A Blockchain-Based Trustworthy Access Control Scheme for Medical Data Sharing

Wang, Canling; Wu, Wei; Chen, Fulong; Shu, Hong; Zhang, Ji; Zhang, Yuxuan; Wang, Taochun; Xie, Dong; Zhao, Chuanxin

doi:https://doi.org/10.1049/2024/5559522

IET Information Security

On this page

Abstract Introduction Related Works Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2024 | Article ID 5559522 | https://doi.org/10.1049/2024/5559522

A Blockchain-Based Trustworthy Access Control Scheme for Medical Data Sharing

Canling Wang,¹Wei Wu,¹Fulong Chen,¹Hong Shu,²Ji Zhang,³Yuxuan Zhang,¹Taochun Wang,¹Dong Xie,¹and Chuanxin Zhao¹

Academic Editor: Taimur Bakhshi

Received03 Oct 2023

Revised06 Jan 2024

Accepted13 Jan 2024

Published31 Jan 2024

Abstract

Blockchain is commonly employed in access control to provide safe medical data exchange because of the characteristics of decentralization, nontamperability, and traceability. Patients share personal health data by granting access rights to users or medical institutions. The major purpose of the existing access control techniques is to identify users who are permitted to access medical data. They hardly ever recognize internal assailants from legitimate entities. Medical data will involve multilayer access within the authorized organizations. Considering the cost of permissions management and the problem of insider malicious node attacks, users hope to implement authorization constraints within the authorized institutions. It can prevent their data from being maliciously disclosed by end-users from different authorized healthcare domains. For the purpose to achieve the fine-grained permissions propagation control of medical data in sharing institutions, a trust-based authorization access control mechanism is suggested in this study. Trust thresholds are assigned to different privileges based on their sensitivity and used to generate zero-knowledge proof to be broadcasted among blockchain nodes. This method evaluates the trust of each user through the dynamic trust calculation model. And meanwhile, smart contract is employed to verify whether the user’s trust can activate some permissions and ensure the privacy of the user’s trust in the process of authorization verification. In addition, the authorization transaction between users and institutions is recorded on the blockchain for patient traceability and accountability. The feasibility and effectiveness of the scheme are demonstrated through comprehensive comparisons and extensive experiments.

1. Introduction

In the era of big data, multisource heterogeneous, fast-growing, accurate, and massive healthcare data are widely used in various fields, such as disease research, clinical treatment, new drug development, epidemic prevention, and control. It can substantially improve the efficiency and accuracy of medical research and significantly reduce the burden of social medical costs [1]. However, due to the extensive collection and application of medical data, it also faces a series of security and privacy threats such as theft of personal data, phishing attacks, illegal user access, and ransomware attacks. All of these may lead to the leakage and loss of medical data, thus failing to ensure the privacy, integrity, and reliability of the data.

Patient-centered healthcare data exchange attempts to shift data ownership from the provider to the patient [2]. When a patient needs to treat across medical institutions or provide data sources for disease research centers [3], they can authorize organizations to share their medical data. As an emerging Internet database technology, blockchain [4] has the characteristics of decentralization, transparency, and data tamperability. It provides an innovative method for storing information, executing transactions, and building trust in an open environment [5]. It has become popular to employ blockchain technology to securely share patient data with different institutions. The existing methods [6–10] mainly focus on deploying access control policies on the blockchain to access medical data by identifying users authorized by patients. However, these schemes only consider the single authorized access between patients and users and do not take into account the multilayer access of data between institutions. As shown in Figure 1, there is still a risk of internal leakage of data in the organizations that have been authorized by patients. Furthermore, it would be a huge cost if access control operations were carried out for each internal personnel. Considering the cost of authorization management and malicious attacks on internal nodes, patients want to restrict the secondary authorization of personal health data within the organization. Therefore, in the face of these challenging issues, we need to quickly find solutions to securely access patient data within authorized institutions in order to maximize patient privacy.

The lack of fine-grained security access control models for authorized institutions () is vulnerable to attacks by malicious nodes with legitimate identities and privileges within the institution [11]. Traditional access control models, such as role-based access control (RBAC) [12] and attribute-based encryption (ABE) [13], have been proven to be effective in detecting and preventing illegal access to data. However, the above methods cannot provide practical solutions to the security problems such as unknown user access, internal node attacks, and unaccountable data leakage that exist in . To alleviate these troubles, trust-based access control (TBAC) [14] was then introduced to the authorization constraints within . Patients delegate to set trust thresholds for different permissions to identify sensitivity. For the staff from the delegated institution, only with a high trust level is granted authority to obtain the patient’s medical information.

The trust of internal user () can be verified by designing smart contract on the blockchain [15]. However, there is still a challenge for to prove to that its trust can activate data access without divulging privacy. As a novel and effective variant of zero-knowledge proofs, zero-knowledge-succinct non-interactive arguments of knowledge (zk-SNARKs) [16, 17] can achieve verification without disclosing the content of the proof. Especially, zk-SNARKs are combined with smart contracts for authentication to ensure that the trust matches the authority trust assigned by and protect user privacy.

To overcome the abovementioned problems, a trust-based authorization access control (TAAC) scheme is proposed to solve the secure access of medical data within though using blockchain technology and deploying smart contracts. Overall, our main contributions are summarized as follows.(1)A trust-based authorization and verification scheme for medical data is designed, named TAAC. This approach can settle the difficulties of costly authorization constraitns and internal malicious node attacks caused by patient entities intervening in institutional entities. In our TAAC, can send preassigned permission trust threshold ciphertexts to the blockchain through transactions for distributed access control.(2)In the proposed scheme, a dynamic trust calculation model (TCM) is constructed to evaluate the trust of end users. Then, utilizing zk-SNARKs, the user creates a reliable zero-knowledge proof and sends it to the smart contract for validation, which can ensure that the user does not reveal any privacy. The smart contract determines whether it can activate the permission by comparing the user’s trust with the permission trust threshold set by the organization. The permission transactions between and will be broadcast in the blockchain for patient accountability and traceability after the verification is successful [18].(3)Through the comprehensive comparisons with the existing schemes, we find that the proposed scheme exhibits higher privacy and execution efficiency in terms of the metrics of data protection and resistance to attacks. The validation is carried out in terms of both theoretical security analysis and experimental performance evaluation, proving the superiority of TAAC.

The remainder of the paper is structured as follows. Related work is described in Section 2, and some early components are offered in Section 3. The proposed scheme is outlined in Section 4, and the specific implementation details of TAAC are introduced in Section 5. Section 6 summarizes the characteristics of the TAAC scheme and compares it with other schemes in terms of performance. Finally, Section 7 provides a summary of the work done in the paper.

Conducting in-depth research on access control for medical data is an important tool for user privacy protection. In this section, the related work on trust-based access control and blockchain-based access control is presented.

2.1. Trust-Based Access Control Schemes

An access control model to evaluate the trust of interactive agents can improve the privacy and robustness of the medical system. HealthyBroker [19] was a trust-building agent architecture specifically designed for eHealth services. It securely completes eHealth transactions by evaluating trust relationships and uses a distributed blockchain ledger for tracking to prevent potentially malicious behavior. Sahaana et al. [20] provided a trust assessment model for dynamically managing nodes, which uses trust to evaluate the behavior of each node, thus effectively avoiding the improper behavior of malicious nodes. Lewandowski et al. [21] improved the treatment effect and smoothed the overall function of the medical system by estimating patient trust. Jiang et al. [22] proposed a T-RBAC model utilizing role-attribute trust and physician-behavior trust for hierarchical authorization. Singh and Chatterjee [23] proposed an access control rule set, which can protect unauthorized access to medical data and dynamically control access views. Hu et al. [24] combined the entropy weight method with fuzzy theory to comprehensively evaluate the interactive trust value, and then used a two-way selection mechanism of roles and a third-party real-time monitoring mechanism to dynamically control access to the healthcare cloud system. The VARTE model [25] is based on vector auto-regressive (VAR) to effectively compute the trust value of user behavior in mobile health information systems. He et al. [26] discussed a distributed medical sensor network trust evaluation model, in which nodes can assess the credibility of each other to detect malicious nodes. Athanasiou et al. [27] introduced adaptive cloud inference system to fuzzy infer doctor credibility, which helps to ensure patient satisfaction in the universal medical environment. Xin et al. [28] used hierarchical analysis to determine trust evaluation index weights in medical big data and combined with whitening weight function to solve the problem of inaccurate trust evaluation results.

2.2. Blockchain-Based Access Control Schemes

Network attacks are prevalent in healthcare systems [29], and the application of blockchain technology to access control in medical data is also a hot topic of current studies. Siyal et al. [30] believed that the public verifiability of blockchain provides access control to electronic medical records without any third party but can not guarantee the reliability of data sources. Fan et al. [31] designed a blockchain-based electronic medical record framework named MedBlock for secure medical data sharing. Xia et al. [32] used smart contracts and access control mechanisms for data tracking to achieve auditable and secure sharing of medical data by revoking the access rights of illegal entities. However, it is impossible to avoid internal attacks by users with legal identities. Hussien et al. [33] proposed an access control scheme for outsourced encrypted medical data, which bridged the gap between personal health records and blockchain technology. Gan et al. [7] designed an incentive mechanism to encourage patients to share data and let patients act as supervisors to supervise unauthorized medical institutions to legally use their own medical data. Obviously, the data may have been maliciously compromised. Feng et al. [34] combined hierarchical attribute encryption with linear secret sharing, which avoided the security risk of submitting access policies to the blockchain network, and enabled authorized users to efficiently query the required data. Thwin and Vasupongayya [35] established a fine-grained access control model, which uses proxy re-encryption technology to protect medical data privacy and support access revocation. Sun et al. [36] stored the hash of medical data on the blockchain, while the specific data are stored in the IPFS. And only users who satisfy the attributes can decrypt the data. Saini et al. [37] proposed four types of smart contracts for user authentication and access control, and combined elliptic curve cryptography and Edwards curve digital signature algorithm technology to protect data privacy. However, these schemes mainly focus on single authorized access between patients and data users, while the risk of data leakage still exists in the institutions that have been authorized by patients.

3. Preliminaries

Theoretical knowledge and related techniques involving TAAC will be brought up in this section. For the sake of clear and concise presentation, the commonly used symbols are listed in Table 1.

3.1. Blockchain

Blockchain is considered to be a distributed storage database that combines technologies such as cryptographic principles, consensus mechanisms, and smart contracts. These technologies can ensure that the information in the blockchain network is traceable, nontamperable, and timely verifiable [38, 39].

3.1.1. Data Structure

Each block is composed of a block header and a block body. The block header contains three sets of metadata such as the previous block hash, Merkle tree root, and timestamp, which are used to ensure traceability and invariability. Transaction data are stored in the block body. Generally, cryptographic hashes and digital signatures are used to ensure the integrity and authenticity of transactions.

3.1.2. Consensus Protocol

It can effectively ensure that each node in the blockchain maintains the ledger according to the established rules, thus maintaining the consistency of transactions in the distributed network [40].

3.1.3. Smart Contract

The concept was first introduced by cryptographer Nick Szabo and applied to Ethereum by Vitalik Buterin. It is a computer protocol for trusted transactions without third-party supervision, which could additionally be self-executing and self-verifying [41].

3.2. Zero-Knowledge Proof

A zero-knowledge proof is one in which the prover is successful in persuading the verifier that a statement is true while withholding all relevant information from the verifier. It is also essentially an agreement involving two or more parties. Zero-knowledge proofs include both interactive and noninteractive types. Interactive proofs require multiple communications between the prover and verifier resulting in lower efficiency, while noninteractive proofs only require the prover to send a message to the verifier once according to the protocol, which makes them more efficient for blockchain applications [42].

3.3. zk-SNARKs

Zk-SNARKs are a special form of zero-knowledge proofs. A complete zk-SNARK scheme should consist of a key generation algorithm ZKKeyGen, a proof generation algorithm ZKProveGen and a verification algorithm ZKVerify. Specific definitions and explanations of these three algorithms are in Section 5. In addition to this, zk-SNARKs are distinguished from ordinary zero-knowledge proofs by the following properties.(1)Noninteractive: One message from a prover can demonstrate to a verifier that they are aware of a certain piece of knowledge.(2)Succinct: The time it takes to verify the proofs is minimal [40].(3)No matter how sophisticated the program is that needs to be proved, zk-SNARKs always produce the same amount of information [41].

3.4. Bilinear Mapping

Suppose that and are two multiplicative cyclic groups with as their common prime order. The following characteristics are met by the bilinear mapping:(1)Bilinearity: and , the formula is valid.(2)Nondegeneracy: makes .(3)Computability: , there exists an efficient algorithm to calculate .

4. System Overview

This section initially describes the TAAC system concept before going over three roughly similar scenarios. Finally, we describe the overview process of the scheme.

4.1. System Model of TAAC

The proposed TAAC model is shown in Figure 2 and mainly involves five entities: register authority (RA), hospital, doctor, TCM. and blockchain. Their respective functions can be described as follows:

(1)RA: In its capacity as a completely trusted entity, RA is in charge of configuring public parameters and keys required by the system. It is also responsible for assigning key pairs and individual identification identifiers to hospitals and doctors.(2)Hospital: In this paper, hospitals represent typical instance and are also incompletely trusted medical data consumers. Hospitals are responsible for making access policies, which are manifested by setting a trust threshold for each permission to identify the sensitivity of the permission. The trust set is then encrypted and the ciphertext address is sent to the blockchain via a stored transaction .(3)Doctor: Doctors are representative roles of in the hospital who need to access the patient medical data. If a doctor wants to access medical data, he needs to first conduct a trust assessment and generate a zero-knowledge proof based on the trust. Then submit the to the smart contract for authorization verification.(4)TCM: It was designed to prevent malicious doctors from gaining permissions by forging trust. TCM calculates the doctor’s trust by considering various quantitative factors, which are usually measured by those who have had direct or indirect interaction with the evaluated person.(5)Blockchain: Transactions recorded in the blockchain will be preserved as evidence for patients to pursue accountability due to its tamper-resistance and traceable. The smart contract was deployed in advance, and automatically judges the validity of without the participation of a third party.

4.2. The Overview Process of TAAC

Generally speaking, the intended TAAC’s overview process maybe simply separated into the six steps, as shown in Figure 3, such as system initialization, broadcast in blockchain, trust evaluation, zero-knowledge proof generation, smart contract verification, and authorization recorded in blockchain.

(1)System initialization: This phase initializes the parameters in the system, such as generating key pairs and unique identifiers.(2)Broadcast in blockchain: The patient delegates the authorized hospital to perform secondary access control. The hospital is responsible for assigning the trust value to each permission to identify the permission sensitivity, and then executes Enc algorithm to encrypt the set of trust values by for locally secure storage. And meanwhile, the hospital generates a zero-knowledge proof based on and sends a storage transaction to the blockchain, and then broadcasts it in the blockchain network.(3)Trust evaluation: The doctor can provide the TCM with a unique identity identifier , and then the TCM executes the Eva algorithm to calculate the trust value of the doctor .(4)Zero-knowledge proof generation: Based on their mutual trust, the hospital and the doctor can each generate a reliable zero-knowledge proof using zk-SNARKs and record the corresponding computation result and hash value . These are combined into a zero-knowledge proof information set for protecting the privacy of patient medical data transactions.(5)Smart contract verification: The doctor transmits the zero-knowledge proof information set to the blockchain. Then, the smart contract successively compares the zero-knowledge proof information set with the corresponding information previously submitted by the hospital through ZKVerify algorithm to obtain a verification result. Permission can only be activated if the personal trust exceeds the permission trust threshold.(6)Authorization recorded in blockchain: The smart contract will inform the hospital to encrypt and transfer the permission list to the doctor as soon as the verification is successful. Finally, a transaction records the authorization information between the doctor and the hospital and it will be published on the blockchain.

5. Specific Implementation of TAAC

Six phases comprise up the precise execution of our suggested strategy, each of which will be discussed in turn below.

5.1. System Initialization

Step 1: RA first takes a security parameter as input and selects the multiplicative cycle groups and , which are produced by the same prime , then defines as a cryptographic bilinear map. In addition, RA sets two secure hash functions and .

Step 2: RA randomly selects , are the different generators of , then executes to generate the public key and the master secret key, where .

Step 3: The hospital provides RA with a special identification number so that RA can create the key pair for the hospital using algorithm .

Step 4: RA randomly chooses and computes. Finally, the public key and the private key of the hospital will be generated.

5.2. Broadcast in Blockchain

Step 1: The hospital sets a trust threshold for each permission to obtain the permission trust threshold set . Then, the hospital will encrypt the by to get the ciphertext .

Step 2: The hospital is going to generate a zero-knowledge proof information set by zk-SNARKs depending on when the permission trust set has been established. The same method can be implemented by doctors to obtain personal private information relating to zero-knowledge proof.

Step 3: The hospital computes the message digest of and produces a digital signature by . The hospital will utilize a storage transaction to submit the ciphertext address to the blockchain in order to accomplish trust matching. represents the ciphertext storage location that is used to index the ciphertext .

Step 4: The other nodes in the blockchain will use the signature to determine whether the transaction is valid after the is generated. The transaction between the hospital and the doctor will be uploaded to the blockchain after the verification is completed.

A storage transaction’s entire generating process is shown in Algorithm 1.

Input: The permission trust threshold set ;
The private key of the hospital ;
The ciphertext storage address ;
Output: The storage transaction ;
1: /Generate zero-knowledge proof information/

2: /Calculate the message digest for /

3: /Sign the message digest with the /

4: /Generate the storage transaction/

5: return

5.3. Trust Evaluation

In the medical background, the definition of trust for a specific user is the entire assessment of the credibility. Typically, the assessment is based on people who have had direct or indirect interactions with the person being assessed and uses a trust model to calculate the user’s trust value based on user feedback, prior behavior, and daily observations. In the proposed scheme, TCM offers an efficient method for calculating user trust value.

The procedure employed by TCM to determine each doctor’s trust by using a variety of quantitative indicators is shown in Figure 4. The arrows in Figure 4 illustrate how one factor depends on another. A doctor can provide a set of information to TCM to calculate the personal trust value, where is used to identify the doctor and represents the local timestamp. Supposed the hospital assessor needs to calculate the reliability of the doctor , the specific process is made up of the following components.

Step 1: The satisfaction denotes the job appraisal of the assessor on the doctor in the recent period, and the trust is positively related to the satisfaction. It can be computed as Formula (1):where if , then ; if , then .

Let represents the satisfactory value of to within time interval, which is determined by the exponential average of the prior satisfaction in Formula (1). For the recent satisfaction , indicates that is completely satisfied with , while indicates that is completely dissatisfied with . In addition, is a carefully selected relative weight value to ensure that has a higher weight value than .

Step 2: As shown in Formula (2), the similarity measures the degree of similarity between the feedback given by two different assessors and to the same doctor . The higher similarity leads to the higher precision of trust calculation. The similarity is calculated based on the feedback from people who have contact with the doctor :where is defined as the evaluation difference and is a similarity deviation constant indicating the upper limit of the permissible variation, as shown in Formula (3). The difference value no greater than the fluctuation constant would indicate that the feedback from the two assessors was closer. is the evaluator set of except . What’s more, the reward and punishment coefficients and for updating the similarity are respectively set to reward evaluators for their work and prevent evaluators from providing fake feedback on . Since it is more difficult to establish trust than to lose it, the punishment coefficient is assigned a greater weight value than the reward coefficient, that is .

Step 3: As shown in Formula (4), the assessment credibility indicates the accuracy of the feedback provided by the evaluator. The more similar result of two assessors implies a higher assessment credibility. It is calculated according to the direct logarithm function of similarity, and represents the minimum allowable value of similarity.

Step 4: The direct trust is defined as the assessor calculating the trust value for doctor from personal experience, which is obtained in accordance with Formula (5):

Step 5: When the assessor has insufficient direct interactions with the doctor , can request others to provide their evaluations of . Then, the assessor will calculate the indirect trust value by combining the direct trust of other evaluators and the assessment credibility, where denotes the set of evaluators who have had contact with . The indirect trust is computed as Formula (6):

Step 6: The present trust means the trust of the assessor to the doctor at the most recent time, which is calculated based on the number of interactions between and , according to the direct trust and the indirect trust, as shown in Formulas (7)–(9):

Assuming that is the number of direct interactions between and , is the average number of interactions between evaluators other than and , and is the weight of direct trust.

Step 7: The historical trust is the trust calculated from what happened in the past, as shown in Formula (10). Over time, the present trust has become the historical trust. is defined as a neglected factor that prevents the appraiser from attempting to forget the past malicious behavior with the current behavior if the appraiser had malicious behavior in the past:

Step 8: The predicted trust reflects the future expectation of the assessor on the doctor , which is calculated from present trust and historical trust, as shown in Formula (11):

The relative weight is dynamically adjusted based on present trust and historical trust to ensure a higher weight is given to present trust .

Step 9: The trust level is defined as the evaluation of patient to the work of doctor, where the number represents the respective ratings of terrible, poor, average, good, and best. Then, the trust level score can be computing, as shown in Formulas (12) and (13):

Formula (12) indicates a single value result, while Formula (13) calculating the normalized result.

Step 10: As shown in Formula (14), the biased trust is used to handle malicious trust fluctuation of the evaluator , so as to prevent from wavering in the evaluation of doctor and thus affecting the network performance:

Step 11: The medical malpractice decay trust is expressed as a trust deduction mechanism. In this process, each doctor was initially assigned to trust points, with fixed trust points reduced for each medical incident. In this mechanism, the trust decay coefficient is introduced, and the doctor’s medical malpractice is recorded as , then the decay trust value of the doctor is calculated, as shown in Formula (15):

Step 12: The overall trust is calculated by combining predicted trust , biased trust , and medical malpractice decay trust , as shown in Formula (16):

For the relative weights , , the trust threshold , where indicates that the doctor is completely trusted, and indicates that the doctor is completely untrusted.

5.4. Zero-Knowledge Proof Generation

After obtaining the personal trust value from the TCM, the doctor completes an initial determination of whether the trust level meets the trust thresholds set by the hospital for medical data access privileges. To create zero-knowledge proof , the doctor must affix his digital signature to the trust. The digital signature and zero-knowledge proof information set of the doctor will be generated according to the following processes and elaborated by Algorithm 2.

Step 1: The additional parameter can be calculated according to the unique identifier of the doctor , the timestamp , and the assessed trust .

Step 2: The additional parameter and a random number are used as the input conditions for the hash operation . Then the digital signature by executing is generated.

Step 3: Assuming is the proposition and is the proof, let be a mathematical operation and be the associated logic computational relationship. The doctor constructs the circuit , as shown in Figure 5. It takes the public key set , the doctor trust value set and the extended data as inputs. In order to confirm the accuracy and accessibility of the data, a circuit computation result and a hash value are respectively output.

Step 4: The security parameter and the circuit will be taken as input parameters to execute to compute the key pair. The zero-knowledge proof is created with the help of the key , and it is verified with the help of the key .

Step 5: The key , the doctor trust value , the digital signature , the circuit result , and the hash value are utilized as inputs to generate a reliable zero-knowledge proof by .

Input: The identifier of the doctor ;
The private key of the doctor ;
The trust value of the doctor ;
The security parameter ;
The random number ;
Output: The zero-knowledge proof ;
1: /Get the current time/

2: /Compute the extended information/

3: /Generate the digital signature with the /

4: /Produce the calculation result/


5: /Produce the hash value/

6: /Calculate the proof key pair/

7: /Obtain the zero-knowledge proof/

8: return

5.5. Smart Contract Verification

The zero-knowledge proof information set is provided to the blockchain by the doctor . Without the involvement of a third-party, the smart contract will immediately confirm whether the relevant attestation information of the doctor meets the permission trust threshold set by the hospital . The verification steps are shown as follows.

Step 1: The smart contract utilizes the public key of the doctor to verify the electronic signature and return a result .

Step 2: Then, the verification key generated by zk-SNARKs is adopted to contrast the zero-knowledge proof and return a result .

Step 3: Assuming that both validations have been successfully passed, the smart contract further compares the proof information set generated by the hospital based on with the proof information set generated by the doctor based on in correspondence. A result such as or will be output if all of the verifications have been successful.

The verification procedure is illustrated in Algorithm 3.

Input: The Verification key ;
The public key of the doctor ;
The digital signature of the doctor ;
The proof information of the
hospital ;
The proof information of the
doctor ;
Output: The verified information of proof;
1: / Verify the digital signature of the doctor/

2: / Verify the zero-knowledge proof of the doctor/

3: / Compare relevant information/
if (and) then
4: =
5: / Return validation result/
if = 1 then
6: return;
7: return;

5.6. Authorization Recorded in Blockchain

Step 1: The smart contact in blockchain returns the verification result to the hospital . If the returned result is , the hospital will encrypt and store the list of grantable permissions and the ciphertext address is .

Step 2: After receiving the authorization notification from the blockchain, the doctor retrieves the encrypted permission list through .

Step 3: Then the doctor gets the private key of the hospital through the secure key channel and decrypts the ciphertext by to obtain the permission list .

Step 4: Finally, the hospital generates a transaction to record the authorization information between the doctor and the hospital , which is described by Algorithm 4. The authorization transaction will be published on the blockchain, where is used to identify authorization transaction and represents the generated time.

Input: The permission list PL;
The identifier of the authorization transaction;
The identifier of the doctor ;
The key pair of the hospital ;
The storage address of the
permission list ciphertext ;
Output: The authorization transaction ;
1: if is valid then
2: / Get the current time/

3: / Compute the message digest for /

4: / Sign the message digest with the /

5: / Generate the authorization transaction/

6: return;
7: return;

6. Scheme Analysis

We primarily assess the TAAC method from three angles in this section. First, we analyze whether the scheme meets the basic security and privacy requirements of blockchain operations. Furthermore, the TAAC scheme is comprehensively compared with some existing methods in related work. Finally, extensive experiments are conducted to demonstrate the efficiency.

6.1. Security Analysis

The security of the TAAC scheme is analyzed in five aspects, including trustworthiness, traceability, privacy, integrity, and against DDoS attack.

6.1.1. Trustworthiness

In this paper, our TAAC transmits the ciphertext address with digital signature to the blockchain by a storage transaction, and broadcasts it throughout the network nodes. From beginning to end, the entire encrypted broadcast process only involves the hospital and the blockchain, thus guaranteeing the trustworthiness of authorization management with avoiding the possibility of any other intermediate entities trying to steal permission data. In addition, in the verification phase, the blockchain platform automatically verifies whether the doctors trust conforms to the authority trust level set by the hospital through a predeployed smart contract, further realizing a trustworthy authorization delegation without manual intervention.

6.1.2. Traceability

Our system can monitor and validate the access data in the blockchain. Any operations related to the blockchain are recorded as an immutable storage transaction and authorization transaction, respectively. Once the storage transactions and authorization transactions are validated by the smart contract, the doctors will be notified of the categories of medical data access rights open to the hospital, and the hospital will query what authorizations have been granted to each doctor. Therefore, if it is detected that the medical data have been maliciously disclosed or changed, neither the hospital nor the doctor can deny it, and can be held accountable retroactively based on the authorization transactions recorded on the blockchain.

6.1.3. Privacy

Most of the existing trust evaluation models directly output the trust value, which poses a great threat to privacy leakage. Our scheme ensures that doctorss identity information will not be disclosed during trust evaluation by generating a unique identity for each doctor. To solve the problem of trust privacy leakage, the smart contract can only obtain a zero-knowledge proof generated based on trust but not directly get individual trust during the verification process. In terms of authority information privacy, storing permission data in encrypted form can prevent malicious users from stealing sensitive data.

6.1.4. Integrity

In order to increase the scalability of the TAAC, the hospital may sporadically change the authorization data, and the ciphertext connected to the ciphertext address will also be altered. The additional digital signature in the storage transaction and proof generation can verify the ciphertext at any time and ensure the authenticity of the zero-knowledge proof. In addition, the information of authorized transactions between doctors and hospital is recorded on the chain through the consensus algorithm. The blockchain can ensure data are not tampered with by using the Merkle tree feature.

6.1.5. Against DDoS Attack

It is fairly straightforward that our scheme can resist DDoS attack as the blockchain-based architecture is decentralized. Even if the blockchain nodes are attacked maliciously, users can access the network normally as long as one node exists. In this scheme, both storage transactions and authorization transactions must be verified before recording. They need to provide valid digital signatures when interacting with the blockchain network, which is an effective method to thwart DDoS attack.

6.2. Comprehensive Comparisons of TAAC

In Table 2, five related trust-based access control methods are contrasted with the TAAC. This analysis mainly focuses on five aspects such as the dynamics of the trust evaluation model, data encrypted storage, trust privacy, blockchain technology and whether it can resist malicious attacks. The access control scheme designed by Jiang et al. [22] and Hu et al. [24] sets influence factors to dynamically adjust the accuracy rate of the trust evaluation model, but they cannot guarantee the trust privacy. The HealthyBroker trust-building agent architecture designed by Kurdi et al. [19] conducts audit and tracking through the blockchain ledger to prevent potential malicious behavior, but this scheme does not consider the security of patient data. He et al. [26] used cryptographic technology to encrypt and store information without causing data leakage. However, this scheme relies too much on the cooperation and reliability of distributed nodes, which is prone to creating system crash. Lin et al. [14] introduced the Vickrey–Clark–Groves (VCG)-based adaptive reputation mechanism (VARM) into the access control scheme, which can effectively identify malicious users and resist internal attacks, but it does not take into account the security issues arising from transparency.

Overall, these trust-based access control mechanisms are unable to simultaneously protect trust privacy and impede malicious user behavior. The TAAC scheme designed in this paper enables data privacy protection and avoids access initiated by malicious nodes. By storing the encrypted data locally and sending the ciphertext address to the blockchain, the credibility of access authorization with blockchain characteristics can be guaranteed. In terms of privacy, trust verification through zero-knowledge proof can effectively prevent the privacy leakage of the permission trust and user trust. In addition, TCM uses trust decay coefficient, reward and punishment coefficients, and neglect factor to enhance the sensitivity and dynamics of the model, which can resist the access initiated by internal malicious nodes.

6.3. Performance Evaluation

Since TCM and zk-SNARK constitute two crucial components of the proposed system TAAC, the performance of trust evaluation and zero-knowledge proof are tested separately. For the performance analysis, the experiments are implemented on a computer with Intel(R) Core(TM) i7-4790 U CPU @3.60 GHz, 12 GB of RAM, and Ubuntu Linux 18.04 LTS. We publish the computed trust data and shared information on Hyperledger Fabric and write smart contracts in the Go language. Zero-knowledge proofs are implemented using libSNARK-based zk-SNARK provided by Electric Coin Company.

For the experimental evaluation of the proposed system, we used data from a medical database [43]. One hundred virtual users are given random trust values, which represent their actual trust values. These assigned parameters are utilized to calculate the proposed system accuracy rate. The experiments initially began with 10 interactions, after which 10 interactions are added each time. Each experiment is repeated for 20 times and the average is calculated. To measure the performance of this scheme, we will compare it with RMTAC based on VARM [14] in terms of the accuracy rate, approval rate, and system malicious access rate. The theoretical analyses and performance comparisons between the schemes are shown in Figure 6.

(a)

(b)

(c)

6.3.1. Accuracy Rate

It is described as the proportion between the calculated trust value and the real trust value. According to Table 3 and Figure 6(a), TCM has a marginally greater accuracy rate than VARM. The accuracy rate of VARM basically remains around 90%, while that of TCM fluctuates slightly around 91.5%. The reason is that VARM only considers the reward factor to motivate users to provide more accurate recommendations but does not set a penalty factor to avoid users dishonest recommendations. On the contrary, TCM establishes a tight system of rewards and penalties that can efficiently reward users who provide trustworthy suggestions and penalize harmful users who produce untruthful comments. Therefore, the accuracy rate of TCM is marginally higher than that of VARM.

6.3.2. Approval Rate

It is defined as the ratio of the number of successful access that does not meet the security requirements to the total number of access requests. The results in Table 4 and Figure 6(b) illustrate that TCM has a lower approval rate compared to VARM. It is assumed that there are a fixed number of malevolent users at the beginning, and their trust does not satisfy the security requirements. As the quantity of user interactions grows, the approval rates of both VARM and TCM tend to a stable range. The approval rate of VARM is basically stable around 12%, while that of TCM fluctuates around 10%. This means that TCM exhibits better attack prevention ability than VARM under the same number of malicious users. There are two main reasons for the discrepancy in result. False comments cannot be avoided due to the existence of malicious users in the initial stage. VARM only adaptively adjusts the initial trust of unknown users according to the actual situation of the network, without considering the punishment of malicious behavior. In contrast, TCM adds the historical trust and introduces a neglect factor in calculating doctor trust, which can prevent the doctor from trying to cover up past irregularities with present compliance behaviors. In addition, TCM designs a trust deduction mechanism to reduce fixed trust points according to the trust attenuation coefficient if the doctor commit misconduct, which will curb the occurrence of malicious access to some extent.

6.3.3. Malicious Access Rate

It is used to evaluate the privacy protection capability of the proposed TAAC system. The malicious access rate is defined as the percentage of successful access to illegal information in the whole interaction, supposing that some access requests from malicious users have been granted in the experiment. The comparison result is demonstrated in Table 5 and Figure 6(c). Since RMTAC does not implement fine-grained division of permissions, that means, users can use ungranted access rights when legitimate identity users cheat. This will cause authorized users to tamper with or disclose information, thereby increasing the malicious access rate. TAAC verifies the trust of each permission by introducing zero-knowledge proof protocol. Only the doctor who meets the authority trust level can obtain the corresponding authority, and the encrypted authorization list can also prevent attackers from stealing access rights. Therefore, the average malicious access rate of TAAC is lower than that of RMTAC.

Next, the performance of zero-knowledge proof is evaluated. The time required to generate evidence is the main bottleneck of this technique since the noninteractive zero-knowledge proof model is utilized. By simulating the process of the model, this experiment focuses on evaluating the zk-SNARK key pair generation time, proof generation time, and proof verification time. The experiment starts with 100 permission trust values as the circuit inputs, and then the test is repeated for 20 times. Finally, the average value of these indicators is then determined.

As observed in Figures 7(a) and 7(b), the proposed scheme takes approximately 12.5 s to generate a zero-knowledge proof key pair and 28.3 s to produce a proof. This indicates that the time required to construct a zero-knowledge proof key pair and a proof will not vary much even when the authorization data used as circuit inputs increases, dramatically boosting the scalability of the scheme. Furthermore, Figure 7(c) illustrates when the quantity of input parameters expands, the verification time for zero-knowledge proofs similarly increases. The result indicates that the validation time does not exceed 0.6 s when the number of input parameters reaches 1,000, which is still an acceptable time limit and does not affect concurrency.

(a)

(b)

(c)

7. Conclusion

In this paper, we propose a TAAC scheme, which can resolve the issues of high-cost authorization management and internal malicious node attacks caused by the intervention of patient entities into the institutional entities. We first design an authorization verification model and describe in detail the specific processes of the entities and schemes involved in the model. Then, we construct a dynamic trust computation model TCM to evaluate the trust of users and elaborate on the zero-knowledge proof generation based on the trust and verification authorization process. Finally, the security analysis and performance comparisons between the proposed scheme and the existing schemes are carried out. The experimental results show that the scheme is more secure, reliable, and efficient in terms of privacy protection, trust evaluation, and resisting malicious access. Future research efforts will focus on further optimizing the trust evaluation model to improve the accuracy of trust calculation while reducing the malicious access rate. Meanwhile, the efficiency of zero-knowledge proof can be also improved by meliorating the implementation process.

Data Availability

The data used to support the findings of this study are openly available in the UCI Machine Learning Repository database at https://archive.ics.uci.edu/dataset/296/diabetes+130-us+hospitals+for+years+1999-2008.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research is partially supported by the National Natural Science Foundation of China under Grant 61972438, the Anhui Provincial Department of Education University Scientific Research Project under Grant KJ2020A0694, Key Research and Development Projects in Anhui Province under Grant 2022a05020049, and the Natural Science Foundation of Anhui Province of China under Grant 2108085MF219.

References

A. A. Abdellatif, A. Z. Al-Marridi, A. Mohamed, A. Erbad, C. F. Chiasserini, and A. Refaey, “sshealth: toward secure, blockchain-enabled healthcare systems,” IEEE Network, vol. 34, no. 4, pp. 312–319, 2020.
View at: Publisher Site | Google Scholar
Y. Zhuang, L. R. Sheets, Y.-W. Chen, Z.-Y. Shae, J. J.-P. Tsai, and C.-R. Shyu, “A patient-centric health information exchange framework using blockchain technology,” IEEE Journal of Biomedical and Health Informatics, vol. 24, no. 8, pp. 2169–2176, 2020.
View at: Publisher Site | Google Scholar
H. Huang, P. Zhu, F. Xiao, X. Sun, and Q. Huang, “A blockchain-based scheme for privacy-preserving and secure sharing of medical data,” Computers & Security, vol. 99, Article ID 102010, 2020.
View at: Publisher Site | Google Scholar
S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system,” 2008, Decentralized Business Review, p. 21260.
View at: Publisher Site | Google Scholar
R. Zhang, R. Xue, and L. Liu, “Security and privacy on blockchain,” ACM Computing Surveys (CSUR), vol. 52, no. 3, pp. 1–34, 2019.
View at: Publisher Site | Google Scholar
Y. Zhao, M. Cui, L. Zheng et al., “Research on electronic medical record access control based on blockchain,” International Journal of Distributed Sensor Networks, vol. 15, no. 11, pp. 1–11, 2019.
View at: Publisher Site | Google Scholar
C. Gan, A. Saini, Q. Zhu, Y. Xiang, and Z. Zhang, “Blockchain-based access control scheme with incentive mechanism for eHealth systems: patient as supervisor,” Multimedia Tools and Applications, vol. 80, no. 20, pp. 30605–30621, 2021.
View at: Publisher Site | Google Scholar
A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “MedRec: using blockchain for medical data access and permission management,” in 2016 2nd International Conference on Open and Big Data (OBD), pp. 25–30, IEEE, Vienna, Austria, 2016.
View at: Publisher Site | Google Scholar
S. Shamshad, Minahil, K. Mahmood, S. Kumari, and C.-M. Chen, “A secure blockchain-based e-health records storage and sharing scheme,” Journal of Information Security and Applications, vol. 55, Article ID 102590, 2020.
View at: Publisher Site | Google Scholar
X. Cheng, F. Chen, D. Xie, H. Sun, and C. Huang, “Design of a secure medical data sharing scheme based on blockchain,” Journal of Medical Systems, vol. 44, no. 2, pp. 1–11, 2020.
View at: Publisher Site | Google Scholar
H. Wang, S. Wu, M. Chen, and W. Wang, “Security protection between users and the mobile media cloud,” IEEE Communications Magazine, vol. 52, no. 3, pp. 73–79, 2014.
View at: Publisher Site | Google Scholar
G. Nyame, Z. Qin, K. O.-B. O. Agyekum, and E. B. Sifah, “An ECDSA approach to access control in knowledge management systems using blockchain,” Information, vol. 11, no. 2, Article ID 111, 2020.
View at: Publisher Site | Google Scholar
H. Wang and Y. Song, “Secure cloud-based EHR system using attribute-based cryptosystem and blockchain,” Journal of Medical Systems, vol. 42, no. 8, pp. 1–9, 2018.
View at: Publisher Site | Google Scholar
H. Lin, L. Xu, X. Huang, W. Wu, and Y. Huang, “A trustworthy access control model for mobile cloud computing based on reputation and mechanism design,” Ad Hoc Networks, vol. 35, pp. 51–64, 2015.
View at: Publisher Site | Google Scholar
K. N. Griggs, O. Ossipova, C. P. Kohlios, A. N. Baccarini, E. A. Howson, and T. Hayajneh, “Healthcare blockchain system using smart contracts for secure automated remote patient monitoring,” Journal of Medical Systems, vol. 42, no. 7, pp. 1–7, 2018.
View at: Publisher Site | Google Scholar
O. Goldreich, S. Micali, and A. Wigderson, “Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems,” Journal of the ACM, vol. 38, no. 3, pp. 690–728, 1991.
View at: Publisher Site | Google Scholar
E. Ben-Sasson, A. Chiesa, E. Tromer, and M. Virza, “Scalable zero knowledge via cycles of elliptic curves,” Algorithmica, vol. 79, no. 4, pp. 1102–1160, 2017.
View at: Publisher Site | Google Scholar
H. Sukhwani, J. M. Martínez, X. Chang, K. S. Trivedi, and A. Rindos, “Performance modeling of pbft consensus process for permissioned blockchain network (hyperledger fabric),” in 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS), pp. 253–255, IEEE, Hong Kong, China, 2017.
View at: Publisher Site | Google Scholar
H. Kurdi, S. Alsalamah, A. Alatawi, S. Alfaraj, L. Altoaimy, and S. H. Ahmed, “HealthyBroker: a trustworthy blockchain-based multi-cloud broker for patient-centered eHealth services,” Electronics, vol. 8, no. 6, Article ID 602, 2019.
View at: Publisher Site | Google Scholar
V. Sahaana, A. S. Preetha, and R. Sukanesh, “A novel decentralized trust evaluation model for secure mobile healthcare systems,” in International Conference on Information Communication and Embedded Systems (ICICES2014), pp. 1–5, IEEE, Chennai, India, 2014.
View at: Publisher Site | Google Scholar
R. Lewandowski, A. G. Goncharuk, and G. T. Cirella, “Restoring patient trust in healthcare: medical information impact case study in Poland,” BMC Health Services Research, vol. 21, no. 1, pp. 865–875, 2021.
View at: Publisher Site | Google Scholar
R. Jiang, Y. Xin, H. Cheng, and W. Wu, “T-RBAC model based on two-dimensional dynamic trust evaluation under medical big data,” Wireless Communications and Mobile Computing, vol. 2021, Article ID 9957214, 17 pages, 2021.
View at: Publisher Site | Google Scholar
A. Singh and K. Chatterjee, “ITrust: identity and trust based access control model for healthcare system security,” Multimedia Tools and Applications, vol. 78, no. 19, pp. 28309–28330, 2019.
View at: Publisher Site | Google Scholar
X. Hu, R. Jiang, M. Shi, and J. Shang, “A privacy protection model for health care big data based on trust evaluation access control in cloud service environment,” Journal of Intelligent & Fuzzy Systems, vol. 38, no. 3, pp. 3167–3178, 2020.
View at: Publisher Site | Google Scholar
J. Guo and X. Zhang, “VARTE: trust evaluation model based on VAR for mobile medical information system,” in 2020 6th International Conference on Big Data Computing and Communications (BIGCOM), pp. 96–102, IEEE, Deqing, China, 2020.
View at: Publisher Site | Google Scholar
D. He, C. Chen, S. Chan, J. Bu, and A. V. Vasilakos, “A distributed trust evaluation model and its application scenarios for medical sensor networks,” IEEE Transactions on Information Technology in Biomedicine, vol. 16, no. 6, pp. 1164–1175, 2012.
View at: Publisher Site | Google Scholar
G. Athanasiou, G. C. Anastassopoulos, E. Tiritidou, and D. Lymberopoulos, “A trust model for ubiquitous healthcare environment on the basis of adaptable fuzzy-probabilistic inference system,” IEEE Journal of Biomedical and Health Informatics, vol. 22, no. 4, pp. 1288–1298, 2018.
View at: Publisher Site | Google Scholar
Y. Xin, Z. Qian, R. Jiang, and Y. Song, “Trust evaluation strategy based on grey system theory for medical big data,” in 2019 IEEE International Conference on Computer Science and Educational Informatization (CSEI), pp. 157–160, IEEE, Kunming, China, 2019.
View at: Publisher Site | Google Scholar
Z. Rahman, I. Khalil, X. Yi, and M. Atiquzzaman, “Blockchain-based security framework for a critical industry 4.0 cyber-physical system,” IEEE Communications Magazine, vol. 59, no. 5, pp. 128–134, 2021.
View at: Publisher Site | Google Scholar
A. A. Siyal, A. Z. Junejo, M. Zawish, K. Ahmed, A. Khalil, and G. Soursou, “Applications of blockchain technology in medicine and healthcare: challenges and future perspectives,” Cryptography, vol. 3, no. 1, Article ID 3, 2019.
View at: Publisher Site | Google Scholar
K. Fan, S. Wang, Y. Ren, H. Li, and Y. Yang, “MedBlock: efficient and secure medical data sharing via blockchain,” Journal of Medical Systems, vol. 42, no. 8, pp. 1–11, 2018.
View at: Publisher Site | Google Scholar
Q. Xia, E. B. Sifah, K. O. Asamoah, J. Gao, X. Du, and M. Guizani, “MeDShare: trust-less medical data sharing among cloud service providers via blockchain,” IEEE Access, vol. 5, pp. 14757–14767, 2017.
View at: Publisher Site | Google Scholar
H. M. Hussien, S. M. Yasin, N. I. Udzir, and M. I. H. Ninggal, “Blockchain-based access control scheme for secure shared personal health records over decentralised storage,” Sensors, vol. 21, no. 7, Article ID 2462, 2021.
View at: Publisher Site | Google Scholar
T. Feng, H. Pei, R. Ma, Y. Tian, and X. Feng, “Blockchain data privacy access control based on searchable attribute encryption,” Computers, Materials & Continua, vol. 66, no. 1, pp. 871–890, 2021.
View at: Publisher Site | Google Scholar
T. T. Thwin and S. Vasupongayya, “Blockchain-based access control model to preserve privacy for personal health record systems,” Security and Communication Networks, vol. 2019, Article ID 8315614, 15 pages, 2019.
View at: Publisher Site | Google Scholar
J. Sun, L. Ren, S. Wang, X. Yao, and H. Debiao, “A blockchain-based framework for electronic medical records sharing with fine-grained access control,” PLOS ONE, vol. 15, no. 10, Article ID e0239946, 2020.
View at: Publisher Site | Google Scholar
A. Saini, Q. Zhu, N. Singh, Y. Xiang, L. Gao, and Y. Zhang, “A smart-contract-based access control framework for cloud smart healthcare system,” IEEE Internet of Things Journal, vol. 8, no. 7, pp. 5914–5925, 2021.
View at: Publisher Site | Google Scholar
S. N. G. Gourisetti, M. Mylrea, and H. Patangia, “Evaluation and demonstration of blockchain applicability framework,” IEEE Transactions on Engineering Management, vol. 67, no. 4, pp. 1142–1156, 2019.
View at: Publisher Site | Google Scholar
Z. Zheng, S. Xie, H. N. Dai, X. Chen, and H. Wang, “Blockchain challenges and opportunities: a survey,” International Journal of Web and Grid Services, vol. 14, no. 4, pp. 352–375, 2018.
View at: Publisher Site | Google Scholar
Y. Xiao, N. Zhang, W. Lou, and Y. T. Hou, “A survey of distributed consensus protocols for blockchain networks,” IEEE Communications Surveys & Tutorials, vol. 22, no. 2, pp. 1432–1465, 2020.
View at: Publisher Site | Google Scholar
N. B. Truong, K. Sun, G. M. Lee, and Y. Guo, “GDPR-compliant personal data management: a blockchain-based solution,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1746–1761, 2019.
View at: Publisher Site | Google Scholar
P. Alikhani, N. Brunner, C. Crépeau et al., “Experimental relativistic zero-knowledge proofs,” Nature, vol. 599, no. 7883, pp. 47–50, 2021.
View at: Publisher Site | Google Scholar
S. Beata, “UCI machine learning repository: diabetes 130-US hospitals for years 1999-2008 data set,” 2014, [Online]. Available: https://archive.ics.uci.edu/dataset/296/diabetes+130-us+hospitals+for+years+1999-2008.
View at: Google Scholar

Copyright

Copyright © 2024 Canling Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

211

Downloads

176

Citations

IET Information Security

A Blockchain-Based Trustworthy Access Control Scheme for Medical Data Sharing

Abstract

1. Introduction

2. Related Works

2.1. Trust-Based Access Control Schemes

2.2. Blockchain-Based Access Control Schemes

3. Preliminaries

3.1. Blockchain

3.1.1. Data Structure

3.1.2. Consensus Protocol

3.1.3. Smart Contract

3.2. Zero-Knowledge Proof

3.3. zk-SNARKs

3.4. Bilinear Mapping

4. System Overview

4.1. System Model of TAAC

4.2. The Overview Process of TAAC

5. Specific Implementation of TAAC

5.1. System Initialization

5.2. Broadcast in Blockchain

5.3. Trust Evaluation

5.4. Zero-Knowledge Proof Generation

5.5. Smart Contract Verification

5.6. Authorization Recorded in Blockchain

6. Scheme Analysis

6.1. Security Analysis

6.1.1. Trustworthiness

6.1.2. Traceability

6.1.3. Privacy

6.1.4. Integrity

6.1.5. Against DDoS Attack

6.2. Comprehensive Comparisons of TAAC

6.3. Performance Evaluation

6.3.1. Accuracy Rate

6.3.2. Approval Rate

6.3.3. Malicious Access Rate

7. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright