SPOC - A Secure and Privacy-Preserving Opportunistic Computing Framework for Mobile-Healthcare Emergency

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. XX, NO. XX, XX 2012 1

SPOC: A Secure and Privacy-preservingOpportunistic Computing Framework for

Mobile-Healthcare EmergencyRongxing Lu, Member, IEEE, Xiaodong Lin, Member, IEEE, and Xuemin (Sherman) Shen, Fellow, IEEE

Abstract—With the pervasiveness of smart phones and the advance of wireless body sensor networks (BSNs), mobile Healthcare(m-Healthcare), which extends the operation of Healthcare provider into a pervasive environment for better health monitoring, hasattracted considerable interest recently. However, the flourish of m-Healthcare still faces many challenges including information securityand privacy preservation. In this paper, we propose a secure and privacy-preserving opportunistic computing framework, called SPOC,for m-Healthcare emergency. With SPOC, smart phone resources including computing power and energy can be opportunisticallygathered to process the computing-intensive personal health information (PHI) during m-Healthcare emergency with minimal privacydisclosure. In specific, to leverage the PHI privacy disclosure and the high reliability of PHI process and transmission in m-Healthcareemergency, we introduce an efficient user-centric privacy access control in SPOC framework, which is based on an attribute-basedaccess control and a new privacy-preserving scalar product computation (PPSPC) technique, and allows a medical user to decide whocan participate in the opportunistic computing to assist in processing his overwhelming PHI data. Detailed security analysis showsthat the proposed SPOC framework can efficiently achieve user-centric privacy access control in m-Healthcare emergency. In addition,performance evaluations via extensive simulations demonstrate the SPOC’s effectiveness in term of providing high reliable PHI processand transmission while minimizing the privacy disclosure during m-Healthcare emergency.

Index Terms—Mobile-Healthcare emergency; opportunistic computing; user-centric privacy access control; PPSPC

✦

1 INTRODUCTION

In our aging society, mobile Healthcare (m-Healthcare) systemhas been envisioned as an important application of pervasivecomputing to improve health care quality and save lives, whereminiaturized wearable and implantable body sensor nodesand smartphones are utilized to provide remote healthcaremonitoring to people who have chronic medical conditionssuch as diabetes and heart disease [1], [2], [3], [4], [5].Specifically, in an m-Healthcare system, medical users areno longer needed to be monitored within home or hospitalenvironments. Instead, after being equipped with smartphoneand wireless body sensor network (BSN) formed by bodysensor nodes, medical users can walk outside and receive thehigh-quality healthcare monitoring from medical professionalsanytime and anywhere. For example, as shown in Fig. 1,each mobile medical user’s personal health information (PHI)such as heart beat, blood sugar level, blood pressure andtemperature and others, can be first collected by BSN, andthen aggregated by smartphone via bluetooth. Finally, theyare further transmitted to the remote healthcare center via3G networks. Based on these collected PHI data, medicalprofessionals at healthcare center can continuously monitormedical users’ health conditions and as well quickly react

• R. Lu and X. Shen are with the Department of Electrical and ComputerEngineering, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1E-mail: {rxlu, xshen}@bbcr.uwaterloo.ca.

• X. Lin is with the Faculty of Business and Information Technology,University of Ontario Institute of Technology, Oshawa, Ontario, CanadaE-mail: [email protected].

to users’ life-threatening situations and save their lives bydispatching ambulance and medical personnel to an emergencylocation in a timely fashion.

BSN

3GBluetooth

Fig. 1. Pervasive health monitoring in m-Healthcaresystem

Although m-Healthcare system can benefit medical usersby providing high-quality pervasive healthcare monitoring,the flourish of m-Healthcare system still hinges upon howwe fully understand and manage the challenges facing in m-Healthcare system, especially during a medical emergency. Toclearly illustrate the challenges in m-Healthcare emergency,we consider the following scenario. In general, a medicaluser’s PHI should be reported to the healthcare center every 5minutes for normal remote monitoring [6]. However, when hehas an emergency medical condition, for example, heart attack,his BSN becomes busy reading a variety of medical measures,such as heart rate, blood pressure, and as a result, a largeamount of PHI data will be generated in a very short periodof time, and they further should be reported every 10 seconds


for high-intensive monitoring before ambulance and medicalpersonnel’s arrival. However, since smartphone is not onlyused for healthcare monitoring, but also for other applications,i.e., phoning with friends, the smartphone’s energy could beinsufficient when an emergency takes place. Although this kindof unexpected event may happen with very low probability,i.e., 0.005, for a medical emergency, when we take into 10, 000emergency cases into consideration, the average event numberwill reach 50, which is not negligible and explicitly indicatesthe reliability of m-Healthcare system is still challenging inemergency.

Recently, opportunistic computing, as a new pervasive com-puting paradigm, has received much attention [7], [8], [9],[10]. Essentially, opportunistic computing is characterized byexploiting all available computing resources in an oppor-tunistic environment to provide a platform for the distributedexecution of a computing-intensive task [10]. For example,once the execution of a task exceeds the energy and computingpower available on a single node, other opportunisticallycontacted nodes can contribute to the execution of the originaltask by running a subset of task, so that the original task canbe reliably performed [7]. Obviously, opportunistic computingparadigm can be applied in m-Healthcare emergency to resolvethe challenging reliability issue in PHI process. However, PHIare personal information and very sensitive to medical users,once the raw PHI data are processed in opportunistic comput-ing, the privacy of PHI would be disclosed. Therefore, how tobalance the high reliability of PHI process while minimizingthe PHI privacy disclosure during the opportunistic computingbecomes a challenging issue in m-Healthcare emergency.

In this paper, we propose a new secure and privacy-preserving opportunistic computing framework, called SPOC,to address this challenge. With the proposed SPOC framework,each medical user in emergency can achieve the user-centricprivacy access control to allow only those qualified helpersto participate in the opportunistic computing to balance thehigh-reliability of PHI process and minimizing PHI privacydisclosure in m-Healthcare emergency. Specifically, the maincontributions of this paper are threefold.

• First, we propose SPOC, a secure and privacy-preservingopportunistic computing framework for m-Healthcareemergency. With SPOC, the resources available on otheropportunistically contacted medical users’ smartphonescan be gathered together to deal with the computing-intensive PHI process in emergency situation. Since thePHI will be disclosed during the process in opportunis-tic computing, to minimize the PHI privacy disclosure,SPOC introduces a user-centric two-phase privacy accesscontrol to only allow those medical users who have sim-ilar symptoms to participate in opportunistic computing.

• Second, to achieve user-centric privacy access control inopportunistic computing, we present an efficient attribute-based access control and a novel non-homomorphic en-cryption based privacy-preserving scalar product com-putation (PPSPC) protocol, where the attributed-basedaccess control can help a medical user in emergency toidentify other medical users, and PPSPC protocol canfurther control only those medical users who have similar

symptoms to participate in the opportunistic computingwhile without directly revealing users’ symptoms. Notethat, although PPSPC protocols have been well studiedin privacy-preserving data mining [11], [12], [13], yetmost of them are relying on time-consuming homomor-phic encryption technique [14], [15]. To the best ofour knowledge, our novel non-homomorphic encryptionbased PPSPC protocol is the most efficient one in termsof computational and communication overheads.

• Third, to validate the effectiveness of the proposed SPOCframework in m-Healthcare emergency, we also developa custom simulator built in Java. Extensive simulationresults show that the proposed SPOC framework canhelp medical users to balance the high-reliability of PHIprocess and minimizing the PHI privacy disclosure in m-Healthcare emergency.

The remainder of this paper is organized as follows. InSection 2, we formalize the system model and security model,and identify our design goal. Then, we present the SPOCframework in Section 3, followed by the security analysisand performance evaluation in Section 4 and Section 5,respectively. We also review some related works in Section 6.Finally, we draw our conclusions in Section 7.

2 MODELS AND DESIGN GOAL

In this section, we formalize the system model and securitymodel, and identify our design goal as well.

2.1 System Model

In our system model, we consider a trusted authority (TA)and a group of l medical users U = {U1, U2, · · · , Ul},as shown in Fig. 2. TA is a trustable and powerful entitylocated at healthcare center, which is mainly responsible forthe management of the whole m-Healthcare system, e.g.,initializing the system, equipping proper body sensor nodesand key materials to medical users. Each medical user U i ∈ U

is equipped with personal BSN and smartphone, which canperiodically collect PHI and report them to the healthcarecenter for achieving better health care quality. Unlike in-bedpatients at home or hospital [16], [17], [18], medical usersU in our model are considered as mobile ones, i.e., walkingoutside [19].

TA

1U

2U3U

4U

5U

6U

7U

Fig. 2. System model under consideration


BSN and smartphone are two key components for thesuccess of m-Healthcare system. In order to guarantee thehigh reliability of BSN and smartphone, the batteries of BSNand smartphone should be charged up everyday so that thebattery energy can support daily remote monitoring task inm-Healthcare system [1], [20]. In general, since the BSN isdedicated for remote monitoring, after being charged everyday,BSN can deal with not only the normal situations but alsothe emergency cases in m-Healthcare. However, since thesmartphone could be used for other purposes, e.g., phoningfriends, surfing webpages, when an emergency suddenly takesplace, the residual power of smartphone may be insufficientfor high-intensive PHI process and transmission. To deal withthis embarrassing situation, opportunistic computing providesa promising solution in m-Healthcare system, i.e., when othermedical users find out one medical user Ui ∈ U is inemergency, they will contribute their smartphones’ resourcesto help Ui with processing and transmitting PHI.

2.2 Security Model

Opportunistic computing can enhance the reliability for high-intensive PHI process and transmission in m-Healthcare emer-gency. However, since PHI is very sensitive, a medical user,even in emergency, will not expect to disclose his PHI to allpassing-by medical users. Instead, he may only disclose hisPHI to those medical users who have some similar symptomswith him. In this case, the emergency situation can be handledby opportunistic computing with minimal privacy disclosure.Specifically, in our security model, we essentially definetwo-phase privacy access control in opportunistic computing,which are required for achieving high-reliable PHI process andtransmission in m-Healthcare emergency, as shown in Fig. 3.

Phase-I access control: Phase-I access control indicates thatalthough a passing-by person has a smartphone with enoughpower, as a non-medical user, he is not welcomed to par-ticipate in opportunistic computing1. Since the opportunisticcomputing requires smartphones that are installed with thesame medical softwares to cooperatively process the PHI, if apassing-by person is not a medical user, the lack of necessarysoftwares does not make him as an ideal helper. Therefore,the phase-I privacy access control is prerequisite.

Phase-II access control: Phase-II access control only allowsthose medical users who have some similar symptoms toparticipate in the opportunistic computing. The reason is thatthose medical users, due to with the similar symptoms, arekind of skilled to process the same type PHI. Note that,the threshold th is a user self-control parameter. When theemergency takes place at a location with high traffic, thethreshold th will be set high to minimize the privacy dis-closure. However, if the location has low traffic, the thresholdth should be low so that the high-reliable PHI process andtransmission can be first guaranteed.

1. Note that, a passing-by person can still assist in processing some physicalcares before the ambulance arrives.

Emergency Occurrence

Need more resource?

Contact Passing-by person

Phase IEnough power &

medical user?

Phase-II Similar symptoms

>= Threshold?

Integrate helper’s resource & collaborative

processing PHIAdmit

qualified helper

Ambulance arrival?

Release helper’s resource

Yes

Yes

Yes

Yes No

No

Fig. 3. Opportunistic computing with two-phase privacyaccess control for m-Healthcare emergency

2.3 Design Goal

Our design goal is to develop a secure and privacy-preservingopportunistic computing framework to provide high reliabilityof PHI process and transmission while minimizing PHI privacydisclosure in m-Healthcare emergency. Specifically, we i)apply opportunistic computing in m-Healthcare emergency toachieve high-reliability of PHI process and transmission; andii) develop user-centric privacy access control to minimize thePHI privacy disclosure.

3 PROPOSED SPOC FRAMEWORK

In this section, we propose our SPOC framework, which con-sists of three parts: system initialization, user-centric privacyaccess control for m-Healthcare emergency, and analysis ofopportunistic computing in m-Healthcare emergency. Beforedescribing them, we first review the bilinear pairing technique[21], [22], [23], [24], which serves as the basis of the proposedSPOC framework.

3.1 Bilinear Pairings

Let G, GT be two multiplicative cyclic groups with the sameprime order q. Suppose G and GT are equipped with a pairing,i.e., a non-degenerated and efficiently computable bilinear mape : G×G → GT such that e(ga1 , g

b2) = e(g1, g2)

ab ∈ GT for alla, b ∈ Z∗

q and any g1, g2 ∈ G. In group G, the ComputationalDiffie-Hellman (CDH) problem is hard, i.e., given (g, g a, gb)for g ∈ G and unknown a, b ∈ Z∗

q , it is intractable to computegab in a polynomial time. However, the Decisional Diffie-Hellman (DDH) problem is easy, i.e., given (g, ga, gb, gc)


for g ∈ G and unknown a, b, c ∈ Z∗q , it is easy to judge

whether c = ab mod q by checking e(ga, gb)?= e(gc, g). We

refer to [21] for a more comprehensive description of pairingtechnique, and complexity assumptions.

Definition 1: A bilinear parameter generator Gen is a prob-abilistic algorithm that takes a security parameter κ as input,and outputs a 5-tuple (q, g,G,GT , e), where q is a κ-bit primenumber, G,GT are two groups with order q, g ∈ G is agenerator, and e : G × G → GT is a non-degenerated andefficiently computable bilinear map.

3.2 Description of SPOC

3.2.1 System Initialization

For a single-authority m-Healthcare system under consider-ation, we assume a trusted authority (TA) located at thehealthcare center will bootstrap the whole system. Specifically,given the security parameter κ, TA first generates the bilinearparameters (q, g,G,GT , e) by running Gen(κ), and choosesa secure symmetric encryption algorithm Enc(), i.e., AES,and two secure cryptographic hash functions H and H ′,where H,H ′ : {0, 1}∗ → Z∗

q . In addition, TA choosestwo random numbers (a, x) ∈ Z∗

q as the master key, tworandom elements (h1, h2) in G, and computes b = H(a),A = ga, and e(g, g)x. Finally, TA keeps the master (a, b, x)secretly, and publishes the system parameter params =(q, g,G,GT , e,H,H ′, h1, h2, A, e(g, g)

x, Enc()).Assume there are total n symptom characters considered in

m-Healthcare system, and each medical user’s symptoms canbe represented through his personal health profile, a binaryvector �a = (a1, a2, · · · , an) in the n-dimensional symptomcharacter space, where ai ∈ �a indicates a symptom character,i.e., ai = 1 if the medical user has the corresponding symptomcharacter, and ai = 0 otherwise. Therefore, for each medicaluser Ui ∈ U, when he registers himself in the healthcarecenter, the medical professionals at healthcare center first makemedical examination for Ui, and generate Ui’s personal healthprofile �a = (a1, a2, · · · , an). Afterwards, the following stepswill be performed by TA:

• Based on Ui’s personal health profile �a, TA first choosesthe proper body sensor nodes to establish U i’s personalBSN, and installs the necessary medical softwares in Ui’ssmartphone.

• Then, TA chooses two random numbers (t i1, ti2) ∈Z∗q , and computes the access control key aki =

(gx+ati1 , gti1 , gti2 , hti11 hti2

2 ) for Ui.• Finally, TA uses the master key b to compute the secret

key ski = H(Ui||b) for Ui.

After being equipped with the personal BSN and keymaterials (aki, ski), Ui can securely report his PHI to health-care center for achieving better healthcare monitoring by thefollowing procedure.

• Ui first chooses the current date CDate, computes thesession key ki = H(ski||CDate) for one day, anddistributes the session key ki to his personal BSN andsmartphone.

• Every five minutes, BSN collects the raw PHI data rPHIand reports the encrypted value Enc(ki, rPHI||CDate) tothe smartphone with bluetooth technology.

• Upon receiving Enc(ki, rPHI||CDate), the smartphoneuses ki to recover rPHI from Enc(ki, rPHI||CDate).After processing rPHI, the smartphone uses the 3Gtechnology to report the processed PHI to healthcarecenter in the form of Ui||CDate||Enc(ki,PHI||CDate).

• When the TA receives Ui||CDate||Enc(ki,PHI||CDate)at the healthcare center, he first uses the master key b tocompute Ui’s secret key ski = H(Ui||b), and uses ski tocompute the current session key ki = H(ski||CDate).After that, TA uses ki to recover PHI||CDate fromEnc(ki,PHI||CDate). If the recovered CDate is cor-rected, TA sends PHI to the medical professionals formonitoring.

3.2.2 User-Centric Privacy Access Control for m-Healthcare Emergency

When an emergency takes place in m-Healthcare, e.g., user U 0

suddenly falls down outside, the healthcare center will monitorthe emergency, and immediately dispatch an ambulance andmedical personnel to the emergency location. Generally, theambulance will arrive at the scene around 20 minutes [25].During the 20 minutes, the medical personnel needs high-intensive PHI to realtime monitor U0. However, the powerof U0’s smartphone may be not sufficient to support thehigh-intensive PHI process and transmission. In this case, theopportunistic computing, as shown in Fig. 3, is launched, andthe following user-centric privacy access control is performedto minimize the PHI privacy disclosure in opportunistic com-puting.

• Phase-I Access Control: The goal of phase-I access con-trol is to identify other medical users in emergency. Toachieve the phase-I access control, U0’s smartphone firstchooses a random number s ∈ Z∗

q , computes e(g, g)xs andC = (C1, C2, C3) as

C1 = gs, C2 = As · h−s1 , C3 = h−s

2 (1)

When user Uj passes by the emergency location, U0 sendsC = (C1, C2, C3) to Uj . After receiving C = (C1, C2, C3),Uj will perform the following steps:

• Use his access control key akj = (gx+atj1 , gtj1 , gtj2 ,htj11 h

tj22 ) to compute

e(C1,gx+atj1 )

e(gtj1 ,C2)·e(gtj2 ,C3)·e(htj11 h

tj22 ,C1)

= e(gs,gxgatj1 )

e(gtj1 ,gas·h−s1 )·e(gtj2 ,h−s

2 )·e(htj11 h

tj22 ,gs)

= e(gs,gx)e(gs,gatj1 )

e(gtj1 ,gas)e(gtj1 ,h−s1 )·e(gtj2 ,h−s

2 )·e(htj11 h

tj22 ,gs)

= e(gs,gx)

e(gs,htj11 h

tj22 )−1·e(htj1

1 htj22 ,gs)

= e(g, g)xs

(2)

• Compute Auth = H ′(e(g, g)xs||timestamp), wheretimestamp is the current timestamp, and send backAuth||timestamp to U0.

When user U0 receives Auth||timestamp at time timestamp′,he first checks the validity of the time interval between


timestamp′ and timestamp in order to resist the replayingattack. If |timestamp′− timestamp| ≤ ΔT , where ΔT denotesthe expected valid time interval for transmission delay, U0

accepts and processes Auth||timestamp, and rejects other-wise. Once Auth||timestamp is accepted, U0 uses the storede(g, g)xs to compute Auth′ = H ′(e(g, g)xs||timestamp), and

checks whether Auth′ ?= Auth. If it does hold, Uj is authenti-

cated as a medical user, and passes the phase-I access control.Correctness. The correctness of the phase-I access control

is obvious. If Uj is not a medical user, he cannot generatee(g, g)xs to produce a valid Auth to pass U0’s authenti-cation. In addition, since U0 can efficiently use the sameC = (C1, C2, C3) and the timestamp technique to authenticateother medical users, the phase-I access control is also efficient.

Algorithm 1 Privacy-preserving Scalar Product Computation1: procedure PPSPC PROTOCOL2: Input: U0’s binary vector �a = (a1, a2, · · · , an) and Uj’s binary

vector �b = (b1, b2, · · · , bn), where n ≤ 26

3: Output: The scalar product �a · �b =∑n

i=0 ai · bi—————————————————————————————–

4: Step-1: U0 first does the following operations:5: choose two large primes α, β, where α is of the length |α| = 256

bits and β > (n+ 1) · α2, e.g., the length |β| > 518 bits if n = 26

6: set K = 0 and choose n positive random numbers(c1, c2, c3, · · · , cn) such that

∑ni=1 ci < α− n

7: for each element ai ∈ �a do8: choose a random number ri, compute ri · β such that |ri · β| ≈

1024 bits, and calculate ki = ri · β − ci9: if ai = 1 then

10: Ci = α+ ci + ri · β, K = K + ki11: else if ai = 0 then12: Ci = ci + ri · β, K = K + ki13: end if14: end for15: keep (β,K) secret, and send (α,C1, C2, C3, · · · , Cn) to Ui

—————————————————————————————–16: Step-2: Uj then executes the following operations:

17: for each element bi ∈ �b do18: if bi = 1 then

19: Di = α · Ci=

{α2 + ci · α+ ri · α · β, if ai = 1;ci · α+ ri · α · β, if ai = 0.

20: else if bi = 0 then

21: Di = Ci=

{α+ ci + ri · β, if ai = 1;ci + ri · β, if ai = 0.

22: end if23: end for24: compute D =

∑ni=1 Di and return D back to U0

—————————————————————————————–25: Step-3: U0 continues to do the following operations:26: compute E = D +K mod β

27: return E−(E mod α2)

α2 as the scalar product �a · �b =∑n

i=0 ai · bi28: end procedure

• Phase-II Access Control: Once Uj passes the phase-Iaccess control, U0 and Uj continue to perform the phase-IIaccess control to check whether they have some similar symp-toms. Suppose the personal health profiles of medical usersU0, Uj are �a = (a1, a2, · · · , an) and �b = (b1, b2, · · · , bn),respectively. U0 first defines an expected threshold th forthe number of common symptom characters. Then, in orderto compute �a · �b in a privacy-preserving way, U0 and Uj

invoke our newly designed PPSPC protocol in Algorithm 1.Since the PPSPC protocol ensures neither U0 nor Uj willdisclose their personal healthcare profiles to each other during

the computation of �a · �b, it can efficiently achieve privacy-preserving access control. For example, if the returned value�a ·�b ≥ th, Uj passes the phase-II access control and becomesa qualified helper. Then, U0 assigns the current session keyk0 = H(sk0||CDate) to Uj . With the session key k0, Uj

can decrypt and process the raw PHI sent from U0’s personalBSN, and also transmit the processed PHI to healthcare centerto reduce the burden of U0’s smartphone. However, if thereturned value �a · �b < th, Uj is not a qualified helper toparticipate in opportunistic computing. Note that the thresholdth is not fixed, if the residual power of U0’s smartphone canlast a little long time, th can be set relatively high to minimizethe PHI privacy disclosure. However, if the residual power islittle, th can be set low so as to firstly guarantee the reliabilityof high-intensive PHI process and transmission.

Correctness of PPSPC Protocol. The correctness of ourproposed PPSPC protocol can be clearly illustrated bythe following typical example. Assume two binary vectorsare �a = (a1, a2, a3, a4, a5) = (1, 1, 0, 0, 1) and �b =(b1, b2, b3, b4, b5) = (1, 0, 1, 0, 1). After Step-1 is performed,we have C1 = α + c1 + r1 · β, C2 = α + c2 + r2 · β,C3 = c3 + r3 · β, C4 = c4 + r4 · β, and C5 = α+ c5 + r5 · β.

After Step-2 is executed, we have D1 = α2+c1 ·α+r1 ·α·β,D2 = α+ c2+ r2 ·β, D3 = c3 ·α+ r3 ·α ·β, D4 = c4+ r4 ·β,D5 = α2 + c5 · α+ r5 · α · β, and D =

∑5i=1 Di.

Based on the returned D and the secret K =∑5

i=1 ki, thevalue of E can be calculated in Step-3 as

E = D +K =∑5

i=1(Di + ki)= [α2 + c1 · (α− 1) + r1 · α · β + c1 + k1] + (α+

r2 · β + c2 + k2) + [c3 · (α − 1) + r3 · α · β + c3+k3] + (r4 · β + c4 + k4) + [α2 + c5 · (α− 1)+r5 · α · β + c5 + k5] mod β

= [α2 + c1 · (α− 1) + r1 · (α+ 1) · β] + (r2 · 2 · β+α) + [c3 · (α− 1) + r3 · (α+ 1) · β] + r4 · 2 · β+[α2 + c5 · (α− 1) + r5 · (α+ 1) · β] mod β

= 2 · α2 + α+ (c1 + c3 + c5) · (α − 1) mod β(3)

Since α−n = α−5 >∑n

i=1 ci =∑5

i=1 ci, β > (n+1)·α2 =6 · α2 when n = 5, the value

2 · α2 + α+ (c1 + c3 + c5) · (α− 1)

< 2 · α2 + α+∑5

i=1 ci · α < 2 · α2 + α(1 + α− 5)< 2 · α2 + α2 = 3 · α2 < β

(4)Therefore, we can remove “ mod β” from Eq.(3) and have

E =2 · α2 + α+ (c1 + c3 + c5) · (α− 1) mod β

=2 · α2 + α+ (c1 + c3 + c5) · (α− 1)(5)

Again, since α+ (c1 + c3 + c5) · (α− 1) < α2, we have

E − (E mod α2)

α2=

2 · α2

α2= 2 (6)

According to the line-19 in Algorithm 1, only when both a i

and bi are 1, an α2 can be produced. Then, the coefficient ofα2 is just the required scalar product �a · �b. As a result, thecorrectness of PPSPC protocol is verified.

Extension of PPSPC protocol. Although Algorithm 1 dealswith the PPSPC for binary vectors, it can be easily extended


for the generalized vector’s PPSPC. For example, to calculatethe PPSPC of the generalized vectors �a = (a1, a2, · · · , an),�b = (b1, b2, · · · , bn), where any ai, bi ∈ Zm with 2 < m <28, we only make the following modifications in Algorithm 1,and its correctness can be easily verified as well.

5: choose two large primes α, β, where α is of the length |α| = 256 bitsand β > (n ·m2 + 1) · α2

6: set K = 0 and choose n positive random numbers (c1, c2, c3, · · · , cn)such that m ·∑n

i=1 ci < α−m · n9: if ai �= 0 then

10: Ci = ai · α+ ci + ri · β, K = K + ki18: if bi �= 0 then19: Di = bi · α · Ci

3.2.3 Analysis of Opportunistic Computing in m-Healthcare EmergencyConsider the ambulance will arrive at the emergency locationin the time period t. To gauge the benefits brought by oppor-tunistic computing in m-Healthcare emergency, we analyzehow many qualified helpers can participate in opportunisticcomputing within the time period t, and how many resourcescan the opportunities computing provide. Assume that thearrival of users at the emergency location follows a Poissonprocess {N(t), t ≥ 0} having rate λ. For a given thresholdth, Nq(t) = n and Nq̄(t) = m are respectively denoted as thenumber of qualified helpers and the number of non-qualifiedhelpers within [0, t]. For any arriving user at time τ ∈ [0, t],the probability that the user is a qualified helper is P (τ). Then,Theorem 1 can give the expected number of qualified helpersparticipating in opportunistic computing within [0, t].

Theorem 1: The expected number of the qualified helpersparticipating in opportunistic computing within [0, t] isE(Nq(t)) = λtp, where p = 1

t

∫ t

0P (τ)dτ .

Proof: Given total N(t) = Nq(t) + Nq̄(t) = n + musers arriving within time period [0, t], we know the time τ isuniformly distributed in interval [0, t] for any user who arrivesat time τ [26]. Therefore, when defining the probability p =P{one user arriving in [0, t] is a qualified helper|N(t) = n+m}, we have p = 1

t

∫ t

0P (τ)dτ . Since all users arrive indepen-

dently, P{Nq(t) = n,Nq̄(t) = m|N(t) = n+m} just showsthe probability that n qualified helpers’ arrivals during totaln+m Bernoulli experiments. Therefore,

P{Nq(t) = n,Nq̄(t) = m}= P{Nq(t) = n,Nq̄(t) = m|N(t) = n+m}

·P{N(t) = n+m}=

(n+m

n

)pn(1− p)me−λt (λt)

n+m

(n+m)!

= (n+m)!n!·m! pn(1− p)me−λt(p+1−p) (λt)

n·(λt)m(n+m)!

= e−λtp (λtp)n

n! · e−λt(1−p) (λt(1−p))m

m!

(7)

which indicates that both Nq(t) and Nq̄(t) are independentPoisson processes with respective rate λtp and λt(1− p). Asa result, the expected number of qualified helpers participatingin the opportunistic computing within [0, t] is E(Nq(t)) = λtp

with p = 1t

∫ t

0P (τ)dτ .

Assume each qualified helper can provide η computing andpower resources per unit of time, Theorem 2 further gives theexpected resources that can be opportunistically provided byopportunistic computing within [0, t].

Theorem 2: The expected resources that can be providedby opportunistic computing is λt2p

2 η within [0, t].Proof: Suppose the k-th qualified helper arrives at time

τk ∈ [0, t], where 1 ≤ k ≤ Nq(t). Then, the total resourcesR(t) provided by all arrived qualified helpers can be expressedas

∑Nq(t)k=1 (t− τk) · η. Because

E{R(t)|Nq(t) = n} = E{∑Nq(t)k=1 (t− τk) · η|Nq(t) = n}

= E{∑nk=1(t− τk) · η|Nq(t) = n}

= ntη − E{∑nk=1 τk · η|Nq(t) = n} = ntη − ntη

2 = ntη2(8)

and E(Nq(t)) = λtp from Theorem 1, we have the expectedresources E{R(t)} as

E{R(t)} =∑∞

n=0 (P{Nq(t) = n}E{R(t)|Nq(t) = n})=

∑∞n=0 P{Nq(t) = n} · ntη

2 = tη2 ·E(Nq(t)) =

λt2p2 · η

(9)Therefore, the expected resources that can be provided byopportunistic computing is λt2p

2 η within [0, t].We plot the E(Nq(t)), E(R(t)) versus λ and t with different

p = 0.2, 0.8 in Fig. 4. From the figure, we can see bothlarge λ and large p can increase E(Nq(t)), E(R(t)) withthe time. Therefore, when the emergency location has hightraffic, i.e., enough opportunistic resources can be expected,we can set the threshold th high to reduce the probabilityp, so that the PHI privacy disclosure can be minimized.However, if the emergency location has low traffic, in order toguarantee the high reliability of PHI process and transmission,the threshold th should be set low to increase the probabilityp. In Section 5, we will conduct simulations to further evaluatethe effectiveness of opportunistic computing in m-Healthcareemergency.

10

15

20

0.5

1

1.5

20

5

10

15

20

25

30

35

tλ

E(N

q(t))

p=0.2

p=0.8

(a) E(Nq(t))

1012

1416

1820

0.5

1

1.5

20

50

100

150

200

250

300

350

tλ

E(R

(t))

(η)

p=0.8

p=0.2

(b) E(R(t))

Fig. 4. E(Nq(t)), E(R(t)) versus λ and t with different p

4 SECURITY ANALYSIS

In this section, we analyze the security properties of theproposed SPOC framework. In specific, following the securityrequirements discussed earlier, our analyses will focus onhow the proposed SPOC framework can achieve the user-centric privacy access control for opportunistic computing inm-Healthcare emergency.• The proposed SPOC framework can achieve the phase-

I access control. In the phase-I access control, the single-attribute encryption technique is employed [27]. Sincee(g, g)xs can be recovered only by a registered medical userUj ∈ U with his access key akj = (gx+atj1 , gtj1 , gtj2 ,htj11 h

tj22 ) from (C1 = gs, C2 = As · h−s

1 , C3 = h−s2 ),


if Uj can recover e(g, g)xs, he can be authenticated as aregistered medical user. In addition, the timestamp in thereturned Auth = H ′(e(g, g)xs||timestamp) can also preventthe possible replaying attack. Therefore, the phase-I accesscontrol can be achieved in the proposed SPOC framework.• The proposed SPOC framework can achieve the phase-

II access control. In the phase-II access control, our novelPPSPC protocol is employed. As shown in Algorithm 1, foreach ai ∈ �a, we have Ci = α + ci + riβ when ai = 1, andCi = ci + riβ when ai = 0. Since either α or 0 is maskedby ci + riβ in Ci, without knowing the random numbers c iand riβ, it is impossible to distinguish whether Ci is formedby α + ci + riβ or ci + riβ. In addition, since the randomnumbers (ci, riβ) are individually used for one time, differentCi and C ′

i are unlinkable. Therefore, each a i ∈ �a is privacy-preserving during the scalar product computation. On the otherhand, for each bi ∈ �b, we have Di = αCi when bi = 1,and Di = Ci when bi = 0. Obviously, this operation cannotdirectly hide α. However, when all Di are summated into D,i.e., D =

∑ni=1 Di, the unknown

∑ni=1 ci + riβ will hide the

operation on each Di. As a result, each bi ∈ �b is also privacy-preserving during the scalar product computation. Due to thecorrectness of Algorithm 1, the scalar product �a · �b indicatesthe number of same symptom characters of two personal healthprofiles. Once the result �a ·�b is more than the threshold th, Uj

is authenticated as a qualified helper, and assigned with U0’ssession key k0. Since Uj has the similar symptoms as U0,to protect his own health information, Uj is discouraged todisclose U0’s health profiles. In such a way, U0’s PHI privacydisclosure can be minimized. As a result, the phase-II accesscontrol is also achieved in the proposed SPOC framework.• The proposed SPOC framework can achieve the ses-

sion key’s forward and backward secrecy. In the proposedSPOC framework, once Uj has passed the phase-II accesscontrol, he can hold the session key k0 = H(sk0||CDate)of U0 to decrypt and process the encrypted raw PHI fromEnc(k0, rPHI||CDate). However, since the one-wayness of thehash function H(), the secret key sk0 cannot be inverselyobtained from k0 = H(sk0||CDate). Moreover, since thesession key k0 = H(sk0||CDate) is date-dependent, i.e., U0

will utilize unlinkable session key everyday. Therefore, eventhough Uj gets the session key k0 in m-Healthcare emergency,he cannot use it to derive U0’s previous and/or future sessionkeys. As a result, the session key’s forward and backwardsecrecy is also satisfied in the proposed SPOC framework.

From the above security analysis, we can see the proposedSPOC framework can indeed achieve the user-centric privacyaccess control of opportunistic computing in m-Healthcareemergency.

5 PERFORMANCE EVALUATION

In this section, we evaluate the performance of the proposedSPOC framework using a custom simulator built in Java.The simulator implements the application layer under theassumptions that the communications between smartphonesand the communications between BSNs and smartphones arealways workable when they are within each other’s transmis-sion ranges. The performance metrics used in the evaluation

are 1) the average number of qualified helpers (NQH), whichindicates how many qualified helpers can participate in theopportunistic computing within a given time period, and 2) theaverage resource consumption ratio (RCR), which is definedas the fraction of the resources consumed by the medical userin emergency to the total resources consumed in opportunisticcomputing for PHI process within a given time period. BothNGH and RCR can be used to examine the effectivenessof the proposed SPOC framework with user-centric privacyaccess control of opportunistic computing in m-Healthcareemergency.

500 m x 500 m

AB

C

(a) Simulation area

��

��

��

��

��

��

(b) Mobility model

Fig. 5. Simulation area and mobility model under consid-eration

5.1 Simulation Setup

In the simulations, total l users U = {U0, U1, · · · , Ul−1} arefirst uniformly deployed in an interest area of 500 m×500 m,as shown in Fig. 5(a). Each user Ui ∈ U is equipped with hispersonal BSN and a smartphone with a transmission radius of20 meters, and independently moves along the road with thevelocity v ∈ [0.5, 1.2]m/s in the area by following the mo-bility model described in Fig. 5(b). Assume that the symptomcharacter space n = 16, each user is randomly assigned 6-8symptom characters. Let the emergency of user U0 take placeat time t = 0, he sets the threshold th as {3, 5}, and waits thequalified helpers participating in the opportunistic computingbefore the ambulance arrives in 20 minutes. Note that, in thesimulations, we consider all users will stop when they meetU0’s emergency, and only the qualified helpers will participatein the opportunistic computing. To eliminate the influence ofinitial system state, a warm-up period of first 10 minutes isused. In addition, we consider U0’s emergency takes place atthree locations, A, B, and C, in the map to examine how thefactors l, th affect the NGH and RCR at different locations.The detailed parameter settings are summarized in Table 1.

TABLE 1Simulation Settings

Parameter Setting

Simulation area 500 m × 500 mSimulation warm-up, duration 10 minutes, 20 minutesNumber, velocity of users l = {40, 60}, v = 0.5− 1.2 m/sSimilarity threshold th = {3, 5}Transmission of smartphone, BSN 20 m, 20 mRaw PHI data generation interval every 10 secondsEmergency location A, B, and C


In the following, we run the simulations with differentparameter settings. For each setting, the simulation lasts for20 minutes (excluding the warm-up time), and the averageperformance results over 10000 runs are reported.

5.2 Simulation Results

2 4 6 8 10 12 14 16 18 200

5

10

15

20

25

30

35

40

time (minute)

NQ

H

Location = ALocation = BLocation = C

(a) l = 35, th = 3

2 4 6 8 10 12 14 16 18 200

5

10

15

20

25

30

35

40

time (minute)

NQ

H


(b) l = 45, th = 3

2 4 6 8 10 12 14 16 18 200

5

10

15

20

25

30

35

40

time (minute)

NQ

H


(c) l = 35, th = 5

2 4 6 8 10 12 14 16 18 200

5

10

15

20

25

30

35

40

time (minute)

NQ

H


(d) l = 45, th = 5

Fig. 6. NQH varying with time under different l and th

In Fig. 6, we compare the average NQHs at locations A,B and C varying with time from 2 minutes to 20 minutesunder different user number l and threshold th. From thefigure, we can see, with the increase of time, the averageNQH will also increase, especially for the location A. Thereason is that, when all users move in the simulation areaby following the same mobility model, location A will havehigher traffic than locations B and C. In addition, when theuser number l in the simulation area increases, the user arrivalrate at locations A, B, and C also increase. Then, the averageNQH increases as well. By further observing the differencesof the average NQH under thresholds th = 3 and th = 5, wecan see the average NQH under th = 5 is much lower thanthat under th = 3, which indicates that, in order to minimizethe privacy disclosure in opportunistic computing, the largerthreshold should be chosen.

However, since the high reliability of PHI process is ex-pected in m-Healthcare emergency, minimizing the privacydisclosure in opportunistic computing is not always the firstpriority. In Fig. 7, we plot the corresponding RCR varyingwith the time under different user number l and threshold th.From the figure, we can observe both high-traffic location,i.e., location A, and large number of users, i.e., l = 45, canreduce the U0’s RCR. However, the RCR under th = 5 ishigher than that under th = 3. Therefore, once U 0 sets thethreshold th = 5 while the residual energy in his smartphoneis not enough, his smartphone cannot support high-reliabilityof PHI process and transmission before the ambulance arrives.This indicates U0 should carefully choose the threshold th

2 4 6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time (minute)

RC

R


(a) l = 35, th = 3

2 4 6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time (minute)

RC

R


(b) l = 45, th = 3

2 4 6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time (minute)

RC

R


(c) l = 35, th = 5

2 4 6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Time (minute)

RC

R


(d) l = 45, th = 5

Fig. 7. RCR varying with time under different l and th

to balance the high reliability of PHI process and privacydisclosure. For example, if the emergency takes place at a hightraffic location and the residual energy in U0’s smartphoneis not too low, U0 can choose a relative high threshold tominimize the privacy disclosure. However, if the emergencylocation has low traffic and the smartphone’s energy is alsoinsufficient, th should be as low to first fit the high-reliabilityof PHI process and transmission in m-Healthcare emergency.

6 RELATED WORKS

Opportunistic computing: The study of opportunistic comput-ing has gained the great interest from the research communityrecently, and we briefly review some of them related to ourwork [7], [8], [9], [10]. In [7], Avvenuti et al. introduce theopportunistic computing paradigm in wireless sensor networkto solve the problem of storing and executing an applicationthat exceeds the memory resources available on a singlesensor node. Especially, their solution is based on the ideaof partitioning the application code into a number of oppor-tunistically cooperating modules, and each node contributes tothe execution of the original application by running a subset ofthe application tasks and providing service to the neighboringnodes. In [8], Passarella et al. evaluate the performance ofservice execution in opportunistic computing. Specifically,they first abstract resources in pervasive computing as services,that are opportunistically contributed by providers and invokedby seekers. Then, they present a complete analytical modelto depict the service invocation process between seekers andproviders, and derive the optimal number of replicas to bespawned on encountered nodes, in order to minimize theexecution time and optimize the computational and bandwidthresources used.

Although [7] and [8] are important for understanding howthe opportunistic computing paradigm work when resourcesavailable on different nodes can be opportunistically gathered


together to provide richer functionality, they have not consid-ered the potential security and privacy issues existing in theopportunistic computing paradigm [9], [10]. Different fromthe above works, our proposed SPOC framework aims at thesecurity and privacy issues, and develops a user-centric privacyaccess control of opportunistic computing in m-Healthcareemergency.

Privacy-preserving scalar product computation: Researchon privacy-preserving scalar product computation (PPSPC) hasbeen conducted for privacy-preserving data mining [28], [12],[11], [29], and as well for secure friend discovery in mobilesocial networks quite recently [30], [31], [32]. Initially, PPSPCprotocol was designed by involving a semi-trusted party [28].Later, to remove the semi-trusted party, many PPSPC protocolswithout a third party were proposed [12], [11], [29], [13].However, they are relying on time-consuming “homomorphicencryption” [14] and/or “add vector protocol”, and are notquite efficient2. In our proposed SPOC framework, we presenta new PPSPC protocol, which does not use any “homomorphicencryption”, but is very efficient in terms of computationaland communication costs, i.e., the computational cost onlytakes 2n multiplications (mul), and the communication costis only (n + 1) · 1024 + 256 bits. Let Tmul, Texp denotethe time needed to execute a modulus multiplication anda modulus exponentiation, respectively. When we roughlyestimate Texp ≈ 240Tmul [33], we use Fig. 8 to compare thecomputation and communication costs of the proposed PPSPCprotocol and the popular Paillier Cryptosystem (PC)-basedPPSPC protocol described in Fig. 9. From Fig. 8, we canobviously observe that our proposed PPSPC protocol is muchefficient, especially in computation costs. To the best of ourknowledge, our proposed PPSPC is the most efficient privacy-preserving scalar product computation protocol till now.

0 10 20 30 40 50 600

5000

10000

15000

n

Co

mp

uta

tion

co

st (

Tm

ul)

Proposed PPSPCPC−based PPSPC

(a) Computation comparison

0 10 20 30 40 50 600

2

4

6

8

10

12

14x 10

4

n

Com

mun

icat

ion

over

head

(bi

ts)

Proposed PPSPCPC−based PPSPC

(b) Communication comparison

Fig. 8. Computation and communication comparisonsbetween the proposed PPSPC and the PC-based PPSPCvarying with n

7 CONCLUSIONS

In this paper, we have proposed a secure and privacy-preserving opportunistic computing (SPOC) framework form-Healthcare emergency, which mainly exploits how to useopportunistic computing to achieve high reliability of PHIprocess and transmission in emergency while minimizing

2. Although the PPSPC protocol in [29] is not based on homomorphicencryption, the description of protocol is incorrect, as noted in [13].

The currently popular Paillier Cryptosystem (PC)-based PPSPCis described as follows. Given the Paillier cryptosystem E(x) =gxrN mod N2 [14], where N = pq and the base g are public,U0 keeps (p, q) secretly and performs the following steps with Uj :i) for each element ai ∈ �a = (a1, a2, · · · , an), U0 first uses arandom number ri to encrypt ai as E(ai) = gairNi mod N2. Then,U0 sends E(�a) = (E(a1), E(a2), · · · , E(an)) to Uj ; and ii) afterreceiving E(�a) = (E(a1), E(a2), · · · , E(an)), Uj uses his vector�b = (b1, b2, · · · , bn) to compute E(�a · �b) as

n∏i=1

E(ai)bi ≡

n∏i=1

(gairNi

)bi ≡n∏

i=1

gaibi(ri

bi)N

≡ g∑n

i=1 ai·bi ·(

n∏i=1

(ri

bi))N

mod N2 = E(

n∑i=1

ai · bi)

= E(�a · �b)

and returns E(�a · �b) back to U0; iii) upon receiving E(�a · �b), U0

uses the secret (p, q) to recover �a · �b from E(�a · �b).Computational cost. For binary vectors (�a, �b), U0 should take

at least n exponentiations to compute E(�a). Then, Uj takes around(n− 1) multiplications to calculate E(�a · �b). Finally, U0 takes onemore exponentiation to recover �a · �b. Therefore, the computationalcost is around (n + 1) · Texp + (n − 1) · Tmul. Note that, if (�a, �b)are generalized vectors, the computational cost should be (3n+1) ·Texp + (n− 1) · Tmul.

Communication cost. The security of the Paillier cryptosystemrelies on the unknown factorization of modulus N = pq. WhenN = pq is set as 1024, each E(ai) and E(�a · �b) will be expandedto 2048 bits, and then the communication cost will be (n+1) ·2048bits.

Fig. 9. Description of Paillier Cryptosystem (PC)-basedPPSPC

the privacy disclosure during the opportunistic computing.Detailed security analysis shows that the proposed SPOCframework can achieve the efficient user-centric privacy accesscontrol. In addition, through extensive performance evaluation,we have also demonstrated the proposed SPOC framework canbalance the high-intensive PHI process and transmission andminimizing the PHI privacy disclosure in m-Healthcare emer-gency. In our future work, we intend to carry on smartphonebased experiments to further verify the effectiveness of theproposed SPOC framework. In addition, we will also exploitthe security issues of PPSPC with internal attackers, where theinternal attackers will not honestly follow the protocol.

REFERENCES

[1] A. Toninelli, R. Montanari, and A. Corradi, “Enabling secure servicediscovery in mobile healthcare enterprise networks,” IEEE WirelessCommunications, vol. 16, pp. 24–32, 2009.

[2] R. Lu, X. Lin, X. Liang, and X. Shen, “Secure handshake withsymptoms-matching: The essential to the success of mhealthcare socialnetwork,” in Proc. BodyNets’10, Corfu Island, Greece, 2010.

[3] Y. Ren, R. W. N. Pazzi, and A. Boukerche, “Monitoring patients via asecure and mobile healthcare system,” IEEE Wireless Communications,vol. 17, pp. 59–65, 2010.

[4] R. Lu, X. Lin, X. Liang, and X. Shen, “A secure handshake scheme withsymptoms-matching for mhealthcare social network,” MONET, vol. 16,no. 6, pp. 683–694, 2011.

[5] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, “Scalable and secure shar-ing of personal health records in cloud computing using attribute-basedencryption,” IEEE Transactions on Parallel and Distributed System, toappear.


[6] M. R. Yuce, S. W. P. Ng, N. L. Myo, J. Y. Khan, and W. Liu, “Wirelessbody sensor network using medical implant band,” Journal of MedicalSystems, vol. 31, no. 6, pp. 467–474, 2007.

[7] M. Avvenuti, P. Corsini, P. Masci, and A. Vecchio, “Opportunisticcomputing for wireless sensor networks,” in IEEE Proc. of MASS’07,pp. 1–6.

[8] A. Passarella, M. Conti, E. Borgia, and M. Kumar, “Performanceevaluation of service execution in opportunistic computing,” in Proc.of ACM MSWIM ’10, 2010, pp. 291–298.

[9] M. Conti, S. Giordano, M. May, and A. Passarella, “From opportunisticnetworks to opportunistic computing,” IEEE Communications Magazine,vol. 48, pp. 126–139, September 2010.

[10] M. Conti and M. Kumar, “Opportunities in opportunistic computing,”IEEE Computer, vol. 43, no. 1, pp. 42–50, 2010.

[11] W. Du and M. Atallah, “Privacy-preserving cooperative statistical anal-ysis,” in Proc. of ACSAC ’01, 2001, pp. 102–111.

[12] J. Vaidya and C. Clifton, “Privacy preserving association rule mining invertically partitioned data,” in Proc. of ACM KDD’02, pp. 639–644.

[13] A. Amirbekyan and V. Estivill-Castro, “A new efficient privacy-preserving scalar product protocol,” in Proc. of AusDM ’07, pp. 209–214.

[14] P. Paillier, “Public-key cryptosystems based on composite degree resid-uosity classes,” in Proc. of EUROCRYPT’99, 1999, pp. 223–238.

[15] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “Eppa: An efficient andprivacy-preserving aggregation scheme for secure smart grid commu-nications,” IEEE Transactions on Parallel Distributed and Systems, toappear.

[16] X. Lin, R. Lu, X. Shen, Y. Nemoto, and N. Kato, “Sage: a strong privacy-preserving scheme against global eavesdropping for ehealth systems,”IEEE Journal on Selected Areas in Communications, vol. 27, no. 4, pp.365–378, 2009.

[17] M. Li, W. Lou, and K. Ren, “Data security and privacy in wirelessbody area networks,” IEEE Wireless Communications, vol. 17, no. 1,pp. 51–58, 2010.

[18] J. Sun and Y. Fang, “Cross-domain data sharing in distributed electronichealth record systems,” IEEE Transactions on Parallel Distributed andSystems, vol. 21, no. 6, pp. 754–764, 2010.

[19] “Exercise and walking is great for the alzheimer’s and demen-tia patient’s physical and emotional health,” http://free-alzheimers-support.com/wordpress/2010/06/exercise-and-walking/, June 2010.

[20] R. Lu, X. Li, X. Liang, X. Shen, and X. Lin, “Grs: The green, reliability,and security of emerging machine to machine communications,” IEEECommunications Magazine, vol. 49, no. 4, pp. 28–35, 2011.

[21] D. Boneh and M. K. Franklin, “Identity-based encryption from the weilpairing,” in Proc. of CRYPTO’01, 2001, pp. 213–229.

[22] X. Lin, X. Sun, P. Ho, and X. Shen, “Gsis: A secure and privacypreserving protocol for vehicular communications,” IEEE Transactionson Vehicular Technology, vol. 56, pp. 3442–3456, 2007.

[23] R. Lu, X. Lin, H. Zhu, , and X. Shen, “An intelligent secure and privacy-preserving parking scheme through vehicular communications,” IEEETransactions on Vehicular Technology, vol. 59, pp. 2772–2785, 2010.

[24] R. Lu, X. Lin, H. Luan, X. Liang, and X. Shen, “Pseudonym changing atsocial spots: An effective strategy for location privacy in vanets,” IEEETransactions on Vehicular Technology, vol. 61, pp. 86–96, 2012.

[25] http://www.uaproperty.com/articles/In-Ukraine-ambulance-come-patient-10-minutes.html.

[26] S. Ross, Introduction to Probability Models, Ninth Edition, 2007.[27] X. Lin, R. Lu, X. Liang, and X. Shen, “STAP: A social-tier-assisted

packet forwarding protocol for achieving receiver-location privacypreservation in vanets,” in Proc. of INFOCOM’11, 2011, pp. 2147–2155.

[28] W. Du and Z. Zhan, “Building decision tree classifier on private data,”in Proc. of CRPIT ’14, ser. CRPIT ’14, 2002, pp. 1–8.

[29] I. Ioannidis, A. Grama, and M. Atallah, “A secure protocol for comput-ing dot-products in clustered and distributed environments,” in Proc. ofICPP ’02, 2002, pp. 379 – 384.

[30] W. Dong, V. Dave, L. Qiu, and Y. Zhang, “Secure friend discovery inmobile social networks,” in Prof. of INFOCOM’11, 2011, pp. 1647–1655.

[31] R. Zhang, Y. Zhang, J. Sun, and G. Yan, “Fine-grained private matchingfor proximity-based mobile social networking,” in Prof. of INFO-COM’12, 2012, pp. 1–9.

[32] M. Li, N. Cao, S. Yu, and W. Lou, “Findu: Privacy-preserving personalprofile matching in mobile social networks,” in INFOCOM, 2011, pp.2435–2443.

[33] K.-H. Huang, Y.-F. Chung, C.-H. Liu, F. Lai, and T.-S. Chen, “Efficientmigration for mobile computing in distributed networks,” ComputerStandards & Interfaces, vol. 31, no. 1, pp. 40–47, 2009.

Rongxing Lu (S’09-M’11) received the Ph.D.degree in computer science from Shanghai JiaoTong University, Shanghai, China in 2006 andthe Ph.D. degree in electrical and computer en-gineering from the University of Waterloo, Wa-terloo, ON, Canada, in 2008. He is currently aPostdoctoral Fellow with the Broadband Com-munications Research (BBCR) Group, Univer-sity of Waterloo. His research interests includewireless network security, applied cryptography,and trusted computing.

Xiaodong Lin (S’07-M’09) received the Ph.D.degree in information engineering from Bei-jing University of Posts and Telecommunica-tions, Beijing, China, in 1998 and the Ph.D.degree (with Outstanding Achievement in Grad-uate Studies Award) in electrical and computerengineering from the University of Waterloo, Wa-terloo, ON, Canada, in 2008. He is currently anassistant professor of information security withthe Faculty of Business and Information Technol-ogy, University of Ontario Institute of Technology,

Oshawa, ON, Canada. His research interests include wireless networksecurity, applied cryptography, computer forensics, and software secu-rity. Dr. Lin was the recipient of a Natural Sciences and EngineeringResearch Council of Canada (NSERC) Canada Graduate Scholarships(CGS) Doctoral and the Best Paper Awards of the IEEE InternationalConference on Computer Communications and Networks (ICCCN 2009)and the IEEE International Conference on Communications (ICC 2007)- Computer and Communications Security Symposium.

Xuemin (Sherman) Shen (M’97-SM’02-F’09)received the B.Sc.(1982) degree from DalianMaritime University (China) and the M.Sc.(1987) and Ph.D. degrees (1990) from RutgersUniversity, New Jersey (USA), all in electricalengineering. He is a Professor and UniversityResearch Chair, Department of Electrical andComputer Engineering, University of Waterloo,Canada. He was the Associate Chair for Grad-uate Studies from 2004 to 2008. Dr. Shen’sresearch focuses on resource management in

interconnected wireless/wired networks, wireless network security, wire-less body area networks, vehicular ad hoc and sensor networks. He is aco-author/editor of six books, and has published more than 600 papersand book chapters in wireless communications and networks, controland filtering. Dr. Shen served as the Technical Program CommitteeChair for IEEE VTC’10 Fall, the Symposia Chair for IEEE ICC’10, theTutorial Chair for IEEE VTC’11 Spring and IEEE ICC’08, the TechnicalProgram Committee Chair for IEEE Globecom’07, the General Co-Chairfor Chinacom’07 and QShine’06, the Chair for IEEE CommunicationsSociety Technical Committee on Wireless Communications, and P2PCommunications and Networking. He also serves/served as the Editor-in-Chief for IEEE Network, Peer-to-Peer Networking and Application,and IET Communications; a Founding Area Editor for IEEE Transactionson Wireless Communications; an Associate Editor for IEEE Transac-tions on Vehicular Technology, Computer Networks, and ACM/WirelessNetworks, etc.; and the Guest Editor for IEEE JSAC, IEEE WirelessCommunications, IEEE Communications Magazine, and ACM MobileNetworks and Applications, etc. Dr. Shen received the Excellent Grad-uate Supervision Award in 2006, and the Outstanding PerformanceAward in 2004, 2007 and 2010 from the University of Waterloo, the Pre-mier’s Research Excellence Award (PREA) in 2003 from the Provinceof Ontario, Canada, and the Distinguished Performance Award in 2002and 2007 from the Faculty of Engineering, University of Waterloo. Dr.Shen is a registered Professional Engineer of Ontario, Canada, an IEEEFellow, an Engineering Institute of Canada Fellow, a Canadian Academyof Engineering Fellow, and a Distinguished Lecturer of IEEE VehicularTechnology Society and Communications Society.

Documents

SPOC - A Secure and Privacy-Preserving Opportunistic Computing Framework for Mobile-Healthcare Emergency