Title: A multi-authorisation blockchain-based access control for cloud healthcare system
Authors: Adil Merabet; Atidel Lahoulou; Ahmed Alioua
Addresses: Department of Computer Science, Faculty of Exact Sciences and Computer Science, University of Jijel, Mohamed Seddik Benyahia, Jijel, Algeria ' Department of Software Development and Data Science, Seneca Polytechnic, Toronto, Canada ' LaRIA Laboratory, Department of Computer Science, Faculty of Exact Sciences and Computer Science, University of Jijel, Mohamed Seddik Benyahia, Jijel, Algeria
Abstract: Cloud services became less efficient to health organisations since they deal with sensitive medical data. The digital format leakage of a patient's health information with or without knowledge of the cloud provider may cause serious problems that require special consideration. This raises the question of whether we should trust the provider in the first place or if any other third party may be involved. In this paper, we extend the CP-ABE scheme with a (t, n) secret splitting method alongside with cloud and blockchain technology. To ensure a fine-grained access control, we propose a multi-authorisation scheme where the data user can retrieve the access from the data owner or from a group of certified users when he cannot give access himself. The data user reconstructs the decryption key from only t of n delivered authorisations, and preserves that only target users can read data, which even the members of the multi-authorisation group cannot.
Keywords: blockchain; ciphertext-policy attribute-based encryption; CP-ABE; cloud; electronic health records; EHR; smart contract; data access; privacy; security.
DOI: 10.1504/IJIEI.2023.133073
International Journal of Intelligent Engineering Informatics, 2023 Vol.11 No.3, pp.191 - 213
Received: 05 Jan 2023
Accepted: 13 Apr 2023
Published online: 29 Aug 2023 *