Next Article in Journal
Modulation Format Recognition Scheme Based on Discriminant Network in Coherent Optical Communication System
Previous Article in Journal
Exploration of Deep-Learning-Based Approaches for False Fact Identification in Social Judicial Systems
Previous Article in Special Issue
Review of Smart-Home Security Using the Internet of Things
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 13
Issue 19
10.3390/electronics13193832
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Blockchain-Based Privacy Preservation for the Internet of Medical Things: A Literature Review

by
Afnan Alsadhan
1,*,
Areej Alhogail
1 and
Hessah Alsalamah
1,2
1
Information Systems Department, College of Computer and Information Science, King Saud University, Riyadh 11543, Saudi Arabia
2
Computer Engineering Department, College of Engineering and Architecture, Al Yamamah University, Riyadh 45180, Saudi Arabia
*
Author to whom correspondence should be addressed.
Electronics 2024, 13(19), 3832; https://doi.org/10.3390/electronics13193832 (registering DOI)
Submission received: 24 August 2024 / Revised: 24 September 2024 / Accepted: 26 September 2024 / Published: 28 September 2024
(This article belongs to the Special Issue New Challenges in Information Security and Privacy and Cyber Resilience)
Browse Figures
Versions Notes

Abstract

:
The Internet of Medical Things (IoMT) is a rapidly expanding network comprising medical devices, sensors, and software that collect and exchange patient health data. Today, the IoMT has the potential to revolutionize healthcare by offering more personalized care to patients and improving the efficiency of healthcare delivery. However, the IoMT also introduces significant privacy concerns, particularly regarding data privacy. IoMT devices often collect and store large amounts of data about patients’ health. These data could be used to track patients’ movements, monitor their health habits, and even predict their future health risks. This extensive data collection and surveillance could be a major invasion of patient privacy. Thus, privacy-preserving research in an IoMT context is an important area of research that aims to mitigate these privacy issues. This review paper comprehensively applies the PRISMA methodology to analyze, review, classify, and compare current approaches of preserving patient data privacy within IoMT blockchain-based healthcare environments.

1. Introduction

Over the past century, the healthcare sector has shown a significant transformation from a traditional hospital-centric approach to a patient-centric approach. This transformation has led to the emergence of smart healthcare systems (SHSs). These systems make medical therapy more intelligent by using recent technologies such as the Internet of Medical Things (loMT), cloud computing, and artificial intelligence. During the COVID-19 pandemic, the rise in demand for smart healthcare solutions accelerated. According to Data Bridge Market Research, the global SHS market size was estimated to be USD 153.6 billion in 2021 and is expected to reach USD 461.76 billion by 2029 [1]. This increased demand is a result of the urgent need for remote communication between patients and medical staff. According to the Saudi Ministry of Health (MoH), over two million remote medical consultations were provided through their online healthcare application, Sehha between 2019 and 2021 [2].
Currently, the IoMT is one of the most substantial components of SHSs. The IoMT, also known as the Internet of Health Things (IoHT), is a technology that enables the real-time monitoring of a patient’s vital signs using mobile devices, medical sensors, actuators, and cloud computing [3]. The IoMT has emerged as a strategic consideration for future e-healthcare infrastructure due to its capacity to enhance patient care and its ability to deliver more accurate clinical data, thus increasing effectiveness and decreasing costs. IoMT usage is growing exponentially; by 2026, there will be over seven million connected IoMT technology in the world [4]. The main objective of this technology is to facilitate remote patient monitoring. Hence, it potentially enables emergency responses and maintains control of chronic diseases.
However, the IoMT also has some significant issues when it comes to the procedures surrounding patient data. One of the major concerns is health data privacy in healthcare network infrastructure and connected IoMT devices. The Food and Drug Administration (FDA) stated in their medical device cybersecurity report that 82% of healthcare systems had reported cyber threats between 2020 and 2021, with 34% involving ransomware [5]. Thus, by 2028, the healthcare security market alone is expected to be worth USD 32.9 billion [6]. Medical information is generally regarded as extremely sensitive. Patients are frequently frightened when their health-related or medical information is disclosed. Therefore, it is extremely important to preserve such data.
Currently, blockchain technology can significantly improve privacy in IoMT systems, which is a suggested solution in several recent studies. This is due to its use of decentralized data storage and access control nature. This eliminates a single point of failure for attackers and empowers users with cryptographic control over their data [7]. By leveraging smart contracts, fine-grained access permissions can be established, ensuring that only authorized parties can view sensitive information. This enhances data privacy while maintaining the transparency and immutability that are crucial for trust in IoMT applications. Figure 1 illustrates how blockchain preserves IoMT privacy.
This review paper aims to investigate recent blockchain-based solutions for protecting patient privacy within IoMT systems and to analyze the benefits, limitations, and future directions for a secure and privacy-preserving healthcare ecosystem. Several surveys have already been conducted on various aspects of IoMT privacy-preserving solutions and its integration with blockchain; however, to our knowledge, there has been no research that primarily focuses on the type of cryptography algorithms used in these solutions as well as the type of blockchain used in terms of their classification into permissioned and permissionless categories. This emphasizes the need for more in-depth studies that analyze these aspects to obtain a better understanding and to evaluate the security and privacy implications of these solutions. This paper aims to comprehensively review, classify, and compare the state-of-the-art blockchain-based IoMT systems in terms of various attributes, including the utilized blockchain type, the blockchain platform, the cryptography algorithm, the data storage method, and security considerations. Additionally, it aims to analyze the current state of blockchain-based IoMT system solutions to prove the existence of significant research gaps.
This paper emphasizes significant fields for future growth in blockchain-based IoMT privacy protection. Researchers and developers who are working on secure, scalable IoMT privacy-preserving protocols will benefit from understanding the difficulties as well as potential solutions. As a result, many different parties will derive benefit from these developments. By implementing strong data security measures, healthcare providers can use the findings to build patient trust. Additionally, this research can be used by policymakers to direct the creation of legislation that strikes a balance between strong data protection and innovation. Patients will benefit most of all, as their private medical records will be protected in an accessible and secure internet of medical things ecosystem.
The organization of this review is as follows. In Section 2, a brief background relating to internet of medical things and blockchain technologies is presented. In Section 3, the research methodology and inclusion/exclusion methodologies are described. In Section 4, a literature review of the state-of-the-art works concerned with blockchain-based privacy-preserving systems for IoMT is conducted. In Section 5, a discussion of the main research studies on blockchain-based privacy-preserving systems is provided. Also, this section presents various new challenges and open research directions on this topic. In Section 6, we outline potential future research directions based on the findings presented in this study. Finally, Section 7 presents the conclusion.

2. Background

In recent years, there has been an increasing interest in utilizing modern technology in healthcare environments. This interest has increased dramatically since the start of the COVID-19 pandemic. During the pandemic, IoMT devices were used for detecting symptoms, monitoring illness, and checking remote patients [3]. New applications, technologies, and research enabled significant strides to be made in practical responses and knowledge, which have been accelerated by the quick and widespread adoption of IoMT around the world. However, the distribution of patient information over different systems causes many security and privacy issues. For medical devices that are intended to be used for remote communications for healthcare procedures, patients’ privacy is of the utmost importance, but the majority of IoMT devices are unable to adequately protect sensitive data privacy on their own due to their limited resources. Today, several technologies are being used to handle this issue, such as fog computing, edge computing, and blockchain [8]. To understand this area, the following section provides a brief overview of IoMT systems, architecture, security, and privacy challenges and of blockchain technology; one of the most recent technologies to be introduced into the healthcare sector.

2.1. Internet of Medical Things (IoMT)

In the last century, the IoT concept has been applied in several areas, such as transportation, education, and government services. Today, the IoT strategy has expanded to include the healthcare and medical industries and has developed into the IoMT. IoMT is defined as ‘a network of virtual reality objects, software, and other technologies for the purpose of connecting and exchanging data with other devices and applications on the Internet for medical purposes’ [8]. These objects can be any type of sensor device that can be used for medical monitoring, detecting, and predicting purposes.
According to their characteristics, IoMT devices fall into two main categories [9]. The first is implantable medical devices (IMDs), which can be defined as ‘either partly or totally introduced, surgically or medically, into the human body and intended to remain there after the procedure to replace, support, or enhance a biological structure’ [9,10], such as pacemakers, which help to monitor and control irregular heartbeats. The other category is the Internet of Wearable Devices (IoWDs), which can be worn or used externally for real-time health monitoring, such as wearable blood pressure monitors, wearable electrocardiogram (ECG) monitors, and smart health watches.

2.1.1. IoMT Security

The transformation of patient healthcare services from a reactive to a proactive care system was made possible by the integration of the IoMT into medical systems. Nevertheless, IoMT security is still insufficient, making it susceptible to new attacks. This lack of security is a result of a variety of factors that have arisen because of the nature of IoMT technologies. First and foremost, the vast diversity of IoMT devices, from wearables to implants, each with varying security features, creates a fragmented landscape ripe for exploitation [11]. Also, these devices are often resource-constrained due to their low-memory and low-power nature, forcing trade-offs between security and functionality, potentially leaving them vulnerable [12]. Furthermore, the complex interconnectedness of these devices creates a web of potential entry points, where compromising one can expose an entire network of sensitive patient data [13]. Additionally, integrating these newer technologies with legacy healthcare systems, built with outdated security standards, creates gaps and incompatibilities that attackers can leverage [11]. Finally, the rapid evolution of the IoMT field makes it challenging to keep pace with security updates and patch vulnerabilities across this ever-shifting landscape [12]. All these factors combine to create a perfect storm for security breaches in the world of IoMT, highlighting the constant struggle to secure sensitive data within this dynamic ecosystem.
IoMT security and privacy have the utmost importance because they are used primarily to record extremely sensitive live personal health information. If this information is not well protected, there can be negative impacts on patient health, sending annoying ads or, in the worst-case scenario, leading to death. To avoid this, every IoMT framework designer should take into consideration the six security requirements of CIANA (confidentiality, integrity, availability, non-repudiation, and authentication) and privacy [14].
(a)
Confidentiality: Confidentiality refers to safeguarding the medical data that a patient discloses to their personal doctor or other medical personnel.
(b)
Integrity: The role of integrity is to guarantee that the medical records received and those issued are consistent and unaltered.
(c)
Availability: This guarantees that medical services and IoT devices are always and everywhere available to authorized parties.
(d)
Non-repudiation: This guarantees that a user or medical equipment cannot deny acting as the message’s transmitter.
(e)
Authentication: A medical device can authenticate and identify the peer with whom it is interacting through the process of authentication.
(f)
Privacy: This refers to the ensuring of patient information protection from unwanted access and illegal use.

2.1.2. IoMT Data Privacy

The sensitivity of health data and need for privacy attracted IoMT researchers during and after COVID-19 for two reasons. First, IoMT users are vulnerable to privacy threats because of the distributed structure of IoMT systems and the weakness of the access and modification permissions of stored electronic health record (HER) data in the shared central cloud server by unauthorized users. Second, data analysis on the cloud involves computing on servers owned by third parties who may sell the data to suspicious entities for marketing and advertising purposes.
According to the World Health Organization (WHO) [15], health data privacy refers to the right to control personal health information and make informed decisions about its use. Based on this general definition, we can define patient data privacy in IoMT systems as “the patients’ right to control their personal and medical data that is collected, transmitted, processed, stored, or shared by IoMT healthcare systems”. This right to control includes:
  • The right to know what data are being collected about them: Patients should be informed about the types of data that are being collected by IoT healthcare devices and systems, and how these data are being used.
  • The right to consent to the collection and use of their data: Patients should have the ability to consent to or refuse the collection and use of their data. This consent should be informed and freely given.
  • The right to access and correct their data: Patients should have the right to access their data and to correct any errors in those data.
  • The right to restrict the processing of their data: Patients should have the right to restrict the processing of their data, such as by requesting that their data not be shared with third parties.
  • The right to data portability: Patients should have the right to receive their data in a structured, commonly used, and machine-readable format, and to have these data transferred to another device.
  • The right to erasure of their data: Patients should have the right to have their data erased in certain circumstances, such as when the data are no longer necessary for the purposes for which they were collected or processed.
Many nations currently have laws in place controlling the gathering and storage of sensitive patient health data, such as the US’s Health Insurance Portability and Accountability Act (HIPAA) and the EU’s General Data Protection Regulation (GDPR). In Saudi Arabia, the Saudi for Data and Artificial Intelligence Authority (SDAIA) has established regulations for data privacy protection [16]. The importance of IoMT privacy preservation lies in protecting sensitive patient data and maintaining trust within the healthcare ecosystem. It ensures that individuals have control over their personal health data and can decide who has access to them. This trust is essential for encouraging the adoption of innovative healthcare technologies and ensuring that patients are willing to share their personal health information.
By preserving privacy, personalized health-related data can be used effectively to improve patient care. For example, healthcare providers can use these data to tailor treatment plans to individual needs, identify potential health risks, and monitor patient progress. Additionally, researchers can use anonymized health data to conduct important studies that can advance medical knowledge. In essence, IoMT privacy preservation is indispensable for protecting patient rights, maintaining the integrity of the healthcare system, and unlocking the full potential of IoMT technologies in improving patient care. However, it is essential to implement robust privacy measures to ensure that the benefits of using personalized health data are not outweighed by the risks associated with unauthorized access.

2.2. Blockchain

Blockchain technology is touted as a major technological leap that is expected to radically transform how people interact with one another. The term ‘blockchain’ was first proposed by a team of researchers as a conceptual model in 1991 [17]. Today, blockchain is defined as a ‘shared, immutable and peer-to-peer ledger that facilitates the process of recording transactions and tracking assets in a business network’ [18].
Blockchains have gain significant interest due to their is unique features of decentralization, distribution, security, privacy, processing speed, transparency, and immutability [17]. Security is one of the most important benefits that blockchains provide for devices, systems, and networks. Data management is not complete without data security and privacy. Data security and privacy can be enhanced through the blockchain by allowing users to select which transaction data they want other participants to be able to read by using identifications (IDs) and permissions. For specialized users, such as auditors, who might need access to more transactional information, permissions can be enhanced [18]. Accordingly, numerous industries, such as finance, notary services, real estate, insurance, the industrial sector, the automotive and mobility industry, healthcare, and education, along with the government and IoT itself, have adopted blockchain technology. All of these industries use a common architecture blockchain. This architecture has five essential layers: application and presentation, consensus, network, data, and infrastructure [17,18]:
[1]
Application and Presentation Layer
This layer serves as the user interface for interacting with the blockchain network. It encompasses applications such as wallets, exchanges, and decentralized apps, which provide users with a means to engage with the blockchain. The presentation layer handles the visual representation of data and user interactions, ensuring a user-friendly experience.
[2]
Consensus Layer
The consensus layer is responsible for maintaining the security and integrity of the blockchain network. It employs consensus algorithms such as Proof of Work (PoW), Proof of Stake (PoS), or Delegated Proof of Stake (DPoS) to validate transactions and create new blocks. The consensus layer ensures that all nodes in the network agree on the state of the blockchain, preventing fraudulent transactions and maintaining trust.
[3]
Network Layer
The network layer governs the communication and transmission of data between nodes on the blockchain network. It defines the protocols and standards for network communication, ensuring that nodes can exchange information efficiently and securely. The network layer is responsible for maintaining the connectivity and reliability of the blockchain, enabling seamless interactions between participants.
[4]
Data Layer
The data layer stores and manages data on the blockchain. It includes the data structures and protocols used to represent and organize transactions and blocks. The data layer ensures the persistence and immutability of data on the blockchain, preventing tampering or alteration. This layer is crucial for maintaining the integrity and reliability of the blockchain network.
[5]
Infrastructure Layer
The infrastructure layer provides the underlying hardware and software infrastructure that supports the blockchain network. It includes computers, servers, storage systems, and networking equipment. The infrastructure layer ensures the scalability, performance, and reliability of the blockchain network, allowing it to handle increasing workloads and demands. Figure 2 illustrates these layers.
There are three common types of blockchains: public/permissionless blockchains, private/permissioned blockchains and consortium/community blockchains. In public blockchains, data and access to the system are available to anyone who wants to participate [19]. Data access and control, however, are restricted to the authorized users, who are invited or form a specific organization in a private blockchain [19]. Consortium blockchains are between the previous types. These types are used by numerous companies and allow the public or specific participants to have access to data and to read them [20]. Although permissioned blockchains are more secure than other types, they require substantial funding and highly skilled technical personnel to set up and maintain. Organizations may find it difficult to integrate them with current systems and maintain operational stability [19]. Blockchains operate under different security concepts to protect data and transactions, such as asymmetric key cryptography, hashing, and consensus algorithms. These concepts make the blockchain more powerful as a solution for data, network and systems security, and privacy issues.

2.2.1. Blockchains in Healthcare

Since it deals with sensitive data, healthcare is one of the most sensitive industries. Thus, it demands significant attention from those who care about privacy, security, access control, and the accessibility of medical records. Three main stages must be covered to ensure security in this sector: exchange, storing, and manipulation. With the development of blockchain technology, a new strategy to control distributed transactions in the IoMT environment has emerged. Eliminating centralization by applying consensus, immutability, and traceability mechanisms enables an automated, secure flow of real-time data across IoMT devices, which is the primary driving force behind the integration of blockchain in IoMT [21].
According to Healthcare Weekly [22], the implementation of blockchain technology is considered by 40% of healthcare executives as one of the top five priorities for the sector. By 2025, the implementation of blockchain technology in healthcare may save the sector USD 100 to 150 billion annually in expenditures related to data breaches, IT, operations, support functions, and staff, as well as reducing fraud and the sale of substandard products [22]. Due to the decentralized nature of the blockchain architecture, this technology is considered as one of the most effective solutions for IoMT privacy preservation challenges. Recent state-of-the-art works on privacy preservation in blockchain-based IoMT systems are discussed in Section 4.
Beyond privacy and security, blockchain in healthcare offers exciting possibilities for streamlining processes and improving efficiency. This technology can act as a shared, tamper-proof ledger for critical data like medication supply chains, clinical trial results, and medical research data. Additionally, this technology can verify the authenticity of pharmaceuticals, ensure their safe journey from manufacturer to patient, and provide visualizations for authorized researchers to seamlessly access anonymized patient data across institutions, accelerating breakthroughs in disease treatment. Furthermore, blockchains can power automated claim processing and insurance verification, reducing administrative burdens and speeding up reimbursements. By facilitating secure and transparent data exchange, the blockchain opens doors to a more collaborative and efficient healthcare ecosystem, ultimately benefiting both patients and providers.

3. Methodology

In this paper, we present a detailed survey of blockchain-based privacy preservation for IoMT. The survey is limited to a 5-year period that includes academic papers written between 2019 and 2024, located via IEEE Xplore, ScienceDirect, SpringerLink, MDPI, Hindawi, the ACM Digital Library, and Google Scholar. We chose the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) systematic review process to identify the suitable studies and reduce the number of results for this review, as shown in Figure 3. In the review process, there are three sequential steps, which are identification, scanning, and eligibility testing. Papers are identified in the identification step using a Google Scholar search. To retrieve relevant articles and papers, the following search string was applied: (Blockchain) AND (IoMT OR IoHT OR “IoT in Healthcare System” OR “Smart Electronic Health Records”) AND (“Privacy Preserving” OR “Privacy Preservation” OR “Privacy Protection”). A total of 85 papers were identified in that focused on IoMT privacy preservation. After removing duplicate and nonconforming papers during the scanning process, 51 papers were chosen. Next, we eliminated the documents unrelated to blockchain-based solutions during the eligibility testing phase. Following this last stage, we decided to include 26 papers in the survey.

4. Related Works

Recently, several researchers have expressed interest in the preservation of privacy and security in smart healthcare environments. Thus, it is important to understand how these solutions work. They have been categorized based on the primary component into four categories: cloud-based, fog-based, edge-based, and blockchain-based. The focus here is on the blockchain-based solutions that have been proposed and how this technology has been adopted to address privacy issues. This section will be divided into two sub-sections according to the blockchain type: permissioned blockchain-based, which encompasses private and consortium blockchains, and permissionless blockchain-based solutions.

4.1. Permissioned Blockchains

In order to protect privacy in IoMT systems, many recent studies have suggested permissioned blockchains as a viable option. This technology guarantees that private medical information cannot be disclosed by unauthorized parties by limiting access to selected individuals. Furthermore, to confirm the legitimacy of IoMT devices and manage data access, permissioned blockchains can apply recent cryptographic methods. This creates a decentralized system that eliminates reliance on a single point of control, enhancing overall data security and privacy for patients in IoMT ecosystems.
Mani et al. [23] provided a novel approach, namely patient-centric healthcare data management (PCHDM). This approach works as follows: the hashes of health records are kept in an on-chain health record database as health record chains in the Hyperledger fabric, and the actual health data are encrypted and safely stored off-chain over the IPFS: a decentralized cloud storage system that guarantees scalability and confidentiality and solves the issue of blockchain data storage. Furthermore, this approach applied a container-based security smart contract with Byzantine fault tolerance consensus to protect patient privacy and ensure patient preferences before sharing health records.
In the same year, Driss et al. [24] proposed an end-to-end blockchain-based architecture with a privacy agreement management scheme that enables the automated posting of a patient and smart healthcare provider’s privacy agreement. The purpose of this agreement is to ensure that healthcare professionals follow applicable privacy laws and regulations as well as patients’ choices. Additionally, the researchers proposed a blockchain-based service that may be used to track interactions between patients and healthcare providers in order to check compliance with privacy agreement responsibilities. Their results showed that the proposed architecture has more throughput than Ethereum under the same delay time. This approach has a drawback, however, in its use of multiple blockchains, which may require large amounts of resources for a smart healthcare ecosystem. Also, it was found to increase the delay time because of the complexity of the integrated processes.
Kumar and Tripathi [25] attained the benefits of public and private blockchains by using a consortium blockchain. They proposed a consortium blockchain network with smart contracts as a safe data management system for IoMT. Initially, devices and patients are authenticated via smart contracts running on an IPFS cluster node. After authentication, this same cluster securely stores data created by the device and transmits them over the blockchain. To provide a safe and reliable healthcare system, the IPFS cluster guarantees device security and authentication, and the consortium network protects data privacy by using hash-based storage within the blockchain. On the other hand, Hai et al. [26] suggested to use a hybrid blockchain for the metadata storage in their disease forecasting model based on the access needs and sensitivity of the data. They mentioned that public blockchains can be used to store non-sensitive information, while private blockchains with restricted access can be used to store sensitive medical data.
Jia et al. [27] suggested a new fog computing paradigm authentication system supported by blockchain technology. This framework makes use of two privacy-preserving protocols that are optimized for the resource limitations of various IoMT entities: one based on physically unclonable functions and the other on Elliptic Curve Cryptography (ECC). The suggested protocols’ efficiency and efficacy in comparison to current techniques are shown via thorough analysis and performance evaluation, indicating their potential to improve security and privacy in IoMT applications. Contemporaneously, Rafique et al. [28] proposed SecureMed as a blockchain-based framework for protecting the privacy and security of IoMT data. This uses a permissioned blockchain, edge computing, and smart contracts to provide fine-grained access control, data encryption, and auditability. Figure 4 illustrates the model workflow.
With the increasing widespread use of quantum computing, Qu et al. [29] suggested “QB-IMD”, a unique medical data processing system based on quantum blockchain. QB-IMD protects data integrity and privacy by utilizing a new “QEMR” algorithm along with a quantum blockchain platform. To remove digital signature flaws, QEMR makes use of quantum signatures and authentication. Furthermore, data analysis is made possible via delegated computation via a “quantum cloud” while maintaining user privacy.
Undoubtedly, the healthcare field is demonstrably sensitive to the timeliness and veracity of accessible information. Therefore, Li et al. [30] presented a lightweight threshold secret-sharing scheme for medical data transmission and processing. This model combines distributed storage with blockchain to address the problem of reliable data exchange across devices. In addition, it includes an essential foundation for reconstructing and recovering secret data. The researchers utilized a permissioned blockchain and integrated cloud platform to increase data sharing and storage security.
Recently, Al-Qathrady et al. [31] proposed an IoMT trust evaluation system using time-based and event-driven data collection. In this system, the maximum subarray (Kadane) algorithm to is used compute the threshold value. Also, dynamic thresholds and membership mechanisms are applied for data validation, and it stores trust scores securely. The system leverages permissioned blockchains to increase storage privacy and emphasize security features for resource-constrained IoMT devices.
Table 1 provides a summary of studies that have tackled IoMT permissioned blockchain-based privacy-preserving solutions. Each study has been examined to analyze the permissioned blockchain platform they use, the algorithm for cryptography, the data storage method, and the covered security considerations that have been discussed in Section 2.1.1. Based on this summary, it is clear that most of the permissioned blockchain-based solutions apply traditional cryptography algorithms such as ECDSA and asymmetric cryptography. Additionally, most of the developers used an off-chain cloud storage platform to solve the scalability issue of blockchains. This platform will be used to store the encrypted health data. Moreover, the majority of these studies focused on covering four security considerations, which are privacy, integrity, confidentiality, and authentication.

4.2. Permissionless Blockchain

In the vein of permissionless blockchain research in IoMT, several studies have investigated this technology to be used as IoMT privacy preservation solutions. The emphasis on decentralization and openness of permissionless blockchains makes them popular choices for IoMT privacy. By removing a single point of vulnerability and guaranteeing that everyone is using the same data, this distributed network promotes confidence in data security.
Jie Xu et al. [32] introduced Healthchain, a decentralized blockchain-based system for encrypting and controlling access to vast amounts of sensitive large-scale health data. For example, by utilizing user transactions for key management, users can efficiently remove or add authorized physicians at any time to ensure the privacy of the user data. To prevent medical conflicts, Healthchain also ensures that IoT data and doctor diagnoses cannot be altered or removed. The authors guaranteed this by providing two different sub-blockchains: Uchain for the IoT data and Dchain for the doctor diagnoses data. At the end of the study, they evaluated the processing time of their schema by implementing four encryption algorithms: SHA-256, AES, RSA, and RSA signing. They found that SHA-256 was the quickest. Furthermore, they compared the transaction computation and communication costs of their suggested schema with a traditional smart healthcare system and found them to be much lower.
Using the same encryption algorithms, Wang et al. [33] proposed a double blockchain-based telemedicine diagnostic (DBTMD) privacy protection strategy to address two issues. First, they implemented two types of blockchains, like a previous study [34]; these were Userchain, which is used to store an encrypted patient-data file hash index, and Medicalchain, which is used to store an encrypted diagnosis data file hash index, to solve the supervision mechanism weakness. Additionally, this method can secure user and diagnosis data stored in the InterPlanetary File System (IPFS) and offers users remote medical diagnosing services. Second, an identity authentication chain was created to guarantee in real time that the information about the doctor’s identity was accurate. In the encryption process, the researchers used a 128-bit AES algorithm to encrypt the file data. At the same time, a 1024-bit RSA algorithm was used to encrypt the session key. The experiments showed that DBTMD enhanced the throughput of the block, while the key’s communication overheads were reduced by 82.8% compared with the Healthchain scheme [32].
A blockchain privacy-preserving approach appropriate for IoT devices was presented by Dwivedi et al. [35]. The proof of work (PoW) consensus mechanism was dropped from the suggested model due to the inadequate computational and storage capabilities of IoT devices. The authors utilize both public encryption protocols and lightweight encryption algorithms (ARX ciphers) to double the encryption data process. The data were initially encrypted with symmetric keys, then the symmetric keys themselves were encrypted with a public key. The public encryption protocols were also applied in [23,36].
As in [27], Wazid and Gope [36] and Pavithran [37] utilized the ECC algorithm. In [36], The researchers suggested a blockchain-enabled access control and key management protocol for IoMT-based e-healthcare systems, which they referred to as ‘BACKM-EHA’. This protocol offers secure key establishment and access control between the personal server and the body sensors. Additionally, it offers a secure key management system between the cloud server and the personal server by using Elliptic curve cryptography (ECC), and it provides a method for implementing ‘blockchain of healthcare data’ using cloud servers. The entire communication between the body sensors, personal servers, and cloud servers is thus secured by the proposed approach. The results showed BACKM-EHA’s computation cost to be lower than most of the other benchmarking methods. Also, it was found that the suggested BACKM-EHA offers most of the required functionality and security features mentioned in the paper.
Similarly, Ref. [37] suggested applying blockchain technology to collect and store patient data in an immutable manner in order to rebuild trust. The proposed architecture adopts a decentralized approach to efficiently combat such ethical issues. It tries to resolve trust difficulties and keep the highest ethical standards in healthcare by offering a safe, tamper-proof, and accountable system utilizing the ECC algorithm. This gives patient’s relatives real-time access to patient data and an enhanced awareness of their status. This architecture tackles issues of openness and possible malfeasance in the medical field, including claims of prolonging the intensive care unit stays of deceased patients for financial gain.
Azbeg et al. [21] introduced BlockMedCare, a secure healthcare platform that combines blockchain and IoT. Security is ensured by storing hash data on the blockchain and employing a re-encryption proxy. Access control is implemented using smart contracts, and an off-chain database based on IPFS is used to store data to guarantee blockchain scalability. The authors employed an Ethereum blockchain-based proof of authority to hasten the data-storing procedure. At the end of the study, they compared their proposed systems with some existing works such as [38,39]. This comparison demonstrated a positive improvement in the security of healthcare systems.
In contrast to the previous studies, Haque et al. [40] developed a privacy-preserving system using Paillier homomorphic encryption and k-means. In their system, for authenticity and secure data sharing among the participants, all transactions are documented in a distributed, immutable ledger. At the end of the experiments, secure k-means were found to perform better than conventional approaches in terms of time consumption and accuracy while also protecting the privacy of the data owners. For data storage, this model provides only on-chain storage. Similarly, Nie et al. [41] suggested a novel on-chain data-sharing strategy that uses blockchain technology and enables secure profile matching while maintaining user privacy. Keyword ciphertext authenticity is checked using a bloom filter with hash functions. To achieve secure profile matching, a key-policy attribute-based encryption (KP-ABE) algorithm and smart contracts are used. The performance evaluation demonstrated that the proposed scheme has great scalability and feasibility. Likewise, Ranjith and Mahantesh [42] have suggested an on-chain-based knapsack system. In this system, a simple greedy knapsack technique is used for both encrypting and decrypting the data. The performance of the suggested blockchain technique was examined using medical data. The findings demonstrated that, in comparison to the current methods, the suggested method uses less memory and requires less computing time.
For the same purpose as the previous research, Verma [43] presented a novel blockchain-based solution to the problem of protecting Electronic Health Records (EHRs) in mobile cloud environments. It makes use of a novel Elephant Herding Optimization with Opposition-Based Learning (EHO-OBL) for effective key generation and an updated Blowfish encryption model with better authentication. When compared to several traditional approaches, the evaluation showed a considerable improvement in key generation time, indicating the possibility of improved data privacy, security, and integrity of medical records in mobile cloud settings.
Researchers’ opinions differ on the choice of the appropriate and effective storage type for these systems. For instance, Sharma et al. [44] proposed a permissionless blockchain-based privacy-preserving model for medical certificates. This model works as a distributed application that makes it easier to create, update, and issue medical papers in a secure manner. The goal of this system is to improve overall security and privacy in the management of healthcare data while addressing difficulties with on-chain storage management. Differently, Wang et. al. [45] chose another path by leveraging the benefits of using hybrid storage and a digital signature to increase the privacy level, as shown in Figure 5.
Guduri et al. have also studied federated learning technology [46]. This study utilizes federated learning and a blockchain-based methodology to address the security and privacy of electronic health records (EHRs). In addition, it employs lightweight encryption and stores EHRs on a decentralized cloud infrastructure to overcome trust and scalability issues. Without depending on a third party, secure data flow is made possible through active smart contracts. A proxy re-encryption method further guarantees data privacy during the whole procedure. The model’s efficacy in terms of security and performance is demonstrated via evaluation on an Ethereum testbed, indicating its potential for safeguarding EHRs in decentralized healthcare systems.
This field continues to attract many researchers proposing effective solutions. For example, Miao et al. [47] proposed a new protocol for authenticating IoMT devices and users in a secure and privacy-preserving way. The protocol uses blockchain technology to store and manage authentication credentials, and it implements a variety of privacy-preserving features, such as anonymous authentication and fine-grained access control. Simultaneously, Lin et al. [48] published research that suggests a blockchain-based framework for IoMT privacy preservation. The suggested framework uses the elliptic curve Menezes–Qu–Vanstone-based message authentication code (ECMQV-MAC) protocol for mutual user authentication. It stores data securely using the deltoid curve-based Pallier cryptosystem (DC-PC) and employs the Dixon’s method-based Blum–Goldwasser cryptosystem (DM-BGC) for key generation. By avoiding massive data storage in BC, the protocol offers users a legitimate authentication method to access blockchain networking (BCN). These three recent papers were centered on the same security aspects: authentication and privacy.
Optimization algorithms have been applied to work side by side with permissionless blockchains to grantee medical data privacy preservation. For instance, Ashok and Gopikrishnan [49] proposed a hybrid metaheuristic model enabling dynamic reconfiguration of encryption and hashing standards within the blockchain. This dynamic optimization is achieved through a combination of Elephant Herding Optimization (EHO) and Grey Wolf Optimization (GWO). The model incorporates dual fitness functions to concurrently optimize security and Quality of Service (QoS) for various attack scenarios. By dynamically adjusting encryption and hashing parameters based on these functions, the system aimed to achieve optimal performance under diverse cyberthreats.
Table 2 provides a summary of studies that have tackled IoMT permissionless blockchain-based privacy-preserving solutions. Each study has been examined to analyze the permissionless blockchain platform they use, the algorithm for cryptography, the data storage method and the covered security considerations that were discussed in Section 2.1.1. Based on this summary, it is clear that most of the permissionless blockchain-based solutions applied traditional cryptography algorithms. Additionally, most of the developers used an off-chain storage platform to solve the scalability issue of blockchains. This platform will be used to store the encrypted health data. Moreover, the majority of these studies focused on covering three security considerations, which are privacy, integrity, and authentication.

4.3. Empirical Studies

Empirical studies are research methods that rely on direct observation or experience to gather data and draw conclusions [52]. They can be categorized into two main types: qualitative and quantitative. In general, security and privacy professionals often utilize quantitative methods in their work. In these studies, natural experiments, statistical analysis, simulations, and case studies are widely used in the field of data privacy preservation to analyze and measure the effectiveness of various privacy-preserving techniques. In addition, they provide insights into the strengths, weaknesses, and limitations of data privacy solutions, helping researchers and practitioners to develop more effective and robust solutions for protecting sensitive information. To apply these methods, various metrics are used to evaluate the effectiveness of different techniques. The choice of evaluation metric depends on the specific goals of the study and the characteristics of the data and privacy techniques being evaluated.
Based on our conducted review, most of the studies are examined using various evaluation metrics, including encryption and decryption time, central processing unit (CPU) overhead, and memory utilization. After applying these metrics, the proposed model is compared against some recent benchmark solutions. For example, Wang et al. [33] compared their work with [32]. In summary, the proposed scheme (DBTMD) achieves faster encryption times and block generation, especially for larger data volumes. In terms of throughput, DBTMD can handle more transactions per second. Regarding communication cost, the DBTMD scheme reduces the size of key transactions and overall communication overhead by 82.8% compared to Healthchain.
Another study was conducted by Driss et al. [24]. They compared their proposed model, SmartMedChain, with [53]. Based on the comparison, SmartMedChain demonstrated superior performance in both throughput and delay time compared to [53]. SmartMedChain was more tolerant of increasing workloads, maintaining a relatively lower delay time, even at higher transaction rates. Addionally, SmartMedChain was more tolerant of increasing workloads, maintaining a relatively consistent throughput, even at higher transaction rates. This suggests that SmartMedChain is a promising solution for blockchain-based healthcare applications that require high transaction rates, a low latency, and consistent performance.

5. Discussion

This review paper reveals a significant uptick in research activity focused on the integration of blockchain technology within IoT-based healthcare systems for security and privacy purposes, with a notable acceleration observed since 2019. Tanwar et al. [54] divided the application of blockchain technology, from a security perspective, into five main categories in their review study (detection, monitoring, prediction, response, and prevention). In a survey, Panarello et al. [55] divided studies that focused on blockchain integration with IoT into five categories according to the security concept they addressed. Confidentiality, authentication, integrity, availability, and non-repudiation are the security concepts that are addressed. Nevertheless, these systems frequently face several difficulties, most of which are connected to processing and mining nodes, time consumption, connection overhead, and scalability [56]. This research focused on three key points: the initial introduction of blockchain into this field, the types used, and the encryption methods employed in the proposed solutions. These points raised questions that facilitated a deeper understanding of the field and the identification of challenges.
[1]
How has blockchain technology emerged as a solution for ensuring patient privacy in IoMT systems since 2019?
Starting from 2019, blockchain technology has gained traction as a promising solution for privacy preservation in IoMT systems. By leveraging its secure, decentralized ledger, IoMT devices can share healthcare data without compromising patient privacy. This allows authorized users to access vital information while ensuring sensitive data remain encrypted and tamper-proof, fostering trust and transparency within the healthcare ecosystem. Since this year, there has been a surge in research exploring blockchain-based models for IoMT privacy preservation, as shown in this paper. These models take advantage of the blockchain’s tamper-proof and secure features to guarantee that private medical data remain secure when they are transferred between devices and authorized users.
[2]
What is the predominant type of blockchain platform used in IoMT privacy-preserving models, and why is this a potential risk to healthcare data privacy?
Based on the comparison of these models, as shown in the previous sections, it is clear that most of the IoMT blockchain-based privacy-preserving models tend to utilize permissionless blockchain platforms that do not require authorization. Figure 6 shows that approximately 65% of studies suggested a permissionless blockchain platform as a basis for their solution. This is generally for reasons of cost reduction and performance effectiveness, but it places healthcare data privacy at risk.
Although permissionless blockchains provide decentralization and censorship resistance, they may significantly compromise the privacy of patient medical data. Restricting access to sensitive information is challenging due to the anonymous nature of these blockchains and the absence of control over network access. Furthermore, even in cases when data are protected, permissionless blockchains make information publicly accessible, making it vulnerable to security breaches. The combination of these elements can make it difficult to guarantee the integrity and security of medical data, which emphasizes the importance of choosing blockchain platforms for applications that are sensitive to privacy with great care.
[3]
With ongoing advancements in cryptography, what are the emerging encryption techniques that may offer even more robust privacy and security for IoMT data?
As is known, encryption algorithms are one of the most important ways to ensure the privacy of patient health information. Many previous studies still propose the use of known classical algorithms due to their ease of implementation. As shown in Figure 7, 58% of these studies applied classical cryptography algorithms. However, we must not forget that there are many new algorithms that are more powerful and effective in maintaining data security and privacy, which are recommended for use with sensitive data, considering rapid technological developments. One of these recommended algorithms is Fully Homomorphic Encryption (FHE). Based on the previous comparisons, it is evident that only one study applied FHE as an encryption algorithm. The benefit of FHE is that the computations on encrypted data can be conducted without the need for decoding. This can result in considerable privacy and security advantages, since sensitive data can continue to be encrypted while being processed. As a result, sensitive data can remain encrypted while being processed, which can have a positive impacts on both privacy and security.

6. Future Directions

As seen in this review paper, blockchain technology offers a decentralized and immutable ledger that can enhance data privacy and security in IoMT systems by enabling secure sharing and storage of patient information. Although this technology provides strong security, it encounters considerable challenges in the method of applying it to IoMT systems. The scalability limitations of current blockchain implementations can hinder their ability to handle the massive data volumes and real-time processing demands of the IoMT. Additionally, the energy consumption associated with certain consensus mechanisms, such as proof-of-work, raises concerns about the environmental impact of blockchain integration. Therefore, despite their potential for enhanced privacy, blockchain systems are not entirely immune to data leaks. Vulnerabilities in smart contracts, compromised private keys, and social engineering attacks can expose sensitive information stored on the blockchain.
To fully leverage the potential of blockchains for securing patient privacy in IoMT, it is imperative to address these challenges. This requires a concerted effort to investigate innovative scaling solutions, optimize existing blockchain technologies, develop more energy-efficient consensus mechanisms, and apply more robust cryptographic algorithms such as homomorphic cryptography in conjunction with secure multiparty computing [57]. By overcoming these obstacles, the transformative potential of blockchains can be unlocked in revolutionizing the healthcare landscape and ensuring the confidentiality and integrity of patient data.

7. Conclusions

The rapid growth of the IoMT has the potential to completely transform healthcare, but protecting patient privacy is a major challenge that goes hand-in-hand with this growth. Research investigating the possibility of blockchain utilization as a potential solution for addressing these privacy issues in IoMT systems was investigated in this review study. Sensitive medical data can be stored on an intrinsically reliable and unchangeable platform due to its distributed ledger technology. This immutability strengthens overall data security by ensuring confidence in the provenance of the data and preventing unwanted modifications. Additionally, patients now have more control over their medical records due to the use of blockchain technology. People can manage who has access to their data and when by using flexible access control systems. With patients in control of their data ownership and a decentralized approach, the power dynamic is shifted, promoting trust throughout the healthcare system.
Based on this study, it appears that most previous studies did not focus heavily on the use of highly privacy-preserving blockchains that require permissions to access and use health data. This increases the risk of security and privacy breaches for this sensitive type of data, which could place patients at risk. Moreover, the study found that most studies still use traditional encryption methods, with many modern methods that are superior in security and strength to these conventional methods.
However, it is crucial to acknowledge the challenges that remain. Although blockchain technology offers strong security, it may not be able to handle the huge data volume and real-time processing demands of IoMT systems due to its existing scaling issues. To remove this bottleneck, new scalability options must be investigated, and current solutions must be optimized. Concerns about the environmental effects of blockchain integration are also raised by the energy consumption of some consensus techniques, such as PoW. For sustainable deployment, alternative, energy-efficient consensus processes must be investigated. Despite these challenges, the potential of blockchains for securing patient privacy in IoMT cannot be overstated. Through continuous study, development, and cooperative efforts, the difficulties can be addressed, allowing blockchain technology to reach its full potential and influence the direction of IoMT technology.

Author Contributions

Formal analysis, A.A. (Afnan Alsadhan); writing—review and editing, A.A. (Afnan Alsadhan), A.A. (Areej Alhogail), and H.A.; supervision, A.A. (Areej Alhogail) and H.A. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

The original contributions presented in the study are included in the article; further inquiries can be directed to the corresponding author.

Acknowledgments

We would like to thank the editors and anonymous reviewers for their detailed comments.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Global Smart Healthcare Market—Industry Trends and Forecast to 2029. 2022. Available online: https://www.databridgemarketresearch.com/reports/global-smart-healthcare-market (accessed on 23 July 2024).
  2. Statistical Yearbook 2021. 2021. Available online: https://www.moh.gov.sa/en/Ministry/Statistics/book/Documents/Statistical-Yearbook-2021.pdf (accessed on 12 August 2024).
  3. Schneider, P.; Xhafa, F. Anomaly Detection and Complex Event Processing over IoT Data Streams; Academic Press: Cambridge, MA, USA, 2022. [Google Scholar] [CrossRef]
  4. Smart Hospital Market Value to Reach $59 Billion Globally by 2026. Juniper Research. Available online: https://www.juniperresearch.com/press/smart-hospital-market-value-to-reach-59-billion/ (accessed on 6 August 2024).
  5. Medical Device Cybersecurity Regional Preparedness Response Playbook. 2022. Available online: https://www.mitre.org/sites/default/files/2022-11/pr-2022-3616-medical-device-cybersecurity-regional-preparedness-response-companion-guide.pdf (accessed on 23 May 2024).
  6. Vaiyapuri, T.; Binbusayyis, A.; Varadarajan, V. Security, Privacy and Trust in IOMT Enabled Smart Healthcare System: A Systematic Review of current and Future Trends. Int. J. Adv. Comput. Sci. Appl. 2021, 12, 731–737. [Google Scholar] [CrossRef]
  7. Vadapalli, R. Blockchain Fundamentals Textbook Fundamentals of Blockchain; 2022; Available online: https://www.researchgate.net/publication/366928441_BLOCKCHAIN_FUNDAMENTALS_TEXT_BOOK_Blockchain_Fundamentals (accessed on 5 August 2024).
  8. Ahamad, S.S.; Pathan, A.-S.K. A formally verified authentication protocol in secure framework for mobile healthcare during COVID-19-like pandemic. Connect. Sci. 2020, 33, 532–554. [Google Scholar] [CrossRef]
  9. Ghubaish, A.; Salman, T.; Zolanvari, M.; Unal, D.; Al-Ali, A.; Jain, R. Recent advances in the Internet-of-Medical-Things (IOMT) systems security. IEEE Internet Things J. 2021, 8, 8707–8718. [Google Scholar] [CrossRef]
  10. Joung, Y.-H. Development of implantable medical devices: From an engineering perspective. Int. Neurourol. J. 2013, 17, 98. [Google Scholar] [CrossRef]
  11. Alsubaei, F.; Abuhussein, A.; Shandilya, V.; Shiva, S. IOMT-SAF: Internet of Medical Things Security Assessment Framework. Internet Things 2019, 8, 100123. [Google Scholar] [CrossRef]
  12. Hameed, S.; Khan, F.I.; Hameed, B. Understanding security requirements and Challenges in Internet of Things (IoT): A review. J. Comput. Netw. Commun. 2019, 2019, 1–14. [Google Scholar] [CrossRef]
  13. Sengupta, J.; Ruj, S.; Bit, S.D. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. J. Netw. Comput. Appl. 2020, 149, 102481. [Google Scholar] [CrossRef]
  14. Hireche, R.; Mansouri, H.; Pathan, A.-S.K. Security and Privacy Management in Internet of Medical Things (IOMT): A synthesis. J. Cybersecur. Priv. 2022, 2, 640–661. [Google Scholar] [CrossRef]
  15. Privacy Policy. World Health Organization (WHO). Available online: https://www.who.int/about/policies/privacy (accessed on 11 May 2024).
  16. Personal Data Protection Law. SDAIA. 2023. Available online: https://sdaia.gov.sa/en/SDAIA/about/Documents/Personal%20Data%20English%20V2-23April2023-%20Reviewed-.pdf (accessed on 23 June 2023).
  17. Abideen, S. Blockchain E-Book; Cybrosys Technologies: Kerala, India. Available online: https://assets.website-files.com/622c09eb9c589f58e1ea86da/624b5f643eed1a7a51f05a36_Insight-Into-The-World-Of-Blockchain-By-Cybrosys-Technologies.pdf (accessed on 5 August 2024).
  18. Laurence, T. Blockchain for Dummies; John Wiley & Sons: Hoboken, NJ, USA, 2019. [Google Scholar]
  19. Syed, T.A.; Alzahrani, A.; Jan, S.; Siddiqui, M.S.; Nadeem, A.; Alghamdi, T.G. A Comparative Analysis of Blockchain Architecture and its Applications: Problems and Recommendations. IEEE Access 2019, 7, 176838–176869. [Google Scholar] [CrossRef]
  20. Jolfaei, A.A.; Aghili, S.F.; Singelee, D. A survey on Blockchain-Based IOMT Systems: Towards Scalability. IEEE Access 2021, 9, 148948–148975. [Google Scholar] [CrossRef]
  21. Azbeg, K.; Ouchetto, O.; Andaloussi, S.J. BlockMedCare: A healthcare system based on IoT, Blockchain and IPFS for data management security. Egypt. Inform. J. 2022, 23, 329–343. [Google Scholar] [CrossRef]
  22. Arsene, C. The Global ‘Blockchain in Healthcare’ Report: The 2022 Ultimate Guide for Every Executive. Healthcare Weekly. 2 January 2024. Available online: https://healthcareweekly.com/blockchain-in-healthcare-guide/ (accessed on 5 August 2024).
  23. Mani, V.; Manickam, P.; Alotaibi, Y.; Alghamdi, S.; Khalaf, O.I. Hyperledger Healthchain: Patient-Centric IPFS-Based storage of health records. Electronics 2021, 10, 3003. [Google Scholar] [CrossRef]
  24. Majdoubi, D.E.; Bakkali, H.E.; Sadki, S. SmartMedChain: A Blockchain-Based Privacy-Preserving smart healthcare framework. J. Healthc. Eng. 2021, 2021, 1–19. [Google Scholar] [CrossRef]
  25. Kumar, R.; Tripathi, R. Towards design and implementation of security and privacy framework for Internet of Medical Things (IoMT) by leveraging blockchain and IPFS technology. J. Supercomput. 2021, 77, 7916–7955. [Google Scholar] [CrossRef]
  26. Hai, T.; Sarkar, A.; Aksoy, M.; Karmakar, R.; Manna, S.; Prasad, A. Elevating security and disease forecasting in smart healthcare through artificial neural synchronized federated learning. Clust. Comput. 2024, 27, 7889–7914. [Google Scholar] [CrossRef]
  27. Jia, X.; Luo, M.; Wang, H.; Shen, J.; He, D. A Blockchain-Assisted Privacy-Aware authentication scheme for internet of medical things. IEEE Internet Things J. 2022, 9, 21838–21850. [Google Scholar] [CrossRef]
  28. Rafique, W.; Khan, M.; Khan, S.; Ally, J.S. SecureMed: A Blockchain-Based Privacy-Preserving framework for internet of medical things. Wirel. Commun. Mob. Comput. 2023, 2023, 1–14. [Google Scholar] [CrossRef]
  29. Qu, Z.; Meng, Y.; Liu, B.; Muhammad, G.; Tiwari, P. QB-IMD: A secure medical data processing system with privacy protection based on quantum blockchain for IOMT. IEEE Internet Things J. 2024, 11, 40–49. [Google Scholar] [CrossRef]
  30. Li, C.; Dong, M.; Xin, X.; Li, J.; Chen, X.-B.; Ota, K. Efficient privacy preserving in IOMT with blockchain and lightweight secret sharing. IEEE Internet Things J. 2023, 10, 22051–22064. [Google Scholar] [CrossRef]
  31. Qathrady, M.A.; Saeed, M.; Amin, R.; Alshehri, M.S.; Alshehri, A.; Alqhtani, S.M. Smart Healthcare: A dynamic blockchain-based trust management model using Subarray algorithm. IEEE Access 2024, 12, 49449–49463. [Google Scholar] [CrossRef]
  32. Xu, J.; Xue, K.; Li, S.; Tian, H.; Hong, J.; Hong, P.; Yu, N. Healthchain: A Blockchain-Based privacy Preserving scheme for Large-Scale Health data. IEEE Internet Things J. 2019, 6, 8770–8781. [Google Scholar] [CrossRef]
  33. Wang, W.; Wang, L.; Zhang, P.; Xu, S.; Fu, K.; Song, L.; Hu, S. A privacy protection scheme for telemedicine diagnosis based on double blockchain. J. Inf. Secur. Appl. 2021, 61, 102845. [Google Scholar] [CrossRef]
  34. Shankar, K.; Lakshmanaprabu, S.K. Optimal key based homomorphic encryption for color image security aid of ant lion optimization algorithm. Int. J. Eng. Technol. 2018, 7a, 22. [Google Scholar] [CrossRef]
  35. Dwivedi, A.; Srivastava, G.; Dhar, S.; Singh, R. A decentralized Privacy-Preserving healthcare blockchain for IoT. Sensors 2019, 19, 326. [Google Scholar] [CrossRef] [PubMed]
  36. Wazid, M.; Gope, P. BACKM-EHA: A novel blockchain-enabled security solution for IOMT-based e-healthcare applications. ACM Trans. Internet Technol. 2023, 23, 39. [Google Scholar] [CrossRef]
  37. Pavithran, D.; Shibu, C.; Madathiparambil, S. Enhancing Trust between Patient and Hospital using Blockchain based architecture with IoMT. Int. J. Comput. Digit. Syst. 2024, 15, 295–303. [Google Scholar] [CrossRef]
  38. Azaria, A.; Ekblaw, A.; Vieira, T.; Lippman, A. MEDREC: Using blockchain for medical data access and permission management. In Proceedings of the 2016 2nd International Conference on Open and Big Data (OBD), Vienna, Austria, 22–24 August 2016. [Google Scholar] [CrossRef]
  39. Liang, X.; Zhao, J.; Shetty, S.; Liu, J.; Li, D. Integrating blockchain for data sharing and collaboration in mobile healthcare applications. In Proceedings of the 28th Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (IEEE PIMRC 2017), Montreal, QC, Canada, 8–13 October 2017. [Google Scholar] [CrossRef]
  40. Haque, R.U.; Hasan, A.S.M.T.; Nishat, T.; Adnan, M.A. Privacy-Preserving k-Means Clustering over Blockchain-Based Encrypted IoMT Data. In Internet of Things; Springer: Cham, Switzerland, 2021; pp. 109–123. [Google Scholar] [CrossRef]
  41. Nie, X.; Zhang, A.; Chen, J.; Qu, Y.; Yu, S. Blockchain-Empowered secure and Privacy-Preserving health data sharing in Edge-Based IOMT. Secur. Commun. Netw. 2022, 2022, 1–16. [Google Scholar] [CrossRef]
  42. Ranjith, J.; Mahantesh, K. Blockchain-based knapsack system for security and privacy preserving to medical data. SN Comput. Sci. 2021, 2, 2608–2617. [Google Scholar] [CrossRef]
  43. Verma, G. Blockchain-based privacy preservation framework for healthcare data in cloud environment. J. Exp. Theor. Artif. Intell. 2022, 36, 147–160. [Google Scholar] [CrossRef]
  44. Sharma, P.; Namasudra, S.; Chilamkurti, N.; Kim, B.-G.; Crespo, R.G. Blockchain-Based privacy preservation for IoT-Enabled healthcare system. ACM Trans. Sens. Netw. 2023, 19, 56. [Google Scholar] [CrossRef]
  45. Wang, M.; Zhang, H.; Wu, H.; Li, G.; Gai, K. Blockchain-Based Secure Medical Data Management and Disease Prediction. In Proceedings of the ASIA CCS ’22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May–3 June 2022. [Google Scholar] [CrossRef]
  46. Guduri, M.; Chakraborty, C.; Maheswari, U.V.; Margala, M. Blockchain-based federated learning technique for privacy preservation and security of smart electronic health records. IEEE Trans. Consum. Electron. 2023, 70, 2608–2617. [Google Scholar] [CrossRef]
  47. Miao, J.; Wang, Z.; Wu, Z.; Ning, X.; Tiwari, P. A blockchain-enabled privacy-preserving authentication management protocol for Internet of Medical Things. Expert Syst. Appl. 2024, 237, 121329. [Google Scholar] [CrossRef]
  48. Lin, Q.; Li, X.; Cai, K.; Prakash, M.; Paulraj, D. Secure Internet of medical Things (IoMT) based on ECMQV-MAC authentication protocol and EKMC-SCP blockchain networking. Inf. Sci. 2024, 654, 119783. [Google Scholar] [CrossRef]
  49. Kanneboina, A.; Sundaram, G. Improving security performance of Internet of Medical Things using hybrid metaheuristic model. Multimed. Tools Appl. 2024. [Google Scholar] [CrossRef]
  50. Chaturvedi, N.S. Iot-Based Secure Healthcare Framework Using Blockchain Technology with A Novel Simplified Swarm-Optimized Bayesian Normalized Neural Networks. Int. J. Data Inform. Intell. Comput. 2023, 2, 63–71. [Google Scholar] [CrossRef]
  51. Yadav, S.; Yadav, V. A Sustainable Blockchain and Asymmetric Broadcast Encryption-Based Secure E-Healthcare System. In Sustainable Security Practices Using Blockchain, Quantum and Post-Quantum Technologies for Real Time Applications; Springer: Singapore, 2024; pp. 71–86. [Google Scholar] [CrossRef]
  52. Ramesh, V.; Glass, R.L.; Vessey, I. Research in computer science: An empirical study. J. Syst. Softw. 2004, 70, 165–176. [Google Scholar] [CrossRef]
  53. Makhdoom, I.; Zhou, I.; Abolhasan, M.; Lipman, J.; Ni, W. PrivySharing: A blockchain-based framework for integrity and privacy-preserving data sharing in smart cities. Comput. Secur. 2019, 1, 363–371. [Google Scholar] [CrossRef]
  54. Tanwar, S.; Bhatia, Q.; Patel, P.; Kumari, A.; Singh, P.K.; Hong, W.-C. Machine Learning adoption in Blockchain-Based Smart Applications: The challenges, and a way forward. IEEE Access 2020, 8, 474–488. [Google Scholar] [CrossRef]
  55. Panarello, A.; Tapas, N.; Merlino, G.; Longo, F.; Puliafito, A. Blockchain and IoT Integration: A Systematic survey. Sensors 2018, 18, 2575. [Google Scholar] [CrossRef]
  56. Salman, T.; Zolanvari, M.; Erbad, A.; Jain, R.; Samaka, M. Security Services Using Blockchains: A State of the art survey. IEEE Commun. Surv. Tutor. 2019, 21, 858–880. [Google Scholar] [CrossRef]
  57. Phan, N.T.C.; Tran, N.H.C. Consideration of data security and privacy using machine learning techniques. Int. J. Data Inform. Intell. Comput. 2023, 2, 20–32. [Google Scholar] [CrossRef]
Electronics 13 03832 g001
Figure 1. IoMT privacy-preserving blockchain-based structure.
Figure 1. IoMT privacy-preserving blockchain-based structure.
Electronics 13 03832 g001
Electronics 13 03832 g002
Figure 2. Blockchain architecture layers.
Figure 2. Blockchain architecture layers.
Electronics 13 03832 g002
Electronics 13 03832 g003
Figure 3. PRISMA study selection diagram. N represents the number of papers.
Figure 3. PRISMA study selection diagram. N represents the number of papers.
Electronics 13 03832 g003
Electronics 13 03832 g004
Figure 4. SecureMed workflow [28].
Figure 4. SecureMed workflow [28].
Electronics 13 03832 g004
Electronics 13 03832 g005
Figure 5. Wang et al.’s proposed system architecture [45].
Figure 5. Wang et al.’s proposed system architecture [45].
Electronics 13 03832 g005
Electronics 13 03832 g006
Figure 6. Number of studies based on blockchain type.
Figure 6. Number of studies based on blockchain type.
Electronics 13 03832 g006
Electronics 13 03832 g007
Figure 7. Number of studies based on the applied cryptography algorithm.
Figure 7. Number of studies based on the applied cryptography algorithm.
Electronics 13 03832 g007
Table 1. Summary of permissioned blockchain-based solutions.
Table 1. Summary of permissioned blockchain-based solutions.
Primary StudiesYearBlockchain PlatformCryptography AlgorithmData StorageSecurity
Considerations
(Section 2.1.1)
[23]2021Hyperledger fabricAsymmetricOff-chainPrivacy, integrity, confidentiality
[24]2021Hyperledger fabricAESOff-chainPrivacy, integrity, non-repudiation
[25]2021Consortium blockchainECDSAOff-chainAuthentication, integrity, privacy
[27]2022Hyperledger fabricElliptic curve cryptography (ECC)Off-chainAuthentication, privacy
[28]2023PythereumECDSAOff-chainAuthentication, privacy
[29]2023Quantum blockchainQuantum cryptographyOn-chainConfidentiality, authentication, privacy
[30]2023Hyperledger fabricNot specifiedOff-chainConfidentiality, privacy
[26]2024HybridNot specifiedOff-chainIntegrity, privacy
[31]2024Not specifiedNot specifiedOn-chainAuthentication, privacy
Table 2. Summary of permissionless blockchain-based solutions.
Table 2. Summary of permissionless blockchain-based solutions.
Primary StudiesYearBlockchain PlatformCryptography
Algorithm		Data
Storage		Security
Considerations
(Section 2.1.1)
[32]2019Not
specified		SHA-256, AES, RSA, RSA signingOff-chainPrivacy,
non-repudiation
[35]2019Not
specified		ARX ciphersOff-chainPrivacy, confidentiality, authentication, integrity
[33]2021Not
specified		128-bit AES,
1024-bit RSA		Off-chainPrivacy
[43]2021Not
specified		Merkle–Hellman knapsackOn-chainPrivacy
[36]2022Not
specified		Elliptic curve
cryptography (ECC)		Off-chainPrivacy
[21]2022EthereumUmbral threshold proxy re-encryption schemeOff-chainConfidentiality, integrity, privacy
[40]2022Not
specified		Paillier
homomorphic		On-chainPrivacy
[41]2022EthereumKP-ABEOn-chainPrivacy
[43]2022Not
specified		BlowfishOff-chainAuthentication,
integrity, privacy
[45]2022Not
specified		Digital signaturesHybridConfidentiality, integrity, privacy
[44]2023EthereumNot specifiedOn-chainAuthentication, confidentiality, availability,
integrity, privacy
[46]2023EthereumRe-encryption with federated learningOff-chainIntegrity, privacy
[50]2023Not
specified		HVE-NIS algorithmOff-chainIntegrity, privacy
[37]2024EthereumElliptic curve cryptography (ECC)Off-chainIntegrity, privacy
[47]2024Not
specified		Chebyshev chaotic mapOff-chainAuthentication,
privacy
[48]2024Not
specified		Deltoid curve-based Pallier cryptosystem (DC-PC)Off-chainAuthentication,
privacy
[49]2024Not
specified		Elliptic curve cryptography (ECC)Off-chainIntegrity, privacy
[51]2024Not
specified		Asymmetric key-based broadcastOff-chainAuthentication,
privacy
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Alsadhan, A.; Alhogail, A.; Alsalamah, H. Blockchain-Based Privacy Preservation for the Internet of Medical Things: A Literature Review. Electronics 2024, 13, 3832. https://doi.org/10.3390/electronics13193832

AMA Style

Alsadhan A, Alhogail A, Alsalamah H. Blockchain-Based Privacy Preservation for the Internet of Medical Things: A Literature Review. Electronics. 2024; 13(19):3832. https://doi.org/10.3390/electronics13193832

Chicago/Turabian Style

Alsadhan, Afnan, Areej Alhogail, and Hessah Alsalamah. 2024. "Blockchain-Based Privacy Preservation for the Internet of Medical Things: A Literature Review" Electronics 13, no. 19: 3832. https://doi.org/10.3390/electronics13193832

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Article metric data becomes available approximately 24 hours after publication online.
Back to TopTop