CP-BDHCA: Blockchain-Based Confidentiality-Privacy Preserving Big Data Scheme for Healthcare Clouds and Applications

Hemant Ghayvat, Sharnil Pandya, Pronaya Bhattacharya, Mohd Zuhair, Mamoon Rashid*, Saqib Hakak, Kapal Dev

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

68 Citations (Scopus)


Healthcare big data (HBD) allows medical stakeholders to analyze, access, retrieve personal and electronic health records (EHR) of patients. Mostly, the records are stored on healthcare cloud and application (HCA) servers, and thus, are subjected to end-user latency, extensive computations, single-point failures, and security and privacy risks. A joint solution is required to address the issues of responsive analytics, coupled with high data ingestion in HBD and secure EHR access. Motivated from the research gaps, the paper proposes a scheme, that integrates blockchain (BC)-based confidentiality-privacy (CP) preserving scheme, CP-BDHCA, that operates in two phases. In the first phase, elliptic curve cryptographic (ECC)-based digital signature framework, HCA-ECC is proposed to establish a session key for secure communication among different healthcare entities. Then, in the second phase, a two-step authentication framework is proposed that integrates Rivest-Shamir-Adleman (RSA) and advanced encryption standard (AES), named as HCA-RSAE that safeguards the ecosystem against possible attack vectors. CP-BDAHCA is compared against existing HCA cloud applications in terms of parameters like response time, average delay, transaction and signing costs, signing and verifying of mined blocks, and resistance to DoS and DDoS attacks. We consider 10 BC nodes and create a real-world customized dataset to be used with SEER dataset. The dataset has 30,000 patient profiles, with 1000 clinical accounts. Based on the combined dataset the proposed scheme outperforms traditional schemes like AI4SAFE, TEE, Secret, and IIoTEED, with a lower response time. For example, the scheme has a very less response time of 300 ms in DDoS. The average signing cost of mined BC transactions is 3,34 seconds, and for 205 transactions, has a signing delay of 1405 ms, with improved accuracy of ≈ 12% than conventional state-of-the-art approaches.

Original languageEnglish
Pages (from-to)1937-1948
Number of pages12
JournalIEEE Journal of Biomedical and Health Informatics
Issue number5
Early online date14 Jul 2021
Publication statusPublished - 1 May 2022
Externally publishedYes

Cite this