Keywords

1 Introduction

On December 31st 2019, The Wuhan Municipal Health Commission, China, reported a cluster of pneumonia cases in Hubei Province [1]. The causative agent was soon identified as novel coronavirus (COVID-19). It belonged to a large family of virus that gave rise to symptoms varying from mild flu to severe respiratory distress [2].

The number of COVID cases burgeoned through 2020, and as of today, COVID-19 has affected more than 11 million people in the world and has caused more than 4 lakh deaths [3]. With no promise of a vaccine in the near few months, countries struggle to diagnose the afflicted and identify people who have been exposed to the virus to prevent community spread. A multitude of existing pandemic handling schemes resort to mobile-based contact tracing and mass surveillance applications, like the ones used in Australia, China, Israel, South Korea and Singapore. However, these applications have suffered criticism due to serious privacy threats. Parallelly, nationwide lockdowns have halted economies and given rise to unemployment and recession [4]. The world needs a strategy that improves COVID protection systems, while allowing businesses and corporates to carry out their activity in a sustained manner.

Blockchain is among the most promising technologies of the twenty-first century and has caused a major paradigm shift in the healthcare sector [5]. The paper applies blockchain to COVID protection and delineates three major features of our approach: the contact tracing subsystem, blockchain network and COVID status checking scheme. The contact tracing scheme allows stakeholders to identify people who have come in proximity with individuals diagnosed with COVID-19, to test and isolate them, and treat them when applicable, preserving user privacy while doing so. The COVID status checking scheme allows citizens to stay protected while they carry out their daily activities in a controlled manner. The blockchain network forms the skeleton of the proposed system, stores patient records on a distributed ledger and coordinates access management. Experimental simulation shows the framework to be highly efficient in preserving privacy.

2 Related Work

Several countries have come up with ingenious contact tracing and surveillance methods in the wake of COVID-19. The World Health Organization adopted contact tracing to contain the Ebola outbreak in Africa. WHO defined it as the ‘identification and follow-up of people who may have come into contact with a person infected with Ebola virus’ [6]. It enforced rules for conducting systematic contact tracing for frontline epidemiologists, surveillance officials, healthcare specialists and other volunteers. No mobile applications were used during the Ebola outbreak.

Danquah introduced an application-based contact tracing system to track Ebola cases in Sierra Leone [7] and demonstrated how it improved on data storage and accuracy over paper-based systems.

Several organizations have, thence, engaged in developing contact tracing applications for pandemic control. With the rise of COVID-19, countries have adopted mobile technologies to conduct business in the safest manner possible. The Indian Government conceived the Aarogya Setu app for the same purpose [8]. Aarogya Setu utilizes the smartphone's Bluetooth and GPS features to determine the user's infection risk and perform contact tracing. It generates a randomized device identifier (DiD), maps it with the mobile number of a registering user and stores an encrypted version on it. This method gives the government authority access to the user's epidemiological and GPS information, which poses serious security concerns.

Similarly, China, Singapore South Korea and Australia have urged citizens to install apps for contact tracing and surveillance. However, the concerns of privacy have not been addressed in most of these endeavors. The South Korean surveillance app utilizes GPS data. Furthermore, it requires users to provide their real names and government-issued identity numbers, which infringes on user privacy. Singapore’s TraceTogether app operates by exchanging random tokens between nearby phones via Bluetooth, which are then sent to a central server [9]. When an individual is diagnosed with COVID-19, the tokens recorded by the patient's apps are released. Since the government authority maintains a mapping of tokens and associated phone numbers, it can use the released list of tokens to trace the list of exposed users. TraceTogether maintains privacy from other user by using anonymized tokens; however, it provides little privacy for infected citizens. Additionally, the system banks on a central authority (the Singaporean government) and is, hence, less scalable and secure.

Owing to the disadvantages of centralized systems, decentralized COVID protection projects have emerged. Some notable endeavors include COVID watch, PACT and that of Google/Apple [10]. COVID watch is a group of volunteers spread over various continents, comprising security and public health experts [11], and uses Bluetooth Beacon technology for contact tracing. This framework can potentially collect more data than necessary for surveillance and is also susceptible to man-in-the-middle attacks.

Hekmati’s work introduces CONTAIN, a privacy-centric mobile contact tracing application that has no dependency on GPS or any other form of location-sensing and reduces the quantity of personally identifiable data logged on a server [12]. The simulation study outlined in the paper emphasizes the efficiency of the system. However, CONTAIN users can choose to reveal their COVID status in an opt-in fashion to the concerned authorities. This stands on the unrealistic assumption that all users shall operate in good faith and shall cooperate and furnish information wherever necessary.

Torky describes a four-tiered blockchain-based COVID containment system [13]. The system adopts the concepts of regex to digitally represent and verify infection patterns under the ‘Infection Verifier Subsystem.’ A ‘blockchain subsystem’ acts as a backbone and stores data about confirmed COVID-19 cases in real time, and a peer-to-peer app is used by users to stay abreast of COVID developments. The paper also introduces a mass surveillance subsystem which works in tandem with the infection verifier subsystem, but it provides scarce technical details about the system design and the protocols involved.

3 Blockchain Technology

The groundwork for blockchain technology was laid out by Nakamoto when his whitepaper on bitcoin shook the world of cryptocurrency in 2008 [14].

A blockchain essentially stores a list of transaction records, with each block pointing to the previous block via a hash reference. The block header contains, among other notable fields, the block version, the hash of the parent block, the nonce and a merkle tree root hash [15] of all transactions in the block. The block body contains the transaction list. New blocks are added to the ledger by the block miners after a consensus mechanism, the most common being proof-of-work, which is based on a cryptographic block-racing game [16]. Being a decentralized ledger, blockchains prevent a single point of failure. Furthermore, since each block stores the hash of the previous block, it is computationally infeasible to tamper with blockchains.

4 The Proposed System

In this paper, we propose a blockchain-based framework for protection against COVID that has the following salient features:

  • A contact tracing subsystem backed by the Bluetooth beacon technology. The proposed system differs from existing systems in using a decentralized consortium blockchain for storing patient data. Additionally, it uses a highly secure Diffie-Hellman (DH) key exchange algorithm instead of the symmetric algorithms used by existing frameworks.

  • A dynamic COVID status record of participating users that need a mandatory daily update, and which can be leveraged by offices, grocery stores, restaurants, etc., to maintain social distancing norms.

The various stakeholders in the system are as follows:

  • Medical practitioners, hospitals and testing centers reserve the right to update the blockchain with the COVID status of patients based on their test report. (positive, negative, etc.)

  • Research and development centers and government nodes can request to read the epidemiological data in the blockchain for research purposes.

  • Shops, restaurants, malls, offices and government personnel maintain read-only access to the blockchain.

4.1 Dapp Registration

Every user, during registration to the Dapp, is assigned a public-private key pair. On registration, the following additional information is collected:

  • A collective dataset of the user's epidemiological information (‘Info’) comprising the age, gender, blood type, pre-existing diseases and the location, encrypted with the user’s private key. This ensures that only agencies with the user’s public key (e.g., treating medical agencies) can decrypt this information.

  • The COVID-19 status of the patient (status) can take either of the values described in Table 1.

    Table 1 COVID states and their meaning
    Full size table

4.2 The Contact Tracing Subsystem

Let us assume that Alice and Bob have registered themselves to the Dapp and have received the public keys (A and B) and private keys (a and b), respectively. When they come in proximity, Alice sends her public key to Bob and requests his public key. When Bob accepts and sends over the same, the two users use the Diffie-Helman (DH) algorithm to create a shared secret key. This shared secret is known only to Alice and Bob. Being an asymmetric key exchange algorithm, DH is more secure than the symmetric key exchange used by Bluetooth beacon-based COVID systems (Fig. 1).

Fig. 1
figure 1

Diffie-Helman key exchange

Full size image

Both Alice and Bob then periodically send beacons using Bluetooth. These beacons are pseudorandom numbers encrypted by the DH-shared secret key generated in the previous step. The beacons are encrypted by the user’s private key and are stored locally by the receiver.

When Bob is diagnosed with COVID, the certifying medical practitioner interacts with the consortium blockchain to update his COVID status as ‘positive,’ and at the same time, it downloads the encrypted beacons from his Dapp and updates the list on the consortium blockchain.

All users are required to perform a ‘status check’ on their Dapps every 24 h. This ‘status check’ basically interacts with the consortium blockchain, obtains the list of encrypted beacons (from the patients marked COVID positive in that city) and attempts to decrypt the same using the repository of public keys which it has collected. When Alice performs the same, she shall be able to decrypt Bob’s beacons (as she has Bob’s private key). She is, thus, advised to take the necessary steps to quarantine herself for 21 days. Her COVID status is automatically changed from positive to ‘has_to_be_quarantined’ and the ‘status check’ is marked complete. Since the beacons used are anonymized, the identity of the COVID infected patients is not revealed.

4.3 The Blockchain Network

The consortium blockchain stores transactions only on users that have either of the following COVID states: ‘positive,’ ‘has_to_be_quarantined,’ ‘quarantined,’ ‘off_quarantine’ and ‘recovered.’ Only medical agencies, testing centers and government agencies certified with a miner ID (IDp) can add transactions to the blockchain. Table 2 illustrates the fields contained in each transaction in the proposed blockchain.

Table 2 Block contents
Full size table

The epidemiological information of each afflicted/quarantined user is stored in an encrypted format. Government/Research authorities that aim to perform epidemiological surveys are required to request the public key of the transaction creator with a justification, in order to decrypt the data and obtain the content. This ensures that agencies access epidemiological data only when they absolutely need to do so.

Each set of transactions is bundled into a block. The mined blocks are verified by other nodes, spanning healthcare agencies and government bodies, and a consensus is reached via proof-of-work. Since the block verification system is decentralized and involves various stakeholders, linkage attacks are infeasible.

4.4 Role of COVID State in Maintaining Social Distancing

The COVID state of an individual can help people practice social distancing norms. Offices, shopping stores, malls, restaurants, grocery stores, etc., may reserve the right to deny any individual whose COVID state is ‘Positive,’ ‘Quarantined’ or ‘Has_to_be_quarantined’ from entering their premises. Moreover, they may reserve the right to deny access to any individual who has not performed his COVID

‘status check’ for the day, or whose status check ‘updated’ parameter reflects as ‘no.’.

An example would be the case of Alice, who wants to go to her office. The office can verify Alice's COVID state following these simple steps:

  • The office generates a nonce and transmits it to Alice with a request for her COVID state

  • Alice calculates the following:

    $$Y = E_{{\text{a}}} \,({\text{nonce}})$$
    (1)

where a is Alice’s private key, and E is an encryption function.

  • Alice transmits ‘Y’ and her public key ‘A’ to her office authorities

  • Her office decrypts ‘Y’ with the public key and verifies whether it obtains the ‘nonce’ value

  • The office then queries the consortium COVID-19 blockchain for an entry against H(A)

  • If the office observes that Alice’s entry shows ‘updated = Yes’ and ‘state = negative/off_quarantine/recovered,’ it allows her in. In other words, if Alice’s entry shows ‘allow = yes,’ she is allowed in. In all other cases, Alice is denied access.

This implementation allows people to engage in their economic or business activities in a sustained manner, while offering an extra layer of protection against the pandemic in their day-to-day lives. The implementation also facilitates user privacy because an individual can obtain only the COVID state of another individual from the blockchain by using the ID/public key, and for any further information, one must reach out to the miner authority with a proper justification (Fig. 2).

Fig. 2
figure 2

Schematic representation of the contact tracing and status checking scheme

Full size image

The system provides sufficient incentive to businesses, offices, shopping centers, delivery agencies for using and updating the Dapp because in using the same, they are allowed to carry out their normal operations in a safe manner.

5 Simulation

Ethereum solidity 0.5.16 has been used with Ganache on Ubuntu 18.04 LTS to simulate the smart contract and observe the block structure as maintained and modified by the proposed framework. Truffle framework 5.1.33 is used to interact with the Ganache blockchain testbed. A modular approach has been followed in solidity, with separate functions coded for user registration, status check and for updating the COVID states. Figure 3 shows the usage of the addCitizen() module to implement user registration. The function addCitizen() contains access control checks to verify the role of the invoking user and throws an error if anybody but a ‘Patient/Citizen’ invokes it. In the smart contract, a total of 30 identities are created, including a doctor, a testing agency and a government official. The entire epidemiological information of the user stored in an encrypted format. Please note that a separate variable is created to store the plaintext ‘name’ only for understanding purposes on this paper. In the actual framework, the ‘name’ shall also be encrypted within ‘info.’

Fig. 3
figure 3

User registration

Full size image

Similarly, Bob registers himself to the blockchain. When he tests positive, his doctor invokes the positive() function to update his COVID state to ‘positive.’ This triggers the status_check() function, which sets the ‘allow’ value to ‘no.’ Figure 4 shows the status update, and Fig. 5 shows the block state after the update. Note that the doctor’s public key is now stored in ‘org_public_key.’

Fig. 4
figure 4

Doctor updates Bob as COVID ‘positive’

Full size image
Fig. 5
figure 5

Block structure (Bob) after testing positive

Full size image

Alice has maintained the list of public keys obtained from users in the last 14 days, including Bob’s key. When she does her daily status update, the citizen_update() function is triggered (Fig. 6), and her status is updated on the blockchain, to ‘state=has_to_be_quarantined’ and ‘allow=no.’ Hereafter, both Alice and Bob are not allowed in offices, shops, etc., (Fig. 7).

Fig. 6
figure 6

Alice performs her daily status update

Full size image
Fig. 7
figure 7

Alice’s block structure after being found to have been in contact with Bob

Full size image

6 Conclusion and Future Work

The staggering increase of COVID-19 cases has caused a major healthcare crisis, and a blockchain-based approach goes a long way in solving it. The proposed framework and accompanying simulations show that user’s personal or epidemiological information is never dispelled to any stakeholder without justified reason. Additionally, the blockchain backbone maintains the reliability and immutability of user data. Our work can be extrapolated by designing a more layered access control mechanism roping in bed/ambulance availability checks to bridge the gap between the user, hospital and the government. Moreover, a JavaScript interface can be designed to ease the user interaction, and payment mechanisms via cryptocurrencies can be incorporated.