This section provides a detailed explanation of the suggested methodology, along with an overview of its design and examples of its algorithms. Many blockchain techniques are created in traditional efforts to boost the security of healthcare systems. However, the issues of poor data handling, rising expenses, and slowed processing speed continue to exist. The proposed work uses an advanced blockchain technique to improve the security and confidentiality of healthcare data. The primary goal of this effort is to enable safe data transfer in healthcare systems utilizing cybersecurity techniques based on blockchain technology. To build a trustworthy data transmission between the patients and the healthcare system, an upgraded security architecture is designed based on this goal.
From the existing works, we have studied the different types of intrusions or cyber-attacks that highly disrupts healthcare systems in recent times. Also, the effects of security threats and vulnerabilities are studied according to their characteristics and functions. In addition, some of the possible security solutions are examined from these existing works. Based on this analysis, a clear overview about cyber-security in healthcare applications is studied, and also it is more helpful for us to implement the blockchain-based security model for healthcare systems. Blockchain is one of the most recent technologies widely deployed in different fields to guarantee data security and confidentiality. A distributed ledger technology enables reliable communication in the environment using cryptographic primitives. Specifically, it gained significant attention in the healthcare domain due to its immutability, persistency, privacy, and decentralization features. With modern internet technology, healthcare services are moved to online mode, but it is highly susceptible to more security issues like interoperability, security breaches, scattered data, and scalability. In recent days, healthcare systems use the centralized database systems for storing patient’s health information. Typically, the distributed storage system is more expensive in cost and time; hence, medical experts highly prefer centralized storage systems for the health data management field. However, it is also a memory-consuming task since the healthcare data must be encrypted before storing it in the cloud systems. According to the recent reviews, it is analysed that there are various blockchain-integrated healthcare applications are developed in the conventional works. Furthermore, it shows the prominence and applicability of blockchain technology in the healthcare domain field where data privacy, security, and authenticity are mainly concentrated. Also, the majority of the existing security frameworks use the blockchain solutions for protecting the patients’ private information from the unauthorized access. Yet, the existing studies facing the major challenges in terms of high complexity in system chain, storage overhead, large processing time, and low speed. Therefore, the proposed work motivates to implement a lightweight as well computationally effective blockchain model for healthcare security. To accomplish this objective, a Consultative Transaction Key Generation and Management (CTKGM) integrated with Quantum Trust Reconciliation Agreement Model (QTRAM) based blockchain model is deployed in this work. The proposed architecture employs the distributed blockchain model that is more suitable for the next-generation healthcare application systems. Also, a lightweight access controlling mechanism is developed using the hyperledger blockchain methodology for the healthcare systems. In this framework, a common data sharing platform has been utilized for connecting the disjoint stakeholders in the healthcare sector. The key benefits of this framework are economic-friendly, optimal memory consumption, guaranteed security, trusted communication and data sharing.
Given this, the system uses intelligent key creation, trust estimation, and optimization approaches. The suggested model uses a private blockchain for the hospital setting, limiting access to the data to those who are permitted. Additionally, it effectively increases the processing of remote monitoring and protects patient information, diagnostic details, medication details, etc. The proposed cybersecurity model in healthcare systems is depicted in Fig. 1 and includes the following modules:
According to this architecture, the patient serves as the user or source of the transmitter, and the healthcare organization serves as the receiver. The network manager, on the other hand, acts as a middleman between the data sender and recipient. In order to obtain their license to begin the data transfer, the patient-user can first register their information with the hospital server. The network administrator generates a unique private and public key pair along with the user’s license when they submit a registration request to the server using the Consultative Transaction Key Generation and Management tool (CTKGM). This study employs a novel approach for producing the unique key pair based on the procedures of generating random values, performing multiplicative operations, and distributing the keys according to timestamp values. The recipient could not have access to the personal health information once the session terminates due to the time stamp value. The data is encrypted and saved in the server using the blockchain technique after the keys are generated. In the proposed security framework, the Elliptic Curve Cryptography (ECC) model is used to generate the private and public key pairs. Since, the ECC has the better ability to protect the data against unauthorized access, when compared to the other asymmetric encryption mechanisms. The specific advantages of using the ECC approach are listed below:
Therefore, the proposed work uses the ECC technique for key generation, and is suitable for both quantum and classical computing systems. This methodology divides the data into blocks that are then recorded in hash values. Additionally, it improves the protection of data against unauthorized users. The Quantum Trust Reconciliation Agreement Model (QTRAM) is used to set up the secure sharing of data between the server and receiver at the time of transmission. Before data transmission, the feedback data is evaluated, and this agreement model is combined with models for estimating trust scores and BAN logic. With the use of tools like IP address identification, website identification, and the denial of undesired repetitive requests, feedback analysis is primarily used to identify the requested users, whether they are trusted or not. There is no need to check the rejection potential with the server because it has been easily established using this information. Moreover, the nonce message is verified using the Tuna Swarm Optimization (TSO) algorithm, preserving the confidentiality of the data receiver. The nonce message, which is more frequently used in cryptographic communications, is typically some random integer generated for verification purposes. As a result, the rules employed to provide guaranteed information transmission between the entities are expressed as the BAN logic. The trust score is estimated based on the multiple rejections of the service request; a high number of rejections will result in a low trust score. By combining the mechanisms for feedback analysis, BAN logic, and trust score estimation, the proposed QTRAM model significantly improves data security. High security, dependable data transmission, high operating efficiency, and minimal time consumption are the main advantages of this work. In the proposed security model, the consultative key generation mechanism is used to generate the keys for user validation and authentication according to their public parameters. Initially, the patient user give the key requisition for authentication and access, during this process the random number generation, transaction key generation based on multiplicative prime number, and time stamp values are generated for creating key. Once, the user key is generated using CTKGM, it can be further validated by the QTRAM model for user authentication. Here, the private and public key pair are generated along with the hash value, and the user transmits it to the blockchain for storage. According to the current timestamp value and duration, the key is validated for further user transactions.
For instance, consider a healthcare system, the patient users can give request to the healthcare department for medical advice and data access. So, the user should be registered with the cloud server at first with their public key parameters, and if the user is already registered, he/she must be authenticated before data access. During this process, the user can give key requisition from the database, where the CTKGM technique can generate the key according to the user public key parameters. Once the key is generated, it is sent to the blockchain for storage, where the trust score estimation, nonce message verification, and ban logic validation are performed to validate the trust of user. Further, the user can be authenticated with the access control policy for data access. In this scenario, the key management is performed for assuring both data security as well user authentication.
Figure 2 represents the structure of blockchain model used in the proposed framework, which stores the information private & public keys with the hash values, time stamp, nonce message with the verification rule, Ban logic, and trustworthy information received. Based on these information, the user verification and authentication are carried out in the proposed framework.
Consultative transaction key generation and management (CTKGM)
Figure 3 explains the layered architecture model of cybersecurity in healthcare system. In this model, system parameters such as the total number of patients, the number of active patients, authentication data, the personal health information of each patient, and the unique identity of each patient are selected by the Hospital Server (HS), which is the top layer. This layered architecture is mentioned in Fig. 2 and the necessary parameters and descriptions are provided in Table 2.To obtain their specific license, which can subsequently be used to authenticate users as valid or not, new patients at the hospital must register their personal and medical information on the hospital server. The hospital server/network manager, who serves as an intermediary between the sender and receiver of data transmission, can be asked to register during this procedure by the PU. The network manager is in charge of creating the key pair for all users connected to them. Let’s say the server has the requested patient’s registration. The unique id along with the certificate is provided to that user, which comprises the information of the unique hospital server identity \({(\tau }_{i}\)), the unique identity of the PU belongs to the hospital server (\({\delta }_{j}\)), a permanent public key of the server (\({p}_{k}^{s}\)), and signature along with the private key of PU (\({p}_{p}^{s}PU)\). Using this information, the PU sends the encrypted data to the server for storage using the blockchain methodology. In this case, the secret information (such as health information or personal data) is transferred from the patient to the hospital, and the private key is utilized to generate the signature. Because of this, smart contracts have been developed to encrypt patient data kept in blockchain form, so if the recipient wants to access the data, it needs to be individually verified for each user using a different ID. The network manager created the following format for the certificate for the registered PU:
$$P{U}^{L}=({\tau }_{i}||{\delta }_{j}||{p}_{k}^{s}||{sign}_{ {p}_{p}^{s}})$$
(1)
where \(P{U}^{L}\) represents the license of PU. When the registered patient wants to share their information with the receiver in the same domain, encryption keys are required for sharing and accessing the data. During encryption, the \(P{U}^{T}\) generates the seed point \(\rho\) based on the random number selection of \(\rho \in \left(0, 1….,\mathrm{ p }- 1\right)\). Then, the data can be encrypted with the value of \(\rho\) and the public key of the PU belongs to the \({\mathrm{PU}}^{\mathrm{X}} ({\delta }_{PU})\), where \({\mathrm{PU}}^{\mathrm{X}}\) indicates the number of all patients. After that, the PU sends the license along with the above message for verifying itself with \({\mathrm{PU}}^{\mathrm{X}}\). Based on this way, the M number of public and private key pairs are generated with the hash values \(\varphi\) for all the patients in the hospital sector, which is done by using the one-way hash chain model. Consequently, the encrypted data can be stored in the server using the Blockchain model, which is in the form of \({B}^{N}(\rho )\). Then, the current timestamp value and duration can be determined for the respective data with the information of how long the key set will be valid corresponding to the \(P{U}^{T}\).
Layered architecture model of cybersecurity in healthcare systems.
If the \(P{U}^{T}\) wants to connect with the \({HS}^{R}\) for accessing or sharing the data information, it is more required to prove its authenticity to the \({HS}^{R}\), then only the session key can be generated for further communications. At this time, the \(P{U}^{T}\) can initiate the communication with the interval of \({t}^{k}\), \(0 \le k < M\) by directly sending the message to the \({HS}^{R}\), which is represented as follows:
$$Pk{p}_{k}^{s}=\prod_{n=0}^{k}{B}^{n}( \rho )$$
(2)
Then, the cipher text of the random number \({\mathfrak{R}}_{t}, (0<{\mathfrak{R}}_{t}<p-1)\) can be generated by using the public key of \({HS}^{R}\), which is in the form of \([{E}_{{{p}_{p}^{s}}_{{HS}^{R}}}({\mathfrak{R}}_{t})]\) with the time stamp value \({T}^{k}\) and certificate \(P{U}^{L}\). The following model represents the format of data transmission from the patient to the hospital server,
$${P{U}^{T}}\stackrel{P{U}^{T}{p}_{k}^{s}, license,{T}^{k},{E}_{{{p}_{p}^{s}}_{{HS}^{R}}}({\mathfrak{R}}_{t})}{\to } {HS}^{R}$$
(3)
Once, the \({HS}^{R}\) received the above message, it requires to verify the following condition:
$$T^{T} – T^{R} < \Delta \tau$$
(4)
where \({T}^{T}\) is the current system time at \(P{U}^{T}\), and \(\Delta \tau\) is the maximum tolerable time interval. If it is valid, the correctness of the certificate obtained from cap P, cap U to cap T is verified to ensure security. If the certificate matches, the \({S}^{R}\) computes the following model:
$$P{U}^{T}{p}_{i}^{s},\left(k+1\right)\le i\le M$$
(5)
Also, the \({HS}^{R}\) verifies the authenticity of \(P{U}^{T}\) for validating the following condition:
$$b\left({\omega }^{*}\right)=\omega$$
(6)
$${\omega }^{*}=P{U}^{T}{p}_{k}^{s}\prod_{n=0}^{k}{B}^{n}( \rho )$$
(7)
where \(\omega\) can be obtained from the corresponding \(PUs\). If the condition is not satisfied, the \({HS}^{R}\) can reject the request and report to the PU; otherwise, it decrypts the message as shown below:
$$P{U}_{{p}_{p}^{s}\_P{U}^{T}} \left[{E}_{{{p}_{p}^{s}}_{P{U}^{R}}}\left({\mathfrak{R}}_{t}\right)\right]={\mathfrak{R}}_{t}^{*}$$
(8)
Also, the receiver uses the private key and selects the random number based on \({\mathfrak{R}}_{t}, (0<{\mathfrak{R}}_{t}<p-1)\). After accessing the data, the \({HS}^{R}\) sends the reply message with the information of \(P{U}^{T}{p}_{l}^{s}\prod_{n=0}^{l}{B}^{n}( \rho ),\) \(\left[{E}_{{{p}_{p}^{s}}_{P{U}^{R}}}\left({\mathfrak{R}}_{r}\right)\right]and h({\mathfrak{R}}_{r}||{\mathfrak{R}}_{t}^{*})\) to the corresponding \({PU}^{T}\) as shown in the following format:
$${P{U}^{T}}\mathop{\longleftarrow}\limits^{{P{U}^{T}{p}_{l}^{s}, license,{T}^{k},{E}_{{{p}_{p}^{s}}_{P{U}^{T}}}({\mathfrak{R}}_{r})}} {HS}^{R}$$
(9)
When the \(P{U}^{T}\) receives the reply message, it follows the same process for verifying the identity of \({HS}^{R}\). If it is valid, the condition \(P{U}_{{p}_{p}^{s}\_{HS}^{R}} \left[{E}_{{{p}_{p}^{s}}_{P{U}^{T}}}\left({\mathfrak{R}}_{r}\right)\right]={\mathfrak{R}}_{r}^{*}\) is computed and verified as shown below:
$$h({\mathfrak{R}}_{r}|\left|{\mathfrak{R}}_{t}^{*}\right)=h({\mathfrak{R}}_{t}^{*}||{\mathfrak{R}}_{r})$$
(10)
Then, the \(P{U}^{T}\) sends the acknowledgement to the \({HS}^{R}\) and, finally both \(P{U}^{T}\) and \({HS}^{R}\) computes the session key for establishing further communications as represented below:
$$h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}|\left|{\mathfrak{R}}_{t}\right||P{U}^{T}{p}_{l}^{s}\right)$$
(11)
This system ensures secured data sharing between the patients and the healthcare system with reliable communication.
Quantum trust reconciliation agreement model
The Quantum Trust Reconciliation Agreement Model (QTRAM) is used in this framework primarily to build safe communication between patients and the healthcare system based on feedback analysis and trust value. It is more important than ever in every data communication system to evaluate user feedback before transmission. As a result, the QTRAM is used in this study, where the trust value is calculated using user feedback as well as add-on data (such as rejection score). For this purpose, the BAN logic has been utilized that facilitates secured communication by constructing a set of rules, which are in the form of \(\frac{M}{N}\), where M indicates correct and N indicates incorrect. Typically, the BAN logic has a set of regulations on message freshness, meaning, jurisdiction, and reception. Here, the message verification rule (\(Rul{e}_{1}\)) is used to validate the message between the communicating parties such as the patient and the hospital server. It works based on the following logic: the \(P{U}^{T}\) considers that the shared key between the patient user and hospital server is in the form of \(h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}|\left|{\mathfrak{R}}_{t}\right||P{U}^{T}{p}_{l}^{s}\right)\), and the PU received the message in the form of \({\{M\}}_{h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}|\left|{\mathfrak{R}}_{t}\right||P{U}^{T}{p}_{l}^{s}\right)}\) encrypted with \(h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}|\left|{\mathfrak{R}}_{t}\right||P{U}^{T}{p}_{l}^{s}\right)\). It is mathematically represented as follows:
$$\frac{P{U}^{T}|\equiv P{U}^{T}\mathop{\longleftrightarrow}\limits^{h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}|\left|{\mathfrak{R}}_{t}\right||P{U}^{T}{p}_{l}^{s}\right)} {HS}^{R}, P{U}^{T}{\{M\}}_{h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}|\left|{\mathfrak{R}}_{t}\right||P{U}^{T}{p}_{l}^{s}\right)}}{P{U}^{T}\left|\equiv {HS}^{R} \right| \sim \{M\}}$$
(12)
Consequently, the nonce-verification rule \(Rul{e}_{2}\) is formed, if the \(P{U}^{T}\) believes that \(\{M\}\) is new, and also it trusts the hospital server has \(\{M\}\). Moreover, the protocol messages are emphasized with the help of BAN logic, because it has a unique set of logical symbols. Also, it is more essential to use the formal logic for protocol security analysis, where the protocol is described with the unique symbols of BAN logic as shown below:
$${M}^{1} {u}^{2} \leftarrow (x,{a}^{1},{t}^{1},{u}^{1}\mathop{\longleftrightarrow }\limits^{h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}\left|\left|{\mathfrak{R}}_{t}\right|\right|P{U}^{T}{p}_{l}^{s}\right)}{u}^{2})$$
(13)
$${M}^{2} {u}^{1} \leftarrow (y,{a}^{2},{t}^{2},{u}^{2}\mathop{\longleftrightarrow }\limits^{h(P{U}^{R}{p}_{k}^{s}|\left|{\mathfrak{R}}_{t}\left|\left|{\mathfrak{R}}_{r}\right|\right|P{U}^{R}{p}_{l}^{s}\right)}{u}^{1})$$
(14)
where \(x and y\) are the pseudo-random numbers that are used for generating the BAN logic at both the sender and receiver sides. Then, the parameters \({a}^{1}\) and \({a}^{2}\) are the optimization constants obtained from the TSO algorithms, \({t}^{1}\) and \({t}^{2}\) are the time stamp of the sender and receiver parties, \({u}^{1}\) is the sender i.e. patient user, \({u}^{2}\) is the receiver i.e. hospital server, \({M}^{1}\) is the generated message at the time of data transmission, and \({M}^{2}\) is the generated message at the time of receiving data. In this security framework, the main use of the QTRAM protocol is to generate the group key only for the internal members of healthcare systems and by using this key, the security of subsequent communications is ensured. Hence, this work developed the trust reconciliation agreement protocol based on the blockchain methodology, which includes the following security goals \({T}_{1}-{T}_{4}\):
$${T}_{1} {u}^{1}|\equiv {u}^{1}\stackrel{h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}\left|\left|{\mathfrak{R}}_{t}\right|\right|P{U}^{T}{p}_{l}^{s}\right)}{\longleftrightarrow }{u}^{2}$$
(15)
$${T}_{2} {u}^{2}|\equiv {u}^{1}\stackrel{h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}\left|\left|{\mathfrak{R}}_{t}\right|\right|P{U}^{T}{p}_{l}^{s}\right)}{\longleftrightarrow }{u}^{2}$$
(16)
$${T}_{3} {u}^{1}|\equiv {u}^{2}|\equiv {u}^{1}\stackrel{h({HS}^{R}{p}_{k}^{s}|\left|{\mathfrak{R}}_{t}\left|\left|{\mathfrak{R}}_{r}\right|\right|{HS}^{R}{p}_{l}^{s}\right)}{\longleftrightarrow }{u}^{2}$$
(17)
$${T}_{4} {u}^{2}|\equiv {u}^{1}|\equiv {u}^{1}\stackrel{h({HS}^{R}{p}_{k}^{s}|\left|{\mathfrak{R}}_{t}\left|\left|{\mathfrak{R}}_{r}\right|\right|{HS}^{R}{p}_{l}^{s}\right)}{\longleftrightarrow }{u}^{2}$$
(18)
where \({T}_{1}\) and \({T}_{2}\) are the targets, \({u}^{1}\) and \({u}^{2}\) are the users who believe that they have established a shared \(h(P{U}^{T}{p}_{k}^{s}|\left|{\mathfrak{R}}_{r}\left|\left|{\mathfrak{R}}_{t}\right|\right|P{U}^{T}{p}_{l}^{s}\right)\) with each other. Then, the targets \({T}_{3}\) and \({T}_{4}\) considers that \({u}^{1}\) and \({u}^{2}\) believes the other party, who already knows the key of \(h({HS}^{R}{p}_{k}^{s}|\left|{\mathfrak{R}}_{t}\left|\left|{\mathfrak{R}}_{r}\right|\right|{HS}^{R}{p}_{l}^{s}\right)\) used for communication. The following assumptions have been made for defining the hypothesis condition using this agreement protocol. Let consider \({P}_{ub}\) is the secret information shared between the users \({u}^{1}\) and \({u}^{2}\), and SK is the shared key.
$${B}_{1} {u}^{1}|\equiv {u}^{1}\stackrel{{P}_{ub}}{\longleftrightarrow }{u}^{2}$$
(19)
$${B}_{2} {u}^{2}|\equiv {u}^{1}\stackrel{{P}_{ub}}{\longleftrightarrow }{u}^{2}$$
(20)
$${B}_{3} {u}^{1}|\equiv {u}^{2}|\equiv {u}^{1}\stackrel{h(P{U}^{R}{p}_{k}^{s}|\left|{\mathfrak{R}}_{t}\left|\left|{\mathfrak{R}}_{r}\right|\right|P{U}^{R}{p}_{l}^{s}\right)}{\longleftrightarrow }{u}^{2}$$
(21)
$${B}_{4} {u}^{2}|\equiv {u}^{2}|\equiv {u}^{1}\stackrel{h(P{U}^{R}{p}_{k}^{s}|\left|{\mathfrak{R}}_{t}\left|\left|{\mathfrak{R}}_{r}\right|\right|P{U}^{R}{p}_{l}^{s}\right)}{\longleftrightarrow }{u}^{2}$$
(22)
By using the formal messages, the logical inference rules are obtained as illustrated below:
$$Prof_{1} :u^{2} \left| { \equiv u^{1} } \right|\sim(a^{1} ,t^{1} ,u^{1} \mathop {\longleftrightarrow} \limits^{{h(PU^{T} p_{k}^{s} ||\Re_{r} \left| {\left| {\Re_{t} } \right|} \right|PU^{T} p_{l}^{s} )}} u^{2}$$
(23)
From \({b}_{4}\) and a new rule of \(Rul{e}_{1}\), the hypothetical sentence \(Pro{f}_{2}\) can be obtained:
$$Prof_{2} :u^{2} \left| { \equiv u^{1} } \right|\sim\left( {a^{2} ,t^{2} ,u^{2} \mathop {\longleftrightarrow}\limits^{{h(PU^{R} p_{k}^{s} ||\Re_{t} \left| {\left| {\Re_{r} } \right|} \right|PU^{R} p_{l}^{s} )}} u^{1} } \right)$$
(24)
Based on \(Pro{f}_{1}\) and \(Pro{f}_{2}\), the statement \(Pro{f}_{3}\) can be inferred:
$$Prof_{3} :u^{1} | \equiv u^{1} \mathop \leftrightarrow \limits^{{h(PU^{T} p_{k}^{s} ||\Re_{r} \left| {\left| {\Re_{t} } \right|} \right|PU^{T} p_{l}^{s} )}} u^{2}$$
(25)
Based on this agreement logic, the data is transmitted between the patient-user and the hospital server.
Tuna swarm optimization
The key factor of using the TSO algorithm is performing nonce message verification based on random value generation. It is frequently used in various application systems to solve challenging optimization issues and is typically a meta-heuristic technique. During communication, nonce verification packets are verified using this optimization technique. This model generates a set of default nonce messages for every patient user registered with the hospital server. The system automatically creates nonce messages based on the patient ID, name, and other health information data when a registered user logs in to verify the user’s identity. By calculating the ideal fitness value, it individually constructs the default nonce messages for the group of registered users. Each patient-user enrolled on the server may receive a different nonce message depending on the optimal value. Fast convergence speed, the most optimal solution, decreased time consumption, minimal computing complexity, and great efficiency are the main advantages of employing the TSO technique. Below is a representation of the TSO technique’s algorithmic steps:
