Health-ID: A Blockchain-Based Decentralized Identity Management for Remote Healthcare
Abstract
:1. Introduction
- The architecture of Health-ID is presented, which consists of four actors, namely user, healthcare regulator, blockchain, and cloud storage. The owner can control their own identity by using web tokens for identity attributes. The healthcare regulators provide their attestation after conducting identity proofing. In order to maintain data integrity and auditability, the hash of the identity attribute is uploaded on the blockchain.
- Two smart contracts Health_SC and Registry_SC are deployed to facilitate the authentication and identification process. The health_SC allows users to manage their identity, whereas the registry_SC allows regulators to store the attestations.
- A consortium blockchain is used to implement healthID. The blockchain’s performance effectiveness and computational efficiency are computed using transaction gas cost, transaction per second, number of blocks lost, and block propagation time.
2. Related Work
3. Blockchain Overview
4. Remote Healthcare Identity Management System
4.1. Actors
- User: A user is the owner of the identity. A user in healthID can be a patient or a healthcare provider. The patient is a consumer of healthcare services, such as diagnosis, treatment, and therapy, whereas a healthcare provider is a professional that is licensed by regulatory authorities to provide healthcare services. Healthcare providers include doctors, nurses, pharmacists, dentists, opticians, midwives, psychologists, and psychiatrists, etc.
- Healthcare Regulator: A regulator is responsible for registering and administrating healthcare providers. Examples of healthcare regulators include the department of health and social care professionals, nursing council, and midwife council, pharmaceutical council, optical council. They are responsible for registering, renewing, and revoking the license of healthcare providers of their respective fields. On the other hand, public hospitals can register patients by verifying their public identity.
- Blockchain: A consortium blockchain is utilized to provide a secure and distributed identity management service for healthcare. The blockchain platform should support smart contracts such as Etherum and Hyperledeger. A piece of code known as the smart contract is deployed over Ethereum to ensure identity management. Two types of smart contracts are deployed, namely Health SC and Registry SC. The healthID of patients and providers is the address of their deployed smart contract over the Ethereum blockchain.
- Cloud storage: The cloud storage system is used to store the identity attributes of patients and healthcare providers. The identity attributes are stored in a JSON object and attested by a regulatory authority to create a JSON Web Token (JWT). The hash of the identity attribute can be used to locate and download a particular identity attribute. The identity owner may select a centralized storage system (such as dropbox) or a distributed cloud storage (such as IPFS) to store their identity attributes.
4.2. Proposed Architecture
4.3. Smart Contract
- set_public_key: This function allows the owner of the smart contract to upload and store its public key over the Ethereum network. Only the owner of the smart contract will be allowed to upload their public key.
- retrieve_public_key: This function allows anyone to retrieve the public key of the owner by using their healthID. Retrieving the public key from this function ensures that the public key belongs to the entity having the healthID.
- set_hash: This function allows the owner to store the hash and hashID of their identity attribute. The function stores the hash with the corresponding hashID of the identity attribute. Only the owner of the smart contract is allowed to upload the hash.
- retrieve_hash: This function is used to extract the hash by using the hashID of the identity attribute required. The function uses the hashID to locate and return the corresponding hash of the required identity attribute.
- pause_SC: This function allows the owner of the smart contract to pause and unpause the contract. If the smart contract is paused, no one will access the hash of the identity attribute.
- register_regulator: This function allows regulators to register themselves and upload their public key. The public key is stored with their corresponding Ethereum address. This function will only register the regulator who is operating as a node of the blockchain.
- verify_regulator: This function allows anyone to retrieve the public key of regulators using their Ethereum address. In addition, this function ensures that the regulator having a particular Ethereum address is registered on the network.
- register_attestation: This function allows regulators to register the healthID and public key of patients and healthcare providers. The Ethereum address of the regulator is also stored with it. Only the registered regulators will be able to use this function.
- verify_attestation: This function allows anyone to extract the public key of the registered healthID. In addition, the function returns the public key and Ethereum address of the regulator who provided the attestation.
- revoke_attestation: This function allows the regulator to revoke the attestation of a particular patient or healthcare provider using their healthID.
4.4. Identification and Authentication Workflow
- Deployment: In the first step, the healthcare provider will use the EoA account to deploy a smart contract on the Ethereum blockchain using their application. The address of the smart contract would be the digital healthID of the healthcare provider.
- Registration: In the registration step, a request along with the owner’s healthID is sent to the regulator by the provider. The regulator will use the healthID to request the public key from the provider’s health SC using retrieve_publickey function. Using the public key, the regulator will encrypt a challenge message and send it to the provider. If the provider decrypts using its private key and responds successfully, this ensures that the provider is the real owner of the healthID and public key.
- Identity proofing: In this step, the provider would be required to prove their identity by presenting their practice license. The provider may be required to physically or remotely present their license based on the policy of the healthcare regulator. After proofing is conducted successfully, the regulator registers the healthID and public key of the provider in the registry SC using the register_attestation function. The regulator further signs the identity attribute and provides an identity token (JWT) to the provider.
- HealthID Verification: In the first step, the healthcare provider sends the healthID to the patient. The patient uses the healthID to extract the public key from registry SC using the verify_attestation function. This ensures that the attested healthID is verified and registered by a particular regulator. The Ethereum address of the regulator providing the attestation is also provided. Next, the provider’s public key is used to send a challenge message to the healthcare provider. If the response is correct, this guarantees that the public key and healthID belong to the healthcare provider.
- Identity Assertion: In this step, identity assertion is used by the patient to authenticate the provider. The provider sends the hashID of the required identity token. The patient uses the hashID to receive the corresponding hash from the provider’s Health SC using the retrieve_hash function. This allows the blockchain to keep a record of each authentication taking place. The patient then uses the hash to retrieve the identity token (JWT) from cloud storage.
- Attribute Verification: The provider shares the symmetric key securely, which is used to decrypt the identity token received from the cloud. To verify the signature of the regulator, the public key of the regulator is requested using its Ethereum address from the verify_regulator function of Registry SC. This allows the patient to verify that the regulator is registered. The public key received is used to verify the identity token. This proves that the identity assertion is validated and attested by the regulator.
4.5. Discussion
5. Implementation and Evaluation
5.1. Blockchain Deployment
5.2. Performance Evaluation
- Transaction gas cost (TGS): TGS is the amount of gas needed to run a smart contract transaction on the Ethereum blockchain network. It represents the efficiency of the smart contract in terms of its execution. TGS needs to be minimized to achieve higher efficiency and lower delays in the network as each transaction is executed over all nodes of the blockchain.
- Transaction Per Second (TPS): TPS is the total transactions that can be carried out on the blockchain in one second. It is computed using the gasLimit divided by the TGS and . Where The is the actual block-time recorded from the geth console. The may differ from the block-time set in genesis due to synchronization and network delays.
- Number of Blocks Lost (NBL): The NBL is the number of blocks lost in the network. The NBL can be measured directly from the geth console. A block is lost when the sealer delays broadcasting the signed block for a specific time. After that, the block is replaced by a new block proposed by a backup sealer. The block that was required to be added to the blockchain is considered lost. Therefore, the number of blocks lost produces lag in the blockchain network. To reduce the delay of block generation, the NBL needs to be minimized.
- Block Propagation Time (BPT): BPT is the time that is needed for a new block to be distributed to the majority set of nodes present in the network. Each block is propagated to all nodes in the network after validation using a defined broadcast protocol. Thus, for a block to reach the entire network, it passes through approximately seven intermediary nodes. The propagation time for each block can be extracted from the geth console.
5.2.1. Transaction Gas Cost of HealthID Smart Contract
5.2.2. Effect of Block-Time and Gas-Limit on Blockchain Performance
5.2.3. Effect of Sealers on Blockchain Performance
6. Conclusions and Future Work
Author Contributions
Funding
Conflicts of Interest
References
- Stowe, S.; Harding, S. Telecare, telehealth and telemedicine. Eur. Geriatr. Med. 2010, 1, 193–197. [Google Scholar] [CrossRef]
- Wootton, R.; Craig, J.; Patterson, V. Introduction to Telemedicine; CRC Press: Boca Raton, FL, USA, 2017. [Google Scholar]
- Digital Health Global Market Trajectory & Analytics; Technical Report; Global Industry Analysts Inc.: San Jose, CA, USA, 2020.
- eHealth Market-2027|Global Industry Analysis By Development, Size, Share and Demand Forecast. Available online: https://www.marketwatch.com/press-release/ehealth-market--2027-global-industry-analysis-by-development-size-share-and-demand-forecast-2021-04-05?tesla=y (accessed on 1 May 2021).
- Seh, A.H.; Zarour, M.; Alenezi, M.; Sarkar, A.K.; Agrawal, A.; Kumar, R.; Ahmad Khan, R. Healthcare Data Breaches: Insights and Implications. Healthcare 2020, 8, 133. [Google Scholar] [CrossRef]
- Javed, I.T.; Copeland, R.; Crespi, N.; Emmelmann, M.; Corici, A.; Bouabdallah, A.; Zhang, T.; El Jaouhari, S.; Beierle, F.; Göndör, S.; et al. Cross-domain identity and discovery framework for web calling services. Ann. Telecommun. 2017, 72, 459–468. [Google Scholar] [CrossRef]
- Javed, I.T.; Toumi, K.; Alharbi, F.; Margaria, T.; Crespi, N. Detecting Nuisance Calls over Internet Telephony Using Caller Reputation. Electronics 2021, 10, 353. [Google Scholar] [CrossRef]
- Javed, I.T.; Toumi, K.; Crespi, N. TrustCall: A Trust Computation Model for Web Conversational Services. IEEE Access 2017, 5, 24376–24388. [Google Scholar] [CrossRef]
- Bouras, M.A.; Lu, Q.; Zhang, F.; Wan, Y.; Zhang, T.; Ning, H. Distributed Ledger Technology for eHealth Identity Privacy: State of The Art and Future Perspective. Sensors 2020, 20, 483. [Google Scholar] [CrossRef] [Green Version]
- Truong, N.B.; Sun, K.; Lee, G.M.; Guo, Y. GDPR-Compliant Personal Data Management: A Blockchain-Based Solution. IEEE Trans. Inf. Forensics Secur. 2020, 15, 1746–1761. [Google Scholar] [CrossRef] [Green Version]
- Rathee, T.; Singh, P. A systematic literature mapping on secure identity management using blockchain technology. J. King Saud Univ. Comput. Inf. Sci. 2021. [Google Scholar] [CrossRef]
- Javed, I.T.; Alharbi, F.; Margaria, T.; Crespi, N.; Qureshi, K.N. PETchain: A Blockchain-Based Privacy Enhancing Technology. IEEE Access 2021, 9, 41129–41143. [Google Scholar] [CrossRef]
- Alamri, B.; Javed, I.T.; Margaria, T. Preserving Patients’ Privacy in Medical IoT Using Blockchain. In Proceedings of the Edge Computing—EDGE 2020, Honolulu, HI, USA, 18–20 September 2020; Katangur, A., Lin, S.C., Wei, J., Yang, S., Zhang, L.J., Eds.; Springer International Publishing: Cham, Switzerland, 2020; pp. 103–110. [Google Scholar]
- Alamri, B.; Javed, I.T.; Margaria, T. A GDPR-Compliant Framework for IoT-Based Personal Health Records Using Blockchain. In Proceedings of the 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France, 19–21 April 2021; pp. 1–5. [Google Scholar] [CrossRef]
- Belotti, M.; Božić, N.; Pujolle, G.; Secci, S. A Vademecum on Blockchain Technologies: When, Which, and How. IEEE Commun. Surv. Tutor. 2019, 21, 3796–3838. [Google Scholar] [CrossRef] [Green Version]
- Houtan, B.; Hafid, A.S.; Makrakis, D. A Survey on Blockchain-Based Self-Sovereign Patient Identity in Healthcare. IEEE Access 2020, 8, 90478–90494. [Google Scholar] [CrossRef]
- Liu, Y.; He, D.; Obaidat, M.S.; Kumar, N.; Khan, M.K.; Choo, K.K.R. Blockchain-based identity management systems: A review. J. Netw. Comput. Appl. 2020, 166, 102731. [Google Scholar] [CrossRef]
- Lundkvist, C.; Heck, R.; Torstensson, J.; Mitton, Z.; Sena, M. Uport: A Platform for Self-Sovereign Identity. 2017. Available online: https://whitepaper.uport.me/uPort_whitepaper_DRAFT20170221.pdf (accessed on 1 May 2021).
- Windley, P.; Reed, D. Sovrin: A Protocol and Token for Self-Sovereign Identity and Decentralized Trust; The Sovrin Foundation: Provo, UT, USA, 2018. [Google Scholar]
- Ali, M.; Nelson, J.; Shea, R.; Freedman, M.J. Blockstack: A global naming and storage system secured by blockchains. In Proceedings of the 2016 USENIX Annual Technical Conference, Denver, CO, USA, 22–24 June 2016; pp. 181–194. [Google Scholar]
- Guo, R.; Shi, H.; Zhao, Q.; Zheng, D. Secure Attribute-Based Signature Scheme With Multiple Authorities for Blockchain in Electronic Health Records Systems. IEEE Access 2018, 6, 11676–11686. [Google Scholar] [CrossRef]
- Zhao, H.; Bai, P.; Peng, Y.; Xu, R. Efficient key management scheme for health blockchain. CAAI Trans. Intell. Technol. 2018, 3. [Google Scholar] [CrossRef]
- Wang, H.; Song, Y. Secure Cloud-Based EHR System Using Attribute-Based Cryptosystem and Blockchain. J. Med. Syst. 2018, 42, 1–9. [Google Scholar] [CrossRef]
- Cao, S.; Zhang, G.; Liu, P.; Zhang, X.; Neri, F. Cloud-assisted secure eHealth systems for tamper-proofing EHR via blockchain. Inf. Sci. 2019, 485, 427–440. [Google Scholar] [CrossRef]
- Yazdinejad, A.; Srivastava, G.; Parizi, R.M.; Dehghantanha, A.; Choo, K.K.R.; Aledhari, M. Decentralized Authentication of Distributed Patients in Hospital Networks Using Blockchain. IEEE J. Biomed. Health Inform. 2020, 24, 2146–2156. [Google Scholar] [CrossRef]
- Haddouti, S.E.; Kettani, M.D.E.C.E. Towards an interoperable identity management framework: a comparative study. arXiv 2019, arXiv:1902.11184. [Google Scholar]
- Mell, P.; Dray, J.; Shook, J. Smart Contract Federated Identity Management without Third Party Authentication Services. arXiv 2019, arXiv:1906.11057. [Google Scholar]
- Dunphy, P.; Petitcolas, F.A. A first look at identity management schemes on the blockchain. IEEE Secur. Priv. 2018, 16, 20–29. [Google Scholar] [CrossRef] [Green Version]
- Self-Sovereign Identity for More Freedom and Privacy. Available online: https://selfkey.org/ (accessed on 7 December 2020).
- Evernym|The Self-Sovereign Identity Company. Available online: https://www.evernym.com/ (accessed on 7 December 2020).
- Copyright. e-Health Systems; Rodrigues, J.J.P., Sendra Compte, S., de la Torra Diez, I., Eds.; Elsevier: Amsterdam, The Netherlands, 2016; p. iv. [Google Scholar] [CrossRef]
- Jiang, S.; Cao, J.; Wu, H.; Yang, Y.; Ma, M.; He, J. BlocHIE: A BLOCkchain-Based Platform for Healthcare Information Exchange. In Proceedings of the 2018 IEEE International Conference on Smart Computing (SMARTCOMP), Taormina, Italy, 18–20 June 2018; pp. 49–56. [Google Scholar] [CrossRef]
- Ray, P.P.; Chowhan, B.; Kumar, N.; Almogren, A. BIoTHR: Electronic Health Record Servicing Scheme in IoT-Blockchain Ecosystem. IEEE Internet Things J. 2021. [Google Scholar] [CrossRef]
- Rajput, A.R.; Li, Q.; Ahvanooey, M.T. A Blockchain-Based Secret-Data Sharing Framework for Personal Health Records in Emergency Condition. Healthcare 2021, 9, 206. [Google Scholar] [CrossRef]
- Wu, J.; Tran, N. Application of Blockchain Technology in Sustainable Energy Systems: An Overview. Sustainability 2018, 10, 3067. [Google Scholar] [CrossRef] [Green Version]
- Dib, O.; Brousmiche, K.L.; Durand, A.; Thea, E.; Ben Hamida, E. Consortium blockchains: Overview, applications and challenges. Int. J. Adv. Telecommun. 2018, 11, 51–64. [Google Scholar]
- Werner, S.M.; Pritz, P.J.; Perez, D. Step on the Gas? A Better Approach for Recommending the Ethereum Gas Price. arXiv 2020, arXiv:2003.03479. [Google Scholar]
(a) Gas Cost for Health Smart Contract | ||
No | Contract Transaction | TGS |
1 | Deploy Health_SC | 485,561 |
2 | set_publickey | 44,538 |
3 | get_publickey | 22,351 |
4 | set_hash | 46,887 |
5 | get_hash | 24,434 |
6 | pause_smartcontract | 43,436 |
(b) Gasgas Cost for Registry Smart Contract | ||
No | Contract Transaction | TGS |
1 | Deploy Registry_SC | 474,939 |
2 | register_regulator | 43,757 |
3 | verify_regulator | 23,920 |
4 | register_attestation | 66,327 |
5 | verify_attestation | 24,911 |
6 | revoke_attestation | 14,492 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Javed, I.T.; Alharbi, F.; Bellaj, B.; Margaria, T.; Crespi, N.; Qureshi, K.N. Health-ID: A Blockchain-Based Decentralized Identity Management for Remote Healthcare. Healthcare 2021, 9, 712. https://doi.org/10.3390/healthcare9060712
Javed IT, Alharbi F, Bellaj B, Margaria T, Crespi N, Qureshi KN. Health-ID: A Blockchain-Based Decentralized Identity Management for Remote Healthcare. Healthcare. 2021; 9(6):712. https://doi.org/10.3390/healthcare9060712
Chicago/Turabian StyleJaved, Ibrahim Tariq, Fares Alharbi, Badr Bellaj, Tiziana Margaria, Noel Crespi, and Kashif Naseer Qureshi. 2021. "Health-ID: A Blockchain-Based Decentralized Identity Management for Remote Healthcare" Healthcare 9, no. 6: 712. https://doi.org/10.3390/healthcare9060712
APA StyleJaved, I. T., Alharbi, F., Bellaj, B., Margaria, T., Crespi, N., & Qureshi, K. N. (2021). Health-ID: A Blockchain-Based Decentralized Identity Management for Remote Healthcare. Healthcare, 9(6), 712. https://doi.org/10.3390/healthcare9060712