Decentralization and Security Issues in Blockchain Enabled Internet of ThingsView this Special Issue
A Medical Data Privacy Protection Scheme Based on Blockchain and Cloud Computing
With the features of decentralization and trustlessness and through distributed data storage, point-to-point transmission, and encryption algorithms, blockchain has shed new light on the security and protection of medical data, and it can resolve the contradiction between data sharing and privacy protection with proper security strategies. In this paper, we integrate the strengths of both blockchain and cloud computing and build the privacy protection scheme for medical data based on blockchain and cloud computing. This scheme introduces cloud computing and provides services to blockchain nodes with cloud server computing; meanwhile, it collects, analyzes, processes, and maintains medical data in the identity authentication interface and solves the insufficient computing abilities of some nodes in blockchain so as to verify the authenticity and reliability of data. The simulation experiment proves that the proposed scheme is effective. It can achieve the secure protection and integrity verification of medical data and address the problems of high computing complexity, data sharing, and privacy protection.
Intelligent hospitals are having increasing demands for information security, and it has become extremely urgent to protect personal private data of patients. Currently, these hospitals have been focusing on how to use convenient internet medical services to prevent the medical information system from being attacked and personal information from being stolen . As blockchain and cloud computing come to maturity, related techniques have achieved rapid development in medical and health services, including medical informatization, mobile healthcare, medical e-commerce, wearable devices, and online medical services. The blockchain connects the participants in a peer-to-peer manner. The participants jointly maintain a system and express the cooperation rules through consensus mechanism and smart contract, so as to achieve a more flexible cooperation mode . The concept of smart contract appeared in 1994 and laid the foundation for bitcoin. A smart contract is a set of commitments defined in digital form, including agreements on which contract participants can execute these commitments . In a broad sense, blockchain technology must include four aspects: point-to-point network design, application of encryption technology, implementation of distributed algorithm, and use of data storage technology. Others may involve distributed storage, machine learning, VR, internet of things, big data, etc. In a narrow sense, blockchain only involves data storage technology, database or file operation, etc. . Apart from conventional encryption methods, proxy reencryption and attribute-based encryption (ABE) can also be used in medical data sharing and patient privacy protection . In traditional encryption methods, the client first downloads and decrypts locally encrypted text data. Then, before sending to the specified client, the client encrypts the data with the public key of the specified client, who can decrypt the data, but it requires plenty of network overhead and operating costs and it also occupies the client’s limited memory, multiplying the client’s costs . Proxy reencryption is to convert the ciphertext encrypted by A’s public key into the ciphertext to be decrypted by B’s private key so as to realize password sharing. Proxy reencryption means that a client can decrypt the ciphertext of another associated client without leaking users’ private key and plaintext, which is mainly end-to-end . In ABE, a data owner can set an access strategy authority in data encryption, and only those clients that satisfy this authority can decrypt the text in order to accomplish data sharing and personal privacy protection, which is one-to-many . Based on attribute-based encryption (ABE), the problem of private data sharing can be solved by reasonable configuration and sharing strategy. According to the embedded objects, ABE can be divided into KP-ABE (Key-Policy ABE) and CP-ABE (Ciphertext-Policy ABE). With the popularization of intelligent healthcare, the medical institutions can have the data stored in the cloud to save equipment cost and lower costs. For the sake of data security and personal privacy protection of patients, some medical establishments need to encrypt the data in advance to form ciphertexts. Besides, they need other medical institutions to share certain ciphertexts frequently and prevent anyone (including cloud service providers) from cracking these data ciphertexts. In blockchain and cloud computing, the combination of decentralization and tamper-proofing of blockchain with the nodes of distributed cloud computing can help health institutions to carry out security and privacy protection of patient data at a lower cost and achieve data interaction among medical organizations. These will have a profound impact on the development of future healthcare industry.
The special contributions of this paper include the following: (i)Aiming at data sharing and patient privacy protection of intelligent hospitals, we explore in-depth conventional encryption methods, proxy reencryption, attributed-based encryption, and so forth. Additionally, we also investigate how to apply blockchain and cloud computing technology in intelligent medical scenarios(ii)To overcome the highly complex computation brought by encryption, we adopt the proxy reencryption method and ABE method to provide a specific access control mechanism to users and design the data sharing and replacement and privacy protection rule participated by the cloud service side(iii)We propose a distributed medical data privacy protection scheme, bring in a cloud computing pattern, and designed blockchain-based distributed data management architecture to strengthen the computing power of the user side. Meanwhile, we also use the private chain in blockchain to ensure the security of patient data information(iv)The simulation experiment has verified the effectiveness of the method in this paper. With blockchain and cloud computing, not only healthcare data can be effectively shared among medical institutions, but also the privacy of patient information can be assured
The remainder of this paper is organized as follows. Section 2 discusses related works, and the use of proxy reencryption for authorization management and access control in cloud computing is outlined in Section 3. The medical data privacy protection scheme based on blockchain and cloud computing is presented in Section 4. Section 5 shows the experimental simulation results, and Section 6 concludes the paper with a summary and proposed direction for future research.
2. Related Work
Medical data has precisely recorded people’s illnesses, and medical records and the secure storage and sharing of medical data and patient privacy protection have increasingly become a priority to build intelligent hospitals. Traditional data access control technology builds and implements a safety access strategy with a completely reliable server, making it difficult to get adapted to the distributed network environment in modern times. Featured by decentralization and trustlessness, blockchain has given people a brand-new idea through distributed data storage, reliable point-to-point transmission, a consensus mechanism, and encryption algorithms . In the security demand under the cloud computing environment in recent years, ABE is an important technological means, and the ABE access control mechanism has been studied extensively in the computing environment. As an encryption mechanism that uses attribute as a public key, the mechanism, in essence, links users with ciphertexts through the attribute. Its flexibility of encryption and access control form has greatly ensured the security of cloud data storage . In the meanwhile, it has also achieved fine-grained access and become the key technique for secure cloud storage access control. However, the traditional ABE mechanism fails to completely guarantee data confidentiality, effectively prevent collision attack, or satisfy the forward and backward security of attribute revocation and the huge computing costs caused by revocation. It will be a significant core of research to apply blockchain into cloud computing and use the security mechanism of blockchain to enhance the secure storage and performance of cloud computing. The integration of blockchain and cloud computing plus proper security strategy can solve the contradiction between data sharing and privacy .
This paper has brought forth a distributed medical data privacy protection scheme based on blockchain and cloud computing technology with an aim at the open-ended question brought by data sharing of intelligent hospitals and personal privacy protection of patients. Concretely, on the one hand, the scheme has introduced a cloud computing pattern and designed blockchain-based distributed data management architecture for intelligent hospitals, in which it uses a consortium chain in the blockchain and ensures the security of user information in order to guarantee the operating efficiency of blockchain and reduce the computing burden of the user side. Besides, to handle the highly complex computing caused by encryption, it has used proxy reencryption technology and ABE technology to offer specific access control mechanisms to users. The access of every user is based on condition and attribute, which provides a secure exchange of patient information for every doctor. The response side encrypts all medical data. The cloud nodes process the medical data transmitted to get and return the final ciphertext to the request side. On the other hand, it has designed the data sharing and replacement as well as privacy protection rules with the participation of the cloud computing service side, and it can greatly solve the difficulties in secure storage and sharing of intelligent hospitals.
The underlying communication of blockchain generally adopts P2P communication. P2P technology makes the communication on the network easy and direct and reduces the dependence on the intermediate server to the minimum. P2P technology has the characteristics of decentralization, scalability, robustness, high cost performance, and load balancing. Consensus mechanism is the core of blockchain, which maintains the normal operation of blockchain. Consensus mechanism is an algorithm to reach consensus on the order of things in a period of time. Common consensus mechanisms include proof of work (POW), proof of stake (POS), and practical Byzantine fault tolerance (PBFT). Consensus mechanism ensures that the uniqueness of information and data cannot be tampered with. Taking advantage of this, blockchain technology can be widely used in intelligent asset management, such as intellectual property protection and domain name management, to ensure that the contract is not tampered with. At present, relevant researchers all over the world have been studying medical data sharing and privacy protection. He et al. has proposed a medical data sharing model of cloud storage, which adopts the distributed sharing mechanism and which meets the interoperability requirements of CCR standard ; however, there is still a huge gap with the data security and privacy protection as required by intelligent hospitals. Seyedmostafa et al. has built a portable medical system architecture, which supports data security and privacy protection through the CIA/HIPAA protocol, but which does not meet the requirement of interoperability . Liang et al. have used the CCR standard and designed a solution—HealthVault, which is a web medical and health record system and which adopts the client-server pattern. All medical data are stored in a third-party server, so security and reliability cannot be guaranteed . The Healthticket model designed by Kyazze et al. enables doctors to access medical data of patients through the web app . This model ensures the private information of patients with CP-ABE mechanism, but the access requires multiple licenses. The security, privacy, and interoperability of all these models are difficult to meet the requirements of intelligent healthcare. However, blockchain technology completes permission validation through a third party, which has solved the above problems satisfactorily, balanced medical data sharing and privacy protection, eliminated central nodes, and improved access efficiency.
Proxy reencryption is a key conversion mechanism between ciphertexts and it was proposed by Cheng et al. Wang et al. has given its normative formal definition in the 2005 Network & Distributed System Security Symposium (NDSS) and the 2007 ACM Conference on Computer and Communications Security and constructed the one-way proxy reencryption algorithm [16, 17]. Based on the above two studies, Xu has constructed the first valid two-way proxy reencryption algorithm . Afterward, Yang et al. have also constructed the secure one-way proxy reencryption scheme without bilinear pairing . Ateniese et al. had configured the privacy proxy reencryption algorithm in line with CPA security. As for ABE, Fan et al. had constructed the KP-ABE algorithm to support monotonous access for the first time, and the ciphertext uses the attribute for encryption . The key is tied to user access strategy and only when the access strategy of the key matches the attribute of the passphrase can the user correctly decrypt the passphrase. Willison et al. had raised a secure and unbounded ABE algorithm , the size of whose attribute set is not confirmed when initializing the public parameters. Moreover, the available attributes are infinite polynomial orders, and new attributes can be added in the specific implementation. Hakak et al. had improved the ABE algorithm, which had extended the decryption condition to the universal monotonous access control and adopted a fine-sorted access control key . It has greatly expanded the coverage of the ABE algorithm . Later, Hussein et al. had come up with an ABE algorithm approximate to actual access control, but loopholes still exist in the security . Conti et al. had put forward an ABE algorithm for DBDH problems, but the access mode is merely a simple attribute operation without reaching universal access control . Integrating blockchain and cloud computing in the research of secure storage of healthcare data has found a new direction for the relevant theoretical research of information security and promoted extended applications of blockchain in the fields, which involve sensitive data such as intelligent healthcare. In this sense, it has certain practical value .
3. Use of Proxy Reencryption for Authorization Management and Access Control in Cloud Computing
When a cloud hospital needs to share the data authorization with another hospital, it needs to get the other’s public key. Thus, it needs to generate a corresponding switch key for every user and then sends it to the cloud. When a user requests access to these data resources, the cloud will return the encrypted text of data and the corresponding key ciphertext according to the user’s public key after verifying the identity authentication and authorization authentication, and the user decrypts these two ciphertext files to get the original plaintext resources of the corresponding data .
The cloud needs to generate a reencrypted ciphertext for every authorized user, and those unauthorized users have no right to obtain the reencrypted ciphertext of other users . Even if unauthorized users do get the reencrypted ciphertext, they cannot decrypt the corresponding plaintext data. When applying ABE in proxy reencryption, it can authorize more than one user with the same group of attributes at one time. The procedure of proxy reencryption is as follows: (1)Hospital A requests the cloud service provider to generate its pair of public and private keys and encrypts the plaintext of medical data with its public key to get the ciphertext . Here, is what Hospital A wants to give to Hospital B.(2)The cloud service provider generates a pair of public and private keys and returns them to Hospital A. After sending to the cloud service provider, Hospital A also calculates for the cloud service provider and generates the specific key .(3)The intermediate proxy uses the key generated by Hospital A to change the ciphertext into the encrypted text , which can also be decrypted, by the private key of Hospital B. Here, the proxy only provides conversion service, and it cannot get the original plaintext data resources.(4)Later, the proxy will send the encrypted text data to Hospital B.(5)After receiving the ciphertext from the proxy, Hospital B decrypts and gets the plaintext data of medical data, secretly shared by Hospital A.
The sketch of proxy reencryption is shown in Figure 1.
The above proxy reencryption process has released the burden of Hospital A, which only needs to generate the key of the proxy while the transmission of specific medical data, the encrypted conversion of data, and the file storage are all completed by the cloud service provider. Proxy reencryption can achieve the sharing of ciphertext medical data in the cloud without leaking the decryption key of the data owner. The data can be stored once and shared many times, and only the shared key needs to be generated for the control of authority .
4. Medical Data Privacy Protection Scheme Based on Blockchain and Cloud Computing
4.1. Proxy Reencryption Based on Paillier and RSA
We adopt the proxy reencryption of Paillier homomorphism and the RSA algorithm to prevent shared medical data from leaking. If an encrypted function only satisfies the addition homomorphism, it can only be added and subtracted; if an encrypted function only satisfies multiplicative homomorphism, it can only perform multiplication and division. The Paillier algorithm is homomorphic to addition, and the RSA algorithm is homomorphic to multiplication. In an untrusted cloud storage, when the confidentiality of data cannot be guaranteed, the proxy reencryption part is used for reencryption, and the part is used for authorization. In the untrusted open environment of the third party, it can ensure the confidentiality of sensitive data in cloud storage. In homomorphic encryption, the private key encrypts medical data and only the client has the public key. In the keys generated by using proxy reencryption, even if a malicious attacker gets one of them, the attacker still needs another different key for decryption. If the attacker gets all these encrypted data, he cannot decrypt and get the original plaintext data between the client and the server. This also makes sure that even the processor cannot access the information of the data . The algorithms begin with initialization and outputs from the central authentication center the pair of public and key keys, the master key of the center, the public key of the system, and the common parameters. Below are the specific implementation steps.
Step 1. Generate a pair of public and private keys.
Hospital A and Hospital B request the cloud service provider to generate their public keys and private keys, respectively. After the provider generates a pair of a public key and private key for Hospital A and Hospital B separately, the cloud service provider will return to Hospital A and Hospital B.
Step 2. Randomly choose two relatively big and independent prime numbers to make
Step 3. Calculate in which is the information to be encrypted.
Step 4. Choose a random integer to make .
Step 5. Use Equation (4) below and calculate the existence of modularized multiplicative inverse to determine and separate the sequence of . in which, function is defined as the following equation:
Step 6. The public key is and the private key is .
Step 7. Generate the encrypted file.
Hospital A first uses RSA encryption to calculate and encrypt data to generate the encrypted file C1. Then, Hospital A encrypts according to the second layer, encrypts the key of RSA with its public key, and generates the encrypted file C2. Finally, Hospital A uploads two encrypted files: C1 and C2 into the server.
Step 8. Make the information to be encrypted and .
Step 9. Randomly select and make .
Step 10. Calculate the ciphertext:
Step 11. Construct the key of proxy reencryption.
Hospital A requests the public key of Hospital A from the cloud service provider. The provider will return this public key to Hospital A. Hospital A uses the public key of Hospital B and its private key to generate the reencryption key, and then Hospital A uploads the newly generated reencryption key into the server.
Step 12. Calculate the public key and private key .
Step 13. The Paillier algorithm generates the reencrypted ciphertext and the public key is sent to the cloud computing server.
For a given public key and the second-layer ciphertext, this algorithm can use the reencryption key and generate the first-layer ciphertext of the public key . The server uses the reencryption key and the ciphertext uploaded by Hospital A to conduct proxy reencryption computing and generates new ciphertext.
Step 14. Hospital B requests data and .
Hospital B requests the cloud server to decrypt the data and the corresponding ciphertext. The cloud server sends the reencrypted text to Hospital B. Hospital B decrypts the ciphertext, gets the key, and uses RSA for decryption to get the original plaintext data.
Step 15. Ciphertext .
Step 16. Compute the information.
4.2. Measurement of Ability of This Scheme against Malicious Attacks
Firstly, make the client set to implement the encryption task . For the responder in , its encrypted data is a -dimensional vector, represented by . So, . After receiving the encrypted data, the cloud node will request the credibility of every client in the response side to the central authentication center.
The reliability measurement is weighed through the difference between and the final result . Here, we have defined the extent of difference between and as the square of Euclidean distance between and , which can be calculated through the following equation: in which, the smaller the value of , the higher the credibility of . The degree of difference is the extent of difference among the values of variables, and it is used to measure the safety risk.
When the central authentication center receives the from the cloud node , it needs to find the median of difference . Introduce the adjustment parameter , and for the response side of the encryption task, if the difference of encrypted data is , the credibility of this user will increase. Besides, the smaller the , the more the increase of the credibility. If , then the credibility of this client decreases. In addition, the bigger the value of , the more the reduction of the credibility. After getting the credibility before implementing the current encryption task of the client in , the central authentication center has the following equation to calculate the credibility of this client: in which, , and are the parameters to confirm , and their values are all bigger than 0. is a sign function, and it is defined as follows: if ; if ; and if . By selecting the proper value of , always sustains when the user accesses normally, and it can eliminate malicious accesses and attacks from the client set with increased difference.
After getting , first, find the median in the sequence of differences. It can be learned from Equation (11) that parameters and have decided the rates at which the credibility converges to 0 and 1, respectively.
For the user in , if , it is deemed as normal access. At this time, we introduce the adjustment parameter , and its value is a positive integer. The credibility iteration formula has become the following from Equation (11): in which, and are two new parameters. is smaller than , and a smaller can avoid too much difference in the client’s credibility during the iteration of Equation (12). Likewise, should also be smaller than .
5. Simulation Experiment and Analysis
When conducting a simulation experiment, we use the data of the patient’s routine medical checks. The data is a 25-dimensional vector, and the numerical value of every dimension can be seen in Table 1. In order to complete every encryption task , the processor of the encryption task will firstly receive a 25-dimensional medical data vector. Then, it encrypts every element in the vector and sends the encrypted result to the cloud node where it is located. As this scheme uses the frameworks of Hadoop and Spark in the side of cloud computing, it has higher storage and computing abilities. It can respond in a timely manner to the requests of users and complete the uploading, computing, and downloading operations of users, so it can achieve the purpose of dynamic sharing and patient privacy protection.
For every client, its credibility is initialized as 0.5 and according to Equations (11) and (12), the client’s credibility increases when providing the accurate data and the credibility decreases when providing wrong data.
The impact of different values of the parameter on credibility can be reflected from the changes in the client’s credibility when increases. Make represent the number of encryption tasks to be implemented by the client. As shown in Figure 2, if the client can constantly provide correct data, thendecides the speed at which its credibility is converged to 1. Besides, the bigger the value of , the faster its credibility is converged to 1. However, when the value is too big, it can be easily attacked internally and externally. Therefore, should not be too big, and normally, it is set .
The value ofchanges from the initial value of 0.03 to 0.28 at a step-length of 0.05. As indicated in Figure 3, determines the speed at which that client’s credibility is converged to 0. Besides, the value of cannot be too big; otherwise, the credibility will drop too fast when the client generates wrong data due to various accidental factors, which should be avoided. Moreover, the value of cannot be too little, either; otherwise, it will give too little punishment to the credibility of dishonest clients and lead to further attacks. The values of and shall meet the requirement of . In this paper, it is set as follows: .
In order to analyze the impact of parameters , and on updated credibility, this paper has set the scenario, which includes 100 encryption tasks. These 100 client sides need to handle 100 encryption tasks. In the initial stage, the initial credibility of every client handling the encryption task is 0.5. In all encryption processing, we assume that there exist 10 dishonest clients and set .
When analyzing the impact of parameter on credibility update, we randomly select a normal client and observe the change of credibility over the number of tasks . Here, the values of include 5, 20, 50, 80, and 100. For every value of , we experiment 100 times and summarize the changes of the mean value of that client’s credibility when increases from 1 to 100. As can be seen from Figure 4, the smaller the value of , the faster the client’s credibility is converged to 1. When updating the credibility through Equation (12), the smaller the value of , the bigger the value of and the more the increase in the client’s credibility after giving one correct data. When is 0, the increase of credibility is completely decided by and it cannot filter different clients. Therefore, the value cannot be too small; otherwise, the client can easily get higher credibility and cause potential security risks. Generally, it is set .
Likewise, the impact of credibility update is analyzed. The values of are 0.001, 0.005, 0.01, 0.05, and 0.1. In particular, the value of is much smaller than that of because the difference in data of normal clients is usually very close and approximates to 0. As indicated in Figure 5, the bigger the value of , the faster the credibility of dishonest clients is converged to 0. According to Equation (12), when approximates 0, the decrease of credibility is determined by parameter . In order to avoid the client’s credibility falling too much due to the occasional provision of few wrong data, the value of cannot be too small, and generally, it is set as .
When analyzing the impact of on credibility, its values are set as 0.001, 0.005, 0.01, 0.05, and 0.1, and meanwhile, make . Generally, the value is smaller. Figure 6 has shown the changes of credibility when takes different values. It can be seen that the impact of is similar to that of ; in other words, the smaller the , the faster the credibility is converged to 1. Considering the difficulty to set credibility, the value cannot be too small, and normally, it is as follows: .
Figure 7 shows the changes of credibility when is given the values of 0.001, 0.005, 0.01, 0.05, and 0.1. The bigger the value of , the faster the credibility is converged to 0. After all medical data are normalized, within the range of , the credibility is arranged according to the order of difference of encrypted data. With the changing trend of credibility, the value of is smaller than that of . Besides, to prevent credibility from falling too quickly, the value of cannot be too big. Generally, we have set .
With the help of the powerful storage ability of the cloud platform, the client will store the ciphertext in the cloud after the client uses the RSA method to encrypt the data, by encrypting the public key of the client-side, uploading, and storing the ciphertext to the cloud. When the client wants to share the data with another person, the client generates a reencryption key according to its decryption key and the encryption key of the other person and sends it to the cloud. The cloud server uses its strong computing power, integrates the reencryption key, proceeds with the reencryption, and stores the ciphertext in the cloud. Then, the other person downloads from the cloud server, decrypts with his private key, and gets the original plaintext with RSA decryption. In this way, the ciphertext is shared and the private key of the client is not leaked in this entire process. The medical data privacy protection scheme based on blockchain and cloud computing designed in this paper solves the problems of medical data storage and point-to-point data transaction, meets the needs of users for data management, and provides a new idea for solving the problem of data privacy security. Compared with the traditional technology, this scheme does not need an additional trusted third party nor does it need to rely on the “challenge response” mechanism, that is, the cloud does not need to provide special interface support, and the blockchain does not need to construct special transactions for the technical solution.
Blockchain is a brand-new decentralized distributed database, and it is a series of data blocks by using cryptographic methods. In this paper, we combined two encryption methods: proxy reencryption and attribute-based encryption and built key technical solutions for cloud computing based on blockchain to be applied in security and privacy protection of distributed medical data. It can not only achieve integrity testing of cloud data but also achieve broader security encryption computing. Intelligent hospitals only need to give the proxy key to the cloud server, which can convert medical data into the encrypted text in the designated format. The fixed client can access these shared data resources with their private key at any time. Even if the cloud server has the proxy key, it cannot get these data resources and the client does not need to download these resources. The proposed scheme can help solve such problems in that healthcare data are easy to be monopolized and tampered with and difficult to share and that the third party is not trustworthy to achieve the purpose of secure sharing and storage of distributed, decentralized, traceable, and unalterable healthcare data. In the future, we will consider improving the consensus mechanism, studying how to achieve fine-grained control of cloud data and how to reduce the storage overhead of redundant data, so that the performance of the blockchain can meet more needs of intelligent hospitals.
The raw/processed data required to reproduce these findings cannot be shared at this time as the data also forms part of an ongoing study.
Conflicts of Interest
The authors declare that they have no competing interests.
M. Kyazze, J. Wesson, and K. Naude, “The design and implementation of a ubiquitous personal health record system for South Africa,” Studies in Health Technology & Informatics, vol. 206, no. 206, pp. 29–41, 2014.View at: Google Scholar
A. F. Hussein, N. ArunKumar, G. Ramirez-Gonzalez, E. Abdulhay, J. M. R. S. Tavares, and V. H. C. de Albuquerque, “A medical records managing and securing blockchain based system supported by a genetic algorithm and discrete wavelet transform,” Cognitive Systems Research, vol. 52, no. 12, pp. 1–11, 2018.View at: Publisher Site | Google Scholar
A. Conti, P. Delbon, L. Laffranchi, C. Paganelli, and F. De Ferrari, “HIV-positive status and preservation of privacy: a recent decision from the Italian Data Protection Authority on the procedure of gathering personal patient data in the dental office,” Journal of Medical Ethics, vol. 38, no. 6, pp. 386–388, 2012.View at: Publisher Site | Google Scholar