Data Storage Mechanism Based on Blockchain with Privacy Protection in Wireless Body Area Network

Wireless body area networks (WBANs) are expected to play a vital role in the field of patient-health monitoring shortly. They provide a convenient way to collect patient data, but they also bring serious problems which are mainly reflected in the safe storage of the collected data. The privacy and security of data storage in WBAN devices cannot meet the needs of WBAN users. Therefore, this paper adopts blockchain technology to store data, which improves the security of the collected data. Moreover, a storage model based on blockchain in WBAN is proposed in our solution. However, blockchain storage brings new problems, for example, that the storage space of blockchain is small, and the stored content is open to unauthorized attackers. To solve the problems above, this paper proposed a sequential aggregate signature scheme with a designated verifier (DVSSA) to ensure that the user’s data can only be viewed by the designated person and to protect the privacy of the users of WBAN. In addition, the new signature scheme can also compress the size of the blockchain storage space.


Introduction
Wireless body area network (WBAN) is an underlying technology that can monitor and record human health signals for a long time. Its early application is mainly used to continuously monitor and record health parameters of patients with chronic diseases (such as diabetes, asthma, and heart disease) and provide some form of automatic therapy control. For example, once a diabetic's insulin level drops, the WBAN in their body will immediately activate a pump that automatically injects insulin into the patient, which allows the patient to keep insulin at a normal level without a doctor [1][2][3]. In the future, it can be widely used in consumer electronics, entertainment, sports, environmental intelligence, ubiquitous computing, military, or security fields. Not only these applications but also the so-called "smart dust" (microscopic devices with processing power and wireless communications), which is currently stuck in the realm of science fiction, is entirely possible in the future [4][5][6].
Wireless body area network in the world has been widely studied, including medical technology providers, hospitals, and insurance companies, as well as the industry parties that are carrying out strategic cooperation. WBANs have become a very popular research topic and are applied to many applications. They provide pervasive computing services and techniques in various potential (1) Unauthorized access: The unauthorized attackers hack into the WBAN and steal user data. Such attacks will violate users' privacy, for example, if the attacker sells users' information to an insurance company. (2) Tampering with the messages: The attacker modifies signals in the WBAN so that the data collector receives fake users' data. This will affect the safety of users, for example, if the user is a patient, and the patient data received by the doctor is false data, which would lead to the wrong treatment by the doctor.
For the above two threats, this paper adopts blockchain technology and a particular digital signature to solve these problems. Our contribution is the following two points: • Blockchain: We use blockchain to store the WBAN user's data which can prevent the data from being tampered with. • The DVSSA scheme: We propose a sequential aggregate signature scheme with a designated verifier. It ensures that the user's data can only be viewed by the administrator, and in other hands it can be compressed to the size of the blockchain storage space, which solves the illegal access problem.
We organized the rest of our paper as follows. Section 2 first introduces the basic knowledge of WBAN and then introduces the blockchain structure and characteristics. Section 3 presents the security requirements of WBAN. In Section 4, our system model is shown. Section 5 presents our DVSSA scheme. In Section 6, the DVSSA scheme in blockchain and the energy consumption for message computation and transmission are evaluated. Finally, our paper is concluded in Section 7.

Network Architecture
The WBAN network architecture is an important part of the system architecture. It is the logical organization of communication devices (such as sensor nodes) in the system. Common network architectures include star topology, mesh topology, ring topology, and bus topology. The choice of network architecture is affected by the characteristics of the system and can affect many aspects of the system's performance, such as energy consumption, traffic load handling capacity, node failure robustness, and MAC (Media Access Control Address) protocol selection. The purpose of choosing the WBAN network architecture is to better ensure low energy consumption and reliable data transmission of wireless communication. The selection of the architecture needs to consider the following factors: energy consumption, transmission delay, inter-user interference, node failure, and mobility [17][18][19].
In general, the star topology network structure corresponds to a one-hop wireless communication mode, while a mesh topology structure corresponds to a multiple-hop wireless communication mode. Traditional WBAN network topologies generally use simple star topologies, but there may be network or mixed topologies. For example, when the nodes are far away from the body or blocked by the programming languages suitable for the management system, such as the Internet and local area network (LAN) ASP and JSP development environment or independent languages such as Delphi, Visual Basic. Development tools can include Python, C, C++ programming languages, etc. Developers can also choose monitoring functions and visual display interfaces in MATLAB to provide data analysis and intelligent processing. In the future, especially for the WBAN application of long-term continuous monitoring or the information-sharing platform built by multiple BSN (Body Sensors Network), considering the system performance and traffic demand, large amounts of data should be stored in a large distributed database for efficient management, and high-performance computing technology for these data should be developed in WBAN. Moreover, data can be further analyzed and processed (generating decisions, data mining, etc.).

Structure of Blockchain
P2P (Peer-to-Peer) networks are responsible for ensuring the freedom of communication within blockchain nodes, which are geographically dispersed but have equally privileged participants in the application. There is no centralized server in the P2P network, and each node is an informed consumer and information provider. Each node participates in the routing process of the entire network, which is the discovery and maintenance of connections to neighboring nodes, the propagation and validation of transactions, and the synchronization of blocks of data (both transactions and blocks are data structures of the blockchain, as described below). This 'flat' topology of P2P networks is the key reflection of blockchain and the decentralized nature of the base. Blockchain applications provide APIs (application programming interfaces) for various scenarios. Users interact directly with them through these APIs without having to worry about the underlying technical details.
In general, a blockchain is an appended database, maintained by a peer-to-peer network node. As shown in Figure 1, the basic structure of blockchain can be divided into three levels, namely P2P network, database, and various applications. Visual Basic. Development tools can include Python, C, C++ programming languages, etc. Developers can also choose monitoring functions and visual display interfaces in MATLAB to provide data analysis and intelligent processing. In the future, especially for the WBAN application of long-term continuous monitoring or the information-sharing platform built by multiple BSN (Body Sensors Network), considering the system performance and traffic demand, large amounts of data should be stored in a large distributed database for efficient management, and high-performance computing technology for these data should be developed in WBAN. Moreover, data can be further analyzed and processed (generating decisions, data mining, etc.).

Structure of Blockchain
P2P (Peer-to-Peer) networks are responsible for ensuring the freedom of communication within blockchain nodes, which are geographically dispersed but have equally privileged participants in the application. There is no centralized server in the P2P network, and each node is an informed consumer and information provider. Each node participates in the routing process of the entire network, which is the discovery and maintenance of connections to neighboring nodes, the propagation and validation of transactions, and the synchronization of blocks of data (both transactions and blocks are data structures of the blockchain, as described below). This 'flat' topology of P2P networks is the key reflection of blockchain and the decentralized nature of the base. Blockchain applications provide APIs (application programming interfaces) for various scenarios. Users interact directly with them through these APIs without having to worry about the underlying technical details.
In general, a blockchain is an appended database, maintained by a peer-to-peer network node. As shown in Figure 1, the basic structure of blockchain can be divided into three levels, namely P2P network, database, and various applications.    [41], we have summarized four attributes which describe a basic blockchain architecture as a general, decentralized ledger, offering data integrity and traceability. We describe these characteristics next.
(1) Autonomy: One important feature of blockchain is that there is no separate entity control or control network. In the public settings, any node can sign and publish transactions, and if they are accepted, the blockchain will check other nodes in their decentralized network at any time.
In addition, everyone can join the consensus process to extend new blocks to the blockchain. (2) Distributed: A blockchain system is built on a P2P network to which the source node broadcasts each signed single row of transactions. The adjacent peer then validates these incoming transactions: the valid transaction is forwarded further, and the invalid transaction is discarded. Eventually, these transactions can be extended to the entire P2P network. The system can process notifications and synchronizes networks for newly generated blocks. (3) Non-tampering: All valid blocks and transactions recorded in the global ledger are virtually immutable due to the need for validation by other nodes and traceability of changes. Furthermore, the entire global ledger is synchronized between blockchain nodes according to a consensus mechanism, giving users greater confidence in the authenticity and accuracy of the data in the blockchain. (4) Contractual: The process of consensus (for example, mining or voting) depends on the state of the data in question. The consensus is reached through the implementation of rules, i.e., the blockchain of the smart contract, for example, does not have any central authorization. The rules defined by these codes ensure that actions in any currency are executed promptly and correctly without human intervention.

Security Requirements of WBAN
The security elements of a WBAN consist of four main parts: • Data confidentiality: In WBAN, data confidentiality is one of the most important problems; it can protect the user from data leaks. In medical applications, when the node collects and sends sensitive information to the coordinator, the enemy can eavesdrop on some key information in the communication, which will reveal the patient's privacy. This kind of eavesdropping may bring serious damage to the patient. The traditional method is to encrypt the data and then retransmit to ensure the communication security of the external sensor node and the network coordinator, and only allow the receiver to be authorized to decrypt the WBAN node, but this is difficult to implement for the sensor node with poor computational performance. • Data integrity: The confidentiality of the data does not guarantee that the data will not be tampered with. After the data is stolen by the opponent, it can be tampered or destroyed by adding or reducing data segments, and then the data will be sent to the network coordinator. Vital information can be compromised, which can be very dangerous to users. The data integrity mechanism ensures that the data transmitted between BSN and BSNC (Body sensors network coordinators) is not changed by the adversary. The sender uses a one-way algorithm to compute the MAC frame, generates the integrity code for the frame, and sends it attached to the packet. The receiver uses the same process to calculate the MAC frame and compares the calculated result with the one given by the sender, to judge whether the data was maliciously tampered with in the sending process. • Data authentication: Data authentication is necessary for medical and non-medical applications. It enables the BSN and BSNC to verify that data is sent by trusted sensor nodes. This prevents hostile parties from sending false messages to trick BSN and BSNC data authentication.
• Data freshness: The freshness of the data can prevent the retransmission attack. The hostile party may capture the frame in the transmission process and resend the data after a period of delay to achieve the purpose of confusing the BSNC.

Possible Security Threats and Attacks on WBAN
WBAN is vulnerable to a significant number of attacks, which are carried out in different ways, such as denial-of-service attacks (DoS), privacy invasions, and physical attacks. Countering these attacks is challenging, as it is limited by the power consumption of sensor nodes. A robust sensor can easily block sensor nodes and prevent them from aggregating patient data.
The attacks on WBAN can be roughly divided into three types: (1) confidentiality and authentication attacks, in which the hostile party conducts eavesdropping and attempts reply attacks or electronic spoofing; (2) attack on service integrity; network forced to accept wrong information; (3) network availability attack and denial-of-service (DoS) attack affect network capacity and performance.

Security Solution for WBAN
For the security threats discussed in the previous section, Table 1 lists possible solutions: For patients in WBAN, the privacy of their own data is important. For example, patients do not want their data to be collected by insurance companies who can use the data for their purposes, such as selling patient information. In addition, the integrity and correctness of the patient data are also very important. If the data reviewed and analyzed by the manager (doctor or hospital) is incomplete or tampered, the medical judgment made by the doctor is likely to be wrong, which is extremely unsafe for patients.
Thus, we propose the DVSSA signature scheme to solve the problem of unauthorized access in WBAN, so as to ensure that only the specified verifier can view and analyze the data of WBAN users. Moreover, we used blockchain to store WBAN user data to account for the problem of data tampering and guarantee the integrity of the data, based on the non-tamper property of blockchain.

WBAN Model
We designed the WBAN system as shown in Figure 2. There are three main entities in this system:  The WBAN controller is used to send the collected user data to the cloud via Bluetooth or GPRS. After receiving the data, the cloud uses the DVSSA signature scheme to write the signed data into the blockchain. Administrators can view and analyze users' data with their private keys.

The Advantage of Blockchain Storage
Traditional data storage solutions rely heavily on centralized databases to maintain security. For hackers, the targets are more specific. Once a hacker successfully executes a script attack on a centralized database, the hacker has access to a large amount of data. However, with blockchain and distributed ledger technology, cracking is much harder. Many blockchain projects aim to make data storage more secure. The potential benefit is ground-breaking for the end user. The blockchain project not only has the potential to create an architecture for inherently more secure data storage systems but also allows individual users to have full access to their data. In many cases, blockchain projects are using the original cryptocurrency as part of the markup model. This allow users to monetize any third-party data, while also preventing identity theft and other problems that have emerged in recent years due to large-scale data breaches. By using digital signatures, blockchain system transactions ensure the integrity and non-repudiation of messages.

The Defect of Blockchain Storage
Blockchain is a data chain that is made up of multiple blocks, in which all transactions are stored. The blocks in the bitcoin blockchain were set initially to be 1M in size, but as the volume of transactions on the bitcoin blockchain has increased dramatically, 1M block has fallen far short of The WBAN controller is used to send the collected user data to the cloud via Bluetooth or GPRS. After receiving the data, the cloud uses the DVSSA signature scheme to write the signed data into the blockchain. Administrators can view and analyze users' data with their private keys.

The Advantage of Blockchain Storage
Traditional data storage solutions rely heavily on centralized databases to maintain security. For hackers, the targets are more specific. Once a hacker successfully executes a script attack on a centralized database, the hacker has access to a large amount of data. However, with blockchain and distributed ledger technology, cracking is much harder. Many blockchain projects aim to make data storage more secure. The potential benefit is ground-breaking for the end user. The blockchain project not only has the potential to create an architecture for inherently more secure data storage systems but also allows individual users to have full access to their data. In many cases, blockchain projects are using the original cryptocurrency as part of the markup model. This allow users to monetize any third-party data, while also preventing identity theft and other problems that have emerged in recent years due to large-scale data breaches. By using digital signatures, blockchain system transactions ensure the integrity and non-repudiation of messages.

The Defect of Blockchain Storage
Blockchain is a data chain that is made up of multiple blocks, in which all transactions are stored. The blocks in the bitcoin blockchain were set initially to be 1M in size, but as the volume of transactions on the bitcoin blockchain has increased dramatically, 1M block has fallen far short of demand. The most direct way to solve this problem is block expansion, which is vulnerable to DDoS attacks (distributed denial of service) and thus has not been supported by the core development team of bitcoin. Furthermore, block expansion will significantly increase the cost of mining and cannot be supported by most mining pools. Hence, there are more and more digital signature schemes to compress the size of the blockchain.

Our Solution
The DVSSA signature scheme proposed in this paper makes the size of the signature written into the blockchain equal to the size of a single person's signature through the sequential aggregation of all people's signatures, which greatly saves the storage space.
The private data received by each user is stored in a different data block in the cloud, which is stored in the form of a linked list in the cloud. Then, the data of users in the cloud are signed through the DVSSA signature scheme and sent to the blockchain, as shown in Figure 3. of bitcoin. Furthermore, block expansion will significantly increase the cost of mining and cannot be supported by most mining pools. Hence, there are more and more digital signature schemes to compress the size of the blockchain.

Our Solution
The DVSSA signature scheme proposed in this paper makes the size of the signature written into the blockchain equal to the size of a single person's signature through the sequential aggregation of all people's signatures, which greatly saves the storage space.
The private data received by each user is stored in a different data block in the cloud, which is stored in the form of a linked list in the cloud. Then, the data of users in the cloud are signed through the DVSSA signature scheme and sent to the blockchain, as shown in Figure 3.  The WBAN controller sends the collected patient data to the cloud, which firstly divides the data of each patient into data1, data2..., datan, and each patient has its public key pair ( ) which is distributed by the administer. First, the first patient signs the corresponding data1 using his private key and gets the signature sign1. Then, the second patient signs the data2 using his private key and the first patient's signature sign1 to get the signature sign(1,2), and so forth to get the signature sign(1,2..., n−1). Finally, the private key of the n-th patient and the signature of the previous patient sign(1,2..., n−1) sign the datan to get the signature sign(1,2..., n). We add the manager's public key attribute to get the final signature and write it into the blockchain.

Data Validation Model
After the data are uploaded to the cloud server, we partition the data and write it into the blockchain using the DVSSA signature scheme. However, there are some security problems. How can we ensure that the data uploaded to the cloud is original data without any tampering? Therefore, we propose a data validation model as shown in Figure 4. The WBAN controller sends the collected patient data to the cloud, which firstly divides the data of each patient into data 1 , data 2 . . . , data n , and each patient has its public key pair (PK i SK i ) which is distributed by the administer. First, the first patient signs the corresponding data 1 using his private key SK 1 and gets the signature sign 1 . Then, the second patient signs the data 2 using his private key SK 2 and the first patient's signature sign 1 to get the signature sign (1,2) , and so forth to get the signature sign (1,2..., n−1) . Finally, the private key SK n of the n-th patient and the signature of the previous patient sign (1,2..., n−1) sign the data n to get the signature sign (1,2..., n) . We add the manager's public key attribute to get the final signature and write it into the blockchain.

Data Validation Model
After the data are uploaded to the cloud server, we partition the data and write it into the blockchain using the DVSSA signature scheme. However, there are some security problems. How can we ensure that the data uploaded to the cloud is original data without any tampering? Therefore, we propose a data validation model as shown in Figure 4.  The WBAN controller hashes the blocks of data collected from each patient to get a hash value and stores it in the controller. Then each patient's data is sent to the cloud server. The cloud server first blocks each patient's data, then hashes each data block and returns the value compared with the hash value in the WBAN controller. If the value is the same, the next digital signature is performed. Otherwise the service is terminated.

Bilinear Pairings
Let be a security parameter, is a prime order of -, is a circulation additive group of the prime order which is generated by .
is a circulation additive group of the prime order , which is generated by .

•
Computability: There is an efficient algorithm to compute ( , ).
In the above definition, : × → is an asymmetric bilinear pair if ≠ ； : × → is a symmetric bilinear pair if = = , symmetric bilinear pairs can be regarded as special cases of asymmetric bilinear pairs. Bilinear maps can be constructed by Weil pairs or Tate pairs on a hypersingular elliptic curve over a finite domain.

Bilinear Diffie-Hellman problem (BDH)
Given two groups and , with the same prime order , let : × → be a bilinear map and be a generator of . The objective of BDH is to compute ( , ) in ( , , ) from the given ( , , , ), where , , ∈ . The WBAN controller hashes the blocks of data collected from each patient to get a hash value and stores it in the controller. Then each patient's data is sent to the cloud server. The cloud server first blocks each patient's data, then hashes each data block and returns the value compared with the hash value in the WBAN controller. If the value is the same, the next digital signature is performed. Otherwise the service is terminated.

Bilinear Pairings
Let l be a security parameter, q is a prime order of l-bit, G 1 is a circulation additive group of the prime order q which is generated by P. G 2 is a circulation additive group of the prime order q, which is generated by Q. G r is a cyclic multiplicative group of prime order q. Our proposed DVSSAgg makes use of a bilinear map: e : G 1 × G 2 → G r , with the following properties: there is e(aP, bQ) = e(P, Q) ab . • Non-degeneracy: e(P, Q) 1.

•
Computability: There is an efficient algorithm to compute e(P, Q).
In the above definition, e : G 1 × G 2 → G r is an asymmetric bilinear pair if G 1 G 2 ; e : G 1 × G 2 → G r is a symmetric bilinear pair if G 1 = G 2 = G r , symmetric bilinear pairs can be regarded as special cases of asymmetric bilinear pairs. Bilinear maps e can be constructed by Weil pairs or Tate pairs on a hypersingular elliptic curve over a finite domain.

Bilinear Diffie-Hellman Problem (BDH)
Given two groups G 1 and G 2 , with the same prime order q, let e : G 1 × G 1 → G 2 be a bilinear map and g be a generator of G 1 . The objective of BDH is to compute e(g, g) abc in (G 1 , G 2 , e) from the given g, g a , g b , g c , where a, b, c ∈ Z q .

Sequential Aggregate Signature Model
In the sequential aggregate signature, each signer must aggregate his signature into the current signature in a certain order. After each signer has signed, the aggregate signature is sent to the next signer, and the next signer can aggregate his signature only if they receive the aggregate signature. The specific steps are as follows: Step1 Setup (1 λ ): input security parameter 1 λ , output public parameter (Pa).
Step2 KeyGen (Pa): input public parameter Pa, output public key PK, and private key SK.

Our Scheme
Step1 Setup(1 λ ): First, generate a bilinear group G and G r of prime order p (length λ bit), G = g 1 , G r = g 2 , randomly choose Y ∈ G, output public parameter Pa = (P,G,G r ,e,g,Y).
Step2 SKeyGen (Pa): Input public parameter Pa, randomly choose x ∈ Z p , let X = g 1 x , output Step3 VKeyGen (Pa): Input public parameter Pa, randomly choose d ∈ Z p , let D = g 1 d , output

Security Proof
Theorem 1. The sequential aggregate signature scheme with a designated verifier generated by the signer with a valid signature algorithm must pass the validation algorithm.
Proof. The correctness of the scheme is obvious, because: And: e(C, g) = e (g r ) , ∈ ) is unforgeable under G, we say DVSSAgg scheme(t, q C , q s , n, ∈) is unforgeable, and t = t + O(q C + nq s + n), q = q s , ∈ =∈.
Proof. Suppose that there exists an adversary A which succeeds with advantage ∈. We built an algorithm B to play the forgeability game against the DVSSAgg signature scheme. Given the challenge public key Pk = ( P,G,G r ,e,X,Y), the interaction between Algorithm B and adversary A is as follows: Setup. B First, get Pk = ( P,G,G r ,e,X,Y) of the challenger, then set the public parameter Pa = (P,G,G r ,e,g,Y), public key PK * = X, initializes the list of keys and sets it to an empty set. Certification Queries. The adversary A provides a key pair (PK i , SK i ) and adaptability requires public key authentication. B checks the validity of the key pair and adds it to the key list. Signature Queries. The adversary Aprovides the message chain M = (M 1 , M 2 , . . . . . . M k ), the sequential aggregate signature σ under the public key PK = (X 1 , X 2 , . . . . . . , X k ) and a new message M and public key PK * , then Bexecute the signature query as follows: (1) Check the validity of the signature σ , and check that each component of PK = (X 1 , X 2 , . . . . . . , X k ) exists in the key list. (2) Ask the signature oracle to get the σ of M, and the signed public keys is PK * . . The public key is PK * = (PK 1 , PK 2 , . . . . . . , PK n ). We assume that PK 1 = PK * , the forgery process of algorithm B is as follows: (1) B first runs the sequential aggregate validation algorithm for the designated verifier, then verifies the validity of the signature σ * and at the same time confirms that the challenge public key PK * must be in the PK * and M 1 must not have been questioned by adversary A about the signature oracle. (2) In PK * , PK i = X i , retrieve the private key SK i = x i from the key list PK i , then compute: Output the σ * = (A, B, C) D about M * = M 1 . Furthermore, we can prove the correctness of σ * of M 1 which is forged by the algorithm B: e B * , g x 1 M 1 = e(A, X)·e B, X M *

Experiment
Our main concern was the energy consumption for message computation and transmission. In terms of communication, signcryption is a major contributor to the communication overhead. That is to say, the communication overhead is mainly related to the size of the signed message. For a typical WBAN, it is sufficient to be 2 bytes for each user. In our evaluation, the bilinear e employs the Tate pairing. The elliptic curve is defined over F p . The order q of G 1 and G 2 is a 20-byte prime. In order to deliver a level of security equivalent to that of 1024-bit RSA algorithm, p should be a 64-byte prime if G 2 is a q-order subgroup of the multiplicative group of the finite field F P 2 . In the following analysis, we set p to be 30 bytes in length for the finite field F P 3 . The overhead in terms of p is 5|p| + 4 for signcryption and 1 for decryption. Figure 5 illustrates the relationship between communication overhead and security levels. We note that the communication overhead increases as the security level increases. analysis, we set p to be 30 bytes in length for the finite field . The overhead in terms of p is 5|p| + 4 for signcryption and 1 for decryption. Figure 5 illustrates the relationship between communication overhead and security levels. We note that the communication overhead increases as the security level increases. Furthermore, we used the method proposed in [42] to evaluate energy consumption in DVSSA. As shown in [43], a Chipcon CC1000 radio used in Crossbow MICA2DOT motes consumes 28.6 μJ and 59.2 μJ to respectively receive and transmit one byte. For our DVSSA scheme, the total message size is 30 bytes, leading to a total energy consumption (on both transmitting and receiving messages) of (5|p| + 4) * (28.6 + 59.2) μJ = (0.439|p| + 0.3512) mJ for one user. When there are W users, the total energy consumption on communications is (W * (0.439|p| + 0.3512)) mJ. We report the comparative results between DVSSA and the baseline approaches proposed in [42] on energy consumption in Table 2. Note that to evaluate the energy consumptions of the baseline approaches that make use of broadcasting, we adopted the model in [42].  Figure 6 shows the energy consumption on the communication as a function of the number of users. As can be seen from the figure, DVSSA consumes much less energy than the Merkle hash treebased scheme, certificate-based scheme, and ID-based scheme [42].
Lastly, to analyze the impact of the sequential aggregate signature scheme with a designated verifier, we simulated the historical blockchain of bitcoin to determine whether our scheme has real potential to save space. Figure 7 shows the cumulative blockchain size to date, and what the blockchain size would be if all transaction signatures were replaced with an ordered aggregation Furthermore, we used the method proposed in [42] to evaluate energy consumption in DVSSA. As shown in [43], a Chipcon CC1000 radio used in Crossbow MICA2DOT motes consumes 28.6 µJ and 59.2 µJ to respectively receive and transmit one byte. For our DVSSA scheme, the total message size is 30 bytes, leading to a total energy consumption (on both transmitting and receiving messages) of (5|p| + 4) * (28.6 + 59.2) µJ = (0.439|p| + 0.3512) mJ for one user. When there are W users, the total energy consumption on communications is (W * (0.439|p| + 0.3512)) mJ. We report the comparative results between DVSSA and the baseline approaches proposed in [42] on energy consumption in Table 2. Note that to evaluate the energy consumptions of the baseline approaches that make use of broadcasting, we adopted the model in [42].  Figure 6 shows the energy consumption on the communication as a function of the number of users. As can be seen from the figure, DVSSA consumes much less energy than the Merkle hash tree-based scheme, certificate-based scheme, and ID-based scheme [42].

Conclusions
In this paper, we propose a data storage mechanism based on blockchain with privacy protection in a wireless body area network. In one hand, we designed a sequential aggregate signature scheme with a designated verifier which ensures the user's data can only be viewed by the administrator and compresses the size of the blockchain storage space. When in other hands, we store the data in the  Lastly, to analyze the impact of the sequential aggregate signature scheme with a designated verifier, we simulated the historical blockchain of bitcoin to determine whether our scheme has real potential to save space. Figure 7 shows the cumulative blockchain size to date, and what the blockchain size would be if all transaction signatures were replaced with an ordered aggregation signature for each transaction with only one specified verifier. Note that this includes only the overhead saved by using the ordered aggregation signature of the specified verifier, not the overhead saved by public key aggregation.

Conclusions
In this paper, we propose a data storage mechanism based on blockchain with privacy protection in a wireless body area network. In one hand, we designed a sequential aggregate signature scheme with a designated verifier which ensures the user's data can only be viewed by the administrator and compresses the size of the blockchain storage space. When in other hands, we store the data in the

Conclusions
In this paper, we propose a data storage mechanism based on blockchain with privacy protection in a wireless body area network. In one hand, we designed a sequential aggregate signature scheme with a designated verifier which ensures the user's data can only be viewed by the administrator and compresses the size of the blockchain storage space. When in other hands, we store the data in the blockchain through the blockchain technology. Through the tamper resistance characteristic of the blockchain, the integrity of the user data is guaranteed. Through experiments, we found that using our signature can compress the storage space of the block chain and achieves the purpose of saving resources. The novelty of our proposed method is mainly reflected in the use of blockchain as the storage space. In addition, we use digital signatures to ensure the security of the data collected in the WBAN. Finally, we also use Cloud technology for the intermediate transition.