Privacy-Preserving Statistical Analysis of Health Data Using Paillier Homomorphic Encryption and Permissioned Blockchain

Blockchain is a decentralized and peer-to-peer ledger technology that adds transparency, traceability, and immutability to data. It has shown great promise in mitigating the interoperability problem and privacy concerns in the de facto electronic health record anagement systems and has recently received increasing attention from the healthcare industry. Several blockchain-based and decentralized health data management mechanisms have been proposed to improve the quality of care delivery to patients. Apart from care delivery, health data has other important applications, such as education, regulation, research, public health improvement, and policy sup- port. However, existing privacy acts prohibit health institutions and providers from sharing patients\u27 data with third parties. Therefore, research institutions that con- duct research on private health data need a secure system that provides accurate analysis results while preserving patient privacy and minimizing the risks of data breaches. In this thesis, We propose a novel privacy-preserving method for statis- tical analysis of health data. We leveraged the blockchain technology and Paillier encryption algorithm to increase the accuracy of data analysis while preserving the privacy of patients. Smart contracts were used to carry out mathematical operations on the encrypted records in a secure manner. We were able to successfully deploy the proposed scheme on Hyperledger Fabric, a permissioned and consortium blockchain platform. Compared to the previous works, the proposed model enjoys the bene ts of a distributed blockchain-based environment, which include higher availability and enhanced data security. The experimental results show the feasibility of this method with a reasonable amount of time for regular queries. Blockchain is a decentralized and peer-to-peer ledger technology that adds transparency, traceability, and immutability to data. It has shown great promise in mitigating the interoperability problem and privacy concerns in the de facto electronic health record anagement systems and has recently received increasing attention from the healthcare industry. Several blockchain-based and decentralized health data management mechanisms have been proposed to improve the quality of care delivery to patients. Apart from care delivery, health data has other important applications, such as education, regulation, research, public health improvement, and policy sup- port. However, existing privacy acts prohibit health institutions and providers from sharing patients\u27 data with third parties. Therefore, research institutions that con- duct research on private health data need a secure system that provides accurate analysis results while preserving patient privacy and minimizing the risks of data breaches. In this thesis, We propose a novel privacy-preserving method for statis- tical analysis of health data. We leveraged the blockchain technology and Paillier encryption algorithm to increase the accuracy of data analysis while preserving the privacy of patients. Smart contracts were used to carry out mathematical operations on the encrypted records in a secure manner. We were able to successfully deploy the proposed scheme on Hyperledger Fabric, a permissioned and consortium blockchain platform. Compared to the previous works, the proposed model enjoys the bene ts of a distributed blockchain-based environment, which include higher availability and enhanced data security. The experimental results show the feasibility of this method with a reasonable amount of time for regular queries

Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High Availability

Confidentiality, integrity protection, and high availability, abbreviated to CIA, are essential properties for trustworthy data systems. The rise of cloud computing and the growing demand for multiparty applications however means that building modern CIA systems is more challenging than ever. In response, we present the Confidential Consortium Framework (CCF), a general-purpose foundation for developing secure stateful CIA applications. CCF combines centralized compute with decentralized trust, supporting deployment on untrusted cloud infrastructure and transparent governance by mutually untrusted parties. CCF leverages hardware-based trusted execution environments for remotely verifiable confidentiality and code integrity. This is coupled with state machine replication backed by an auditable immutable ledger for data integrity and high availability. CCF enables each service to bring its own application logic, custom multiparty governance model, and deployment scenario, decoupling the operators of nodes from the consortium that governs them. CCF is open-source and available now at https://github.com/microsoft/CCF.Comment: 16 pages, 9 figures. To appear in the Proceedings of the VLDB Endowment, Volume 1

Privacy-Preserving Initial Public Offering using SCALE-MAMBA and Hyperledger Fabric

International audienceWe consider Initial Public Offering (IPO) on blockchains while preserving privacy using Secure Multiparty Computation (MPC), which allows participants to perform a computation on secret data. We provide "MPC as a service", where users requiring a computation distributes shares of their data to MPC workers who run an MPC protocol on the shares and return the result. Previous work by Benhamouda et al. considered IPO over Hyperledger Fabric. We improve by providing a tighter and easier integration of MPC protocol in Fabric using the MPC library SCALE-MAMBA. We explain the obtained security benefits and experimental results are provided

Cloaking fabric, a confidentiality layer for hyperledger fabric

Permissioned blockchains have resulted in some unlikely collaborations between organizations that would have previously been impossible due them mutually distrusting each other. They provide a sense of trust among the parties due to the decentralized nature of their deployment that prevents censorship from a subset of the parties. Decentralization mandates that all the parties have the same view of the system, therefore it has been difficult to represent and store private data. Asynchronous Verifiable Secret Sharing(AVSS) and Secure Multi Party Computation(MPC) are techniques from cryptography that allow the sharing of secrets among multiple parties and enable arbitrary computations on the shared data without leaking any information about the data. Previously, AVSS and MPC protocols were inefficient for practical use or did not work in the same setting of blockchains where nodes of the blockchain could arbitrarily fail. Honeybadger AVSS and Honeybadger MPC are robust and scalable frameworks that make them a good candidate to be coupled with a permissioned blockchain to form a confidentiality layer on top of it. We present Cloaking Fabric, an extension to the popular permissioned blockchain Hyperledger Fabric that utilizes HoneybadgerMPC and HoneybadgerAVSS to provide a confidentiality layer that would allow smart-contracts on the blockchain to interact with private data. We present a suite of applications to demonstrate our system and measure the overhead it would have over standard MPC operations

Logging mechanism for cross-organizational collaborations using Hyperledger Fabric

Organizations nowadays are largely computerized, with a mixture of internal and external services providing them with on-demand functionality. In some situations (e.g. emergency situations), cross-organizational collaboration is needed, providing external users access to internal services. Trust between partners in such a collaboration can however be an issue. Although (federated) access control policies may be in place, it is unclear which data was requested and delivered after a collaboration has finished. This may lead to disputes between participating organizations. The open-source permissioned blockchain Hyperledger Fabric is utilized to create a logging mechanism for the actions performed by the participants in such a collaboration. This paper presents the architecture needed for such a logging mechanism and provides details on its operation. A prototype was designed in order to evaluate the performance of an asynchronous logging approach. Measurements show that the proposed logging mechanism enables organizations to create a log of service interactions with limited delay imposed on the data exchange process

Healthcare information exchange using blockchain technology

Current trend in health-care industry is to shift its data on the cloud, to increase availability of Electronic Health Records (EHR) e.g. Patient’s medical history in real time, which will allow sharing of EHR with ease. However, this conventional cloud-based data sharing environment has data security and privacy issues. This paper proposes a distributed solution based on blockchain technology for trusted Health Information Exchange (HIE). In addition to exchange of EHR between patient and doctor, the proposed system is also used in other aspects of healthcare such as improving the insurance claim and making data available for research organizations. Medical data is very sensitive, in both social as well as legal aspects, so permissioned block-chain such as Hyperledger Fabric is used to retain the necessary privacy required in the proposed system. As, this is highly permissioned network where the owner of the network i.e. patient holds all the access rights, so in case of emergency situations the proposed system has a Backup Access System which will allow healthcare professionals to access partial EHR and this backup access is provided by using wearable IOT device

Decision Analytics Using Permissioned Blockchain “Commledger”

The advent of Blockchain has introduced a paradigm shift in the area of Scientific Computing. The decision analytics embodiment in current technology fabric has introduced a need of incorporating Blockchain with industrial technology ecosystem. The utilization of Blockchain has introduced gaps in terms of standard business processes, while the data is being processed using the concept of traditional RDBMS and NoSQL data formats. The lag of permissioned and permissionless Blockchain is the problem area which is dealt with in this doctoral dissertation to provide a Proof of Permission (PoP) protocol for any organization or entity to tailor according to their environmental constraints. There has been a need of an opensource protocol that organizations can customize according to their needs, which is not bound of using only REST interactions. The research presented in this thesis provides such a solution for the industry. The provided propositions are the use of Tiered Asynchronous Locking Algorithm (TALA) to generate a key for securing an Authenticated Data Acceptance Marker (ADAM) block for a permissioned Blockchain Community Ledger (CommLedger)

Revealing the Landscape of Privacy-Enhancing Technologies in the Context of Data Markets for the IoT: A Systematic Literature Review

IoT data markets in public and private institutions have become increasingly relevant in recent years because of their potential to improve data availability and unlock new business models. However, exchanging data in markets bears considerable challenges related to disclosing sensitive information. Despite considerable research focused on different aspects of privacy-enhancing data markets for the IoT, none of the solutions proposed so far seems to find a practical adoption. Thus, this study aims to organize the state-of-the-art solutions, analyze and scope the technologies that have been suggested in this context, and structure the remaining challenges to determine areas where future research is required. To accomplish this goal, we conducted a systematic literature review on privacy enhancement in data markets for the IoT, covering 50 publications dated up to July 2020, and provided updates with 24 publications dated up to May 2022. Our results indicate that most research in this area has emerged only recently, and no IoT data market architecture has established itself as canonical. Existing solutions frequently lack the required combination of anonymization and secure computation technologies. Furthermore, there is no consensus on the appropriate use of blockchain technology for IoT data markets and a low degree of leveraging existing libraries or reusing generic data market architectures. We also identified significant challenges remaining, such as the copy problem and the recursive enforcement problem that-while solutions have been suggested to some extent-are often not sufficiently addressed in proposed designs. We conclude that privacy-enhancing technologies need further improvements to positively impact data markets so that, ultimately, the value of data is preserved through data scarcity and users' privacy and businesses-critical information are protected.Comment: 49 pages, 17 figures, 11 table