PRIVACY PRESERVING PROTOCOLS FOR HEALTHCARE BASED ON BLOCKCHAIN TECHNOLOGY

Blockchain technology is experiencing an exponential growth in research and industry. It enables a cryptographically secured and irrevocable data sharing leveraging distributed process. The use of blockchain in the healthcare sector turns out to be challenging in order to store data. The treatment of healthcare data is strictly regulated by the General Data Protection Regulation (GDPR), which requires transparency, security, privacy, integrity, non-repudiation and erasure of those data. Blockchain technology, while being an element of innovation that may provide to patients full control on their health information, is intrinsically in contradiction with the GDPR key factors. In literature proliferate prototypes that aim to obtain the compliance of the blockchain with the GDPR but still there is no security analysis on these models that propose a proper way to achieve a compliant mechanism for data exchange. Moreover, blockchain technology is not totally immune to emerging security threats with consequences in terms privacy and treatments effectiveness. The purpose of this Master's thesis is to abstract models of privacy preserving protocol based on blockchain technology in the healthcare sector. For each model the multiple cryptographic protocols exploited, in order to address the GDPR-compliance, are investigated. Thereafter their safety is analysed, and the obtained results are used to quantify the risk related to their use. Permissioned blockchain infrastructure, based on particle Byzantine fault tolerance (PBFT) consensus mechanism, that preserves on-chain the hash digest of the healthcare data, seems to be the safest among those analysed. Its core technology components in fact, reduce its risk of exposure related to different types of attack.