Energy-efficient dynamic homomorphic security scheme for fog computing in IoT networks

doi:10.1016/j.jisa.2021.102768

Journal of Information Security and Applications

Volume 58, May 2021, 102768

https://doi.org/10.1016/j.jisa.2021.102768 Get rights and content

Abstract

Recently, there is an exponential increase in the multimedia and other data over the Internet of Things (IoT). This data is generally send to the cloud for processing and storage. The fog layer in-between readily bridges communication among the IoT devices and the cloud. It delivers services efficiently by computing and analyzing various multimedia information generated by the IoT devices residing on the sensors. However, provision of effective security and energy are critical challenges. The purpose of this work is to enhance the secure transfer of information like multimedia. This scheme uses Message Queue Telemetry Transport (MQTT) protocol over SSL/TLS. Since MQTT is vulnerable to eavesdropping, the Elliptic curve-ElGamal cryptography algorithm is introduced which lends a homomorphic factor thereby mitigating man-in-the-middle attack. The dynamic key change and proportional offloading of data as proposed in the current research work helps to preserve node energy by selectively transferring data to the cloud and the fog according to the data topic. The results depict that the system security and lifetime can be improved in comparison to the existing protocols.

Introduction

In the recent years, IoT has been evolved to a paradigm which makes it possible to interconnect the physical objects and humans in smart cities/homes etc. This has been possible due to the advancement in various communication and networking technologies [1]. Moreover, multimedia IoT systems have taken a greater leap, and have been widely used in surveillance,industrial automation [2], [3], etc. Although IoT offers numerous benefits, it also faces challenges in this field. The four biggest issues looming this sector are privacy [4], [5], [6], cybersecurity [7], [8], energy consumption [9], [10] and efficient routing protocols [11], [12].

To address these issues, cloud computing has been introduced in IoT, and data is transferred to this platform for analysis and processing. The concept of device-to-device(D2D) communication-aided fog computing [13] has evolved recently. It authenticates proximal devices without the use of a centralized server. It has also proved fruitful in coping with security and privacy issues [14]. To deal with latency and bandwidth issues in the cloud, fog computing and mobile edge computing (MEC) paradigms have emerged in the recent years. This work introduces a similar hierarchical architecture with intermediate fog layer, as shown in Fig. 1, depicting the flow of information. The fog layer acts as a gateway by filtering the data, processing it and sending the heavier computations to the cloud layer. In this scheme, the data is divided according to MQTT topics [15]. If the message topic needs fewer computations, it is directed to the fog nodes else it is offloaded to the cloud data centers for heavier computations. The major contributions and issues this work resolves are as follows:

•
Firstly, Proportional data offloading is proposed in this work which decreases energy consumption, a major concern of an IoT framework.
•
Secondly, this work aims to increase security by using hybrid asymmetric cryptography algorithm namely ECC-ElGamal, a homomorphic encryption [16] technique. Elliptic Curve Digital Signature Algorithm (ECDSA) is implemented in the application layer to maintain proof of identities and data integrity.
•
Dynamic Key Change is implemented to mitigate eavesdropping and man-in-the-middle (MITM) attacks. The dynamic key change helps to conserve system energy and protects the system from the security attacks by using different curves based on the node energy level.
•
The simulation has been performed in this environment and the results depict that the proposed algorithm improvises the energy consumption and enhances security.

The dynamic key change and proportional offloading of the data are the main context parameters that are related to node battery and security. Thus, the framework is designed to maintain confidentiality, security and integrity in the system.

The three-tier fog computing system as shown in Fig. 2 comprises the following three entities: the cloud data centers, the fog server, and the sensor/actuator module with inter and cross-layer communication. The heterogeneous data from the sensor devices reach a central gateway or the base station which processes the data before sending it to the remote servers through MQTT.

The remainder of the paper gives an insight into the proposed framework and methodologies used. In Section 2, various security and energy related literature is reviewed. In Section 2.3, motivation and contributions of the work are discussed. Section 3, discusses the different parameters used in our work. In Section 4, the proposed work is introduced which includes the system model, followed by the security algorithm under which dynamic key change according to node battery and homomorphic encryption is discussed. In Section 5, security and energy analysis proves that with the right selection of parameters, power consumption can be substantially improved and it can mitigate security issues such as MITM attacks. In Section 6, the performance of the proposed system is evaluated. Finally, conclusions are drawn and future scope of this work is discussed in Section 7.

Section snippets

Literature review

Rapid innovations in IoT has lead to advanced deployment of things in communication network. Under this section, related works achieved various goals in security and energy conservation with respect to fog computing and homomorphic encryption are reviewed.

Key elements and parameters

The underlying fog computing architecture is an energy-efficient system to enable proportional offloading which allows smooth functioning of the entities and consumes less power. The parameters such as MQTT topics, dynamic key change, and elliptic curves help the model consume less power and make it more secure. All these parameters are discussed in detail below.

Proposed scheme

In the IoT technology, security and energy consumption are the two most important concerns as researched in [4], [10]. This work uses ECC–ElGamal encryption algorithm with proportional offloading and dynamic key change to mitigate security attacks like MITM and eavesdropping and renders faster computation.

ElGamal Encryption algorithm is well suited for the IoT devices, however, it runs slow. To complement speed and the security issues of the ElGamal algorithm, integration of ECC and ElGamal

Performance analysis

In this section, security and robustness of the proposed system under varied attacks is analyzed and then energy aspect of the proposed system is evaluated.

Simulation results and evaluation

The proposed fog based IoT framework is implemented in the configuration as shown in Fig. 2. Mobile phones with an android environment may be used as user devices. Since communication security protocol SSL/TLS is not extended to the MQTT broker, a novel security algorithm is proposed to resist attacks on the system. The security algorithm may be tested on a Windows-7 2 GB RAM Laptop on Visual Studio in Python. The configuration details are summarized in Table 2. It uses tinyec and registry

Conclusions

This work proposes a new energy-efficient IoT security system where sensor devices and fog nodes share information using a secure MQTT protocol. The scheme proposes proportional offloading where IoT devices offload data to the fog nodes and/or the cloud centers according to computational power required by message packets in order to effectively use energy. The MQTT payloads are encrypted using ECC–ElGamal which is a homomorphic encryption technique. It helps in mitigating data tampering and

CRediT authorship contribution statement

Sejal Gupta: Methodology, Software, Writing - original draft. Ritu Garg: Conceptualization, Supervision. Nitin Gupta: Writing - review & editing, Supervision. Waleed S. Alnumay: Conceptualization, Formal analysis. Uttam Ghosh: Conceptualization, Writing - review & editing. Pradip Kumar Sharma: Conceptualization, Formal analysis, Writing - review & editing.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgments

The work is funded by Researchers Supporting Project grant number (RSP-2020/250), King Saud University, Riyadh, Saudi Arabia .

References (34)

YaqoobI. et al.
Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges
Future Gener Comput Syst
(2019)
GheisariM. et al.
A context-aware privacy-preserving method for IoT-based smart city using software defined networking
Comput Secur
(2019)
FurfaroA. et al.
Using virtual environments for the assessment of cybersecurity issues in IoT scenarios
Simul Model Pract Theory
(2017)
AirehrourD. et al.
Secure routing for internet of things: A survey
J Netw Comput Appl
(2016)
GopeP.
Laap: Lightweight anonymous authentication protocol for d2d-aided fog computing paradigm
Comput Secur
(2019)
De RangoF. et al.
Energy-aware dynamic internet of things security system based on elliptic curve cryptography and message queue telemetry transport protocol for mitigating replay attacks
Pervasive Mob Comput
(2020)
ShenX. et al.
A privacy-preserving data aggregation scheme for dynamic groups in fog computing
Inform Sci
(2020)
LongC. et al.
Edge computing framework for cooperative video processing in multimedia iot systems
IEEE Trans Multimed
(2017)
TanwarS. et al.
Multimedia big data computing for IoT applications
(Early Access, 2020)
BasirR. et al.
Fog computing enabling industrial internet of things: State-of-the-art and research challenges
Sensors
(2019)

HayatO. et al.

A survey on security and privacy challenges in device discovery for next-generation systems

IEEE Access

(2020)

SrivastavaS. et al.

A survey on mobile agent based intrusion detection system

MukherjeeM. et al.

Security and privacy in fog computing: Challenges

IEEE Access

(2017)

KapoorC. et al.

A survey on energy efficient routing for delay minimization in iot networks

KambleA. et al.

Security attacks and secure routing protocols in RPL-based internet of things: Survey

GopeP. et al.

Anonymous communications for secure device-to-device-aided fog computing: architecture, challenges, and solutions

IEEE Consum Electron Mag

(2019)

PuY. et al.

Two secure privacy-preserving data aggregation schemes for IoT

Wirel Commun Mob Comput

(2019)

Cited by (30)

D4GW: DTLS for gateway multiplexed application to secure MQTT(SN)-based pub/sub architecture
2024, Internet of Things (Netherlands)
MQTT-SN a pub/sub application layer protocol is a well-established protocol in the Internet of Things (IoT) paradigm. MQTT-SN gateway application is available as an open-source contribution. Since the gateway receives unencrypted UDP traffic from sensor nodes and translates it to MQTT packets to be forwarded to the MQTT Broker, the first hop always remains vulnerable to potential cyber–physical attacks. This paper identifies potential threats to the current MQTT-SN gateway and provides security while remaining concurrent. We propose a secure gateway application, SecGW, that achieves concurrency while remaining as robust to vulnerabilities as a single BIOS. The performance of SecGW is evaluated by measuring system scalability, resilience, processing delay, and consumed power through the analysis of payload transactions and their types. The evaluation has been carried out on a low-powered IoT testbed. The results of the experimental setup show satisfactorily linear scalability of memory, fairly consistent delays, and an insignificant increase in security-attributable power consumption for an increasing number of connected clients. The packet-level analysis of traffic in an experimental setup demonstrates the resilience of SecGW through stage-wise identification and isolation of misbehaving clients.
Adaptively secure multi-authority attribute-based broadcast encryption in fog computing
2023, Computer Networks
Fog computing is considered an important development in cloud computing, with shorter response times, less data transfer load and a more secure distributed service architecture that can be accessed by a wide range of end devices. As with cloud computing, it also faces the challenge of how to securely distribute sensitive data. Ciphertext-Policy Attribute-based Broadcast Encryption (CP-ABBE) can protect sensitive data and provide fine-grained access control with user revocation. However, existing CP-ABBE schemes suffer many limitations when implemented in a fog computing environment: a single authority performs poorly in handling requests or data from many IoT devices, leading to system delays or limited functionality; expensive decryption costs make the computation and storage overheads unfriendly to devices with limited resources; these schemes are only proven selectively secure, meaning that security was proven in a weaker model. In this paper, using threshold secret sharing and decryption delegation, we propose an adaptively secure attribute-based multi-authority broadcast encryption (MA-ABBE) scheme that breaks through these limitations. The comparison and analysis results show that our scheme is practical and achieves adaptive security, enables user-side fast decryption and low storage overhead, and provides a secure and efficient option for protecting sensitive data in fog computing environments.
Verifiable outsourcing EMRs scheme with attribute-based encryption in cloud-edge environments
2023, Journal of Information Security and Applications
With emerging of cloud and edge computing, it is popular to store Electronic Medical Records (EMRs) on a remote cloud. Furthermore, to share the EMRs stored in the cloud, attribute-based encryption (ABE) can provide a fine-grained access control strategy. However, in ABE, the finer the access control is, the bigger the number of required attributes is. Accordingly, it requires the higher computation costs. In this paper, to reduce the burden of patients, we first present a verifiable outsourced ABE scheme with the help of edge servers and fog nodes, in which edge servers are fully responsible for the encryption of ABE while fog nodes assist data users to perform the corresponding decryption. Furthermore, to protect the privacy of data owner, we introduced the proxy re-encryption algorithms, which still can achieve dual access control for EMRs. What's more, to detect the honesty of edge servers and the cloud, we adopt an aggregated digital signature to guarantee the correctness of the EMRs initially encrypted by data owner. The experimental results and security proofs show that our scheme has higher computational efficiency and achieves more fine-grained access control.
S-FoS: A secure workflow scheduling approach for performance optimization in SDN-based IoT-Fog networks
2023, Journal of Information Security and Applications
Citation Excerpt :
Therefore, it is necessary to ensure that time-critical applications are executed reliably and successfully regardless of fog-level node attacks [3]. IoT devices’ need for low energy consumption makes their microarchitecture less appropriate for deploying computationally intensive security defense mechanisms, rendering them more vulnerable to various assaults [4,5]. N. Neshenko et al. [6] have discussed the security susceptibilities for fog devices and IoT devices in IoT networks.
Fog computing aims to provide resources to cloud data centers at the network’s edge to support time-critical Internet of Things (IoT) applications with low-latency requirements. Protecting the IoT-Fog resources and the scheduling services from the treats is critical for executing the users’ requests in the IoT-Fog network. Proper scheduling algorithms are essential to fulfill the requirements of users’ applications properly and fully harness the potential of IoT-Fog resources. Software-Defined Networking (SDN) is a structure that decouples the control plane from the data plane, resulting in more flexible management. That eases the implementation of security mechanisms in the IoT-Fog networks. In SDN-based IoT-Fog networks, SDN switches and controllers can serve as fog gateways/cloud gateways. SDN switches and controllers, on the other hand, are more susceptible to a variety of assaults, making the SDN controller a bottleneck and thus easy to control plane saturation. IoT devices are inherently insecure, making the IoT-Fog network vulnerable to a variety of attacks. This paper presents S-FoS, an SDN-based security-aware workflow scheduler for IoT-Fog networks. The proposed approach defends scheduling services against distributed denial of service (DDoS) and port scanning assaults. S-FoS is a joint security and performance optimization approach that uses fuzzy-based anomaly detection algorithms to identify the source of attacks and block malicious requestors. It also uses a NSGA-III multi-objective scheduler optimization approach to consider load balancing and delay simultaneously. We show that the S-FoS outperforms state-of-the-art algorithms in IoT-based scenarios through comprehensive simulations. The experiments indicate that by varying the attack rates, the number of IoT devices, and the number of fog devices, the response time of S-FoS could be improved by 31% and 18%, and the network utilization of S-FoS could be improved by 9% and 4%, respectively, compared to the NSGA-II and MOPSO algorithms.
Securing edge computing using cryptographic schemes: a review
2024, Multimedia Tools and Applications
D4gw: Dtls for Gateway Multiplexed Application to Secure Mqtt(Sn)-Based Pub/Sub Architecture
2024, SSRN

View all citing articles on Scopus

View full text

Energy-efficient dynamic homomorphic security scheme for fog computing in IoT networks

Abstract

Introduction

Section snippets

Literature review

Key elements and parameters

Proposed scheme

Performance analysis

Simulation results and evaluation

Conclusions

CRediT authorship contribution statement

Declaration of Competing Interest

Acknowledgments

Future Gener Comput Syst

Comput Secur

Simul Model Pract Theory

J Netw Comput Appl

Comput Secur

Pervasive Mob Comput

Inform Sci

Edge computing framework for cooperative video processing in multimedia iot systems

IEEE Trans Multimed

Multimedia big data computing for IoT applications

Fog computing enabling industrial internet of things: State-of-the-art and research challenges

Sensors

A survey on security and privacy challenges in device discovery for next-generation systems

IEEE Access

A survey on mobile agent based intrusion detection system

Security and privacy in fog computing: Challenges

IEEE Access

A survey on energy efficient routing for delay minimization in iot networks

Security attacks and secure routing protocols in RPL-based internet of things: Survey

Anonymous communications for secure device-to-device-aided fog computing: architecture, challenges, and solutions

IEEE Consum Electron Mag

Two secure privacy-preserving data aggregation schemes for IoT

Wirel Commun Mob Comput