Soulbound Tokens: Enabler for Privacy-Aware and Decentralized Authentication Mechanism in Medical Data Storage
DOI:
https://doi.org/10.30953/bhty.v7.334Keywords:
authentication, healthcare, medical record, Self-Sovereign Identity (SSI), Soulbound Token (SBT)Abstract
Context: The digitalization of the healthcare sector faces significant challenges due to the diverse representation of data and their distribution across various hospitals. Moreover, security is a key concern as healthcare-related data are subject to the legal obligations of GDPR and similar data protection legislations. Standardization efforts like HL7 have been implemented to enhance data interoperability. However, authentication still remains a critical issue, even significant challenges.
Aim: This research aims to improve and strengthen the authentication process by introducing a novel architecture for decentralized authentication. Additionally, it proposes a new approach to decentralized data management, which is crucial for handling sensitive medical data efficiently.
Methodology: The proposed architecture adopts a user-centric approach, utilizing Self-Sovereign Identity (SSI). It introduced a new non-fungible token (NFT) type called Soulbound token (SBT) in the medical context, which will facilitate user authentication across different hospitals, effectively creating a federation of interconnected institutions.
Results: The implementation of the proposed architecture demonstrated a significant reduction in authentication time across multiple hospitals. The use of SBT ensured secure and seamless user authentication, enhancing overall system interoperability and data security. The decentralized approach also mitigated the risks associated with centralized authentication servers.
Conclusion: The study successfully presents a novel decentralized authentication architecture for the healthcare domain, leveraging SSI and SBTs. This approach not only accelerates the authentication process but also enhances data security and interoperability among hospitals. Future research should explore the scalability of this architecture and its application in other sectors requiring stringent data security measures.
Downloads
References
Reegu F, Abas H, Jabbari, et al. "Interoperability Requirements for Blockchain-Enabled Electronic Health Records in Healthcare: A Systematic Review and Open Research Challenges". Security and Communication Networks. 2022; 2022(1):9227343.
Gupta D, Mazumdar N, Nag A, Singh J. "Secure data authentication and access control protocol for industrial healthcare system." Journal of Ambient Intelligence and Humanized Computing 2023; 14(5):4853–4864.
Esposito C, Horne, R, Robaldo, L, Buelens, B, Goesaert, E. Assessing the solid protocol in relation to security and privacy obligations. Information. 2023; 14(7):411.
Pericàs-Gornals R, Mut-Puigserver M, Payeras-Capellá MM, Cabot-Nadal MÁ, Ramis-Bibiloni J. Digital credentials management system using rejectable soulbound tokens. Ann Telecommun [Internet]. 2024 Apr 23 [cited 2024 Jun 19]; Available from: https://link.springer.com/10.1007/s12243-024-01032-6
Kim G, Ryou J. Digital Authentication System in Avatar Using DID and SBT. Mathematics. 2023 Oct 22;11(20):4387.
Reddy S, Kushwaha DS. Framework for privacy preserving credential issuance and verification system using soulbound token. Sumathi AC, Yuvaraj N, Ghazali NH, editors. ITM Web Conf. 2023;56:06002.
Cabot-Nadal MÀ, Playford B, Payeras-Capellà MM, et al. Private Identity-Related Attribute Verification Protocol Using SoulBound Tokens and Zero-Knowledge Proofs. In: 2023 7th Cyber Security in Networking Conference (CSNet) [Internet]. Montreal, QC, Canada: IEEE; 2023 [cited 2024 Jun 19]. p. 153–6. Available from: https://ieeexplore.ieee.org/document/10339754/
Zichichi M., Bomprezzi C., Sorrentino G, Palmirani M. (2023). Protecting digital identity in the Metaverse: the case of access to a cinema in Decentraland. International Conference on Developments in Language Theory. 2023. Available from: https://ceur-ws.org/Vol-3460/papers/DLT_2023_paper_13.pdf
Lunesu MI, Tonelli R, Pinna A, Sansoni S. Soulbound Token for Covid-19 Vaccination Certification. In: 2023 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops) [Internet]. Atlanta, GA, USA: IEEE; 2023 [cited 2024 Jun 19]. p.
Naz M, Al-zahrani FA, Khalid R, et al. A Secure Data Sharing Platform Using Blockchain and Interplanetary File System. Sustainability. 2019 Dec 10;11(24):7054.
Saharan R, Prasad R. Blockchain Technology for Healthcare Data. Advances in intelligent systems and computing. 2020 Oct 2;671–7.
Hemant Ghayvat, Mohd Zuhair, Shukla N, Kumar N. Healthcare-CT: Solid PoD and Blockchain-Enabled Cyber Twin Approach for Healthcare 5.0 Ecosystems. IEEE internet of things journal. 2024 Feb 15;11(4):6119–30.
Ragab M, Yury Savateev, Oliver H, Thanassis Tiropanis, Poulovassilis A, Chapman A, et al. Unlocking the Potential of Health Data with Decentralised Search in Personal Health Datastores. 2024 May 13;
Barbareschi M, Boi B, Cirillo F, De Santis M, Esposito, CSecuring the Internet of Medical Things using PUF-based SSI Authentication. In Proceedings of the 8th Italian Conference on Cyber Security (ITASEC 2024) 2024 .
Boi B, Esposito C. "Securing the Internet of Medical Things with ECG-based PUF encryption." IET Cyber-Physical Systems: Theory & Applications 2024.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Biagio Boi, PhD Student, Franco Cirillo, PhD Student, Marco De Santis, PhD Student, Christian Esposito, PhD
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors retain copyright of their work, with first publication rights granted to Blockchain in Healthcare Today (BHTY). Read the full Copyright Statement.