PhD Theses.Electronic medical records (EMRs) as part of an eHealth system are vital assets centrally
managed by medical institutions and used to maintain up to date patients' medical
histories. Such centralised management of EMRs may result in an increased risk of EMR
damage or loss to medical institutions. In addition, it is di cult to monitor and control
who can access their EMRs and for what reasons as eHealth may increasingly involve
the use of IoT devices such as eHealth wearables and distributed networks. Blockchain is
proposed as a promising method applied to support distributed data storage to maintain
and share EMRs using its inherent immutability (forgery resistance). However, the
original blockchain design cannot restrict unauthenticated or unauthorised data access
for use as part of EMR management.
Therefore, two novel authorisation schemes to enhance the security and privacy of
blockchain use for EMRs are proposed in this work. The rst one can omit the agent layer
(gateway) to authorise users' access to blockchain-enabled EMRs with block level gran-
ularity, whilst maintaining compatibility with the underlying Blockchain data structure.
Then, an improved scheme is proposed to implement multiple levels of granularity autho-
risation, whilst supporting
exible data queries. This scheme dispenses with the need to
use a public key infrastructure (PKI) in authorisation and hence reduces the resource
cost of computation and communication. Furthermore, to realise privacy preservation
during authorisation, a challenge-response anonymous authorisation is proposed that
avoids the disclosure of users' credentials when authorising data access requests.
Compared with the baseline schemes, the proposed authorisation schemes can decrease
the time consumption of computation and data transmission and reduce the transmitted
data size so that they can be used in low-resource IoT devices applied to blockchain-
enabled EMRs as demonstrated in performance experiments. In addition, theoretical
i
validations of correctness demonstrate that the proposed authorisation schemes work
correctly
