Preserving Privacy in Mobile Health Systems Using Non-Interactive Zero-Knowledge Proof and Blockchain

The advent of miniaturized mobile devices with wireless communication capability and integrated with biosensors has revolutionized healthcare systems. The devices can be used by individuals as wearable accessories to collect health data regularly. This type of medical assistance supported by mobile devices to monitor patients and offer health services remotely is known as mobile health (mHealth). Although mHealth provides many benefits and has become popular, it can pose severe privacy risks. Many features in mHealth are managed through a smartphone. Thus, one of the most worrying issues involves communication between the monitoring devices and the smartphone. When communication uses Bluetooth, it is standard for a device to be paired with the smartphone; but generally, it is not exclusively associated with a specific mHealth app. This characteristic can allow a data theft attack by a malicious app or fake data injection by an illegitimate device. To address this issue, we present an authentication scheme based on Non-Interactive Zero-Knowledge Proof that is lightweight enough to run on mHealth devices with minimal resources. Our scheme ensures that legitimate devices interact exclusively with the official mHealth application. To ensure the patient's privacy-preserving throughout the system, we address the issues of storing, managing, and sharing data using blockchain. Since there is no privacy in the standard blockchain, we present a scheme in which the health data transmitted, stored, or shared are protected by Attribute-Based Encryption. The outcome is a system with fine-grained access control, entirely managed by the patient, and an end-to-end privacy guarantee.