Lejun Zhang,Minghui Peng,Weizheng Wang,Yansen Su,Shuna Cui and Seokhoon Kim

1College of Information Engineering,Yangzhou University,Yangzhou,225127,China

2School Math &Computer Science,Quanzhou Normal University,Quanzhou,362000,China

3Division of Computer Science,University of Aizu,Aizu–Wakamatsu,9658580,Japan

4Key Laboratory of Intelligent Computing and Signal Processing of Ministry of Education,School of Computer Science and Technology,Anhui University,Hefei,230601,China

5Medical College of Yangzhou University,Yangzhou,225001,China

6Department of Gynecology and Obstetrics,Affiliated Hospital of Yangzhou University,Yangzhou,China

7Department of Computer Software Engineering,Soonchunhyang University,Asan,Korea

Abstract:In the digital era,electronic medical record(EMR)has been a major way for hospitals to store patients’medical data.The traditional centralized medical system and semi-trusted cloud storage are difficult to achieve dynamic balance between privacy protection and data sharing.The storage capacity of blockchain is limited and single blockchain schemes have poor scalability and low throughput.To address these issues,we propose a secure and efficient medical data storage and sharing scheme based on double blockchain.In our scheme,we encrypt the original EMR and store it in the cloud.The storage blockchain stores the index of the complete EMR,and the shared blockchain stores the index of the shared part of the EMR.Users with different attributes can make requests to different blockchains to share different parts according to their own permissions.Through experiments,it was found that cloud storage combined with blockchain not only solved the problem of limited storage capacity of blockchain,but also greatly reduced the risk of leakage of the original EMR.Content Extraction Signature(CES)combined with the double blockchain technology realized the separation of the privacy part and the shared part of the original EMR.The symmetric encryption technology combined with Ciphertext-Policy Attribute-Based Encryption(CP–ABE)not only ensures the safe storage of data in the cloud,but also achieves the consistency and convenience of data update,avoiding redundant backup of data.Safety analysis and performance analysis verified the feasibility and effectiveness of our scheme.

Keywords:Cloud storage;blockchain;electronic medical records;access control;data sharing;privacy

1 Introduction

With the rapid development of information technology,medical data has become the key to discovering and treating diseases[1].More and more data is transferred from paper to electronic equipment because of the digitization of electronic storage[2,3].EMR has been a major way for hospitals to store patients’medical data.The emergence of EMR has brought great opportunities to the development of wise medical practice[4].Because the value inherent in EMR has given birth to business entities[5,6],EMR sharing is considered to be a promising approach[7,8].However,there are few critical problems in this environment.1)It is difficult for patients to obtain the data stored in the hospital[9].2)The conventional solutions are still vulnerable to information loss[10].3)Different medical institutions are loath to share their data[11].To address these issues and meet the high demands on data sharing[12],some researchers proposed to use a third–party cloud instead of a private database for data sharing[13,14],and some cryptographic schemes have been proposed to solve these issues,though the disadvantages still exist[15,16].For the storage and sharing of EMR,there are still some challenges,such as interoperability[17],data security,and privacy[18,19].For the hospital,the sheer volume of data stored with third parties is not reassuring[20].The consistency and interoperability of the different types of data from different medical institutions are big problems for data sharing[21].The emergence of blockchain ensure security and transparency[22].In recent years,the distributed healthcare blockchain system[23]has emerged[24,25].

Although the emergence of blockchain provides the possibility to solve these issues,the storage capacity of blockchain is limited and single blockchain schemes have poor scalability and low throughput.To address these issues,we propose an EMR storage and sharing scheme based on double blockchain.The main contributions of this paper are summarized as follows:

1.CES combined with the double blockchain technology realizes the separation of the privacy part and the shared part of the original EMR.

2.Cloud storage combined with the double blockchain technology not only solves the problem of the limited storage capacity of the blockchain and reduces the risk of medical data leakage,but also improves throughput and enhances scalability.

3.The symmetric encryption technology combined with the CP–ABE technology not only ensures the storage security of data in the cloud,but also achieves the consistency and convenience of data update.

The rest of the article is organized as follows:in Section 2,we review the related work about the storage and sharing of EMR,and then discuss their limitations.The related technologies of this paper will be described in Section 3.Next in Section 4,the system model of this paper will be described.In Section 5,the process of EMR storage,sharing and management in this scheme will be described in detail.In Section 6,we will conduct security analysis and performance analysis on our scheme.Finally,Section 7 concludes the paper and illustrates future expansion.

2 Related Work

In this section,we outline the research status of cloud services and blockchain technology to achieve secure storage and efficient sharing of EMR.

Zhang et al.[26]propose a secure medical record storage and sharing scheme based on double blockchain.In this article,patients encrypt their EMR with private keys and store them in a third-party cloud server.In fact,there is no reliable third party in the real world.The system designed by Xi et al.[27]is based on a permissioned blockchain which allows access to invited users and verified users.The strict access control reduces the efficiency of EMR sharing.The above two schemes both have the same problem in the sharing process of EMR.When a third party needs to view part of the EMR,the compete EMR must be transmitted.It is easy to leak the privacy of the patient and cause waste of resources.To solve this problem and improve efficiency,scientific researchers have proposed CES.Liu et al.proposed a blockchain—based privacy—preserving data sharing scheme[28].This scheme uses CES to achieve the separation of the private part and shared part of EMR.After patients remove the private part of the EMR,each shared part is encrypted and uploaded to the cloud,and the indexes are stored in the blockchain.Because the cloud only stores the shared part,the patient cannot retrieve the complete EMR.

The traditional centralized medical system and semi-trusted cloud storage are difficult to achieve a dynamic balance between privacy protection and data sharing.The storage capacity of blockchain is limited and single blockchain schemes have poor scalability and low throughput.To address these issues,we propose a secure and efficient medical data storage and sharing scheme based on double blockchain.In our scheme,we encrypt the original EMR and store it in the cloud.The storage blockchain stores the index of the complete EMR,and the shared blockchain stores the index of the shared part of the EMR.Users with different attributes can make requests to different blockchains to share different parts of the EMR according to their own permissions.

3 Preliminaries

3.1 Blockchain

Blockchain technology is the basic technology of Bitcoin[29]invented by the mysterious Satoshi Nakamoto in 2008.The block header contains information such as version number,previous block hash,nonce,Merkle root,timestamp and target difficulty.The blockchain operates in a peer-to-peer manner.After all transactions are broadcast in the blockchain network,all transactions will be allocated to each network maintenance node in the blockchain for verification.Only when 51% of the participating nodes in the blockchain network reach a consensus can the block be validated and added to the blockchain.All legal transactions are stored in data blocks.The basic structure of the blockchain is shown in Fig.1.

Figure 1:Blockchain basic structure

3.2 Smart Contract

The concept of smart contract was first proposed in 2014.Although the idea of smart contracts was proposed long ago,it has never been able to be implemented.It was not until the emergence of blockchain technology that it provided a supportable platform for smart contracts.Smart contracts are modular,reusable,and automatically executed scripts that run on the blockchain.Once the preset conditions are met,the smart contract can be performed automatically without a third party,and the results are written into the blockchain.Through using smart contracts,we can achieve trusted transactions,and these transactions are traceable and irreversible.For users who violate smart contracts,the smart contract setter has the right to revoke the user’s authority.

3.3 Content Extraction Signature

When a third party needs to view part of the EMR,the compete EMR must be transmitted.But it is easy to leak patients’ privacy and cause waste of resources.Therefore,there is a need for a digital signature scheme based on fine-grained level which must ensure that users can sign at any granular level and the signer can control the extraction method of the signed content.CES can meet the above requirements,and this method is more efficient in terms of computation and communication.CES allows users to remove private data according to their wishes and extract the shared data[30].It has been widely used in many fields.

3.4 Ciphertext Policy Attribute Based Encryption

The concept of attribute-based encryption not only realizes one-to-many communication means,but also enhances the information confidentiality.The attribute encryption mechanism is divided into Key Policy Attribute Based Encryption(KP–ABE)and CP–ABE.The specific process is described as follows:Firstly,the authority sets public parameters and master key.Secondly,the data owner can define his own access control policy.The ciphertext adopts a tree structure to describe the access policy.Thirdly,the data owner encrypts the message to form a ciphertext.Fourthly,after users submit their attributes to the certification authority,they will obtain their own public key and private key.Finally,only when their attributes satisfied the access policy,the user can decrypt the ciphertext.

4 EMR Storage and Sharing Model Based on Double Blockchain

4.1 Notations

Notations and corresponding descriptions are given in Tab.1.

Table 1:Notations

Table 1(continued).NotationsDescription KpatiP’s symmetric encryption key Mshare/Mprivate/Mfull/extShared part/privacy part/complete EMR/extraction part δi /δfull //δextSignature of sub-message/full signature/extract signature AUU’s attribute set SKAU/SKAU g/SKAU pU//Ug/Up’s attribute private key AC-CPThe access policy Indexshare/IndexfullMshare’s index/Mfull’s index CfullCiphertext stored in the cloud urlfullCfull’s storage address PKSystem public parameters MKSystem master key CEASContent extraction access structure H A hash function T A timestamp Tagshare/TagfullMshare’s tag/Mfull’s tag AC-CPshare /AC-CPprivateMshare’s AC-CP/Mprivate’s AC-CP

4.2 System Model

As shown in Fig.2,our model is divided into three layers.The role of these three layers is introduced as follows.

Data Acquirement Layer.In the data acquirement layer,DgeneratesMfulland δfull.Pcan extract the sub-messages fromMfull.AfterPuploads corresponding information to the cloud,the cloud will returnurlfull.Pcan generateIndexshareandIndexfullaccording tourlfull.

Data Storage Layer.The main function of this layer is to storeIndexfull,IndexshareandCfull.We use the storage blockchain to storeIndexfulland use the shared blockchain to storeIndexshare.The cloud stores the ciphertext of sub-message,the corresponding symmetric key ciphertext,and the signature of the submessage.

Data Sharing Layer.We achieve the data sharing ofMfullandMshare.Upcan obtainMfullafter making a request to the storage blockchain.Ugcan send requests to the sharing blockchain to achieve sharingMshare.

5 EMR Storage and Sharing Scheme Based on Double Blockchain

5.1 EMR Storage Based on Double Blockchain

5.1.1 EMR Storage Based on Double Blockchain

Figure 2:System overall framework

5.1.2 Extraction of Sub-Messages

5.1.3 Encryption of Sub-Messages

Figure 3: Ki’s tree structure access control policy,i ∈ 1,8,9{}

AfterPuploads the ciphertext to the cloud,Pwill receive the storage addressurlfull.The ciphertext stored in the cloud is shown in Eq.(5).

5.1.4 Index Generation

In this section,Pgenerates indexes ofMshareandMfullrespectively according tourlfull.The two index generation methods are introduced as follows.

Figure 4: Ki’s tree structure access control policy,i ∈{2,3,4,5,6,7}

5.1.5 Index Release

5.2 EMR Sharing Based on Double Blockchain

5.2.1 Double Blockchain Access Authentication

In order to achieve the sharing of EMR,first of all,patients first need to make a request to the blockchain to obtain the cloud data storage address.The steps to obtain the cloud data storage address are the same for both sharingMshareand sharingMfull.Uinitiates an EMR request transactionReqUto the blockchain network.The requestReqUis shown in Eq.(14).Once the preset conditions are met,the smart contract can be performed automatically without a third party,and the results are written into the blockchain.Through using smart contracts,we can achieve trusted transactions,and these transactions are traceable and irreversible.For users who violate smart contracts,the smart contract setter has the right to revoke the user’s authority.

5.2.2 Ciphertext Acquisition

In this section,Pwill obtain the ciphertext stored in the cloud according to the obtained index.The detailed process is described as follows.

Ugfirst send a request to the sharing blockchain.If the request meets the access control preset by the smart contract,the smart contract will be automatically induced to useSKpatto decryptIndexshare,thenUgcan obtainurlfull,Tagshareand δIndexshare.AfterUgsubmits these data to the cloud server,the cloud server will verify the correctness of the signature,if the signature is correct,the cloud server will send the ciphertextCmi,the corresponding symmetric encryption key ciphertextCKiand the corresponding signature δitoUg,where i ∈ {2,3,4,5,6,7}.

The process ofUprequesting to shareMfullis similar toUgrequesting to shareMshare.

5.2.3 Ciphertext Decryption and Verification

In order to decrypt and verify the obtained ciphertext,Ufirst submitAUto the authorized institution.After the authorized institution verifies the accuracy of the attribute ofU,the authorized institution will generateSKAU,then the authorized institution sendsSKAUandPKtoU.Therefore,the public key ofUisPKand the private key isSKAU.Because different data users have different permissions,the decryption of ciphertext is divided into two parts:Mshareciphertext decryption andMfullciphertext decryption.The following two detailed decryption processes are introduced as follows.

(1)Mshareciphertext decryption

AfterUgobtain the shared part ciphertextCmi,the corresponding symmetric encryption key ciphertextCKiand the corresponding signature {δ2,δ3,δ4,δ5,δ6,δ7},where i ∈ {2,3,4,5,6,7}.Ugwill first decrypt the symmetric encryption key ciphertext,decryption process is shown in Eq.(15).ThenUguse the obtained symmetric encryption key to decryptMshareciphertext,decryption process is shown in Eq.(16).Therefore,Ughave realized the sharing ofMshare.

(2)Mfullciphertext decryption.

AfterUpobtain the shared part ciphertextCmi,the corresponding symmetric encryption key ciphertextCKiand the corresponding signature δi,wherei∈1,9[ ].Upwill first decrypt the symmetric encryption key ciphertext,decryption process is shown in Eq.(17),thenUpuse the obtained symmetric encryption key to decryptMfullciphertext,decryption process is shown in Eq.(18).Therefore,Uphave realized the sharing ofMfull.

5.3 EMR Management Based on Double Blockchain

5.3.1 Definition of Sub-Message

5.3.2 Definition of User Rights

Figure 5: Ki’s tree structure access control policy,i ∈ 1,8,9{}

Figure 6: Ki’s tree structure access control policy,i ∈ {2,3,4,5,6,7}

6 Performance Analysis

6.1 Security Analysis

Security is a key issue in EMR sharing.Here,we analyze the security of our scheme from the following four aspects.

1.Anti-tampering:Our scheme encrypts the original EMR and stores it in the cloud,Indexfullis stored in the storage blockchain.Indexshareis stored in the shared blockchain.Therefore,the tamper-proof feature of the blockchain ensures that the original EMR stored in our cloud are immutable and cannot be modified arbitrarily.

2.Privacy protection:In our scheme,the semi-trusted cloud cannot obtain the plaintext of EMR.Compared with setting strict access control,Pcan separate the private part and shared part of the EMR according to their own wishes in our scheme,the double blockchain technology also realizes the separation of the private data and shared data.Our scheme achieves true privacy protection.

3.Data consistency:In order to realize that users with different attributes can access different parts,the cloud needs to store a complete EMR and a shared part in traditional schemes.While in our scheme,we use CP–ABE technology to encryptMshareandMprivateseparately so that the cloud only needs to store an original EMR,ensuring the consistency of data update and avoiding redundant backup of data.

4.Data integrity:From the generation of the complete EMR,to the extraction of the privacy and shared parts,and then to storage and sharing.Throughout these processes,our scheme ensures the integrity and accuracy of EMR.

6.2 Efficiency Analysis

6.2.1 Cloud Storage Efficiency Analysis

We compare the amount of data that the three schemes of traditional scheme,BPDS and our scheme need to store in the cloud,as shown in Tab.2.

Table 2:Ciphertext storage

From Tab.2 we can see the comparison of the amount of data that the traditional scheme and our scheme.The cloud needs to storeCMfull,CMshare,δMfulland δMsharein the traditional scheme.Our scheme only needs to storeCmi,CKiand δi,wherei∈1,9[ ],there is no need to back upMshare.Although our scheme stores symmetric encryption ciphertext and signature of the key,the amount of these data is very small compared toMshare.Our scheme not only ensures the safe storage of data in the cloud,but also achieves the consistency and convenience of data update,avoiding redundant backup of data.

From Tab.2 we can see the comparison of the amount of data between BPDS scheme and our scheme.BPDS scheme only needs to storeCmi,δiin the cloud,wherei∈2,7[ ],while our scheme needs to storedCmi,CKi,δiin the cloud,wherei∈1,9[ ].Although our scheme stores more data,our scheme does not cause redundant backup of data.Compared with BPDS scheme,our scheme can realize thatUpcan accessMfullandUgcan accessMshare.

It is assumed that the number of sub-messages in each complete EMR isz,the number of sub-messages in the shared part isxand the number of sub-messages in the privacy part isy.z=x+y.In the BPDS scheme,whenPupload an EMR to the cloud,they need to upload the sub-messages of the shared part separately.But in our scheme,Ponly need to upload the EMR once.

The above results show that the amount of data that our scheme needs to store in the cloud is between the traditional scheme and BPDS scheme.Compared with the traditional scheme,our scheme saves storage space in cloud storage.Compared with BPDS scheme,our scheme saves the time of uploading EMR and the time of index generation,our scheme also provides better server quality.

6.2.2 Blockchain Storage Efficiency Analysis

WhenPneed to store and share his own EMR,Pneed to store thesexindexes into the blockchain in BPDS scheme.But in our scheme,Ponly need to store the index of the complete EMR in the storage blockchain,and store the index of the shared part in the shared blockchain.The storage capacity of the blockchain is limited,our scheme better realizes the storage of the indexes and reduces the burden of blockchain storage.

6.2.3 Blockchain Sharing Efficiency Analysis

In BPDS scheme,all users request to share the shared part of the EMR on a blockchain.Because each sub-message of the shared part is separate,xrequest needs to be issued for the sharing of an EMR.But in our scheme,we adopt a tamper-proof double blockchain structure to distinguish users,at the same time,users only need to issue one request on a blockchain.Compared with BPDS scheme,our efficiency has improved a lot.The experimental results are shown in Figs.7 and 8.

Figure 7:Response time of user requests when number of users and shared sub-messages is different

Figure 8:Average response time of user requests when number of users is different

As can be seen from Fig.7,when the number of users in the system is fixed,as the number of submessages increases,the response time for processing user requests continues to increase in BPDS scheme.The reason is that each sub-message in BPDS scheme is separated.However,in our scheme,our cloud stores a complete EMR,so the response time for processing user requests is not affected by the number of sharing sub-messages.

As can be seen from Fig.8,when the number of users does not exceed the carrying capacity of the system,our scheme and BPDS scheme can still quickly process user requests,but as the number of users increases,the double blockchain structure has more and more obvious advantages compared with the traditional single blockchain,in the meanwhile,the double blockchain structure allows users with different attributes to request sharing on different blockchains.

6.2.4 Analysis of EMR Update Efficiency

(1)Definition of sub-message:WhenPneed to redefine whether the sub-message of the EMR belongs to private data or shared data in BPDS scheme,Pcannot reset the privacy and shared parts of EMR.But in our scheme,after extracting all the sub-messages of the EMR,Ponly need to re-encrypt the symmetric encryption key corresponding to the sub-message,and replace the original symmetric encryption key ciphertext.

(2)Definition of user rights:EMR that has been uploaded to the cloud should exist as a kind of historical data.WhenPneed to redefine user rights,Pneed to re-encrypt the EMR and upload them to the cloud in BPDS scheme.The replacement of the original EMR will often lead to inconsistencies in the data.But in our scheme,re-encrypting symmetric encryption keys can realize the redefinition of user rights without changing and replacing the original EMR,our scheme ensures data update consistency and convenience.

7 Conclusion

The traditional centralized medical system and semi-trusted cloud storage are difficult to achieve a dynamic balance between privacy protection and data sharing.The traditional EMR storage and sharing scheme based on a single blockchain has poor scalability and low throughput.Our paper proposes an EMR storage and sharing scheme based on double blockchain.The original EMR is encrypted and stored in a semi-trusted cloud.We use a tamper-proof double blockchain structure to store the index of the complete EMR and the index of the shared part.Double blockchain structure allows users with different attributes to request sharing on different blockchains.CES combined with CP–ABE allowsPto share EMR according to their wishes.Through experimental analysis,compared with the traditional scheme and BPDS scheme.our scheme not only saves the cloud storage space,but also ensures the consistency of storage.In our scheme,Pcan achieve complete privacy protection when sharing data.

Acknowledgement:The authors would like to thank the reviewers for their detailed reviews and constructive comments,which have helped improve the quality of this paper.

Funding Statement:This work is sponsored by the Natural Science Foundation of Heilongjiang Province of China under Grant No.LC2016024.Natural Science Foundation of the Jiangsu Higher Education Institutions Grant No.17KJB520044 and Six Talent Peaks Project in Jiangsu Province No.XYDXX–108.

Conflicts of Interest:The authors declare that they have no con icts of interest to report regarding the present study.