PPM-HDA: Privacy-preserving and multifunctional health data
PPM-HDA: Privacy-preserving and multifunctional health data aggregation with fault tolerance
[pdf-embedder url=”http://wellapets.com/wp-content/uploads/2019/06/PPM-HDA-Privacy-preserving-and-multifunctional.pdf” title=”PPM-HDA Privacy-preserving and multifunctional”]
Abstract—Wireless Body Area Networks (WBANs), as a promising health-care system, can provide tremendous benefits for timely and continuous patient care and remote health monitoring.
Owing to the restriction of communication, computation and power in WBANs, cloud assisted WBANs, which offer more reliable, intelligent, and timely health-care services for mobile users and patients, are receiving increasing attention.
However, how to aggregate the health data multifunctionally and efficiently is still an open issue to the cloud server (CS). In this paper, we propose a privacy-preserving and multifunctional health data aggregation mechanism (PPM-HDA) with fault tolerance for cloud assisted WBANs. With PPM-HDA, the CS can compute multiple statistical functions of users’ health data in a privacy-preserving way to offer various services. Specifically, we first propose a multifunctional health data additive aggregation scheme (MHDA+) to support additive aggregate functions such as average and variance. Then we put forward MHDA as an extension of MHDA+ to support non-additive aggregations such as min/max, median, percentile and histogram. PPM-HDA can resist differential attacks, which most existing data aggregation schemes suffer from. The security analysis shows that PPM-HDA can protect users’ privacy against many threats. Performance evaluations illustrate that the computational overhead of MHDA+ is significantly reduced with the assistance of CSs. Our MHDA scheme is more efficient than previously reported min/max aggregation schemes in terms of communication overhead when the applications require large plaintext space and highly-accurate data.
Index Terms—Multifunctional aggregation, Differential privacy, Spatial aggregation, Temporal aggregation, Fault tolerance, Privacy-preserving, Cloud assisted WBANs.
WITH the increasing number of elderly citizens and the demand for remote health monitoring in our daily life, wireless body area networks (WBANs), which can monitor patients or mobile users’ health status in a timely manner, are going to play an important role in facilitating and maintaining heath-care systems . WBANs provide various services in different areas such as remote health monitoring, sports, entertainment and the military. It can be used to collect different physiology parameters including blood pressure, electrocardiography (ECG) and temperature .
Nowadays, health data aggregation services are mainly applied for remote health monitoring of patients, who want to monitor their health status in a timely manner. However, in the near future, with the increase of elderly citizens and the improvement of people’s living standards, more and more people will pay attention to their health, and health data aggregation services will be used on a large scale in the future. Spatial aggregate data (which is the aggregation of multiple users’ data at the same time point, e.g., the average blood pressure of the people in an area) is needed by medicine research centers for pharmaceutical research and production. Temporal aggregate data (which is the aggregation of the same user’s data at different time points, e.g., a user’s highest blood pressure in the past 24 hours) is needed by certified hospitals to monitor the health condition of users and provide timely feedback. A more detailed discussion of applications will be given in the Motivation part that will follow. With the ever increasing demands from patients and mobile users, WBANs need to process the sensed data in a timely manner and store the doctors’ feedback online. It is difficult to achieve these goals only relying on traditional WBANs, as real applications consume more resources, such as communication power, computation and storage resources . It is also costly for hospitals to deploy the corresponding servers for storing and processing user’s health data by themselves and they will outsource these services to a large data storage and processing company, such as Amazon Web Services (AWS) and Google.
By taking advantage of its existing servers and resources, this large company can build a cloud server cluster to provide services for these hospitals. In this way, a hospital only needs to pay a certain amount of service fee for using the health data storage and processing services. Therefore, cloud server enabled WBANs, i.e. cloud assisted WBANs, are introduced to process and store health data.
Cloud assisted WBANs provide various services for mobile users and patients by making use of cloud servers to store large amounts of health data and process them for doctor’s diagnosis , . However, privacy and security are becoming significant issues, as mobile communications are deeply involved in cloud assisted WBANs . Health data operations should be authenticated and resist malicious modifications in healthcare applications. For example, network performance might be degraded as an adversary fabricates an false emergency call and makes it distributed in the network. Moreover, from the user’s point of view, privacy is also a big concern as health data is highly relevant to users themselves. For example, some specific behaviors of a person, such as having meals, sleeping, etc., are reflected by their ECG. As a result, user’s privacy will be violated if such health data is revealed. Therefore, users’ health data needs to be protected from unauthorized entities. Motivation: Consider a scenario where a cloud assisted WBAN can use privacy-preserving data aggregation to provide health-care services to the elderly users with hypertension in a community. Elderly users with hypertension will be equipped with some body area sensors to monitor their blood pressure. To provide health services for an individual elderly user, the certified hospital can monitor his blood pressure remotely through periodically collecting his maximum/minimum blood pressure in the past day (which is temporal aggregate data.
If the maximum value of systolic pressure or the minimum value of diastolic pressure is abnormal, the hospital can trigger an alert and ask the user to come to the hospital for a thorough check. It is evident that temporal aggregation of an individual’s data is needed by the hospital in this scenario
so that it can provide better health-care services. Besides, the spatial aggregate statistics of multiple elderly users can be used by medicine research centers for pharmaceutical research and production, and for public agencies to provide better community services. In addition, preventing strong adversary from disclosing individual user’s health data and making the system fault-tolerant are both important for the privacy of the elderly users with hypertension in this community. This needs a privacy-preserving multifunctional health data aggregation scheme to realize the above services. In addition, although the aggregation of n elderly users and that of n − 1 elderly users are both protected, the cloud server might still conduct a differential attack and compromise the “differential” elderly user’s privacy by facilitating the summation of n elderly users and that of n − 1 elderly users. Several schemes are proposed to address this problem, such as , , –. However, these schemes can only preserve differential privacy for summation aggregations. Preserving differential privacy of additive aggregations, such as variance aggregations, and nonadditive aggregations, such as min/max, median, percentile and histogram, is still an open problem.