基于本地差分隐私的可穿戴医疗设备流数据隐私保护方法

doi:10.3969/j.issn.1671-1122.2025.05.003

摘要/Abstract

摘要：

可穿戴医疗设备实时产生的医疗数据为健康监测及慢性病管理提供了实时监测与个性化管理的便利。然而，这类医疗数据（如心率、血糖）在应用过程中面临着隐私泄露的风险，尤其是在需要与第三方机构进行数据共享时。因此，如何保护可穿戴医疗设备产生的医疗数据成为亟待解决的问题。文章提出一种基于本地差分隐私的可穿戴医疗设备流数据隐私保护方法。首先，根据原始流数据特点识别出能够有效表示曲线趋势的显著点，将冗余点删除以减少隐私预算的消耗，并根据显著点的时间尺度自适应生成随机噪声。然后，结合Laplace机制为显著点添加随机噪声以保护数据隐私。为了防止攻击者根据噪声显著点中蕴含的统计信息推断原始数据流的隐私信息，在方案中设计卡尔曼滤波机制对冗余点数据进行预测，生成虚拟显著点并实现数据流曲线的重构。基于PAMAP真实数据集的实验表明，在相同隐私预算下，文章方案相比现有可穿戴医疗设备隐私保护方案具有更高数据可用性。

关键词: 可穿戴医疗设备, 流数据, 本地差分隐私, 隐私保护

Abstract:

The real-time medical data generated by wearable medical devices provide convenience for health monitoring and chronic disease management in terms of real-time monitoring, personalized management. However, the application of these medical data (such as heart rate, blood sugar) is vulnerable to privacy disclosure, especially when the data is shared with third parties. Therefore, how to protect the medical data generated by wearable medical devices has become a crucial issue to be solved. This paper proposed a method of stream data privacy protection for wearable medical devices based on local differential privacy (LDP). First, significant points that can effectively represent the curve trend were identified according to the characteristics of the original stream data, and redundant points other than significant points were deleted to reduce the consumption of the privacy budget, based on which random noise was generated adaptively according to the time scale of significant points. Then, combined with Laplace mechanism, random noise was added to the significant points to protect data privacy. In order to prevent data attackers from inferring the privacy information of the original data stream based on the statistical information contained in the significant points of noise, a Kalman filtering mechanism was designed in the final solution to predict the redundant point data. The experiments on the PAMAP real dataset indicate that, under the same privacy budget, our proposed solution exhibits higher data utility compared to existing privacy protection schemes for wearable medical devices.

Key words: wearable medical devices, streaming data, local differential privacy, privacy protection

中图分类号:

TP309

赵锋, 范淞, 赵艳琦, 陈谦. 基于本地差分隐私的可穿戴医疗设备流数据隐私保护方法[J]. 信息网络安全, 2025, 25(5): 700-712.

ZHAO Feng, FAN Song, ZHAO Yanqi, CHEN Qian. Privacy-Preserving Methods for Streaming Data in Wearable Medical Devices Based on Local Differential Privacy[J]. Netinfo Security, 2025, 25(5): 700-712.

图/表 10

图1

图2

表1

图3

表2

图4

表3

图5

表4

表5

参考文献 26

[1]	LIU Qiang, LI Tong, YU Yang, et al. Data Security and Privacy Preserving Techniques for Wearable Devices a Survey[J]. Journal of Computer Research and Development, 2018, 55(1): 14-29.
	刘强, 李桐, 于洋, 等. 面向可穿戴设备的数据安全隐私保护技术综述[J]. 计算机研究与发展, 2018, 55(1): 14-29.
[2]	ZHANG Wei, ZHOU Yini, ZHOU Yi. Validation of the Watch-Type HUAWEI WATCH D Oscillometric Wrist Blood Pressure Monitor in Adult Chinese[J]. Blood Pressure Monitoring, 2022, 27(5): 353-356. doi: 10.1097/MBP.0000000000000608 pmid: 35687029
[3]	CAMPION E W, JARCHO J A. Watched by Apple[J]. New England Journal of Medicine, 2019, 381(20): 1964-1965. doi: 10.1056/NEJMe1913980
[4]	WANG Qian, ZHANG Yan, LU Xiao, et al. RescueDP: Real-Time Spatio-Temporal Crowd-Sourced Data Publishing with Differential Privacy[C]// IEEE. IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications. New York: IEEE, 2016: 1-9.
[5]	ZHANG Hancheng. The Realistic Dilemma and Compliance Response of Health and Medical Data Sharing[J]. Medicine and Philosophy, 2024, 45(17): 52-57.
	张汉成. 健康医疗数据共享的现实困境与合规因应[J]. 医学与哲学, 2024, 45(17): 52-57.
[6]	DWORK C, MCSHERRY F, NISSIM K, et al. Calibrating Noise to Sensitivity in Private Data Analysis[C]// Springer. Theory of Cryptography:Third Theory of Cryptography Conference. Heidelberg: Springer, 2006: 265-284.
[7]	KASIVISWANATHAN S P, LEE H K, NISSIM K, et al. What Can We Learn Privately?[J]. SIAM Journal on Computing, 2011, 40(3): 793-826.
[8]	KIM J W, JANG B, YOO H. Privacy-Preserving Aggregation of Personal Health Data Streams[EB/OL]. (2018-11-30)[2024-12-02]. https://doi.org/10.1371/journal.pone.0207639.
[9]	LI Zhangbing, WANG Baichuan, LI Jinsheng, et al. Local Differential Privacy Protection for Wearable Device Data[EB/OL]. (2022-08-17)[2024-12-02]. https://doi.org/10.1371/journal.pone.0272766.
[10]	DUCHI J C, JORDAN M I, WAINWRIGHT M J. Local Privacy and Statistical Minimax Rates[C]// IEEE. 2013 IEEE 54th Annual Symposium on Foundations of Computer Science. New York: IEEE, 2013: 429-438.
[11]	KALMAN R E. A New Approach to Linear Filtering and Prediction Problems[J]. Journal of Basic Engineering, 1960, 82(1): 35-45.
[12]	HADIAN M, LIANG Xiaohui, ALTUWAIYAN T, et al. Privacy-Preserving Health Data Release with Pattern Consistency[C]// IEEE.GLOBECOM 2016-2016 IEEE Communications Society. New York: IEEE, 2016: 1-6.
[13]	PREMA K, SRIHARSHA A. Differential Privacy in Big Data Analytics for Haptic Applications[J]. International Journal of Computer Engineering & Technology, 2017, 8(3): 11-19.
[14]	ZHANG Jiajun, LIANG Xiaohui, ZHANG Zhikun, et al. Re-DPoctor: Real-Time Health Data Releasing with W-Day Differential Privacy[C]// IEEE. GLOBECOM 2017-2017 IEEE Global Communications Conference. New York: IEEE, 2017: 1-6.
[15]	GUAN Zhitao, LYU Zefang, DU Xiaojiang, et al. Achieving Data Utility-Privacy Trade off in Internet of Medical Things, a Machine Learning Approach[J]. Future Generation Computer Systems, 2019, 98: 60-68. doi: 10.1016/j.future.2019.01.058
[16]	HAN Song, ZHAO Shuai, LI Qinghua, et al. PPM-HDA: Privacy-Preserving and Multifunctional Health Data Aggregation with Fault Tolerance[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(9): 1940-1955.
[17]	UKIL A, JARA A J, MARIN L. Data-Driven Automated Cardiac Health Management with Robust Edge Analytics and Derisking[EB/OL]. (2019-06-18)[2024-12-01]. https://doi.org/10.3390/s19122733.
[18]	SALEHEEN N, CHAKRABORTY S, ALI N, et al. mSieve: Differential Behavioral Privacy in Time Series of Mobile Sensor Data[C]// ACM. The 2016 ACM International Joint Conference. New York: ACM, 2016: 706-717.
[19]	STEIL J, HAGESTEDT I, HUANG M X. Privacy Aware Eye Tracking Using Differential Privacy[C]// ACM. The 11th ACM Symposium. New York: ACM, 2019: 1-9.
[20]	BOZKIR E, GUNLU O, FUHL W, et al. Differential Privacy for Eye Tracking with Temporal Correlations[EB/OL]. (2021-08-17)[2024-12-01]. https://doi.org/10.1371/journal.pone.0255979.
[21]	ZHANG Siqi, LI Xiaohui. Differential Privacy Medical Data Publishing Method Based on Attribute Correlation[EB/OL]. (2022-09-21)[2024-12-01]. https://doi.org/10.1038/s41598-022-19544-3.
[22]	YUAN Danni, ZHU Xiaoyan, WEI Mingkui, et al. Collaborative Deep Learning for Medical Image Analysis with Differential Privacy[C]// IEEE. Global Communications Conference. New York: IEEE, 2019: 1-6.
[23]	ZHANG Zhenjiang, HAN Bowen, CHAO Hanchi, et al. A New Weight and Sensitivity Based Variable Maximum Distance to Aver-Age Vector Algorithm for Wearable Sensor Data Privacy Protection[J]. IEEE Access, 2019: 104045-101056.
[24]	TU Zixuan, LIU Shubo, XIONG Xingxing, et al. Differential Privacy Mean Publishing of Digital Stream Data for Wearable Devices[J]. Computer Application, 2020, 40(6): 1692-1697.
	涂子璇, 刘树波, 熊星星, 等. 可穿戴设备的数值型流数据差分隐私均值发布[J]. 计算机应用, 2020, 40(6): 1692-1697. doi: 10.11772/j.issn.1001-9081.2019111929
[25]	KIFER D, LIN Bingrong. Towards an Axiomatization of Statistical Privacy and Utility[C]// ACM. The Twenty-Ninth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems. New York: ACM, 2010: 147-158.
[26]	REISS A, STRICKER D. Introducing New Benchmarked Dataset for Activity Monitoring[C]// IEEE. The 16th International Symposium on Wearable Computers, ISWC 2012. New York: IEEE, 2012: 108-109.

实验方案	直接方案	文献[8]方案	文献[9]方案	本文方案
MRE	1.7088	0.1508	0.0801	0.0613
RER	100%	8.861%	4.837%	3.589%

隐私预算	0.5	0.5	1	1	2	2
分配方式	均匀	自适应	均匀	自适应	均匀	自适应
$MR{{E}_{Linear}}$	0.3404	0.1790	0.2011	0.0711	0.1014	0.0482
$MR{{E}_{KF}}$	0.2212	0.0900	0.1177	0.0678	0.0757	0.0418

数据长度 MRE	16k	96k	160k	560k
文献[8]方案	0.200129	0.151445	0.105245	0.080798
文献[9]方案	0.111371	0.083837	0.060399	0.045069
本文方案	0.105334	0.080352	0.058566	0.036651

实验方案	SUL	SAL	SURL	SUTRL	SATRL	I-SATRL	I-SATRK
MRE	0.2011	0.1514	0.0838	0.0823	0.0714	0.0688	0.0614
RER	11.770%	8.862%	4.906%	4.814%	4.176%	4.024%	3.590%