The Contribution of Cell Surface Components to the Neutrophil Mechanosensitivity to Shear Stresses

Michael L. Akenhead; Hainsworth Y. Shin; Michael L. Akenhead; Hainsworth Y. Shin

doi:10.3934/biophy.2015.3.318

AIMS Biophysics

2015, Volume 2, Issue 3: 318-335. doi: 10.3934/biophy.2015.3.318

Previous Article Next Article

Review Special Issues

The Contribution of Cell Surface Components to the Neutrophil Mechanosensitivity to Shear Stresses

Michael L. Akenhead ,
Hainsworth Y. Shin ^,

Department of Biomedical Engineering, University of Kentucky, 143 Graham Avenue, Lexington, KY 40506, USA

Received: 18 April 2015 Accepted: 30 July 2015 Published: 18 August 2015

This review discusses the regulation of neutrophils by fluid shear stress in the context of factors that may govern cell mechanosensitivity and its influence on cell functions. There is substantial evidence that mechanoreceptors located on the peripheral membrane contribute to the ability of shear stress to regulate cell activity. In the case of neutrophils, the formyl peptide receptor (FPR) and the CD18 integrins on the cell membrane have been shown to provide neutrophils with the ability to sense shear stresses in their local environment and alter their physiological state, accordingly. This configuration is also found for other types of cells, although they involve different cell-specific mechanoreceptors. Moreover, from an examination of the neutrophil mechanotransducing capacity, it is apparent that cellular mechanosensitivity depends on a number of factors that, if altered, contribute to dysregulation and ultimately pathophysiology. To exemplify this, we first describe the neutrophil responses to shear exposure. We then review two neutrophil mechanoreceptors, specifically FPR and CD18 integrins, which participate in controlling cell activity levels under physiological conditions. Next, we discuss the various factors that may alter neutrophil mechanosensitivity to shear stress and how these may underlie the circulatory pathobiology of two cardiovascular disease states: hypertension and hypercholesterolemia. Based on the material presented, it is conceivable that cell mechanosensitivity is a powerful global metric that permits a more efficient approach to understanding the contribution of mechanobiology to physiology and to disease processes.

Keywords:

Citation: Michael L. Akenhead, Hainsworth Y. Shin. The Contribution of Cell Surface Components to the Neutrophil Mechanosensitivity to Shear Stresses[J]. AIMS Biophysics, 2015, 2(3): 318-335. doi: 10.3934/biophy.2015.3.318

Related Papers:

[1]	Delong Cui, Hong Huang, Zhiping Peng, Qirui Li, Jieguang He, Jinbo Qiu, Xinlong Luo, Jiangtao Ou, Chengyuan Fan . Next-generation 5G fusion-based intelligent health-monitoring platform for ethylene cracking furnace tube. Mathematical Biosciences and Engineering, 2022, 19(9): 9168-9199. doi: 10.3934/mbe.2022426
[2]	Shufen Niu, Wei Liu, Sen Yan, Qi Liu . Message sharing scheme based on edge computing in IoV. Mathematical Biosciences and Engineering, 2023, 20(12): 20809-20827. doi: 10.3934/mbe.2023921
[3]	Yuanfei Tu, Jing Wang, Geng Yang, Ben Liu . An efficient attribute-based access control system with break-glass capability for cloud-assisted industrial control system. Mathematical Biosciences and Engineering, 2021, 18(4): 3559-3577. doi: 10.3934/mbe.2021179
[4]	Nyamsuren Vaanchig, Zhiguang Qin . Public key encryption with temporary and fuzzy keyword search. Mathematical Biosciences and Engineering, 2019, 16(5): 3914-3935. doi: 10.3934/mbe.2019193
[5]	Qihui Zhang, Pradeep Chaudhary, Saru Kumari, Zhiyin Kong, Wenfen Liu . Verifier-based anonymous password-authenticated key exchange protocol in the standard model. Mathematical Biosciences and Engineering, 2019, 16(5): 3623-3640. doi: 10.3934/mbe.2019180
[6]	Qing Ye, Qiaojia Zhang, Sijie Liu, Kaiqiang Chen . A novel chaotic system based on coupled map lattice and its application in HEVC encryption. Mathematical Biosciences and Engineering, 2021, 18(6): 9410-9429. doi: 10.3934/mbe.2021463
[7]	Xiao Dong Yang, Wen Jia Wang, Bin Shu, Mei Juan Li, Rui Xia Liu, Cai Fen Wang . Multi-message multi-receiver signcryption scheme based on blockchain. Mathematical Biosciences and Engineering, 2023, 20(10): 18146-18172. doi: 10.3934/mbe.2023806
[8]	Shahab Shamshirband, Javad Hassannataj Joloudari, Sahar Khanjani Shirkharkolaie, Sanaz Mojrian, Fatemeh Rahmani, Seyedakbar Mostafavi, Zulkefli Mansor . Game theory and evolutionary optimization approaches applied to resource allocation problems in computing environments: A survey. Mathematical Biosciences and Engineering, 2021, 18(6): 9190-9232. doi: 10.3934/mbe.2021453
[9]	Abdullah Lakhan, Mazhar Ali Dootio, Ali Hassan Sodhro, Sandeep Pirbhulal, Tor Morten Groenli, Muhammad Saddam Khokhar, Lei Wang . Cost-efficient service selection and execution and blockchain-enabled serverless network for internet of medical things. Mathematical Biosciences and Engineering, 2021, 18(6): 7344-7362. doi: 10.3934/mbe.2021363
[10]	Wenjing Lv, Jue Chen, Songlin Cheng, Xihe Qiu, Dongmei Li . QoS-driven resource allocation in fog radio access network: A VR service perspective. Mathematical Biosciences and Engineering, 2024, 21(1): 1573-1589. doi: 10.3934/mbe.2024068

Abstract

1. Introduction

In the last few decades, technology has significantly dominated our lives and is currently considered the driving force of recent improvements in the medical health care area. Wireless sensor networks (WSNs) have demonstrated considerable importance due to their usage in many different aspects of human lives, such as medical health care, surveillance, environmental monitoring, military fields, and many other useful applications ^[1,2,3].

With the widespread use of smartphones, researchers have concentrated on the use of mobile technology for mobile medical health care, focusing on systems of medical data aggregation that are used to collect and send health data from patient smartphones directly to health care organizations.

With the exponential growth of health data, the processes of aggregating and analyzing vast amounts of data require immense storage capabilities, powerful computational resources, and fast and secure means of communication. Achieving these requirements by relying only on traditional WSNs is difficult and expensive for health care organizations ^[4].

Cloud-based solutions have proliferated in the medical health care field due to their extensive benefits ^[5]. These benefits include large-scale and on-demand storage, agility, cost-effectiveness and continuous service availability for information processing. Therefore, cloud-based solutions have considerable potential to enhance collaboration among the various participating entities in medical health care, such as patients and health care organizations.

Despite these benefits, cloud-based solutions are associated with elevated threat levels in terms of security and privacy. These threats include identity spoofing; data tampering; information disclosure; and violations of data integrity, confidentiality, authenticity, and accountability ^[6,7].

Mobile health networks (MHNWs) consist of small and inexpensive sensors that are deployed in unsupervised environments and are easily exposed to malfunctions and malicious attacks. Thus, fault tolerance is an important characteristic that must be considered when designing sensor network schemes ^[8].

In data aggregation schemes, sensor failures can cause the collection and transfer of incorrect data without a guarantee of excellence. Fault tolerance is defined as "the ability of the network to sustain its functionalities properly, even in the presence of failures in some of its nodes". Fault tolerance aims to eliminate critical privacy threats and assure strong privacy protection for users who contribute their data to aggregators to ensure that the applied technology can deliver excellent service quality ^[9].

Two approaches can be employed to achieve fault tolerance. The first is a reactive approach, in which a system can recover from failures when they occur ^[10]. A small error can be recovered by a state-of-the-art protocol despite failures ^[11]. Unfortunately, these protocols can tolerate only partial failures and are not efficient in terms of bandwidth and delay. The second is a proactive approach that handles failures using multiple message exchanges between the nodes and the aggregator before faults occur. This approach substantially reduces the required recovery time, as the information needed for fault recovery is available.

Despite the fact that the state-of-the-art binary proactive protocol achieves a low delay, it suffers from communication overhead, bandwidth costs and large errors ^[10]. Won et al. ^[10] presented a novel design for a future ciphertext mechanism; this design supports differential privacy and achieves a higher bandwidth than the state-of-the-art binary proactive protocol. Chen et al. ^[12] presented a data aggregation scheme that preserves user privacy and guarantees data integrity by adopting a future ciphertext mechanism to provide fault tolerance capability.

Due to the confidential nature of health information and the importance of protecting and preserving the confidentiality of data, information security systems should be designed and developed with consideration of legal, ethical and security issues. Therefore, to design a workable data aggregation scheme for medical health care, the following issues must be addressed. The first issue is how to protect and preserve the security and privacy of data and maintain data confidentiality. The second issue is how to protect a system against failures.

Therefore, we propose a novel design for a fault-tolerant privacy-preserving data aggregation scheme. We use the cloud to aggregate, store and process data. Our contributions can be summarized as follows:

● The proposed architecture achieves a fault-tolerant privacy-preserving data aggregation scheme for lightweight health data with end-to-end verification. Moreover, when some failures occur, the cloud can compute the aggregation result, and health care institutions (HCs) can verify the correctness of the aggregated result.

● We modify the future ciphertext mechanism by adding a threshold for the number of faulty nodes. This modification avoids scenarios in which the cloud continues to compute meaningless aggregation when a serious abnormality occurs in the system.

● For secure aggregation and identity protection, we use homomorphic encryption, as it enables aggregation functions to be performed on encrypted data. We use random noise to achieve differential privacy.

● We provide a security and privacy analysis to show that our proposed scheme supports privacy preservation, fault tolerance, and data integrity verification. Additionally, we evaluate the efficiency, robustness and reliability of our scheme to confirm that it has good real-time performance and low aggregation error.

The remainder of the paper is organized as follows: Section 2 provides a background of health data aggregation and investigates the privacy and security challenges of data aggregation. Section 3 reviews related studies. Preliminaries and the proposed scheme are presented in Sections 4 and 5, respectively. The security analysis is provided in Section 6, followed by the performance analysis in Section 7. The conclusion of the study and future research ideas are discussed in Section 8.

2. Background

WSNs are formed by hundreds of thousands of sensor nodes that are used to measure and transmit physical or environmental changes, such as temperature and pressure or motion within a monitoring environment. Each sensor node consists of a sensing unit, memory, a processing unit, a power supply and a wireless communication unit ^[13]. The characteristics of WSNs include limited power, mobility, ability to cope with node failures, and low cost. These features have prompted researchers to introduce a new research area in the medical health care field: MHNWs. Recently, wearable devices and smartphones have been extensively applied in offering health monitoring services based on health data gathered from users. As these health data are very sensitive, any data leakage may violate user privacy ^[2]. In this section, we present an overview of the different uses of cloud computing in terms of data aggregation and address the security and privacy issues associated with MHNWs.

2.1. Security and privacy challenges

The usage of WSNs has rapidly increased over the past few years in various fields. A massive amount of data is being collected, transmitted and aggregated to perform processing operations. A large number of threats surround WSNs. Consequently, the design of a privacy-preserving data aggregation protocol should address these threats ^[13], which include the following:

a) Privacy Preservation and Eavesdropping: Eavesdropping is a type of attack in which the intruder tries to obtain confidential data by listening to transmissions over neighboring wireless links. Therefore, privacy preservation assures data privacy that may be threatened by trusted sensor nodes and adversaries. Some aggregation functions, such as min and max, can also be used to breach data privacy. Therefore, the designed protocol must maintain data privacy while using aggregation functions ^[13].

b) Data Integrity and Data Tampering: One of the most common types of attack on data privacy is data tampering, in which the attacker tries to manipulate (with an intermediate result) sensor data at the aggregator level during the data aggregation phase. This type of attack leads to an incorrect aggregation result and eventually to an incorrect decision ^[2,13].

c) Efficiency: In WSNs, it is very difficult to avoid communication overhead, but it can be greatly minimized by reducing communication costs, computational costs, and memory and payload sizes. In WSNs, data aggregation must fulfill both bandwidth and energy efficiency requirements throughout network processing.

d) Accuracy and Dynamism: In WSNs, energy constraints must be properly managed. The data generated from all sensing nodes are important. Therefore, all nodes should have sufficient power to process the collected data ^[3,13].

2.2. Essential requirements for privacy preservation in an e-health cloud

Certain rules and regulations are defined to ensure the privacy of the data within an organization and are called the CIA model (confidentiality, integrity and availability) ^[5]. Nevertheless, the data managed by third-party vendors require more privacy measures than those existing in the CIA model. Abbas and Khan ^[7] stated that there are many threats to privacy in the cloud, such as spoofing, masquerading, tampering, replaying and denial of service. The following requirements must be fulfilled to achieve data privacy preservation:

● Confidentiality: The health information of patients must be protected not only in the cloud environment but also from external anomalies and unauthorized users ^[7].

● Integrity: The data must be protected from illegitimate actions while ensuring that the data have not been altered or tampered with by either authorized or unauthorized users ^[5,7].

● Anonymity: Health data contain vital information, such as the patient's diseases and name, and this information must be hidden ^[14,15]. The patient's identity must be protected from intruders, unauthorized users and other internal or external adversaries. Anonymity can be achieved by using a technique known as pseudonymity ^[5,7].

● Nonrepudiation: These threats are posed by a user who performs tasks and denies them later. In the medical health care area, neither a patient nor a doctor can deny modifying data ^[7].

3. Related work

Data aggregation, as a powerful technique for MHNWs, has attracted substantial attention in both academia and industrial fields. Recently, many privacy-preserving data aggregation schemes have been presented. In ^[11], ACS and Castelluccia proposed a privacy-preserving data aggregation scheme that applies the differential privacy concept by adding Laplace noise to aggregated data. However, the scheme increases network bandwidth and delay. Subsequently, they extended their scheme to support partial fault tolerance.

Lu et al. ^[15] introduced an efficient privacy-preserving scheme that reduces the computational overhead and delays in the network with its features, thereby providing fewer calculations, less traffic, higher accuracy and verifiable completeness. Khan et al. ^[16] proposed a fault-tolerant privacy-preserving data aggregation scheme in a fog-enabled Boneh-Goh-Nissam (BGN) cryptosystem used to preserve privacy. This scheme also reduces communication and computation costs. Zhang et al. ^[17] presented a privacy-preserving data aggregation scheme for health data monitoring in which the health data were stored and processed in the cloud and various strategies were applied based on the prioritization of the dataset. This scheme reduces the communication overhead but is not tolerant of node failures.

Won et al. ^[10] introduced a novel design for future ciphertext buffering to tolerate malfunctioning smart meters and achieved both differential privacy and error optimization. Chen et al. ^[12] also adopted the future ciphertext buffering mechanism that was proposed in ^[10] and proposed an aggregation scheme that supports fault tolerance, privacy preservation and data integrity. In addition, confidentiality was guaranteed by using Diffie-Hellman cryptography, while integrity was achieved by attaching a homomorphic message authentication code (HMAC) to each message.

Han et al. ^[8] addressed the fault tolerance issue within the health data monitoring framework. They proposed a cloud-based data aggregation scheme that supports additive and nonadditive data aggregation. A BGN cryptosystem was used to protect user privacy. Differential privacy was achieved by using multiple cloud servers. The scheme also guarantees data integrity. Chen et al. ^[18] presented another multifunctional data aggregation schema (MUDA) that takes advantage of the homomorphic property of the BGN cryptosystem and a bilinear map to provide confidentiality to user data. The MUDA was also extended to support differential privacy ^[19,20]. Zhu et al. ^[21] proposed a secure data integrity verification scheme based on a short signature algorithm. They introduced the use of cloud computing to augment computing and storage resources.

Since health data aggregation requires very high computational capabilities, the privacy of sensitive information can be guaranteed if it is encrypted ^[22] by the owner. Homomorphic encryption enables the cloud to compute the result of aggregation without knowing the raw data. Another way to provide security for health data is through the use of cryptographic storage ^[3,8,17].

Moreover, verification is an extremely crucial step in health data aggregation, as any tampering with the data results in an invalid aggregation, and such interference must therefore be detected and rejected. The message authentication code (MAC) is a protocol that is commonly used to detect false data and to protect and guarantee the integrity of the data ^{[12,23,24,25]}. Zhang et al. ^[25] and Chen et al. ^[12] took advantage of the homomorphic properties of the MAC to guarantee data integrity. The hash-based MAC was used by Chen et al. ^[12] and Zhuo et al. ^[26] to verify user data.

4. Preliminaries

This section reviews the relevant definitions and terminologies. These definitions are necessary to understand the remainder of this work. The basic notations and symbols are listed in Table 1.

Table 1. Descriptions of symbols that are frequently used.

Variables	Description
$ {\mathbf{G}}_{\bf 1}, {\mathbf{G}}_{\bf 2}, {\mathbf{G}}_{\mathbf{T}} $	Cyclic multiplicative group
$ {\boldsymbol{g}}_{\bf 1} $	Generator of $ { \ \mathrm{G}}_{1} $
$ {\boldsymbol{g}}_{\bf 2} $	Generator of $ { \ \mathrm{G}}_{2} $
$ \boldsymbol{p}, \boldsymbol{q} $	Prime numbers
$ {\boldsymbol{Z}}_{\boldsymbol{q}}^{\mathbf{*}} $	Multiplicative group of $ { Z}_{q} $
$ \boldsymbol{e}\left({\boldsymbol{g}}_{1}, {\boldsymbol{g}}_{2}\right) $	The generator of group $ { G}_{T} $
$ \boldsymbol{A} $	A random mechanism
$ \boldsymbol{ϵ} $	A parameter expressing the privacy cost
$ \boldsymbol{S} $	Subset of $ Range\left(A\right) $
$ \boldsymbol{R}\boldsymbol{a}\boldsymbol{n}\boldsymbol{g}\boldsymbol{e}\left(\boldsymbol{A}\right) $	A domain of the output under mechanism $ A $
$ \mathbf{ \pmb{\mathsf{ λ}} } $	A security parameter
$ \boldsymbol{p}\boldsymbol{k} $	Public key
$ \boldsymbol{s}\boldsymbol{k} $	Secret key
$ \mathbf{x} $	Message
$ \boldsymbol{c} $	Ciphertext
MAC	Homomorphic MAC function
$ \boldsymbol{h} $	Secure hash function

| Show Table

DownLoad: CSV

4.1. Bilinear pairing

A bilinear pairing $ \mathrm{e} $ is a map $ \mathrm{e}:{\mathrm{G}}_{1}\times {\mathrm{G}}_{2}\stackrel{}{\to }{\mathrm{G}}_{\mathrm{T}} $, where $ {\mathrm{G}}_{1}, {\mathrm{G}}_{2} $ and $ {\mathrm{G}}_{\mathrm{T}} $ are cyclic multiplicative groups of the same prime order $ \mathrm{q} $, $ {\mathrm{g}}_{1} $ is a generator of $ {\mathrm{G}}_{1} $, and $ {\mathrm{g}}_{2} $ is a generator of $ {\mathrm{G}}_{2} $. The pairing $ \mathrm{e} $ has the following properties:

Bilinearity: $ \mathrm{e}\left({\mathrm{g}}_{1}^{\mathrm{a}}, {\mathrm{g}}_{2}^{\mathrm{b}}\right) = \ \mathrm{e}\left({\mathrm{g}}_{1}, {\mathrm{g}}_{2}\right)\forall {\mathrm{g}}_{1}\in {\mathrm{G}}_{1}, {\mathrm{g}}_{2}\in {\mathrm{G}}_{2} $ and $ \mathrm{a}, \ \mathrm{b}\in {\mathrm{Z}}_{\mathrm{q}}^{\mathrm{*}} $.

Computability: $ \forall {\mathrm{g}}_{1}\in {\mathrm{G}}_{1}, {\mathrm{g}}_{2}\in {\mathrm{G}}_{2} $, $ \mathrm{e}\left({\mathrm{g}}_{1}, {\mathrm{g}}_{2}\right) $ can be computed by an efficient algorithm.

Nondegeneracy: $ \forall {\mathrm{g}}_{1}\in {\mathrm{G}}_{1}, {\mathrm{g}}_{2}\in {\mathrm{G}}_{2} $, $ \mathrm{e}\left({\mathrm{g}}_{1}, {\mathrm{g}}_{2}\right)\ne 1. $

4.2. Complexity assumptions

Definition 1. Discrete Logarithmic Problem ^[27] (DLP): Assume that $ {\mathrm{G}}_{1}, {\mathrm{G}}_{2} $ are two cyclic multiplicative cyclic groups, $ {\mathrm{G}}_{1} $ is generated by $ {\mathrm{g}}_{1} $, and $ {\mathrm{G}}_{2} $ is generated by $ {\mathrm{g}}_{2} $. Suppose that $ {\mathrm{g}}_{0}, {\mathrm{g}}_{1} $ are two elements in $ {\mathrm{G}}_{1} $. It is computationally intractable to compute $ \mathrm{a} $ such that

$ {\mathrm{g}}_{1} = {\mathrm{g}}_{0}^{\mathrm{a}} $

(1)

Definition 2. Computational Diffie-Hellman Problem ^[28] (CDH): Assume that $ {\mathrm{G}}_{1}, {\mathrm{G}}_{2} $ are two cyclic multiplicative cyclic groups, $ {\mathrm{G}}_{1} $ is generated by $ {\mathrm{g}}_{1} $, and $ {\mathrm{G}}_{2} $ is generated by $ {\mathrm{g}}_{2} $. Given $ \mathrm{e}\left({\mathrm{g}}_{1}, {\mathrm{g}}_{1}^{\mathrm{a}}, {\mathrm{g}}_{1}^{\mathrm{b}}\right) $ and $ \mathrm{a}, \ \mathrm{b}\in {\mathrm{Z}}_{\mathrm{q}}^{\mathrm{*}} $, it is intractable to derive $ {\mathrm{g}}_{1}^{\mathrm{a}\mathrm{b}} $ from the given $ \mathrm{e}\left({\mathrm{g}}_{1}^{\mathrm{a}}, {\mathrm{g}}_{1}^{\mathrm{b}}\right) $ in polynomial time.

Definition 3. Decisional Diffie-Hellman Problem ^[26] (DDH): Assume that $ {\mathrm{G}}_{1}, {\mathrm{G}}_{2} $ are two cyclic multiplicative cyclic groups, $ {\mathrm{G}}_{1} $ is generated by $ {\mathrm{g}}_{1} $, and $ {\mathrm{G}}_{2} $ is generated by $ {\mathrm{g}}_{2} $. Given $ \mathrm{e}\left({\mathrm{g}}_{1}, {\mathrm{g}}_{1}^{\mathrm{a}}, {\mathrm{g}}_{1}^{\mathrm{b}}, {\mathrm{g}}_{1}^{\mathrm{c}}\right) $, where a, b, c $ \in {\mathrm{Z}}_{\mathrm{q}}^{\mathrm{*}} $, a DDH determines whether $ \mathrm{c} = \mathrm{a}\mathrm{b} \ \mathrm{m}\mathrm{o}\mathrm{d} \ \mathrm{q} $ by checking as follows:

$ \mathrm{e}\left({\mathrm{g}}_{1}^{\mathrm{a}}, {\mathrm{g}}_{1}^{\mathrm{b}}\right)\genfrac{}{}{0pt}{}{?}{ = }\mathrm{e}\left({\mathrm{g}}_{1}^{\mathrm{c}}, \ \mathrm{g}\right) $

(2)

Definition 4. Gap Diffie-Hellman ^[29] (GDH) Group: A group is Gap Diffie-Hellman if the computational Diffie-Hellman problem is hard but the Decisional Diffe-Hellman problem can be solved in a cyclic multiplicative group $ {\mathrm{G}}_{1}, {\mathrm{G}}_{2} $.

4.3. Differential privacy

Definition 1. ($ \mathrm{ϵ}- $ Differential Privacy) ^[30] A randomized mechanism $ \mathrm{A} $ satisfies $ \mathrm{ϵ}- $ differential privacy if for any two datasets $ {\mathrm{D}}_{1} \ \ \mathrm{a}\mathrm{n}\mathrm{d} \ \ {\mathrm{D}}_{2} $, where $ {\mathrm{D}}_{1}\mathrm{i}\mathrm{s} $ obtained from $ {\mathrm{D}}_{2} $ by adding or removing a single element, and for all $ \mathrm{S} $ ⊆ $ \mathrm{R}\mathrm{a}\mathrm{n}\mathrm{g}\mathrm{e}\left(\mathrm{A}\right), $

$ \mathrm{P}\mathrm{r}\left(\mathrm{A}\left({\mathrm{D}}_{1}\right)\in \mathrm{S}\right)\le {\mathrm{e}}^{\mathrm{ϵ}}.\mathrm{P}\mathrm{r}\left(\mathrm{A}\left({\mathrm{D}}_{2}\right)\in \mathrm{S}\right) $

(3)

In the above definition, the parameter $ \mathrm{ϵ} $ represents the privacy cost, which allows us to control the desired privacy level. A smaller value of $ \mathrm{ϵ} $ denotes better privacy protection but implies that more noise is required and that the result will have lower accuracy. The most common mechanism for achieving $ \mathrm{ϵ} $ -differential privacy is to add i.i.d Laplace noise sampled from the Laplace distribution to the aggregated result.

Definition 2. ($ 2\mathrm{ϵ}- $ Differential Privacy) ^[31] The noise $ \mathrm{L}\mathrm{a}\mathrm{p}\left({\rm{ \mathsf{ λ} }}\right) $ is sampled from the Laplace noise distribution with mean 0 and variance $ {2{\rm{ \mathsf{ λ} }}}^{2} $. The probability density function of the distribution is given by

$ \mathrm{L}\mathrm{a}\mathrm{p}\left({\rm{ \mathsf{ λ} }}\right) = \frac{1}{2{\rm{ \mathsf{ λ} }}}{\mathrm{e}}^{\left|\mathrm{x}\right|/{\rm{ \mathsf{ λ} }}} $

(4)

In our scenario, each participant should generate random noise following a Laplace distribution. The Laplace distribution is infinity divisible, where each random variable is a summation of n other random variables as follows:

$ \mathrm{L}\mathrm{a}\mathrm{p}\left({\rm{ \mathsf{ λ} }}\right) = {\sum }_{\mathrm{i} = 1}^{\mathrm{n}}({\mathrm{G}}_{\mathrm{i}}\left(\mathrm{n}, \ {\rm{ \mathsf{ λ} }}\right)-{\mathrm{G}'}_{\mathrm{i}}(\mathrm{n}, \ {\rm{ \mathsf{ λ} }}\left)\right) $

(5)

where $ {\mathrm{G}}_{\mathrm{i}}\left(\mathrm{n}, \ {\rm{ \mathsf{ λ} }}\right) $ and $ {\mathrm{G}}_{\mathrm{i}}'(\mathrm{n}, {\rm{ \mathsf{ λ} }}) $ are gamma-distributed random variables with a gamma density given by

$ \mathrm{g}\left(\mathrm{x}, \ \mathrm{n}, \ {\rm{ \mathsf{ λ} }}\right) = \frac{{(1/{\rm{ \mathsf{ λ} }})}^{1/\mathrm{n}}}{\mathrm{\Gamma }(1/\mathrm{n})}{\mathrm{x}}^{1/\mathrm{n}-1}{\mathrm{e}}^{-\mathrm{x}/{\rm{ \mathsf{ λ} }}} $

(6)

Additionally, $ \mathrm{\Gamma }(1/\mathrm{n}) $ is the gamma function evaluated at $ 1/\mathrm{n} $.

4.4. YASHE

Yet Another Somewhat Homomorphic Encryption (YASHE) is a scheme based on a modified version of n-th degree truncated polynomial ring units (NTRUs) and the multikey homomorphic encryption scheme ^[32]. It has become a trendy fully homomorphic encryption (FHE) scheme due to its superior performance with lightweight data compared with the performances of other homomorphic schemes ^[32,33].

The security of YASHE is based on the hardness of the decisional-ring learning with errors (RLWE) problem ^[34]: Given sample $ {\mathrm{a}\leftarrow \mathrm{R}}_{\mathrm{q}} $, error term e $ \leftarrow $ χ, and a secret $ {\mathrm{s}\leftarrow \mathrm{R}}_{\mathrm{q}} $ where $ {\mathrm{a}\leftarrow \mathrm{R}}_{\mathrm{q}} $ is drawn uniformly at random, it is computationally hard for an adversary that does not know s and e to distinguish between the distribution of e $ (sa+e, a) $ and that of $ (a, b) $ where $ \left({\mathrm{b}\leftarrow \mathrm{R}}_{\mathrm{q}}\right) $.

YASHE. ParamGen($ {\rm{ \mathsf{ λ} }} $): Given a set of parameters $ {\rm{ \mathsf{ λ} }} $, $ \mathrm{d} $, $ \mathrm{q} $, $ \mathrm{t} $, $ {\mathrm{x}}_{\mathrm{k}\mathrm{e}\mathrm{y}} $, $ {\mathrm{x}}_{\mathrm{e}\mathrm{r}\mathrm{r}} $ and $ \mathrm{w} $, where $ {\rm{ \mathsf{ λ} }} $ is a security parameter, $ \mathrm{d} $ is a fixed positive integer that determines $ \mathrm{R} $, and moduli $ \mathrm{q} $ and $ \mathrm{t} $ exist, with $ 1<\mathrm{t}<\mathrm{q} $, $ {\mathrm{x}}_{\mathrm{k}\mathrm{e}\mathrm{y}} $ and $ {\mathrm{x}}_{\mathrm{e}\mathrm{r}\mathrm{r}} $ are distributions on $ \mathrm{R} $, and $ \mathrm{w} $ is an integer base where $ \mathrm{w}>1 $. The algorithm generates $ (\mathrm{d} $, $ \mathrm{q} $, $ \mathrm{t} $, $ {\rm{ \mathsf{ λ} }} $, $ {\mathrm{x}}_{\mathrm{k}\mathrm{e}\mathrm{y}} $, $ {\mathrm{x}}_{\mathrm{e}\mathrm{r}\mathrm{r}} $, $ \mathrm{w} $).

YASHE. keyGen $ (\mathrm{d} $, $ \mathrm{q} $, $ \mathrm{t} $, $ {\rm{ \mathsf{ λ} }} $, $ {\mathrm{x}}_{\mathrm{k}\mathrm{e}\mathrm{y}} $, $ {\mathrm{x}}_{\mathrm{e}\mathrm{r}\mathrm{r}} $, $ \mathrm{w} $): $ \mathrm{h} $, $ \mathrm{f}\leftarrow {\mathrm{x}}_{\mathrm{k}\mathrm{e}\mathrm{y}} $ are computed; then, $ \mathrm{f} = [\mathrm{t}{\mathrm{f}}'+1{]}_{\mathrm{q}} $ and $ \mathrm{h} = [\mathrm{t}\mathrm{g}{\mathrm{f}}'{]}_{\mathrm{q}} $ are set. $ \mathrm{e}, \ \mathrm{s}\leftarrow {\mathrm{x}}_{\mathrm{e}\mathrm{r}\mathrm{r}}^{{\mathrm{l}}_{\mathrm{w}, \ \mathrm{q}}} $ are sampled, and $ \mathrm{\gamma } = \ [{\mathrm{P}}_{\mathrm{w}, \ \mathrm{q}}\left(\mathrm{f}\right)+\mathrm{e}+\mathrm{h}. \ \mathrm{s}{]}_{\mathrm{q}}\in {\mathrm{R}}^{{\mathrm{l}}_{\mathrm{w}}} $ is computed. Then, $ (\mathrm{p}\mathrm{k} $, $ \mathrm{s}\mathrm{k} $, $ \mathrm{e}\mathrm{v}\mathrm{k} $) = $ (\mathrm{h} $, $ \mathrm{f} $, $ \mathrm{\gamma } $) is generated.

YASHE. Encrypt ($ \mathrm{p}\mathrm{k}, \ \mathrm{x}) $ : $ \mathrm{x}\in \mathrm{R} $ is encrypted, and ciphertext c $ = {\left[∆{\left[\mathrm{x}\right]}_{\mathrm{t}}+\mathrm{e}+\mathrm{h}\mathrm{s}\right]}_{\mathrm{q}}\in \mathrm{R} $ is generated.

YASHE. Decrypt ($ \mathrm{s}\mathrm{k}, \ \mathrm{c}) $ : A ciphertext c is decrypted by x $ = {\left[⌊\frac{\mathrm{t}}{\mathrm{q}}.[{\mathrm{f}\mathrm{c}]}_{\mathrm{q}}⌉\right]}_{\mathrm{t}}\in \mathrm{R} $.

YASHE. Add $ ({\mathrm{c}}_{1} $, $ {\mathrm{c}}_{2} $): The ciphertext $ {\mathrm{c}}_{\mathrm{a}\mathrm{d}\mathrm{d}} $ = $ [{{\mathrm{c}}_{1}+{\mathrm{c}}_{2}]}_{\mathrm{q}} $ is output.

4.5. Homomorphic MAC function

One of the basic methods for ensuring data integrity and preventing tampering attacks is to use a homomorphic MAC function. The homomorphic property means that for two messages $ {\mathrm{x}}_{1} $ and $ {\mathrm{x}}_{2} $, given two homomorphic MACs (MAC ($ {\mathrm{x}}_{1} $) and MAC ($ {\mathrm{x}}_{2} $)), anyone can compute $ {{\mathrm{M}\mathrm{A}\mathrm{C} \ (\mathrm{x}}_{1}+ \ \mathrm{x}}_{2} $) without knowing $ {\mathrm{x}}_{1} $ or $ {\mathrm{x}}_{2} $. The MAC function can be constructed as follows:

${\mathrm{M}\mathrm{A}\mathrm{C} \ (\mathrm{x}}_{\mathrm{i}}) = {\mathrm{g}}^{\mathrm{x}}\mathrm{m}\mathrm{o}\mathrm{d}\mathrm{q} $

(7)

where $ {\mathrm{x}}_{\mathrm{i}}<\mathrm{q} $. This MAC function satisfies the homomorphic property since it follows that

$ \text{MAC} ( {\mathrm{x}}_{1} ) \mathrm{mo}\mathrm{d} \ \mathrm{q} + \text{MAC} ( {\mathrm{x}}_{2} ) \mathrm{mo}\mathrm{d} \ \mathrm{q} = {\mathrm{g}}^{\mathrm{x}1+\mathrm{x}2}\mathrm{m}\mathrm{o}\mathrm{d} \ \mathrm{q} = \text{MAC} ( {{\mathrm{x}}_{1}+ \ \mathrm{x}}_{2} ) \forall {{\mathrm{x}}_{1}, \ \mathrm{x}}_{2}\in {\mathrm{Z}}_{\mathrm{q}} $

(8)

4.6. Hash function

The cryptographic hash function is used to check the integrity and source of the given data. This function accepts an input of arbitrary length and maps it to a fixed length with a one-way, collision-resistant mapping. It is computationally infeasible to map two different input maps $ (\mathrm{a}, \ \mathrm{b}) $ to the same output such that $ \mathrm{h}\left(\mathrm{a}\right) = \mathrm{h}\left(\mathrm{b}\right) $, where $ \mathrm{a}\ne \mathrm{b} $. Additionally, it is impossible to infer a from $ \mathrm{h}\left(\mathrm{a}\right) $ ^[35].

5. Proposed approach

Data aggregation is an important tool in MHNWs, in which a vast amount of sensitive data is transmitted, processed, and analyzed. Therefore, fault tolerance and privacy have become critical issues for health data aggregation. Without appropriate privacy protection, users may not be willing to share their data. Therefore, we introduce a fault-tolerant privacy-preserving data aggregation scheme for health data.

In our scheme, the computational overhead is reduced. Privacy is provided by the fully homomorphic YASHE in addition to embedded noise for differential privacy. Fault tolerance is achieved by applying the future message mechanism to properly sustain network operability even in the presence of failures. To enhance the efficiency of the proposed scheme, a health institution can control malfunctioning nodes. The basic notations and symbols of the scheme are listed in Table 2.

Table 2. Basic notations for our proposed scheme.

Variables	Description
$ {\boldsymbol{U}}_{\boldsymbol{i}} $	Participant
$ {\mathbf{s}\mathbf{k}}_{\mathbf{i}} $	Private key for the participant
$ {\mathbf{p}\mathbf{k}}_{\mathbf{i}} $	Public key for the participant
$ {\mathbf{s}\mathbf{k}}_{\mathbf{c}} $	Private key for the health care institution
$ {\mathbf{p}\mathbf{k}}_{\mathbf{c}} $	Public key for the health care institution
$ {\mathbf{x}}_{\mathbf{i}, \mathbf{ }\mathbf{t}} $	Health data
$ \widehat{\mathbf{r}} $	Random noise
$ {\widehat{\mathbf{x}}}_{\mathbf{i}, \mathbf{t}} $	Noisy data
$ {\mathbf{c}}_{\mathbf{i}, \mathbf{t}} $	Ciphertext
$ \boldsymbol{H} $	Secure hash function
$ {\mathbf{ \pmb{\mathsf{ σ}} }}_{\mathbf{i}, \mathbf{t}} $	Signature generated by the secure hash function for participant $ { U}_{i} $
$ {\widehat{\mathbf{c}}}_{\mathbf{i}, \mathbf{t}+\mathbf{B}} $	Future ciphertext for time t + B
$ \boldsymbol{M}\boldsymbol{A}\boldsymbol{C} $	Homomorphic message authentication code
$ \widehat{\mathbf{M}\mathbf{A}\mathbf{C}} $	Future homomorphic message authentication code
$ \mathbf{ \pmb{\mathsf{ μ}} } $	Encrypted aggregation result
$ \mathbf{ \pmb{\mathsf{ σ}} } $	Verification of the correctness of the obtained aggregation result

| Show Table

DownLoad: CSV

5.1. System Model

Our system model consists of four main entities, as shown in Figure 1: mobile workers (MWs), the health care institution (HC), the cloud (C), and the trusted authority (TA).

Figure 1. System model.

DownLoad: Full-Size Img PowerPoint

■ Trusted Authority (TA): The primary responsibility of the TA is the initialization of the entire system, which includes registering the participants, the HCs and the cloud; generating the required public parameters; and distributing the keys.

■ Health Care Institution (HC): The HC is the requester that seeks aggregation statistics from patients' data. Due to limited storage and computation capabilities, the HC delegates computations to the cloud.

■ Cloud: The cloud server receives encrypted data from MWs and computes the desired statistical results. The cloud server encrypts the computation results and forwards them to the HC.

■ Participant (U): Participants refers to users or MWs who have smartphones and contribute their data to an HC. MWs are randomly chosen and encrypt and send their sensing data to the cloud.

Figure 2 depicts the framework of our proposed scheme, which contains three main entities: the client, the cloud, and the health institution. The cloud is the most prominent of these entities in our proposed scheme and contains three main modules: the data integrity verification module, the fault tolerance module, and the data aggregation module.

Figure 2. Our proposed framework.

DownLoad: Full-Size Img PowerPoint

The workflow of our framework is as follows: First, the user's encrypted data are sent with two parameters: the first is the future ciphertext, and the second is the verification code. Then, the cloud server will verify the data integrity and calculate the aggregation result. If the aggregator fails to receive the data from one or more users up to m, the aggregator will use the future ciphertext from the buffer memory to calculate the aggregation result and then send the result to the HC. Finally, the HC will decrypt the result.

5.2. A novel fault-tolerant privacy-preserving cloud-based data aggregation scheme for lightweight health data

Step 1: Setup and key management

The TA generates the necessary parameters and keys for the system, generates the bilinear parameters ($ \mathrm{q}, \ \mathrm{g}, \ \mathrm{h}, \ \mathrm{e}, {\mathrm{G}}_{1}, {\mathrm{G}}_{2}, {\mathrm{G}}_{\mathrm{T}} $) and encryption parameters for YASHE $ (\mathrm{d} $, $ \mathrm{q} $, $ \mathrm{t} $, $ {\rm{ \mathsf{ λ} }} $, $ {\mathrm{x}}_{\mathrm{k}\mathrm{e}\mathrm{y}} $, $ {\mathrm{x}}_{\mathrm{e}\mathrm{r}\mathrm{r}} $, $ \mathrm{w} $) and chooses a secure hash function $ \mathrm{H}\left(\mathrm{x}\right) $. The TA registers all mobile users, the requester and the cloud in the system by sending them a private/public key pair ($ {\mathrm{s}\mathrm{k}}_{\mathrm{c}}, {\mathrm{p}\mathrm{k}}_{\mathrm{c}}) $. The TA selects N mobile users and registers them. Each registered MW is assigned private/public key pairs ($ {\mathrm{s}\mathrm{k}}_{\mathrm{i}}, {\mathrm{p}\mathrm{k}}_{\mathrm{i}} $). Both the requester and workers are assigned encryption keys (α, β) for the homomorphic MAC.

Step 2: Sensing and reporting

During each time period t, each participant $ {\mathrm{U}}_{\mathrm{i}} $ reports his/her sensing data $ {\mathrm{x}}_{\mathrm{i}, \ \mathrm{t}} $ as follows. First, $ {\mathrm{U}}_{\mathrm{i}} $ computes

$ {\widehat{\mathrm{x}}}_{\mathrm{i}, \mathrm{t}} = {\mathrm{x}}_{\mathrm{i}, \ \mathrm{t}} + {\widehat{\mathrm{r}}}_{\mathrm{i}, \ \mathrm{t}} $

(9)

$ {\widehat{\mathrm{r}}}_{\mathrm{i}, \mathrm{t}} = {\mathrm{G}}_{\mathrm{i}, \mathrm{t}}\left(\mathrm{n}, \ {\rm{ \mathsf{ λ} }}\right)-{{G}'}_{\mathrm{i}, \mathrm{t}}\left(\mathrm{n}, \ {\rm{ \mathsf{ λ} }}\right) = {\widehat{\mathrm{G}}}_{\mathrm{i}, \mathrm{t}}\left(\mathrm{n}, \ {\rm{ \mathsf{ λ} }}\right) $

(10)

where $ {\widehat{\mathrm{r}}}_{\mathrm{i}, \ \mathrm{t}} $ represents random noise variables with gamma densities. The sum of all random noise from all participants guarantees differential privacy due to the divisibility of the Laplace distribution, as described in Section 4.1.

However, adding random noise $ \widehat{\mathrm{r}} $ is not adequate for ensuring the privacy of the data. As a result, the noisy data $ {\widehat{\mathrm{x}}}_{\mathrm{i}, \ \mathrm{t}} $ should be encrypted using the public key $ {\mathrm{p}\mathrm{k}}_{\mathrm{c}} $ of the requester to obtain

$ {\mathrm{c}}_{\mathrm{i}, \mathrm{t}} = {\mathrm{E}\mathrm{n}\mathrm{c}}_{{\mathrm{p}\mathrm{k}}_{\mathrm{c}}} ( {\widehat{\mathrm{x}}}_{\mathrm{i}, \ \mathrm{t}} ) $

(11)

Each ciphertext $ {\mathrm{c}}_{\mathrm{i}, \ \mathrm{t}} $ is signed with its corresponding signature $ {{\rm{ \mathsf{ σ} }}}_{\mathrm{i}, \ \mathrm{t}} $ (generated by the secure hash function H() using participants' private keys $ {\mathrm{s}\mathrm{k}}_{\mathrm{i}} $) to prevent tampering attacks and ensure data integrity as follows:

$ {{\rm{ \mathsf{ σ} }}}_{\mathrm{i}, \mathrm{t}} = {\mathrm{H}\left(\mathrm{t}\right|\left|{\mathrm{c}}_{\mathrm{i}, \mathrm{t}}\right)}^{{\mathrm{s}\mathrm{k}}_{\mathrm{i}}} $

(12)

To address fault tolerance, we use the proactive aggregation protocol based on the future ciphertext mechanism. Each participant $ {\mathrm{U}}_{\mathrm{i}} $ computes two kinds of ciphertext— $ {\mathrm{c}}_{\mathrm{i}, \ \mathrm{t}} $ for $ {\widehat{\mathrm{x}}}_{\mathrm{i}, \ \mathrm{t}} $ and a future ciphertext $ {\widehat{\mathrm{c}}}_{\mathrm{i}, \ \mathrm{t}} $ adapted from $ {\mathrm{c}}_{\mathrm{i}, \ \mathrm{t}} $ as follows:

$ {\widehat{\mathrm{c}}}_{\mathrm{i}, \mathrm{t}+\mathrm{B}} = {\mathrm{E}\mathrm{n}\mathrm{c}}_{{\mathrm{p}\mathrm{k}}_{\mathrm{c}}} ( {\widehat{\mathrm{r}}}_{\mathrm{i}, \ \mathrm{t}+\mathrm{B}}+\mathrm{L}\mathrm{a}{\mathrm{p}}_{\mathrm{i}, \ \mathrm{t}+\mathrm{B}}\left({\rm{ \mathsf{ λ} }}\right) ) $

(13)

We assume that the aggregator has a buffer memory ($ \mathrm{B} $) to store future ciphertexts for each node. In our design, the aggregator is the cloud, which has intensive storage. Each node $ \mathrm{i} $ sends its ciphertext $ {\mathrm{c}}_{\mathrm{i}, \ \mathrm{t}} $ at time $ \mathrm{t} $ and $ \mathrm{B} $ future ciphertexts $ {\widehat{\mathrm{c}}}_{\mathrm{i}, \ \mathrm{t}} $, $ {\widehat{\mathrm{c}}}_{\mathrm{i}, \ \mathrm{t}+1} $, $ {\widehat{\mathrm{c}}}_{\mathrm{i}, \ \mathrm{t}+2} $... $ {\widehat{\mathrm{c}}}_{\mathrm{i}, \ \mathrm{t}+\mathrm{B}-1} $, as shown in Figure 3. In the next iteration, each node sends two ciphertexts: The first ciphertext is the current ciphertext $ { \ \mathrm{c}}_{\mathrm{i}\mathrm{t}} $, and the second ciphertext is the future ciphertext $ {\widehat{\mathrm{c}}}_{\mathrm{i}, \ \mathrm{t}+\mathrm{B}} $ and the corresponding signature $ {{\rm{ \mathsf{ σ} }}}_{\mathrm{i}, \ \mathrm{t}} $. The purpose of a future ciphertext is to replace a given ciphertext if the cloud is unable to receive ciphertexts from the corresponding participant node. For increased efficiency, the HC controls the number of malfunctioning nodes using the parameter factor $ \mathrm{M} $.

Figure 3. Future ciphertext mechanism.

DownLoad: Full-Size Img PowerPoint

Step 3: Verifying the correctness of the health data aggregation

To ensure end-to-end verification, we use the HMAC function MAC. Each participant $ {\mathrm{U}}_{\mathrm{i}} $ signs the reported data with the corresponding homomorphic MAC value $ MAC $ ($ {\widehat{x}}_{i, t} $) and calculates the homomorphic MAC value for the future ciphertext $ \widehat{MAC} $ ($ {\widehat{r}}_{i, t+B} $). Participant $ {\mathrm{U}}_{\mathrm{i}} $ sends $ {c}_{i, t} $, $ {\widehat{c}}_{i, t+B } $, $ {\sigma }_{i, t} $, $ MAC $ ($ {\widehat{x}}_{i, t} $) and $ \widehat{MAC} $ ($ {\widehat{r}}_{i, t+B} $) to the cloud.

Step 4: Data aggregation and verification

After receiving all reports, the cloud verifies whether the received reports were obtained from the chosen participants for each ciphertext $ {c}_{i, t} $ using participants' public keys $ {pk}_{i} $ by checking

$ e\left({\sigma }_{i, t}, {g}_{2}\right) = e\left(H\right(t|\left|{c}_{i, t}\right), {pk}_{i} ) $

(14)

If the above equation is valid, then data integrity is guaranteed, and the cloud proceeds to compute the aggregation result $ \mu $. If not, a breach has occurred.

$ \mu = \sum \limits_{i = 1, i \notin {U}_{F}}^{n}{c}_{i, t} $

(15)

However, this equation does not consider fault tolerance. If some reports were not received by the cloud, the cloud cannot verify the received reports or obtain the aggregation results. For a more efficient and reliable schema, we modify the future ciphertext mechanism to enable users to set a preference configuration parameter M and resist the failure of a maximum of M participants out of N total participants.

$ \mu = \sum _{i = 1, i \notin {U}_{F}}^{n}{c}_{i, t}+ \sum _{j = 1, j ϵ {U}_{F}}^{n}{\widehat{c}}_{j, t} $

(16)

If the cloud does not receive the ciphertext $ \mathrm{c} $ from between one and M nodes, where HC can specify M, the cloud uses the future ciphertext $ {\widehat{\mathrm{c}}}_{ \ } $, which corresponds to the malfunctioning node from the buffer memory. If the number of malfunctioning nodes exceeds M, then the system is reinitialized to choose new medical health care nodes.

To verify the correctness of the aggregation result, the cloud computes the corresponding homomorphic message authentication code MAC as follows:

$ \sigma = \sum _{i = 1}^{n}MAC \left({\widehat{x}}_{i, t}\right) $

(17)

If the number of participants who fail to send their data is less than M, the cloud verifies the correctness of the aggregation result as follows:

$ \sigma = \sum _{i = 1, i \notin {U}_{F}}^{n}MAC \left({\widehat{x}}_{i, t}\right) + \sum _{j = 1, j ϵ {U}_{F}}^{n}\widehat{MAC} \left({\widehat{r}}_{j, t}\right) $

(18)

The cloud forwards the results and the corresponding homomorphic MAC values $\{ {\rm{ \mathsf{ μ} }}, \ {\rm{ \mathsf{ σ} }}\} $ to the requester (the HC).

Step 5: Decryption and verification of the results

When HC receives $\{ {\rm{ \mathsf{ μ} }}, \ {\rm{ \mathsf{ σ} }}\} $ from the cloud, it derives the aggregation result $ \sum _{\mathrm{i} = 1}^{\mathrm{n}}{\mathrm{c}}_{\mathrm{i}, \ \mathrm{t}} $ by decrypting $ {\rm{ \mathsf{ μ} }} $ as follows:

$ \sum _{i = 1}^{n}{{Dec}_{{sk}_{c}}(c}_{i, t}) = {Dec}_{{sk}_{c}}\left(\mu \right) $

(19)

The HC verifies the correctness of the aggregation result obtained using the homomorphic MAC algorithm by checking

$ MAC\left({Dec}_{{sk}_{c}}\left(\mu \right)\right)\genfrac{}{}{0pt}{}{?}{ = }\prod\limits _{i = 1}^{n}MAC\left({\widehat{x}}_{i, t}\right)+\prod\limits _{j = 1}^{n}\widehat{MAC}\left({\widehat{r}}_{j, t}\right) $

(20)

If the verification fails, the HC rejects the results. Otherwise, the HC accepts the results.

6. Security analysis

This section analyzes the security and privacy requirements satisfied by our proposed scheme. Moreover, we demonstrate how our proposed scheme resists different types of adversary models.

6.1. Data privacy

In our scheme, health data $ {\mathrm{x}}_{\mathrm{i}} $ are encrypted using YASHE, which is indistinguishable under the chosen ciphertext attack (IND-CPA) and secure under the decisional-RLWE assumption ^[34]. It is impossible for any time-bounded adversary to decrypt the ciphertext and obtain the health data without the knowledge of the private key, which is known only by the HC.

● Resilience against external attacks:

Proof: The external adversary cannot eavesdrop on the ciphertext $ {c}_{i, \ t} $ and extract $ {x}_{i, \ t} $ successfully since he/she has no knowledge of $ t, q, f $ or $ e, h $. Such knowledge is impossible because f is held securely by participant $ {U}_{i} $ and $ e, h $ is privately held by the HC.

6.2. Differential privacy

During each time period t, the cloud can perform one of the above two types of queries. Both queries provide $ 2ϵ $ -differential privacy, where $ {\rm{ \mathsf{ λ} }} $ = $ GS/ϵ $ and $ GS $ is the global sensitivity of the aggregation result. Although the cloud uses the current and future ciphertexts to infer the sensing data $ {x}_{i, t}, $, i.e., $ {c}_{i, \ t} $ - $ {\widehat{c}}_{i, \ t} $ = $ {x}_{i, t}-La{p}_{i, t}\left({\rm{ \mathsf{ λ} }}\right), $ it also provides $ ϵ $ -differential privacy for the data $ {x}_{i, \ t} $ ^[12], as the Laplace distribution has a symmetric shape around its mean of zero. Therefore, during each time period, from the participants' perspective, our scheme provides $ 2ϵ $ -differential privacy based on its parallel composition and sequential composition properties. Furthermore, our scheme provides protection against human factor-aware differential aggregation (HAD) ^[36]. This type of attack aims to break individual privacy. Suppose there are three MWs $ {\mathrm{M}\mathrm{W}}_{1} $, $ { \ \mathrm{M}\mathrm{W}}_{2} $ and $ { \ \mathrm{M}\mathrm{W}}_{3} $, and the sensing data $ {x}_{1}, {x}_{2} $ of $ {\mathrm{M}\mathrm{W}}_{1} $, $ {\mathrm{M}\mathrm{W}}_{2} $, respectively, are stable at time slots $ {t}_{1} $ and $ {t}_{2} $. $ {\mathrm{M}\mathrm{W}}_{3} $ does not report any data at time slot $ {t}_{2} $. From Eqs (5), (9), (10) and (13), the aggregated results for $ {t}_{1} $ and $ {t}_{2} $ are $ {M}_{1} $ = $ \sum _{i = 1}^{3}{x}_{i, 1}+La{p}_{1}\left({\rm{ \mathsf{ λ} }}\right) $ and $ {M}_{2} $ = $ \sum _{i = 1}^{2}{x}_{i, 2}+La{p}_{2}\left({\rm{ \mathsf{ λ} }}\right)+La{p}_{\mathrm{3, 2}}\left({\rm{ \mathsf{ λ} }}\right) $, respectively. It is infeasible for the adversary to derive the sensing data $ {x}_{3} $ of $ {\mathrm{M}\mathrm{W}}_{3} $ at time slot $ {t}_{1} $ by comparing the aggregated result of $ {t}_{1} $ and $ {t}_{2} $ since $ {{M}_{1}-M}_{2} = {x}_{3, 1}-La{p}_{3, 1}\left({\rm{ \mathsf{ λ} }}\right) $.

6.3. Data integrity

In our scheme, the cloud can easily detect if a report has been modified or interrupted by any adversary. Each report will be signed by a secure hash function at each time $ t $.

● Resilience against modification attacks:

Proof: Assume that the adversary modifies $ {c}_{i, t} $ and $ {\sigma }_{i, t} $ into $ {c}_{i, t}' $ and $ {\sigma }_{i, t}' $, respectively. The modified message passes the verification step if and only if $ {\sigma }_{i, t}' $ is guessed correctly. However, GDH group theory posits that it is infeasible for the adversary to determine $ {\sigma }_{i, t}' $ from $ \mathrm{e}\left({\sigma }_{i, t}', {g}_{2}\right) = e\left(H\left(t|\left|{c}_{i, t}'\right)\right), {pk}_{i}\right) $ since $ {G}_{1} $ is a GDH group. Additionally, for the given $ {\sigma }_{i, t}' $, it is impossible to extract $ {c}_{i, t}' $ from $ e\left({\sigma }_{i, t}', {g}_{2}\right) = e\left(H\right(t|\left|{c}_{i, t}'\right), {pk}_{i} $) due to the features of the secure hash function and GDH group.

Therefore, when the adversary tries to transmit a modified message $ {c}_{i, t}' $ to the cloud, the modification can be detected by the cloud. As a result, our proposed scheme is resilient against modification attacks.

● Resilience against impersonation attacks:

Proof: To impersonate $ {\mathrm{U}}_{1} $, the adversary must know the private key $ {\mathrm{s}\mathrm{k}}_{\mathrm{i}} $. Using the public key $ {\mathrm{p}\mathrm{k}}_{\mathrm{i}} $ and the signature $ {{\rm{ \mathsf{ σ} }}}_{\mathrm{i}, \ \mathrm{t}} $ = $ {\mathrm{H} \ \left(\mathrm{t}\right|\left|{\mathrm{c}}_{\mathrm{i}, \ \mathrm{t}}\right)}^{{\mathrm{s}\mathrm{k}}_{\mathrm{i}}} $, it is intractable to find $ {\mathrm{s}\mathrm{k}}_{\mathrm{i}} $ in polynomial time due to the discrete logarithmic assumption in $ {\mathrm{G}}_{1} $.

● Resilience against reply attacks:

Proof: The adversary launches a reply attack by sending ciphertext $ {\mathrm{c}}_{\mathrm{i} \ } $ with the signature $ {{\rm{ \mathsf{ σ} }}}_{\mathrm{i}, 1} $ at time $ {\mathrm{t}}_{2} $, which has been used at time $ {\mathrm{t}}_{1} $, where ($ {\mathrm{t}}_{1}<{\mathrm{t}}_{2} $). This can be detected by the cloud since $ \mathrm{e}\left({{\rm{ \mathsf{ σ} }}}_{\mathrm{i}, 1}, {\mathrm{g}}_{2}\right) = \mathrm{e} \ \left(\mathrm{H} \ \right({\mathrm{t}}_{1}|\left|{\mathrm{c}}_{\mathrm{i}, 1}\right), {\mathrm{p}\mathrm{k}}_{\mathrm{i}} $).

6.4. Robustness

To achieve robustness and node failure resistance in our scheme, we utilize a future ciphertext mechanism that requires low memory expenses. In the case of node failure, the cloud can still compute the aggregation and allows the HC to verify the correctness of aggregation. This in turn guarantees fault tolerance and robustness.

6.5. Correctness of the verification process

We use HMAC to ensure the correctness of the obtained aggregation result. First, during each time period t, the cloud computes the summation of the HMACs' $ {\rm{ \mathsf{ σ} }} $ for all received data and forwards the sum to the HC with the aggregation result $ {\rm{ \mathsf{ μ} }} $. Then, the HC computes the HMAC for the aggregation result $ {\rm{ \mathsf{ μ} }} $ and checks whether the equation below holds:

$ MAC\left({Dec}_{{sk}_{c}}\left(\mu \right)\right)\genfrac{}{}{0pt}{}{?}{ = }\sigma $

Therefore, if the adversary tampers with the aggregation result, this tampering can be detected by the HC. Moreover, Table 3 demonstrates a comparison between the security features of our proposed scheme and those of other works ^[10,12,26].

Table 3. Comparison of the security features of the proposed approach and related works.

Features	Our scheme	Won et al. ^[10]	Zhuo et al. ^[26]	Chen et al. ^[12]
PPR	Yes	Yes	Yes	Yes
REX	Yes	No	Yes	No
DPR	Yes	Yes	No	Yes
RIM	Yes	No	Yes	-
RMO	Yes	No	Yes	-
RRE	Yes	No	-	-
ROU	Yes	Yes	No	Yes
Correctness of Verification	Yes	No	Yes	Yes
Computation Delegation	Yes	No	Yes	No
PPR:	Privacy preservation.	RMO:	Resilience against modification attacks.
REX:	Resilience against external attacks.	RRE:	Resilience against reply attacks.
DPR:	Differential privacy.	ROU:	Robustness.
RIM:	Resilience against impersonation attacks.

| Show Table

DownLoad: CSV

7. Performance analysis

Our proposed scheme is implemented based on the homomorphic scheme developed by Lepoint and Naehrig ^[32] using the Fast Library for Number Theory (FLINT) arithmetic library and the GNU Multiple Precision (GMP) math library. Our simulation experiments and benchmark tests are executed on a laptop with an Intel core i5 processor, 6 GB of RAM and the Windows 7 (64-bit) operating system. We also implement the scheme of Won et al. ^[10] for comparison. The performance results are stated in terms of milliseconds.

Additionally, we consider that the health data are manipulated by the patient's mobile phone (MW). Encryption is performed by the MW before sending the data to the cloud, and decryption is performed by the HC after sending the data to the cloud. The cloud receives the encrypted data, computes the summation of these encrypted data, and forwards the encrypted results to the HC. The size of the encrypted dataset is relatively small, as our scheme focuses on lightweight health data. Our simulation dataset is randomly generated from 35 to 42 human body temperature readings.

7.1. Cost of key generation

First, we compare the key generation costs of an MW in our scheme with those in the scheme of Won et al. ^[10] by changing the security bit to examine the key generation costs at different security levels. Table 4 shows the parameter sets used in our benchmarks. We choose these parameters based on ^[37]. The comparison is shown in Figures 4 and 5 for the real-time and CPU time flags yielded by benchmark testing. For this comparison, we calculate the cost based on a group of 100 MWs. The graphs plotted in Figures 4 and 5 indicate that the required time for key generation in our scheme is lower than that in the scheme of Won et al. ^[10] in terms of both real time and CPU time. Note that the real time required for key generation in the scheme of Won et al. ^[10] is three times higher than that required for key generation in our scheme. Thus, our scheme is four times faster than that of Won et al. ^[10] based on CPU time flags. The key generation cost is critical to the MW, as a lower cost for key generation leads to a longer battery life.

Table 4. Key generation cost for different security levels.

Security Bit	Our Scheme				Scheme of Won et al. ^[10]
Security Bit	n	q	CPU Time (ms)	Real Time (ms)	CPU Time (ms)	Real Time (ms)
128	2048	54	0.115	0.346	0.960	1.917
192	4096	75	0.151	0.395	0.985	1.982
256	8192	118	0.185	0.469	0.995	2.078

| Show Table

DownLoad: CSV

Figure 4. Comparison of key generation costs in terms of real time.

DownLoad: Full-Size Img PowerPoint

Figure 5. Comparison of key generation costs in terms of CPU time.

DownLoad: Full-Size Img PowerPoint

7.2. Cost of encryption

We also simulate the costs of encryption incurred by an MW when each group of our scheme has 100 participants (U) and compare the calculated costs with those of the scheme of Won et al. ^[10] at different security levels by changing the security bit. The simulation results are shown in Figures 6 and 7 for the real-time and CPU time flags yielded by benchmark testing. As shown in Figures 6 and 7, the encryption time of our scheme is superior to that of the scheme developed by Won et al. ^[10]. In terms of both real time and CPU time, the encryption cost of our scheme is six times lower than that of the scheme of Won et al. ^[10]. The low efficiency of the Won et al. ^[10] scheme is attributed to its encryption mechanism, where each participant in each time period t must communicate with all partners from the same group to exchange the secret keys $ {\boldsymbol{s}\boldsymbol{k}}_{\boldsymbol{i}, \ \boldsymbol{t}} $ to be used as the encryption key. To reduce the encryption cost in the scheme of Won et al. ^[10], we need to reduce the number of participants (U) in each group. This reduction would cause a decrease in the privacy level of the data and result in a reduced security level. The opportunity for the adversary to attack and disclose the data would then increase.

Figure 6. Comparison of encryption costs in real time for different security levels.

DownLoad: Full-Size Img PowerPoint

Figure 7. Comparison of encryption costs in CPU time for different security levels.

DownLoad: Full-Size Img PowerPoint

7.3. Low aggregation error

To make our scheme more practical, we utilize the future ciphertext mechanism proposed by Won et al. ^[10] to guarantee fault tolerance at the expense of two main requirements. If failures occur, the cloud can still calculate the aggregation result and the corresponding data integrity verification value. To evaluate our fault tolerance protocol, we measure the closeness between the actual summation of the sequence of data and the noisy sum calculated using the root mean square error (RMSE). Figure 8 shows the simulation result of our proposed scheme, where p is the probability of failure for MWs. The error in our scheme is significantly lower than that in the scheme developed by Won et al. ^[10].

Figure 8. Comparison of encryption costs in real time yielded by changing the number of participants.

DownLoad: Full-Size Img PowerPoint

8. Conclusions and future work

We propose a fault-tolerant privacy-preserving cloud-based data aggregation scheme for lightweight health data. Our proposed scheme takes advantage of the numerous capabilities of the cloud by enabling an HC to delegate data aggregation tasks to the cloud. In our proposed scheme, we implement YASHE to protect the patient's identity and privacy, which enables the cloud to calculate the aggregation result with encrypted data. For differential privacy, we distribute noise among the MWs. Although our scheme enables the HC to verify the correctness of the aggregation result, our fault tolerance scheme is proactive and based on a future ciphertext mechanism. For increased efficiency, we enable the HC to control the number of acceptable malfunctioning nodes.

Compared with the aggregation process in the scheme of Won et al. ^[10], that in our scheme has a lower aggregation error and is not affected by the number of malfunctioning nodes. In addition, the performance evaluation shows that the computational overhead is significantly reduced. Unlike the encryption time in the scheme of Won et al. ^[10], that in our scheme is not affected by the number of participants utilized. The simulation results demonstrate the efficiency and feasibility of our scheme. In future work, we will improve our scheme to support multifunctional health data aggregation. Additionally, we will apply batch verification instead of individually verifying the reported data, which will improve the performance of the scheme.

Acknowledgments

This research project was supported by a grant from the Research Center of the Female Scientific and Medical Colleges, Deanship of Scientific Research, King Saud University.

Conflict of interest

All authors declare no conflicts of interest in this paper.

References

[1]	Schmid-Schonbein GW (2006) Analysis of inflammation. Annu Rev Biomed Eng 8: 93-131. doi: 10.1146/annurev.bioeng.8.061505.095708
[2]	Segel GB, Halterman MW, Lichtman MA (2011) The paradox of the neutrophil's role in tissue injury. J Leukoc Biol 89: 359-372. doi: 10.1189/jlb.0910538
[3]	Mazzoni MC, Schmid-Schonbein GW (1996) Mechanisms and consequences of cell activation in the microcirculation. Cardiovascular Research 32: 709-719. doi: 10.1016/0008-6363(96)00146-0
[4]	Harris AG, Skalak TC (1993) Effects of leukocyte activation on capillary hemodynamics in skeletal muscle. Am J Physiol 264: H909-916.
[5]	Helmke BP, Sugihara-Seki M, Skalak R, et al. (1998) A mechanism for erythrocyte-mediated elevation of apparent viscosity by leukocytes in vivo without adhesion to the endothelium. Biorheology 35: 437-448. doi: 10.1016/S0006-355X(99)80021-3
[6]	Aggarwal BB, Shishodia S, Sandur SK, et al. (2006) Inflammation and cancer: how hot is the link? Biochem Pharmacol 72: 1605-1621. doi: 10.1016/j.bcp.2006.06.029
[7]	Akter K, Lanza EA, Martin SA, et al. (2011) Diabetes mellitus and Alzheimer's disease: shared pathology and treatment? Br J Clin Pharmacol 71: 365-376. doi: 10.1111/j.1365-2125.2010.03830.x
[8]	Kim YM, Yamazaki I, Piette LH (1994) The effect of hemoglobin, hematin, and iron on neutrophil inactivation in superoxide generating systems. Arch Biochem Biophys 309: 308-314. doi: 10.1006/abbi.1994.1118
[9]	Miles K, Clarke DJ, Lu W, et al. (2009) Dying and necrotic neutrophils are anti-inflammatory secondary to the release of alpha-defensins. J Immunol 183: 2122-2132. doi: 10.4049/jimmunol.0804187
[10]	Noris M, Morigi M, Donadelli R, et al. (1995) Nitric oxide synthesis by cultured endothelial cells is modulated by flow conditions. Circ Res 76: 536-543 doi: 10.1161/01.RES.76.4.536
[11]	Tedgui A, Mallat Z (2001) Anti-inflammatory mechanisms in the vascular wall. Circ Res 88: 877-887. doi: 10.1161/hh0901.090440
[12]	Watanabe J, Lin JA, Narasimha AJ, et al. (2010) Novel anti-inflammatory functions for endothelial and myeloid cyclooxygenase-2 in a new mouse model of Crohn's disease. Am J Physiol Gastrointest Liver Physiol 298: G842-850. doi: 10.1152/ajpgi.00468.2009
[13]	Berk BC, Abe JI, Min W, et al. (2001) Endothelial atheroprotective and anti-inflammatory mechanisms. Ann N Y Acad Sci 947: 93-109.
[14]	Hsieh HJ, Liu CA, Huang B, et al. (2014) Shear-induced endothelial mechanotransduction: the interplay between reactive oxygen species (ROS) and nitric oxide (NO) and the pathophysiological implications. J Biomed Sci 21: 3. doi: 10.1186/1423-0127-21-3
[15]	Makino A, Glogauer M, Bokoch GM, et al. (2005) Control of neutrophil pseudopods by fluid shear: role of Rho family GTPases. Am J Physiol Cell Physiol 288: C863-871.
[16]	Shin HY, Zhang X, Makino A, et al. (2011) Mechanobiological Evidence for the Control of Neutrophil Activity by Fluid Shear Stress. In: Mechanobiology Handbook. CRC Press, 139-175.
[17]	Shin HY, Simon SI, Schmid-Schonbein GW (2008) Fluid shear-induced activation and cleavage of CD18 during pseudopod retraction by human neutrophils. J Cell Physiol 214: 528-536. doi: 10.1002/jcp.21235
[18]	Zhang X, Zhan D, Shin HY (2013) Integrin subtype-dependent CD18 cleavage under shear and its influence on leukocyte-platelet binding. J Leukoc Biol 93: 251-258. doi: 10.1189/jlb.0612302
[19]	Makino A, Prossnitz ER, Bunemann M, et al. (2006) G protein-coupled receptors serve as mechanosensors for fluid shear stress in neutrophils. Am J Physiol Cell Physiol 290: C1633-1639. doi: 10.1152/ajpcell.00576.2005
[20]	Mitchell MJ, King MR (2012) Shear-induced resistance to neutrophil activation via the formyl peptide receptor. Biophys J 102: 1804-1814. doi: 10.1016/j.bpj.2012.03.053
[21]	Papaioannou TG, Stefanadis C (2005) Vascular wall shear stress: basic principles and methods. Hellenic J Cardiol 46: 9-15.
[22]	Sheikh S, Rainger GE, Gale Z, et al. (2003) Exposure to fluid shear stress modulates the ability of endothelial cells to recruit neutrophils in response to tumor necrosis factor-alpha: a basis for local variations in vascular sensitivity to inflammation. Blood 102: 2828-2834. doi: 10.1182/blood-2003-01-0080
[23]	Stepp DW, Nishikawa Y, Chilian WM (1999) Regulation of shear stress in the canine coronary microcirculation. Circulation 100: 1555-1561 doi: 10.1161/01.CIR.100.14.1555
[24]	Koutsiaris AG, Tachmitzi SV, Batis N, et al. (2007) Volume flow and wall shear stress quantification in the human conjunctival capillaries and post-capillary venules in vivo. Biorheology 44: 375-386
[25]	Marki A, Esko JD, Pries AR, et al. (2015) Role of the endothelial surface layer in neutrophil recruitment. J Leukoc Biol.
[26]	Dewitz TS, McIntire LV, Martin RR, et al. (1979) Enzyme release and morphological changes in leukocytes induced by mechanical trauma. Blood Cells 5: 499-512
[27]	Zhelev DV, Alteraifi AM, Chodniewicz D (2004) Controlled pseudopod extension of human neutrophils stimulated with different chemoattractants. Biophys J 87: 688-695. doi: 10.1529/biophysj.103.036699
[28]	Coughlin MF, Schmid-Schonbein GW (2004) Pseudopod projection and cell spreading of passive leukocytes in response to fluid shear stress. Biophys J 87: 2035-2042. doi: 10.1529/biophysj.104.042192
[29]	Komai Y, Schmid-Schonbein GW (2005) De-activation of neutrophils in suspension by fluid shear stress: a requirement for erythrocytes. Ann Biomed Eng 33: 1375-1386. doi: 10.1007/s10439-005-6768-6
[30]	Fukuda S, Yasu T, Predescu DN, et al. (2000) Mechanisms for regulation of fluid shear stress response in circulating leukocytes. Circ Res 86: E13-18. doi: 10.1161/01.RES.86.1.e13
[31]	Moazzam F, DeLano FA, Zweifach BW, et al. (1997) The leukocyte response to fluid stress. Proc Natl Acad Sci U S A 94: 5338-5343. doi: 10.1073/pnas.94.10.5338
[32]	Shive MS, Salloum ML, Anderson JM (2000) Shear stress-induced apoptosis of adherent neutrophils: a mechanism for persistence of cardiovascular device infections. Proc Natl Acad Sci U S 97: 6710-6715. doi: 10.1073/pnas.110463197
[33]	Lee D, Schultz JB, Knauf PA, et al. (2007) Mechanical shedding of L-selectin from the neutrophil surface during rolling on sialyl Lewis x under flow. J Biol Chem 282: 4812-4820. doi: 10.1074/jbc.M609994200
[34]	Shive MS, Brodbeck WG, Anderson JM (2002) Activation of caspase 3 during shear stress-induced neutrophil apoptosis on biomaterials. J Biomed Mater Res 62: 163-168. doi: 10.1002/jbm.10225
[35]	Makino A, Shin HY, Komai Y, et al. (2007) Mechanotransduction in leukocyte activation: a review. Biorheology 44: 221-249.
[36]	Zhang X, Hurng J, Rateri DL, et al. (2011) Membrane cholesterol modulates the fluid shear stress response of polymorphonuclear leukocytes via its effects on membrane fluidity. Am J Physiol Cell Physiol 301: C451-460. doi: 10.1152/ajpcell.00458.2010
[37]	Akenhead ML, Zhang X, Shin HY (2014) Characterization of the shear stress regulation of CD18 surface expression by HL60-derived neutrophil-like cells. Biomech Model Mechanobiol 13: 861-870.
[38]	Sugihara-Seki M, Schmid-Schonbein GW (2003) The fluid shear stress distribution on the membrane of leukocytes in the microcirculation. J Biomech Eng 125: 628-638 doi: 10.1115/1.1611515
[39]	Conway DE, Breckenridge MT, Hinde E, et al. (2013) Fluid shear stress on endothelial cells modulates mechanical tension across VE-cadherin and PECAM-1. Curr Biol 23: 1024-1030. doi: 10.1016/j.cub.2013.04.049
[40]	Goldmann WH (2012) Mechanotransduction and focal adhesions. Cell Biol Int 36: 649-652. doi: 10.1042/CBI20120184
[41]	Kamm RD, Kaazempur-Mofrad MR (2004) On the molecular basis for mechanotransduction. Mech Chem Biosyst 1: 201-209
[42]	Lee SE, Kamm RD, Mofrad MR (2007) Force-induced activation of talin and its possible role in focal adhesion mechanotransduction. J Biomech 40: 2096-2106. doi: 10.1016/j.jbiomech.2007.04.006
[43]	Jannat RA, Robbins GP, Ricart BG, et al. (2010) Neutrophil adhesion and chemotaxis depend on substrate mechanics. J Phys Condens Matter 22: 194117. doi: 10.1088/0953-8984/22/19/194117
[44]	Fukuda S, Schmid-Schonbein GW (2003) Regulation of CD18 expression on neutrophils in response to fluid shear stress. Proc Natl Acad Sci U S A 100: 13152-13157. doi: 10.1073/pnas.2336130100
[45]	Su SS, Schmid-Schonbein GW (2008) Fluid stresses on the membrane of migrating leukocytes. Ann Biomed Eng 36: 298-307. doi: 10.1007/s10439-007-9406-7
[46]	Seely AJ, Pascual JL, Christou NV (2003) Science review: Cell membrane expression (connectivity) regulates neutrophil delivery, function and clearance. Crit Care 7: 291-307. doi: 10.1186/cc1853
[47]	Tarbell JM, Pahakis MY (2006) Mechanotransduction and the glycocalyx. J Intern Med 259: 339-350. doi: 10.1111/j.1365-2796.2006.01620.x
[48]	White CR, Frangos JA (2007) The shear stress of it all: the cell membrane and mechanochemical transduction. Philos Trans R Soc Lond B Biol Sci 362: 1459-1467. doi: 10.1098/rstb.2007.2128
[49]	Bodin S, Welch MD (2005) Plasma membrane organization is essential for balancing competing pseudopod- and uropod-promoting signals during neutrophil polarization and migration. Mol Biol Cell 16: 5773-5783. doi: 10.1091/mbc.E05-04-0358
[50]	Butler PJ, Norwich G, Weinbaum S, et al. (2001) Shear stress induces a time- and position-dependent increase in endothelial cell membrane fluidity. Am J Physiolp Cell Physiolp 280: C962-969.
[51]	Berlin RD, Fera JP (1977) Changes in membrane microviscosity associated with phagocytosis: effects of colchicine. Proc Natl Acad Sci U S A 74: 1072-1076. doi: 10.1073/pnas.74.3.1072
[52]	Wiles ME, Dykens JA, Wright CD (1994) Regulation of polymorphonuclear leukocyte membrane fluidity: effect of cytoskeletal modification. Journal of leukocyte biology 56: 192-199.
[53]	Tomonaga A, Hirota M, Snyderman R (1983) Effect of membrane fluidizers on the number and affinity of chemotactic factor receptors on human polymorphonuclear leukocytes. Microbiol Immunol 27: 961-972. doi: 10.1111/j.1348-0421.1983.tb00662.x
[54]	Yuli I, Tomonaga A, Synderman R (1982) Chemoattractant receptor functions in human polymorphonuclear leukocytes are divergently altered by membrane fluidizers. Proc Natl Acad Sci U S A 79: 5906-5910. doi: 10.1073/pnas.79.19.5906
[55]	Ferraro JT, Daneshmand M, Bizios R, et al. (2004) Depletion of plasma membrane cholesterol dampens hydrostatic pressure and shear stress-induced mechanotransduction pathways in osteoblast cultures. Am J Physiol Cell Physiol 286: C831-839. doi: 10.1152/ajpcell.00224.2003
[56]	Rizzo V, McIntosh DP, Oh P, et al. (1998) In situ flow activates endothelial nitric oxide synthase in luminal caveolae of endothelium with rapid caveolin dissociation and calmodulin association. J Biol Chem 273: 34724-34729. doi: 10.1074/jbc.273.52.34724
[57]	Rizzo V, Sung A, Oh P, et al. (1998) Rapid mechanotransduction in situ at the luminal cell surface of vascular endothelium and its caveolae. J Biol Chem 273: 26323-26329. doi: 10.1074/jbc.273.41.26323
[58]	Niggli V, Meszaros AV, Oppliger C, et al. (2004) Impact of cholesterol depletion on shape changes, actin reorganization, and signal transduction in neutrophil-like HL-60 cells. Exp Cell Res 296: 358-368. doi: 10.1016/j.yexcr.2004.02.015
[59]	Tuluc F, Meshki J, Kunapuli SP (2003) Membrane lipid microdomains differentially regulate intracellular signaling events in human neutrophils. Int Immunopharmacol 3: 1775-1790. doi: 10.1016/j.intimp.2003.08.002
[60]	Marwali MR, Rey-Ladino J, Dreolini L, et al. (2003) Membrane cholesterol regulates LFA-1 function and lipid raft heterogeneity. Blood 102: 215-222. doi: 10.1182/blood-2002-10-3195
[61]	Solomkin JS, Robinson CT, Cave CM, et al. (2007) Alterations in membrane cholesterol cause mobilization of lipid rafts from specific granules and prime human neutrophils for enhanced adherence-dependent oxidant production. Shock 28: 334-338. doi: 10.1097/shk.0b013e318047b893
[62]	Cattaruzza M, Dimigen C, Ehrenreich H, et al. (2000) Stretch-induced endothelin B receptor-mediated apoptosis in vascular smooth muscle cells. FASEB J 14: 991-998.
[63]	Chachisvilis M, Zhang YL, Frangos JA (2006) G protein-coupled receptors sense fluid shear stress in endothelial cells. Proc Natl Acad Sci U S A 103: 15463-15468. doi: 10.1073/pnas.0607224103
[64]	Yasuda N, Miura S, Akazawa H, et al. (2008) Conformational switch of angiotensin II type 1 receptor underlying mechanical stress-induced activation. EMBO Rep 9: 179-186. doi: 10.1038/sj.embor.7401157
[65]	Zhang YL, Frangos JA, Chachisvilis M (2009) Mechanical stimulus alters conformation of type 1 parathyroid hormone receptor in bone cells. Am J Physiol Cell Physiol 296: C1391-1399. doi: 10.1152/ajpcell.00549.2008
[66]	Zou Y, Akazawa H, Qin Y, et al. (2004) Mechanical stress activates angiotensin II type 1 receptor without the involvement of angiotensin II. Nat Cell Biol 6: 499-506. doi: 10.1038/ncb1137
[67]	Chen KD, Li YS, Kim M, et al. (1999) Mechanotransduction in response to shear stress. Roles of receptor tyrosine kinases, integrins, and Shc. J Biol Chem 274: 18393-18400.
[68]	Iwasaki H, Eguchi S, Ueno H, et al. (2000) Mechanical stretch stimulates growth of vascular smooth muscle cells via epidermal growth factor receptor. Am J Physiol Heart Circ Physiol 278: H521-529.
[69]	Jin ZG, Ueba H, Tanimoto T, et al. (2003) Ligand-independent activation of vascular endothelial growth factor receptor 2 by fluid shear stress regulates activation of endothelial nitric oxide synthase. Circ Res 93: 354-363. doi: 10.1161/01.RES.0000089257.94002.96
[70]	Lee HJ, Koh GY (2003) Shear stress activates Tie2 receptor tyrosine kinase in human endothelial cells. Biochem Biophys Res Commun 304: 399-404. doi: 10.1016/S0006-291X(03)00592-8
[71]	Milkiewicz M, Doyle JL, Fudalewski T, et al. (2007) HIF-1alpha and HIF-2alpha play a central role in stretch-induced but not shear-stress-induced angiogenesis in rat skeletal muscle. J Physiol 583: 753-766. doi: 10.1113/jphysiol.2007.136325
[72]	Palumbo R, Gaetano C, Melillo G, et al. (2000) Shear stress downregulation of platelet-derived growth factor receptor-beta and matrix metalloprotease-2 is associated with inhibition of smooth muscle cell invasion and migration. Circulation 102: 225-230. doi: 10.1161/01.CIR.102.2.225
[73]	Shay-Salit A, Shushy M, Wolfovitz E, et al. (2002) VEGF receptor 2 and the adherens junction as a mechanical transducer in vascular endothelial cells. Proc Natl Acad Sci U S A 99: 9462-9467. doi: 10.1073/pnas.142224299
[74]	Gu CX, Juranka PF, Morris CE (2001) Stretch-activation and stretch-inactivation of Shaker-IR, a voltage-gated K+ channel. Biophys J 80: 2678-2693. doi: 10.1016/S0006-3495(01)76237-6
[75]	Maingret F, Patel AJ, Lesage F, et al. (1999) Mechano- or acid stimulation, two interactive modes of activation of the TREK-1 potassium channel. J Biol Chem 274: 26691-26696 doi: 10.1074/jbc.274.38.26691
[76]	Tarbell JM, Weinbaum S, Kamm RD (2005) Cellular fluid mechanics and mechanotransduction. Ann Biomed Eng 33: 1719-1723. doi: 10.1007/s10439-005-8775-z
[77]	Haugh MG, Vaughan TJ, McNamara LM (2015) The role of integrin alpha(V)beta(3) in osteocyte mechanotransduction. J Mech Behav Biomed Mater 42: 67-75. doi: 10.1016/j.jmbbm.2014.11.001
[78]	Teravainen TP, Myllymaki SM, Friedrichs J, et al. (2013) alphaV-integrins are required for mechanotransduction in MDCK epithelial cells. PloS one 8: e71485. doi: 10.1371/journal.pone.0071485
[79]	Watabe H, Furuhama T, Tani-Ishii N, et al. (2011) Mechanotransduction activates alpha(5)beta(1) integrin and PI3K/Akt signaling pathways in mandibular osteoblasts. Exp Cell Res 317: 2642-2649. doi: 10.1016/j.yexcr.2011.07.015
[80]	Gudi S, Nolan JP, Frangos JA (1998) Modulation of GTPase activity of G proteins by fluid shear stress and phospholipid composition. Proc Natl Acad Sci U S A 95: 2515-2519. doi: 10.1073/pnas.95.5.2515
[81]	Gudi SR, Clark CB, Frangos JA (1996) Fluid flow rapidly activates G proteins in human endothelial cells. Involvement of G proteins in mechanochemical signal transduction. Circ Res 79: 834-839.
[82]	Migeotte I, Communi D, Parmentier M (2006) Formyl peptide receptors: a promiscuous subfamily of G protein-coupled receptors controlling immune responses. Cytokine Growth Factor Rev 17: 501-519. doi: 10.1016/j.cytogfr.2006.09.009
[83]	Gerisch G, Keller HU (1981) Chemotactic reorientation of granulocytes stimulated with micropipettes containing fMet-Leu-Phe. J Cell Sci 52: 1-10.
[84]	Welch MD, Mallavarapu A, Rosenblatt J, et al. (1997) Actin dynamics in vivo. Curr Opin Cell Biol 9: 54-61. doi: 10.1016/S0955-0674(97)80152-4
[85]	Hall A (1994) Small GTP-binding proteins and the regulation of the actin cytoskeleton. Ann Rev Cell Biol 10: 31-54. doi: 10.1146/annurev.cb.10.110194.000335
[86]	Ridley AJ (2001) Rho family proteins: coordinating cell responses. Trends Cell Biol 11: 471-477. doi: 10.1016/S0962-8924(01)02153-5
[87]	Chen AY, DeLano FA, Valdez SR, et al. (2010) Receptor cleavage reduces the fluid shear response in neutrophils of the spontaneously hypertensive rat. Am J Physiol Cell Physiol 299: C1441-1449. doi: 10.1152/ajpcell.00157.2010
[88]	Su SS, Schmid-Schonbein GW (2010) Internalization of Formyl Peptide Receptor in Leukocytes Subject to Fluid Stresses. Cell Mol Bioeng 3: 20-29. doi: 10.1007/s12195-010-0111-5
[89]	Mazzone A, Ricevuti G (1995) Leukocyte CD11/CD18 integrins: biological and clinical relevance. Haematologica 80: 161-175.
[90]	Root RK (1990) Leukocyte adhesion proteins: their role in neutrophil function. Trans Am Clin Climatol Assoc 101: 207-224; discussion 224-206.
[91]	Diacovo TG, Roth SJ, Buccola JM, et al. (1996) Neutrophil rolling, arrest, and transmigration across activated, surface-adherent platelets via sequential action of P-selectin and the beta 2-integrin CD11b/CD18. Blood 88: 146-157.
[92]	Hentzen ER, Neelamegham S, Kansas GS, et al. (2000) Sequential binding of CD11a/CD18 and CD11b/CD18 defines neutrophil capture and stable adhesion to intercellular adhesion molecule-1. Blood 95: 911-920.
[93]	Paszkowiak JJ, Dardik A (2003) Arterial wall shear stress: observations from the bench to the bedside. Vascular Endovascular Surgery 37: 47-57. doi: 10.1177/153857440303700107
[94]	Shyy JY, Chien S (2002) Role of integrins in endothelial mechanosensing of shear stress. Circ Res 91: 769-775. doi: 10.1161/01.RES.0000038487.19924.18
[95]	Tzima E, Irani-Tehrani M, Kiosses WB, et al. (2005) A mechanosensory complex that mediates the endothelial cell response to fluid shear stress. Nature 437: 426-431. doi: 10.1038/nature03952
[96]	Lipowsky HH (2005) Microvascular rheology and hemodynamics. Microcirculation 12: 5-15. doi: 10.1080/10739680590894966
[97]	Pohlman TH, Harlan JM (2000) Adaptive responses of the endothelium to stress. J Surg Res 89: 85-119. doi: 10.1006/jsre.1999.5801
[98]	Butler PJ, Tsou TC, Li JY, et al. (2002) Rate sensitivity of shear-induced changes in the lateral diffusion of endothelial cell membrane lipids: a role for membrane perturbation in shear-induced MAPK activation. FASEB J 16: 216-218.
[99]	Haidekker MA, L'Heureux N, Frangos JA (2000) Fluid shear stress increases membrane fluidity in endothelial cells: a study with DCVJ fluorescence. Am J Physiol Heart Circ Physiol 278: H1401-1406.
[100]	Friedland JC, Lee MH, Boettiger D (2009) Mechanically activated integrin switch controls alpha5beta1 function. Science 323: 642-644. doi: 10.1126/science.1168441
[101]	Puklin-Faucher E, Gao M, Schulten K, et al. (2006) How the headpiece hinge angle is opened: New insights into the dynamics of integrin activation. J Cell Biol 175: 349-360. doi: 10.1083/jcb.200602071
[102]	Marschel P, Schmid-Schonbein GW (2002) Control of fluid shear response in circulating leukocytes by integrins. Ann Biomed Eng 30: 333-343. doi: 10.1114/1.1475342
[103]	McCleverty CJ, Liddington RC (2003) Engineered allosteric mutants of the integrin alphaMbeta2 I domain: structural and functional studies. Biochem J 372: 121-127.
[104]	Luo BH, Karanicolas J, Harmacek LD, et al. (2009) Rationally designed integrin beta3 mutants stabilized in the high affinity conformation. J Biol Chem 284: 3917-3924. doi: 10.1074/jbc.M806312200
[105]	Lenaz G (1987) Lipid fluidity and membrane protein dynamics. Biosci Rep 7: 823-837. doi: 10.1007/BF01119473
[106]	Ben-Bassat H, Polliak A, Rosenbaum SM, et al. (1977) Fluidity of membrane lipids and lateral mobility of concanavalin A receptors in the cell surface of normal lymphocytes and lymphocytes from patients with malignant lymphomas and leukemias. Cancer Res 37: 1307-1312.
[107]	Yeagle PL (1991) Modulation of membrane function by cholesterol. Biochimie 73: 1303-1310. doi: 10.1016/0300-9084(91)90093-G
[108]	Chabanel A, Flamm M, Sung KL, et al. (1983) Influence of cholesterol content on red cell membrane viscoelasticity and fluidity. Biophys J 44: 171-176. doi: 10.1016/S0006-3495(83)84288-X
[109]	Cooper RA (1978) Influence of increased membrane cholesterol on membrane fluidity and cell function in human red blood cells. J Supramol Struct 8: 413-430. doi: 10.1002/jss.400080404
[110]	Khatibzadeh N, Spector AA, Brownell WE, et al. (2013) Effects of plasma membrane cholesterol level and cytoskeleton F-actin on cell protrusion mechanics. PloS one 8: e57147. doi: 10.1371/journal.pone.0057147
[111]	Pierini LM, Eddy RJ, Fuortes M, et al. (2003) Membrane lipid organization is critical for human neutrophil polarization. J Biol Chem 278: 10831-10841. doi: 10.1074/jbc.M212386200
[112]	Park H, Go YM, St John PL, et al. (1998) Plasma membrane cholesterol is a key molecule in shear stress-dependent activation of extracellular signal-regulated kinase. J Biol Chem 273: 32304-32311. doi: 10.1074/jbc.273.48.32304
[113]	Shen K, DeLano FA, Zweifach BW, et al. (1995) Circulating leukocyte counts, activation, and degranulation in Dahl hypertensive rats. Circ Res 76: 276-283. doi: 10.1161/01.RES.76.2.276
[114]	Tatsukawa Y, Hsu WL, Yamada M, et al. (2008) White blood cell count, especially neutrophil count, as a predictor of hypertension in a Japanese population. Hypertens Res 31: 1391-1397. doi: 10.1291/hypres.31.1391
[115]	Fukuda S, Yasu T, Kobayashi N, et al. (2004) Contribution of fluid shear response in leukocytes to hemodynamic resistance in the spontaneously hypertensive rat. Circ Res 95: 100-108. doi: 10.1161/01.RES.0000133677.77465.38
[116]	Zhang X, Cheng R, Rowe D, et al. (2014) Shear-sensitive regulation of neutrophil flow behavior and its potential impact on microvascular blood flow dysregulation in hypercholesterolemia. Arterioscler Thromb Vasc Biol 34: 587-593.

This article has been cited by:

Tianhong Zhang, Zejun Lan, Xianming Gao, Jianfeng Guan, 2022, Chapter 10, 978-981-16-9575-9, 122, 10.1007/978-981-16-9576-6_10

Reader Comments

Your name:*

Email:*
© 2015 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)

通讯作者: 陈斌, bchen63@163.com

1.
沈阳化工大学材料科学与工程学院沈阳 110142

AIMS Biophysics

1.1 2.4

Metrics

Article views(6416) PDF downloads(1052) Cited by(0)

Preview PDF

Download XML

Export Citation

Article outline

Show full outline

Figures and Tables

Figures(1) / Tables(2)

AIMS Biophysics

The Contribution of Cell Surface Components to the Neutrophil Mechanosensitivity to Shear Stresses

Related Papers:

Abstract

1. Introduction

2. Background

2.1. Security and privacy challenges

2.2. Essential requirements for privacy preservation in an e-health cloud

3. Related work

4. Preliminaries

4.1. Bilinear pairing

4.2. Complexity assumptions

4.3. Differential privacy

4.4. YASHE

4.5. Homomorphic MAC function

4.6. Hash function

5. Proposed approach

5.1. System Model

5.2. A novel fault-tolerant privacy-preserving cloud-based data aggregation scheme for lightweight health data

6. Security analysis

6.1. Data privacy

6.2. Differential privacy

6.3. Data integrity

6.4. Robustness

6.5. Correctness of the verification process

7. Performance analysis

7.1. Cost of key generation

7.2. Cost of encryption

7.3. Low aggregation error

8. Conclusions and future work

Acknowledgments

Conflict of interest

References

This article has been cited by:

Reader Comments

通讯作者: 陈斌, bchen63@163.com

Metrics

Figures and Tables

Other Articles By Authors

Catalog

AIMS Biophysics

The Contribution of Cell Surface Components to the Neutrophil Mechanosensitivity to Shear Stresses

Related Papers:

Abstract

1. Introduction

2. Background

2.1. Security and privacy challenges

2.2. Essential requirements for privacy preservation in an e-health cloud

3. Related work

4. Preliminaries

4.1. Bilinear pairing

4.2. Complexity assumptions

4.3. Differential privacy

4.4. YASHE

4.5. Homomorphic MAC function

4.6. Hash function

5. Proposed approach

5.1. System Model

5.2. A novel fault-tolerant privacy-preserving cloud-based data aggregation scheme for lightweight health data

6. Security analysis

6.1. Data privacy

6.2. Differential privacy

6.3. Data integrity

6.4. Robustness

6.5. Correctness of the verification process

7. Performance analysis

7.1. Cost of key generation

7.2. Cost of encryption

7.3. Low aggregation error

8. Conclusions and future work

Acknowledgments

Conflict of interest

References

This article has been cited by:

Reader Comments

通讯作者: 陈斌, bchen63@163.com

Metrics

Figures and Tables

Other Articles By Authors

Related pages

Tools

Export File

Citation

Format

Content

Catalog