A Light And Secure Healthcare Blockchain For IoT Medical .
A Light and Secure Healthcare Blockchain for IoTMedical DevicesGautam Srivastava † , Jorge Crichigno‡ , and Shalini Dhar§ †Department of Mathematics and Computer Science, Brandon University, Brandon, CanadaResearch Center for Interneural Computing, China Medical University, Taichung, Taiwan, Republic of China‡ Integrated Information Technology, University of South Carolina, Columbia, U.S.A.§ Department of Electronics and Communication, University of Allahabad, Allahabad, IndiaAbstract—This paper deals with the incorporation ofBlockchain technology in the security of Internet of Things(IoT)based on Remote Patient monitoring systems. The paper presentsthe benefits and also practical obstacles of blockchain-basedsecurity approaches in remote patient monitoring using IoTdevices. Furthermore, the paper evaluates various potentiallysuitable cryptographic technologies for deployment in IoT.Keywords —Blockchain, Internet of Things, Smart Contract,Information and Network Security, Privacy, Key Management,Authentication high computational power to solve PoWlow scalabilitylong latency for transaction confirmation [6], [7].We propose a novel model of blockchain and eliminate theconcept of PoW to make it suitable for IoT devices. Our modelrelies on the distributed nature and other additional securityproperties to the network. In the next sections, we will discussin detail the drawbacks in current blockchain models for IoTand our proposed solutions and implementation.I. I NTRODUCTIONMany countries are suffering from a dramatic increase inthe number of patients, and it is becoming more difficult forpatients to access primary doctors or caregivers. In recentyears, the rise of IoT and wearable devices has improved thepatient quality of care by remote patient monitoring [1]. Italso allows physicians to treat more patients. Remote patientmonitoring (RPM) provides monitoring and care of patientsoutside of the conventional clinical setting (in the home asan example). The main component of a RPM system couldbe, a specially designed monitoring device to monitor andtransmit health data to smart contracts, a smartphone withinternet connectivity and a RPM application [2]. Wearabledevices and IoT play an important role in RPM and inthe current push to develop Smart Cities. Wearable devicescollect patient health data and transfer them to hospitals ormedical institutions to facilitate health monitoring, diseasediagnosis, and treatment. In doing so, we see a Big Datasituation develop through all the patient data being analyzedand transferred [3]. To handle such patient data with otherinstitutions, such infrastructure demands secure data sharing.The solution for data privacy and security in IoT scenariosmay very well be hidden in blockchain technology [4]. Initiallyproposed by Satoshi Nakamoto in [5], blockchain technologyprovides the robustness against failure and data exposure. Theminers (responsible for creating blocks) constantly try to solvecryptographic puzzles (named Proof of Work (PoW)) in theform of a hash computation. The process of adding a newblock to the blockchain is called mining. However, adoptingblockchain in the context of IoT is not straightforward. Thereare several problems currently noticeable in blockchain includingbut not limited to:II. D RAWBACKS AND SECURITY ISSUESThe main concern in RPM systems is the secure andefficient transmission of medical data. The inability to delete orchange information from blocks makes blockchain technologythe best technology for healthcare systems and could preventthese issues [8]. But Blockchain technology in its originalform is not a long-term solution. It has limitations that whenconnected to IoT scenarios become very evident. In thissection, we discuss the challenges for applying blockchain toIoT and explain how to solve these problems in our model.A. System Requirements and Solutions1) Decentralization: To ensure robustness and scalabilityand to eliminate many-to-one traffic flows we need adecentralized system. Using such decentralized systemsinformation delay problems that are seen on occasionwith Blockchain. In our model, we are using an overlaydecentralized network [9].2) Authentication and Security of data: User’s computersor cloud services store data that could be modifiedor lost while transmitting itc̃iteal2017medibchain. Thepreservation of such incorrect tampered data increasesthe burden to the system and can also cause issues tothe patient using RPM. Therefore to ensure that datais not modified we use a digital signature scheme. Onthe receiver side, data is verified with the user’s digitalsignature and if received correctly, it sends a receipt ofdata to the patient.3) Scalability: Solving “Proof of Work” (PoW) is computationally intensive, however, IoT devices are veryresource restricted [10]. The IoT network in most cases
contains a large number of nodes and Blockchain Technology scales poorly to large networks as the numberof nodes in the network increases. We eliminate theconcept of PoW in our overlay network and also divideour overlay network into several clusters instead of asingle chain of blocks. Therefore a single blockchainis not responsible for all nodes in the network, insteadnodes are split into several clusters.4) Data Storage: Storing IoT big data over Blockchaintechnology is not practical and therefore we propose theuse of cloud servers to store encrypted data blocks. Thedata can be interpreted as secure over the cloud dueto additional cryptographic security present includingdigital signatures and high standard encryption [11].5) Anonymity of users: Medical data of a patient maycontain sensitive information, and therefore data mustbe anonymized over the network. For anonymity, we areusing a Ring structure along with digital signatures. Ringsignatures allow a signer to sign data anonymously. Thatis to say, that the signature is mixed with other groups(named ring), and no one (except the actual signer)knows which member signed the message [12].6) Security of data: To save the data from hackers, we areusing a double encryption scheme. We encrypt the datausing lightweight ARX algorithms and then encrypt thedata again using the public key of the receiver [13]. Also,we are using Diffie-Hellman key exchange technique totransfer the public keys and therefore to get the keys isalmost impossible for an attacker [14].III. O UR P ROPOSED S YSTEMOur system consists of five parts: Overlay network Cloud storage Healthcare providers Smart contracts Patient equipped with IoT devices.1) Overlay network: An overlay is a peer to peer networkthat is based on a distributed architecture. The nodesconnected to the network could be a computer, smartphone, tablet or any other IoT device as well. To increasenetwork scalability and avoid network delay, we groupthe nodes in the form of many clusters. Each clusterhas one Cluster Head. Each cluster head has a uniquepublic key which is shared with other clusters using theDiffie-Hellman algorithm. The cluster head also containsthe information about the public keys of nodes which areallowed to access data from the network. These networksonly contain the hash of the blocks (not the original datawhich is stored in the cloud). Each block also containsthe hash of the previous block, and therefore we cantreat it similar to the blockchain.2) Cloud Storage: Instead of saving the IoT healthcaredata over blockchain directly, we use cloud storageservers to save the patient data. The cloud storage groupsuser’s data in identical blocks associated with a uniqueblock number. Cloud storage is connected to overlaynetworks, once the data stored in a block, the block isencrypted using the shared public key of the user, andcloud server sends the hash of the data blocks to theoverlay network.3) Healthcare providers and Patients: Healthcareproviders are appointed by insurance companies or bypatients to perform medical tests or to provide medicaltreatments. Healthcare services provide treatment topatients once they receive an alert from the network.Patients themselves are the owners of their personaldata and responsible for granting, denying or revokingdata access from any other parties, such as insurancecompany or health care providers [15].4) Smart contracts: Smart contracts allow the creation ofagreements in any IoT devices which is executed whenthe given conditions in the contract are met [16]. Consider we set the condition for the highest and lowest levelof patient blood pressure. Once readings are receivedfrom the wearable device that do not follow the indicatedrange, the smart contract will send an alert message tothe authorized person or healthcare provider and alsostore the abnormal data into the cloud so that healthcareproviders can receive the patient blood pressure readingsas well when needed in real time.IV. C RYPTOGRAPHIC TECHNIQUES USED IN THE MODELInstead of only one type of encryption technique, weuse both encryption schemes, Symmetric and Asymmetricfor different purposes. Symmetric algorithms (Private keyencryption) use the same key for both encryption of plaintextand decryption of ciphertext, whereas asymmetric algorithms(Public key encryption) use different keys for encryption ofplaintext and decryption of ciphertext. We use the variablename ksym for the private key or symmetric key in ouralgorithms, and the same key will be used for encryption anddecryption on both side of the transmission.An asymmetric encryption sender will have one key pair(skpriv , skpub ), and receiver will have another key pair(rkpriv , rkpub ). Data can be encrypted using receivers publickey rkpub and can be decrypted using her private key rkpriv .Generally, we use abbreviation plaintext (P ) for the normaldata file and ciphertext (C) for the encrypted data file.A. ARX Encryption Algorithm:In our model, we are using a particular branch of theSymmetric key, called ARX algorithms to encrypt the datafor Blockchain. These algorithms are made of the simple operations Addition, Rotation and XOR and support lightweightencryption for small devices. One example of the latest goodARX cipher is SPECK [17], [18], designed by NationalSecurity Agency (NSA), US in June 2013. SPECK is a familyof lightweight block ciphers with the Feistel-like structurein which each block is divided into two branches, and both
branches are modified at every round. Each block size isdivided into two parts, left half and right half.B. Digital Signature:We add a digital signature to the data for authenticationpurposes. Digital signatures are the public-key primitives ofmessage authentication. Each user has a public-private keypair. Generally, the key pairs used for signing/verifying andthe key pairs used for encryption/decryption are different.In our case sender will have one key pair (skspriv , skspub ),and receiver will have another key pair (rkspriv , rkspub ). Thesenders private key skspriv is used to sign the data, and thekey is referred to the signature key while senders public keyskspub is used for verification on the receiver side of thetransmission. Signer feeds the data or plaintext into the HashFunction and generates the hash value hashp . Hash valuehashp of plaintext and signature key skspriv are then fed tothe signature algorithm and sent along with the encrypted data.During the verification process, the verifier generates the hashvalue hashr of the received data from the same hash function.Using the Verification algorithm and signers public key, he alsoextracts the original hash value hashp of plaintext and if thevalue of hashp and hashr are same then data is verified andnot changed during the transmission process.Algorithm 1 Data Encryption1:2:3:4:5:6:7:8:9:For the digital signature senders can use twokeys (skspub , skspriv ) that is different from theencryption/decryption keys. To add the digital signature,the sender first passes the data file to the Hash Function andcreates the hash value hashp of the data. Then he signs thedata using his private key skspriv by passing the value of theprivate key and hash value hashp to the Signature Algorithm.The signers public key skspub can be used to verify data onthe receiver side. To apply the Anonymity of the patient oruser, we add ring signature in our Algorithm 2.Algorithm 2 Ring Signature and Public Key Sharing1:C. Ring Signature:We use Ring signature technology, which allows a signer tosign data in an anonymous way. The signature is mixed withother groups (named ring) and no one (except actual signer)knows which member signed the message. Ring Signature wasoriginally proposed by Rivest in 2001 [19]. A user desiring tomix his transaction sends a request to the Blockchain network.The request comprises of the public key skspub . After receivingthe request the network sends back a certain amount of publickeys (sk1spub , sk2spub , sk3spub , sk4spub which are collectedfrom other users (u1 , u2 .uN ) who also applied for mixingservice, including skspub . Using ring signatures in our modelwe can get two important security properties. They are SignersAnonymity and Signature Correctness.In our proposed system, we need to transfer the publickey through the network. To make data more secure, we alsoshare the public key secretly. To share the public key skspubsafely along the network we are using the Diffie-Hellman keyexchange technique.V. A LGORITHMSIn our encryption Algorithm 1, we encrypt the data f ileby using the symmetric key ksym and produce a ciphertext fileC. After encryption, we use double encryption technique andencrypt the key ksym by using the public key cryptography.We use the receivers public key rkpub to encrypt the symmetrickey ksym and send the encrypted key along with the ciphertextC. We denote the encrypted symmetric key with Ck .function E NCRYPTION (data f ile)if user confirm data preservation over blockchain thenGenerate a symmetric key ksymC Encryptsym (data f ile, ksym )Ck Encryptasym (ksym , rkpub )elseDo nothingend ifend function2:3:4:5:6:7:8:9:function S IGNATURE (data f ile)if user chose anonymity over blockchain thenGenerate a asymmetric public-private key pair(skspub , skspriv )hashp calculate hash of the data f ileCreate the Digital Signature using hashp andsigners private key sksprivShare the public key skspub to the receiver usingDiffie-Hellman key exchangeMix the signature with other network group toform a ringend ifend functionThe user will ask the network for other accounts who alsowant to add ring signatures to their transactions. The networkwill then provide them with a set of users who also wish toapply ring signatures. The sender’s transactions are then mixedwith other users transactions and sent over the network. No onewill be able to identify the original signer of the ring group.The process is described in the block diagram (Figure 1) ofour model.To decrypt the ciphertext data C (Algorithm 3), we need thesymmetric key ksym . The symmetric key was encrypted usingthe public key rkpub of the receiver, and therefore receiversprivate key rkpriv can only decrypt the symmetric key. We firstdecrypt the Ck using the private key rkpriv of the receiver andget the original symmetric key ksym . We apply the key to theciphertext C and get the original plaintext or data file.
Sender (s)Overlay NetworkReceiver (r)Plaintext pPlaintext pC Encrypt (P)key (ksym)Add DigitalSignature (u)Ck Encrypt (ksym)key (r's public key)RingP Decrypt (C)key (ksym)Request othertransactions toform RingVerify DigitalSignature (u)ksym Decrypt (Ck)key (r's private key)u1, u2.uNu, u1, u2,.uNRingu, u1, u2,.uNCiphertext (C)Cipherkey (Ck)Ciphertext (C)Cipherkey (Ck)Ring SignatureRing SignatureEncrypted Text Ring SignatureEncrypted Text Ring SignatureFig. 1: Block Diagram of ModelAlgorithm 3 Data Decryption1:2:3:4:5:6:Input: Encrypted file C, Encrypted symmetric key (Ck )Output: Decrypted data f ilefunction D ECRYPTION (C, Ck , rkpriv , ksym )ksym Decryptasym (Ck , rkpriv )data f ile Decryptsym (C, ksym )end functionDuring the verification process (Algorithm 4), a Verifiergenerates the hash value hashc of received data (ciphertext)using the same hash function. Also, the verifier feeds thedigital signature and the verification key into the verificationalgorithm and extracts the hash value hashp of original data(plaintext). If both hash values are equal, it means data file isnot modified during transfer between sender and receiver.Algorithm 4 Signature Verification1: Input: Encrypted file C, Signers Public key (skspub )2: function V ERIFICATION (C, skspub )3:hashc calculate hash of the received encrypted data file4:5:6:7:8:9:10:C to be verifiedUsing Public key skspub of signer, extract hashp of sendersfileif hashc hashp thenreturn Celsereturn “Signature incorrect”end ifend functionVI. M ODEL I MPLEMENTATIONIn our system, the patient is equipped with wearable devicessuch as a blood pressure monitor, insulin pump, or otherknown devices which are constantly evolving in today’s medical world. The health information is sent to smart devices suchas a smartphone or tablet for the formatting and aggregation bythe application. Once complete, the formatted information issent to the relevant smart contract for full analysis along withthe threshold value. The threshold value decides whether thehealth reading is NORMAL as per standard readings or not.If the health reading is abnormal, then the smart contract willcreate an event and send an alert to the overlay network andto the patient. Also, it stores the abnormal readings to cloudservers and cloud server transfer the hash of the stored datato the overlay network. When health data is transferred to thecloud server, the sender adds a digital signature to the data.Overlay network then sends an alert to the health providers.Here, we are not storing the health readings to the overlaynetwork, but we only store the transaction alert to the overlaynetwork.Health Alert Events should also be anonymous, and privacy preserved to the overlay network. We treat this alertas a transaction of the specific user and apply all advancecryptographic techniques according to the algorithm explainedin Section V. Here the entity who is sending the informationcould be treated as a sender and the entity who is receivingthe information could be treated as a receiver. Here we onlydescribe the flow of data in our system and do not describeall the encryption/decryption technical details as we alreadyexplained cryptographic techniques in above sections by takinga general model of the sender, receiver and network. Anoverlay network contains the public key information of allconnected nodes and hash indexes of the stored data over thecloud. Once the healthcare provider node gets an alert, he/sheaccess the full health reading of patient for which he/she isauthorized over the network.
VII. F UTURE W ORKThis paper takes an initial look at a blockchain-basedmodel glimpsing into any current IoT-based remote monitoringsystem using known secure crypotographic tools. Since thisproject is in its infancy, our main future direction for thiswork is to implement the system in a testable system toprovide some real world security and efficiency guaranteesapart from what has already been established for all theindividual components used. Through community engagement,we also hope to find partners to help bring some of thenovel ideas mentioned in this work to become available tothe general public.VIII. C ONCLUSIONIn this paper, we introduced a novel blockchain based IoTmodel to provide advanced security and privacy propertiesto the current IoT based remote patient monitoring system.Use of blockchain in IoT based models is not straightforward,and therefore we tried to eliminate many challenges andimproved the security of healthcare data. Our model providesreliable data communication over the network and storage overthe cloud with more advanced and lightweight cryptographictechniques like ARX encryption scheme. We introduce
Healthcare providers Smart contracts Patient equipped with IoT devices. 1) Overlay network: An overlay is a peer to peer network that is based on a distributed architecture. The nodes connected to the network could be a computer, smart-phone, tablet or any other IoT device as well. To increase network scalability and avoid network delay, we group
a speci c, commonly used, case of secure computation. To implement secure computation and secure key storage on mobile platforms hardware solutions were invented. One commonly used solution for secure computation and secure key storage is the Secure Element [28]. This is a smart card like tamper resistant
J. Brake System Warning Light K. Malfunction Indicator Lamp (Check Engine Light) L. Fog Lamps Light M. Upshift Light N. Airbag Readiness Light O. Safety Belt Reminder Light P. Antilock Brake System Warning Light Q. Tire Pressure Warning Light R. StabiliTrak Light Note: The instrument panel cluster is designed to let you know about many
Science Journal: Grade 4 Light Unit Name: _ Natural Vs. Artificial Light Date: _ Light that occurs in nature is natural light. Light that is created by people, and does not occur naturally is artificial light. Artificial Light Natural Light . In the Chart are objects of sources of light. .
USB: Light is not used. DSL: This is your DSL sync system light. The light will flash at first and eventually become a solid green light when your DSL modem is talking with our DSL equipment. INTERNET: Light will become a solid green light after the ADSL light is a solid green light. Light becomes a solid green light once modem receives an IP .
Secure Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel.
64. 64. Abstract. This design guide details the secure data center solution based on the Cisco Application Center Infrastructure (ACI). The Cisco Secure Firewall and Cisco Secure Application Deliver Controller (ADC) solutions are used to secure access to the workloads in an ACI data center. Target Audience.
Reports are retained on the Secure FTP Server for 45 days after their creation. Programmatic Access: sFTP The PayPal Secure FTP Server is a secure File Transfer Protoc ol (sFTP) server. Programmatic access to the Secure FTP Server is by way of any sFTP client. Secure FTP Server Name The hostname of the Secure FTP Server is as follows: reports .
Reflection for Secure IT Help Topics 7 Reflection for Secure IT Help Topics Reflection for Secure IT Client features ssh (Secure Shell client) ssh2_config (client configuration file) sftp (secure file transfer) scp (secure file copy) ssh-keygen (key generation utility) ssh-agent (key agent) ssh-add (add identities to the agent) ssh-askpass (X11 passphrase utility)
