A Quantum Resistant Blockchain System for Privacy Protection of Patient Records

A Quantum Resistant Blockchain System for Privacy Protection of Patient Records

  IJETT-book-cover           
  
© 2023 by IJETT Journal
Volume-71 Issue-4
Year of Publication : 2023
Author : Smita Bansod, Lata Ragha
DOI : 10.14445/22315381/IJETT-V71I4P208

How to Cite?

Smita Bansod, Lata Ragha , "A Quantum Resistant Blockchain System for Privacy Protection of Patient Records ," International Journal of Engineering Trends and Technology, vol. 71, no. 4, pp. 79-96, 2023. Crossref, https://doi.org/10.14445/22315381/IJETT-V71I4P208

Abstract
In the present digital era, Personal Data Privacy is considered one of the fundamental rights in many countries, and regulation demands strict compliance with privacy laws. Patient Health Records in electronic form are highly personal and must be handled with due care and sensitivity to ensure the individual's privacy by giving full control to the patient by employing a self-sovereign model and, at the same time, protected from attacks by hackers. While blockchain technology, with its distributed ledger and immutability, promises to take care of the basic privacy and security requirements of personal digital data, there are several areas where improvements are needed in order to make this technology a robust, practical system. This paper proposes a system which introduces the privacy protection mechanisms to be applied to a blockchain-based patient records system for full privacy protection. The data is shared between different stakeholders in an encrypted format with a session key operational for a predetermined amount of time. The session keys are managed by private certificate authorization with quantum resistance NTRU algorithm. A comparative analysis of various asymmetric key cryptography algorithms indicates that Enhanced NTRU is superior in performance and provides the best security. The encrypted Electronic Health Record (EHR) is stored using Interplanetary File System (IPFS) protocol, and its hashes are recorded on the Ethereum blockchain test network. IPFS solves the issue of storing a large amount of data on the blockchain, and encryption solves the data transparency with Public Key Infrastructure (PKI) to resolve the authentication of the stakeholders. The proposed system's response time, latency, resource utilization and efficiency have been assessed experimentally for various transactions. The proposed system ensures patient confidentiality while sharing health records, making it future-proof.

Keywords
Blockchain, Security, Privacy, NTRU, PKI, EHR, Ethereum.

References
[1] Christian Esposito et al., “Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy?,” IEEE Cloud Computing, vol. 5, no. 1, pp. 31–37, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Leadership for It Security & Privacy Across HSS Cyber security Program, Electronic Medical Records in Healthcare, 2022. [Online]. Available: https://www.hhs.gov/sites/default/files/2022-02-17-1300-emr-in-healthcare-tlpwhite.pdf
[3] Anna Kragie, ITRC Data Breach Report: Breaches up 17%, Exposed PII Records Down 41%, Rippleshot, 2020. [Online]. Available: https://info.rippleshot.com/blog/itrc-data-breach-report-pii-records#:~:text=Press-,ITRC%20Data%20Breach%20Report%3A%20Breaches%20up%2017%25%2C,Exposed%20PII%20Records%20Down%2041%25&text=The%20Identity%20Theft%20Resource%20Center's,%2C%20year%2Dafter%2Dyear.
[4] Ivan Homoliak et al., “The Security Reference Architecture for Blockchains: Towards a Standardized Model for Studying Vulnerabilities, Threats, and Defenses,” IEEE Communications Surveys & Tutorials, vol. 23, no. 1, pp. 341-390, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Wie Liang Sim, Hui Na Chua, and Mohammad Tahir, “Blockchain for Identity Management: The Implications to Personal Data Protection,” 2019 IEEE Conference on Application, Information and Network Security (AINS), pp. 30–35, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Smita Bansod, and Lata Ragha, “Blockchain Technology: Applications and Research Challenges,” International Conference for Emerging Technology (INCET), pp. 1–6, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Nguyen Binh Truong et al., “GDPR-Compliant Personal Data Management: A Blockchain-Based Solution,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1746–1761, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Jorge Bernal Bernabe et al., “Privacy-Preserving Solutions for Blockchain: Review and Challenges,” IEEE Access, vol. 7, pp. 164908–164940, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Wenxiu Ding, Zheng Yan, and Robert H. Deng, “Privacy-Preserving Data Processing with Flexible Access Control,” IEEE Transactions Dependable and Secure Computing, vol. 17, no. 2, pp. 363–376, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Smita Bansod, and Lata Ragha “Challenges in Making Blockchain Privacy Compliant for the Digital World: Some Measures,” Sādhanā, vol. 47, no. 168, 2022, doi: 10.1007/s12046-022-01931-1.
[CrossRef] [Google Scholar] [Publisher Link]
[11] A. Z. Junejo, M. Ahmed, and A. Abdulrehman, “A Survey on Privacy Vulnerabilities in Permissionless Blockchains,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 11, no. 9, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[12] John Preub Mattsson, Ben Smeets, and Erik Thormarker “Quantum-Resistant Cryptography,” Cryptography and Security, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Tiago M. Fernández-Caramès, and Paula Fraga-Lamas, “Towards Post-Quantum Blockchain: A Review on Blockchain Cryptography Resistant to Quantum Computing Attacks,” IEEE Access, vol. 8, pp. 21091–21116, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Keke Gai, Meikang Qiu, and Hui Zhao, “Privacy-Preserving Data Encryption Strategy for Big Data in Mobile Cloud Computing,” IEEE Transactions on Big Data, vol. 7, no. 4, pp. 678-688, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Shuyun Shi et al., “Applications of Blockchain in Ensuring the Security and Privacy of Electronic Health Record Systems: A Survey,” Computers & Security, vol. 97, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Alaa Haddad et al., “Blockchain for Healthcare Medical Records Management System with Sharing Control,” IEEE 7th International Conference on Smart Instrumentation, Measurement and Applications, pp. 30–34, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[17] IPFS Community, IPFS doc - Privacy and encryption. [Online]. Available: https://docs.ipfs.io/concepts/privacy-and-encryption/
[18] Azeez Ajani Waheed et al., "An Integrated and Secured Web Based Electronic Health Record," International Journal of Recent Engineering Science, vol. 8, no. 4, 1 pp. 19-26, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Ammar Ayman Battah et al., “Blockchain-Based Multi-Party Authorization for Accessing IPFS Encrypted Data,” IEEE Access, vol. 8, pp. 196813–196825, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Beena G Pillai, and Dayanand N Lal, “Blockchain-Based Asymmetric Searchable Encryption: A Comprehensive Survey,” International Journal of Engineering Trends and Technology, vol. 70, no. 7, pp. 355–365, 2022.
[CrossRef] [Publisher Link]
[21] Prasanna Ravi et al., “Lattice-based Key-sharing Schemes: A Survey,” ACM Computing Surveys, vol. 54, no. 1, pp. 1–39, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Praveen Gauravaram Tata, Harika Narumanchi, and Nitesh Emmadi, “Analytical Study of Implementation Issues of NTRU,” International Conference on Advances in Computing, Communications and Informatics, pp. 700–707, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Yakubov Alexander et al., “A Blockchain-Based PKI Management Framework,” IEEE/IFIP Network Operations and Management Symposium, pp. 1–6, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Elie Kfoury, and David Khoury, “Distributed Public Key Infrastructure and PSK Exchange Based on Blockchain Technology,” IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1116–1120, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Jongbeen Han et al., “A Decentralized Document Management System Using Blockchain and Secret Sharing,” 36th Annual ACM Symposium on Applied Computing, pp. 305–308. 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Guishan Dong et al., “Anonymous Cross-Domain Authentication Scheme for Medical PKI System,” ACM Turing Celebration Conference, no. 68, pp. 1–7, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[27] Nidhi, and Dr. Arpinder Singh, "Steganography of ECG Signals for Hiding of Patient Confidential Data", International Journal of Computer & organization Trends, vol. 5, no. 6, pp. 5-8, 2015.
[CrossRef] [Publisher Link]
[28] Smita Bansod, and Lata L. Ragha, “Blockchain Impact of Security and Privacy in Digital Identity Management,” Blockchain for Information Security and Privacy, Auerbach Publications, pp. 275–291. 2021.
[Google Scholar] [Publisher Link]
[29] S. Bansod, and L. Ragha, “Secured and Quantum Resistant Key Exchange Cryptography Methods – A Comparison,” Interdisciplinary Research in Technology and Management (IRTM), pp. 1–5. 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[30] National Institute of Standards and Technology, FIPS 197, Advanced Encryption Standard (AES), NIST, 2001. [Online]. Available : https://csrc.nist.gov/publications/detail/fips/197/final
[31] Shuai Wang et al., “Blockchain-Enabled Smart Contracts: Architecture, Applications, and Future Trends,” IEEE Transactions on Systems, Man, and Cybernetics: Systems., vol. 49, no. 11, pp. 2266–2277, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[32] Philip S. Hirschhorn et al., “Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches,” Applied Cryptography and Network Security, vol. 5536. pp. 437–455, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[33] V. Mavroeidis et al., “The Impact of Quantum Computing on Present Cryptography,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 9, no. 3, pp. 405-414, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[34] Yufei Lin, and Chongyang Zhang, “A Method for Protecting Private Data in IPFS,” IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 404–409, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[35] Christos Patsonakis et al., “Implementing a Smart Contract PKI,” IEEE Transactions on Engineering Management, vol. 67, no. 4, pp. 1425–1443, 2020.
[CrossRef] [Google Scholar] [Publisher Link]