MMDA: Multidimensional and multidirectional data aggregation for edge computing-enhanced IoT

https://doi.org/10.1016/j.sysarc.2020.101713Get rights and content

Abstract

In an edge computing-enhanced Internet of Things (IoT) setup, data can be processed closer to the IoT devices (i.e. at the network edge). However, security and privacy remain two key issues that need to be considered. In this paper, we propose the first multidimensional and multidirectional data aggregation (MMDA) scheme for privacy-preserving edge computing-enhanced IoT communications. In MMDA, the data of each IoT device are described as an n-dimensional vector and m IoT devices’ data are listed as a matrix D of order m × n. MMDA enables an edge device (acting as a gateway) to aggregate the multidimensional data of the m IoT devices in two directions: row aggregation and column aggregation. Such data can then be employed to compute the summation of data in each row and each column of D in a privacy-preserving way. Unlike existing multidimensional data aggregation schemes that have only the column aggregation, MMDA allows an additional row aggregation. This allows the capability to provide more statistical information to an IoT control center for analysis and processing. MMDA also adopts the batch verification technology to reduce authentication costs. Extensive analysis shows that MMDA is practicable in terms of computation cost, security, and fault-tolerance.

Introduction

Internet of Things (IoT) can be found in a broad range of real-world systems (e.g. smart grid, smart home, smart healthcare, and smart city) with different features. In a typical IoT setup, there is an interconnected network consisting of a number of IoT devices (ranging from tens to hundreds to thousands, depending on the size of the network). These devices are responsible for sensing real-time data and transmitting the raw sensed data to a control center for better and intelligent decisions [1], [2]. Depending on the system setup/configuration, the network traffic (e.g. data sent from thousands of IoT devices to the server for processing) may be large and hence, incurs significant costs. In addition to performance consideration, we need to ensure the security of the data exchange and the privacy of the computation, etc [3], [4].

Edge computing, rooted from the content delivery networks (CDNs) of the late 1990s [5], [6], extends the cloud computing to the edge of the network. By deploying edge devices at the network edge, edge computing can provide low latency, location awareness and improve real-time data and application services to IoT [1], [7], [8] (also referred to as an edge computing-enhanced IoT system). Such properties are particularly crucial in time-sensitive adversarial environment, such as battlefields. Since edge devices are responsible for storing and pre-processing data sent by IoT devices and deployed at the network edge, they are attractive targets to attackers. In addition, to ensure data privacy, edge devices should not be allowed to access individual IoT device’s data; hence, the need for privacy-preserving data aggregation.

There are a large number of privacy-preserving data aggregation schemes in the literature [9], [10], [11], [12], which can be deployed in an edge computing-enhanced IoT system. These schemes generally support the privacy-preserving property to some extent. However, it is challenging to implement these existing schemes due to their complex computation or high communication requirements. Thus, a number of efficient privacy-preserving data aggregation schemes, such as those reported in [13], [14], [15], [16], [17], [18], have also been proposed. A common drawback in this latter group of schemes is that they consider report data of each IoT device as one-dimensional information. In some IoT applications (e.g. smart grids), however, the report data by each smart meter are usually multidimensional in practice. For examples, the report data can be categorized according to attributes (the quantity of electricity consumed, the time and the intent of consumption, and so on [19], [20]) or electrical appliances (lamp, computer, refrigerator, air-conditioning, and so on [21]). These categories require finer grained control and optimization.

Based on a super-increasing sequence and Paillier cryptosystem, Lu et al. [19] proposed the first multidimensional data aggregation scheme for smart grids. Using the bilinear pairing cryptographic technology, Liu et al. [20] also proposed an anonymous multidimensional data aggregation scheme. In 2017, Shen et al. [21] proposed an efficient privacy-preserving cube-data aggregation scheme for smart grids based on Horner’s rule and Paillier cryptosystem. González-Manzano et al. [22] proposed a privacy-preserving aggregation protocol, PAgIoT, which enables the aggregation of multidimensional data based on attribute queries and Paillier cryptosystem. More recently in 2019, Guan et al.[23] proposed the APPA protocol which provides a solution to aggregation data for different IoT device areas. We note, however, that these multidimensional data aggregation schemes [19], [20], [21], [22], [23] allow the data to be aggregated only in one direction. To explain this, we assume that the data of each IoT device Di is an n-dimensional vector di=(di,1,di,2,,di,n), 1 ≤ i ≤ m, and we treat all the m vectors as an m × n matrix D=(di,j)1im,1jn. In this context, existing multidimensional data aggregation schemes are only able to obtain the data summations i=1mdi,j, 1 ≤ j ≤ n, in each column of D in a privacy-preserving way (refer to Fig. 1). This is a limitation because such data summations j=1ndi,j, 1 ≤ i ≤ m, in each row of D correspond to the total amount of each single device’s data, and are also important to the control center for analysis and processing.

Therefore to address these limitations in the existing schemes, in this paper we propose an efficient multidimensional and multidirectional data aggregation scheme (hereafter referred to as MMDA) following the idea in [24]. MMDA is designed to facilitate privacy-preserving edge computing-enhanced IoT communications. MMDA enables an edge device (acting as a honest-but-curious aggregator) to aggregate the data in D in two directions, namely: row aggregation and column aggregation. They can be used to compute the summations j=1ndi,j, 1 ≤ i ≤ m, and i=1mdi,j, 1 ≤ j ≤ n, respectively, in a privacy-preserving way (refer to Fig. 2). MMDA also uses batch verification technology to reduce the authentication cost and support fault-tolerant.

Section snippets

Background materials

In this section, we introduce the mathematical preliminaries and security model required in the understanding of our proposed MMDA scheme.

Proposed MMDA scheme

Our proposed MMDA scheme includes five phases, namely: system initialization, key generation, data report generation, secure report aggregation, and secure report reading. As mentioned in Section 1, we assume that there are m IoT devices Di, 1 ≤ i ≤ m, in an IoT system and each device Di generates an n-dimensional data vector di=(di,1,di,2,,di,n), 1 ≤ i ≤ m. SetD=(di,j)1im,1jn=[d1,1d1,2d1,nd2,1d2,2d2,ndm,1dm,2dm,n].Note that for IoT devices in practice, the report data should not be

Security analysis

Based on the security model in Section 2.2, we first consider that A eavesdrops on the communication between IoT devices and ED. Then, A is able to obtainci,j:=(1+di,j·p)·H1(AMR)ki,j·(μim+μjn)modp2,where 1 ≤ i ≤ m, 1 ≤ j ≤ n. If A wishes to infer individual component di,j of Di’s data vector di=(di,1,di,2,,di,n), A has to remove the blinding factor H1(AMR)ki,j·(μim+μjn), which includes a key ki,j of Di for the dimension j. Since ki,j is generated by the trusted TA and transmitted to Di via a

Performance evaluation

As far as we know, Lu et al.’s scheme [1] is the only existed multidimensional data aggregation scheme for fog computing-enhanced IoT. Thus we evaluate the performance of our proposed MMDA scheme by comparing it with Lu et al.’s data aggregation scheme. For the fairness of comparison, the authentication related overhead is ignored because the latter failed to provide the authentication function. We assume that there are m IoT devices Di, 1 ≤ i ≤ m, and each of them reports an n-dimensional data

Conclusion

Edge computing-enhanced IoT will be increasing a norm in our society, and there remains a number of research challenges and opportunities to secure our edge computing-enhanced IoT in the fast-paced threat landscape [31], [32]. One particular research challenge is to design secure and efficient privacy-preserving data aggregation scheme for edge computing-enhanced IoT systems, and this is the focus of this paper.

Specifically, in this paper, we proposed an efficient multidimensional and

Declaration of Competing Interests

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

The authors declare the following financial interests/personal relationships which may be considered as potential competing interests:

Declarations of interest: none

Acknowledgements

The work is supported by the National Key R&D Program of China under Grant No. 2017YFB0802302, the NSFC-Zhejiang Joint Fund for the Integration of Industrialization and Informatization under Grant No. U1509219, the National Natural Science Foundation of China under Grant Nos. 61601129 and 11701179, the Shanghai Natural Science Foundation under Grant No. 17ZR1408400, and the Key Lab of Information Network Security of Ministry of Public Security (The Third Research Institute of Ministry of Public

Peng Zeng received the Ph.D. degree in computer science and technology from Shanghai Jiao Tong University, Shanghai, China, in 2009. He is currently an Associate Professor with East China Normal University, Shanghai. His current research interests include applied cryptography, network information security, and coding theory.

References (32)

  • A. Yousefpour et al.

    All one needs to know about fog computing and related edge computing paradigms: a complete survey

    J. Syst. Archit.

    (2019)
  • H. Mahdikhani et al.

    Achieving privacy-preserving multi dot-product query in fog computing-enhanced IoT

    GLOBECOM 2017-2017 IEEE Global Communications Conference. IEEE

    (2017)
  • C. Huang et al.

    Vehicular fog computing: architecture, use case, and security and forensic challenges

    IEEE Commun. Mag.

    (2017)
  • J. Hajny et al.

    Privacy-enhanced data collection scheme for smart-metering

    International Conference on Information Security and Cryptology

    (2015)
  • T. Jung et al.

    Collusion-tolerable privacy-preserving sum and product calculation without secure channel

    IEEE Trans. Depend. Secure Comput.

    (2015)
  • D. He et al.

    Privacy-preserving data aggregation scheme against internal attackers in smart grids

    Wirel. Netw.

    (2016)
  • Cited by (32)

    • Task scheduling with precedence and placement constraints for resource utilization improvement in multi-user MEC environment

      2021, Journal of Systems Architecture
      Citation Excerpt :

      Currently, pervasive mobile computing and the Internet of Things are driving the rapid development of many new compute-demanding and latency-sensitive applications [1], such as virtual reality (VR), augmented reality (AR) and social gaming [2,3].

    • ArchNet: A data hiding design for distributed machine learning systems

      2021, Journal of Systems Architecture
      Citation Excerpt :

      Based on the concept of model sharing, a big data analysis system is introduced by Jie Jiang et al. [14] The high-dimensional big model is reasonably divided into multiple sub-model server nodes. Some researchers also apply the concept of distributed to specific scenarios, such as medical, legal and other fields [15–17]. However, the existing research of DML system mainly focuses on the synchronization and data distribution of DML [18,19].

    View all citing articles on Scopus

    Peng Zeng received the Ph.D. degree in computer science and technology from Shanghai Jiao Tong University, Shanghai, China, in 2009. He is currently an Associate Professor with East China Normal University, Shanghai. His current research interests include applied cryptography, network information security, and coding theory.

    Bofeng Pan received the Bachelor’s degree in computer science from JiangXi Normal University in 2015 and the Master degree in software engineering from East China Normal University, Shanghai, China. His research interests include cryptography, network security, privacy preserve, and IoT system.

    Kim-Kwang Raymond Choo (SM’15) received the Ph.D. degree in information security from the Queensland University of Technology, Australia, in 2006. He currently holds the Cloud Technology Endowed Professorship with The University of Texas at San Antonio. He is also a fellow of the Australian Computer Society. In 2015, he and his team won the Digital Forensics Research Challenge organized by the Germany’s University of Erlangen-Nuremberg. In 2016, he was named the Cybersecurity Educator of the Year—APAC (Cybersecurity Excellence Awards are produced in cooperation with the Information Security Community on LinkedIn). He was a recipient of the 2008 Australia Day Achievement Medallion, the British Computer Society’s Wilkes Award in 2008, the Fulbright Scholarship in 2009, the 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, and the ESORICS 2015 Best Paper Award.

    Hong Liu is an associate professor in the School of Computer Science and Software Engineering, East China Norm al University. She received her Ph.D. degree from the School of Electronic and Information Engineering, Beihang University, China. She focuses on security and privacy issues in edge computing. She has published more than 30 SCI papers, and 1 ESI Highly Cited Paper. She has served as a Program Committee member and Workshop Chair in several conferences.

    View full text