Blockchain-Based Distributed Patient-Centric Image Management System

In recent years, many researchers have focused on developing a feasible solution for storing and exchanging medical images in the field of health care. Current practices are deployed on cloud-based centralized data centers, which increase maintenance costs, require massive storage space, and raise privacy concerns about sharing information over a network. Therefore, it is important to design a framework to enable sharing and storing of big medical data efficiently within a trustless environment. In the present paper, we propose a novel proof-of-concept design for a distributed patient-centric image management (PCIM) system that is aimed to ensure safety and control of patient private data without using any centralized infrastructure. In this system, we employed an emerging Ethereum blockchain and a distributed file system technology called InterPlanetary File System (IPFS). Then, we implemented an Ethereum smart contract called the patient-centric access control protocol to enable a distributed and trustworthy access control policy. IPFS provides the means for decentralized storage of medical images with global accessibility. The PCIM system ensures a high level of data security and reduces fragmentation of patient health records by applying the steganography and asymmetric cryptographic technique. We describe how the PCIM system architecture facilitates the distributed and secured patient-centric data access across multiple entities such as hospitals, patients, and image requestors. Finally, we conduct and experiment to test the framework within the Windows environment and deploy a smart contract prototype on an Ethereum testnet blockchain. The experimental results demonstrate that the proposed scheme is feasible.


I. INTRODUCTION
RANSITION to electronic management of health records has necessitated practitioners and their patients to make use of several new acronyms such as electronic medical records (EMRs), electronic health records (EHRs), and personal health records (PHRs) [1].These health records usually contain medical images and patient information, such as physician name, personal statistics (e.g., age and weight), home monitoring device data, and other data processed by practitioners in a text format.According to the HIPAA privacy rule [2], providers are allowed to respond up to 30 days after a patient request to perform an update or removal of medical records added erroneously.Medical images and patient information are stored and maintained by different hospitals, even when being related to the same patient.This increases the volume of data and leads to a phenomenon of big data.A digital watermarking technique is employed to reduce the storage and transmission overhead by interleaving patient information with medical images [3].However, this method provides only a basic framework and does not consider introducing security measures to address concerns about data manipulation over cross-domain networks.Current technologies for transferring medical images and patient information are deployed on centralized data centers M. Y. Jabarulla, and H. N. Lee* is with Department of Electrical Engineering and Computer Science, Gwangju Institute of Science and Technology, Gwangju, 61005, South Korea.E-mail: yaseen@gist.ac.kr, heungno@gist.ac.kr.Asterisk * indicates corresponding author.
that are deemed inappropriate due to privacy, accessibility, storage, and security concerns [4].Over recent decades, medical record data breaches within large medical data centers create additional difficulties for all companies seeking to develop medical image processing applications [5].
Recently, the blockchain technology (e.g., Bitcoin [6] and Ethereum [7]) has become one of the most important research topics, not only in the finance industry but broadly across the field of information technologies due to its decentralized nature.Healthcare-based blockchain applications have been gaining particular attention in terms of applying them to enable interoperable sharing the real-time data between providers, payers, and patients [8], [9].
Public blockchain technology is an open distributed ledger that stores all transaction details in blocks [6].A typical blockchain consists of a directed acyclic graph (DAG) structure, where each block is linked with the previous block by a hash.Information stored in each block is public and cannot be easily deleted or modified.Therefore, a blockchain is considered to be a decentralized method to facilitate verifiable exchanges of transactions between any two entities efficiently and permanently.Timely verification and recording of transactions are possible without the necessity in a centralized intermediary.A blockchain has such advantages as being tamper-proof and capable of protecting information against Mohamed Yaseen Jabarulla, and Heung-No Lee*, Senior Member, IEEE

Blockchain-Based Distributed Patient-Centric
Image Management System T integrity-based attacks.
A significant problem with regard to storing medical images and records in a blockchain is the size of the content.For example, as of October 2019, the size of the Bitcoin blockchain reached 286.23 GB 1 .This is the result of data accumulation over the past ten years at a growth rate of 1 MB every 10 minutes since Bitcoin was launched in 2009.There are approximately 1000 transactions in a block.Thereby, a single transaction has the order of 1 KB.The size of medical images corresponds to the orders of magnitude larger than those a public blockchain can offer [10].To solve the problem of decentralized storage, the Protocol Labs [11] created a distributed web called Inter Planetary File System (IPFS).IPFS was designed to enable a content-addressable, peer-to-peer (P2P) technology to share and store hypermedia in a distributed file system.Several other decentralized storage systems were developed, such as storj, swarm, and sia [12].IPFS has an advantage of being compatible with other blockchain networks by offering an off-chain storage solution.IPFS provides permanent, smarter, and faster web services to distributed data access systems.
However, several obstacles exist in terms of storing sensitive medical images over these distributed storage solutions, such as unauthorized access and privacy concerns with regard to patient images.Namely, the ability to manage big data across general practitioners, hospitals, patients, and medical institutes without significant exposure to the risk of privacy breaches is essential.Another important aspect of a confidential and secure storage system is the ability to reduce the cost and restrictions of medical image acquisition by eliminating the need in centralized parties [13].
Therefore, the following research question is formulated: "How can we design a patient-centric distributed architecture for the purpose of medical image storage and sharing, while simultaneously addressing the concerns about privacy, security, access flexibility, and costs?" To answer this question, we propose a proof-of-concept (POC) design for a distributed framework called a patientcentric image management (PCIM) system that is a blockchainbased architecture designed to facilitate secured patient-centric access and storage of encrypted medical images within an open distributed network.
The contributions of this paper are as follows: (1) We provide a brief overview on the structure of the proposed PCIM system and illustrate interactions among different components of the system.
(2) We propose a patient-centric access control protocol using a smart contract (PCAC-SC).Specific functions are considered to transmit information in and out of the Ethereum blockchain and give access privileges between entities.
(3) We implement a framework to test feasibility of the concept.To this end, we have developed a PCAC-SC prototype on an Ethereum test network.We have published the related source codes online.
(4) We verify the functionality using test cases and analyzed the capabilities of the proposed framework.
The rest of the paper is organized as follows.In Section II, we discuss the state of medical image sharing.The system components of the proposed framework are described in Section III.An overview of the proposed PCIM system and PCAC-SC is presented in Section IV.Implementation and verification of the proposed system are described in Section V. Finally, Section VI concludes the work and discusses future research directions

II. RELATED WORK
The practice of medical health record registering and sharing has changed considerably in the past 20 years, largely because of strict practice standards, the use of complex technologies, and accurate diagnosis and treatment.Medical images are typically shared on CDs or DVDs shipped between hospitals, physicians, and patients to conclude on diagnosis, however, applying this technology might lead to damage or interception of medical images resulting from patient or physician errors [14].To overcome the shortcomings of physical media transfer, a cloud-based technology was introduced to share, archive, and store medical images across various healthcare enterprises, usually in an format called digital imaging and communications in medicine (DICOM) [15], [16].The electronic transmission of medical images was developed by the Radiological Society of North America (RSNA) based on the image-sharing network (ISN) [17].However, the ISN architecture employs centralized image storage, where images are indexed by a cryptographic hash managed by a third-party clearing house implemented in the cloud.Patients can authorize health care providers to access their images using a PHR.Physicians can view unencrypted images and conclude on a diagnosis using an edge server at each local radiology site.The edge server uses a key technology called a picture archiving and communication system (PACS) [18], which is aimed to provide economical storage and convenient access to images obtained from different medical imaging modalities, such as ultrasound (US), mammograms, Xray, magnetic resonance imaging (MRI), and computerized tomography (CT) [19].
In 2006, the publicly funded National Health Service (NHS) in England employed a national broadband network service called N3 (the National network) to connect all NHS National programs in IT (NPfIT), such as the NHS care records service, electronic medical prescriptions, and NHS-PACS [20], [21].A high-speed IP-based virtual private network (VPN) was used by N3 to communicate between hospitals and general practitioners.However, N3 was preceded by the Health and Social Care Network 2 that went live in April 2017 to provide a reliable, efficient, and flexible method for health care organizations to access, process, and exchange electronic information.Although the current state-of-the-art with regard to medical image sharing does not require physical media transfer, the infrastructure robustness relies on third-party intermediaries and centralization of the network.
Several hospitals and research facilities use PACS to store and access medical images obtained from various modalities to provide patient care from different locations [22], [23].Researchers from the leading cybersecurity company McAfee have found that poor security may lead to exposure of the medical data to cybercriminals [24].The researchers determined that more than 1,100 PACSs were directly connected to the Internet without the recommended layer of network security or VPNs.After the investigation, it was found that default accounts, cross-site scripting, and vulnerabilities in the web server could lead to breaches in PACS access and permanent modifications of medical images.The existing infrastructure design raises concerns regarding the use of thirdparties and a centralized network.Consequently, it is important to design a proper network that considers a decentralized architecture seeking to implement a widespread secured imagesharing system.
Recently, several researchers focused on developing a framework that combine a cloud service and a blockchain for the purpose of medical health record sharing.In [25], the authors designed a breadcrumb mechanism for a medical record search known as MedBlock.Breadcrumbs were aimed to record addresses of blocks containing the patient-related data.Unfortunately, these solutions are not applicable to the process of searching the data over the blockchain due to an increase in the fragmented data.The authors in [26] proposed MedShare, a hybrid cloud-based sharing solution for EHRs that is based on a centralized cloud server provider.Then, this external server was replaced by two decentralized networks called MedChain [27].In the concept of MedChain, the authors proposed a session-based data sharing scheme and a digest chain structure implemented using an immutable blockchain and the mutable P2P storage architecture.However, the possibilities of tampering and manipulating stored patient health records are at high risk due to the mutable P2P storage architecture.In [28], a blockchain-based cross-domain image-sharing framework was proposed.However, no attempt to address privacy concerns has taken to facilitate sharing images through a blockchain.

III. SYSTEM COMPONENTS
In this section, we present the description of main components represented in the proposed PCIM system.

A. Ethereum blockchain
Ethereum [7,28] was developed based on the Bitcoin system and incorporated a programmable smart contract (SC) platform.In other words, SC is a computer program that stores rules for negotiating the terms of a contract.Programs can autonomously verify and execute contract-related agreements, thereby, reducing the cost of constructing and managing a centralized database.SC employs the Ethereum virtual machine that allows users to run SC within the blockchain network.In general, the fee mechanism of the Ethereum system depends on the value of gas [7].A certain amount of gas is required to execute a SC and perform a transaction.A digital currency can be used to purchase gas.The actual transaction cost is defined as follows: ether gas used gas price. The Ethereum platform consists of two types of accounts: external owned accounts (EOAs) controlled by private keys and contract ones controlled by the contract code.EOAs are used to execute a transaction sending ether or to trigger execution of SC.An Ethereum transaction includes such parameters as the recipient address, gas price, gas limit, ether values transferred, account nonce, sender signature, location of the medical image, and other additional image characteristics.The Ethereum blockchain has an associated state database based on a Merkle-Patricia tree structure that can be emulated using IPFS objects.Therefore, we can model a blockchain using IPFS for off-chain and on-chain storage of medical images.In the proposed scheme, we implemented the PCAC-SC protocol using an Ethereum blockchain to enable transparent controlled access, so that malicious entities could not access the medical images without patient authorization.

B. IPFS storage
IPFS is a content-based peer-to-peer (P2P) protocol in which each medical image file is assigned with a unique fingerprint denoted as a cryptographic hash.Addressing the hash is applied to make the contents immutable [11].The IPFS file storage structure consists of a Merkle DAG that combines Merkle trees with a DAG.The key feature of IPFS in terms of the proposed system is to access medical images through the content addressing approach, rather than location-based addressing one.Therefore, IPFS allows reducing the bandwidth cost, increasing the image download speed, and distributing a large volume of data with no duplication, in which allows achieving storage savings.The data structure for storing a file is an IPFS object, which consists of data and links.A single IPFS object can store up to 256 Kb of the unstructured binary data.If a file is larger than 256 Kb, it is split into and stored as multiple IPFS objects with an empty object containing links to all other objects of the image.Therefore, IPFS is an immutable storage mechanism; modifying a file will change the hash value.To update a file, IPFS uses a version control system called Git3 , which creates a commit object, when a file is added to the IPFS network; this approach allows tracking all file versions.When an update is made to a file, a new commit object is created as a link to a new object to interconnect with an older commit object version of that file.
The default installation of IPFS connects the local machine to the global distributed network.Whereas in this case any peers can retrieve images using a cryptographic hash value, in the proposed framework, we overcome this problem by encrypting sensitive medical images before uploading them.

C. Securing medical images
At present, the storage of medical records is fragmented [30].The private information of a patient such as age, name, and diagnostic summary description of an image is separated from the medical image itself.This is done to protect the privacy.However, such separation causes problems as well.First one is an increase in the storage space.Second, the two separated storage spaces shall be linked somehow, and this leads to an overhead.
We aim to resolve these problems using the steganography method.Steganography can be used to hide the patient private information within a medical image itself.Namely, the private information part and the image do not need to be separated using this method.As a result, applying steganography to medical images allows reducing medical record fragmentation: the personal information of patients is stored together with the medical image itself.
Furthermore, we encrypt sensitive medical images before uploading them into the global IPFS network to prevent unauthorized access.Participants can view sensitive medical images securely by swapping encryption keys.This approach ensures data originality and security, and allows preventing the data from being leaked by unauthorized and irrelevant users and being exposed to malicious attacks, such as eavesdropping, phishing, and brute force attacks [31].
Steganography and encryption methods are discussed in detail below.
Steganography: the least significant bit (LSB)-based steganography technique [32] is used to embed the patient private information, such as name, age, date, diagnostic summary, and physician name into an image without showing the trace of existence of such information.This is performed in such a way that only the sender and recipient are aware of existence of the concealed information.
The resulting image object obtained after embedding the information into the image is called a stego image.The LSBbased encoding method is applied to convert the information into the ASCII code and a binary string.The text is not noticeable, as it is encoded with ASCII and mixed with graylevel bits.
An example of the single-character encoding process is provided below.The similar procedure is applicable to all types of characters: (1) Convert the patient data into ASCII numbers; each character of the text is converted to its equivalent ASCII number (e.g., "A" = 65).
(2) An ASCII number is converted to an 8-bit binary number.
(  Encryption: The stego image is further encrypted using the OpenPGP (Pretty Good Privacy) protocol [33].OpenPGP is a specific implementation of asymmetric encryption that is used to define standard formats for encrypted messages, signatures, and certificates with the purpose of exchanging public keys.Therefore, a pair of asymmetric keys, a public and private one, is generated.The public key is shared openly without compromising the security, while the private key must be kept private.It is owned by the patient secretly and is used to decrypt the image.The advantage of applying this encryption technique is that using the private key, a digital signature of an image is created to verify its authenticity in the event of a malicious attack.

IV. OVERVIEW OF THE PCIM SYSTEM
In the proposed PCIM system, medical images are not stored in the blockchain to avoid scaling to the unmanageable size and thereby, a resulting blockchain bloat.Therefore, in the present study, we modified the Ethereum blockchain for the proposed POC framework to efficiently manage the identity database and access control across participants.This action allows reducing the fees associated with storing images and managing the related database state.The main purpose of this blockchain is to provide distributed immutable on-chain storage for patient's medical image data within a ledger (database).Fig. 1 illustrates the blockchain ledger data structure with a PCIM data field added, as it is designed to store the data that patients want to include in a transaction.In the proposed scheme, the PCIM data field contents include such information as an image hash value (endpoint of an encrypted medical image), patient addresses, timestamp, encryption public key, image description, and a block hash to form an unchangeable record, as each block is linked with the hash of its previous blocks to connect and verify transactions.Every block is updated in the ledger after transactions are approved and recorded by a patient in the network.A transaction consists of a part corresponding to the ledger content signed and sent by a patient to execute SC by paying ether.Then, transaction validation is performed by the selected and approved consortium.As the blockchain is implemented in the healthcare ecosystem, participants seek to achieve decentralizing the process of medical data management.
The overall architecture of the PCIM system framework is illustrated in Fig. 2. As it can be seen, it consists of Ethereum and IPFS networks.The Ethereum network is comprised of PCAC-SC and of a blockchain ledger to manage identity and access control within the network.The resulting encrypted medical images are stored in the IPFS network.

A. System Model
The participants of the proposed PCIM system are defined below: Patient: Patients are the owners of their medical images.A patient is required to create PCAC-SC and store this SC in the Ethereum blockchain.The patient is responsible for defining the access right to the images in the IPFS network.This definition is done within his/her own PCAC-SC.
Radiologist: A radiologist is able to generate medical images for a patient.The main responsibility of the radiologist is to upload the patient encrypted stego medical images to the IPFS network.
Image Requestors (IRs): Doctors, medical institutes, research groups, insurance companies, and general practitioners interested in accessing patient medical images are all considered as image requestors IRs.The patient can grant access privileges to any IRs based on the authorization policy defined in PCAC-SC.

B. Ethereum Network: PCAC-SC Protocol
The PCAC-SC protocol uses special functions to provide information about the blockchain and assign access privileges for IRs.The functions of SC are triggered by a patient and IRs entity using their own Ethereum addresses.All triggered functions are stored within the blockchain ledger as events to allow the entity keeping track of the transaction details.This enables transparency in the triggered functions and maintains the anonymity of patients by displaying only events stored in the blockchain.In this framework, we used a single variable and the following functions: msg.sender: the address variable of the owner who interacts with SC.
create_contract(): this function is created and executed only by a patient to issue corresponding roles for IRs and related information for accessing medical images.This function takes as input a patient's encrypted medical image hash value () p hI , remove_IRs(): this function takes the approved IRs blockchain address IR  as input and removes IRs from SC upon successful execution of a function by the patient.Consequently, SC is updated.Therefore, the removed IRs has no privilege to access the medical image in question.

C. IPFS Network
IPFS is used to store encrypted medical images that contain the encrypted patient information in an open distributed storage system, in which images can be exchanged using a hash string path.The paths work similarly to the traditional uniform resource locator used in the web.Therefore, all patient images are always accessible through their hash.
The radiologist uploads medical images of the patient to the system and uses a patient public key to encrypt the images: thereafter, only the patient can decrypt them.Medical image contents are signed by Ethereum private keys of the patient and then, are stored in the blockchain.Therefore, other entities can check the authenticity and integrity of the image ownership using the content hash and digital signature in the blockchain.In IPFS, files can be accessed even if the host node is offline, as they are located in multiple locations for redundancy.Similarly, when uploading and accessing files on IPFS, it is possible to grant access privileges only to certain users by adding the address of a recipient to PCAC-SC.Therefore, we integrated SC with IPFS to enable authentication of IRs.Combining IPFS and the blockchain allows building a permanently addressable on-chain and off-chain data storage that can be linked securely to other significant systems or databases in the world, thereby, forming a global healthcare network.

D. System Interaction
Fig. 3 illustrates the process of how a patient and a radiologist interact between each other in the part of the proposed PCIM system, where medical image storage and sharing are performed.First, the patient undergoes the medical image examination performed by the radiologist.A medical image P I of the patient is produced.The patient seeks to have it protected and to maintain the ownership of this image.Consequently, to address this issue, the radiologist encrypts the initial medical image and obtains encrypted image  As presented in Fig. 3, the exact protocol for this interaction is explained in detail as follows: 1) Offline interaction between the patient and the radiologist a) The patient requests the radiologist to store his/her medical image.b) The radiologist asks the patient to provide its encryption key.
c) The patient generates a pair of encryption keys: public P K  and private .d) The patient sends to the radiologist P K  through a secure communication medium.e) P K  is protected and kept safe by the patient.
2) The radiologist encrypts with P K  while concealing the patient private information on a medical image.Encrypted image P I is uploaded to the IPFS network, which returns a hash () p hI to the radiologist.
3) The radiologist shares () p hI through a secure communication medium with the patient.4) The patient creates a contract using the PCAC-SC protocol and executes it.6) The patient owns the medical images within the PCIM system.The patient can access, audit, prove the ownership, and authorize any other IRs (e.g., doctors, medical institutes, research groups and general practitioners) to use their medical images based on PCAC-SC.We discuss the PCAC-SC interaction sequence in Section V-B.
In summary, a blockchain transaction consists of the following contents signed by a patient to represent the ownership of the transaction contents: V. EVALUATION

A. Experiment Setup
A POC design of the PCIM system was developed to test and evaluate its performance.The experiment was conducted using a Windows 10 desktop with an Intel® Core ™ i5-6600 processor at 3.30 GHz.PCAC-SC was implemented in the remix IDE 4 using Solidity5 programming language.We deployed the program within the private Rinkeby test network using MetaMask 6 .These test network allows obtaining more accurate test results comparing with those to a public blockchain.We initialized IPFS using go-ipfs 7 and uploaded an encrypted stego medical image to the IPFS network from a local computer.This operation returned a unique hash value linked to the uploaded medical image.Thereafter, we updated transactions on the blockchain using create_contract()function by defining the IPFS hash, patient Ethereum public key, and the basic medical image description.Once the block was approved, transactions were stored in the blockchain.
The complete prototype code of PCAC-SC is published in our GitHub repository 8 .The contract deployed on the test network has the following address: 0x5575805E19b4807974Be0B77Fd9d385D4A0e6d1E Transactions on each function can be seen using the above address at the Rinkeby Etherscan website 9 .
Fig. 4 illustrates such parameters as the block/timeline, functions, and event sequence defined in the PCAC-SC protocol for granting and revoking permissions between a patient and image requestor IRs entities.To allow for better understanding of this access sharing sequence, we consider an example of two IRs: a doctor ( 1 IR ) and a general practitioner ( 2 IR ) who is interested in accessing a patient medical image.

Testing trace authorization function
Here, we test the trace_authorization() function.This function is used to prove the ownership and trace history of the approved IR's in the blockchain.To verify authorization, let us consider that the 1 IR address is already approved.Patient and 1 IR Ethereum address are given as input to execute trace_authorization()function, and this triggers authorizationSuccess event.Fig. 8 shows the event log of the third test case where 1 IR address is authorized to access an image by the patient.

C. PCIM System Analysis
In the previous sections, we have demonstrated how a medical image can be stored and shared in a decentralized network using the PCIM system.In this section, we analyze the advantages, cost, and feasibility of the proposed framework.

Security and Privacy
Encryption provides a capability of preventing unauthorized users from accessing medical images without private keys.The steganography technique provides users with the ability to verify the originality of an image by extracting the protected patient private information.Furthermore, an IPFS hash value is mapped with the approved IRs blockchain address.Therefore, approved users have access privileges and can decrypt medical images using their asymmetric private keys.

Costs and Practicality
In the implemented PCAC-SC prototype, we set a gas limit of 30,000, where each unit of gas is set equal to 2 Gwei.The total transaction fee ( gas used gas price ether and USD  ) in this scenario is 0.11 USD.Table I summarizes the cost of the executed operations in SC.The create_contract() function is implemented once with a cost of 0.025 USD.The request_access() function cost is 0.093 USD, which is higher than that of other functions due to the additional input bytes included during the function execution, such as those corresponding to the patient blockchain address and notes for the usage agreement.The overall costs can be decreased further if the size of the input data is minimal.
However, these costs are still lower than those associated with buying a storage space from a third-party service or maintaining a database using a centralized system.

Efficient storage of medical images
The use of IPFS allows constructing a high-throughput content-based storage model with content-addressed hyperlinks.The benefits of this storage model include the following ones: a) Content addressing: medical images have a unique identifier (cryptographic hash of an image).b) Original content: medical images with the same content cannot be duplicated and are stored only once.c) Tamper proof: an image is verified based on its checksum; if the hash changes, IPFS recognizes that an image was tampered with.d) Archiving: offline data access and immutable data storage are useful to get immediate local access to medical images even in the cases with a weak healthcare infrastructure.e) Reduced data scattering: the patient private information is encrypted in medical images themselves.Therefore, the data are stored in a single node occupying less volume and reducing the burden of data management.

Interoperability
Blockchain technology cryptographically protects the state of transactions of medical images.It also protects transaction integrity using a digital signature.Image file management is transparent, and network peers can verify authenticity of the image ownership.

Full Control Over Medical Images
A patient owns a medical image and can monitor it online.Patients have the complete transparency over their medical images and can provide permission to access or revoke an image from being used in clinical trials or for research purposes.Consequently, the frauds related to health records can be limited.PCAC-SC provides the patients with complete flexibility to add or revoke IRs within the system.

Prevent Fraudulent Claims
Let us suppose a case when a patient discovers that his or her decrypted image has been misused by a requester who was already granted with access to medical images.A patient can then immediately claim the ownership of the image.This is performed by the blockchain signature tool 10 that compares a signature hash and the original image contents that were signed by patient.Therefore, fraudulent claims can be prevented in various applications, such as insurance and unauthorized monetization of medical images.

Comparison with Existing and Proposed Framework
Table II provides the comparison between the proposed framework using an ISN [17] and alternative blockchain-based medical health record management frameworks [24][25][26].From this table, it can be seen that the proposed PCIM system has greater advantages comparing with the existing alternatives.Among them, studies [17], [25], [26] are based on centralized frameworks in which one central node failure causes a fail of the whole system.In contrast, in the framework proposed in this paper, every node is independent of each other, which ensures robust and efficient data access.The MedChain [27] uses a mutable P2P storage network, which has a high risk of data attacks and content duplication.The proposed PCIM system overcomes these disadvantages by using an IPFS-based storage in which medical images corresponding to the same content are not allowed being duplicated.This allows users to have full control of their medical images by ensuring guaranteed security, transparency, and data integrity.However, if the contents in a file stored within the IPFS network are not peered or active for a period of time, it is recycled by the garbage collector.Therefore, at least one peer within the network needs to user files and user interest in storing the content.

VI. CONCLUSIONS AND FUTURE RESEARCH
In this paper, we presented the POC design of the proposed PCIM system: an Ethereum blockchain and IPFS-based decentralized framework for storing and sharing medical images.Moreover, we introduced a new access management system called PCAC-SC that enables authorized entities to access the relevant blockchain data.The PCIM system facilitates a new way to improve the right of patients to perform self-determination regarding their medical images.The proposed architecture allows protecting the basic health record information of patients including medical images and guarantees privacy by using the combination of steganography and encryption.Moreover, the proposed approach allows reducing fragmentation of the medical health records and ensuring that only authorized persons can get access to the original medical images within an open network.We performed the experimental implementation to analyze and evaluate rationality and feasibility of the proposed scheme.The proposed system facilitates patient access to an immutable medical database providing higher efficiency, data provenance, and effective audit while sharing medical images.The data storage and exchange model is also decentralized; therefore, necessity to involve third-party intermediaries and administrative structures is eliminated.However, in the implemented prototype model, medical images are manually uploaded by an image provider into the IPFS network.This process can be enhanced by developing an application programming interface (API) to facilitate userfriendly access to the system.Furthermore, our future research goal is to deploy the proposed POC design in the public blockchain using real-time scenarios to form a global PCIM system and to validate the proposed approach across a broader set of scenarios.

)
The binary data are embedded in the original image by sequentially altering the LSB of the image data (LSB of each pixel) by satisfying the following conditions: If LSB   , L i j of the original image  , O i j is equal to any individual binary bit (IBB) of the letter "A," then   , O i j remains unchanged; otherwise, LSB is set to the individual binary bit.The binary number embedding procedure is given below:
blockchain address P  , image description P  and the timestamp when the function was executed by SC. requesting_access(): this function is executed by IRs to obtain access permission from the patient.IRs includes as input the patient blockchain address P  and IRs public key IR K  to encrypt medical images and additional information, such as usage notes.approve_IRs(): this function can only be executed by the patient.It grants/denies access permission by using as input the IRs blockchain address IR  and notes from IRs.The input notes contain relevant information such as the expiration date and personalization.trace_authorization(): this function is executed by IRs and the patient.Authenticity of digital medical images can be verified by using this authorization function.SC contains the list of the authorized IRs that can access the patient medical image in question.

PI
. Thereafter, the radiologist obtains the hash of the encrypted image () p hI from the IPFS network and provides the patient with () p hI for the reference purpose. ()p hI is stored in the blockchain, while the encrypted medical image P I is stored in IPFS.Owing to the fact that the image was encrypted, the patient medical image P I is accessible only to those who have the decryption key and thereby, it is protected from unauthorized access.

5 )
The created contract function signs a transaction on the Ethereum blockchain along with patient public key ( and an imaging modality from which the data are obtained (e.g., CT, US, MRI, etc).
given inside the parenthesis, { }, is the content signed under the Ethereum blockchain private key

Fig. 4 .
Fig. 4. Access sharing sequence.The blockchain/timeline is shown on the left, pointing with dotted arrows for reference.The purple, and red arrows represent interactions between entities.

TABLE II COMPARISON
BETWEEN THE EXISTING AND PROPOSED PCIM SYSTEM.