Secure Decentralized Attribute-Based Sharing of Personal Health Records With Blockchain

Personal health records (PHRs) are located in a patient-centered electronic health system in which users can store and share medical information. However, PHRs have recently been plagued by security issues, such as the leakage of personal health information, illegal access to patient data, and data tampering. Recent security developments, such as introducing an access control policy with attribute-based encryption (ABE) or utilizing blockchain, have only been partially successful in solving these issues. Ongoing challenges to PHR sharing include single points of failure, node cheating attacks, and fair keyword search issues. In this article, we tackle these challenges by introducing a distributed PHR-sharing scheme based on blockchain and ciphertext policy ABE (CP-ABE), which allows for fast and efficient encryption and decryption. Blockchain maintains the integrity and the tracing source of the data while also recording all operations on the data in the form of transactions. In addition, the blockchain nodes act as attribute authorities to construct the CP-ABE cryptosystem. The tracing of malicious blockchain nodes is realized by tracing cryptography algorithms. Furthermore, the fair retrieval of ciphertext is achieved by employing smart contracts. To overcome the limited storage capacity of blockchain, we adopt both the on-chain and off-chain storage modes in our new system. Security analysis indicates that our new scheme remains intact when threatened by an indistinguishable chosen plaintext attack (IND-CPA) and an indistinguishable chosen keywords attack (IND-CKA). As such, we conclude that our proposed approach is feasible and efficient.