Enhancing healthcare data security: a two-step authentication scheme with cloud technology and blockchain

Abstract

In the modern world, medical data leakage has many external and internal threats. Information systems of medical organizations are constantly subject to various types of cyber-attacks and unauthorized penetration attempts, which leads to the publication of patient medical data online. Existing authentication schemes using blockchain technologies in medical organization systems ensure the integrity of medical data and secure access to patient data. However, one of the serious reasons for unauthorized access to the healthcare system is the human factor, which manifests itself in a negligent attitude towards account security, non-compliance with the rules and policies of information security, and transferring to third parties personal login details to the information system of a medical organization. This paper proposes a solution to this problem through an improved two-step authentication scheme using cloud technology and blockchain. The combined use of cloud technologies and blockchain is a distinctive feature of the proposed authentication scheme since it provides two levels of protection: 1) two-step authentication, the second stage of which includes biometrics through a mobile application. It prevents unauthorized access to the system by third parties; 2) cloud encryption keys for decrypting medical data, which are also accessed through the user's biometrics. The practical part of the paper includes the implementation of biometric login in Python using the OpenCV library. As a result of the practical part, unique fingerprint samples were obtained. The biometric user verification algorithm is designed for a mobile application, which we plan to implement in the future