Blockchain-based end-to-end privacy-preserving scheme for IoT-based healthcare systems

In Internet-of-Things (IoT)-based healthcare systems, real-time healthcare data are gathered from patients' sensors with limited resources and transferred to end-users through gateways and healthcare service providers. Privacy of patients is a main challenge of these systems. Although privacy has already been considered in IoT-based healthcare systems, best centralized approaches yet suffer from collusion attack. Therefore, some researchers have come up with blockchain-based solutions to protect patients' privacy in IoT-based healthcare systems. However, those methods assume that parts of the entities along the end-to-end communication path from patients' sensors to the end-users are trusted or even assuming no privacy threats from internal attackers. Therefore, there is a lack of a blockchain-based approach in IoT-based healthcare systems to provide privacy for patients, assuming that all system entities are untrusted. To overcome these challenges, in this paper, we leverage a three-layered hierarchical blockchain, the zero-knowledge proof (ZKP), and the ring signature method to achieve data and location privacy of patients against both internal and external attackers. In addition, the proposed method provides anonymous authentication, authorization, and scalability, which are essential features in healthcare systems. Intuitive and formal security analyses demonstrate the resilience of our scheme against various attacks such as denial of service (DoS), modification, mining, storage, and replay attacks. The proposed method is compared to a recent blockchain-based method and also a centralized privacy-preserving scheme. Compared to the similar blockchain-based method, the computational overhead and delay of the authentication and data transfer phase are about 35% and 37% higher, respectively. Instead, the proposed method reduces memory usage of gateways by about 55% and diminishes the computational overhead and delay of information access phase by about 30% and 33% compared to the previous blockchain-based method. Therefore, the proposed method does not increase overhead and end-to-end delay considerably compared to the previous blockchain-based scheme, while some other performance metrics and security features are improved. Moreover, compared to a previous centralized method, the proposed approach shows more than 25% decrease in communication overhead and 22% improvement in memory usage of gateways, in average. Although the use of the blockchain imposes more computational overhead on service providers and may increase the latency compared to the centralized approach (depending on the type of the blockchain technology that is used), these weaknesses are negligible at the expense of increased security.