Agent-based blockchain model for robust authentication and authorization in IoT-based healthcare systems

Recently, the healthcare domain has recognized a wide range of advancements thanks to new technologies and processing methods, which substantially ameliorate patient monitoring and treatment and better the quality of medical services at lower costs. However, the personal information of patients and professionals are very attractive. They are continuously subject to serious security attacks, mainly due to healthcare systems’ permanent connectivity and open-source nature. This paper featured a new and original scheme dealing with authentication and authorization issues in IoT-based healthcare systems, and solving existing scalability and interoperability concerns. Mobile agents and blockchain technologies were combined to elaborate a mutual and anonymous authentication and a dynamic and decentralized attribute-based access control (ABAC). A comprehensive formal security analysis has been conducted, employing AVISPA tool to assess the security of the key agreement, mutual authentication and blockchain-based ABAC processes. Additionally, an informal security analysis has been carried out to demonstrate the robustness and resilience of the proposed scheme from various known attacks. Furthermore, a performance evaluation using Hyperledger Fabric v1.1 reveals that the proposed scheme is scalable and outperforms other existing schemes in terms of communication cost, computational cost and storage capacity, while showing commendable throughput and low latency.