A Practical Privacy-Preserving Publishing Mechanism Based on Personalized k-Anonymity and Temporal Differential Privacy for Wearable IoT Applications

: With the rapid development of the Internet of Things (IoT), wearable devices have become ubiquitous and interconnected in daily lives. Because wearable devices collect, transmit, and monitor humans’ physiological signals, data privacy should be a concern, as well as fully protected, through-out the whole process. However, the existing privacy protection methods are insufﬁcient. In this paper, we propose a practical privacy-preserving mechanism for physiological signals collected by intelligent wearable devices. In the data acquisition and transmission stage, we employed existing asymmetry encryption-based methods. In the data publishing stage, we proposed a new model based on the combination and optimization of k-anonymity and differential privacy. An entropy-based personalized k-anonymity algorithm is proposed to improve the performance on processing the static and long-term data. Moreover, we use the symmetry of differential privacy and propose the temporal differential privacy mechanism for real-time data to suppress the privacy leakage while updating data. It is proved theoretically that the combination of the two algorithms is reasonable. Finally, we use smart bracelets as an example to verify the performance of our mechanism. The experiment results show that personalized k-anonymity improves up to 6.25% in terms of security index compared with traditional k-anonymity, and the grouping results are more centralized. Moreover, temporal differential privacy effectively reduces the amount of information exposed, which protects the privacy of IoT-based users.


Introduction
Internet of things (IoT) is widely used in various fields of our daily lives, such as agriculture, industry, transportation, healthcare, education, furniture, and so on. With the IoT changing people's lifestyles, user security, in its various applications, has gradually become a problem that cannot be ignored [1,2]. In October 2016, the Mirai botnet [3] controlled a large number of IoT devices to launch DDoS attacks with network traffic up to 620 gb/s, which led to disconnections in most states in the United States. It was discovered that in 2014 there are more than 750,000 devices have been compromised and spied [4]. In 2019, a large amount of privacy problems occurred in smart-home devices, and some users' private videos were exposed on the internet by attackers. The above examples show that, due to the entity link mode of the IoT, attackers may easily obtain network data for illegal use or dissemination; more attention should be paid to this, especially in regards to the application of IoT-based health monitoring [5], since mobile health has become one of the most closely related IoT applications to consumers [6]. Data privacy of users has become a hot topic for researchers in the academic field of IoT.
An IoT infrastructure usually integrates various sensors, memories, computing units, and gateway modules to complete the tasks of data acquisition, storage, and forwarding (1) In the signal acquisition stage, the physical structure of the equipment is at risk of being damaged. (2) In the wireless transmission stage, the signals are faced with the risk of being intercepted by special equipment. Moreover, most IoT devices have limited computing and storage space, which makes it difficult to run complex privacy protection algorithms. For example: in a marathon race in 2014, researchers used Bluetooth sniffers to easily obtain health information from 563 different competition devices since the data collected by the devices were not protected [14]. (3) In the data publishing stage, attackers could infer the users' real information in different ways. The common methods include linkage attack [15,16] and background knowledge attack [15,17].
In order to avoid these risks, we need to develop the privacy protection technology in specific circumstances. First, it is necessary to classify the data and data types acquired by IoT devices. According to the time duration of data value maintenance, the collected data attributes can be divided into static data, long-term data, and real-time data. Considering the differences of data attributes in the application of IoT, it is essential to establish different privacy protection mechanisms for each datum attribute. Moreover, we must ensure the consistency of privacy-preserving mechanisms, which means that it cannot only be applied to a certain type of device, or weaken the effect of privacy protection when the data are updated. In order to avoid these risks, we need to develop the privacy protection technology in specific circumstances. First, it is necessary to classify the data and data types acquired by IoT devices. According to the time duration of data value maintenance, the collected data attributes can be divided into static data, long-term data, and real-time data. Considering the differences of data attributes in the application of IoT, it is essential to establish different privacy protection mechanisms for each datum attribute. Moreover, we must ensure the consistency of privacy-preserving mechanisms, which means that it cannot only be applied to a certain type of device, or weaken the effect of privacy protection when the data are updated.
Based on the above considerations, we propose in this paper a practical privacy-preserving mechanism for wearable IoT applications. The framework is presented in Figure  2. In regards to signal acquisition during the device stage, smooth prior processing (SPA) [18] and median filtering (MF) [19] were applied to preprocess the photoplethysmography (PPG) signals collected by wearable IoT devices. Data with physical significance, such as heartbeat, blood oxygen, and acceleration were then estimated, respectively, in numerical form from the preprocessed PPG signals. In the stage involving wireless transmission from devices to the cloud, the original data were encrypted by the PRESENT algorithm [20], which is a lightweight encryption algorithm for IoT devices with limited space, and then transmitted to the server. Moreover, data were encrypted by the Paillier algorithm [21] in the cloud for homomorphic updates. In the data publishing stage, we divided the data into three parts-static data, long-term data, and real-time data, respectively. For the first and the second types of data, we designed a personalized k-anonymity algorithm to protect privacy. For the third, we proposed the temporal differential privacy mechanism to suppress the information leakage in data update. Results of the two methods will be combined and eventually released.
The contributions of this paper are mainly summarized as follows.
(1) We designed a privacy-preserving framework for IoT devices, which includes the transmitting and data publishing process. (2) We proposed the personalized k-anonymity algorithm based on entropy of attributes to increase the usability of anonymized data, in which the category and numeric attributes are discussed as different types. (3) We proposed the temporal differential privacy mechanism to reduce the temporal privacy disclosure, and put forward an implement algorithm in the Laplace mechanism scenarios. (4) We proposed a practical data-publishing model for IoT devices, including the processing of static, long-term, and real-time data, and we prove that this model is of enough safety.
The remainder of our work is organized as follows. Section 2 introduces the related privacy preserving work. Section 3 presents the complete theory and method of our work, including the collection and preprocessing of data in IoT devices, the encryption methods in the transmitting process, and the publishing model containing the proposed personal- Based on the above considerations, we propose in this paper a practical privacypreserving mechanism for wearable IoT applications. The framework is presented in Figure 2. In regards to signal acquisition during the device stage, smooth prior processing (SPA) [18] and median filtering (MF) [19] were applied to preprocess the photoplethysmography (PPG) signals collected by wearable IoT devices. Data with physical significance, such as heartbeat, blood oxygen, and acceleration were then estimated, respectively, in numerical form from the preprocessed PPG signals. In the stage involving wireless transmission from devices to the cloud, the original data were encrypted by the PRESENT algorithm [20], which is a lightweight encryption algorithm for IoT devices with limited space, and then transmitted to the server. Moreover, data were encrypted by the Paillier algorithm [21] in the cloud for homomorphic updates. In the data publishing stage, we divided the data into three parts-static data, long-term data, and real-time data, respectively. For the first and the second types of data, we designed a personalized k-anonymity algorithm to protect privacy. For the third, we proposed the temporal differential privacy mechanism to suppress the information leakage in data update. Results of the two methods will be combined and eventually released. ized k-anonymity and temporal differential privacy. In Section 4, experiments are presented for performance evaluation and comparison. Finally, we draw conclusions in Section 5.

Anonymous Methods
Definition 1. k-anonymity [13]. The dataset is grouped with at least k records and the same quasi-identifier (QI) values in each group [13].
QI refers to the attribute or set of attributes that is different from the explicit identifier (ID, name, etc.), but can be used as the necessary evidence to fix on one specific user. In kanonymity groups, QI remains the same for every record, and the possibility of mapping a record with a specific user can be eliminated.
Generalization [13] is one of the main methods of anonymity. This method general- The contributions of this paper are mainly summarized as follows.
(1) We designed a privacy-preserving framework for IoT devices, which includes the transmitting and data publishing process. (2) We proposed the personalized k-anonymity algorithm based on entropy of attributes to increase the usability of anonymized data, in which the category and numeric attributes are discussed as different types. (3) We proposed the temporal differential privacy mechanism to reduce the temporal privacy disclosure, and put forward an implement algorithm in the Laplace mechanism scenarios. (4) We proposed a practical data-publishing model for IoT devices, including the processing of static, long-term, and real-time data, and we prove that this model is of enough safety.
The remainder of our work is organized as follows. Section 2 introduces the related privacy preserving work. Section 3 presents the complete theory and method of our work, including the collection and preprocessing of data in IoT devices, the encryption methods in the transmitting process, and the publishing model containing the proposed personalized k-anonymity and temporal differential privacy. In Section 4, experiments are presented for performance evaluation and comparison. Finally, we draw conclusions in Section 5.

Anonymous Methods
Definition 1. k-anonymity [13]. The dataset D is grouped with at least k records and the same quasi-identifier (QI) values in each group [13].
QI refers to the attribute or set of attributes that is different from the explicit identifier (ID, name, etc.), but can be used as the necessary evidence to fix on one specific user. In k-anonymity groups, QI remains the same for every record, and the possibility of mapping a record with a specific user can be eliminated.
Generalization [13] is one of the main methods of anonymity. This method generalizes different values to a new value at a higher level. For example, the different age values 33 and 37 in a dataset can be generalized into the new value 30-40. For more complicated problems, the generalization tree [13] is needed. In a generalization tree, every node presents the possible value at different generalizing levels. The closer a node next to the root, the higher the generalizing level it contains, and the larger the information loss in its generalizing process.
Micro-aggregation [22] is also used commonly as an anonymizing method. The records will first be divided into several groups through some heuristic algorithm, and the record values are replaced by the central record values in every group. The algorithms MD [22], MDAV [23], and V-MDAV [24] are based on this method.
Researchers have made different improvements on the k-anonymity mechanism on data level. L-diversity [15] and t-closeness [25] are proposed to prevent link attack and background knowledge attack. Razaullah Khan et al. [26] propose the θ-Sensitive k-anonymity algorithm, in which θ is set as a threshold, distinguishing different diversity level of data and adding noise. It is proved that this algorithm can prevent the sensitive variance attack and categorical similarity attack. Rohulla kosari langari et al. [27] propose a privacy preserving method KFCFA in social networks, which uses k-member fuzzy clustering for clustering and optimizes the clustering and anonymization process with the Firefly algorithm. The KFCFA method protects privacy on the data level and graph level, and effectively reduces information loss. However, the above anonymity methods lack the consideration of differences in attributes. The attributes in a dataset present heterogeneities in the data type, the value scope and the degree of dispersion, which are all important issues affecting the anonymizing results. In this paper, we propose a personalized k-anonymity algorithm to solve the problem.

Differential Privacy
Definition 2. differential privacy [12]. If D and D are two datasets only different in one record, they are a couple of neighbor datasets. Denote d the number of attributes in two datasets, f the function to query the dataset and returns a d-dimension array, A the function to process the query result, and ε the setting privacy budget. Differential privacy can be described as [12]: Definition 3. Laplace mechanism [12]. It can be proved that adding noise n ∼ Laplace ∆f ε to the query result can meet the requirement of differential privacy [12], in which ∆f is the sensitivity of the query.
In exception for a static dataset, differential privacy is also used in the publishing of temporal data. The baseline method is to add noise n ∼ Laplace length(time series) ε [28] to every time point. However, adding noise directly will cause a big information loss when the time series is long. Rastogi et al. [28] raise the DFT k algorithm, in which the DFT coefficients of time series are perturbed by Laplace noise. Fan et al. [29] propose the Kalman algorithm, which applies Kalman filtering on the perturbed data based on time modeling. For the infinite time series, Kellaris et al. [30] raise the ω-event -differential privacy, and propose an implementation BA for the mechanism.
However, the above methods only focus on the publishing of time series of only one attribute. For practical IoT scenarios, there are data with different attributes to be published at every time. In order to preserve users' privacy, the dataset at every time point and the time series for every attribute should both be well preserved.

Privacy-Preserving in Health Data
In the aspect of health privacy protection, researchers propose various mechanisms for different scenarios.
Yinghui Zhang et al. [31] introduce a privacy-aware smart-health access control system PASH, in which attribute values of access policies are hidden in encrypted smart-health records. Hao Ren et al. [32] propose a new data aggregation scheme PMHA-DP to protect the privacy in wireless body area network, in which a privacy-enhanced average aggregation scheme (PAAS) is proposed based on differential privacy. This scheme effectively protects the user privacy in data aggregation and reduces the communication overhead. Al-Zubaidie M et al. [33] propose a new PAX authorization system to protect patient privacy in electronic health record system. The PAX system combines pseudonym, anonymity, and XACML technologies to protect privacy and reduce cost effectively.

Methodology
In this section, we demonstrate the details of the proposed privacy-preserving mechanism. In the application scenario of smart wearable devices, we first describe the specific ways of information collecting and processing, converting electrical signals into data. Secondly, we use two existing encryption methods to ensure the security of information in the transmitting process and background. Finally, we propose the data publishing method to reduce privacy leakage. The temporal data tables will first be split into two parts. We apply personalized k-anonymity to static and long-term data, and temporal differential privacy to real-time data. The data will be published after merging. In the end, we provide the rationality demonstration for the proposed method.

Signal Collecting and Preprocessing
In this section, we introduce the collecting and preprocessing steps of signals in smart bracelets, which are the bases of our privacy preserving mechanism. Firstly, two widely used technologies are demonstrated for obtaining signals of heart rate and blood oxygen. Secondly, we introduce two preprocessing methods of reducing noises in signals.

Signal Collecting
(1) Heart rate. When the light passes through the skin tissue and then reflects to the photosensitive sensor, the absorption of light by other tissues is, basically, unchanged except for the blood, for there are blood flow changes in the artery for every beat. When the light is converted into the electrical signal in the devices, the signal can be taken as the summation of DC and AC signals, which present the unchanged signal of other tissues and the changed signal of blood flow. According to the method described in [34], we use Discrete Fourier Transform (DFT) to transform the time domain waveform of PPG signals into the frequency domain, and then extract the frequency components of human heart rate from the spectrum to obtain the heart rate data.
(2) Blood oxygen. There is a certain proportion of oxygenated hemoglobin HbO 2 and hemoglobin Hb in blood. The absorption coefficient of Hb is high in the range of 600-800 nm in spectrum, while the coefficient of HbO 2 is high in the range of 800-1000 nm [28]. In [28], researchers use red light (600-800 nm) and infrared ray (800-1000 nm) to detect the PPG signal of HbO 2 and Hb to reflect the SpO 2 value.
In Equation (2), C HbO 2 is the oxygenated hemoglobin concentration, and C Hb is the reduced hemoglobin concentration.

Signal Preprocessing
There are other noises in the physiological signals collected by smart wearable devices, which are produced during the signal collecting process. In order to obtain the accurate physiological data of users, the signal-preprocessing module is needed in the devices.
The noises are produced because of the following two major reasons. The first is the electromyography (EMG) interference [35]. The movements of human body cause the muscle tremor, which makes the surface potential change and causes the interference of collected signals. The EMG noise is similar to the white noise, because they both present narrow in time domain and wide in frequency domain. In our work of smart bracelets, we first apply the smoothness prior approach (SPA) [18] to remove EMG noise.
The first step of SPA is dividing the signals Z into two components: the stationary part Z stationary and the low-frequency aperiodic trend part Z trend .
The information is contained in the stationary component, so the trend component needs to be removed. The trend component can be described as the linear model: where H is the observation matrix, and v presents the observation error. The estimation of parameter θ λ is expressed as the following expression: where λ is the regularization parameter, and D d is the discrete approximation to the dth derivative operator. Suppose the dimension d = 2, then the solution is: and D 2 is the second order difference matrix: The second reason of noise interference is baseline drift, which comes from the intermittent contact problem of the devices and human body surface. In this paper, we use the median filter (MF) to suppress this kind of noise. In this filter, we set a length-fixed window and make the signals successively stream into the window. The output of the filter is the median value of all samples in the window at every time point. The points with noises that appear in isolation can be removed through MF method.

Privacy-Preserving in Data Transmitting
Encryption is the most used privacy-preserving method in the process of data transmitting, which ensures safety and causes no information loss. During the transmitting of data from devices to the cloud, we apply two different asymmetry encryption algorithms in this paper. First, in order to ensure the security of data in the process of information transmission, and the better adaption to the storage and computing space of devices, we use the lightweight PRESENT algorithm to encrypt the data inside the device. Secondly, in order to make the privacy information not exposed in the background and support the normal data update operation, we use the Paillier homomorphic encryption algorithm to encrypt the data in the cloud.

Encryption in Devices
In IoT devices, block cipher is widely used as a kind of encryption methods. Block cipher divides plaintext into several vectors, encrypts the vectors separately, and finally combine the ciphertexts. Block cipher decreases the size of plaintext to be encrypted at one time, which fits the limited-space IoT devices.
In the process of transmitting information from smart wearable devices to the gateway devices, we apply the PRESENT algorithm [20], which is one of the lightweight block cipher algorithms. In the PRESENT algorithm, the length of every vector is 64 bits, and the length of a secret key is 80 or 128 bits. The sizes of vectors and secret keys of PRESENT are much shorter than the traditional block cipher methods, which makes it feasible in smart wearable devices. The PRESENT algorithm is described in Figure 3.
and is the second order difference matrix: The second reason of noise interference is baseline drift, which comes from the intermittent contact problem of the devices and human body surface. In this paper, we use the median filter (MF) to suppress this kind of noise. In this filter, we set a length-fixed window and make the signals successively stream into the window. The output of the filter is the median value of all samples in the window at every time point. The points with noises that appear in isolation can be removed through MF method.

Privacy-Preserving in Data Transmitting
Encryption is the most used privacy-preserving method in the process of data transmitting, which ensures safety and causes no information loss. During the transmitting of data from devices to the cloud, we apply two different asymmetry encryption algorithms in this paper. First, in order to ensure the security of data in the process of information transmission, and the better adaption to the storage and computing space of devices, we use the lightweight PRESENT algorithm to encrypt the data inside the device. Secondly, in order to make the privacy information not exposed in the background and support the normal data update operation, we use the Paillier homomorphic encryption algorithm to encrypt the data in the cloud.

Encryption in Devices
In IoT devices, block cipher is widely used as a kind of encryption methods. Block cipher divides plaintext into several vectors, encrypts the vectors separately, and finally combine the ciphertexts. Block cipher decreases the size of plaintext to be encrypted at one time, which fits the limited-space IoT devices.
In the process of transmitting information from smart wearable devices to the gateway devices, we apply the PRESENT algorithm [20], which is one of the lightweight block cipher algorithms. In the PRESENT algorithm, the length of every vector is 64 bits, and the length of a secret key is 80 or 128 bits. The sizes of vectors and secret keys of PRESENT are much shorter than the traditional block cipher methods, which makes it feasible in smart wearable devices. The PRESENT algorithm is described in Figure 3. In the PRESENT algorithm, each key update process round is divided into three steps [29]. Suppose that the last round key is [  In the PRESENT algorithm, each key update process round is divided into three steps [29]. Suppose that the last round key is [k 79 k 78 . . . The S-Box of PRESENT is shown in Table 1 [20], which is used in the substitution layer to replace every bit of text, and the function of the permutation layer [20] is calculated as Equation (8), which means the bit i will be moved to the bit position P(i). Every round of the encryption process contains the substitution layer and the permutation layer.

Encryption in Cloud
When the information of users is transmitted to the cloud, in order to avoid information disclosure for background and support different computing operations, we employ the homomorphic encryption. Homomorphic encryption is a kind of encryption method, which makes the text before and after encryption homomorphic on some operations. In this paper, we use the Paillier homomorphic encryption [21] to preserve privacy in the cloud for IoT data.
The Paillier homomorphic encryption algorithm is homomorphic in both addition [21] and scalar multiplication [21]. Suppose the Paillier homomorphic encryption algorithm is f , and two plaintexts are A and B, the Paillier homomorphic expressions can be described in Equations (9) and (10).
The above two equations indicate that when data are required to be updated or computed in the cloud, we can finish the addition and scalar multiplication without decrypting, and the real data will not be exposed to untrusted platforms.

Privacy-Preserving in Data Publishing
In this part, we introduce a practical data-publishing model: for static and longterm data, the personalized k-anonymity is used, and for real-time data, the temporal differential privacy is used. We first demonstrate the data publishing in IoT in Section 3.3.1, and introduce the above two innovative algorithms in detail in Sections 3.3.2 and 3.3.3. In Section 3.3.4, we formally prove that the data-publishing model is reasonable.

Data Publishing of IoT
In IoT applications, analysts of relevant organizations will collect users' data for comprehensive analysis. For example, IoT developers will analyze a large amount of user data for behavior analysis and personalized services, and some useful data will be made public to support researchers' analysis in some fields. However, in the publishing process, the users' real data are published, which poses a threat to the privacy of users. If the users' private data are not properly preserved during data publishing, intentional attackers may use the information to cheat target users or sell their data, which will damage the users' interests and reduce the credibility of the IoT platforms. In addition, if the leaked information is sensitive to users, the leakage will cause psychological harm. Data that could be published in the scenarios of the smart wearable devices are listed in Table 2.

Personalized k-Anonymity
As we explain in Section 2, the traditional k-anonymity methods lack the consideration of attributes' differences. In this part, we introduce the personalized k-anonymity. K-partition is the process of dividing an original dataset into several clusters [13], which is the most important step of k-anonymity. The common methods of k-partition are mostly based on the distance between every two records, and making the near records into the same cluster, such as MDAV [23], V-MDAV [24]. Suppose the QI attribute set is q 1 , q 2 , . . . , q q , the distance between two records x 1 , x 2 , . . . , x q and y 1 , y 2 , . . . , y q can be calculated as: where {ω i } are weights of every attribute. In k-partition, we notice that there are two important points: one is the distance of values for one attribute |x i − y i |, the other is the assigned weight ω i of every attribute.
Firstly, we define the distance of two values of an attribute. As for the digital attributes, we use the absolute value of subtraction. As for the category attributes, we use the step to the same parent node in the generalization tree to measure the distance between the two child nodes.
To assign the weights, the entropy weight method [36] is used in this paper. We describe the reason of using this method in a simple way: the attributes of high entropy are always complicated in the occurrence of value, which should play more important roles in dividing data into clusters. As what have discussed in the previous sections, the discussion of entropy weight method also bases on category and numeric attributes. As for the category attributes, the method is to find frequency f ij for each possible value i, usually f ij is the ratio of the number of occurrences of the value i and the number of records. The normalized entropy of attribute j is: As for the numeric data, the scope of each attribute value is different, which will affect the extent of dispersion of attribute. Data should be normalized before assigning weights to attributes, so that we can judge the dispersion degree of each attribute from a unified perspective. In our study, we use the membership degree [37] method to normalize the values. The data collected by devices in one time can be described as D p×q , where p presents the numbers of users, and q presents the numbers of QIs. The membership function can be expressed as: (13) D j1 and D j2 are the upper limits of satisfying value and permissible value of attribute q j . The normalized matrix can be expressed as µ p×q . Each element in the matrix ranges from 0 to 1. According to the idea we put forward, the greater the dispersion of data, the bigger the entropy of the data, and the less security the data possess. Entropy of an attribute q j is calculated as in Equation (12), in which The weight assigned to each attribute is: However, the cost time for computing the weight of every attribute is almost equal to the cost time of k-partition. For the occasions where there are a large amount of data, the process to assign weights will cost much time. When we design the personalized kanonymity algorithm, this procedure is based on a small amount of data sampled randomly to reduce the time cost. It can be proved that the result of weight is the unbiased estimation of the complete data result, for the calculating of entropy is based on frequency.
We use the V-MDAV algorithm [24] for k-anonymity grouping, which is presented in Algorithm 1. The personalized k-anonymity algorithm is described in Algorithm 2.

Temporal Differential Privacy
Apart from the common insecurity that a statistic dataset will bring, dangers of data leaking in a temporal process still exist. For example, Table 3 shows the information that a device collects at different moments from one user. This user's heart rate increases suddenly, while the other two attributes do not change a lot. Moreover, the background attackers can draw a conclusion that it is of a low probability that the sudden increase in the heart rate is related to sports, but probably results from an illness, such as the sudden palpitation. If this user really has the illness, the health information is exposed to the attackers. if attribute(j) is numeric 4: µ = membership(SD(j)) 5:  In a dataset, some health attributes may have common correlations, which can be positive, negative, or more complex. Therefore, unbalanced changes of attributes indicate the occurrence of abnormal conditions and can lead to information leakage.
In this paper, we propose the temporal differential privacy mechanism to solve the above problem. We firstly define an important variable δ to indicate the sensitivity ratio between two time points. Suppose the sensitivities at time 0 and time t are ∆ f and ∆ f t , then the sensitivity ratio δ is Pr[A(D t )=δO] is [r 1 , r 2 ], the published results are satisfied with temporal differential privacy when r 1 ≤ 1 ≤ r 2 .
In this paper, we put forward an implementation method of temporal differential privacy in the Laplace mechanism scenarios.
Suppose the original query result is f (D) = (x 1 , x 2 , . . . , x d ) T , and the result at time t is f (D t ) = (x t1 , x t2 , . . . , x td ) T = (x 1 + ∆x t1 , x 2 + ∆x t2 , . . . , x d + ∆x td ) T . According to the Laplace mechanism [11], the result perturbed by Laplace noise n ∼ Laplace ∆ f ε is satisfied with differential privacy. From the definition of Laplace distribution, the distribution of published result at time 0 of differential privacy is At time t, the published result is also perturbed by Laplace noise n ∼ Laplace ∆f t ε , and a distribution also exists. We study the possible result O t = δO = (δy 1 , δy 2 , . . . , δy d ) T . Through the same way as above, the probability is In order to meet the requirement of temporal differential privacy, we first compute the result of

Pr[A(D)=O]
Pr[A(D t )=δO] in Inequality 18. We use the absolute value inequality at the position of less-than-equal sign.
The Pr[A(D t )=O t ] can also be computed: According to definition 4, temporal differential privacy is satisfied if We take the logarithm of both sides, and then merge the two intermediate results together to compute the final result: We take Inequality 21 as the condition of our algorithm, which represents the bound of whether the data can be published, ensuring the data will not leak important information in the variations. The above algorithm is described in Algorithm 3. It is obvious that this algorithm is satisfied with temporal differential privacy.

Rationality Demonstration
We proposed a method that combines the promotions of the two traditional algorithms: k-anonymity and differential privacy in data publishing for different kinds of attributes in Sections 3.3.2 and 3.3.3. In this section, we prove that this combination is rational and the final result satisfies with both k-anonymity and the differential privacy mechanism.
The real-time attributes can be seen as the sensitive attributes (SA), while the static and long-term attributes set includes QIs and SAs. Suppose the static and long-term attributes set is (QI, SA 1 ), and the real-time attributes set is SA 2 .
(1) K-anonymity. The values of QI are the same in an equivalence class as the attributes (QI, SA 1 ) according to the k-anonymity mechanism. It is obvious that, as for the combined attributes set, (QI, SA 1 , SA 2 ), the QI values remain the same in the equivalence class as the record number at least k. Therefore, our combined mechanism is satisfied with kanonymity.
(2) Differential privacy. According to the differential privacy mechanism, the relationship between neighbor datasets SA 2 and SA 2 satisfies with the expression: Other parameters are the same as Section 2. SA 2 and SA 2 are a couple of neighbor datasets, which means that they are different in only one record. We add the same data (QI, SA 1 ) that have been anonymized to the two datasets. It is obvious that the new datasets D(QI, SA 1 , SA 2 ) and D (QI, SA 1 , SA 2 ) are neighbor datasets to each other.
Denote PM the publishing mechanism in this paper and O = (O 1 , O 2 ), and we can conclude from the above that It is proved that the proposed data publishing mechanism is satisfied with the differential privacy.

Results and Discussion
In this section, we evaluate the effectiveness of the data publishing algorithms proposed in Section 3, including personalized k-anonymity and temporal differential privacy. We compare the performances of the proposed algorithm with the existing algorithms by information loss, distance linked closure risk, and other quantitative results.

Dataset
The data in the following experiments were collected from 513 teenagers in a middle school using our smart bracelets. The dataset contains the heart rate (HR), blood oxygen (SpO 2 ), and other physiological data before and after a long run.
The attributes can be divided into three kinds: removed data, static and long-term data, and real-time data, which are listed in detail as follows: (1) Removed data. The removed attribute set contains names and IDs of devices, which will be removed before applying our privacy preserving method. (2) Static and long-term data. The static and long-term attribute set contains gender, age, height, and the health level of students, in which QI set consists of {gender, age, height}, and SA set consists of {health level}. (3) Real-time data. The real-time attribute set contains the resting HR, descent rate of HR, increase rate of HR, HR reserve, SpO 2 saturation mean, SpO 2 saturation standard deviation, HR after exercise and exercise time duration.
Note that the following experiments are implemented in the Python 3.7.4 development environment. At the beginning of our experiment, we removed the names and IDs in the dataset first. Then, we apply personalized k-anonymity mentioned in Section 3.3.2 to the static and long-term data, and temporal differential privacy mentioned in Section 3.3.3 to the real-time data.

Privacy Preserving on Static Data
We process the static and long-term data with a personalized k-anonymity publishing scheme propose in Section 3.3.2, which is compared with the conventional V-MDAV. In this part, we use two indexes to evaluate the usability and safety of the two algorithms.
We use information loss (IL) [24] to measure the usability of data. Suppose D is a dataset, and D (g 1 , g 2 , . . . , g m ) is the dataset to be published, {g 1 , g 2 , . . . , g m } are groups that are divided by k-anonymity. The group square errors (GSE) of g i can be calculated as: where D i is the centroid of g i , and n i is the number of records in group g i . Moreover, the sum of square errors (SSE) of D is defined as: The total sum of squares (SST) is defined as: where D is the average of total data in D.
IL is the ratio of SSE and SST, which is expressed in Equation (27).
We use the distance linked disclosure risk (DLD) [38] of the anonymized dataset to measure the disclosure risk of k-anonymity. DLD is calculated as: where linked − record − num is the number of linked records, and total − record − num is the number of total records of the anonymized data. A smaller DLD means the anonymized table takes less risk of information leakage. Table 4 presents the results of calculated weights of QIs based on the personalized kanonymity. For different values of k, assessments of V-MDAV and personalized k-anonymity are shown in Figure 4, and Table 5 is the group information of the two algorithms. From Figure 4, we can conclude that when the value of k is small, the information loss of personalized k-anonymity is smaller. When k value is large, the information loss of V-MDAV is smaller. Therefore, personalized k-anonymity has better usability in the case of less k value and more groups. Overall, the IL values of the two algorithms are almost equal for different values of k. However, our algorithm improves up to 6.25% in terms of security index compared with traditional k-anonymity. Moreover, Table 5 shows that the group size variance of personalized k-anonymity is smaller than V-MDAV, and there are more anonymous groups in the results of our algorithm, which means the personalized k-anonymity divides groups more evenly, preventing too large or too small groups, which can improve the usability for published data.   From Figure 4, we can conclude that when the value of k is small, the information loss of personalized k-anonymity is smaller. When k value is large, the information loss of V-MDAV is smaller. Therefore, personalized k-anonymity has better usability in the case of less k value and more groups. Overall, the IL values of the two algorithms are almost equal for different values of k. However, our algorithm improves up to 6.25% in terms of security index compared with traditional k-anonymity. Moreover, Table 5 shows that the group size variance of personalized k-anonymity is smaller than V-MDAV, and there are more anonymous groups in the results of our algorithm, which means the personalized k-anonymity divides groups more evenly, preventing too large or too small groups, which can improve the usability for published data.

Privacy Preserving on Real-Time Data
In the experiment for privacy preserving on real-time data, we implement the temporary differential privacy and the traditional differential privacy mechanisms, and compare their performances through the complexity of time series.
We suppose the query f is the function to calculate the maximum value of every attribute in the dataset, and returns the data in the form of {x 1 , x 2 , . . . , x d }. In the following experiments, we set ε = 0.5 and test 100 time points.
The approximate entropy (ApEn) [39] indicates the complexity of a time series. A bigger ApEn means that the time series contains more information. ApEn of a time series u = [u(1), u(2), . . . , u(N)] is computed in the light of the following steps [39]: Step 1. Decide the parameters m and r. m is an integer of the length of array in Step 2, which is at least 2. r is a real number representing the measure of similarity of time series. In common cases, we set where std is the standard deviation of u.
Step 4. Compute the entropy Φ m (r) = log C m i (r) . Repeat the above steps to compute Φ m+1 (r), and the ApEn of time series u is Figure 5 shows the ApEns of the publishing results of differential privacy and temporal differential privacy over time. In Figure 5, we find that the temporal differential privacy reduces about 12% amount of information based on the traditional differential privacy. Moreover, the complexity of the temporal differential privacy result is both lower than the original data and the differential privacy result at some time, which means the reduced information must contain the information from the original data. The detailed results of temporal differential privacy for different ε and queries are presented in Table 6.
Step 4. Compute the entropy Φ ( ) = ∑ log( (r)) . Repeat the above steps to compute Φ ( ), and the of time series is Figure 5 shows the s of the publishing results of differential privacy and temporal differential privacy over time. In Figure 5, we find that the temporal differential privacy reduces about 12% amount of information based on the traditional differential privacy. Moreover, the complexity of the temporal differential privacy result is both lower than the original data and the differential privacy result at some time, which means the reduced information must contain the information from the original data. The detailed results of temporal differential privacy for different and queries are presented in Table  6. s of attributes in differential privacy and temporal differential privacy. Figure 5. ApEns of attributes in differential privacy and temporal differential privacy.

Conclusions and Future Work
In this paper, we propose a practical privacy-preserving mechanism to ensure data security in different stages of a wearable IoT framework, in which the application of smart wearable devices is taken as an example. First, we employ the light-weighted PRESENT algorithm to encrypt information in IoT devices, and utilize Paillier homomorphic encryption to manage data on the cloud platform. In the publishing data stage, we optimize the traditional k-anonymity algorithm for static data and the differential privacy algorithm for the real-time data, and then make the rational demonstration for the combination of the two optimized algorithms. Specifically, we propose the personalized k-anonymity algorithm, in which we assign weights to different attributes, based on the entropy, and discuss the different occasions for the numeric data and category data. The experiment results show that personalized k-anonymity is equivalent to traditional k-anonymity in usability, but its safety index is about 0-6.25% higher than traditional algorithms. Moreover, its grouping results are more concentrated. Furthermore, we propose the temporal differential privacy mechanism to ensure the privacy security in temporal dataset, and put forward an implementing method based on the Laplace mechanism. The experiment results show that the temporal differential privacy decreases the disclosure in time variation duration.
Taken together, our results provide evidences toward the feasibility and effectiveness of our mechanism in protecting privacy for IoT-based users.
In the future work, we will improve the proposed mechanism from the following aspects: (1) There are some researches of attacks on the PRESENT algorithm, such as [40]. We will improve the algorithm in future work to enhance security. (2) Some existing smart bracelet systems have used learning algorithms for classifying and predicting tasks, for example, the health status of users could be evaluated according to the data collected by the smart bracelets. In the training process, users' privacy will also be exposed. We intend to adopt the federal learning method in the future work. (3) We will improve our mechanism to adapt to other kinds of IoT devices, and evaluate its effectiveness in the current network and device environment.

Data Availability Statement:
The data used to support the findings of this study have not been made available due to the private information of teenagers.

Conflicts of Interest:
We declare that we have no financial and personal relationships with other people or organizations that can inappropriately influence our work.