# A Practical Privacy-Preserving Publishing Mechanism Based on Personalized k-Anonymity and Temporal Differential Privacy for Wearable IoT Applications

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

- (1)
- In the signal acquisition stage, the physical structure of the equipment is at risk of being damaged.
- (2)
- In the wireless transmission stage, the signals are faced with the risk of being intercepted by special equipment. Moreover, most IoT devices have limited computing and storage space, which makes it difficult to run complex privacy protection algorithms. For example: in a marathon race in 2014, researchers used Bluetooth sniffers to easily obtain health information from 563 different competition devices since the data collected by the devices were not protected [14].
- (3)

- (1)
- We designed a privacy-preserving framework for IoT devices, which includes the transmitting and data publishing process.
- (2)
- We proposed the personalized k-anonymity algorithm based on entropy of attributes to increase the usability of anonymized data, in which the category and numeric attributes are discussed as different types.
- (3)
- We proposed the temporal differential privacy mechanism to reduce the temporal privacy disclosure, and put forward an implement algorithm in the Laplace mechanism scenarios.
- (4)
- We proposed a practical data-publishing model for IoT devices, including the processing of static, long-term, and real-time data, and we prove that this model is of enough safety.

## 2. Related Work

#### 2.1. Anonymous Methods

**Definition**

**1.**

#### 2.2. Differential Privacy

**Definition**

**2.**

**Definition**

**3.**

#### 2.3. Privacy-Preserving in Health Data

## 3. Methodology

#### 3.1. Signal Collecting and Preprocessing

#### 3.1.1. Signal Collecting

#### 3.1.2. Signal Preprocessing

#### 3.2. Privacy-Preserving in Data Transmitting

#### 3.2.1. Encryption in Devices

#### 3.2.2. Encryption in Cloud

#### 3.3. Privacy-Preserving in Data Publishing

#### 3.3.1. Data Publishing of IoT

#### 3.3.2. Personalized k-Anonymity

Algorithm 1. V-MDAV |

Input: distance matrix $\mathit{D}\mathit{M}$, Parameter $k$ |

Output: micro-aggregated set $\mathit{M}$ |

1: $c=computecentroidrecord\left(\mathit{D}\mathit{M}\right)$ |

2: while (more than $k-1$ records wait to be assigned) do |

3: $e=themostdistantrecordtoc$ |

4: ${g}_{i}=buildgroupfromrecord\left(e,\mathit{D}\mathit{M},k\right)$ |

5: ${g}_{i}=extendthegroup\left({g}_{i},\mathit{D}\mathit{M},k\right)$ |

6: end while |

7: ${g}_{1},{g}_{2},\dots ,{g}_{s}=assignremainingrecords\left(\mathit{D}\mathit{M},{g}_{1},{g}_{2},\dots ,{g}_{s}\right)$ |

8: $\mathit{M}=buildmicroaggregatedset\left({g}_{1},{g}_{2},\dots ,{g}_{s}\right)$ |

9: return $\mathit{M}$ |

10: end function |

Algorithm 2. Personalized $k$-anonymity |

Input: Original datasets $\mathit{D}$, Parameter $k$, sampling ratio $s$ |

Output: published datasets $\mathit{P}\mathit{D}$ |

1: $\mathit{S}\mathit{D}=randomsampling\left(\mathit{D},s\right)$ |

2: while $j\le attributenumber\left(\mathit{S}\mathit{D}\right)$ |

3: if $attribute\left(j\right)isnumeric$ |

4: $\mathit{\mu}=membership\left(\mathit{S}\mathit{D}\left(j\right)\right)$ |

5: ${\mathit{f}}_{ij}=\frac{{\mathit{\mu}}_{ij}}{{{\displaystyle \sum}}_{i=1}^{p}{\mathit{\mu}}_{ij}}$ |

6: else if $attribute\left(j\right)iscategory$ |

7: ${\mathit{f}}_{ij}=\frac{occurrences\left(i\right)}{recordnumber\left(\mathit{S}\mathit{D}\right)}$ |

8: end if |

9: $\mathit{E}{\mathit{n}}_{j}=-\frac{1}{\mathrm{ln}p}{{\displaystyle \sum}}_{i=1}^{p}{\mathit{f}}_{ij}\mathrm{ln}{\mathit{f}}_{ij}$ |

10: end while |

11: $\mathit{\omega}=weightassigning\left(\mathit{E}\mathit{n}\right)$ |

12: $\mathit{D}\mathit{M}=computedistancematrix\left(\mathit{\omega},\mathit{D}\right)$ |

13: $\mathit{M}=V-MDAV\left(\mathit{D}\mathit{M},k\right)$ |

14: $\mathit{P}\mathit{D}=anonymity\left(\mathit{M}\right)$ |

#### 3.3.3. Temporal Differential Privacy

**Definition**

**4.**

Algorithm 3. Temporal differential privacy |

Input: Original datasets $\left\{{\mathit{T}}_{0},{\mathit{T}}_{1},\dots ,{\mathit{T}}_{m}\right\}$, $\epsilon $ |

Output: Processed results $\left\{{\mathit{R}}_{1},{\mathit{R}}_{2},\dots ,{\mathit{R}}_{n}\right\}$, $n\le m$ |

1: $\Delta f=sensitivity\left({\mathit{T}}_{0}\right),k=0,j=0$ |

2: while $k\le m$ do |

3: $\Delta {f}_{k}=sensitivity\left({\mathit{T}}_{k}\right)$ |

4: $\delta =\frac{\Delta {f}_{k}}{\Delta f}$ |

5: if $\frac{{{\displaystyle \sum}}_{i=1}^{d}\left|\Delta {x}_{ki}\right|}{\Delta {f}_{k}\left|\mathrm{ln}\delta \right|}>\frac{d}{\epsilon}$ |

6: return ${\mathit{R}}_{j}=differentialprivacy\left(\epsilon ,{\mathit{T}}_{k}\right)$ |

7: $\Delta f=\Delta {f}_{k},k\leftarrow k+1,j\leftarrow j+1$ |

8: end if |

9: end while |

#### 3.3.4. Rationality Demonstration

## 4. Results and Discussion

#### 4.1. Dataset

- (1)
- Removed data. The removed attribute set contains names and IDs of devices, which will be removed before applying our privacy preserving method.
- (2)
- Static and long-term data. The static and long-term attribute set contains gender, age, height, and the health level of students, in which QI set consists of {gender, age, height}, and SA set consists of {health level}.
- (3)
- Real-time data. The real-time attribute set contains the resting HR, descent rate of HR, increase rate of HR, HR reserve, $Sp{O}_{2}$ saturation mean, $Sp{O}_{2}$ saturation standard deviation, HR after exercise and exercise time duration.

#### 4.2. Privacy Preserving on Static Data

#### 4.3. Privacy Preserving on Real-Time Data

**Step 1.**Decide the parameters $m$ and $r$. $m$ is an integer of the length of array in

**Step 2**, which is at least 2. $r$ is a real number representing the measure of similarity of time series. In common cases, we set

**Step 2.**Reconstruct $m$-dimension vectors of continuous time: $\mathit{X}\left(1\right),\text{}\mathit{X}\left(2\right),\text{}\dots \text{},\text{}\mathit{X}\left(N-m+1\right)$, where

**Step 3.**For 1 $\le i\le N-m+1$, compute the proportion ${C}_{i}^{m}\left(r\right)$ of similar vectors to $\mathit{X}\left(i\right)$.

**Step 4.**Compute the entropy ${\Phi}^{m}\left(r\right)=\frac{1}{N-m+1}{{\displaystyle \sum}}_{i=1}^{N-m+1}\mathrm{log}\left({C}_{i}^{m}\left(\mathrm{r}\right)\right)$. Repeat the above steps to compute ${\Phi}^{m+1}\left(r\right)$, and the $ApEn$ of time series $\mathit{u}$ is

## 5. Conclusions and Future Work

- (1)
- There are some researches of attacks on the PRESENT algorithm, such as [40]. We will improve the algorithm in future work to enhance security.
- (2)
- Some existing smart bracelet systems have used learning algorithms for classifying and predicting tasks, for example, the health status of users could be evaluated according to the data collected by the smart bracelets. In the training process, users’ privacy will also be exposed. We intend to adopt the federal learning method in the future work.
- (3)
- We will improve our mechanism to adapt to other kinds of IoT devices, and evaluate its effectiveness in the current network and device environment.

## Author Contributions

## Funding

## Data Availability Statement

## Conflicts of Interest

## References

- Nour, B.; Sharif, K.; Li, F.; Biswas, S.; Moungla, H.; Guizani, M.; Wang, Y. A survey of Internet of Things communication using ICN: A use case perspective. Comput. Commun.
**2019**, 142, 95–123. [Google Scholar] [CrossRef] - Ala, A.F.; Mohsen, G.; Mehdi, M.; Mohammed, A.; Moussa, A. Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Commun. Surv. Tutor.
**2015**, 17, 2347–2376. [Google Scholar] [CrossRef] - Zhang, X.L.; Upton, O.; Beebe, N.L.; Choo, R.K.K. IoT Botnet Forensics: A Comprehensive Digital Forensic Case Study on Mirai Botnet Servers. Forensic Sci. Int. Digit. Investig.
**2020**, 32, 300926. [Google Scholar] [CrossRef] - Kumar, P.; Braeken, A.; Gurtov, A.; Iinatti, J.; Ha, P.H. Anonymous Secure Framework in Connected Smart Home Environments. IEEE Trans. Inf. Forensics Secur.
**2017**, 12, 968–979. [Google Scholar] [CrossRef] [Green Version] - Ghosh, A.; Raha, A.; Mukherjee, A. Energy-Efficient IoT-Health Monitoring System using Approximate Computing. Internet Things
**2020**, 9, 100166. [Google Scholar] [CrossRef] - Marcus, A.G.; Santos, R.M.; Rodrigo, O.; Petro, P.R.F.; Javier, D.S.; Victor, H.C.d.A. Online heart monitoring systems on the internet of health things environments: A survey, a reference model and an outlook. Inf. Fusion
**2020**, 53, 222–239. [Google Scholar] [CrossRef] - Feroz Khan, A.B.; Anandharaj, G. A cognitive key management technique for energy efficiency and scalability in securing the sensor nodes in the IoT environment. CKMT. SN Appl. Sci.
**2019**, 1, 1–7. [Google Scholar] [CrossRef] [Green Version] - Rafik, H.; Zheng, Y.; Khan, M. A privacy-preserving cryptosystem for IoT E-healthcare. Inf. Sci.
**2019**, 527, 493–510. [Google Scholar] [CrossRef] - Ojetunde, B.; Shibata, N.; Gao, J.T. Monitoring-Based Method for Securing Link State Routing against Byzantine Attacks in Wireless Networks. J. Inf. Process.
**2018**, 26, 98–110. [Google Scholar] [CrossRef] [Green Version] - National Institute of Standards and Technology (NIST). Advanced Encryption Standard. NIST, FIPS PUB 197, US Department of Commerce. 2001. Available online: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (accessed on 6 May 2021).
- Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM
**1978**, 21, 120–126. [Google Scholar] [CrossRef] - Dwork, C. Differential Privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming, Venice, Italy, 10–14 July 2006. [Google Scholar]
- Sweeney, L. k-anonymity: A model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl. Based Syst.
**2002**, 10, 557–570. [Google Scholar] [CrossRef] [Green Version] - He, D.; Chan, S.; Guizani, M. User privacy and data trustworthiness in mobile crowd sensing. IEEE Wirel. Commun.
**2015**, 22, 28–34. [Google Scholar] [CrossRef] - Machanavajjhala, A.; Kifer, D.; Gehrke, J.; Venkitasubramaniam, M. L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data (TKDD)
**2007**, 1, 3. [Google Scholar] [CrossRef] - Chen, R.; Fung, B.C.M.; Mohammed, N.; Desai, B.C.; Wang, K. Privacy-preserving trajectory data publishing by local suppression. Inf. Sci.
**2013**, 231, 83–97. [Google Scholar] [CrossRef] [Green Version] - Pan, X.; Chen, W.Z.; Wu, L. Mobile User Location Inference Attacks Fusing with Multiple Background Knowledge in Location-Based Social Networks. Mathematics
**2020**, 8, 262. [Google Scholar] [CrossRef] [Green Version] - Zhang, F.; Chen, S.; Zhang, H.; Zhang, X.; Li, G. Bioelectric signal detrending using smoothness prior approach. Med. Eng. Phys.
**2014**, 36, 1007–1013. [Google Scholar] [CrossRef] - Chen, T.; Wu, H.R. Adaptive impulse detection using center-weighted median filters. IEEE Signal Process. Lett.
**2001**, 8, 1–3. [Google Scholar] [CrossRef] - Leander, G.; Paar, C.; Poschmann, A.; Robshaw, M.J.B.; Seurin, Y.; Bogdanov, A.; Knudsen, L.R.; Vikkelsoe, C. PRESENT: An Ultra-Lightweight Block Cipher. In Proceedings of the 9th International Workshop CHES 2007, Vienna, Austria, 10–13 September 2007; Springer: Berlin, Germany, 2007. [Google Scholar]
- Tsoutsos, N.G.; Maniatakos, M. The HEROIC framework: Encrypted computation without shared keys. IEEE Trans. Comput. Des. Integr. Circuits Syst.
**2015**, 34, 875–888. [Google Scholar] [CrossRef] - Domingo-Ferrer, J.; Mateo-Sanz, J.M. Practical dataoriented microaggregation for statistical disclosure control. IEEE Trans. Knowl. Data Eng.
**2002**, 14, 189–201. [Google Scholar] [CrossRef] [Green Version] - Domingo-Ferrer, J.; Torra, V. Ordinal, continuous and heterogeneous k-anonymity through micro-aggregation. J. Data Min. Knowl. Discov. Sep.
**2005**, 11, 195–202. [Google Scholar] [CrossRef] - Solanas, A.; Martinez-Ballesté, A. V-MDAV: A multivariate microaggregation with variable group size. In Proceedings of the Seventh Compstat Symposium of the Lasc, Rome, Italy, 28 August–1 September 2006. [Google Scholar]
- Li, N.; Li, T.; Venkatasubramanian, S. T-Closeness: Privacy Beyond k-Anonymity and l-Diversity. In Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering, Istanbul, Turkey, 15–20 April 2007. [Google Scholar]
- Khan, R.; Tao, X.; Anjum, A.; Kanwal, T.; Malik, S.u.R.; Khan, A.; Rehman, W.u.; Maple, C. θ-Sensitive k-Anonymity: An Anonymization Model for IoT based Electronic Health Records. Electronics
**2020**, 9, 716. [Google Scholar] [CrossRef] - Langari, R.K.; Sardar, S.; Mousavi, S.A.A.; Radfar, R. Combined fuzzy clustering and firefly algorithm for privacy preserving in social networks. Expert Syst. Appl.
**2020**, 141, 112968. [Google Scholar] [CrossRef] - Rastogi, V.; Nath, S. Differentially private aggregation of distributed time-series with transformation and encryption. In Proceedings of the ACM SIGMOD International Conference on Management of Data, Indianapolis, IN, USA, 6–10 June 2010; pp. 735–746. [Google Scholar]
- Fan, L.Y.; Xiong, L.; Sunderam, V. Differentially private multi-dimensional time series release for traffic monitoring. In Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII, Newark, NJ, USA, 15–17 July 2013; pp. 33–48. [Google Scholar]
- Kellaris, G.; Papadopoulos, S.; Xiao, X.K.; Papadias, D. Differentially private event sequences over infinite streams. Proc. Vldb Endow.
**2014**, 7, 1155–1166. [Google Scholar] [CrossRef] [Green Version] - Zhang, Y.; Zheng, D.; Deng, R.H. Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control. IEEE Internet Things J.
**2018**, 5, 2130–2145. [Google Scholar] [CrossRef] - Ren, H.; Li, H.; Liang, X.; He, S.; Dai, Y.; Zhao, L. Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees. Sensors
**2016**, 16, 1463. [Google Scholar] [CrossRef] [Green Version] - Al-Zubaidie, M.; Zhang, Z.; Zhang, J. PAX: Using Pseudonymization and Anonymization to Protect Patients’ Identities and Data in the Healthcare System. Int. J. Environ. Res. Public Health
**2019**, 16, 1490. [Google Scholar] [CrossRef] [Green Version] - Saquib, N.; Papon, M.T.I.; Ahmad, I.; Rahman, A. Measurement of heart rate using photoplethysmography. In Proceedings of the 2015 International Conference on Networking Systems and Security, Dhaka, Bangladesh, 5–7 January 2015; pp. 1–6. [Google Scholar]
- Zhang, Z. Photoplethysmography-based heart rate monitoring in physical activities via joint sparse spectrum reconstruction. IEEE Trans. Biomed. Eng.
**2015**, 62, 1902–1910. [Google Scholar] [CrossRef] [Green Version] - Xie, H.; Cheng, H.Z.; Niu, D.X. Discretization Algorithm for Continuous Attributes of Rough Sets Based on Information Entropy. Chin. J. Comput.
**2005**, 28, 1570–1574. [Google Scholar] - Sancho-Royo, A.; Verdegay, J.L. Methods for the construction of membership functions. Int. J. Intell. Syst.
**1999**, 14, 1213–1230. [Google Scholar] [CrossRef] [Green Version] - Domingo, F.J. Microaggregation for Database and Location Privacy. In Proceedings of the 6th International Conference, NGITS 2006, Kibbutz Shefayim, Israel, 4–6 July 2006. [Google Scholar]
- Kanungo, T.; Mount, D.M.; Netanyahu, N.S.; Piatko, C.; Silverman, R.; Wu, A.Y. Computing Nearest Neighbors for Moving Points and Applications to Clustering. In Proceedings of the 10th Annual ACM-SIAM Symp. Discrete Algorithms. Omni Inner Harbor Hotel, Baltimore, MD, USA, 17–19 January 1999; pp. 931–932. [Google Scholar]
- Duan, X.; Cui, Q.; Wang, S.; Fang, H.; She, G. Differential power analysis attack and efficient countermeasures on PRESENT. In Proceedings of the 2016 8th IEEE International Conference on Communication Software and Networks, Beijing, China, 4–6 June 2016; pp. 8–12. [Google Scholar]

**Figure 1.**Information transmission process of intelligent wearable devices (e.g., a smart bracelet).

**Figure 2.**The framework of the proposed practical privacy-preserving mechanism in wearable IoT applications.

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |

S(x) | C | 5 | 6 | B | 9 | 0 | A | D | 3 | E | F | 8 | 4 | 7 | 1 | 2 |

Information Source | Information | Data Type | Value Duration |
---|---|---|---|

users | height | Numeric data | Long-term |

weight | Numeric data | Long-term | |

gender | Category data | Static | |

age | Numeric data | long-term | |

health | heart rate | Numeric data | Real-time |

blood oxygen | Numeric data | Real-time | |

health level | Category data | Long-term | |

diseases | Category data | Long-term | |

behavior | acceleration | Numeric data | Real-time |

environment | city | Category data | Long-term |

GPS location | Numeric data | Real-time | |

temperature | Numeric data | Real-time | |

humidity | Numeric data | Real-time | |

atmosphere pressure | Numeric data | Real-time |

Time | $\mathit{S}\mathit{p}{\mathit{O}}_{\mathbf{2}}$ (%) | Heartbeat (bpm) | Steps Increase |
---|---|---|---|

10:20:43 | 99 | 80 | 0 |

10:22:18 | 99 | 102 | 2 |

Attribute | Weight |
---|---|

gender | 0.34497 |

age | 0.02572 |

height | 0.62931 |

$\mathit{k}$ | Algorithm | Group Number | Maximum Group Size | Group Size Variance |
---|---|---|---|---|

$k=10$ | V-MDAV | 36 | 22 | 9.099 |

personalized $k$-anonymity | 37 | 18 | 4.938 | |

$k=20$ | V-MDAV | 19 | 32 | 10.825 |

personalized $k$-anonymity | 19 | 31 | 9.407 |

$\mathit{\epsilon}$ | Query | Number of Published Records | Average $\mathit{A}\mathit{p}\mathit{E}\mathit{n}$ of Temporal Differential Privacy | Average $\mathit{A}\mathit{p}\mathit{E}\mathit{n}$ of Differential Privacy |
---|---|---|---|---|

$\epsilon =0.2$ | maximum | 13 | 0.3514 | 1.6063 |

average | 22 | 0.5035 | 1.6980 | |

$\epsilon =0.5$ | maximum | 18 | 0.4893 | 1.5504 |

average | 52 | 1.1296 | 1.6780 |

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Guo, J.; Yang, M.; Wan, B.
A Practical Privacy-Preserving Publishing Mechanism Based on Personalized k-Anonymity and Temporal Differential Privacy for Wearable IoT Applications. *Symmetry* **2021**, *13*, 1043.
https://doi.org/10.3390/sym13061043

**AMA Style**

Guo J, Yang M, Wan B.
A Practical Privacy-Preserving Publishing Mechanism Based on Personalized k-Anonymity and Temporal Differential Privacy for Wearable IoT Applications. *Symmetry*. 2021; 13(6):1043.
https://doi.org/10.3390/sym13061043

**Chicago/Turabian Style**

Guo, Junqi, Minghui Yang, and Boxin Wan.
2021. "A Practical Privacy-Preserving Publishing Mechanism Based on Personalized k-Anonymity and Temporal Differential Privacy for Wearable IoT Applications" *Symmetry* 13, no. 6: 1043.
https://doi.org/10.3390/sym13061043