TRIBHUVAN UNIVERSITY

INSTITUTE OF ENGINEERING
ADVANCED COLLEGE OF ENGINEERING AND MANAGEMENT
DEPARTMENT OF ELECTRONICS AND COMPUTER
Kupondole, Lalitpur

A MAJOR PROJECT ON

MEDICAL REPORT SECURITY SYSTEM USING

BLOCKCHAIN TECHNOLOGY

Submitted by:
Pankaj Pandit [073/BCT/551]
Nikesh Thapa [073/BCT/563]
Sagar Kafle [073/BCT/564]

Supervised by:
Sujata Dahal

A FINAL REPORT SUBMITTED IN FULFILLMENT OF THE

REQUIREMENT FOR THE DEGREE OF BACHELOR IN
COMPUTER ENGINEERING
Lalitpur, Nepal
March, 2021
 MEDICAL REPORT SECURITY SYSTEM USING
BLOCKCHAIN TECHNOLOGY

Submitted by:
Pankaj Pandit [073/BCT/551]
Nikesh Thapa [073/BCT/563]
Sagar Kafle [073/BCT/564]

[Subject Code: CT755]

A FINAL REPORT SUBMITTED IN FULFILLMENT OF THE
REQUIREMENT FOR THE DEGREE OF BACHELOR IN
COMPUTER ENGINEERING

Submitted to:
Department of Computer and Electronics Engineering
ADVANCED COLLEGE OF ENGINEERING AND MANAGEMENT
Lalitpur, Nepal

March, 2021
 DECLARATION

We hereby declare that the Report of the Project Work entitled ”MEDICAL REPORT
SECURITY SYSTEM USING BLOCKCHAIN TECHNOLOGY” which is being
submitted to the Advanced College of Engineering and Management, Tribhuwan
University, in the fulfillment of the requirements for the award of the Degree of Bache-
lor of Engineering in COMPUTER ENGINEERING in the Department of Electron-
ics and Communication and Computer Engineering is a bonafide report of the work
carried out by us. The material contained in this Report has not been submitted to any
University or Institution for the award of any degree.

Pankaj Pandit [073/BCT/551]

Nikesh Thapa [073/BCT/563]
Sagar Kafle [073/BCT/564]

i
 CERTIFICATE OF APPROVAL
The undersigned certify that they have read and recommended to the Institute of En-
gineering for acceptance, a project report entitled ”MEDICAL REPORT SECURITY
SYSTEM USING BLOCKCHAIN TECHNOLOGY” submitted by
Pankaj Pandit [073/BCT/551]
Nikesh Thapa [073/BCT/563]
Sagar Kafle [073/BCT/564]
in fulfillment for the degree of Bachelor in Computer Engineering.

..........................................
Supervisor
Er. Sujata Dahal
Lecturer

..........................................
External Examiner
External’s Name
External’s Designation
Second Line of Designation (if required)

..........................................
Er. Ajay Shrestha
Head of Department
Department of Computer and Electronics Engineering

Date: March 7, 2021

ii
 COPYRIGHT

The author has agreed that the library, Advanced College of Engineering and Manage-
ment, may make this report freely available for inspection. Moreover the author has
agreed that permission for extensive copying of this report for scholarly purpose may
be granted by the supervisor(s), who supervised the project work recorded herein or,
in their absence, by the Head of the Department wherein this project was done. It is
understood that due recognition will be given to the author of this report and to the De-
partment of Computer and Electronics Engineering, Advanced College of Engineering
and Management in any use of the material of this report. Copying or publication or
other use of this report for financial gain without approval of the Department of Com-
puter and Electronics Engineering, Advanced College of Engineering and Management
and author’s written permission is prohibited.

Request for permission to copy or to make any other use of the material in this report in
whole or in part should be addressed to:

Head of Department
Department of Computer and Electronics Engineering
Advanced College of Engineering and Management
Kupondole, Lalitpur
Nepal

iii
 ACKNOWLEDGMENT

In performing our assignment, we had to take the help and guideline of some respected
persons, who deserve our greatest gratitude. The completion of this assignment so far
would have not been possible without all the member of the Electronics and Computer
department and their kind support and suggestions. We would like to show our gratitude
to our Supervisor Er. Sujata Dahal and Er. Ram Sapkota for giving us a good guideline
for assignment throughout numerous consultations. Also, we would like to acknowl-
edge with much appreciation the crucial role of our respected HOD, Er. Ajay Shrestha
permitted us to use all required equipment and the necessary materials to develop our
system. Furthermore, we are highly indebted to Er. Pradip Khanal, Er.Abhishesh Da-
hal, Er. Narayan KC and Er. Anku Jaiswal for their guidance and constant input as well
as for providing necessary information regarding the project also for their support in the
completion of the project so far.

Pankaj Pandit [073/BCT/551]

Nikesh Thapa [073/BCT/563]
Sagar Kafle [073/BCT/564]

iv
 ABSTRACT

The health sector care services industry is always showing signs of change and sup-
porting new advancements and technologies. One of the predominant requirements in
today’s health care systems is to protect the patient’s medical report against potential
attackers or Hackers. Hence, it is basic to have secure information that can just ap-
prove certain people only can get access to the patient’s medical report. So, we have
designed a system with Block chain technology as a disbursed approach to grant se-
curity in accessing the medical report of a patient. It’s composed of three phases:- a.
Authentication, b. Encryption and c. Data Retrieval using Block Chain technology.
For authentication – We will be using OTP (One Time Password) algorithm For En-
cryption – We will be using AES (Advanced Encryption Standard) algorithm and for
Data Retrieval – SHA (Secure Hash Algorithm) is used to resist the frequent attacks.
This system will likewise ensure the protection of the patient’s records and keep up
the security and trustworthiness of the health care system and the health care services
industry.

Keywords−OTP, SHA, AES, Block Chain.

v
 TABLE OF CONTENTS

Declaration i
Approval Letter ii
Copyright iii
Acknowledgment iv
Abstract v
List of Figures viii
List of Abbreviations ix
1 INTRODUCTION 1
1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4 Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.5 Project Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.6 Feasibility Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.6.1 Financial Feasibility . . . . . . . . . . . . . . . . . . . . . . . 3
1.6.2 Technical Feasibility . . . . . . . . . . . . . . . . . . . . . . . 3
1.6.3 Schedule Feasibility . . . . . . . . . . . . . . . . . . . . . . . 3
1.6.4 Operational Feasibility . . . . . . . . . . . . . . . . . . . . . . 4
1.7 Requirement Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.7.1 Tools Required . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.7.2 Languages used . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.7.3 Non-functional Requirements . . . . . . . . . . . . . . . . . . 7
2 OBJECTIVE 8
3 Literature Review 9
3.1 Brave Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2 Metatask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.3 Pundix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4 Terminology 12
4.1 Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2 Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.3 Distributed Ledger . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.4 Proof of Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.5 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5 System Design and Architecture 13
5.1 Block Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

vi
 5.2 Use Case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.3 Context level DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.4 DFD level 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.5 ER Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
6 METHODOLOGY 18
6.1 Software Model Approach . . . . . . . . . . . . . . . . . . . . . . . . 18
6.2 Algorithms and Techniques . . . . . . . . . . . . . . . . . . . . . . . . 19
6.2.1 Ethereum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
6.2.2 Ethereum Consensus . . . . . . . . . . . . . . . . . . . . . . . 20
6.2.3 Smart Contract . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.2.4 IPFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.2.5 OTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6.2.6 SHA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
7 RESULT AND ANALYSIS 25
7.1 Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
7.2 Limitation and Future Work . . . . . . . . . . . . . . . . . . . . . . . 28
8 Conclusion 29
References 30

vii
 LIST OF FIGURES

sasa

viii
 LIST OF ABBREVIATIONS

SHA Secured Hash Algorithms

IPFS InterPlanetary File System
XAMPP X-Apache MySQL PHP Perl
MYSQL My Structured Query Language
JS JavaScript
DHT Distributed Hash Table
PHP Php: HyperText Preprocessor
EVM Ethereum Virtual Machine
SMTP Simple Mail Transfer Protocol
EHR Electronic Health Record
EMR Electronic Medical Record
IPC Inter Process Communication
HTTP Hyper Text Transfer Protocol
CLI Command Line Interface
HTML Hyper Text Markup Language
CSS Cascading Style Sheets
OTP One Time Password

ix
CHAPTER 1
INTRODUCTION

1.1 Overview

In this report, we discuss the development and effective use of MEDICAL REPORT
SECURITY SYSTEM USING BLOCKCHAIN TECHNOLOGY. Our system helps to
secure the medical reports which can be misused in different fields. Different crypto-
graphic algorithms have been used during the project.

1.2 Background

The Blockchain is the fastest growing technology through various applications in a se-
cure manner. The various implementations make use of blockchain technology among
stakeholders. Banking, healthcare services, and supply chain management utilize this
technology for its immense potential and secure data sharing management. Mainly,
blockchain technology plays a major role in the medical and healthcare system. Because
of the decentralized and distributed technology, Blockchain provides security services
in healthcare.

Blockchain innovation deals with the human service administrations to give secure in-
formation sharing among different partners, information inter-operability, adaptable and
speedy charging. In Today’s world, technology has a rapid growth in its upcoming fu-
ture with a widespread digital transformation by making a better replacement every day.
Internet of things, detecting advancements, and 5G are the quickest developing innova-
tion gives a markable commitment to human service administrations. The centralized
design in current health care services is not so secure among the various medical ser-
vices, which provides a delay in accessing the data and it has a major risk in leakage of
information. In such a case, the medical reports can be archived without the knowledge
of the patient. Securely accessing the data within the network is the major issue in the
current health care maintaining system. For accessing the data, Blockchain is the effi-
cient way and a promised technology. Electronic, Health/Medical Record (EHR/EMR)
is the current online healthcare services that play a key role in maintaining and storing
the data, which has a major issue in leakage of patient’s information.

In blockchain technology, the information is stored as a ledger feature that can mon-
itor the patients in accessing the medical records. This becomes the major reason for
the development of Blockchain technology. Blockchain technology, not only provides
security and easy accessibility, but also gives other production elements in the admin-

1
istrations and pursues privacy, respectability, and verification. Thus the main aim of
this project is to provide secure management in accessing the medical records using
blockchain technology.

1.3 Problem Statement

The cutting edge online human services administrations, for example, Electronic Health/
Medical Record (EHR/EMR) plays out a critical job for putting away, sharing, and
holding individual restorative reports of the patients. Be that as it may, several chances
prompts hacking the individual restorative records of the patient. For instance, current
human services frameworks will turn into an errand for the patients to keep up track of
their realities on which substance is unquestionably approaching the medicinal records
and for what reason.

Blockchain innovation can play out a noteworthy job in such cases since it offers records
based components that are disseminated to all elements inside the system/framework.
A patient can screen who is truly getting to the information and can give the consent
to just the approved substances to get to the information. Consequently, the inspiration
at the back of this is to utilize blockchain for giving security to restorative reports of
the patient and to satisfy the issues of present-day human services frameworks. Think-
ing about the present necessities for insurance of the human services frameworks, there
is an unmistakable need for the protected and productive blockchain-based social in-
surance gadget that cannot just offer security to get to the information by the patient
anyway moreover other key elements, for example, a specialist can likewise recover
and including the restorative records with the assistance of patient’s consent. What’s
more, in the meantime, the framework ought to watch the key security perspectives like
trustworthiness, privacy, and confirmation.

Consequently, the reason for this project is to prescribe the execution of a blockchain in-
novation based human services framework in which including or recovering the medic-
inal record of a patient can be done by the approved specialist and with the consent
of the specific patient safely. Besides, the blockchain can likewise give the versatility
trademark which is the real necessity in the cutting edge human services framework.

1.4 Application

Our System is a secured system that can be used in different hospitals and it later can be
expanded in different organizations. It provides security since all the parties involved
must give permissions to add or edit records.

2
1.5 Project Features

The following features are provided by our system:

(a) Block chain technology to store data

(b) Encryption and Decryption for security
(c) User Interactive Interface for easier use

1.6 Feasibility Analysis

For any application and project to be applicable in the real-world environment, it needs
to feasible in various aspects. And with the view to make this project feasible to apply
in the real environment we have handled the project with great dedication and determi-
nation. Some aspects of feasibility are:

1.6.1 Financial Feasibility

The financial feasibility of our project proves to be feasible. And in order to make our
project feasible in the financial boundary, we have analyzed the cost evaluation. And as
the result, our system is financially feasible.

1.6.2 Technical Feasibility

For a project to be technically feasible, it needs to run with the adjustable technical
environment and technical manpower. Although our project requires a large number of
tools in order to develop the application, the resulting product is a small application that
can be run in the browser window and can be run by non-technical personnel. Hence,
the project is technically feasible.

1.6.3 Schedule Feasibility

The schedule feasibility analysis is done to analyze the time required for the completion
of the project. The estimated amount of time required to complete our project falls
within the feasible schedule. Given our project complexity, the project is very much
feasible in terms of schedule.

3
1.6.4 Operational Feasibility

Operational feasibility analyzes how well a system performs. Since the modeling of the
system can be done by the analyst and in our case the user of the system, the resulting
product is highly interactive and meets the requirement of the system. However, if in
any case there occurs a malfunction of the application it can be modified as per the
changed requirement in the future. Hence, the project is operationally feasible.

1.7 Requirement Analysis

1.7.1 Tools Required

(a) Metamask Extension

MetaMask is a software cryptocurrency wallet used to interact with the Ethereum
blockchain.MetaMask is a web extension, which allows you to manage your
Ethereum private keys via your web browser. By doing so, it serves as a wallet for
Ether and ERC20 tokens, and allows you to visit the distributed web of tomorrow
in your browser today. To be more specific, it allows you to run Ethereum dApps
(Decentralized Apps) right in your browser without running a full Ethereum node.
It allows users to store and manage account keys, broadcast transactions, send and
receive Ethereum-based cryptocurrencies and tokens, and securely connect to de-
centralized applications through a compatible web browser or the mobile app’s
built-in browser.

(b) Truffle
Truffle is a development environment, testing framework and asset pipeline for
Ethereum, aiming to make life as an Ethereum developer easier. It is one of the
most widely used IDEs in the Ethereum community. Developers can use it to
build and deploy DApps for testing purposes with many features that make it
more attractive to users with a Web 3.0 dev background.

(c) Web3
web3.js is a lightweight, highly modular, reactive, type safe Java and Android
library for working with Smart Contracts and integrating with clients (nodes) on
the Ethereum network. This allows you to work with the Ethereum blockchain,
without the additional overhead of having to write your own integration code for
the platform. It has complete implementation of JSON-RPC client (Application
Programming Interface) API over Hyper Text Transfer Protocol (HTTP) and In-

4
 ter Process Communication (IPC). It has android compatible version and supports
Infura. It has complete support to ethereum wallet.

(d) React JS
React (also known as React.js or ReactJS) is an open-source, front end, JavaScript
library for building user interfaces or UI components. It is maintained by Face-
book and a community of individual developers and companies. React can be
used as a base in the development of single-page or mobile applications. How-
ever, React is only concerned with state management and rendering that state to
the DOM, so creating React applications usually requires the use of additional
libraries for routing. React Router is an example of such a library.

(e) PHP Mailer for sending emails via SMTP.

(f) XAMPP
XAMPP is an abbreviation where X stands for Cross-Platform, A stands for
Apache, M stands for MYSQL, and the Ps stand for PHP and Perl, respectively. It
is an open-source package of web solutions that includes Apache distribution for
many servers and command-line executables along with modules such as Apache
server, MariaDB, PHP, and Perl. XAMPP helps a local host or server to test
its website and clients via computers and laptops before releasing it to the main
server. It is a platform that furnishes a suitable environment to test and verify the
working of projects based on Apache, Perl, MySQL database, and PHP through
the system of the host itself. Among these technologies, Perl is a programming
language used for web development, PHP is a backend scripting language, and
MariaDB is the most vividly used database developed by MySQL.

1.7.2 Languages used

(a) Solidity
Solidity is a contract-oriented programming language for writing smart contracts.
Solidity is a statically-typed programming language designed for developing smart
contracts that run on the EVM. It was influenced by C++, Python, and JavaScript
and is designed to target the Ethereum Virtual Machine (EVM). With Solidity,
developers are able to write applications that implement self-enforcing business
logic embodied in smart contracts, leaving a non-repudiable and authoritative
record of transactions. Solidity support inheritance, including multiple inheri-
tances with C3 linearization.

(b) PHP

5
 PHP is a general-purpose scripting language especially suited to web develop-
ment. It was originally created by Danish-Canadian programmer Rasmus Lerdorf
in 1994. The PHP reference implementation is now produced by The PHP Group.
PHP originally stood for Personal Home Page, but it now stands for the recursive
initialism PHP: Hypertext Preprocessor.

PHP code is usually processed on a web server by a PHP interpreter implemented

as a module, a daemon or as a Common Gateway Interface (CGI) executable.
On a web server, the result of the interpreted and executed PHP code – which
may be any type of data, such as generated HTML or binary image data – would
form the whole or part of an HTTP response. Various web template systems,
web content management systems, and web frameworks exist which can be em-
ployed to orchestrate or facilitate the generation of that response. Additionally,
PHP can be used for many programming tasks outside of the web context, such
as standalone graphical applications[9] and robotic drone control.[10] Arbitrary
PHP code can also be interpreted and executed via command-line interface (CLI).

(c) JS
JavaScript often abbreviated as JS, is a high-level, just-in-time compiled, multi-
paradigm programming language that conforms to the ECMAScript specifica-
tion.[10] JavaScript has curly-bracket syntax, dynamic typing, prototype-based
object-orientation, and first-class functions. Alongside HTML and CSS, JavaScript
is one of the core technologies of the World Wide Web. JavaScript enables inter-
active web pages and is an essential part of web applications. The vast majority
of websites use it, and major web browsers have a dedicated JavaScript engine
to execute it. As a multi-paradigm language, JavaScript supports event-driven,
functional, and imperative (including object-oriented and prototype-based) pro-
gramming styles. It has APIs for working with text, arrays, dates, regular expres-
sions, and the DOM, but the language itself does not include any I/O, such as
networking, storage, or graphics facilities. It relies upon the host environment in
which it is embedded to provide these features.

(d) CSS
Cascading Style Sheets (CSS) is a style sheet language used for describing the
presentation of a document written in a markup language like HTML. CSS is a
cornerstone technology of the World Wide Web, alongside HTML and JavaScript.
CSS is designed to enable the separation of presentation and content, including
layout, colors, and fonts. This separation can improve content accessibility, pro-
vide more flexibility and control in the specification of presentation character-
istics, enable multiple web pages to share formatting by specifying the relevant

6
 CSS in a separate .css file, and reduce complexity and repetition in the structural
content.

(e) HTML
Hypertext Markup Language (HTML) is the standard markup language for doc-
uments designed to be displayed in a web browser. It can be assisted by tech-
nologies such as Cascading Style Sheets (CSS) and scripting languages such as
JavaScript. Web browsers receive HTML documents from a web server or from
local storage and render the documents into multimedia web pages. HTML de-
scribes the structure of a web page semantically and originally included cues for
the appearance of the document.

1.7.3 Non-functional Requirements

(a) Openness
The nodes in the blockchain show interoperability that means that the nodes in the
Blockchain have the ability to exchange and use information during transaction.

(b) Concurrency
Nodes process concurrency to enhance performance of the Blockchain.

(c) Scalability
Nodes can be added or removed to make the Blockchain flexible. Scalability con-
siders three things:
Size:-More nodes can be added easily in the Blockchain network.
Transcation Processing rate:-Geographical dispersion of the nodes does not de-
grade the performance of the Blockchain.
Managebility:- The Blockchain should be manageable as no. of nodes in the
Blockchain increases and the different nodes are located in different parts of the
world.

(d) Fault Tolerence

The transactions are immutable and any fault at any node is transparent to all the
other nodes in the Blockchain.

(e) Transparency
Every transaction in our system is visible to each node in the Blockchain network.

7
CHAPTER 2
OBJECTIVE

To secure the medical report of the patient using blockchain technology.

8
CHAPTER 3
LITERATURE REVIEW

The medical report of any type of patient is viewed as relatively sensitive and wants a
secure and safer ability to guard the data of the report. In this manner, the putting away,
sharing, and overseeing restorative reports can be executed in secure ways. These prob-
lems were already proposed by using several mechanisms. For example, numerous au-
thentication schemes, which lead to fulfilling the need for efficient and secure access of
medical reports, manageability, and other safety requirements. These options had been
useful in providing a variety of protection necessities under preferred healthcare scenar-
ios. But these strategies in current healthcare technology are no longer enough due to
the fact the patient has been exploited utilizing various entities through distinct means
except their consent. In this project, we discover a variety of security solutions based
on blockchain-based health care approaches. We have done a variety of research stud-
ies framework in which including or recovering the medicinal record of a patient can be
done by the approved specialist and with the consent of the specific patient safely. Also,
the blockchain can likewise give the versatility trademark which is the real necessity in
the human services framework. Various efforts have been made to adapt the blockchain
technology in different areas so that all the industries and use cases can benefit from the
interesting features of blockchain technology. Consequently, blockchain is now consid-
ered as a general-purpose technology that has found applications in different industries
and use cases, such as identity management, dispute resolution, state government fund
allocation, contract management, supply chain management, insurance, and healthcare,
etc. With the growing fascination for blockchain and its adoption in different organi-
zations and industries, healthcare has come to represent a significant area where many
use cases have been identified for the application of blockchain. However, blockchain
is a relatively new technology and with a lot of hype in the media publications as well
as in research publications in the form of opinion pieces, commentaries, blog posts,
interviews, etc. There is a lot of inaccurate information, speculations, and uncertain-
ties about the potential utility of blockchain in the healthcare industry. Members of the
research community and practitioners have been understanding the specific areas of ap-
plication or use cases of blockchain in the healthcare industry and using these identified
use cases, how blockchain-based healthcare applications can be developed.

There is still a long way to go before we are all using blockchain in our daily lives,
but there are some already existing applications that bring us closer to this goal. Below
are three up-and-coming blockchain projects that already provide real-world value and
have a substantial user-base.

9
3.1 Brave Browser

[1] Brave is a blockchain-powered web browser. In September 2018, Brave exceeded

10 million downloads from the Google Play Store. Currently, four million people use
Brave each month and it has 26,000 content publishers. Brave is appealing because
it protects the data privacy of users. It prevents the unauthorized collection of per-
sonal information and stops unwanted ads from using up data and processing power.
The company estimates the average mobile user pays as much as $23 a month in data
charges to download ads and trackers. Brave blocks ads and trackers, so users don’t pay
for them. Brave is also faster than other web browsers because it blocks these resource
consuming intrusions. Brave has it’s a native cryptocurrency, the Basic Attention To-
ken (BAT). This means readers of Brave content can also reward publishers while they
are browsing with BAT tokens, thus monetizing content for creators, not advertisers.
Soon users will be able to opt-in to view adverts in return for rewards paid in the BAT
cryptocurrency.

3.2 Metatask

[2] At this stage, to take advantage of blockchain technology you need to use decen-
tralized applications (dApps). Dapps bridge blockchain and conventional technology
allowing them to interact. Most dApps are built on the Ethereum blockchain. Though
other blockchains like EOS and TRON are also seeing increasing dApp development.
Given the uneven development of blockchain technology, its likely that dApps will
grow in popularity in the short-term. MetaMask is a browser add-on that lets users ac-
cess Ethereum-based dApps. It has an integrated wallet too, so dApp token transactions
can be done seamlessly. The wallet can track balances across multiple applications and
platforms, integrate with hardware (“cold”) wallets, and help secure token transfers. A
mobile version of MetaMask is planned for release in 2019.

3.3 Pundix

[3] PundiX is a blockchain startup that aims to use cryptocurrency to create a global
cashless payment system. Its blockchain-enabled Point-of-Sale (XPoS) devices let
shops, cafes and convenience stores sell cryptocurrency and accept cryptocurrency pay-
ments for goods and services. All a merchant has to do it have an XPoS in their store.
The device works with a simple mobile wallet (XWallet) that customers use to make
payments in physical stores. It has a simple interface for buying and selling BTC, ETH,
XEM, and QTUM. It also has a check-out menu to execute purchases with cryptocur-
rencies. With every transaction, the XPoS prints a receipt for the customer and tracks

10
orders and inventory for the store owner. PundiX delivered its first 500 units in late June
2018 to participating businesses located in Hong Kong. In June, it was also announced
that UTRUST, one of the world’s digital payment platforms, had signed a deal for 1000
Pundi XPoS units. The deal with UTRUST takes the number of units of Pundi X tech-
nology that have been ordered for use by clients in global retail to over 25,000, which
is 25% of the company’s three-year sales target of 100,000 XPoS devices delivered to
at least 12 different countries.
The PundiX devices interact with two blockchains i.e. Ethereum and NEM (XEM).
Nem was chosen because it is popular with Asian financial institutions, and its technol-
ogy enables nearly instantaneous payments. The PundiX project builds on the success
of Pundi-Pundi, which is already a popular (non-blockchain-based) cashless payment
app in Indonesia that uses smartphones to make instant payments in retail and restaurant
outlets.

11
CHAPTER 4
TERMINOLOGY

4.1 Blockchain

A blockchain, originally block chain, is a growing list of records, called blocks, that are
linked using cryptography. Each block contains a cryptographic hash of the previous
block,a timestamp, and transaction data (generally represented as a Merkle tree).By
design, a blockchain is resistant to modification of the data.

4.2 Hashing

Cryptography is the practice and study of techniques for secure communication in the
presence of third parties called adversaries. More generally, cryptography is about con-
structing and analyzing protocols that prevent third parties or the public from reading
private messages; various aspects in information security such as data confidentiality,
data integrity, authentication, and non-repudiation are central to modern cryptography.

4.3 Distributed Ledger

A distributed ledger is a database that is consensually shared and synchronized across

multiple sites, institutions, or geographies, accessible by multiple people. It allows
transactions to have public ”witnesses”. Blockchain is a type of distributed ledger used
by bitcoin.

4.4 Proof of Work

Proof of work (PoW) is a form of cryptographic zero-knowledge proof in which one

party (the prover) proves to others (the verifiers) that a certain amount of computational
effort has been expended for some purpose. Verifiers can subsequently confirm this
expenditure with minimal effort on their part.

4.5 Authentication

Authentication is the process of recognizing a user’s identity. The credentials provided

are compared to those on a file in a database of the authorized user’s information on a
local operating system or within an authentication server.

12
CHAPTER 5
SYSTEM DESIGN AND ARCHITECTURE

5.1 Block Diagrams

Figure 5.1: Block Diagram

13
 Figure 5.2: Authentication of doctor

Figure 5.3: Registration for new patient

14
5.2 Use Case Diagram

Figure 5.4: Use case diagram

15
5.3 Context level DFD

Figure 5.5: Context level DFD

5.4 DFD level 1

Figure 5.6: DFD level 1

16
5.5 ER Diagram

Figure 5.7: ER diagram

17
CHAPTER 6
METHODOLOGY

6.1 Software Model Approach

Among all the software development models, we have decided that the spiral model
would be the best alternative to reduce the complexity and timely delivery of the project.
The spiral model is a risk-driven process model generator for software projects. Based
on the unique risk patterns of a given project, the spiral model guides a team to adopt
elements of one or more process models, such as incremental, waterfall, or evolutionary
prototyping.

Figure 6.1: Spiral Model

The spiral model is similar to the incremental model, with more emphasis placed on
risk analysis. The spiral model has four phases: Planning, Risk Analysis, Engineering
and Evaluation. A software project repeatedly passes through these phases in itera-
tions (called Spirals in this model). The baseline spiral, starting in the planning phase,

18
requirements is gathered and risk is assessed. Each subsequent spiral build on the base-
line spiral. It’s one of the software developments models like Waterfall, Agile, V-Model.

(a)Planning Phase: Requirements are gathered during the planning phase.

(b)Risk Analysis: In the risk analysis phase, a process is undertaken to identify risk
and alternate solutions. A prototype is produced at the end of the risk analysis phase.
If any risk is found during the risk analysis then alternate solutions are suggested and
implemented.

(c)Engineering Phase: In this phase software is developed, along with testing at the
end of the phase. Hence in this phase the development and testing is done.

(d)Evaluation Phase: This phase allows the customer to evaluate the output of the
project to date before the project continues to the next spiral.

6.2 Algorithms and Techniques

6.2.1 Ethereum

Ethereum is an open source, public, Blockchain-based distributed computing platform

and operating system featuring smart contract functionality. Using Ethereum, the app
doesn’t require one entity to store and control its data. To accomplish this, Ethereum
borrows heavily from bitcoin’s protocol and its Blockchain design but tweaks it to sup-
port applications beyond money. The structure of the Ethereum Blockchain is very
similar to bitcoin’s, in that it is a shared record of the entire transaction history. Every
node on the network stores a copy of this history.

Figure 6.2: Ethereum

19
6.2.2 Ethereum Consensus

A consensus is a fault-tolerant mechanism that is used in computer and Blockchain

systems to achieve the necessary agreement on a single data value or a single state of
the network among distributed processes or multi-agent systems. Currently, Ethereum
utilizes Proof of Work consensus mechanism. PoW awards individuals with native
tokens (Ether or Bitcoin) for mining activities. Mining is the practice of solving block
equations to verify various transactions. The process involves an immense amount of
computing power. Individuals who participate in mining activities are rewarded with
cryptocurrency on each occasion that they verify a new block. The quickest individual
to solve each block (most likely the one with the highest level of computing power)
is granted the reward. To verify a new block, each node in the network most store all
previous blocks in the chain. The PoW mechanism is incredibly inefficient and time
consuming.

Figure 6.3: Ethereum Transaction

The Ethereum Blockchain currently processes about 15–30 transactions per second.
The PoW mechanism also presents a scaling dilemma. Since each node must store the
entire Blockchain to verify transactions, there will be a point in time when the chain
becomes too large for smaller nodes to store all blocks, thus the system risks becoming
controlled by a few large nodes.

20
6.2.3 Smart Contract

In software engineering, a class diagram is a type of static structure diagram that de-
scribe the structure of a system by showing the system classes, their attributes,operations(or
methods), and the relationships among objects. The classes in a class diagram repre-
sent both the main elements, interactions in the application, and the classes to be pro-
grammed.

A Smart Contract is a computer program that directly and automatically controls the
transfer of digital assets between the parties under certain conditions. A smart contract
works in the same way as a traditional contract while also automatically enforcing the
contract. Smart contracts are programs that execute exactly as they are set up (coded,
programmed) by their creators. Just like a traditional contract is enforceable by law,
smart contracts are enforceable by code. A smart contract is just a digital contract with
the security coding of the Blockchain. A smart contract has details and permissions
written in code that require an exact sequence of events to take place to trigger the
agreement of the terms mentioned in the smart contract. It can also include the time
constraints that can introduce deadlines in the contract. This contract is embedded in
the Blockchain making it transparent, immutable, inexpensive and decentralized. Every
smart contract has its address in the Blockchain. The contract can be interAES Feature-
sacted with by using its address presuming the contract has been broadcasted in the
network.

The idea behind smart contracts is pretty simple. They are executed on a basis of simple
logic, IF-THEN for example: IF you send me the object A, THEN the sum (of money,
in cryptocurrency) will be transferred to you IF you transfer a certain amount of digital
assets (cryptocurrency, for example, ether, bitcoin), THEN the A object will be trans-
ferred to you IF I finish the work, THEN the digital assets mentioned in the contract
will be transferred to me.

6.2.4 IPFS

IPFS stands for Interplanetary File System. IPFS seeks to create a permanent and
distributed web. It does this by using a content-addressed system instead of HTTP’s
location-based system. Because of the similarity in their structure, IPFS and blockchains
can work well together.

IPLD is a data model for distributed data structures like blockchains. This model allows
for easy storage and access of blockchain data through IPFS. IPFS began as an effort
by Juan Benet to build a system that is very fast at moving around versioned scientific

21
data. Versioning gives you the ability to track how states of software change over time.
IPFS has since become thought of as the Distributed, Permanent Web; “IPFS is a dis-
tributed file system that seeks to connect all computing devices with the same system of
files. In some ways, this is similar to the original aims of the Web, but IPFS is actually
more similar to a single bittorrent swarm exchanging git objects. With location-based
addressing when a server goes down, everything contained within that server is not ac-
cessible over the internet.

However, when a server goes down there is a high probability that another user has
downloaded that image, and is storing it locally on their computer. But even if another
computer does have this file, your computer is not able to connect with the other com-
puter in possession to transport the file. To help address this issue, IPFS introduces the
concept of “Content-Based Addressing”. With content-based addressing when request-
ing a specific resource, you do not need to specify the location, you only need to specify
what you want.

Every file has a unique hash, which can be thought of as the fingerprint or identifi-
cation of the file. When you want to access a specific file, you simply ask the network
who has a copy of the file with the specified hash. Once the request is made, someone
on the IPFS network will provide the resource that you have requested. You will down-
load that resource, and a copy will be saved to you IPFS cache. Now when another
person comes and requests the same file, you will be able to provide it to them. This
creates a system that speeds as it is used more because the more files that are shared the
more readily available, they are amongst a large group of nodes.

6.2.5 OTP

The OTP is a numeric code that is randomly and uniquely generated during each au-
thentication event. This adds an additional layer of security, as the password generated
is fresh set of digits each time an authentication is attempted and it offers the quality of
being unpredictable for the next created session. The most common way for the gen-
eration of OTP defined by The Initiative For Open Authentication (OATH) is the Time
Based One Time Passwords (TOTP), which is a Time Synchronized OTP. In these OTP
systems, time is the cardinal factor to generate the unique password. The password gen-
erated is created using the current time and it also factors in a secret key. An example
of this OTP generation is the Time Based OTP Algorithm (TOTP) described as follows:
1. Backend server generates the secret key
2. The server shares secret key with the service generating the OTP
3. A hash-based message authentication code (HMAC) is generated using the obtained
secret key and time. This is done using the cryptographic SHA-1 algorithm. Since

22
both the server and the device requesting the OTP, have access to time, which is obvi-
ously dynamic, it is taken as a parameter in the algorithm. Here, the Unix timestamp
is considered which is independent of time zone i.e. time is calculated in seconds start-
ing Let us consider “0215a7d8c15b492e21116482b6d34fc4e1a9f6b” as the generated
string from the HMSAC-SHA1 algorithm.
4. The code generated is 20 bytes long and is thus truncated to the desired length suit-
able for the user to enter. Here dynamic truncation is used.

For the 20-byte code “0215a7d8c15b492e21116482b6d34fc4e1a9f6ba”, each character

occupies 4 bits. The entire string is taken as 20 individuals one-byte sting.
We look at the last character, here a. The decimal value of which is taken to determine
the offset from which to begin truncation. Starting from the offset value, 10 the next 31
bits are read to obtain the string “6482b6d3”. The last thing left to do, is to take our
hexadecimal numerical value, and convert it to decimal, which gives 1686288083. All
we need now are the last desired length of OTP digits of the obtained decimal string,
zero-padded if necessary. This is easily accomplished by taking the decimal string,
modulo 10 number of digits required in OTP. We end up with “288083” as our OTP
code.
5. A counter is used to keep track of the time elapsed and generate a new code after a
set interval of time
6. OTP generated is delivered to user by the methods described above. Apart from the
time-based method described above, there also exist certain mathematical algorithms
for OTP generation for example a one-way function that creates a subsequent OTP
from the previously created OTP. The two-factor authentication system is an effective
strategy that exploits the authentication principles of “something that you know” and
“something that you have”. The dynamic nature of the latter principle implemented by
the One Time Password Algorithm is crucial to security and offers an effective layer of
protection against malicious attackers.

6.2.6 SHA

The Sha-256 algorithm is based on the Merkle-Damgard construction method, accord-

ing to which the initial index is divided into blocks immediately after the change is
made, and those, in turn, into 16 words. SHA-256 or other hash algorithms have two

23
different attacks that we should be concerned about collision and preattack. The colli-
sion is situation where different entries are chopped in the same synthesis value. Find-
ing a collision for a SHA-256 via a raw force attack is possible because it has a limited
amount of different hash values that it can produce. There are a total of 2256 results for
hashing, so collisions are very unlikely to occur. For all those doubting the security of 2
power 256 collision chances, there’s the number: There is a 1 in over 115 quattuorvig-
intillion (that’s a 78 digit number) chance of finding a collision.

Due to SHA1’s smaller bit size, it has become more susceptible to attacks which there-
fore led to its deprecation from SSL certificate issuers in January 2016. An example of
the difference in size between SHA1 Vs SHA256 can be seen in the following example
hashes:
• SHA1- da33ee5e6b4b0d3255bfef95601890afd80709
• SHA256- e3b0c44298fc1c149af4c8996fb92427ae41e4649b934ca495991b7852b855

One iteration in a SHA-2 family compression function.We used incremental model of

software modeling for implementing our system.As incremental model involves devel-
opment of the system where the system is put into production when the first increment
is delivered. Some of the advantage of using this model are discussed as: SHA – 256
algorithms is used in Blockchain to get a constant hash of 256 bits every time. This
algorithm is also a part of encryption technology.

24
CHAPTER 7
RESULT AND ANALYSIS

7.1 Output

This system updates and view the medical report in consent of doctor and patient
only, hence it provides the security of information of the patients. Since we are us-
ing blockchain to store the patient information, patient information is immutable and
cannot be changed only by the doctor. So, our system is secure and only one cannot
change the report, that’s why our system gives a secured medium for both hospital,
patients and doctors.

Figure 7.1: Adding blocks

25
Figure 7.2: Transaction Output

26
Figure 7.3: Representation of Block

27
7.2 Limitation and Future Work

There are certain limitations of our system.

1. It does not work offline.It needs internet connection.

2. The storage system for blockchain is extremely expensive.
3. The computational time is slow compared to traditional system.

In future we can implement this project on different hospitals to secure the reports. We
can implement security using blockchain technology in governmental reports to make
the documents secured . We can also implement the system in android / ios to make it
more easier to access and user friendly.

28
CHAPTER 8
CONCLUSION

The sole purpose of this project is to enhance the security level in the Medical system.
The use of SHA, Smart Contract and OTP algorithms used in the system allows pre-
venting illegal or unauthorized changes in the reports. The applications of this project
in various hospitals, as well as governmental organizations, can provide a huge assist in
security factor. Since it is feasible for private and public purposes, it can be used in Hos-
pitals. This tool will give a boost to the government organizations which serve as public
protection and security to identify and prevent criminal activities. Thus, ”MEDICAL
REPORT SECURITY SYSTEM USING BLOCKCHAIN TECHNOLOGY” prevents
the risk in many cases.

29
 BIBLIOGRAPHY

[1] Christo, M.S. and Meenakshi, S., ”Enhancing Rumor Riding protocol in P2P net-
work with Cryptographic puzzle through challenge question method,” Computers
& Electrical Engineering, 2017.

[2] K. Abouelmehdi, A. Beni-Hssane, H. Khaloufi, and M. Saadi,“Big data security

and privacy in healthcare: A review,,” Procedia Computer Science, vol. 113, pp. 73
– 80, 2017, the 8th International Conference on Emerging Ubiquitous Systems and
Pervasive Networks (EUSPN 2017) / The 7th International Conference on Current
and Future Trends of Information and Communication Technologies in Healthcare
(ICTH-2017) / Affiliated Workshops., 2007.

[3] M. Puppala, T. He, X. Yu, S. Chen, R. Ogunti, and S. T. C. Wong, “Data security
and privacy management in healthcare applications and clinical data warehouse
environment,,” in2016 IEEE-EMBS International Conference on Biomedical and
Health Informatics (BHI), 2016.

[4] G. Wood, “Ethereum: A secure decentralised generalised transaction ledger,”

Ethereum Project Yellow Paper, vol. 151, pp.1–32, 2014.

[5] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “Medrec: Using blockchain

for medical data access and permissionmanagement,” in 2016 2nd International
Conference on Open and Big Data (OBD), Aug 2016, pp. 25–30.

[6] P. Zhang, M. A. Walker, J. White, D. C. Schmidt, and G. Lenz, “Metrics for as-
sessing blockchain-based healthcare decentralizedapps,” in 2017 IEEE 19th Inter-
national Conference one-Health Networking, Applications and Services (Health-
com),Oct 2017, pp. 1–4..

[7] M. Mettler, “Blockchain technology in healthcare: The revolution starts here,” in

2016 IEEE 18th International Conference on e-Health Networking, Applications
and Services (Healthcom),Sept 2016, pp. 1–3.G. W. Juette and L. E. Zeffanella,
“Radio noise currents n short sections on bundle conductors (Presented Conference
Paper style),” presented at the IEEE Summer power Meeting, Dallas, TX, June
22–27, 1990, Paper 90 SM 690-0 PWRS.

[8] W. Liu, S. Zhu, T. Mundie, and U. Krieger, “Advanced blockchain architecture for
e-health systems,” in e-Health Networking,Applications and Services (Healthcom),
2017 IEEE 19th International Conference on. IEEE, 2017, pp. 1–6..

[9] Christo, M.S. and Rathinam, J.J., 2018, April. Enhancing Authenticated Intermedi-
ate Node in Rumor Riding Protocol. In 2018 International Conference on Commu-
nication and Signal Processing (ICCSP) (pp. 0023-0027). IEEE..

30