR system using attribute-based cryptosystem and blockchain. J Med Syst. 2018;42(8):152. https://doi.org/10.1007/s10916-018-0994-6. (PMID:29974270).

    Article  MathSciNet  PubMed  Google Scholar 

  28. Zhang P, White J, Schmidt DC, Lenz G, Rosenbloom ST. Fhirchain: applying blockchain to securely and scalably share clinical data. Comput Struct Biotechnol J. 2018;16:267–78. https://doi.org/10.1016/j.csbj.2018.07.004. (PMID: 30108685).

    Article  PubMed  PubMed Central  Google Scholar 

  29. Medicalchain Whitepaper 2.1. Available at: https://medicalchain.com/Medicalchain-Whitepaper-EN.pdf. Accessed Oct 19 2021.

  30. Iryo Network Technical Whitepaper. Available at: https://iryo.network/iryo_whitepaper.pdf. Accessed Oct 19 2021.

  31. Jiang S, Cao J, Wu H, Yang Y, Ma M, He J. Blochie: a blockchain-based platform for healthcare information exchange. In: ieee international conference on smart computing (smartcomp). IEEE. 2018;2018:49–56.

  32. Li, P., Nelson, S. D., Malin, B. A., & Chen, Y. (2019). DMMS: A Decentralized Blockchain Ledger for the Management of Medication Histories. Blockchain in healthcare today, 2, 38. https://doi.org/10.30953/bhty.v2.38

  33. Pandey P, Litoriya R. Implementing healthcare services on a large scale: Challenges and remedies based on blockchain technology. Health Policy Technol. 2020;9(1):69–78.

    Article  Google Scholar 

  34. Juels, A. and Wattenberg, M. "A fuzzy commitment scheme," in Proc.ACM Conf. Computer and Communications Security (CCS), 1999, pp.28-36.

  35. MacWilliams FJ, Sloane NJA. The Theory of Error-Correcting Codes, Amsterdam. The Netherlands: North Holland; 1991.

    Google Scholar 

  36. Gaikwad Vishesh P, Tembhurne Jitendra V, Meshram Chandrashekhar, Lee Cheng-Chi, Li Chun-Ta. An efficient provably secure verifier-based three-factor authentication technique using PDL for data exchange in TMIS. Access IEEE. 2021;9:108586–600.

    Article  Google Scholar 

  37. Androulaki E, Barger A, Bortnikov V, Cachin C, Christidis K, De Caro A, et al. Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the Thirteenth EuroSys Conference. ACM; 2018. p. 30.

  38. Dhillon V, Metcalf D, Hooper M. The hyperledger project. In: Blockchain enabled applications. Springer; 2017. p. 139-149.

  39. AVISPA: Automated Validation of Internet Security Protocols and Applications, Jan. 2016, [online] http://www.avispa-project.org/.

  40. Kumari S, Das AK, Li X, et al. A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimedia Tools Appl. 2018;77(2):2359–89.

    Article  Google Scholar 

  41. Hussain Khan, A., UL Hassan, N., Mujeeb Ahmed, C., Afzal Uzmi, Z., Yuen, C. (2023). Blockchain-Enabled Data Sharing in Connected Autonomous Vehicles for Heterogeneous Networks. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes Comput Sci., vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_12

  42. Sharma P, Namasudra S, Lorenz P, 2023, May. Blockchain-Based Cloud Storage System with Enhanced Optimization and Integrity Preservation. In ICC 2023-IEEE International Conference on Communications (pp. 3744-3749). IEEE.

  43. Ploder, C., Spiess, T., Bernsteiner, R., Dilger, T. and Weichelt, R., 2021. A risk analysis on blockchain technology usage for electronic health records. Cloud Comput Data Sci., pp.20-35.

  44. Thalhammer F, Schöttle P, Janetschek M, Ploder C. Blockchain Use Cases Against Climate Destruction. Cloud Comput Data Sci., 2022;pp.60-76.

  45. Sultana SA, Rupa C, Malleswari RP, Gadekallu TR. IPFS-blockchain smart contracts based conceptual framework to reduce certificate frauds in the academic field. Information. 2023;14(8):446. https://doi.org/10.3390/info14080446.

    Article  Google Scholar 

  46. Ch R, Srivastava G, Nagasree YLV, Ponugumati A, Ramachandran S. Robust cyber-physical system enabled smart healthcare unit using blockchain technology. Electronics. 2022;11(19):3070. https://doi.org/10.3390/electronics11193070.

    Article  Google Scholar 

  47. Rupa C, MidhunChakkarvarthy D, Patan R, Prakash AB, Pradeep GG. Knowledge engineering-based DApp using blockchain technology for protract medical certificates privacy. IET Commun. 2022;16(15):1853–64.

    Article  Google Scholar 

  48. Ali Z, et al. ITSSAKA-MS: an improved three-factor symmetric-key based secure AKA scheme for multi-server environments. IEEE Access. 2020;8:107993–8003. https://doi.org/10.1109/ACCESS.2020.3000716.

    Article  Google Scholar 

  49. Shivom: a precision medicine data secure-sharing and analysis ecosystem. Research & Innovation News. https://www.healtheuropa.com/shivom-precision-medicine/90476/

  50. Blockchain Powered Ecosystem forTotal Health, White Paper, NHCT, Available: https://cryptototem.com/wp-ico/img/new%20projects/NanoHealthCare%20Token/NHCT_Whitepaper.pdf, Accessed Nov 20, 2023.

  51. Value for Patients and Providers, EMRchain. https://www.emrchain.io/home

  52. Healthdat Marketplace, https://patientory.com/

  53. Enterprise Blockchain | Guardtime. https://guardtime.com/. Accessed Nov 19, (023).

  54. Enterprise Blockchain | Guardtime. https://guardtime.com/. Accessed Nov 19, (2023).

  55. BurstIQ, https://burstiq.com/

  56. Akiri, Accessed on 20.11.23, https://builtin.com/company/akiri

  57. ProCredEx, https://procredex.com/, Accessed on 20.11.23

  58. Avaneer Health, https://avaneerhealth.com/, accessed on November 20, (2023).

  59. SimplyVital Health, www.simplyvitalhealth.com, accessed on November 20, (2023).

Download references

Funding

No funds, grants, or other support was received.

Author information

Authors and Affiliations

  1. Jalpaiguri Government Engineering College, Jalpaiguri, West Bengal, India

    Subhas Barman

  2. Techno India University, Kolkata and Jadavpur University, Kolkata, West Bengal, India

    Samiran Chattopadhyay

  3. Indian Institute of Technology, Kharagpur, India

    Debasis Samanta

Authors
  1. Subhas Barman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samiran Chattopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Debasis Samanta
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

SB: methodology, software, visualization, investigation, writing- original draft preparation. SC: conceptualization, editing the draft preparation, supervision. DS: validation, writing- reviewing and editing.

Corresponding author

Correspondence to Subhas Barman.

Ethics declarations

Ethics Approval

Not applicable

Conflict of Interest

The authors have no conflicts of interest to declare that are relevant to the Content of this Article.

Consent to Publish

Not applicable

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Barman, S., Chattopadhyay, S. & Samanta, D. A Lightweight Authentication Protocol for a Blockchain-Based Off-Chain Medical Data Access in Multi-server Environment. SN COMPUT. SCI. 5, 292 (2024). https://doi.org/10.1007/s42979-024-02660-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-024-02660-4

Keywords

Search

Navigation