This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
on Selected Areas in Communications
P2DCA: A Privacy-Preserving based Data
Collection and Analysis Framework for IoMT
Applications
Muhammad Usman, Member, IEEE, Mian Ahmad Jan,∗ , Member, IEEE, Xiangjian He,∗ , Senior Member, IEEE
and Jinjun Chen,∗ , Senior Member, IEEE
Abstract—The concept of Internet of Multimedia Things
(IoMT) is becoming popular nowadays and can be used in various
smart city applications, e.g., traffic management, healthcare, and
surveillance. In the IoMT, devices, e.g., Multimedia Sensor Nodes
(MSNs) are capable of generating both multimedia and non-
multimedia data. The generated data are forwarded to a cloud
server via a Base Station (BS). However, it is possible that the
Internet connection between the BS and cloud server may be
temporarily down. The limited computational resources restrict
the MSNs from holding the captured data for a longer time.
In this situation, mobile sinks can be utilized to collect data
from MSNs and upload to the cloud server. However, this data
collection may create privacy issues, e.g., revealing identities
and location information of MSNs. Therefore, there is a need
to preserve the privacy of MSNs during mobile data collection.
In this paper, we propose an efficient Privacy-Preserving based
Data Collection and Analysis (P2DCA) framework for IoMT
applications. The proposed framework partitions an underlying
wireless multimedia sensor network into multiple clusters. Each
cluster is represented by a Cluster Head (CH). The CHs are
responsible to protect the privacy of member MSNs through
data and location coordinates aggregation. Later, aggregated
multimedia data are analyzed on the cloud server using a counter-
propagation artificial neural network to extract meaningful
information through segmentation. Experimental results show
that the proposed framework outperforms the existing privacy-
preserving schemes, and can be used to collect multimedia data
in various IoMT applications.
Index Terms—IoMT, MSNs, privacy, aggregation, clusters,
counter-propagation artificial neural network.
I. I NTRODUCTION
R ECENT developments in the electronic industry have
enabled sensing devices to capture high-resolution multi-
media data, and transformed the concept of Internet of Things
(IoT) into Internet of Multimedia Things (IoMT). The most
common example of these devices is Multimedia Sensor Nodes
(MSNs). The MSNs form a network known as a Wireless
Multimedia Sensor Network (WMSN). In the WMSN, cap-
tured multimedia data are forwarded to a nearby Base Station
A * indicates the corresponding author.
Muhammad Usman and Jinjun Chen are with the Department of Computer
Science and Software Engineering, Swinburne University of Technology, Aus-
tralia. (E-mail: muhammad.usmanskk@gmail.com, jinjun.chen@gmail.com)
Xiangjian He is with the Global Big Data Technologies Center (GBDTC),
School of Electrical and Data Engineering, University of Technology Sydney,
Australia. (E-mail: xiangjian.he@uts.edu.au)
Mian Ahmad Jan is with the Department of Computer Science, Abdul Wali
Khan University Mardan, Pakistan (E-mail: mianjan@awkum.edu.pk)
This paper research is partially supported by Australian Research Council
projects of DP170100136 and LP140100816.
0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
1
(BS) to perform computationally complex tasks and offload
processed data to a cloud server. The BS is connected to
the cloud server through a high-speed Internet connection.
However, it is possible that the BS is unable to upload
processed multimedia data to the cloud server due to technical
problems in the underlying telecommunication network. In this
particular situation, mobile sinks can be utilized to collect
data from nominated MSNs, known as Cluster Heads (CHs),
and forward to the cloud server. However, the involvement
of mobile sinks for data collection in the IoMT may put the
privacy of original data sources, e.g., MSNs, at risk.
In the recent years, general data protection regulation law
and the California consumer privacy act have addressed the
privacy issues for the export of personal data [1], [2]. The
term privacy is a subjective concept and can have differ-
ent illustrations. In this paper, we consider the scenario of
IoMT where the end-devices are continuously capturing and
uploading the multimedia data. These devices can be a part of
different sensitive applications, e.g., surveillance, healthcare,
and transportation management, and need to be protected from
various security and privacy threats. Preserving the privacy
of these devices is highly important and if it gets compro-
mised, an intruder can use and manipulate these devices for
malicious purposes. The IoMT applications, e.g., surveillance,
healthcare, and transportation management, generate sensitive
multimedia data that need to be uploaded on urgent bases for
quick actions. To avoid the end-to-end delay, mobile sinks can
be utilized to upload the collected data to cloud servers. In the
mobile data collection scenario, the credibility of mobile sinks
becomes a challenging task if they are anonymous. Even if the
mobile sinks are registered devices, still there are chances that
the privacy of IoMT devices may be compromised through
malicious applications running on mobile sinks. Identities
(IDs) and location information of member MSNs can easily
be determined by analyzing the shared data. If the MSNs
are compromised, an attacker can not only manipulate the
forwarded data to generate misleading results, but also can
gain access to and control the underlying network. Therefore,
protecting the privacy of MSNs becomes an important and
pivotal security concern in the IoMT applications.
The concept of differential privacy was introduced when
the data and their sources were available to a global audience
through cloud computing platforms. However, in recent years,
the computing resources have been distributed on a local
level through edge, fog, and cluster computing to address
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
on Selected Areas in Communications
issues like latency and end-to-end delay. Furthermore, due
to technological growth in the electronic industry, end-user
devices are now powerful enough and can participate in
different computing tasks, e.g., mobile computing in IoT and
IoMT. This participation puts the privacy of end-devices at
risk, and as a result, a new term called Local Differential
Privacy (LDP) has been introduced. The purpose of LDP
is to protect the privacy of data and their sources from
an end-user’s perspective. In recent years, many privacy-
preserving techniques based on popular machine learning
algorithms, e.g., k-nearest neighbor, support vector machine,
and artificial neural network, were proposed to protect location
information of participating devices [3]. In these techniques,
naive approaches are used to hide sensitive information of
participating devices and release non-sensitive data. However,
the act of protecting the sensitive information can still infer
the hidden information. An adversary can easily determine
a temporal correlation between actions and situations and
make the aforementioned privacy-preserving approaches fail.
Furthermore, applying complex machine learning algorithms
on resource-constrained devices is not an optimal solution.
This problem can easily be solved by using simple privacy-
preserving techniques on participating devices during data
collection, and utilizing complex machine learning algorithms
on cloud platforms for further analysis.
In this paper, we propose a Privacy-Preserving based Data
Collection and Analysis (P2DCA) framework for IoMT ap-
plications. The proposed framework offers LDP services to
protect the privacy of end-devices in a way that if malicious
users manage to hack the transmitted data, they should not be
able to locate the actual sources of data. This framework can
be useful for various multimedia data generating applications
of IoMT, e.g., surveillance, healthcare, and transportation
management. The proposed framework operates in two phases.
In the first phase, a WMSN is partitioned into multiple clusters
and CHs are selected to collect data from member MSNs.
Secondly, the mobile sinks are registered with the BS before
collecting data from CHs. Data and location information are
aggregated at CHs to preserve the privacy of member MSNs.
This scenario can be considered as a special case of local
differential privacy. In the second phase, the mobile sinks
forward the collected data to the cloud server. Once received,
a Counter-Propagation Artificial Neural Network (CP-ANN)
is applied to segment foreground and background regions. To
the best of our knowledge, there is no existing framework for
the IoMT paradigm to preserve the privacy of member MSNs
using data and location aggregation and analyze the aggregated
data on the cloud servers, using a machine learning technique.
Major contributions of the proposed framework are as follows.
• A lightweight handshaking mechanism is applied to parti-
tion the WMSN into multiple clusters. These clusters are
represented by CHs. In each round of simulation, new
CHs are selected, based on their current energy levels.
The CHs are responsible for various activities, such as
nodes’ authentication, data collection and aggregation,
and sharing the aggregated data with the mobile sinks.
A similar handshaking mechanism is used to register the
0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
2
mobile sinks with the BS.
•A lightweight aggregation technique is applied by CHs
to the received multimedia data and location information.
The aggregation helps in protecting the sensitive informa-
tion of member MSNs, such as angular position, location
information, and IDs. If the sensitive information leaks,
an adversary can easily identify the exact location of a
data source by penetrating the network and cause serious
malfunctioning activities.
• A CP-ANN is used at the cloud server to process the
aggregated data, and segment the foreground and back-
ground regions for extracting meaningful information,
e.g., tracking the moving objects and identifying the
malicious activities. The aggregated data are compressed
on mobile sinks using a video coding technique before
forwarding to the cloud server. Experimental results show
that our proposed framework is still able to extract the
required information from compressed data.
The rest of this paper is structured as follows. Section
II provides the literature review on efforts made in recent
years. The proposed framework is explained in Section III.
Experimental setup and simulation results are discussed in
Section IV. Finally, the paper is concluded in Section V.
II. L ITERATURE R EVIEW
We distribute this section into two subsections. Both sub-
sections discuss various privacy-preserving techniques. In the
first subsection, we provide an overview of privacy-preserving
techniques based on random methodologies. In the second
subsection, the focus is on privacy-preserving techniques based
on machine learning algorithms.
A. Privacy-Preserving Using Random Methodologies
A survey on security and privacy-related issues in vehic-
ular ad-hoc networks was presented in [4]. In this survey,
various methods addressing security and privacy challenges
in vehicular devices are reviewed and explained to detect and
revoke malicious nodes. A survey on existing authentication
and privacy-preserving schemes to secure 4G and 5G cellular
networks was presented in [5]. In this survey, various schemes
are discussed and analyzed from the perspective of four
different types of attacks, i.e., privacy, integrity, availability,
and authentication. Surveys presented in [4], [5] highlight
various security and privacy challenges for mobile devices that
can be used to collect data from different devices. However,
a discussion from IoT and IoMT perspectives is missing in
these surveys.
A fusion of IoT, big data, and cloud storage was presented
to preserve the privacy of sensory data collected from e-health
systems in [6], [7]. In this work, IoT-related group keys are
used to authenticate medical nodes and encrypt messages in a
batch processing style to minimize the computational time. An
advanced framework for opportunistic routing in delay-tolerant
networks was proposed in [8]. In this framework, the main
focus is to protect the confidentiality of nodes and perform
anonymous authentication using a pairwise communication. A
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
privacy-preserving sensory data collection scheme was pro-
posed in [9]. In this scheme, the location privacy is preserved
through a tree-based diversionary routing and a proxy re-
encryption technique is used for preserve the privacy at the
network edge. Approaches presented in [6]–[9] are based on
cryptography-based solutions and may not be feasible for real-
time IoMT applications.
B. Privacy-Preserving Using Machine Learning Methodolo-
gies
In recent years, many machine learning techniques are
used in the networking domain to offer various services,
such as providing security and privacy [10]–[12]. Distributed
machine learning algorithms, based on an alternating direc-
tion method of multipliers, were proposed to preserve the
privacy of a network in [13]. In these algorithms, dual and
primal variable perturbations are used to provide dynamic
differential privacy. A privacy-preserving machine learning
based collaborative intrusion detection system for vehicular
ad-hoc networks was proposed in [14]. In this system, an
alternating direction method of multipliers and a dual-variable
perturbation are used to train a classifier to detect intruders and
provide dynamic differential privacy, respectively. A privacy-
preserving technique based on sparse representation for cloud-
enabled mobile applications was proposed in [15]. In this
technique, the privacy of data contributors and application
users is protected in the presence of an untrusted cloud server.
Schemes presented in [13]–[15] are able to stand against
various types of privacy attacks, however, these schemes are
not feasible for real-time IoMT applications.
III. P RIVACY-P RESERVING - BASED DATA C OLLECTION
AND A NALYSIS
In this section, we explain our proposed P2DCA framework
for IoMT applications. A block diagram of our proposed
framework is shown in Fig. 1. The proposed framework not
only protects the location privacy of member MSNs using
data and location information aggregation but at the same
time, is capable to analyze multimedia data using the CP-
ANN to extract meaningful information at the cloud server.
The aggregation is required to ensure that no one can locate
the data sources in the WMSN. The P2DCA framework is
divided into two phases, i.e., location privacy protection and
data analysis. In the following subsections, these phases are
explained in detail.
Multimedia Sensor
Cloud Multimedia Mobile Sinks
Servers
Fig. 1: Proposed P2DCA Framework
0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
on Selected Areas in Communications
3
A. Location Privacy Protection
In the P2DCA framework, the WMSN is partitioned into
multiple clusters. Each cluster consists of at least l member
MSNs, out of which only one is selected as a CH. The selected
CHs collect data from member MSNs and forward to the BS.
The BS is responsible to perform computationally complex
tasks and forward the processed data to the cloud server. In
the P2DCA framework, we use mobile sinks to collect data
from CHs and forward to the cloud server. Notations used in
this phase are illustrated in Table I. The operation performed
in this phase are summarized in the following subsections.
Notation Description
x, y coordinates of a node
e Energy of an MSN
E Average energy threshold
d Shortest distance
µ Session key
R Request for registration
γ1 , γ2 Mapping functions
ϑ Challenge
∆ Time-stamp
δ Authentication value
Hr , Hs Histograms
S Similarity value
θ, Θ Information loss
TABLE I: Notations of Location Privacy Protection
1) Information Sharing: In each round of simulation, the
MSNs forward their information, e.g., ID (i.e., i where i ∈
{1, 2, · · · , I}), location coordinates (i.e., (xi , yi )), and current
energy level (i.e., ei ) to the BS. Upon reception, the BS
extracts all embedded information, stores it in its database, and
computes the average energy threshold (i.e., E). The average
energy threshold is computed using the following equation.
I
X ei
E= . (1)
i=1
I
After computing the value of E, it is compared with the
energies of all MSNs. The MSNs having energy levels equal
to or greater than the average energy threshold are eligible to
be selected as CHs. There may be a situation in a specific
simulation round where multiple MSNs may have the same
energy levels. In this situation, the selection is done based
on very minor differences in the shared energy levels and
can go up to four decimal places. It is also possible that
some eligible MSNs may have the same energy levels. In this
specific scenario, those MSNs are given priority that were not
BS selected as CHs in the past four rounds of simulation.
2) Cluster Formation: After finalizing the CHs, the BS
MSN
Wireless
broadcasts a message in the WMSN field. This message
CH
contains the IDs (i.e., j, where j ∈ {1, 2, · · · , J} and J ⊂ I)
Network
and location coordinates (i.e., (xj , yj )) of selected CHs. The
BS also shares the IDs and location coordinates of the MSNs
with the selected CHs. Upon reception, following operations
are performed by CHs, 1) retrieving and storing IDs and
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
location coordinates of MSNs, 2) sending an acknowledgment
message back to the BS to confirm the successful arrival
of the information, and 3) advertising themselves to their
neighboring MSNs by sharing their current energy levels. It is
possible that an MSN may receive invitations from multiple
CHs. In this situation, the MSN associates itself with the CH
having the shortest distance and maximum energy level, after
verifying its ID from the list forwarded by the BS. The shortest
distance (i.e., d) measurement is estimated using the following
equation.
p Upon receiving the ϑ, the mobile sink decrypts and retrieves
d= (x − xi )2 − (y − yi )2 .
It is possible that there are multiple CHs fulfilling the
shortest distance criteria. In this situation, the join-request
is sent to all the shortlisted CHs. Upon approval, the MSN
associates itself with the one who replies first. This joining
process is based on a mutual authentication scheme which is
explained in our previous works published in [16]–[18].
3) Mobile Sink Registration: In the cluster-based com-
munication, the CHs are responsible to collect data from
member MSNs and forward to the BS for further processing.
In the P2DCA framework, we are assuming that the Internet
connection between the BS and cloud server is temporarily
down, and the BS is unable to upload the processed data to
the cloud server. In this situation, the mobile sinks are used to
collect data from CHs and upload to the cloud server. However,
it is important to register the mobile sinks with the BS.
As shown in Fig. 2, the registration with the BS is a four-
step process. In the first step, a mobile sink (i.e., m where
m ∈ {1, 2, · · · , M }) generates a session key (i.e., µm ) and a
random integer (i.e., a where a ∈ Z), and use them to create
an encrypted registration request (i.e., Rm ) as shown in the
following equation.
Rm = AES{m, (γ1 (a ⊕ µm ))}.
Here, the messages are encrypted using AES-128 and γ1 is
a mapping function used to perform one-way secure hashing
with a value within the range [0 1].
Registration Request
Encrypted Challenge
Encrypted Response
Cluster Heads Database
Base Station
Fig. 2: Mobile Sink Registration
Upon receiving the Rm , the BS decrypts and retrieves
the embedded values, and generates an encrypted challenge
(i.e., ϑ) using the following equation and forwards it to the
requesting mobile sink.
∆m = γ2 (m ⊕ γ1 (b ⊕ a)),
0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
on Selected Areas in Communications
4
δm = γ2 (m ⊕ γ1 (c ⊕ µm )), (4b)
ϑ = AES{∆m , δm }, (4c)
where γ2 is a hashing function used to perform a map to
point hashing operation with a value within the range [0 1],
∆m is a time-stamp, δm is an authentication value, and b and
c are random integers, where {b, c} ∈ Z. The time-stamp
represents the total amount of time that a mobile sink can
spend in the underlying WMSN and the authentication value
is used to create a response.
(2) the embedded values to create a response (i.e., Rm ) using the
following equation and forwards it to the BS.
Rm = AES{∆m , (c || γ1 (b ⊕ µm ))}. (5)
Upon receiving the Rm , the BS verifies the identity by
retrieving the forwarded time-stamps and embedded random
integers. After verification, the following operations are per-
formed by the BS, 1) sharing of time-stamps with all CHs and
2) forwarding the information of selected CHs to the registered
mobile sinks.
4) Coordinates Aggregation: In real-world scenarios, the
MSNs within a cluster usually focus on the same scene but at
different angles. As a result, the same information is captured
and transmitted that consumes the computational resources
and network bandwidth. Applying aggregation on captured
data may produce different results as compared to the original
data, however, it cannot be considered as a significant loss.
The aggregated data make it harder to estimate the exact
angle at which the data are captured. As a result, the actual
source of data cannot be located and the privacy of individual
sources is preserved. Furthermore, the data aggregation helps
in efficiently utilizing the available storage space at CHs and
the bandwidth during data transmission.
(3) In the P2DCA framework, the CHs apply similarity-based
data aggregation to minimize data redundancy and preserve
the privacy of member MSNs. A video is a combination
of multiple frames. The videos are usually transmitted as a
group of frames. Before transmission, complex video coding
algorithms are applied to reduce the size of a video by
discarding the redundant information in video frames. In
the P2DCA framework, videos captured by CHs are used
as standard data. On the other hand, videos from member
MSNs within the same cluster are considered as redundant
data and are compared with the standard data as shown in
Fig. 3. To find the similarity, the comparison is performed on
a frame-by-frame basis. Each video frame is partitioned into
Mobile Sink multiple blocks of equal size, i.e., 64 × 64. The blocks in a
video frame from the redundant data are compared against the
blocks of a corresponding video frame from the standard data.
This comparison is performed using a histogram normalization
technique. If the normalized histograms of blocks from the
redundant and standard video frames are represented by Hr
and Hs , respectively, then the similarity value (i.e., S) can be
computed using the following equation.
 
Hs
(4a) S = Hs × log2 . (6)
Hr
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
on Selected Areas in Communications
5

In traditional privacy-preserving frameworks based on local

differential privacy, some noise is usually added to data to
protect the privacy of data sources. However, the addition of
Redundant Video Frames
noise may increase the size of data, especially in the case
of multimedia data. Therefore, it cannot be considered an
ideal solution to preserve the privacy in scenarios containing
multimedia data, low-energy nodes, and limited bandwidth. In
the P2DCA framework, we apply aggregation to original data
Standard Video Frames
to preserve the privacy of member MSNs in the underlying
WMSN. This aggregation can be considered as noise, as it
modifies the original data. Due to the aggregation of data and
location coordinates, the compromised mobile sinks cannot
determine the actual data and location coordinates of member
Fig. 3: Similarity-based Data Aggregation
MSNs.
The computed similarity value is compared against a pre-
defined threshold S, where S ∈ (Smin , Smax ). If S < S, then B. Data Analysis
the block is considered dissimilar, otherwise, it is considered After receiving the multimedia data from CHs, the mobile
similar. If at least 25% blocks are found dissimilar, then it is sinks upload them to a cloud server. However, prior to the
assumed that the video frame from redundant data contains upload, the multimedia data need to be encoded to meet the
important information and needs to be transmitted. available bandwidth requirement between the mobile sinks
The location coordinates are also aggregated to preserve the and cloud server. For encoding, we apply scalable video
privacy of member MSNs. Such an aggregation of data and encoding to generate video bitstreams with variable bit-rates.
location coordinates help in preserving the privacy of member The aggregated videos encoded in the scalable style make it a
MSNs, based on the k-anonymity rule. Due to this aggregation, challenging task for the data analysis applications on the cloud
the destination, i.e., a mobile sink in this case, assumes that the servers to perform the segmentation and detection of moving
data are coming from a single entity rather than k nodes. The objects. To detect moving objects with a maximum accuracy,
CHs aggregate the location coordinates by computing a mean we use a CP-ANN on the cloud server. The CP-ANN is a
value of location coordinates of member MSNs. Later, the three-layer architecture where the first layer is an input layer,
aggregated multimedia data along with the aggregated location the second layer is a Kohonen layer, and the third layer is a
coordinates are shared with the mobile sinks. Grossberg layer. These layers are distributed into two modules,
Although the aggregation of data and location coordinate i.e., Background Generation Module (BGM) for training, and
help in preserving the privacy of member MSNs, an informa- Object Extraction Module (OEM) for extracting objects. In the
tion loss may also occur. To ensure a minimum information CP-ANN, neurons from one layer are connected to the neurons
loss during data aggregation, we assume that all member of the next layer in a sequence. Due to an unsupervised
MSNs in a cluster are located within close proximity. This learning style, each neuron in the Kohonen layer characterizes
assumption can be verified for each member MSN, using the the input patterns based on a winner-takes-all rule. A winning
following equation. neuron is selected based on the longest distance between the
L
input and Kohonen layers. For each category, the Grossberg
X layer produces an output. Based on this working style, the
θ= (xl − x̂l )2 + (yl − yˆl )2 , (7a)
BGM can predict properties of the incoming video bitstreams
l=1
by exploiting various properties of pixels in each video frame.
L  PL 2 PL 2
X g=1 xg

g=1 yg Notations used in this phase are illustrated in Table II. In the
θ= xl − + yl − following subsections, we explain the modules of the CP-ANN
L L
l=1 in detail.
L PL L PL (7b)
X ( g=1 xg )2 X ( g=1 yg )2 1) Background Generation Module: A video frame is repre-
= xl 2 − + yl 2 − , sented by one luminance (i.e., Y ) and two chroma (i.e., Cb and
L L
l=1 l=1
Cr ) components. If a pixel from a video frame is represented
F
X by p(x, y) and the luminance and chroma components are the
Θ= θf , (7c) input patterns of the input layer, then the distance (i.e., Ψ) of
f =1 a neuron (i.e., n) between the input and Kohonen layers can
be computed using the following equation.
where L represents the total number of MSNs in a cluster
and L ⊂ I, (xl , yl ) are coordinates of an MSN, (x̂l , yˆl ) is the p
(pc − v)2
mean value of location coordinates of an entire cluster, θ is Ψn = pP 1 ≤ n ≤ N, (8)
the information loss per cluster, and Θ is the total information (pc )2
loss of an entire network. where pc represents p(x, y)’s component value in Y Cb Cr
In Eq. 7a-7c, small values of θ and Θ mean a low color space and v represents the current weight of the cor-
information loss, when the aggregation is applied to data. responding neuron in the Kohonen layer.

0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
Notation Description
p Pixel
Y Luminance
Cb , C r Chroma components
Ψ Distance between neurons
v Current weight of neurons
T Empirical tolerance
h Learning rate
w Weight between neurons
b Background pixel
B Block of pixels
TABLE II: Notations of Data Analysis
A winner neuron is selected based on a maximum distance
described by the following equation.
Ψmax = max Ψn .
n=1,2,··· ,N
To declare a neuron as the winner neuron, an empirical
tolerance (i.e., T ) is used for comparison as shown in the
following equation.
( not require jumping from one pixel location to another and
winner, if Ψmax < T
n=
loser, otherwise
Once the winner neuron is selected, weights around its
position in the Kohonen layer are adjusted using the following
equation.
v̂ = v + h(pc − v),
where v̂ represents the newly adjusted weight and h is the
learning rate set to 0.01 in the P2DCA framework.
The neurons between the Kohonen and Grossberg layers are
connected on a one-on-one basis, therefore, weight (i.e., w)
between these two layers is set to 1 to maintain the character-
istics of each neuron. This entire unsupervised strategy helps
to determine characteristics of each video bitstream, where the
characteristics are distributed into the neurons of the Kohonen
layer. The distribution in this module helps in identifying
moving objects and background regions in the incoming video
bitstreams.
2) Object Extraction Module: After determining the re-
lationship between neurons in the input layer and Kohonen
layers and deciding the winner neuron in the Kohonen layer,
next step is to compute the output for the Grossberg layer. If
the winner neuron exists in the Kohonen layer, then the output
of the Grossberg layer is set to 1. If no winner neuron exists,
then the similarity between a pixel and a neuron is determined
through a Gaussian function. If the similarity exists, then there
is a high probability that a pixel belongs to the background
region in a video frame, and is treated as a background
pixel (i.e., b(x, y)). This Gaussian function based similarity
estimation is used to estimate the output of the Grossberg
layer and is computed using the following equation.
0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
on Selected Areas in Communications
6
(
1, if Ψmin < T
b(x, y) = PN
. (12)
−( n=1 pc −v)
w.e T2 , otherwise
Unlike Eq. 10, empirical tolerance in Eq. 12 is based on the
minimum value of Ψ. A small value of T in Eq. 10 generates
new neurons in the Kohonen layer. On the other hand in Eq.
12, it generates a gradual Gaussian curve in the Grossberg
layer. To avoid misjudgment of background pixels, we set a
low value (e.g., T = 0.12) in the P2DCA framework.
During data analysis, the video frame is partitioned into
multiple square-shaped blocks of equal size, i.e., 64 × 64.
It is uncommon that there will always be abnormal activi-
ties happening in real-time scenarios. Furthermore, a video
sequence consists of multiple frames and it is unlikely that
there will always be very rapid motions in the consecutive
video frames. Sizes like 2 × 2, 4 × 4, 8 × 8, 16 × 16, and
(9) 32 × 32 can be adopted for an in-depth analysis when there
is a very rapid motion in the captured videos or when some
intermediate video frames are lost during transmission [19]. As
far as the shape of the block is concerned, the square shape
is the optimum one as compared to other complex shapes like
hexagonal shape. Furthermore, it covers more area and does
changing of axis information. In each block, the CP-ANN
. (10) architecture is applied to each pixel to determine how many
pixels belong to the background region. This entire procedure
can be represented by the following equation.
( P
0, if b(x, y) > 256
Bq = , (13)
1, otherwise
(11) where B represents a block of pixels and q represents the
block number, where q ∈ {1, 2, · · · , Q}. Here, a 0 indicates
that most of the pixels in a block belong to the background
region and B is classified as the background region block. On
the other hand, a 1 means that the block belongs to a moving
object.
IV. E XPERIMENTAL S ETUP AND S IMULATION R ESULTS
In this section, we compare the performance of the P2DCA
framework with the existing privacy-preserving schemes, i.e.,
SLICER with Transfer on Meet Up (SLICER-TMU), Minimal
Cost Transfer (SLICER-MCT), and Simple Exchanging (SE)
[20], [21]. For a performance comparison, we consider six
different metrics, i.e., computational overhead, communication
overhead, data freshness, packet delivery ratio, reconstruction
ratio, and segmentation accuracy.
During simulation, we build a WMSN of 500 MSNs out
of which only 5% are selected as CHs. This network is setup
in Matlab 2017a. Transmission range of each MSN is set to
100m. Mobile sinks are continuously moving with a constant
speed based on a random way-point mobility model [22].
In the P2DCA framework, we introduce an extra task for
CHs, i.e., data and location coordinates aggregation. Unlike lo-
cation coordinates aggregation, data aggregation is a computa-
tionally intense task and requires availability of computational
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
on Selected Areas in Communications
7

resources. The computational overhead metric represents the

total amount of time required to aggregate data at CHs along-
side performing other tasks. As shown in Fig. 4, the P2DCA 500

Communication Overhead (MB)

framework shows a better performance as compared to the 400
SLICER-TMU and SLICER-MCT schemes. In the SE scheme,
300
no aggregation is applied to multimedia data, therefore, it
shows less computational overhead. At the start of simulations, 200
SE
the existing schemes and P2DCA framework show similar SLICER-MCT
100
results. However, the computational overhead remains higher SLICER-TMU
P2DCA
in the SLICER-TMU and SLICER-MCT schemes with an 0
increase in data transmitting MSNs. We use a lightweight 0 50 100 150 200 250
Total Number of Nodes
mutual handshaking mechanism to verify the identities of
newly joining MSNs. To further reduce the computational load
Fig. 5: Communication Overhead
on CHs, registration of mobile sinks is performed at the BS.
Once registered, the CHs receive information about registered
mobile sinks from the BS. These features are missing in the of 150 minutes. The P2DCA framework achieves a higher
targeted schemes. percentage of data freshness and sustains itself against the
replay attacks. Unlike the P2DCA framework, the SLICER-
TMU and SLICER-MCT schemes experience a significant
decrease in the data freshness after 45 minute of the network
3500
deployment. The SE scheme, on the other hand, experiences
Computational Overhead (ms)

3000
a significant drop of 7.5% after the initial 20 minutes of the
2500
network deployment.
2000

1500

1000 SE
SLICER-MCT
500 SLICER-TMU 100
SE
P2DCA
0 98 SLICER-MCT
SLICER-TMU
0 20 40 60 80 100 120 140 160 180 200
Data Freshness (%)

P2DCA
Size of Multimedia Data (MB) 96

94
Fig. 4: Computational Overhead
92

90
A comparison based on the communication overhead is pro-
88
vided in Fig. 5. This comparison represents the total amount of
0 30 60 90 120
data transmitted from CHs to the cloud server via mobile sinks. Total Time (Minutes)
As shown in this figure, the communication overhead of the
P2DCA framework is lower than other schemes in the presence Fig. 6: Data Freshness
of an increasing number of data transmitting MSNs. Unlike
the targeted schemes, the P2DCA framework uses efficient In Fig. 7, the packet delivery ratio of the P2DCA framework
data and location aggregation techniques which reduce the is compared against the existing schemes for a varying number
amount of data to be transmitted. Multimedia data coming of malicious nodes. The average packet delivery ratio for the
from the same geographical region mostly contain repetitive P2DCA framework is 95.56%, the SLICER-TMU scheme is
information. Furthermore, the mobile sinks and MSNs operate 92.23%, the SLICER-MCT scheme is 85.31%, and the SE
in open environments with limited available bandwidth. Pro- scheme is 74.1%. Unlike the P2DCA framework, the existing
cessing and transmission of redundant multimedia data require schemes experience a significant drop in the packet delivery
extra computational resources and bandwidth, respectively, and ratio as the number of malicious nodes increases. In general,
are not feasible for resource-constrained devices. this metric is associated with the verification process at CHs.
The data freshness is evaluated in Fig. 6. The data freshness During the verification process, the malicious nodes that are
metric indicates the resilience of a scheme against various unnoticed, acquire time division multiple access slots from
attacks, especially the replay attack. In this figure, the mali- CHs and broadcast their malicious/fabricated data packets to
cious nodes are the ones that somehow manage to infiltrate the the BS. As a result, the legitimate nodes are unable to transmit
proposed framework by registering with the BS. We evaluated their data and ultimately start dropping data packets due to
the P2DCA framework for data freshness against the existing buffer overloading.
schemes in the presence of 10 malicious nodes. The average A comparison based on the reconstruction ratio is shown in
data freshness of the P2DCA framework is 97.09%, the Fig. 8. The reconstruction ratio represents the percentage of
SLICER-TMU scheme is 96.3%, the SLICER-MCT scheme multimedia data successfully reconstructed by the cloud server.
is 95.5%, and the SE scheme is 92.01%, over a period As shown in this figure, the P2DCA framework shows a better

0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
on Selected Areas in Communications
8

formance analysis, we use the following metrics, i.e., True-

Positive (TP), False-Positive (FP), False-Negative (FN), and
1 F-measure. These are standard metrics used to measure the
accuracy of binary segmentation. To compute the average
Packet Delivery Ratio (%)

0.8
performance, we use the following mathematical expressions.
0.6
#TP
0.4 Recall (Re) = ,
SE
#TP + #FN
0.2 SLICER-MCT #TP
SLICER-TMU Precision (Pr) = , (14)
0
P2DCA #TP + #FP
0 10 20 30 40 50 60 70 80 90 100 2 × Pr × Re
Total Number of Malicious Nodes F-measure = ,
Pr + Re
Fig. 7: Packet Delivery Ratio where, #TP, #FN and #FP represent the total number of TP,
FN, and FP, respectively.
In a quantitative evaluation, based on Re, Pr, and F-
performance in the presence of a packet-drop ratio of 5%. measure metrics, a high score means a better performance.
Unlike the targeted schemes, the P2DCA framework transmits An overall quantitative comparison is summarized in Table
a small amount of data. In the presence of packet-drop, missing III. As shown in the table, better results in terms of average
data packets are recovered either by retransmission or applying recall and average precision are obtained for the multimedia
an error concealment technique [23]–[25]. The recovery of data processed through the P2DCA framework as compared to
data packets may introduce excessive delays and increase the multimedia data processed through the targeted schemes.
network load due to retransmission of data packets. As a In the SHVC-based encoding, compression of videos means
result, the cloud server needs to wait until all the data packets loss of information and introduction of visual artifacts in
are successfully arrived prior to starting the segmentation videos. As the data analysis phase of the P2DCA framework
process. In real-time IoMT applications, such as surveillance, is running at the cloud server, it is important to know that the
healthcare, and transportation management, quick actions need background and foreground segmentation are performed on
to be taken. Due to heavy multimedia data transmission and compressed aggregated videos. Despite this fact, the overall
processing delay, the targeted schemes may not be feasible for accuracy of the P2DCA framework on video sequences with
real-time IoMT applications. moving objects is still better than the existing schemes as
shown in the last column representing the average F-measure.
Due to the absence of aggregation in the SE scheme, extensive
compression is applied to reduce the size of multimedia
100 data before transmission. High compression and packet-drop
together make it difficult for the cloud server to extract
Reconstruction Ratio (%)

80
meaningful information from the received multimedia data.
60 As a result, this scheme lags behind the P2DCA framework.
40
SE Method Average Re Average Pr Average F-Measure
SLICER-MCT
20 SLICER-TMU 0.7666 0.7643 0.7627
SLICER-TMU
P2DCA SLICER-MCT 0.7873 0.7973 0.7751
0
0 50 100 150 200 250
SE 0.7951 0.8451 0.806
Total Number of Malicious Nodes
P2DCA 0.8151 0.8784 0.8339
Fig. 8: Reconstruction Ratio
TABLE III: Quantitative Comparison
In real-world scenarios, multimedia data are always com-
pressed before transmission. In our experiments, videos are
encoded using the Scalable High-efficiency Video Coding V. C ONCLUSION
(SHVC) standard. Here, we assume that MSNs are fixed nodes. In this paper, we have proposed a privacy-preserving-based
Therefore, the selected test video sequences contain moving data collection and analysis framework, called P2DCA for
objects with static backgrounds. Once the multimedia data IoMT applications. This framework is designed to collect mul-
are successfully arrived at the cloud server, the segmentation timedia data using mobile sinks from WMSNs. In the P2DCA
task is performed to extract meaningful information, e.g., framework, the underlying WMSN is partitioned into multiple
tracking moving objects. We compare the performance of the small clusters. Before sharing data with mobile sinks, both
P2DCA framework against the targeted schemes in terms of data and location coordinates are aggregated on CHs to hide
segmentation accuracy. The segmentation accuracy represents data sources (i.e., member MSNs) from mobile sinks. After
the percentage of successful segmentation and reconstruction receiving the data from mobile sinks, the cloud server performs
of meaningful information from reconstructed data. For per- an analysis using a CP-ANN to segment received videos into

0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JSAC.2019.2904349, IEEE Journal
on Selected Areas in Communications
foreground and background regions to track moving objects.
Simulation results have shown that the P2DCA framework
performs better as compared to the existing schemes in terms
of preserving the privacy of member MSNs and segmenting
the received data. Regarding future work, we are planning to
use the simulation results produced in this paper as a base
to perform further enhancements in the P2DCA framework to
protect the privacy of visual contents in captured videos.
R EFERENCES
[1] G. D. P. Regulation, “Regulation (eu) 2016/679 of the european parlia-
ment and of the council of 27 april 2016 on the protection of natural
persons with regard to the processing of personal data and on the free
movement of such data, and repealing directive 95/46,” Official Journal
of the European Union (OJ), vol. 59, no. 1-88, p. 294, 2016.
[2] C. Legislature, “California consumer privacy act,” 2018. [Online].
Available: https://www.caprivacy.org/
[3] K. Ota, M. S. Dao, V. Mezaris, and F. G. De Natale, “Deep learning
for mobile multimedia: A survey,” ACM Transactions on Multimedia
Computing, Communications, and Applications (TOMM), vol. 13, no. 3s,
p. 34, 2017.
[4] F. Qu, Z. Wu, F.-Y. Wang, and W. Cho, “A security and privacy review
of vanets,” IEEE Transactions on Intelligent Transportation Systems,
vol. 16, no. 6, pp. 2985–2996, 2015.
[5] M. A. Ferrag, L. Maglaras, A. Argyriou, D. Kosmanos, and H. Jan-
icke, “Security for 4g and 5g cellular networks: A survey of existing
authentication and privacy-preserving schemes,” Journal of Network and
Computer Applications, 2017.
[6] E. Luo, M. Z. A. Bhuiyan, G. Wang, M. A. Rahman, J. Wu, and
M. Atiquzzaman, “Privacyprotector: Privacy-protected patient data col-
lection in iot-based healthcare systems,” IEEE Communications Maga-
zine, vol. 56, no. 2, pp. 163–168, 2018.
[7] H. Tao, M. Z. A. Bhuiyan, A. N. Abdalla, M. M. Hassan, J. M. Zain,
and T. Hayajneh, “Secured data collection with hardware-based ciphers
for iot-based healthcare,” IEEE Internet of Things Journal, 2018.
[8] J. Long, A. Liu, M. Dong, and Z. Li, “An energy-efficient and sink-
location privacy enhanced scheme for wsns through ring based routing,”
Journal of parallel and Distributed computing, vol. 81, pp. 47–65, 2015.
[9] J. Long, M. Dong, K. Ota, and A. Liu, “Achieving source location pri-
vacy and network lifetime maximization through tree-based diversionary
routing in wireless sensor networks,” IEEE Access, vol. 2, pp. 633–651,
2014.
[10] S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi,
R. Khayami, K.-K. R. Choo, and D. E. Newton, “Drthis: Deep ran-
somware threat hunting and intelligence system at the fog layer,” Future
Generation Computer Systems, vol. 90, pp. 94–104, 2019.
[11] S. A. Miraftabzadeh, P. Rad, K.-K. R. Choo, and M. Jamshidi, “A
privacy-aware architecture at the edge for autonomous real-time identity
reidentification in crowds,” IEEE Internet of Things Journal, vol. 5,
no. 4, pp. 2936–2946, 2018.
[12] H. HaddadPajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo,
“A deep recurrent neural network based approach for internet of things
malware threat hunting,” Future Generation Computer Systems, vol. 85,
pp. 88–96, 2018.
[13] T. Zhang and Q. Zhu, “Dynamic differential privacy for admm-based
distributed classification learning,” IEEE Transactions on Information
Forensics and Security, vol. 12, no. 1, pp. 172–187, 2017.
[14] ——, “Distributed privacy-preserving collaborative intrusion detection
systems for vanets,” IEEE Transactions on Signal and Information
Processing over Networks, 2018.
[15] Y. Shen, C. Luo, D. Yin, H. Wen, R. Daniela, and W. Hu, “Privacy-
preserving sparse representation classification in cloud-enabled mobile
applications,” Computer Networks, vol. 133, pp. 59–72, 2018.
[16] M. Usman, M. A. Jan, X. He, and P. Nanda, “Data sharing in secure
multimedia wireless sensor networks,” in Trustcom/BigDataSE/I SPA,
2016 IEEE. IEEE, 2016, pp. 590–597.
[17] M. Usman, N. Yang, M. A. Jan, X. He, M. Xu, and K.-M. Lam, “A
joint framework for qos and qoe for video transmission over wireless
multimedia sensor networks,” IEEE Transactions on Mobile Computing,
vol. 17, no. 4, pp. 746–759, 2018.
[18] M. Usman, M. A. Jan, X. He, and J. Chen, “A mobile multimedia data
collection scheme for secured wireless multimedia sensor networks,”
IEEE Transactions on Network Science and Engineering, 2018.
0733-8716 (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
9
[19] H. Zhang, A. Kankanhalli, and S. W. Smoliar, “Automatic partitioning of
full-motion video,” Multimedia systems, vol. 1, no. 1, pp. 10–28, 1993.
[20] F. Qiu, F. Wu, and G. Chen, “Privacy and quality preserving multimedia
data aggregation for participatory sensing systems,” IEEE Transactions
on Mobile Computing, vol. 14, no. 6, pp. 1287–1300, 2015.
[21] D. Christin, J. Guillemet, A. Reinhardt, M. Hollick, and S. S. Kanhere,
“Privacy-preserving collaborative path hiding for participatory sensing
applications,” in Mobile Adhoc and Sensor Systems (MASS), 2011 IEEE
8th International Conference on. IEEE, 2011, pp. 341–350.
[22] C. Bettstetter, G. Resta, and P. Santi, “The node distribution of the
random waypoint mobility model for wireless ad hoc networks,” IEEE
Transactions on mobile computing, vol. 2, no. 3, pp. 257–269, 2003.
[23] M. Usman, X. He, M. Xu, and K. M. Lam, “Survey of error concealment
techniques: Research directions and open issues,” in Picture Coding
Symposium (PCS), 2015. IEEE, 2015, pp. 233–238.
[24] M. Usman, X. He, K.-M. Lam, M. Xu, S. M. M. Bokhari, and J. Chen,
“Frame interpolation for cloud-based mobile video streaming.” IEEE
Trans. Multimedia, vol. 18, no. 5, pp. 831–839, 2016.
[25] M. Usman, X. He, K. K. Lam, M. Xu, J. Chen, S. M. M. Bokhari,
and M. A. Jan, “Error concealment for cloud-based and scalable video
coding of hd videos,” IEEE Transactions on Cloud Computing, 2017.
Muhammad Usman received a Ph.D. in Computer
Systems from the School of Electrical and Data
Engineering, University of Technology Sydney, Aus-
tralia, in 2017. Currently, he is working as a Postdoc
Research Assistant in the Department of Computer
Science and Software Engineering, Swinburne Uni-
versity of Technology, Australia. He has published
his research work in many well-known international
journals and conferences. His research interests in-
clude multimedia processing and communication,
security and privacy in communication networks,
Internet of Things, Internet of Multimedia Things, and error concealment
techniques.
Mian Ahmad Jan is an Assistant Professor in the
Department of Computer Science, Abdul Wali Khan
University Mardan, Pakistan. He holds a Ph.D. in
Computer Systems from the University of Technol-
ogy Sydney, Australia. He has published his research
work in many well-known international journals and
conferences. His research interests include cluster-
based hierarchical routing protocols, congestion de-
tection, mitigation, and intrusion and malicious at-
tack detection in wireless sensor networks, Internet
and web of things.
Xiangjian He received a Ph.D. in Computing Sci-
ences from the University of Technology, Sydney,
Australia, in 1999. He is currently a professor and
the director of Computer Vision and Pattern Recog-
nition Laboratory at the University of Technology,
Sydney. He has received many competitive national
and regional grants. He has published his research
work in many well-known international journals and
conferences. His research interests include image
processing, computer vision, and pattern recognition.
Jinjun Chen is a professor from Faculty of Sci-
ence, Engineering and IT, Swinburne University of
Technology, Australia. He holds a PhD in Computer
Science and Software Engineering (2007) from the
Swinburne University of Technology, Melbourne,
Australia. His research interests include cloud com-
puting, big data, and data intensive systems. He
has published more than 130 papers in high quality
journals and conferences.