{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T18:35:38Z","timestamp":1775154938381,"version":"3.50.1"},"reference-count":29,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2017,4,17]],"date-time":"2017-04-17T00:00:00Z","timestamp":1492387200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Disseminating medical data beyond the protected cloud of institutions poses severe risks to patients\u2019 privacy, as breaches push them to the point where they abstain from full disclosure of their condition. This situation negatively impacts the patient, scientific research, and all stakeholders. To address this challenge, we propose a blockchain-based data sharing framework that sufficiently addresses the access control challenges associated with sensitive data stored in the cloud using immutability and built-in autonomy properties of the blockchain. Our system is based on a permissioned blockchain which allows access to only invited, and hence verified users. As a result of this design, further accountability is guaranteed as all users are already known and a log of their actions is kept by the blockchain. The system permits users to request data from the shared pool after their identities and cryptographic keys are verified. The evidence from the system evaluation shows that our scheme is lightweight, scalable, and efficient.<\/jats:p>","DOI":"10.3390\/info8020044","type":"journal-article","created":{"date-parts":[[2017,4,18]],"date-time":"2017-04-18T11:22:04Z","timestamp":1492514524000},"page":"44","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":484,"title":["BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments"],"prefix":"10.3390","volume":"8","author":[{"given":"Qi","family":"Xia","sequence":"first","affiliation":[{"name":"Center for Cyber Security, Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China"}]},{"given":"Emmanuel","family":"Sifah","sequence":"additional","affiliation":[{"name":"Center for Cyber Security, Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China"}]},{"given":"Abla","family":"Smahi","sequence":"additional","affiliation":[{"name":"Center for Cyber Security, Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China"}]},{"given":"Sandro","family":"Amofa","sequence":"additional","affiliation":[{"name":"Center for Cyber Security, Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China"}]},{"given":"Xiaosong","family":"Zhang","sequence":"additional","affiliation":[{"name":"Center for Cyber Security, Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China"}]}],"member":"1968","published-online":{"date-parts":[[2017,4,17]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"276","DOI":"10.1056\/NEJMe1516564","article-title":"Data Sharing","volume":"374","author":"Longo","year":"2016","journal-title":"N. Engl. J. Med."},{"key":"ref_2","unstructured":"Davis, J. (2017, April 14). 7 Largest Data Breaches of 2015. Available online: www.healthcareitnews.com\/news\/7-largest-data-breaches-2015."},{"key":"ref_3","unstructured":"Higgins, K.J. (2017, April 14). Healthcare Data Breaches From Cyberattacks, Criminals Eclipse Employee Error For The First Time. Available online: http:\/\/www.darkreading.com\/attacks-breaches\/healthcare-data-breaches-from-cyberattacks-criminals-eclipse-employee-error-for-the-first-time\/d\/d-id\/1320315."},{"key":"ref_4","unstructured":"IBM-Security (2016). Reviewing a Year of Serious Data Breaches, Major Attacks and New Vulnerabilities: Analysis of Cyber Attack and Incident Data from IBM\u2019s Worldwide Security Services Operations, IBM Security."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Sladi\u0107, G., Milosavljevi\u0107, B., and Konjovi\u0107, Z. (2012, January 20\u201322). Modeling context for access control systems. Proceedings of the 2012 IEEE 10th Jubilee International Symposium on Intelligent Systems and Informatics (SISY 2012), Subotica, Serbia.","DOI":"10.1109\/SISY.2012.6339572"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Elliott, A., and Knight, S. (2016, January 5\u20138). Start Here: Engineering Scalable Access Control Systems. Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies, Shanghai, China.","DOI":"10.1145\/2914642.2914651"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"150","DOI":"10.3390\/jsan3020150","article-title":"A Survey of Access Control Models in Wireless Sensor Networks","volume":"3","author":"Maw","year":"2014","journal-title":"J. Sens. Actuator Netw."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Brucker, A.D., Hang, I., L\u00fcckemeyer, G., and Ruparel, R. (2012, January 20\u201322). SecureBPMN: Modeling and Enforcing Access Control Requirements in Business Processes. Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT\u201912), Newark, NJ, USA.","DOI":"10.1145\/2295136.2295160"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1109\/MCC.2014.62","article-title":"Multilabels-based scalable access control for big data applications","volume":"1","author":"Chen","year":"2014","journal-title":"IEEE Cloud Comput."},{"key":"ref_10","unstructured":"(2011). Data Breaches Cost the Healthcare Industry an Estimated $6.5 Billion. Micrographics, 29, 3\u20135."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"557","DOI":"10.1142\/S0218488502001648","article-title":"K-Anonymity: A model for protecting privacy","volume":"10","author":"Sweeney","year":"2002","journal-title":"Int. J. Uncertain."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Machanavajjhala, A., Gehrke, J., Kifer, D., and Venkitasubramaniam, M. (2006, January 3\u20137). L-Diversity: Privacy beyond k-anonymity. Proceedings of the International Conference on Data Engineering, Atlanta, GA, USA.","DOI":"10.1109\/ICDE.2006.1"},{"key":"ref_13","unstructured":"Ninghui, L., Tiancheng, L., and Venkatasubramanian, S. (2007, January 11\u201315). T-Closeness: Privacy beyond k-anonymity and L-diversity. Proceedings of the International Conference on Data Engineering, Istanbul, Turkey."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Soria-Comas, J., and Domingo-Ferrert, J. (2013, January 10\u201312). Differential privacy via t-closeness in data publishing. Proceedings of the 2013 11th Annual Conference on Privacy, Security and Trust (PST 2013), Tarragona, Spain.","DOI":"10.1109\/PST.2013.6596033"},{"key":"ref_15","unstructured":"Ausanka-Crues, R. (2017, April 14). Methods for Access Control: Advances and Limitations. Available online: https:\/\/www.cs.hmc.edu\/~mike\/public_html\/courses\/security\/s06\/projects\/ryan.pdf."},{"key":"ref_16","unstructured":"Nakamoto, S. (2017, April 14). Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: www.bitcoin.org."},{"key":"ref_17","unstructured":"Sasson, E.B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., and Virza, M. (2014, January 18\u201321). Zerocash: Decentralized anonymous payments from bitcoin. Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, USA."},{"key":"ref_18","unstructured":"Schneider, J. (2017, April 14). Blockchain\u2014Putting Theory into Practice. Available online: https:\/\/t.co\/CLJJf0tGp0."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Zyskind, G., Nathan, O., and Pentland, A.S. (2015, January 21\u201322). Decentralizing privacy: Using blockchain to protect personal data. Proceedings of the 2015 IEEE Security and Privacy Workshops (SPW 2015), San Jose, CA, USA.","DOI":"10.1109\/SPW.2015.27"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"218","DOI":"10.1007\/s10916-016-0574-6","article-title":"Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control","volume":"40","author":"Yue","year":"2016","journal-title":"J. Med. Syst."},{"key":"ref_21","unstructured":"Zyskind, G., Nathan, O., and Pentland, A. (2015). Enigma: Decentralized Computation Platform with Guaranteed Privacy. arXiv."},{"key":"ref_22","unstructured":"Hardjono, T., and Pentland, A.S. (2017, April 14). Verifiable Anonymous Identities and Access Control in Permissioned Blockchains. Available online: www.w3.org\/2016\/04\/blockchain-workshop\/interest\/hardjono-pentland.html."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"523","DOI":"10.1007\/978-3-319-46568-5_53","article-title":"Towards a novel privacy-preserving access control model based on blockchain technology in IoT","volume":"520","author":"Ouaddah","year":"2017","journal-title":"Adv. Intell. Syst. Comput."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.tele.2012.03.011","article-title":"An adaptable and scalable group access control scheme for managing wireless sensor networks","volume":"30","author":"Wu","year":"2013","journal-title":"Telemat. Inform."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/COMST.2006.315852","article-title":"A survey of security issues in wireless sensor networks","volume":"8","author":"Wang","year":"2006","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"272","DOI":"10.1016\/j.csi.2008.05.014","article-title":"A novel access control protocol for secure sensor networks","volume":"31","author":"Huang","year":"2009","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Wu, L., Zhang, Y., Xie, Y., Alelaiw, A., and Shen, J. (2016). An Efficient and Secure Identity-Based Authentication and Key Agreement Protocol with User Anonymity for Mobile Devices. Wirel. Pers. Commun.","DOI":"10.1007\/s11277-016-3781-z"},{"key":"ref_28","first-page":"1168","article-title":"SCP: A Computationally-Scalable Byzantine Consensus Protocol For Blockchains","volume":"2015","author":"Luu","year":"2015","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref_29","unstructured":"McConaghy, T., Marques, R., Muller, A., de Jonghe, D., McConaghy, T., McMullen, G., Henderson, R., Bellemare, S., and Granzotto, A. (2017, April 14). BigchainDB: A Scalable Blockchain Database (DRAFT). Available online: https:\/\/pdfs.semanticscholar.org\/1c0c\/5640e2efcd32480f94020bf857c261acdae4.pdf."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/8\/2\/44\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:32:49Z","timestamp":1760207569000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/8\/2\/44"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,4,17]]},"references-count":29,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2017,6]]}},"alternative-id":["info8020044"],"URL":"https:\/\/doi.org\/10.3390\/info8020044","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,4,17]]}}}