Privacy-preserving data search with fine-grained dynamic search right management in fog-assisted Internet of Things

This is the author accepted manuscript. The final version is available from Elsevier via the DOI in this record.Fog computing, as an assisted method for cloud computing, collects Internet of Things (IoT) data to multiple fog nodes on the edge of IoT and outsources them to the cloud for data search, and it reduces the computation cost on IoT nodes and provides fine-grained search right management. However, to provide privacy-preserving IoT data search, the existing searchable encryptions are very inefficient as the computation cost is too high for the resource-constrained IoT ends. Moreover, to provide dynamic search right management, the users need to be online all the time in the existing schemes, which is impractical. In this paper, we first present a new fog-assisted privacy-preserving IoT data search framework, where the data from each IoT device is collected by a fog node, stored in a determined document and outsourced to the cloud, the users search the data through the fog nodes, and the fine-grained search right management is maintained at document level. Under this framework, two searchable encryption schemes are proposed, i.e., Credible Fog Nodes assisted Searchable Encryption (CFN-SE) and Semi-trusted Fog Nodes assisted Searchable Encryption (STFN-SE). In CFN-SE scheme, the indexes and trapdoors are generated by the fog nodes, which greatly reduce the computation costs at the IoT devices and user ends, and fog nodes are used to support offline users’ key update. In STFN-SE scheme, the semi-trusted fog nodes are used to provide storage of encrypted key update information to assist offline users’ search right update. In both schemes, no re-encryption of the keywords is needed in search right updates. The performance evaluations of our schemes demonstrate the feasibility and high efficiency of our system.National Key Research and Development ProgramNational Natural Science Foundation of ChinaSichuan Provincial Major Frontier IssuesState Key Laboratory of Integrated Services Networks, Xidian Universit

Scalable and Secure Big Data IoT System Based on Multifactor Authentication and Lightweight Cryptography

© 2013 IEEE. Organizations share an evolving interest in adopting a cloud computing approach for Internet of Things (IoT) applications. Integrating IoT devices and cloud computing technology is considered as an effective approach to storing and managing the enormous amount of data generated by various devices. However, big data security of these organizations presents a challenge in the IoT-cloud architecture. To overcome security issues, we propose a cloud-enabled IoT environment supported by multifactor authentication and lightweight cryptography encryption schemes to protect big data system. The proposed hybrid cloud environment is aimed at protecting organizations\u27 data in a highly secure manner. The hybrid cloud environment is a combination of private and public cloud. Our IoT devices are divided into sensitive and nonsensitive devices. Sensitive devices generate sensitive data, such as healthcare data; whereas nonsensitive devices generate nonsensitive data, such as home appliance data. IoT devices send their data to the cloud via a gateway device. Herein, sensitive data are split into two parts: one part of the data is encrypted using RC6, and the other part is encrypted using the Fiestel encryption scheme. Nonsensitive data are encrypted using the Advanced Encryption Standard (AES) encryption scheme. Sensitive and nonsensitive data are respectively stored in private and public cloud to ensure high security. The use of multifactor authentication to access the data stored in the cloud is also proposed. During login, data users send their registered credentials to the Trusted Authority (TA). The TA provides three levels of authentication to access the stored data: first-level authentication - read file, second-level authentication - download file, and third-level authentication - download file from the hybrid cloud. We implement the proposed cloud-IoT architecture in the NS3 network simulator. We evaluated the performance of the proposed architecture using metrics such as computational time, security strength, encryption time, and decryption time

Game Theory Based Privacy Protection for Context-Aware Services

In the era of context-aware services, users are enjoying remarkable services based on data collected from a multitude of users. To receive services, they are at risk of leaking private information from adversaries possibly eavesdropping on the data and/or the un--trusted service platform selling off its data. Malicious adversaries may use leaked information to violate users\u27 privacy in unpredictable ways. To protect users\u27 privacy, many algorithms are proposed to protect users\u27 sensitive information by adding noise, thus causing context-aware service quality loss. Game theory has been utilized as a powerful tool to balance the tradeoff between privacy protection level and service quality. However, most of the existing schemes fail to depict the mutual relationship between any two parties involved: user, platform, and adversary. There is also an oversight to formulate the interaction occurring between multiple users, as well as the interaction between any two attributes. To solve these issues, this dissertation firstly proposes a three-party game framework to formulate the mutual interaction between three parties and study the optimal privacy protection level for context-aware services, thus optimize the service quality. Next, this dissertation extends the framework to a multi-user scenario and proposes a two-layer three-party game framework. This makes the proposed framework more realistic by further exploring the interaction, not only between different parties, but also between users. Finally, we focus on analyzing the impact of long-term time-serial data and the active actions of the platform and adversary. To achieve this objective, we design a three-party Stackelberg game model to help the user to decide whether to update information and the granularity of updated information

Blockchain for IoT Access Control: Recent Trends and Future Research Directions

With the rapid development of wireless sensor networks, smart devices, and traditional information and communication technologies, there is tremendous growth in the use of Internet of Things (IoT) applications and services in our everyday life. IoT systems deal with high volumes of data. This data can be particularly sensitive, as it may include health, financial, location, and other highly personal information. Fine-grained security management in IoT demands effective access control. Several proposals discuss access control for the IoT, however, a limited focus is given to the emerging blockchain-based solutions for IoT access control. In this paper, we review the recent trends and critical needs for blockchain-based solutions for IoT access control. We identify several important aspects of blockchain, including decentralised control, secure storage and sharing information in a trustless manner, for IoT access control including their benefits and limitations. Finally, we note some future research directions on how to converge blockchain in IoT access control efficiently and effectively

Novel Proposed Work for Empirical Word Searching in Cloud Environment

People's lives have become much more convenient as a result of the development of cloud storage. The third-party server has received a lot of data from many people and businesses for storage. Therefore, it is necessary to ensure that the user's data is protected from prying eyes. In the cloud environment, searchable encryption technology is used to protect user information when retrieving data. The versatility of the scheme is, however, constrained by the fact that the majority of them only offer single-keyword searches and do not permit file changes.A novel empirical multi-keyword search in the cloud environment technique is offered as a solution to these issues. Additionally, it prevents the involvement of a third party in the transaction between data holder and user and guarantees integrity. Our system achieves authenticity at the data storage stage by numbering the files, verifying that the user receives a complete ciphertext. Our technique outperforms previous analogous schemes in terms of security and performance and is resistant to inside keyword guessing attacks.The server cannot detect if the same set of keywords is being looked for by several queries because our system generates randomized search queries. Both the number of keywords in a search query and the number of keywords in an encrypted document can be hidden. Our searchable encryption method is effective and protected from the adaptive chosen keywords threat at the same time

Efficient and Secure Key Management and Authentication Scheme for WBSNs Using CP-ABE and Consortium Blockchain

publishedVersio

AI-enabled privacy-preservation phrase with multi-keyword ranked searching for sustainable edge-cloud networks in the era of industrial IoT

Abstract: Please refer to full text to view abstrac

Secure monitoring system for industrial internet of things using searchable encryption, access control and machine learning

This thesis is an alternative format submission comprising a set of publications and a comprehensive literature review, an introduction, and a conclusion. Continuous compliance with data protection legislation on many levels in the Industrial Internet of Things (IIoT) is a significant challenge. Automated continuous compliance should also consider adaptable security compliance management for multiple users. The IIoT should automate compliance with corporate rules, regulations, and regulatory frameworks for industrial applications. Thus, this thesis aims to improve continuous compliance by introducing an edge-server architecture which incorporates searchable encryption with multi-authority access to provide access to useful data for various stakeholders in the compliance domain. In this thesis, we propose an edge lightweight searchable attribute-based encryption system (ELSA). The ELSA system leverages cloud-edge architecture to improve search time beyond a previous state-ofthe-art encryption solution. The main contributions of the first paper are as follows. First, we npresent an untrusted cloud and trusted edge architecture that processes data efficiently and optimises decision-making in the IIoT context. Second, we enhanced the search performance over the current state-of-the-art (LSABE-MA) regarding order of magnitude. We achieved this enhancement by storing keywords only on the trusted edge server and introducing a query optimiser to achieve better-than-linear search performance. The query optimiser uses k-means clustering to improve the efficiency of range queries, removing the need for a linear search. As a result, we achieved higher performance without sacrificing result accuracy. In the second paper, we extended ELSA to illustrate the correlation between the number of keywords and ELSA performance. This extension supports annotating records with multiple keywords in trapdoor and record storage and enables the record to be returned with single keyword queries. In addition, the experiments demonstrated the scalability and efficiency of ELSA with an increasing number of keywords and complexity. Based on the experimental results and feedback received from the publication and presentation of this work, we published our third technical paper. In this paper, we improved ELSA by minimising the lookup table size and summarising the data records by integrating machine-learning (ML) methods suitable for execution at the edge. This integration removes records of unnecessary data by evaluating added value to further processing. This process results in the minimisation of the lookup table size, the cloud storage, and the network traffic, taking full advantage of the edge architecture benefits. We demonstrated the mini-ELSA expanded method on two well-known IIoT datasets. Our results reveal a reduction of storage requirements by > 21% while improving execution time by > 1.39× and search time by > 50% and maintaining an optimal balance between prediction accuracy and space reduction. In addition, we present the computational complexity analysis that reinforces these experimental results

Understanding Interdependencies among Fog System Characteristics

Fog computing adds decentralized computing, storage, and networking capabilities with dedicated nodes as an intermediate layer between cloud data centers and edge devices to solve latency, bandwidth, and resilience issues. However, in-troducing a fog layer imposes new system design challenges. Fog systems not only exhibit a multitude of key system characteristics (e.g., security, resilience, interoperability) but are also beset with various interdependencies among their key characteristics that require developers\u27 attention. Such interdependencies can either be trade-offs with improving the fog system on one characteristic impairing it on another, or synergies with improving the system on one characteristic also improving it on another. As system developers face a multifaceted and complex set of potential system design measures, it is challenging for them to oversee all potentially resulting interdependencies, mitigate trade-offs, and foster synergies. Until now, existing literature on fog system architecture has only analyzed such interdependencies in isolation for specific characteristics, thereby limiting the applicability and generalizability of their proposed system designs if other than the considered characteristics are critical. We aim to fill this gap by conducting a literature review to (1) synthesize the most relevant characteristics of fog systems and design measures to achieve them, and (2) derive interdependences among all key characteristics. From reviewing 147 articles on fog system architectures, we reveal 11 key characteristics and 39 interdependencies. We supplement the key characteristics with a description, reason for their relevance, and related design measures derived from literature to deepen the understanding of a fog system\u27s potential and clarify semantic ambiguities. For the interdependencies, we explain and differentiate each one as positive (synergies) or negative (trade-offs), guiding practitioners and researchers in future design choices to avoid pitfalls and unleash the full potential of fog computing