We are providing an unedited version of this manuscript to give early access to its findings. Before final publication, the manuscript will undergo further editing. Please note there may be errors present which affect the content, and all legal disclaimers apply.
The rapid digitisation of healthcare services presents challenges in guaranteeing safe, scalable, and privacy-preserving access to sensitive medical information. This article presents BBAS, a blockchain-based authentication system for e-Health. BBAS incorporates a multi-factor authentication (MFA) framework that includes password hashing, one-time passwords (OTP), and biometric verification, with a hybrid access control model that combines role-based access control (RBAC) and attribute-based access control (ABAC). To guarantee enduring security, BBAS utilises post-quantum digital signatures (CRYSTALS-Dilithium) and exploits the InterPlanetary file system (IPFS) for off-chain data storage, assuring tamper-resistance and scalability. We implemented the system using solidity smart contracts on a permissioned Ethereum network and assessed via 500 authentication iterations. Results show BBAS outperforms benchmark models across all critical metrics: authentication success rate (ASR: 98.6%), latency (0.05 s), throughput (19,000 req/s), gas cost (35,000 gas/req), block confirmation time (10 s), and storage overhead (0.03 KB/record). Biometric error rates — false acceptance rate (FAR: 0.5%), false rejection rate (FRR: 1.2%), and equal error rate (EER: 0.85%) — are markedly decreased, therefore improving both security and usability. This research validates BBAS as a reliable, scalable, and quantum-resistant authentication framework for contemporary e-Health systems.
