With the IEEE Blockchain for Clinical Trials event, the IEEE provided a forum for diverse groups interested in pharmaceuticals, medicine, and blockchain technologies to interface with each other.
I came as part of a team representing the Scrybe project. Scrybe is a blockchain-based system for securing provenance metadata. The team is from Clemson University (CU) (PI, R. R. Brooks), University of Tennessee at Chattanooga (UTC) (PI, A. Skjellum) and Auburn University. This project is under NSF Aegis. Our entry to the IEEE Blockchain for Clinical Trials whiteboard challenge was a collaboration with the Medical University of South Carolina (MUSC) (PI, Jihad Obeid).
Our team was represented in Orlando by Mr. Jon Oakley (Ph.D. student, CU), Ms. Amani Altarawneeh (Ph.D. student, UTC), Dr. Lu Yu (Post-doctoral scholar CU), Dr. Jihad Obeid (MUSC), and myself (CU). Many other team members helped us put together our Whiteboard Challenge entry.
The Scrybe project secures provenance metadata by using blockchain technologies. The project has been active for two years and we are actively beta testing our system. Our approach is to have each participating institution store and manage their own data. They can use an API to enter the necessary provenance metadata into Scrybe. The metadata includes appended hash values of the data and a signature cryptographically signed with their private key. These entries are submitted to a set of miner nodes that run among the participating institutions. We had defined detailed use cases for the following applications:
- Academic integrity — which tracks data sharing, software use, and credit attribution among researchers,
- Data forensics — which is used by law enforcement to keep track of digital evidence, and
- Security logs — which are the first target of system intruders trying to cover their tracks.
This competition gave us a chance to extend these ideas to clinical trials. In addition to having everyone manage their data locally and ensure HIPAA compliance, we put in place a lightweight mining algorithm. Our entry concentrated on using the blockchain to document clinical trial compliance with Part 11 in Title 21 of the Code of Federal Regulations.
Title 21 Part 11 specifies requirements the FDA imposes on electronic records. Procedures need to be put in place to certify that records, among other things, are authentic and cannot be repudiated. Our whiteboard design provides procedures that guarantee that the Part 11 requirements are satisfied. We use blockchain technology to do so. The Scrybe approach is efficient, secure, and more environmentally sound than current alternatives.
A participating institution maintains its own data archive. For clinical trials, we assume that the archive is a set of documents that include:
- Trial protocol
- Patient consent forms
- Raw data
Each document that is required for the trial is certified by the relevant authority. Certification includes using an API provided by Scrybe to produce a blockchain entry. The entry includes:
- Cleartext description of electronic record,
- A permanent indicator of the record location, such as a PURL (permanent URL),
- A local time stamp,
- A hash value for the document that can be used to verify that the document has not been modified, and
- A cryptographic signature of the entire entry by the local signature authority.
The hash and signature are all that is needed to verify that the official electronic document has not been tampered with.
The entry is submitted to a set of miners. As with cryptocurrencies, these miners collate a set of entries into a block of entries. The miner our lightweight mining approach chooses verifies the entries it received and puts them into a new block. The block the miner produces is signed by the miner and includes the hash of the previous block on the blockchain.
Lightweight mining consists mainly of a distributed random choice algorithm that consists of the miners exchanging a few packets to determine who creates the next block. This requires minimal computation and guarantees that all entries are correctly entered into the system. The 2018 Clemson University Ph.D. dissertation of Dr. Oluwakemi Hambolu includes a security analysis of this process. Journal papers are in preparation.
Using our mining approach, the security advantages of the blockchain are available without the need for expensive computations for mining. Proof-of-work is needed for, among other things, safeguarding currency against inflation. The cryptocurrency needs that are satisfied by proof-of-work are not necessary for securing clinical trial integrity. Our lightweight approach provides adequate security for Part 11 compliance without requiring the computational expense of proof-of-work mining.
Miners transmit the new blocks to a set of servers that verify the correctness of the block before adding it to their local copy of the blockchain. The logic for maintaining the distributed blockchain is essentially taken from Bitcoin. Our design for this predates IBM’s Hyperledger. Had it existed, we might have adapted their tools.
We note that this approach is compact and efficient. When multiple parties share the mining and blockchain maintenance duties, this provides an effective guarantee of the sanctity of the records in the blockchain. Modifying historical blocks is unfeasible, since it would require modifying multiple systems located at different independent entities simultaneously and redoing block signatures from multiple miners, which would only be possible if all of their private keys had been compromised. Our current system has blockchain servers running on the Clemson, Auburn, and University of Tennessee at Chattanooga campuses. We are working to put in place a prototype clinical trial system with MUSC and other medical institutions.
When we became aware of the Whiteboard Challenge, we immediately realized that the challenge was an example of our existing academic integrity use case. We were thrilled to win the competition, especially given the quality of the other six entries. Each entry had a unique viewpoint. We congratulate IEEE on the quality of these entries and the ability of the judges to find the best solutions on offer. We would also like to thank the IEEE for providing this opportunity.
IEEE is working to establish relevant standards in this domain. We were glad to participate. We were extremely gratified by the group’s recognition when they chose our whiteboard as the winning entry. Mainly, we look forward to working with this emerging community and IEEE to find ways to improve clinical trials. Recently, the work of Richard Brooks and the team was covered by the Greenville News.
About Dr. Richard Brooks
Dr. Brooks has in the past been PI on research programs funded by the Air Force Office of Scientific Research, National Science Foundation, Department of Energy, National Institute of Standards, Army Research Office, Office of Naval Research and BMW Corporation. These research projects include coordination of combat missions among autonomous combat vehicles (ARO), situation and threat assessment for combat command and control (ONR), detection of protocol tunneling through encrypted channels (AFOSR), security of intelligent building technologies (NIST), experimental analysis of Denial of Service vulnerabilities (NSF), mobile code security (ONR), and security analysis of cellular networks used for vehicle remote diagnostics (BMW).
Dr. Brooks’ current research interests include game theory, strategic reasoning, blockchain security applications and information assurance. He was PI of the Mobile Ubiquitous Security Environment (MUSE) Project sponsored by ONR as a Critical Infrastructure Protection University Research Initiative (CIP/URI). It concentrated on creating distributed countermeasures to overcome large-scale network attacks like distributed denial of service and worms. Dr. Brooks was co-PI of a NIST project defining the security standards and protection profiles for the ISO BACNET networked building control systems standard. Dr. Brooks was co-PI of a DARPA ISO program coordinating air campaign command and control and PI of the Reactive Sensor Networks (RSN) Project sponsored by DARPA IXO. RSN explored collaborative signal processing to aggregate information moving through the network, and the use of mobile code for coordination among intelligent sensor nodes. He has received DURIP awards from ONR and ARO that support the study of networked systems interacting with the real world. Current projects include authentication and authorization of exa-scale computing systems and establishing Internet freedom in West Africa. His Ph. D. dissertation received an exemplary achievement certificate from the Louisiana State University graduate school. He has a B.A. from The Johns Hopkins University in Mathematical Sciences.
Dr. Brook’s research concentrates on information assurance, battlespace coordination, behavior pattern extraction/detection and game theory. His battlespace coordination work has been funded by DARPA (distributed coordination of air combat campaigns), ARO (game theoretic coordination of combat missions for teams of autonomous combat vehicles) and ONR (maritime domain awareness). Results from the ONR work is being used by the Fleet and NATO for learning, tracking, and predicting shipping patterns.
His network security research projects have included funding from NSF (analyzing wired and wireless denial of service vulnerabilities, blockchain), DoE (authentication and authorization of exa-scale storage systems), BMW Corporation (controlling dissemination of intellectual property), and the US State Department (creating anonymous communications tools for civil society groups). It frequently looks at attacks that disable security measures by working at a different level of the protocol stack. His Internet freedom work involves interactions with at risk populations working for freedom of expression.