Abstract
The Internet of Things (IoT) consists of smart devices with limited resources that can identify and analyze data. In IoT-enabled healthcare systems, the security of IoT devices and the data they contain is complex. These devices in the healthcare industry, edge computing can provide low-latency information services at a reasonable cost. This work proposes a security infrastructure for Software Defined Network (SDN)-based edge computing in IoT-enabled healthcare systems consisting of three steps: Lightweight authentication, collaborative edge computing and job migration. The lightweight authentication step involves both Improved Lightweight Key Management (ILKM) and Improved Elliptic Curve Cryptography (IECC) schemes to ensure authentication among the devices and edge servers. Moreover, the patient’s data in IoT devices are scheduled to the appropriate edge server by examining the load balancing in the collaborative edge computing phase. This is done optimally using the adopted hybrid optimization model, Osprey Assisted Coati Optimization Algorithm (OACOA). Further, job migration takes place, in which the data is allocated to the edge server by comparing the capacity of edge servers and the data gets migrated to other servers by considering migration cost when the capacity of the edge server is overloaded. Finally, the efficiency of the suggested OACOA scheme is evaluated over traditional models with regard to several metrics. When considering the edge-server 30, the OACOA scheme achieves a makespan of 385, while conventional methods acquired fewer makespan ratings. Also, the OACOA approach obtained the highest security ratings (0.7143) on edge-server 20 when compared to existing schemes.
Introduction
Smart healthcare is an essential aspect of smart cities. The area of smart healthcare originates from an objective to enhance healthcare sector administration, more effectively utilize resources, and lower costs while preserving or even improving its quality [1]. The two main types of healthcare resources are consumable and non-consumable resources. Non-consumable resources are ones that do not fade with time, whereas consumable resources, including all medical equipment and supplies, deteriorate and expire over time [2, 3]. Because cloud and edge computing has shown to be more stable than traditional servers, creating and building smart healthcare is now viable [4].
IoT is a network that includes well-known technologies like Wireless Sensor Networks (WSN), radio frequency identification, and body area networks that upload data to the cloud for review as well as data extraction in order to make rapid and precise opinions [5, 6]. As the drive to make healthcare more proactive, personalised, and economical grows, IoT may be evaluated and employed as a significant tool in health management systems. Furthermore, cloud computing providers ensure preserving patients’ privacy [7, 8]. Edge computing based on SDN is beneficial in making the most of IoT devices’ limited resources. Nevertheless, these low-power gadgets and their related data are vulnerable to a variety of security concerns. Before data transfer in IoT-enabled healthcare systems, IoT devices must be authorized [25, 9]. Following authentication, sensing data must be transferred to advanced Edge computing in order to process it quickly. Offloading to the edge needs to be done sensibly with the aid of an SDN controller that can create full network programmability [10]. SDN intelligence meets the need for Edge computing with regard to load balancing and resource allocation, while a lightweight authentication mechanism provides security [11]. Secure data transfer and continuous monitoring are the two main problems with real-time healthcare data processing and monitoring. For an IoT network with little power, the best security measures are lightweight authentication methods. Low-powered AIoT devices cannot transmit continuously while gathering several data points from a patient’s body [12].
Multiple controllers are used in recent SDN systems, adding a new dimension to the device network [13]. Data security and resource management are now the top priorities due to the recent sharp increase in the number of people using this type of cloud computing [14]. SDN may be an excellent option for efficiently managing resources by tracing network activity and estimating network capacity. The integration of new developing technologies has significance for data protection and cloud activities [15, 16]. Therefore, this research suggests a unique security paradigm for edge computing powered by SDN in IoT-enabled healthcare systems. The contribution of this paper is given below:
Introduces a security framework for SDN-based edge computing in IoT-enabled healthcare systems which have three phases namely, Lightweight authentication, collaborative edge computing and job migration. Proposes ILKM and IECC schemes in a lightweight authentication phase to preserve the patients’ data, where, the data is enciphered by using the private key of IECC and the master key of ILKM. Proposes an OACOA optimization model for optimal balancing of the patient’s data in the device to the appropriate edge server.
The research is arranged as follows: The literature review and the problem statement of SDN-based edge computing in IoT-enabled healthcare systems are pointed out in Section 2. The suggested model is illustrated in Section 3. The results and discussion of the suggested work with the comparison of several metrics are discussed in Section 4 and the suggested framework is concluded in Section 5.
In 2019, A. Srilakshmi et al. [17] has developed a framework in which the cloud provides a suitable healthcare environment for the security and analytics of sensed medical data. Additionally, the gathered health reports were created on top of the SDN, along with the SDN controller hosted in the Amazon cloud. Moreover, the author collected plenty of sensors that were utilized in the medical area, as well as what kind of service was supplied by a particular cloud that was essential for the healthcare sector.
In 2020, J. Li et al. [12] has proposed a safe architecture for SDN-based Edge computing in an IoT-enabled healthcare system. Additionally, in the suggested design, the Edge servers used a low-tech authentication method to verify the identity of the IoT devices. Such devices gather data from patients after authentication and deliver it to Edge servers for processing, storage, and monitoring. Moreover, an SDN controller connected the Edge servers that conducted optimization of the network, load balancing, and effective utilization of resources in the healthcare system.
In 2020, S. Badotra et al. [18] has designed an IoT-enabled healthcare network based on SDN architecture. This effort was intended to meet the demand for SDN in the IoT-based healthcare industry. Several problems, advantages, current active research areas, and the full structure of both technologies were depicted.
In 2021, Qian You and Bing Tang [19] has outlined a realistic task offloading technique in a resource-constrained multi-user and Multi-Access Edge Computing (MEC) platform to satisfy users’ requirements as a difficult problem. Given the rapid growth of heterogeneous edge servers in the Industrial Internet of Things (IIoT) environment and industrial edge computing devices, to move workloads from edge devices with little capacity to edge servers with low power and fast response times, a Particle Swarm Optimization (PSO)-based task delegation technique was developed.
In 2022, KishoriKasat D et al. [20] has framed an innovative security infrastructure for healthcare information via IoT. The potential risk of unsecured transmission data was examined between the IoT system and the gateway of networks. Moreover, it ensured that health data was transmitted to the healthcare centre remotely. Before encoding the sensing component to cryptographic mechanisms, the suggested healthcare data approach was encoded into the mechanism. Also, the prototype model was validated effectively.
In 2023, Prabhat Kumar et al. [21] has devised a Blockchain-orchestrated Deep learning approach for Secure Data Transmission (BDSDT) in IoT-enabled healthcare systems. To be more specific, a unique scalable blockchain architecture was presented to assure the integrity of data and ensure the safe exchange of information through the use of the Zero Knowledge Proof (ZKP) method. In order to control data storage costs, BDSDT interfaced with both an Ethereum smart contract and the off-chain storage InterPlanetary File System (IPFS). This helped to address issues over data security.
In 2023, Naim Shaikh et al. [22] established the Event Process Healthcare (EPH) approach, an innovative approach referred to as Cloud-based Deep Learning (CDN) was developed, that helped both patients and the healthcare business by leveraging a mix of machine learning methods, a highly intelligent cloud infrastructure, as well as deep learning norms as the basis.
In 2023, Lu Zhong and Xiaoke Deng [23] has defined a two-stage procedure. The initial step was to develop and execute an Internet-enabled healthcare system that includes devices that are wearable. In the following step, a load-balancing model based on the Ant Colony Optimization Algorithm (ACO)was given. To enhance the effectiveness of resources and decrease makespan time, ACO divided work among virtual machines.
In 2023, Prabhakaran et al. [32] developed a modified Lagrange interpolated Butterfly optimization algorithm-based deep metric learning (mLBOA-DML) approach for cloud intrusion detection that finds malicious and host-based attacks. Using the power of global optimization, the mLBOA algorithm helps to build the DML technique’s parameters in order to maximize the accuracy of cloud security attack forecasting.
In 2023, Riya et al. [31] developed the EMOEUA technique to minimize computer complexity and address security concerns by achieving mutual authentication. In addition, optimal multikey homomorphic encryption (OMKHE) is used in the EMOE-UA technique to encrypt the IoMT data. Furthermore, the improved social spider optimization algorithm, or ISSOA, was used to generate optimal multikeys for the MKHE approach. The experimental result analysis of the EMOE-UA technique is conducted using benchmark data, and the results are examined from several perspectives.
In 2024, Rahman et al. [30] developed an architecture that blends blockchain technology with software-defined networking (SDN). In the context of 5G networks, this technology is specifically made to enable remote patient monitoring systems. A patient-centric agent (PCA) manages user data on behalf of patients inside the SDN control plane of the architecture. The PCA provides the necessary instructions to the forwarding devices to guarantee that patient data is handled appropriately. The proposed model is evaluated on docker-engine with hyperledger fabric, and its performance is compared with existing models in fifth-generation (5G) networks.
Features and challenges of current relevant work on SDN-based edge computing in IoT-enabled health systems
Features and challenges of current relevant work on SDN-based edge computing in IoT-enabled health systems
The features and limitations of current research on SDN-based edge computing in IoT-enabled healthcare systems are shown in Table 1. The Lightweight authentication scheme [12] attained low latency, average response time and maximal throughput; however, preserving the privacy of patients’ data is complicated. The BDSDT approach [21] maintained trust and transparency in the network; however, it is difficult to analyze the efficiency of the suggested model with the prototype. The SDN with an innovative scheme [18] could accomplish improved cost-effectiveness and security in the functionality; however, the alliance of technical needs with the application state is still a challenging issue. The encryption method [20] manages every connected technology; however, concerning data security through IoT sensors is difficult. The CoAP [17] provided better security; however, implementing a smart city to concentrate on several aspects of people’s lives by offering automation rather than manual intervention is still vague. The CDN [22] ensured the better robustness of health information; however, it is necessary to enhance the utilization of produced applications in real-time. The ACO [23] method provided higher flexibility and scalability along with requiring less processing time and makespan time. Moreover, the PSO [19] accomplished low energy consumption and latency; however, it doesn’t consider the service requirement for greater reliability. Although data security is increased by the EMOEUA approach [31], data integrity and confidentiality are not improved. Although the BOA [32] reduces computing time, data integrity must be taken into account. SDN based on blockchain [30] reduced the cost of data processing but did not offer secure storage. Hence, the proposed framework is implemented by overcoming the aforementioned limitations.
An outline of SDN-based edge computing in IoT healthcare system
System model
As shown in Fig. 1, the low-power embedded IoT devices and sensors comprise IoT-enabled healthcare architecture. Such devices are either worn by the patient or placed inside the healthcare centre. The growth of wearable technology and the Internet of Things emphasizes the value of a multi-service Edge server in the network. Additionally, it may result in control overhead and increased network latency. The core networks have the control of hosting multiple apps which offer various services and managing the IoT end-to-end infrastructure. Authorization, authentication, and cryptographic algorithms can be used to mitigate security vulnerabilities in SDN core networks. Including a software-defined network (SDN) controller or an intelligent SDN controller in the Edge server is a common method of system architecture. This aids in load balancing and efficient resource use for the Edge server. With the assistance of the SDN controller, which can create complete network programmability, the offloading to Edge should be carried out wisely. Lightweight authentication offers security, but SDN intelligence meets Edge computing requirements for load balancing and resource allocation. The data plane of SDN is distributed, but the control plane is centralized. Nevertheless, the SDN controller necessitates a thorough network reconfiguration. Because of the reconfiguration and the necessity for staff training on the SDN controller system, this raises costs.
This paper proposes an innovative edge computing powered by SDN in IoT healthcare systems using IECC-based Lightweight authentication. The proposed work involves three major phases: (1) Lightweight authentication, (2) Collaborative edge computing, and (3) Job migration. In the lightweight authentication phase, theImprovedLightweight Key Management scheme (ILKM) is proposed among IoT devices and edge servers with Improved Elliptic Curve Cryptography (IECC). The data encryption takes place using IECC, in which the randomly generated data is encrypted. Here, the encryption is performed two times. First, the data is encrypted using a master key produced via the Lightweight key management technique, and a private key obtained from IECC. Further, collaborative edge computing is performed, wherein, scheduling the patient data in an edge server is done optimally. This work proposed Osprey Assisted Coati Optimization Algorithm (OACOA) strategy for optimal load balancing (scheduling process) and this strategy is the integration of the Osprey Optimization Algorithm (OOA) and Coati Optimization Algorithm (COA). The edge server’s ability to manage the data from the IoT device is put to the test when the job migrates. If the edge server’s capacity is exceeded by the scheduled data, then it migrates the data to other subsequent edge servers with the consideration of migration cost computation.
Architecture of proposed IoT-enabled healthcare system using SDN-based edge computing.
The lightweight authentication takes place between the devices and edge servers by using the ILKM-IECC scheme. The ILKM-IECC scheme is a combination of Improved Lightweight Key Management and Improved Elliptic Curve Cryptography scheme.
Proposed LKM
The lightweight key management is the implementation of an efficient approach for controlling cryptographic keys in several applications. The lightweight key management contains two phases: They present the production of session keys and symmetric encryption keys. In the key establishment stage of symmetric encryption, the symmetric encryption key is introduced. The symmetric encryption key, which is derived from the IECC technique, is known as the private key. On the other hand, the session key formation phase. This phase generates the session key using an Improved Chaotic map (ICM). ICM creates the session key, which is considered to be the master key
Where, PLcm indicates Piecewise linear chaotic map and Lgm indicates Logistic map. The Piecewise linear chaotic maps are typically employed in a variety of cryptosystems due to their ease of implementation and low complexity [24]. The piecewise linear chaotic map is defined as in Eq. (2) in which
Equation (3) describes the formulation of a logistic map. In this,
IECC is the variant of the ECC scheme [26] and is a highly better cryptographic approach, which is extensively adopted for secure data encryption. As compared with extant approaches, this ECC approach offers strong security while it has fewer computational resource constraints. This approach includes three kinds of keys: they are, public key
The original data
Then the ciphertext data are securely downloaded at the receiver side. Using this same IECC scheme, the data is decrypted according to Eq. (7). Here,
Thus, this approach takes place between IoT devices and edge servers. Figure 2 shows that data encryption is performed between the devices and edge servers. Consider that the private key and master key be
Further,
Data encryption between the devices and edge servers.
Collaborative edge computing between the devices and edge servers.
The SDN-based edge computing is accountable for smart data processing, integration with other servers and storage. The main objective of this computing is acquiring distinct quality services under constrained resources. As depicted in Fig. 3, collaborative edge computing is performed between the devices and edge servers, in which the data in the devices are optimally load-balanced to the edge servers. The load balancing is maintained by an SDN controller that adopts a hybrid optimization strategy. A hybrid optimization technique that integrates the OOA and COA algorithms is the suggested OACOA. The following is a discussion of how the suggested OACOA strategy is elaborated.
Proposed OACOA strategy for optimal load balancing: Scheduling of patient information to the edge server
The patients’ information in IoT devices is scheduled to the edge servers based on the load. In order to balance the load optimally, a novel OACOA strategy is proposed. This OACOA strategy is the hybrid optimization that speeds up the optimization process and reduces the computational time. The hybrid OACOA strategy is the combination of OOA [27] and COA [28] algorithms. By inspiring the hunting behaviour of Coati, this work adopted this optimization for optimal load balancing. The proposed OACOA model chooses the optimal searching space, has maximum dependability, fast convergence, and high performance in real-time applications, and is used to enhance the overall performance of optimal load balancing. OACOA maintains a balance between exploration and exploitation, leading to better optimization results. It showcases high capability in optimizing practical applications. OACOA combines biological inspiration with mathematical modelling, providing efficient solutions for optimization problems across various domains. The Coati hunts the iguana by finding a suitable position and has the ability to escape from predators. However, the convergence speed of the computation is low. To address this issue, the OOA algorithm is assisted by the COA by inspiring the hunting behaviour of Osprey. The osprey hunts the fish from the sea after recognizing its position and then reaches the appropriate position to eat it. The mathematical modelling of the proposed OACOA strategy is elucidated below:
3.3.1.1. Solution encoding
The technique of maximizing a model’s performance without overfitting or producing an excessively high variance is known as solution encoding. Solution encoding has the advantage of first increasing convergence and then switching to a precise solution encoding to take advantage of the solution space regions that have previously been identified as promising. The solution to the proposed OACOA strategy is a set of IoT devices and edge servers for optimally balancing the data in devices to the edge servers.
3.3.1.2. Objective function
The objective function determined for the proposed OACOA strategy is distinct quality of services including execution time, makespan, execution cost, response time and security. Then the fitness is formulated as in Eq. (8).
Where
Here, the formulation of the objective function is carried as follows:
Normalize the constraints [ Calculate the weight using the Eq. (9).
Constraints involved in the optimal load balancing are given below:
Execution time Makespan Execution cost Response time Security
Execution time:
The amount of time that passes between the moments the edge node initiates data transmission and the edge server sends the recognition result is known as the execution time. Every edge server’s execution time is noted. Equation (10) defines the formulation of execution time. Here,
Makespan:
Makespan represents the maximum time taken by any single-edge server to process its submitted jobs. Equation (11) defines the formulation of makespan. Here,
Execution cost:
Execution cost typically refers to the resources consumed by a program or task during its execution. Equation (12) defines the formulation of execution cost. Here,
Response time:
The overall length of time required to reply to a service request is known as the response time. Equation (13) defines the formulation of response time. Equation (13) defines the response time. Here,
Security
Protecting data, systems, and networks against unauthorized access, use, disclosure, interruption, alteration, or destruction is referred to as security. Equation (3.3) defines the security algorithm for the edge servers.
3.3.1.3. Mathematical modelling
The exploration stage and the exploitation stage are the two phases of the suggested OACOA strategy. The iguana’s hunting and attacking tactics are covered in the exploration phase, while their escape from predators is covered in the exploitation phase. Figure 4 shows the flow chart for the suggested OACOA method. The coat is initially positioned randomly, as in Eq. (15). In this,
Equation (16) represents the population matrix that contains the population of coatis. As the candidate solution’s position changes in the decision variables, the objective function’s distinct rates can be computed using Eq. (17). In this,
Proposed exploration phase
A pack of coatis ascends a tree in search of an iguana. Part of the coati gang is still hidden behind the tree, waiting for the iguana to come down to the ground. The coatis approach the iguana when it gets to ground level, eventually capturing and neutralizing it. In order to address problem regions, this method causes the coatis to disperse to different locations within the exploration area, demonstrating the coatis’ exploration talents in performing a wide-ranging search. Equation (18) represents the iguana from Coatis’s vantage point atop the tree.
The exact attacking position of coati is enhanced by adopting the place of Osprey is defined according to Eqs (3.3)–(21). Here,
Apply Eq. (21) in the place of Eq. (18), then the modified position of coati is defined based on Eqs (22)–(27).
When the iguana is dropped to the ground in an arbitrary location, the coatis on the ground move their positions in the direction of the search area given in Eqs (28) and (3.3).
Where,
Exploitation phase
When a predator targets the coati during this period, it quickly leaves its current site. This stage showed off the capacity of COA for utilizing local search to locate a secure area close to its starting point. Additionally, using Eqs (31) and (32) the escape strategy of coati towards an arbitrary point is calculated. Further, Eq. (33), which evaluates the updated position of coati, is used to enrich the goal function. Here,
Flow chart of adopted OACOA strategy.
Job migration [12] is the process of reallocating data from one server to another server by the predetermined cost limit. It looks at the edge server’s capacity. The edge server experiences under load which persists until it is satisfied if its capacity is smaller than the patients’ data in the IoT device. However, in the event that an edge server’s capacity exceeds the amount of patient data stored in an IoT device, the data is moved to another edge server while taking migration costs into account (i.e., the data migrates to other servers based on migration cost). The Migration cost refers to the cost required for migration from one server to another server and it is estimated according to Eq. (34).
Thus, the data is efficiently authenticated, scheduled to the appropriate edge server and transitions across servers with competence.
Simulation setup
The suggested Lightweight authentication for SDN-Based Edge Computing in IoT-Enabled Healthcare Systems was executed utilizing MATLAB, and the version is “Matlab R2018a.” Further, the processor carried out in this work is “11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40 GHz 2.42 GHz”, while the system boasted a total installed RAM capacity of “16.0 GB,” with “15.7 GB” of this memory being available for use.
Dataset description
The dataset utilized in this work has been gathered from [29]. The Cleveland database is carried out for the implementation of the IoT-based healthcare system. Creating a website and using the Cleveland dataset’s IoT to store real-time health metrics on web server databases allows for remote patient healthcare monitoring. There are 303 instances in the collection, each with 76 attributes. Fourteen of the 76 available attributes are employed in this IoT-enabled healthcare system.
Attack analysis
The evaluation conducted a performance of both the proposed and traditional approaches, emphasizing various crucial factors including makespan, migration cost, response time, execution time, security, sensitivity to cryptographic keys, and susceptibility to several attack kinds, such as Chosen-Ciphertext Attack (CCA), Chosen-Plaintext Attack (CPA), Electronic Design Automation (EDA), Fault Injection Attack (FIA), and Known Plaintext Attack (KPA). Additionally, the suggested model was compared to conventional methods like ACO [23], PSO [19], ISSOA [31], and BOA [32], and a comparison assessment with more established techniques, such as Advanced Encryption Standard (AES), Blowfish, Rivest, Shamir, Adleman (RSA), Elliptic Curve Cryptography (ECC), Osprey Optimization Algorithm (OOA), Coati Optimization Algorithm (COA), Bald Eagle Search algorithm (BES), Tasmanian devil optimization (TDO) and Pelican Optimization Algorithm (POA).
Figure 5 depicts the evaluation of attacks conducted on the proposed lightweight authentication method within an SDN-based Edge Computing environment designed for IoT-enabled healthcare systems. In this evaluation, we compare the IECC method with AES, Blowfish, RSA, and ECC. We assess the performance of these methods across different attack categories, which encompass CCA, CPA, EDA, FIA, and KPA while varying the key sizes to 16 bits, 32 bits, 64 bits, and 128 bits. Furthermore, our analysis reveals that the IECC method consistently achieves the lowest attack ratings, demonstrating its effectiveness in providing robust lightweight authentication. Furthermore, the term CCA refers to a method of cryptographic analysis wherein a cryptanalyst can selectively select ciphertexts and extract decryption information from them. Furthermore, the IECC technique obtained the lowest CCA attack score of 0.114 when looking at a key size of 16 bits, while the traditional methods-particularly, AES at 0.149, Blowfish at 0.126, RSA at 0.137, and ECC at 0.135 – showed greater CCA attack scores. The proposed authentication model demonstrates resilience against CCA. By achieving lower rates, the proposed model ensures that even if the adversary manipulates ciphertexts, it remains challenging to extract sensitive information from them. In addition, a cryptanalysis attack known as a CPA occurs when an attacker obtains plaintext that matches particular ciphertexts. The goal of this attack is to locate information that could compromise the security of the data encryption system. In this case, it is good for the model to display lower CPA attack scores. Specifically, with a 64-bit key size, the IECC method recorded the minimal CPA attack rate of 0.187, demonstrating superior lightweight authentication performance when compared to AES, Blowfish, RSA, and ECC. The proposed model remains secure under CPA by achieving lower rates. CPA involves the adversary choosing plaintexts and obtaining their corresponding ciphertexts. Lower rates mean that the model’s encryption process remains unpredictable, thwarting the attacker’s attempts to exploit chosen plaintexts.
Attack evaluation on IECC and traditional schemes a) CCA b) CPA c) EDA d) FIA and e) KPA.
An EDA attack called a sniffing or passive wiretapping attack, provides a cybersecurity risk when an unauthorized person surreptitiously records and monitors communications between two authorized parties without the participant’s knowledge or agreement. Further, the IECC accomplished the lowest EDA of 0.168 at the key size of 128 bits, meanwhile, the AES is 0.175, Blowfish is 0.198, RSA is 0.231 and ECC is 0.216, respectively. Achieving lower rates in EDA attack analysis through the proposed authentication model enhances the security, reliability, and efficiency of data. FIA refers to a cybersecurity threat in which a hostile actor purposefully introduces anomalies or vulnerabilities into a gadget or system. The primary objectives are to compromise its security, obstruct regular operations, or divulge personal data. These kinds of attacks are used to find weak points in the system, assess how resilient it is to outside influences, or get unauthorized access to private data. Furthermore, when employing a 32-bit key size, the highest FIA attack rate is observed with the Blowfish and AES algorithms, indicating their susceptibility. Conversely, our IECC scheme demonstrates improved security, as it yields a lower FIA success rate of 0.149. The proposed authentication model’s ability to achieve lower rates in fault injection analysis offers cost savings, remote attack capabilities, and heightened security for various systems. In addition, A technique of cryptanalysis known as KPA analysis gives the attacker access to both the encrypted form (ciphertext) and the plaintext, which is commonly referred to as a “crib.” This degree of access can be used to find information that is hidden, such as code books and secret keys. Furthermore, the IECC strategy consistently exhibited the lowest KPA attack success rates among all key sizes, outperforming conventional strategies such as AES, Blowfish, RSA, and ECC. The proposed model maintains security against KPA. KPA assumes that the attacker knows specific plaintext-ciphertext pairs. By achieving lower rates, the model prevents the attacker from easily deducing the encryption key or other sensitive information. It follows that the IECC method improves the lightweight authentication technique while simultaneously increasing efficiency. This improvement can be attributed to the addition of an ILKM-based key management system and an enhanced encryption model.
The evaluation of key sensitivity in the IECCscheme is evaluated over AES, Blowfish, RSA, and ECC in Fig. 6a. To achieve efficient lightweight authentication, the model should produce the lowest possible key sensitivity scores. In order to do this analysis, a variety of key sizes – 16, 32, 64, and 128 bits – are used. Similarly, the IECC scheme yielded the minimal key sensitivity rate of 0.132 with a 32-bit key size, while conventional approaches exhibited higher key sensitivity rates, specifically, AES
Figure 6b provides insight into the evaluation of execution costs for the OACOA method is evaluated over OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19], focusing on achieving optimal load balancing. The primary objective is to reduce execution costs to achieve this balance effectively. This analysis is carried out by varying the number of edge servers, and testing scenarios with 20, 30, 40, and 50 servers. Mainly, the OACOA acquired the minimal execution cost at the 40th edge-server, surpassing the conventional strategies like OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19], respectively. Likewise, in all edge server setups, the OACOA technique consistently showed lower execution costs than the preceding methods. By showing noticeably lower key sensitivity and migration costs than previous approaches, the OACOA method beat them and provided compelling proof of its enormous promise for lightweight authentication in the context of SDN-based edge computing.
Analysis of OACOA and traditional approaches a) Key sensitivity and b) Execution cost.
Figure 7a and b illustrate a comparative analysis between the OACOA method and conventional approaches concerning execution time and response time, as the count of edge servers is adjusted. In the pursuit of optimal load balancing, the aim is to minimize both execution and response times. Similarly, the OACOA approach demonstrated the ability to reduce both execution and response times, ensuring optimal load balancing. At the 40th edge server, the OACOA method achieved an execution time of 145s, meanwhile, the OOA is 145s, COA is 168s, BES is 180s, TDO is 183s, POA is 171s, ACO [23] is 181s ISSOA [31] is 182 s, BOA [32] is 184 s, and PSO [19] is 185s, respectively. As indicated by Fig. 7b, the OACOA method outperformed conventional approaches in terms of response time. Notably, the OACOA method achieved the lowest response time of 1.735 seconds for the 20th edge server, while OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19] all recorded longer response times.
Analysis of OACOA and traditional approaches a) Execution time and b) Response time.
In Fig. 8a and b, we can observe the evaluation of makespan and security for optimal load balancing, comparing the OACOA scheme to OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19]. In the context of optimal load balancing, it is desirable to reduce the makespan while simultaneously enhancing security. When considering the edge-server 30, the OACOA scheme achieves a makespan of 385. Achieving maximum rates in makespan analysis through the proposed authentication model leads to streamlined workflows, faster execution, and resource-efficient systems. In contrast, OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19] exhibit lower makespan values, specifically, OOA
Analysis of OACOA and traditional approaches a) Makespan and b) Security.
A box plot, sometimes referred to as a box-and-whisker plot, is a useful visual aid in statistics. Its objective is to assess and graphically represent a dataset’s distribution properties. The box plot evaluation on OACOA over OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19] for optimal clustering is depicted in Fig. 9. Specifically, the evaluation focuses on the Migration Cost. Notably, the OACOA scheme achieves the lowest Migration Cost at 112, while OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19] exhibit significantly higher migration costs.
Box plot evaluation on migration cost.
Figure 10 presents a convergence analysis comparing the OACOA approach with conventional methods (OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19] across a range of iterations (0–25). Lowering cost rates and accelerating convergence are necessary for effective load balancing. Moreover, in the early iterations, the cost rates of both the OACOA and traditional techniques were rather low. Nevertheless, the cost values decreased even further as the iterations went on. It is important to note that, in comparison to the conventional ways, the OACOA strategy consistently maintained a lower cost rate. In particular, the OACOA method’s error value at the 25th iteration was 0.017, whereas conventional models like OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19] exhibited maximum cost values of 0.743, 0.748, 0.756, 0.758, 0.749, 0.759, 0.750, 0.784, 763, and 0.757, respectively. Hence, the enhancements made in the encryption method and the improved key management process pave the way for the OACOA solution to offer improved lightweight authentication in SDN edge computing.
Statistical analysis of migration cost
Statistical analysis of migration cost
Convergence study on OACOA and traditional schemes.
We carefully evaluate metaheuristic methods’ dependability in this particular setting. As a result, each method is put through a rigorous evaluation process to ensure that incredibly accurate calculations are produced. In our quest to reach this goal, we conduct a comprehensive assessment that involves analyzing crucial statistical parameters, including the variance, worst-case scenario, standard deviation, best-case scenario, and mean measures. When taken as a whole, these measures provide a thorough grasp of the efficacy and reliability of the studied tactics. Table 2 summarizes the statistical comparison of migration costs for lightweight authentication between the OACOA method and OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19]. In the worst-case measure, the OACOA scheme acquired a migration cost of 52.985, this is superior to OOA, COA, BES, TDO, POA, ACO [23], ISSOA [31], BOA [32], and PSO [19]. Thus, improved lightweight authentication in SDN edge computing is made possible by the OACOA solution thanks to the improvements made to the encryption technique and the key management procedure.
Tables 3 and 4 present a statistical analysis comparing the IECC method with AES, Blowfish, RSA, and ECC in terms of encryption and decryption times for achieving optimal load balancing. The number of times execution performed is four in the statistical evaluation of encryption time and decryption time. In the context of decryption time, the IECC scheme demonstrates exceptional performance, with a decryption time of 0.0005 under the best statistical metric. In comparison, AES has a decryption time of 0.2289, Blowfish records 0.0032, RSA stands at 0.0008, and ECC registers 0.0009, respectively.
Statistical analysis of encryption time
Statistical analysis of encryption time
Statistical analysis of decryption time
This paper proposed an innovative SDN-based edge computing in IoT healthcare systems Using IECC-based Lightweight authentication. The proposed work involved three major phases: (1) Lightweight authentication, (2) Collaborative edge computing, and (3) Job migration. In the lightweight authentication phase, ILKM was proposed among IoT devices and edge servers with IECC. The data encryption took place using IECC, in which the randomly generated data was encrypted. Here, the encryption was performed by two times. First, the information was enciphered by the private key that was generated from IECC; second, the information was enciphered by the master key created from the proposed Lightweight key management scheme. Further, collaborative edge computing was performed, wherein the load balancing was optimized to schedule the patients’ data in the edge server. This work proposed an OACOA strategy for optimal load balancing and this strategy was the combination of OOA and COA. Then, the job migration took place, where it checked the capacity of the edge server with the data in the IoT device. If the scheduled data exceeded the potential of the edge server, then it migrated the data to other subsequent edge servers by taking account of migration cost computation. We assess the performance of these methods across different attack categories, which encompass CCA, CPA, EDA, FIA, and KPA while varying the key sizes to 16 bits, 32 bits, 64 bits, and 128 bits. Furthermore, our analysis reveals that the IECC method consistently achieves the lowest attack ratings, demonstrating its effectiveness in providing robust lightweight authentication. the IECC technique obtained the lowest CCA attack score of 0.114 when looking at a key size of 16 bits, while the traditional methods showed greater CCA attack scores particularly, AES at 0.149, Blowfish at 0.126, RSA at 0.137, and ECC at 0.135. the IECC model yielded the minimal key sensitivity rate of 0.132 with a 32-bit key size., while conventional approaches exhibited higher key sensitivity rates, specifically, AES
