GDPR-Compliant Personal Health Record Sharing Mechanism With Redactable Blockchain and Revocable IPFS

【Author】 Yeh, Lo-Yao; Hsu, Wan-Hsin; Shen, Chih-Ya

【Source】IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING

【影响因子】6.791

【Abstract】The use of IoT technology in collecting personal health records (PHR) within the eHealth environment is a growing trend. However, data integrity is a concern as cloud service providers (CSPs) often cannot guarantee it. Blockchain technology offers a solution to guarantee data integrity and traceability. However, the immutability of traditional blockchain conflicts with GDPR's requirements. To address scalability and privacy concerns, we have designed a comprehensive scheme that integrates the redactable blockchain with the existing revocable IPFS mechanism. Our scheme overcomes the disadvantage of residual downloading information in the traditional blockchain. Additionally, we have developed an enhanced proxy re-encryption scheme that simplifies access control for physicians without the need for complex group key management. Unlike traditional blockchains and P2P file sharing systems, our PHR platform allows for selective removal of records and files while maintaining auditable logs. Evaluation results demonstrate that our proposed scheme effectively enhances the exclusive revocation feature with acceptable overheads. To the best of our knowledge, this is the first work to provide the merit of fully complete record and file revocation on a blockchain-based system.

【Keywords】Blockchains; Internet of Things; Peer-to-peer computing; Hash functions; General Data Protection Regulation; Data integrity; Regulation; GDPR; blockchain; data sharing; redactable blockchain; proxy re-encryption; IPFS; Intel SGX

【发表时间】2024 JUL-AUG

【收录时间】2024-07-29

【文献类型】

【主题类别】

--