Image generated by AI
AI Insight
This paper presents a blockchain-based encryption scheme for secure medical data sharing in the Internet of Medical Things that addresses key limitations in existing Ciphertext-Policy Attribute-Based Encryption systems. The scheme integrates distributed key generation with threshold BLS signatures for data authentication, uses hierarchical access trees for efficient structured data encryption, and employs multi-authority collaboration with proxy re-encryption to prevent single-point-of-failure risks. Testing on a 100-node Hyperledger Fabric network demonstrated consensus latency of approximately 280 ms and key update propagation delay of 1.52 s, with security analysis confirming resistance to chosen-plaintext attacks and collusion attacks.
Why it matters
The scheme offers a practical solution for healthcare organizations to securely share sensitive patient data across multiple institutions while maintaining patient privacy and reducing computational overhead. This could enable more efficient collaborative medical research and improved patient care coordination in resource-constrained IoMT environments.
by Hao Yuan, Guofang Dong, Leilei Zhao
With the rapid development of the Internet of Medical Things (IoMT), the secure and efficient sharing of massive amounts of sensitive medical data has become a core challenge. Addressing the limitations of existing Ciphertext-Policy Attribute-Based Encryption (CP-ABE) schemes, such as the lack of data source authentication, computational redundancy, and single-point-of-failure risks when handling hierarchical data, this paper proposes a blockchain-based multi-authority hierarchical attribute-based encryption scheme. First, the scheme integrates a Distributed Key Generation (DKG) protocol and combines threshold BLS signature technology to establish a collaborative authentication mechanism, thereby enhancing the verification of data source authenticity. Additionally, a dynamic update mechanism ensures the long-term security of collaborative key management. Second, the scheme optimizes the encryption logic for structured data by constructing a hierarchical access tree, and introduces a multi-authority collaboration mechanism and proxy re-encryption (PRE) technology to mitigate single-point-of-failure risks and enable efficient user permission revocation. Security analysis demonstrates that the scheme is resistant to chosen-plaintext attacks (IND-CPA) and collusion attacks by authorities under standard models. Meanwhile, the DKG protocol has been proven to satisfy validity, robustness, confidentiality, and resistance to Sybil attacks. Performance evaluation indicates that the CP-ABE algorithm in this scheme outperforms existing solutions in terms of computational and storage overhead. In large-scale testing on a 100-node Hyperledger Fabric environment, the system achieved a consensus latency of approximately 280 ms and a key update propagation delay of 1.52 s, validating the feasibility of deploying this solution in real-world IoMT environments with limited resources and certain real-time requirements.