gms | German Medical Science

Wearable devices produce a large quantity of health-related data. Local health repositories contain information on vital parameters such as biosignals, movement patterns, behavioral characteristics, and environmental features. Statistics on these data can provide valuable insights for knowledge discovery in the healthcare industry and associated research. However, data privacy is an important and controversial issue. It motivates the development of a concept for securely aggregating massively distributed mobile health data.

Secure multi-party computation gained significant attention since its beginnings in the late 1970s when the first protocol for the trustful play of mental poker was published [1]. A recent article introduces a communication-efficient and failure-robust protocol to securely aggregate high-dimensional data, primarily designed for federated learning [2]. The protocol proves security even in an active-adversarial environment and is resistant to user dropouts. Notably, large tech companies deploy technologies such as secure aggregation and differential privacy to learn from users to improve their products, e.g., providing more appropriate keyboard query suggestions [3].

??????A secure aggregation framework for mobile health applications (SAFMA) allows third parties to collect data from an arbitrary number of devices while ensuring privacy. The framework's core is based on the protocol above [2] and designed to compute the sum and mean of distributed tensors. The tensors' generic structure allows the aggregation of high-dimensional data, such as heart rate histograms. The system must include a server-side dashboard with authenticated access to dynamically create requests and obtain the respective aggregated results. The non-functional requirements include that the system scales with the number of users and shows robustness towards unilateral discontinuation. Further, optimized network communication ensures minimal overhead on the client-side, including billing costs and bandwidth blocking. The components must be lightweight to ensure the system's integrability.

The implementation of SAFMA follows a client-server architectural pattern. It accepts aggregation requests from authenticated users and forwards them to its clients using the Firebase Cloud Messaging service. Clients resolve the data path and arguments included in the request and respond to the server to initiate the protocol. The communication between the server and clients occurs via the HTTP protocol. Due to the protocols procedure, the aggregation process takes place over multiple rounds, each corresponding to one request by the clients. The framework labels clients who failed to complete a round within a configurable time limit as dropped out. The code's programming language is Java for the client module and Python for the server module. The framework is open-source and accessible via https://github.com/benstrobel/SAFMA.

The system can aggregate values while preserving privacy and integrates easily with mobile applications. Current limitations include the scalability beyond 256 clients and the vulnerability to adversarial entities. Latter requires additional consideration to prevent bypassing the data privacy through an entity that controls both the server and the clients' data source. The restrictions in the scalability of the framework can be resolved by replacing the lightweight implementation of the Shamir's Secret Sharing [4] and introducing pagination to cope with memory requirements when processing large amounts of participating clients.

The authors declare that they have no competing interests.

The authors declare that an ethics committee vote is not required.