Blockchain as an Audit-Able Communication Channel

Abstract

Applications requiring strict access control, such as medical record query, often require auditing of the query. The current typical design relies on server side logging. However, logging on server-side do not provide strict means of auditing, since the server can be tampered with attackers, and also anybody who has permission to write can modify the log. We propose a scheme using blockchain technology, as a request-response channel for a client-server system, to record both client request and server reply in an audi-table manner. We have implemented a proof-of-concept system on top of a publicly available blockchain testbed. By using a blockchain as a client-server request-response channel, the request-response sequence can be verified by anybody who has access to the blockchain, providing a way to implement audit log for strictly controlled resources.