A Smart Contract-Based Multi-Factor Authentication Mechanism for Secure Tracking of Medical Records
Abstract
The digitization of medical records in the healthcare sector demands robust mechanisms to ensure data confidentiality, integrity, and privacy. This paper proposes an innovative multi-factor authentication (MFA) mechanism that leverages smart contracts and blockchain technology to secure the tracking of medical records. The proposed system, named Blockchain Authentication with Zero-Knowledge Proof (BAZKP), provides a tamper-proof environment for storing and accessing records while preserving users’ personally identifiable information (PII). A key novelty of BAZKP lies in storing only the character count structure of passwords rather than the actual credentials, combined with zero-knowledge proofs (ZKP) to verify identity without exposing sensitive data. This hybrid blockchain/ZKP approach addresses limitations of centralized and hardware-based solutions, reducing vulnerabilities while avoiding the cost and usability constraints of dedicated hardware systems.
The system was implemented and tested on a private Ethereum testnet, with a proof-of-concept application developed using Solidity, Web3.js, and MetaMask. Performance evaluation over 100 transactions for core operations (registration, login, and password reset) demonstrated practical viability: registration incurred the highest latency (≈4500 ms) and gas consumption (≈120,000 gas), while login and reset operations were more efficient (≈4000 ms/80,000 gas and ≈3500 ms/60,000 gas, respectively). Comparative security analysis against existing MFA methods—including 2FA, hardware tokens, and biometrics—confirms that BAZKP provides superior privacy protection through decentralization and ZKP, without the cost and usability drawbacks of hardware-based solutions. Overall, this approach enhances trust in digital health systems by offering a secure, transparent, and privacy-preserving authentication framework for medical data, representing a significant advancement in digital healthcare security.
Keywords: Blockchain; Multi-Factor Authentication; Smart Contracts; Zero-Knowledge Proof; Medical Record Security.
Full Text:
PDFReferences
R. Vichayanan, K. Muhammad Saleem, A. Javed, and T. Uthen. “Blockchain-Enabled Internet of Things (IoT) Applications in Healthcare: A Systematic Review of Current Trends and Future Opportunities”. International Journal of Online & Biomedical Engineering, vol. 19, no 10, 2023. https://doi.org/10.3991/ijoe.v19i10.41399
A F. Alhamzah, Q N. Akhtar, K. Nohman, C. Rabia and A. Javed. “The blockchain technologies in healthcare: prospects, obstacles, and future recommendations; lessons learned from digitalization”. International Journal of Online & Biomedical Engineering, vol. 18, no 09, 2022. https://doi.org/10.3991/ijoe.v18i09.32253
E. Azzedine, A. Imam, T.Ayoub, B. Mohamed, H. Laamar and E. Rachid. “Proposed Architecture for Hospital 4.0: Integrating IoT, Edge AI, and Blockchain for Secure and Efficient Healthcare Systems “. International Journal of Online & Biomedical Engineering, vol. 21, no 5, 2025. https://doi.org/10.3991/ijoe.v21i05.52991
B.Estefano, A.Adrian, C.Bruno, C. José Luis and W.Lenis . Interoperability Blockchain, InterPlanetary File System and Health Level 7 Framework for Electronic Health Records. International Journal of Online & Biomedical Engineering, vol. 20, no 15, 2024. https://doi.org/10.3991/ijoe.v20i15.51515
F. Ahamed, F. Farid, B. Suleiman, Z. Jan, L. A. Wahsheh, and S. Shahrestani, “An Intelligent Multimodal Biometric Authentication Model for Personalised Healthcare Services,” Future Internet, vol. 14, no 8, p. 222, July 2022, https://doi.org/10.3390/fi14080222
N. Hamed and A. Yassin, “Secure Patient Authentication Scheme in the Healthcare System Using Symmetric Encryption,” Iraqi J. Electr. Electron. Eng., vol. 18, no. 1, pp. 71–81, June 2022, https://doi.org/10.37917/ijeee.18.1.9
B. Sharma, R. Halder, and J. Singh, “Blockchain-based Interoperable Healthcare using Zero-Knowledge Proofs and Proxy Re-Encryption,” in 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS), Bengaluru, India: IEEE, pp. 1–6, Jan. 2020. https://doi.org/10.1109/COMSNETS48256.2020.9027413
T. Suleski and M. Ahmed, “A Data Taxonomy for Adaptive Multifactor Authentication in the Internet of Health Care Things,” J. Med. Internet Res., vol. 25, p. e44114, Aug. 2023, https://doi.org/ 10.2196/44114
M. Fareed and A. A. Yassin, “Privacy-preserving multi-factor authentication and role-based access control scheme for the E-healthcare system,” Bull. Electr. Eng. Inform., vol. 11, no. 4, pp. 2131–2141, Aug. 2022. https://doi.org/10.11591/eei.v11i4.3658
F. J. Jaime, A. Muñoz, F. Rodríguez-Gómez, and A. Jerez-Calero, “Strengthening Privacy and Data Security in Biomedical Microelectromechanical Systems by IoT Communication Security and Protection in Smart Healthcare,” Sensors, vol. 23, no. 21, p. 8944, Nov. 2023. https://doi.org/10.3390/s23218944
T. Suleski, M. Ahmed, W. Yang, and E. Wang, “A review of multi-factor authentication in the Internet of Healthcare Things,” Digit. Health, vol. 9, p. 20552076231177144, Jan. 2023. https://doi.org/10.1177/20552076231177144
S. Renukappa, P. Mudiyi, S. Suresh, W. Abdalla, and C. Subbarao, “Evaluation of challenges for adoption of smart healthcare strategies,” Smart Health, vol. 26, p. 100330, Dec. 2022. https://doi.org/10.1016/j.smhl.2022.100330
R. Alajlan, N. Alhumam, and M. Frikha, “Cybersecurity for Blockchain-Based IoT Systems: A Review,” Appl. Sci., vol. 13, no. 13, p. 7432, June 2023. https://doi.org/10.3390/app13137432
A. A. Al-saggaf, T. Sheltami, H. Alkhzaimi, and G. Ahmed, “Lightweight Two-Factor-Based User Authentication Protocol for IoT-Enabled Healthcare Ecosystem in Quantum Computing,” Arab. J. Sci. Eng., vol. 48, no. 2, pp. 2347–2357, Feb. 2023. https://doi.org/10.1007/s13369-022-07235-0
S. Bamashmos, N. Chilamkurti, and A. S. Shahraki, “Two-Layered Multi-Factor Authentication Using Decentralized Blockchain in an IoT Environment,” Sensors, vol. 24, no. 11, p. 3575, June 2024. https://doi.org/10.3390/s24113575
R. Bhan, R. Pamula, P. Faruki, and J. Gajrani, “Blockchain-enabled secure and efficient data sharing scheme for trust management in healthcare smartphone network,” J. Supercomput., vol. 79, no. 14, pp. 16233–16274, Sept. 2023. https://doi.org/10.1007/s11227-023-05272-6
Regulation (EU) 2016/679 (GDPR)," European Parliament and Council, 2016. Available online: https://gdpr-info.eu/.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)," U.S. Congress, 1996. Available online: https://www.hhs.gov/hipaa/for-professionals/index.html.
H. A. Abdulmalek and A. A. Yassin, “Secure two-factor mutual authentication scheme using shared image in medical healthcare environment,” Bull. Electr. Eng. Inform., vol. 12, no. 4, pp. 2474–2483, Aug. 2023. https://doi.org/10.11591/eei.v12i4.4459
V. Rajasekar, P. Jayapaul, S. Krishnamoorthi, and M. Saračević, “Secure Remote User Authentication Scheme on Health Care, IoT and Cloud Applications: A Multilayer Systematic Survey,” Acta Polytech. Hung., vol. 18, no. 3, pp. 87–106, 2021. https://doi.org/10.12700/APH.18.3.2021.3.5
A. Ahmad and S. Jagatheswari, “Quantum Safe Multi-Factor User Authentication Protocol for Cloud-Assisted Medical IoT,” IEEE Access, vol. 13, pp. 3532–3545, 2025. https://doi.org/10.1109/ACCESS.2024.3523530
T. Suleski and M. Ahmed, “A Data Taxonomy for Adaptive Multifactor Authentication in the Internet of Health Care Things,” J. Med. Internet Res., vol. 25, p. e44114, Aug. 2023. https://doi.org/10.2196/44114.
Z. Elhadari, H. Zougagh, N. Idboufker, and M. Ech-chebaby, “Survey on the Adoption of Blockchain Technology in Internet of Things Environments: Techniques, Challenges and Future Research Directions” vol. 52, no. 1, 2025. Available online: https://www.iaeng.org/IJCS/issues_v52/issue_1/IJCS_52_1_08.pdf
Z. Elhadari, H. Zougagh, N. Idboufker, and M. Ech-chebaby, “A Secure Data Storage Model for Wearable Medical IoT Devices Using Blockchain Technology,” vol. 52, no. 7, 2025. Available online: https://www.iaeng.org/IJCS/issues_v52/issue_7/IJCS_52_7_14.pdf
M. A. Khan, H. Alhakami, W. Alhakami, A. V. Shvetsov, and I. Ullah, “A Smart Card-Based Two-Factor Mutual Authentication Scheme for Efficient Deployment of an IoT-Based Telecare Medical Information System,” Sensors, vol. 23, no. 12, p. 5419, June 2023. https://doi.org/10.3390/s23125419
E. Barka, M. Al Baqari, C. A. Kerrache, and J. Herrera-Tapia, “Implementation of a Biometric-Based Blockchain System for Preserving Privacy, Security, and Access Control in Healthcare Records,” J. Sens. Actuator Netw., vol. 11, no. 4, p. 85, Dec. 2022. https://doi.org/10.3390/jsan11040085
MOHAMED RIMSAN, Ahmad Kamil Mahmood. Application of blockchain and smart contract to ensure temper-proof data availability for energy supply chain. Journal of Hunan University Natural Sciences, vol. 47, no 10, 2020. Available online: https://jonuns.com/index.php/journal/article/view/460/457
NGUYEN QUOC KHANH, Ta Hoang Giang. Blockchain: The Driving Force behind the World's Post-COVID-19 Economy. Journal of Hunan University Natural Sciences, vol. 49, no 1, 2022. https://doi.org/10.55463/issn.1674-2974.49.1.8
Refbacks
- There are currently no refbacks.
