A Lightweight Authentication Protocol for a Blockchain-Based Off-Chain Medical Data Access in Multi-server Environment

Presently, blockchain technology is used to secure electronic medical records (EMR) and an arrangement of multiple servers as off-chain storage is advocated to minimize the storage overhead of the medical blockchain. Therefore, an authorized access mechanism to the medical records stored on multiple servers needs a secure multi-server-based authentication system. However, existing blockchain-based systems for medical data storage do not consider an authentication system for a multi-server environment between patients and multiple medical servers. In this paper, a blockchain-based healthcare system is considered to ensure the scalability of the blockchain using off-chain storage. The blockchain contains the hash value of the medical data, while multiple servers are used as off-chain storage for storing the original data. A patient can access those servers in a single enrollment under a multi-server authentication system using fuzzy commitment and can share his or her healthcare data with an authorized healthcare service provider. Replay attacks are examined using formal security analysis, such as the AVISPA tool and the mutual authentication of the proposed protocol is examined using BAN logic. At the same time, a rigorous informal security analysis confirms that our scheme is secured against various known attacks. Moreover, we have investigated the transaction cost for block creation, and the proposed scheme is compared with the existing blockchain-based EMR systems. Again, the security functionality, computation cost, and communication cost of the proposed protocol are also compared with existing protocols. © The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd 2024.