ABSTARCT :

In current healthcare systems, electronic medical records (EMRs) are always located in different hospitals and controlled by a centralized cloud provider. However, it leads to single point of failure as patients being the real owner lose track of their private and sensitive EMRs. Hence, this paper aims to build an access control framework based on smart contract, which is built on the top of distributed ledger (blockchain), to secure the sharing of EMRs among different entities involved in the smart healthcare system. For this, we propose four forms of smart contracts for user verification, access authorization, misbehavior detection, and access revocation respectively. In this framework, considering the block size of ledger and huge amount of patient data, the EMRs are stored in cloud after being encrypted through the cryptographic functions of Elliptic Curve Cryptography (ECC) and Edwards-Curve Digital Signature Algorithm (EdDSA), while their corresponding hashes are packed into blockchain. The performance evaluation based on a private Ethereum system is used to verify the efficiency ofproposed access control framework in the real-time smart healthcare system.

EXISTING SYSTEM :

A. Blockchain-based Access Control :

 Access control is an essential component of the information systems and maintains its security by verifying whether a user has the requisite rights to access the services that he/she requests. The current access control schemes face a lack of privacy issues and the presence of a third party. The characteristics of blockchain technology can alleviate these issues and access permissions can be enforced and controlled through the use of smart contracts.

A blockchain-based decentralized and secure personal data management system that can be incorporated into a mobile software development kit (SDK) has been proposed [19]. However, the system’s encrypted response has been stored in a trusted third party, which can easily bring the risk of personal data disclosure. [20] explores blockchain-based access control manager for IoT that allows users to control access privilege through various transactions, but suffers from a limited computing capability to get them processed. A blockchain-based decentralized run time access monitoring system (DRAMS) has been proposed for distributed access control in a federated cloud environment [21]. It can guarantee data security but does not facilitate efficient and secure sharing of digital records. A scalable access management architecture has been proposed for specific IoT plots in [22]. However, current blockchain technology by its protocol is limited to use as a database and remains an open research challenge. Another such blockchainbased storage system that combines interplanetary file system (IPFS) and attribute based encryption (ABE) is proposed to provide fine-grained access control [23]. However, it is not able to revoke the user’s attributes or access policy update. A decentralised, federated capability-based delegation model (FCDM) is introduced in [24] to effectively protect large scale IoT devices. However, it has a higher latency of access request response due to storage overhead, resulting from the use of blockchain as a storage platform.

B. Blockchain-based EMR System :

Blockchain technology provides tamper-proof storage solution for the EMR and smart contracts provide the selfexecuting functionality for the EMR system. In [25], an approach has been proposed for exchanging and managing the medical records, which utilizes the miners to comprehend and share data in order to obtain rewards. However, this is not considered ethical in healthcare due to financial conflicts of interest from token ownership to ethics guidelines [26]. Another scheme for the sharing of medical data is proposed to access and retrieve digital medical information [27]. However, it does not provide dynamic validation of entities. A privacy-preserving distributed mechanism named Medibchain has been proposed for regulating the healthcare data where blockchain is used as a storage [28]. Medibchain has been deployed and it ensures pseudonymity through cryptographic functions [29]. This approach needs to transfer the actual medical data to the blockchain servers, which in turn brings out an extra overhead for data transmission. A blockchain-based medical insurance system has been presented in [30], where the medical data is stored in the blockchain and protected by

In [25], an approach has been proposed for ex(n) servers. In this scheme, a hospital can make any node to act as a server where threshold (t) nodes are involved in obtaining data about the patient’s expenditure. Nevertheless, the system is unreliable if these threshold servers are dishonest. A data sharing approach has been proposed for EMRs through consortium blockchain [31]. It utilizes a keyword-based search to match the digital record contained in the encrypted files. It has limitations of increased overhead communication with an increase in data chunks and can not retrieve storage space after sharing them.changing and managing the medical records, which utilizes the miners to comprehend and share data in order to obtain rewards. However, this is not considered ethical in healthcare due to financial conflicts of interest from token ownership to ethics guidelines [26]. Another scheme for the sharing of medical data is proposed to access and retrieve digital medical information [27]. However, it does not provide dynamic validation of entities. A privacy-preserving distributed mechanism named Medibchain has been proposed for regulating the healthcare data where blockchain is used as a storage [28]. Medibchain has been deployed and it ensures pseudonymity through cryptographic functions [29]. This approach needs to transfer the actual medical data to the blockchain servers, which in turn brings out an extra overhead for data transmission. A blockchain-based medical insurance system has been presented in [30], where the medical data is stored in the blockchain and protected by (n) servers. In this scheme, a hospital can make any node to act as a server where threshold (t) nodes are involved in obtaining data about the patient’s expenditure. Nevertheless, the system is unreliable if these threshold servers are dishonest. A data sharing approach has been proposed for EMRs through consortium blockchain [31]. It utilizes a keyword-based search to match the digital record contained in the encrypted files. It has limitations of increased overhead communication with an increase in data chunks and can not retrieve storage space after sharing them.

Blockchain has been proposed as a remedy for cloud-based data security and privacy [32] as it detailed the limitations of current centralized technology to store sensitive medical data. It also highlights some challenges of using blockchain for medical data management; however, does not propose a technical approach or method to address them. A blockchainbased EMR authentication scheme has been proposed using the identity-based signature [33]. But the security of medical data generated by smart healthcare devices is not taken into account. Healthchain [34] proposes a distributed blockchainbased system constituting two chains for users and doctors to enable easy revocation. However, it is more complex than our proposed scheme because of two sub-chain models. Unlike [34], our proposed scheme enables all the entities to share EMR with the permission of the patient. Furthermore, our scheme allows the new entity to be added at any time making it more practical and dynamic.

To address the limitations of the above mentioned works, our scheme facilitates solutions for IoT enabled smart health registries by using the emerging blockchain paradigm. From the data security, authenticity, and non-repudiation standpoint, blockchain is a perfect fit for sharing EMRs since it provides an easily accessible, immutable, and transparent history of all contract-related data, and is adequate for building applications with trust and accountability. Also, our scheme only uploads the hash and index number of EMR to the blockchain network by leveraging the cloud as a storage. Since the hash and index number of EMR are very small in size, they reduce the communication overhead, resulting in faster EMR transmission.

PROPOSED SYSTEM :

As shown in Fig. 1, the system architecture considered in our proposed scheme mainly consists of entities such as hospitals, patients, smart healthcare devices, Medical Control Units (MCUs), and cloud. The roles of these peers in our scheme are explained as follows.

• Hospitals: Hospitals in our scheme mainly include government or private hospitals that generate and share medical data among themselves. In a real scenario, there is a massive problem of securely sharing healthcare records among healthcare providers. Our scheme is designed to address this issue and facilitates the sharing of EMR among hospitals with the consent of patients on the basis of their mutual access agreement policies.

 • Patients: Patients are a vital part of our scheme. The access control mechanism is designed to make them the real owners of their data. They not only have access to their medical records but also manage access attempts through smart contracts that prevent the security issues of illegal data sharing and data theft among healthcare providers.

 • Smart Healthcare Devices: These devices in the scheme include wearable and other IoT devices in the homes or hospitals for real-time monitoring of patients’ health. They are registered and monitored by the respective hospitals on the basis of their unique IDs, which are obtained by the hash values of the MAC addresses of these devices.

 • Medical Control Units: These MCUs are the devices with certain computational power such as smart phones, computers or laptops. They act as a bridge between smart healthcare devices and blockchain nodes that are installed in hospitals. Each smart healthcare device is connected with MCU through WIFI or Bluetooth for exchanging the medical data. MCU encrypt the EMR generated from these devices and transmit them to the respective hospital through the secure communication channel.

• Cloud Server: Cloud server is responsible for authenticating an entity’s credentials. Given the limited block size and large size of EMR, it also acts as a storage while the hash of the EMR file goes to the blockchain to increase the efficiency of our scheme. It can be managed by the government or any health organization.

In a typical medical system, each entity has valuable medical records that other entities might need to access. Therefore, the access control method must be implemented by the data owners to prevent illegal and unauthorized use of their private medical records. The data owner must be able to recognize the adversary and restrict those requests for illegal access. The requesters have access to the data only after satisfying smart contract-based access control policies explained in detail in Section IV.

SYSTEM REQUIREMENTS
SOFTWARE REQUIREMENTS:
• Programming Language : Python
• Font End Technologies : TKInter/Web(HTML,CSS,JS)
• IDE : Jupyter/Spyder/VS Code
• Operating System : Windows 08/10

HARDWARE REQUIREMENTS:

 Processor : Core I3
 RAM Capacity : 2 GB
 Hard Disk : 250 GB
 Monitor : 15″ Color
 Mouse : 2 or 3 Button Mouse
 Key Board : Windows 08/10