Blockchain and IoT for Security and Privacy: A

Platform for Diabetes Self-management

Kebira AZBEG*, Ouail OUCHETTO, Said JAI ANDALOUSSI, Leila FETJAH, Abderrahim SEKKAKI
LR2I Lab, Dept. of Mathematics and Computer Science, Faculty of science Ain-chok, Hassan II University of Casablanca
Casablanca, Morocco
[email protected], {ouail.ouchetto, said.jaiandaloussi, leila.fetjah, abderrahim.sekkaki}@etude.univcasa.ma

Abstract—Diabetes is one of the most common disease over the these approaches, we still have some issues in security and
world which requires a daily self-care in order to be controlled. privacy.
Nowadays, diabetes self-management can benefit from the recent One of the main goals of the Health Insurance Portability
advanced technologies such as Internet of things (wearables and
medical sensors) to take measurements and track health data. In and Accountability Act (HIPAA) 2 is to ensure the privacy and
this paper, we present a platform architecture based on the IoT security of health information when it is transfered, received,
and Blockchain to facilitate the follow-up of diabetes and to help handled, or shared. Then, the security of medical records is
patients to self-manage it properly. Our architecture combines the an imperative aspect which must be guaranteed. Nowadays,
IoT with the Blockchain technology in order to collect patients’ several researches are trying to enhance this aspect by using
data, share it with their healthcare teams in a near real-time and
in a secure manner while preserving patient’s privacy. the Blockchain technology. In [4], the authors proposed an
Index Terms—Blockchain, IoT, Diabetes Self-management, architecture to manage permissions and medical data access
Healthcare, Security, Privacy using smart contracts. Their approach allows patients to man-
age access to their own medical data by deploying specific
I. I NTRODUCTION smart contracts in the Ethereum Blockchain [5]. Another
research proposed a mobile application for collecting health
Diabetes is a serious disease that requires a particular self- data and sharing it with healthcare providers and insurance
care and a better follow-up in order to be controlled. According companies [6]. They used a permissioned Blockchain based on
to the global report on diabetes, done by the World Health Hyperledger Fabric to ensure privacy, integrity protection and
Organization, 422 million people in the world had diabetes to store access control policies. In [7], ”Ancile” is a framework
in 2014 with a prevalence of 8.5% in the adult population, based on a permissioned Blockchain to manage access control
compared to 4.7% in 1980. In 2012, 1.5 million deaths are and increase interoperability in the case of electronic health
caused by diabetes and 2.2 million deaths by high blood records (EHR). The framework uses Ethereum Blockchain
glucose. 43% of these deaths occur before the age of 70 to store access permission and references to data, whereas
years 1 . Over time, uncontrolled diabetes can lead to several patient’s data still stored in the providers’ databases. Six
and serious health complications such as heart disease, kidney types of smart contracts are used in this framework to define
failure, vision problem, amputation, nerves and blood vessels permissions and execute other operations. Another work aims
damage. Patients must take diabetes seriously by following to manage access to eHealth data by using a gateway to handle
a good care plan and adopting an adequate lifestyle. This in data generated by sensors. An off-chain database, based on
order to stay healthy and prevent the short and long-term dia- IPFS, is used to store data and an Ethereum Blockchain is used
betes complications. In addition, to take medicines and follow to deploy smart contracts in order to manage access to this data
a diabetes meal plan, patients should check regularly their [8]. However, these approaches didn’t take in consideration
weight, blood pressure and blood sugar. These measurements the security at the local level when data is transmitted from
should be recorded and shared with medical teams in order to sensors to the gateway.
ensure a collaborative care. In this paper, we focus on that level. We aim to develop
The use of the Internet of Things, especially medical a decentralized application for handling information and reg-
devices, wearables and sensors, will improve diabetes care by istering devices in order to prevent addition of malicious
collecting health records automatically, such as blood pressure devices. We propose a data management architecture based
and glucose levels regularly. It will also help patients to share on the combination of IoT and the Blockchain technology.
data and interact with their physicians in near real-time and This architecture will allow diabetic patients to collect their
then allows them to track diabetes information. medical data and share it automatically with their physicians
Multiple healthcare applications and platforms have been in a secure manner. Patients will also be able to control access
proposed for patient monitoring, healthcare management and to their data, improve the integrity and protect their privacy.
health systems diabetes by using IoT [1] [2] [3]. However, in The rest of this paper is organized as follows: Section II
1 http://apps.who.int/iris/handle/10665/204871 2 http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx
presents the importance of using IoT to self-manage diabetes. secure IoT devices [12]. The local communication and policies
Section III discusses some use cases of using Blockchain storage are assured by a private Blockchain which is managed
technology to secure IoT. Section IV presents our approach centrally by a smart home miner. A public Blockchain is used
and describes our architecture. In Section V, we present the to handle transactions outside the smart home. In [13], Authors
system implementation and, in Section VI, we conclude the propose FairAccess, which is a Blockchain-based framework
paper and introduce some future works. to manage access control for IoT by using smart contracts
to define policies and distribute authorization tokens. Another
II. D IABETES SELF - MANAGEMENT work in progress tries to connect IoT end-devices with low
Diabetes management is very important to live healthy and power and storage capabilities to a Blockchain infrastructure
have a near normal life. It is about keeping blood sugar [14]. They used Ethereum Blockchain and LoRa gateway for
close to normal in order to prevent diabetes complications. routing data and verifying integrity.
Diabetes management is mostly self-management and it re-
quires a serious self-care concerning food planning, exercises, IV. O UR APPROACH
regular checkups of blood glucose and so on. Nowadays, self- In this work, we present a detailed architecture of our
management can benefit from technology advancements by proposed approach. We aim to create a platform to smart
using IoT devices like glucometer sensor to determine the self-care and follow-up of diabetes by combining IoT devices
approximate concentration of glucose in the blood. The use of and Blockchain. The advantage of using IoT is to facilitate
IoT can help patients to keep track of their medication, take data collection and make its sharing automatic. On the other
measurements and share them with their medical team. Over hand, the platform benefits from Blockchain’s security and
the past few years, there have been suggested several eHealth smart contracts to achieve authentication, integrity, privacy and
applications based on the IoT for diabetes management, but traceability. This will allow patients to have a total control
they still face some issues and challenges regarding security over their data. They will be able to define access policies,
and privacy [3]. permissions and to know who accessed? to what? and when?
The challenge with this combination is that medical devices
III. B LOCKCHAIN AND I OT
used for diabetes self-care have low storage and computing
The number of connected devices is growing exponentially. power capacities. This makes their integration in a Blockchain
The Gartner’s predictions show that by 2020 we will have infrastructure a complicated task. Mostly they don’t support an
20 billion devices connected to the Internet 3 . Every year, installation of a light client to become a node in the Blockchain
thousands of devices join the Internet and store their data on network. Some works proposed to use gateway as a Blockchain
centralized servers. This architecture raises several questions node in order to forward data from sensors to Blockchain [12].
regarding security and privacy 4 , especially when devices However, we still have issues on how to secure the connection
manage sensitive and personal data. The implementation of between patient’s devices and gateway. For example, a third
security should take in consideration the adoption of the party can add malicious devices to transmit wrong data or to
security model based on three essential parts: confidentiality, damage the gateway. Our work is focused on how to strengthen
integrity and availability. These parts can be supported by security at this level. The solution is to register each new
using some tools and common security measures such as device in the Blockchain by its owner, thus unknown device
access control, encryption, firewall, intrusion detection system, can not access to the platform unless the owner registers it
redundancy methods and so on [9], or by using the Blockchain and gives it permission.
technology which can be a good solution to achieve the To explain our proposed architecture, Fig. 1, we can divide it
security model. into four parts: connected devices, Blockchain network, smart
In terms of data security, the level of challenge is high, contracts and medical team.
especially in the case of sensitive and critical data which
are managed through smart health solutions. The Blockchain, A. Connected devices
which already secures Bitcoin transactions [10], could add a Connected devices are divided into two types. The first
security layer in the IoT area. one encompasses medical devices, sensors and wearables
In recent years, several researches and companies use the that collect information about patient’s health such as blood
Blockchain technology in order to secure the IoT, manage pressure, glucose level, heart rate, weight, and other necessary
access control and verify integrity. In [11], the authors pro- measures for diabetes monitoring. These devices take measure-
vide a way to manage IoT devices by using the Ethereum ments and share them automatically with the healthcare team
Blockchain. Smart contracts were used to track the use of through smart-phone. The second type is a smart-phone, this
electricity by a meter and to configure policies in order to device is used as an intermediary between medical devices
control the use of energy. In the other side, A. Dorri et and Blockchain network. It uses a mobile application for
al. propose to use both private and public Blockchain to handling, encrypting information and routing it from devices
3 https://www.gartner.com/newsroom/id/3165317 to an off-chain database which can be accessible by authorized
4 https://www.bbvaopenmind.com/en/iot-and-blockchain-challenges-and- physicians and healthcare teams. The patient will be able to
risks/ interact either with their devices and physicians by using this
 Fig. 1. Platform architecture.

application. He will be able to grant or revoke access and (his public key). This last represents him in the Blockchain
permissions, add or remove a device which will be translated and makes his identification impossible. In case of emergency,
by our application to an add/remove transaction forwarded and medical team must be able to view some data, thus each patient
stored in the Blockchain network. The choice of smart-phone should select in advance this data, encrypt it and distribute the
as a gateway is not arbitrary since the patient is always in decryption key by using the secret sharing method. Then to
move, he cannot be at home all the time. So we need a secure decrypt this data, the medical team should cooperate with one
system able to follow him everywhere; at home, at work and or more members of patient’s family to have the decryption
even when he travels. key.
B. Blockchain network
The medical devices are linked to a permissioned C. Smart contracts
Blockchain thanks to smart-phones. All patients will play the Smart contracts are programs built, compiled into byte
role of light nodes using their smart-phones, because of their code and then deployed in the Blockchain network. Each
limited storage capacity. Hospitals, laboratories and public smart contract is identified by a unique address and can be
health organizations will be full nodes. They will store a triggered by transmitting a transaction to this address. Once
pointer to data, validate transactions, create blocks and append the predefined conditions are realized, the smart contract will
them to the Blockchain. This Blockchain will be used to be executed automatically without third party intervention. In
store access control policies and enhance security as well as this work, smart contracts will be used to create a log for
keeping traceability of each patient’s data by recording every traceability by registering every manipulation made on data.
manipulation made on this data. The Blockchain will store It will also be used to register or delete devices, grant or revoke
just a pointer (a data hash) to data, while health data will access, define policies and authentication verification.
be encrypted and stored in an off-chain database as a key-
value. The off-chain storage is maintained by a peer-to-peer
D. Medical team
distributed file system (IPFS). Each patient will encrypt its
data and store it in the IPFS which will generate the hash that It can be public health organizations, diabetes manage-
will be stored in the Blockchain. ment center, researchers, pharmaceutical laboratories, clinics
Patients have the choice to grant access to other parties or or healthcare professionals in general. These entities will be
not. They have also the ability to choose what data to keep connected through a permissioned Blockchain to have access
visible and for whom. All health entities can have access to to data. This will allow physicians to follow their patients’
the information while keeping patient privacy, because data health and public health organizations to extract information
are encrypted and each patient is identified just by an ID in order to use it in research or statistics for example.
 V. S YSTEM IMPLEMENTATION • Device registration: In this step, the patient will reg-
In this section, we present different tools needed to imple- ister each new device in the Blockchain by using an
ment our approach. add transaction. Each device will be identified by a
• A permissioned Blockchain: Since our Blockchain han-
unique set of values; its identifier (represented by its
dles sensitive medical data that requires a high level of MAC address) and its owner’s identifiers (Patient’s public
security and privacy control, we will use a permissioned Ethereum address) Fig 3. Thus no one can add a device
Blockchain. This type of Blockchain can restrict the except the patient. In this way the patient can have a
nodes who are eligible to participate in the consensus total control over his devices and can be protected against
algorithm. The consensus is reached by using proof of malicious devices.
authority (POA). This consensus algorithm allows only • Data encryption: Data will be encrypted by the patient
the predefined validators (full nodes in our case) to before being stored in the IPFS. If a party wants to
append blocks to the Blockchain and secure the network. access to data, it sends a transaction through the DApp
Thanks to POA, we will get a faster Blockchain that and a smart contract will check its eligibility. If the
requires less computing resources and thus lower energy party has access permission, then the patient will send
consumption. In the tests, a private Ethereum Blockchain the decryption key encrypted by the public key of the
is used. authorized party. Thus to access to data, the authorized
• A decentralized application (DApp) is needed to interact
party will decrypt the message with his private key to get
with the Blockchain. A DApp is a decentralized appli- the decryption key.
cation that works on a peer to peer network without the
need of a central server. It has a lot of characteristics, due
to its decentralized nature, which make it very interesting.
It has a client side (front-end) written in HTML, CSS and
JavaScript. Instead of connecting this side to a backend
web server, it is connected to a Blockchain then linked
with smart contracts. In our case, the patient will use the
application interface to make different transactions Fig.
2.

Fig. 3. Devices registration.

Fig. 2. Patient interaction with Blockchain through a decentralized applica-

tion. VI. C ONCLUSION AND F UTURE W ORKS
Controlling and managing diabetes is a very important thing
• Transactions: Each physician will add and register his that can be done by supervising health information such as
patients in the Blockchain by generating for each of them blood glucose levels regularly. To make that process automatic,
a QR code. This QR code will contain the physician’s the use of IoT devices is necessary. In this way the patient
Ethereum address and the Blockchain network informa- can ensure the collect of his health information regularly and
tion. Once the patient is registered in the Blockchain, he in some cases automatically. In other hand, this information
will be able to execute different transactions or actions; should be shared with a medical team in a secure and faster
add/remove devices, grant/revoke permissions to other way, thus the necessary of using a secure system. In this
nodes, define policies, access to his data and show some paper, we propose a platform based on the combination of
summaries or dashboards. Our DApp will trigger smart IoT and Blockchain to collect health data and share it with
contracts in order to launch these transactions and store health entities in order to have a daily smart care.
it in the Blockchain for traceability. The patient will be In our proposition, we focused on the patient privacy and the
added and registered in the Blockchain by his physician. security between patient’s devices in order to protect against
malicious devices. We chose proof of authority as a consensus
algorithm for a faster system and cheaper in terms of energy
and time. In this paper, we presented just a global overview of
our approach. Currently, we are working on making a detailed
conception for each component of our system. The next step
is to implement our system by giving a proof of concept to
demonstrate the feasibility of our approach and to verify its
performance, then to suggest some ameliorations if needed.
Another future work is the use of artificial intelligence in
order to analyze node behaviors so that the system can identify
abnormal node behaviors in real time.
ACKNOWLEDGMENT
This work is supported by the National Center for Scientific
and Technological Research (CNRST).
R EFERENCES
[1] M. A. Al-Taee, W. Al-Nuaimy, A. Al-Ataby, Z. J. Muhsin, and S. N.
Abood, “Mobile health platform for diabetes management based on the
internet-of-things,” in Applied Electrical Engineering and Computing
Technologies (AEECT), 2015 IEEE Jordan Conference on. IEEE, 2015,
pp. 1–5.
[2] K. Darshan and K. Anandakumar, “A comprehensive review on usage
of internet of things (iot) in healthcare system,” in Emerging Research
in Electronics, Computer Science and Technology (ICERECT), 2015
International Conference on. IEEE, 2015, pp. 132–136.
[3] S. Deshkar, R. Thanseeh, and V. G. Menon, “A review on iot based m-
health systems for diabetes.” International Journal of Computer Science
and Telecommunications, vol. 8, no. 1, pp. 13–18, 2017.
[4] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “Medrec: Using
blockchain for medical data access and permission management,” in
Open and Big Data (OBD), International Conference on. IEEE, 2016,
pp. 25–30.
[5] V. Buterin et al., “A next-generation smart contract and
decentralized application platform, 2014,” URl: https://github.
com/ethereum/wiki/wiki/White-Paper (visited on 10/09/2016), 2014.
[6] X. Liang, J. Zhao, S. Shetty, J. Liu, and D. Li, “Integrating blockchain
for data sharing and collaboration in mobile healthcare applications,” in
Personal, Indoor, and Mobile Radio Communications (PIMRC), 2017
IEEE 28th Annual International Symposium on. IEEE, 2017, pp. 1–5.
[7] G. G. Dagher, J. Mohler, M. Milojkovic, and P. B. Marella, “Ancile:
Privacy-preserving framework for access control and interoperability
of electronic health records using blockchain technology,” Sustainable
Cities and Society, vol. 39, pp. 283–297, 2018.
[8] N. Rifi, E. Rachkidi, N. Agoulmine, and N. C. Taher, “Towards using
blockchain technology for ehealth data access management,” in Ad-
vances in Biomedical Engineering (ICABME), 2017 Fourth International
Conference on. IEEE, 2017, pp. 1–4.
[9] M. FRUSTACI, P. Pasquale, A. Gianluca, and G. FORTINO, “Evaluating
critical security issues of the iot world: Present and future challenges,”
IEEE Internet of Things Journal, 2017.
[10] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008.
[11] S. Huh, S. Cho, and S. Kim, “Managing iot devices using blockchain
platform,” in Advanced Communication Technology (ICACT), 2017 19th
International Conference on. IEEE, 2017, pp. 464–467.
[12] A. Dorri, S. S. Kanhere, and R. Jurdak, “Towards an optimized
blockchain for iot,” in Proceedings of the Second International Confer-
ence on Internet-of-Things Design and Implementation. ACM, 2017,
pp. 173–178.
[13] A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman, “Fairaccess: a new
blockchain-based access control framework for the internet of things,”
Security and Communication Networks, vol. 9, no. 18, pp. 5943–5964,
2016.
[14] K. R. Özyılmaz and A. Yurdakul, “Work-in-progress: integrating low-
power iot devices to a blockchain-based infrastructure,” in Embedded
Software (EMSOFT), 2017 International Conference on. IEEE, 2017,
pp. 1–2.