Abstract

With the rapid development of mobile medical, how to establish an effective security mechanism to protect data security and privacy while users enjoy medical services has become an urgent problem to be solved. Aiming at the easy leakage of privacy in mobile medical terminals and untrustworthy data, we make use of a role-separated mechanism to generate trusted anonymous certificates. We propose a lightweight identity authentication scheme and adopt blockchain to protect the security of medical data. Meanwhile, in view of the problems of transparency and visibility of blockchain information, we adapt the searchable encryption algorithm to realize ciphertext processing in the whole life cycle. Experiments show that our scheme can reduce the cost of computation on the basis of ensuring traffic. In the process of dynamic updating of ciphertext keywords, except the keyword identifier, less information is leaked to the server, which protects privacy of users.

1. Introduction

Medical problems including medical care access and quality are common around the world. Medical resources are in short supply and it is difficult to distribute them evenly. Large numbers of individuals do not receive the quality care that they need [1]. Even geographical problems such as economic differences between different regions, topography, and topography bring various difficulties to medical health. These problems are especially obvious in the developing countries with large populations. It is obvious that the traditional medical model with major hospitals as the core has been unable to adapt to the development needs of the current era. Mobile medical, which mainly uses mobile communication technologies such as PDAs, smart phones, and satellite communications to provide users with medical services and data exchange, has successfully replaced the traditional medical model as the new darling, with the help of cloud center [2].

The concept of mobile medical originated from the telemedicine monitoring and medical treatment for astronauts conducted by NASA. Later applications such as the use of portable mobile devices to collect various body data have it further developed. As an innovative technology in the Internet plus medical mode, mobile medical can realize applications such as medical rescue, remote monitoring, and intelligent medical care. It is of great significance for promoting medical reform.

Mobile service composition [3, 4] meets the needs of people for medical services under the current social development. This demand is mainly reflected in the two aspects of distribution and data. To a certain extent, mobile medical has broken through the limitation of space and time in the traditional medical mode. Mobile medical empowers patients and health providers proactively to address medical conditions through near real-time monitoring and treatment, no matter the location of the patient or health provider.

In addition, a large amount of data (Internet traffic) is generated in the process of physical examination and treatment of patients, and doctors can use these data to make more reliable and accurate diagnoses. Mobile medical not only saves a lot of time spent on queuing up for registration, but also greatly reduces the pressure on the infrastructure brought by disease treatment. Through mobile sensors, medical devices, and remote patient monitoring products, there are avenues through which medical care delivery can be improved. Mobile medical can help lower costs and connect people to care providers.

However, these mobile medical-related technologies are still incomplete [5]. They have certain flaws in the preservation of privacy. With the development of mobile medical, medical data are showing exponential growth. Meanwhile, these data collected by terminal equipment in mobile medical mode are closely related to users’ physiological characteristics, geographic locations, images, and other private information [6].

In addition, with the rapid development of network intrusion technologies, personal medical data are facing risks of intentional or unintentional intrusion and access by unauthorized users. Due to the incomplete privacy preservation technologies, lacks, data security, and privacy preservation have become the main reason restricting the development of modern medical services. Due to the limitation of terminal resources and the sensitivity of medical information, existing privacy preservation technologies are difficult to directly apply. The design of specific security authentication, information integration, data access control, and data integrity verification schemes for mobile health environment is an important topic in the field of mobile health at present and in the future, and it is also a key link for the large-scale application of mobile medical in practice.

In this paper, we mainly discuss privacy preservation solutions of mobile terminals in Internet medical, which integrates the application of lightweight authentication, blockchain technology, anonymous certificates, and searchable encryption technology to realize the encrypted calculation and ciphertext of mobile medical device data. Data sharing has been implemented, and privacy preservation of medical data has been implemented.

For the storage and transmission of medical data, scholars around the world have conducted a lot of researches. In 2012, Patra et al. [7] proposed a cloud-based model to process private data for patients. Through his framework, medical personnel and policy makers can use the cloud-based model to provide remote medical services to patients. This model stores all necessary data in a single cloud. By encouraging patients to share data in the cloud, patients can obtain medical staff services. Disease diagnosis and control can be performed through remote treatment. In 2014, Ye et al. [8] proposed a well-organized authentication and access control scheme based on the attributes of the perceived IoT access control layer.

In 2015, Zyskind et al. [9] proposed a privacy preservation platform, which uses third-party equipment to provide services and allows users to modify authorization while following the access control policies reserved on the blockchain. The proposed decentralized platform contains three objects: service providers, mobile phone users, and nodes that maintain the blockchain. Two types of transactions can be defined in the blockchain network in the platform: Tdata for data storage and recovery and access time and Taccess for access control management. The data collected through the user’s mobile phone is encrypted and saved outside the blockchain. In the public chain, only data hashes are saved. Both users and services can query the data in Tdata transactions. In 2016, to solve the problems of slow medical record information access, data fragmentation, and user privacy preservation, Azaria et al. [10] completed a medical data sharing platform MedRec based on Ethereum. Peterson et al. proposed a blockchain-based participant in advance. A medical data sharing plan with a well-defined rule structure is agreed. Although this solution realizes the sharing of medical data, it lacks a universal access control strategy.

In 2017, Omar et al. [11] proposed data management system for patient healthcare. By adopting blockchain to protect privacy storage, it solves the problem of losing control when storing encrypted data in the system. In addition, by using encryption on the blockchain, the framework will not be affected by data preservation vulnerabilities. Do and Ng [12] proposed a system that uses blockchain technology to provide secure distributed data storage with keyword search services.

In 2018, Magyar [13] designed an integrated health information model that builds a decentralized and openly scalable network based on the blockchain operating environment, making access to data more secure. In order to handle the protected health information (PHI) generated by these devices, Griggs et al. [14] proposed utilizing blockchain-based smart contracts to facilitate secure analysis and management of medical sensors. Using a private blockchain based on the Ethereum protocol, they created a system where the sensors communicate with a smart device that calls smart contracts and writes records of all events on the blockchain. This smart contract system would support real-time patient monitoring and medical interventions by sending notifications to patients and medical professionals, while also maintaining a secure record of who has initiated these activities. This would resolve many security vulnerabilities associated with remote patient monitoring and automate the delivery of notifications to all involved parties in a HIPAA compliant manner. Liang et al. [15] proposed an innovative user-centric health data sharing solution, which uses the blockchain mechanism to protect privacy, strengthen identity management, and collect data in conjunction with mobile applications. Zhang and Lin [16] proposed a personal health record sharing scheme based on blockchain. This solution builds two different blockchains to realize the safe sharing of medical data. The plan separately builds a private chain and a consortium chain. The private chain realizes the encrypted storage of personal medical data. The consortium chain saves the security index corresponding to the personal medical data and secures the data sharing by verifying the doctor’s identity token, which protects the medical data. However, using two types of blockchains will not only increase costs, but also reduce their execution efficiency. Ji et al. [17] investigated the location sharing based on blockchains for telecare medical information system. Firstly, they define the basic requirements of blockchain-based location sharing, including decentralization, unforgeability, confidentiality, multilevel privacy preservation, retrievability, and verifiability. Then, using order-preserving encryption and Merkle tree, they proposed a blockchain-based multilevel location sharing scheme.

In 2019, Wang et al. [18] combined homomorphic encryption and proxy reencrytion technology to implement outsourcing computing solutions in healthcare systems. In this solution, there are several clients with different public keys, an electronic medical cloud platform, and an auxiliary cloud server. The electronic medical cloud platform can provide services to patients and regularly analyze data to provide better services. The HGD architecture based on blockchain proposed by Yue et al. [19] enables patients to safely control and share medical data. Aiming at the privacy of medical data, Tian et al. [20] proposed to establish a shared key that can be reconstructed by legitimate parties before the diagnosis and treatment process begins.

At present, a large number of excellent schemes [2123] have emerged in mobile medical, and their security and flexibility have been continuously enriched. The characteristics of activity and diversification can better meet the needs of practical application, but there are still some deficiencies. Some schemes encrypt the patient information and store it on the blockchain, and some schemes use anonymous certificates to protect user information. But the doctor cannot read the relevant information. Therefore, it is necessary to design a scheme that can authenticate the device.

3. Scheme

3.1. Structure

As shown in Figure 1, the local computer of the mobile medical model generates the relevant parameters and sends them to the smart wearable device to start the authentication scheme. After a series of simple calculations, the smart wearable device feeds back the relevant parameters to the local computer. The local computer and the local blockchain node undergo a similar calculation process, and the blockchain node obtains the relevant parameters and sends them to the local computer; the local computer forwards the parameters to the smart wearable device. The smart wearable device performs decryption calculation and passes the verification, and the identity authentication ends smoothly. There are many kinds of mobile medical devices, including bracelets, watches, mobile phones, portable computers, etc. These devices can collect a variety of physiological signals of users, such as blood pressure, blood glucose, blood oxygen, body temperature, etc. After the authentication, the intelligent devices will upload those collected information to the blockchain.

The alliance chain is a blockchain that is jointly managed by multiple institutions, and the joining of network nodes requires the approval of the organization. It completes mutual authentication of the internal membership of the system through the PKI system. The user binds his real identity with the self-signed certificate issued by the CA in the PKI system. We divide the authority of CA into TCA and regulator, and TCA and regulator jointly issue anonymous certificates. After the anonymous certificate is generated, the local device successfully joins the blockchain network.

In order to ensure the privacy of users’ medical and health data, the data on the chain is encrypted. For users who need to perform operations such as searching encrypted data, we adopt searchable encryption technology. It can support users to carry out keyword retrieval in ciphertext and realize keyword based secure search. It enables users to store encrypted data in the blockchain, perform keyword search through the ciphertext domain, and selectively retrieve relevant documents from it, so as to ensure the security of data.

3.2. Module
3.2.1. Anonymous Certificate Generation

A user submits the real-name certificate application and his real identity information to the . After the verifies, the real-name certificate will be issued by the user and saved in the database . Then he generates his own anonymous identity , public and private key pair , and random numbers , and calculates the serial number of the anonymous certificate: . Then anonymous certificate header and content are generated. After calculating the formula , the user sends and the real-name public key signature to the supervisor Admin. Verifying the signature information sent by the user, Admin calculates the formula and sends to the user, which will be saved in the supervisor database in the form of key-value pairs . After the user accepts , he uses to perform signature calculation on which is and send random numbers and to . Then the verifies the parameters sent by the user and, after the verification passes, calculates the formula and judges whether is true. If , save . in the database in the form of key-value pairs. Then it generates a random number , calculates the joint signature: , and sends it to the user. Then the user gets the anonymous certificate .

3.2.2. Lightweight Authentication

Relevant parameters in this section are shown in Table 1.

First the local computer generates a random number and a timestamp and sends them to the smart wearable device. After receiving the parameters, the device calculates whether is true. If not, the communication delay is greater than the maximum delay allowed by the system, so the authentication stops. If , the smart wearable device generates a random number and a timestamp and performs the following calculations based on and :

The smart wearable device feeds , , , , to the local computer. When receiving those parameters, the local computer calculates whether is true. If true, the local computer generates a timestamp and sends , , , , and to the blockchain node. If not, the authentication stops.

When and the blockchain node receives the parameters, the node calculates whether is true. If , the blockchain node starts to search for data that matches ; else the authentication stops. If there is no matching data, we can obtain the matching and for decryption operation. Perform the following calculations and Then judge whether and X are equal. If , it indicates that the data is not credible, and the authentication stops. If , the blockchain node authentication continues and assigns . The blockchain node generates a random number and a timestamp to perform the following calculations: and . After that, the following operation formulas and can be obtained.

The blockchain node sends , , to the local computer. After the local computer receives the parameters, it first calculates whether is true. If not, the communication delay is greater than the maximum delay allowed by the system, and the authentication fails. Otherwise, the local computer will send , to the smart wearable device. After receiving the parameters, the smart wearable device decrypts and . Then, it is judged whether is true while and If not, it indicates that the data is not credible, and the authentication stops. If , the smart wearable device authentication is passed, and the value or is assigned. Perform the following calculations: and Finally, the update and the identity authentication are finished.

3.2.3. Searchable Encryption

Relevant parameters in the section are shown in Table 2.

We first perform the formula which is just a probabilistic algorithm, and then we can get the key while and If we want to query the search index and search history , we need to create three empty hash linked lists , , and an empty set firstly. For any file , the unique keyword set of is and Generate a string of pseudorandom sequences through the pseudorandom number generator. Set and if and is sorted by dictionary order and saved in . Then set Calculate the formula: For the keyword to be searched, calculate the search label: and Then, output the updated search history and search credentials . First set . Then figure out whether there is a key value related to in hash list , and whether there is key value related to in the hash chain table . If a key value is related to in the hash chain table , set and If not, generate an empty list for any

For any , , set , and verify whether is true. If true, insert the file identifier which is corresponding to into , and add to Update , and set updated indexes as and . We get and at last. For the file to be added and its unique keyword set , a series of pseudorandom sequences is generated by the pseudorandom number generator. Create an empty list X, for any , . Calculate the formula below.

If , it means this keyword has been searched. Insert into list X, and its formula can be expressed as follows: is sorted by dictionary order which means . While and , add to the index , for any , and is added to . Then set . The updated index is , , . Add to . The updated ciphertext collection is marked as and then will be output where . When we want to decrypt the file ciphertext , we input the key, and then we get the decrypted file; the formula can be expressed as follows: .

4. Experiment and Analysis

In this section, we discussed the performance of our scheme and analyzed the results of simulated experiments. We tested and compared the performance efficiency and storage cost of the lightweight authentication with others. We also compared our lightweight searchable encryption with others.

We compared Fabric with Corda, FISCO BCOS, and Quorum. The result is shown in Table 3. Considering that our scheme is oriented to mobile medical, we chose “Fabric” as our blockchain framework in the end.

Hyperledger Fabric is managed by the Linux Foundation, hoping to change the single common network mode of the public chain. By establishing multiple interconnected blockchain networks to cover all kinds of different business scenarios, it realizes the flexibility of design, meets the diversified requirements, and realizes the interaction between networks. This idea is reflected in its unique channel mechanism design. Hyperledger Fabric aims to build an open source framework for general blockchain regardless of industry and has the largest consensus in the consortium chain. FISCO BCOS originates from the enterprise blockchain platform BCOS. As a branch of the financial version, it pays more attention to the financial industry while retaining its universality and takes more account of the particularity of regulators. It is applicable to a wide range of distributed business scenarios. Corda is aimed at the financial industry and clearly stated that it will not consider other industries for at least a certain period of time. Corda hopes to provide a global logical account with uniqueness and authority that can record all the agreements between enterprises. The core is to achieve a noncentral database with the minimum trust mechanism between nodes. Corda advocates fully considering the combination with the existing business system rather than dismantling the existing business system. Quorum is an alliance chain scheme, an enterprise-level distributed ledger, and intelligent contract platform developed by JPMorgan. It is developed on the basis of Ethereum, providing private intelligent contract execution scheme and meeting the performance requirements of the enterprise, applicable to scenarios requiring high-speed transactions and private transactions between high-throughput processing alliances, designed primarily to address the special challenges of blockchain applications in finance and other industries.

In the current medical industry, we need to build licensed blockchains, such as hospitals, which need to operate under strict regulatory requirements, and cannot let unknown users view transaction data. In addition, medical information is very important, so unauthorized viewing will leak patient information in the future. At the same time, Fabric is a framework that requires prior permission. All participants have known identities and are verified according to the organization’s identity management system. There are no anonymous or pseudonymous users.

As a result, we chose Fabric finally.

We analyzed the security and privacy of our proposed scheme. The details are as follows. The specific experimental environment is shown in Table 4.

4.1. Test
4.1.1. Lightweight Authentication

In this section, the performances of mobile medical devices are compared with classical authentication schemes.

Assume that the length of communication, traffic, and storage parameters are the same. There are four kinds of information, that is, , , , and saved in mobile terminal devices in the medical system. In our scheme, there are 14 session messages in a complete session. At the same time, there are 14 session messages in [24] and 10 session messages in [25]. Reference [26] has 16 session messages. Reference [27] and reference [28] have 10 messages. Therefore, the communication traffic size is 14 in our scheme. It can be seen from Figure 2 that our scheme can reduce the computing burden.

From the point of view of the computing burden, our scheme and the scheme in [28] are both ultralightweight. The algorithms used in other comparative references are all lightweight, so the scheme in this paper has great advantages in reducing the calculation time. The result is shown in Table 5.

In the scheme of [28], the computation of shared secret key and pseudonym updating is more complex, which increases the number of operations, so the overall calculation cost is higher than our scheme. In our scheme, the steps of calculation are as follows. Firstly, we generate a random number to operate . Secondly, in the process of calculating messages and , we perform operations on and , respectively. Thirdly, the third and fourth operations and the first and second DIG operations are needed to decrypt messages and . Lastly, we perform the last two operations to update the shared secret values and pseudonyms. Therefore, the total computing burden in our scheme is .

Symbols of lightweight authentication are shown in Table 6.

4.1.2. Searchable Encryption

The performances of our scheme are compared with other references, and the results are shown in Table 7.

Our scheme gradually builds indexes in the search process. At the beginning, maintain a regular index and store the encrypted keywords for each file. Once a keyword is retrieved, the identifier of all the files containing the keyword is moved into a reverse index , and a delete index is constructed to store the keywords that have been searched for in the files appearing in . A search history is maintained at the client to record which keywords have been searched. The searched keywords can directly query the index to obtain the search results. This disperses the time and storage cost of building index tables into each search process, saving search time.

Descriptions of the relevant symbols are as shown in Table 8.

The biggest improvement of our scheme compared with scheme [33] is the deletion of index , which reduces the execution time of deletion operation to a certain extent. We mainly compare the deletion operations of the two schemes.

For each file deleted in the scheme of [33], traverse each item in and find each node in one by one until the identifier of the deleted file is found or the end node is reached. In this scheme, delete index is used. When deleting a file, read directly. For any in , only find each node in the list of in until finding the identifier of the deleted file.

We select 51 English documents. First, we convert all uppercase to lowercase, remove all punctuation, and separate words only with space. According to statistics, there are 3711262 words in 51 documents, removing duplicate words in each document, leaving a total of 373221 unique words. We search for 5000 words; that is, there are 5000 input items in the search index , 51 documents are searched, and 51 input items in the index are deleted. We delete five files, respectively, and give the traversal times and time consumption of the two schemes when deleting files, as shown in Table 9. The traversal times are the comparison times of nodes in the list in tables and when deleting files. The result is shown in the following table.

4.1.3. Blockchain

Due to the dependence and mobility on massive data, the performance index of blockchain is quite important, which includes latency, energy consumption, throughput, and scalability.

In our experiment, we used the Caliper to test the performance. Caliper is a blockchain performance testing framework that currently supports testing for processing traffic (TPS), latency, and resource utilization. After each round of test, users can obtain a series of test results and reports by Caliper. The result is shown in Figure 3.

As shown in Figure 4, the throughout increased steadily with the increase of transaction times. It reached the peak when the transaction times reached 5000, the throughput is 296.4TPS, and the average latency is 215.4 ms. Then it began to decline slowly when the transactions times exceed 5000. At present, there is no national standard for blockchain performance indicators, and China Institute of Information and Communications is actively formulating it. According to the existing blockchain industry standards (Table 10), the performance of our system meets the requirements.

4.2. Security

(1)In design of the authentication scheme, the pseudonym of a smart wearable device is introduced, which is transferred during each communication, and the pseudonym is updated after each communication, so that the pseudonym of each round is different. Additionally, other private information that needs to be sent is encrypted before it can be sent, which makes it impossible for attackers to obtain useful and valid information. Therefore, attackers cannot learn the real identity information of a smart wearable device user. Hence, this scheme can provide the anonymity of entities. At the same time, our scheme uses the method of mixing random numbers in the message encryption. The random number is randomly generated by the system, and it is unpredictable and inconsistent. Therefore, the attacker cannot analyze the value of the next round of communication messages by intercepting the current message or deduce the user’s privacy information in the previous round of communication messages, which makes the scheme more secure.(2)In process of anonymous certificate generation, is visible to the content of the certificate but invisible to the user’s identity, while regulators are visible to the user’s identity but invisible to the content of the certificate, which enhances the anonymity of the user. In addition, in the process of tracking the user’s real identity, and regulators need to provide their own key information, which reduce the threat of unilateral dishonesty and single point attack on the security of anonymous certificates. In our scheme, we disclose specific information to the server during the operations of query and update. Next, we use the following leak functions , , , to give the leaked information.

In our scheme,

According to the above leak functions, except the access model, our scheme does not disclose more information to the server. The relevant parameters are shown in Table 11.

5. Conclusion

As an intelligent product at this stage, mobile intelligent terminal integrates the existing information system of the hospital through mobile Internet technology, shares and exchanges clinical business data, and provides a new way of diagnosis and treatment for the hospital. To solve the problem of privacy leakage of medical patients, we design a privacy preservation scheme based on mobile terminals in Internet medical by combining privilege separation, authentication scheme, lightweight loop operation, and improved searchable encryption algorithm in the model system, and we conducted a comparative experiment on data from different systems. Compared with the original anonymous authentication system, we separate the regulator and TCA authority and improve the efficiency of certificate generation by 34.8% compared with the scheme. The results show that the model trained by our scheme has less calculation burden, better stability, and higher security. Further works are as follows.(1)To improve the efficiency of searchable encryption.(2)To expand the diversified search functions. Except the basic search function, we also need to support some special functions, such as approximate search, wildcard search, fuzzy search, multikeyword search, and so on. Increasing the diversity of search functions is an important research direction in the future.

Data Availability

The data that support the findings of this study are available from the corresponding author upon reasonable request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.