HIBAF: A data security scheme for fog computing

Abstract

Fog computing complemented cloud computing integration services in the Internet of Things (IoT) and the web of real-time interactivity. Fog offers faster computing and other services facilities sitting close to user applications. However, secure data transfer in the fog is still a challenging issue requiring attention and efficient deployment of a secure data security scheme. We present an Identity Based Encryption (IBE) scheme to secure data security and transmission in fog clouds and IoT ecosystems. We devise and develop a four-level Hierarchical Identity Based Architecture for Fog Computing (HIBAF) data security scheme to enhance data security. We also analyze the system’s performance regarding response time, CPU utilization, run-time encryption-decryption, and key generation time in the fog computing paradigm to an increasing number of users data-loads. Moreover, we evaluate our scheme and compare the outcomes with different cryptography structures to discern our scheme’s effectiveness. Furthermore, we also evaluate secret key updating time, re-encrypted key updating time, and file revoking time by launching DDoS attacks both in the cloud and fog computing environment to compare improvements of HIBAF in the fog computing paradigm. Finally, through this overall evaluation, we have found that the developed HIBAF scheme provides a 33% performance enhancement in a fog environment in terms of data processing, provision, and management compared to the cloud environment.

Keywords

Fog computing cloud computing data security identity based integration cryptographic scheme

1. Introduction

Fog computing is a closer cloud concept that can offer computing, infrastructure, storage facilities in distributed environment-friendly locations between the cloud data center and Internet of Things (IoT) devices. Fog computing popularity increases due to its effectiveness in Fog IoT echo systems. It offers close to end-users, fault tolerance, supporting device heterogeneity, and seamless interactions. Fog reduces the application execution time on the cloud and provides a smart computing platform close to the user to enhance the effectiveness and limit the quantity of information within the cloud. The IoT and fog computing share exceptional coupling measures. However, Fog computing security challenges are a significant challenge for IoT platforms and ecosystems. Therefore, several security issues in fog computing require attention and appropriate solutions to limit data theft, man-in-the-middle attacks, and unauthorized access alongside maintaining data integrity [1].

According to the National Institute of Standards and Technology (NIST) [2], “Fog computing is a horizontal, physical, or digital useful resource paradigm that resides between clever end-devices and typical cloud computing and information centers. This paradigm helps vertically-isolated, latency-sensitive functions with the aid of providing ubiquitous, scalable, layered, federated, and allotted computing, storage, and network connectivity”. A consequence of NIST, the Cisco community [2,4], also states that “Fog Computing refers to extending cloud computing to the community area, which facilitates the operation of computation, storage, and networking offerings between end gadgets and cloud computing data centers”. Figure 1 represents the Fog paradigm in the Cloud-IoT ecosystems.

Fig. 1.

Fog paradigm in the cloud-IoT ecosystem.

Cloud Computing is a computing paradigm that gives corporations a progressive enterprise model to undertake IT services with upfront commitments. It is the on-demand delivery of various IT offerings with pay-as-you-go pricing via a cloud services platform furnished over an internet connection. Effective firewalls are essential to managing the high quantity of exposed data. Moreover, transportation costs in cloud computing can be very high. Fog computing is equipped with remarkable characteristics to overcome these challenges [2] of cloud computing as shown in Table 1.

Table 1

Fog can help to overcome the challenges of cloud

No.	Challenges of cloud	How fog can help
1.	Required critical latency	Less hops, fewer loads
2.	Rich data mobility	Optimal data location, local caches
3.	Geographic diversity	Intelligence localized as appropriate
4.	Network constraints	Local processing reduces core network load
5.	Reliability or robustness	Quick fault tolerance support, emergency local response
6.	Analytics challenges	Analytics and storage at the right level
7.	User data or geographic privacy	Fog can anonymize or aggregate user data

With the increasing quantity of sensitive records worldwide, system hacking, data theft, and security breach are significant concerns and threats to the computing world. To tackle these attacks is a challenging task. Attackers can steal private data and access credentials through the internet, websites, and mobile devices’ careless use. Especially in the fog, cloud, and IoT echo system, this security concern is a rising issue. In such a distributed environment, hackers and malicious attackers can exploit these opportunities and steal essential data in fog cloud systems. Therefore, our purpose is to present the HIBAF dat security scheme to provide a four-layer security system in the fog cloud network.

Identity-Based Cryptography (IBC) is a well-known approach for any identifiable data used as a public key to affords a certificate-free security strategy [4]. Our HIBAF scheme essentially proposed fog for cloud IoT environments to reduce the key-generation price by lowering the overload on the root Private Key Generator (PKG). It also replicates the root PKG to slave PKGs on every level. This scheme additionally helps to supports the concept of working without the Public Key Directories (PKDs). Moreover, HIBAF ensures less useless halts and neighborhood processing time.

Fog computing confined safety certifications and measurements to define uses decoy technology and Ciphertext Policy-Attribute Based Encryption (CP-ABE) within a service-oriented architecture, which creates unnecessary overheads and bandwidth consumption. An asymmetric key-based encryption scheme named Advanced Encryption Scheme (AES) has primarily problem of a key leakage threat. The firewalls must be effective for the fog cloud ecosystem to control the significant amount of data. Maintaining such an excessive volume of information and transportation latency in the cloud is challenging. We still have several issues, such as system hacking threat, data security, and unauthorized access to fog computing. We, therefore, motivated by all these challenges and influenced to enforce a four-level hierarchy of HIBE, in which the fog offloads the application excution tasks on the cloud and gives faster response and fault tolerence support during information processing and transmission to fog cloud IoT ecosystem.

To address the fog paradigm’s security issues, we devise and implement a four-level HIBAF security scheme architecture1

Enhancement of our presented idea in Springer Conference on Computational Intelligence, 2020, Algorithms for Intelligent Systems. Singapore.

[15] based on encryption and decryption techniques employing small key sizes. We solely generate each of the lower security levels from our scheme’s upper level’s security scheme. Moreover, each node generates the secret keys randomly. Therefore, disclosure of any levels’ secrecy does not affect the other levels’ secrecy. It is secure against collusion attacks. We have evaluated DDoS attacks to evaluate the performance. Our new scheme is a comparatively, more secure scheme in key management procedures compared to the existing schemes.

The primary contributions of our work are as follows:

We design a four-level hierarchy to provide four-layered security in the fog cloud IoT ecosystem.

We implement a data security scheme through the HIBAF scheme to prevent data theft.

We evaluate our cryptographic scheme to compare with other scheme’s in terms of performance and security.

In Table 2, we have listed some of the abbreviations which are frequently used in this paper.

Table 2

List of abbreviations

ABAC	Attribute Based Access Control
ABC	Attribute Based Cryptography
ABE	Attribute Based Encryption
AES	Advanced Encryption Scheme
ASAS	Anonymous and Secure Aggregation Scheme
AVISPA	Automated Validation of Internet Security Protocols and Applications
BDH	Bilinear Diffie–Hellman
CASK	Conditional Authentication and Session Key
CO-MAACS	Verifiable Outsourced Multi Authority Access Control Scheme
CP-ABE	Ciphertext Policy Attribute Based Encryption
CSP	Cloud Service Provider
D2D	Device to Device
DDoS	Distributed Denial of Service
DR	Demand Response
ECC	Elliptic Curve Cryptography
EHR	Electronic Health Record
EMR	Electronic Medical Record
FSDN	Fog Software Defined Networks
FSDR	Fog Computing-enabled Secure Demand Response
HACC	Hierarchical Architecture for Cloud Computing
HIBAF	Hierarchical Identity Based Architecture for Fog Computing
HIBE	Hierarchical Identity Based Encryption
IBC	Identity Based Cryptography
IBE	Identity Based Encryption
IBEET	Identity Based Encryption with Equality Test
IBS	Identity Based Signature
IoE	Internet Of Energy
LAAP	Lightweight Anonymous Authentication Protocol
LPDA	Lightweight Privacy-preserving Data Aggregation
MANET	Mobile Adhoc Network
MobiCoRE	Mobile Device Based Cloudlet Resource Enhancement
PCS	Public Cloud Server
PKD	Public Key Directory
PKEET	Public Key Encryption with Equality Test
PKG	Public Key Generation Center
QoS	Quality of Service
ROR	Real-or-Random
SAKA-FC	Secure Key Management and User Authentication Scheme for Fog Computing
SDN	Software Defined Networks
STSs	Smart Transportation Systems
SZRP	Secure Zone Routing Protocol
TCP/IP	Transmission Control Protocol/Internet Protocol
URL	Uniform Resource Locator
V2B	Vehicle to Base Stations
V2I	Vehicle to Infrastructure
V2V	Vehicle to Vehicle
VANETS	Vehicular Adhoc Networks
XOR	Exclusive OR

The rest of the paper is organised as follows: Section 2 provides a literature survey. Then, Section 3 illustrates the methodology with new mathematical model. Section 3.5 discusses security analysis. Section 4 analyzes the performance. Section 5 discusses the advantages, limitations, functions and future work associated with our new scheme. Finally, Section 6 concludes the paper.

2. Related work

In this section, we discuss the existing relevant security issues in the fog cloud computing ecosystem.

Aazom et al. [1] discussed and investigated fog computing and Software Defined Network (SDN) based on a three-level security architecture. They monitored data safety by investigating a man-in-the-middle attack and identified the CPU’s key points and memory consumption on fog devices. This work provided advantages of reduced power consumption and unnecessary communications delay as well as reducing burdens on the cloud. However, due to data being pre-processed and trimmed, sometimes useful data may be deleted from the original data.

Al Hamid et al. [2] illustrated a bilinear pairing cryptography-based model to secure the Electronic Medical Record (EMR) of patients. They proposed a tri-party one-around authenticated key agreement protocol that generates a session key for securing communication among the participants. Alotaibi et al. [4] lodged a novel architecture using a combined attribute-based and proxy re-encryption scheme for information sharing in fog computing. Another cryptographical approach, Attribute-Based Encryption (ABE), had been carried out in fog computing by Alrawais et al. [5] where the authors proposed a Ciphertext-Policy Attribute-Based Encryption (CP-ABE) algorithm and digital signatures to set up a secure conversation in the fog. The proposed scheme by Alrawais et al. [5] was more efficient and feasible compared to the certificate-based schemes, which also reduces the transmission cost. However, this approach provided higher computation overheads and increased delays during communication. Alshiky et al. [6] initiated an Electronic Health Record (EHR) Attribute-Based Access Control (ABAC) algorithm for fog computing environments to forestall unauthorized access and serve one of a kind customers via ABAC into the EHRs. This scheme on an attribute-based framework where users were accredited to authenticate in the fog.

Arij et al. [7] employed a Conditional Authentication and Session Key (CASK) establishment algorithm, which combines ECC and one-way hash functions for a fog-assisted social IoT environment. Their proposed scheme established the authentication session key [8] through users’ profile matching [9] [10]. Their scheme increased social awareness and reduced computation overheads. Notifying the issues over internet security, Abebe Diro et al. [11] generated a lightweight public-subscribe protocol through using Elliptic Curve Cryptography (ECC). Their analytical proofs and results showed an efficient security enhancement while checking existing internet protocols, namely Diffie–Hellman [10]and RSA. Dong et al. [12] suggested a mixed Elliptic Curve Cryptography (ECC) and a decoy technology to inhibit data theft assaults in a fog platform. Their scheme provided advantages of bandwidth savings, faster implementations, and the use of a small key. Dsouza et al. [13] created a policy-based security administration of sources in the fog computing platform. The authors leveraged an exemplary use-case as Smart Transportation Systems (STSs) to recognize diverse necessities for the fog computing paradigm.

Fan et al. [14] proposed a verifiable Outsourced Multi-Authority Access Control Scheme (CO-MAACS) to supply data access control in fog-cloud computing. Their proposed scheme outsourced the encryption and decryption algorithms to fog devices. Gope et al. proposed a Lightweight Anonymous Authentication Protocol (LAAP) using the one-way function and exclusive-OR (XOR) operations [15] in a D2D-aided fog computing environment [17]. Their proposed protocol reduced the computational overhead. Huang et al. [19] proposed an Attribute-Based Cryptography (ABC) scheme where confidential data was encrypted based on multiple policies of users, and ciphertext was updated using an attribute-based signature scheme. This scheme was secured against known attacks and required a constant time for several computational operations. However, the method needed a token vault management device, which was quite costly in fog environments. Jiang et al. [20] recommended a Stand-Alone Authentication Scheme with Attribute-Based Encryption for offering security in a large and dynamic system. The authors maintained access management policy via CP-ABE and eliminated the ‘key-delegation abuse’ requirement in a fog environment.

Many researchers have been working to protect shared information from unauthorized access to ensure data safety. Kahvazadeh et al. [21] proposed an SDN-based safety infrastructure to furnish in a blended security towards fog-to-cloud environment. Their proposed structure leveraged the cloud with a centralized controller and the fog with various distributed controllers. Their scheme decreased the opportunity for man-in-the-middle attacks in a fog-to-cloud environment. Li et al. [22] developed a security scheme, especially for the cloud authentication process. Their developed scheme was measured across some dedicated wireless sensor-based cloud orchestrations. Gaolei Li et al. [23] nominated a Fog Computing-enabled Secure Demand Response (FSDR) scheme on the Internet of Energy (IoE) paradigm which was based on consensus and access control encryption methods. Their proposed FSDR scheme worked against collusion attacks. They used a simulated annealing-based consensus algorithm to verify the Demand Response (DR) strategies and energy states with homomorphic operations. Delay efficient security management for cloud computing; a three-level HIBE hierarchy was generated by Li et al. [24].

Lu et al. [26] initialized a Lightweight Privacy-preserving Data Aggregation (LPDA) scheme, which was used in an enhanced IoT based fog computing environment. They employed a combined homomorphic Paillier encryption, Remainder Theorem, and one-way hash techniques with a view to aggregating data from hybrid IoT devices into single data and thereby rejecting malicious data at the edge. Sha Ma et al. [27] articulated an algorithmic scheme with the combination of IBE. They named it identity based encryption with equality test (IBEET) algorithmic scheme. This algorithm worked with a combination of public-key encryption equality tests and identity-based encryption. The IBEET scheme checked the equality test through a trapdoor function coupled with a known identified secret value towards a cloud server. The test of equality was made through exchanging ciphertexts. In this scheme, the trapdoor identity was known by the user. As a result, the client-side did not need to check in the cloud for central authorization access. The One Way Chosen Cipher Text Against a Chosen Identity Attack with bi-linear pairing made the scheme efficient in using lower latency and fewer time delays. IBEET, independent of global authorization access, showed the results in terms of Public Key Encryption With Equality Test (PKEET) and Identity Base Encryption (IBE). Mozumder et al. [28] investigated and analyzed some protection breaches and threats in a cloud environment and tested some efficient prevention mechanisms against these threats. Mukherjee et al. [29] designed and implemented a flexible IoT middleware for cloud-fog communications. They used ‘Session Redemption’ and ‘Optimal Scheme Decider’ algorithms to reuse recent encrypted sessions and select the best possible end-to-end communication scheme.

Hassan Noura et al. [30] delivered a dynamic key-dependent approach based on the cryptographic architecture in this work. This algorithmic model combined both the AES-GMAC operation within fog carrier to provide confidentiality, authenticity, availability from source to destination hops. The encryption and authentication process was done using a pseudo-random fashion. Choosing an arbitrary node k from n neighbors of fog is a challenging task due to heterogeneous data flow. This scheme’s behavior puzzled the attackers, and they must need to decrypt a single node k from n neighboring nodes. However, the performance analysis of this exhibits an effective result for maximum robustness and efficacy. Parikh et al. [31] listed all the security and privacy issues in three different paradigms- cloud, fog, and edge computing. However, the authors did not suggest any solutions against these security issues. Rahman et al. [32] proposed a Secure Zone Routing Protocol (SZRP) through coupling with a 256-bit iterative salted hashing scheme for a MANET environment. Roman et al. [33] illustrated a comprehensive survey about security issues [34] in fog convincing edge paradigms. They also enlisted mobile edge services as a potential helper for the fog computing orchestrations in low latency, jitter buffer, vehicular context support, and mobility management.

Schridde et al. [35] presented an identity-based technique in cloud computing. They regarded the carrier URL as the ID for a public key of the user. They furnished a solution to overcome the difficulties of certificate-based methods. This approach provided advantages of flexibility and easier certificate-based security and reduction of loads on the cloud. The IBC scheme was also applied in cloud computing by Schridde et al. and Li et al. The IBC term was first postulated and suggested by Adi Samir in 1984 [36]. A five-layer architecture, [37] of smart gateway-based verbal exchange in fog computing, [38] by using integrated Internet of Things (IoT) devices that were driven through cloud computing generalized by Stojnemovic et al. [39]. In their proposed scheme, the records were pre-processed and trimmed before they were transmitted to the cloud. This approach reduces energy consumption and unnecessary communications, which reduces the burdens on the cloud’s core community. However, no efficient mathematical model was provided, and this approach was impractical for real-time implementations. Moreover, Vishwanath et al. [40] used symmetric-key cryptography exchange, e.g., Advanced Encryption System (AES) applied in fog computing. In that development, the sender and receiver used the same key for encrypting and decrypting. However, the generated length of the key chosen by Vishwanath and their team is minimal and which had a good risk while mitigating with third party intruder interventions. Wang et al. [41] preferred an anonymous and secure aggregation scheme (ASAS) in a fog-based cloud environment. Through this ASAS scheme, a large quantity of bandwidth could be saved between a PCS and the fog nodes. The authors used an elliptic-curve public key-based cryptography scheme and Castagnos-Laguiallaumie cryptosystem for signature, encryption, and aggregation.

Wang et al. [42] articulated a privacy-preserving and guilty authentication protocol for IoT end-devices, which was primarily based on weaker identities. The author intended to grant five QoS necessities, security, efficiency, privacy preservation, accountability, and dynamic eliminations to the system. The prevalence protocol as a public service for the IoT, edge, and fog computation relies on Message Queue Telemetry Transport (MQTT) and Advanced Message Queuing Protocol (AMQP). Considering efficient response times within fog and edge these protocols lacks in performing proper security mechanism on time. Wazid et al. [43] employed a Secure Key Management and User Authentication Scheme for Fog Computing (SAKA-FC), which used a combination of a lightweight one-way cryptographic hash functions and bitwise Exclusive-OR (XOR) operations. They analyzed the security of the SAKA-FC scheme using the Real-Or-Random (ROR) model. They implemented the SAKA-FC scheme in the NS2 simulator and used the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to verify formal and informal security. Whaiduzzaman et al. proposed a computerized software program scripting model on a Cloud Service Provider (CSP) to measure security [44]. Using this scheme, the authors measured the protection energy and fault tolerance ability in CSP.

Whaiduzzaman et al. [46] developed an environment-friendly MobiCoRE- IoT device based resource enhancement using the birth-death Markov chain model, which furnished performance enhancement in cloudlet resource constraint environment. Zhang et al. [49] presented a survey in fog computing, where the authors analyzed several security measures, challenges, and trust issues in the fog computing paradigm. They also listed some new challenges, research trends, and future topics [3,16] in the fog computing paradigm’s security [25,34,37,45,47].

IBE does not require any additional PKD, which reduces the useless storage capacity [48] and complexity by providing better performance [18]. However, some recent works have used decoy technology and CP-ABE [5] [20] techniques to supply integrated securities in fog communication. Li et al. [24] propounded an Identity-Based Encryption (IBE) and an Identity-Based Signature (IBS) scheme in a Hierarchical Cloud Computing Architecture (HACC). This approach limits the performance delays and complexity to the system. However, symmetric-key cryptography, e.g., Advanced Encryption System (AES), by Vishwanath et al. [40] has shown improvements through IBC in terms of Fog security evolution.

We have several research works that have been proposed to date to fix the secure data transmission in the cloud and fog networks. However, most of the works face either performance or efficiency issues in different scaled networks. Therefore, we provide a novel security scheme for fog computing that is equally efficient and ensures an enhanced level of secure data transmission.

3. Methodology

In this section, we discuss the concept of IBC and how it works. We also discuss bilinear pairing and its several properties. We also describe the evolved four-level HIBAF scheme, necessary parameters, level-setup, and algorithms. At the end of this section, we analyze the security parameters of the developed scheme.

3.1. Identity based cryptography

In the IBC scheme, Adi Shamir initiated an asymmetric cryptography model to use its unique identity as the public key. The enterprise systems and organizations are shifting towards the fog.Therefore, fog security and data transmission are receiving much attentation. Therefore, We motivated to provide secure data communication to users with IBE data security.

The unique identity of the user is used as a public key in the IBE scheme. The user’s name, email address, mobile number and bio-metric can be treated as a unique identity. However, we should convert the identity into a binary {0,1} string. Hence, an IBC scheme consists of four steps.

Setup Phase: In this stage, a set of parameters are shared through a trusted Public Key Generation Server. We should set the parameters as the public. The private master key is generated is only known to the Public Key Generation (PKG). $\begin{matrix} (1) & Setup ⟶ (params, MK) \end{matrix}$

Extraction Phase: In this phase, the PKG generates the secret key ${SK}_{i}$ of user i using the ${ID}_{i}$ of the user and the master secret key $MK$ . Here, $ID \in {0, 1}^{*}$ . $\begin{matrix} (2) & {SK}_{i} ⟵ Extract (params, {ID}_{i}, MK) \end{matrix}$

Encryption Phase: The sender encrypts the file of data M using the unique ${ID}_{i}$ of the receiver i and generates a ciphertext C. $\begin{matrix} (3) & C ⟵ Encrypt ({ID}_{i}, M) \end{matrix}$

Decryption Phase: The receiver decrypts the ciphertext C using the secret key ${SK}_{i}$ generated by the PKG and gets the plaintext M, in this stage. $\begin{matrix} (4) & M ⟵ Decrypt (C, {SK}_{i}) \end{matrix}$

The above, Fig. 2 depicts a broad framework of encryption and decryption that enabled IBE for working in a fog computation. In this case, if a message redirects from a sender to receiver i through the fog server, the Identity Based Encryption and Decryption help the plaintext to encrypt with the ID of receiver i. During the decryption, the secret key $SK$ of receiver i is generated with the PKG’s aid using the ${ID}_{i}$ of receiver i.

Fig. 2.

The generic secured architecture for fog computing development.

3.2. Preliminaries

This section has generated and modeled the concept of a bilinear pairing and their different properties. Let $G_{1}$ be an added cyclic accompaniment group of prime order p and $G_{2}$ be a multiplicative cyclic group of the equivalent prime order p. We may tell the function $\hat{e}$ as a permissible bilinear pairing $\hat{e} : G_{1} X G_{2} ⟶ G_{2}$ which obligates the below stated holdings:

Bilinearity: For all $(X, Y) \in G_{1}$ and all $a, b \in Z_{p}^{*}$ we get, $\begin{matrix} \hat{e} (a X, b Y) = \hat{e} {(X, Y)}^{a b} . \end{matrix}$

Non-degeneracy: There occurs $(X, Y) \in G_{1}$ implies $\begin{matrix} \hat{e} (X, Y) = 1 . \end{matrix}$

Computability: For all $(X, Y) \in G_{1}$ , there occurs a well ordered algorithm to enumerate $\hat{e} (X, Y) \in G_{1}$ .

3.3. Identity-based hierarchical architecture for fogging

We have developed the scheme based on Li et al.’s work [24]; they maneuvered a three-level hierarchical secured architecture for cloud computing. In this work, we have modeled the previous architecture and originated a four-level secured hierarchical architecture. The new security level is attached as extra protection towards the fog layer. From Fig. 3, the developed (HIBAF) architecture is incorporated with four-layered security bases. At first, the Level-0, an altitude base of the developed scheme, communicates with Root PKG. Level-1 correlates to sub-PKGs, where every node represents themselves as an information carrier. Level-2 symbolizes the sub-PKGs of Level-1. In Level-1, every node indicates and performs as a data center(e.g., a fog service provider in a fog environment). Across a top to bottom level hierarchies, the (Level-4) relates to the fog layer users. Every node in each level has a unique identifier (ID). For instance, if the unique ID of the topmost node is ${ID}_{Root}$ , node $C_{2}$ in Level-1 is ${ID}_{C_{2}}$ , node $F_{2}$ in Level-2 is ${ID}_{F_{2}}$ and node $U_{n}$ in Level-3 is ${ID}_{U_{n}}$ , then we may delineate the identities of each node with a string concatenation relationship from the root or topmost node to the bottom node.

Fig. 3.

The fog computing identity based hierarchical architecture.

Therefore, the mathematical relationship surrounded by the ID of each node in every level shows as below following:

In Level-0, $\begin{matrix} (5) & {ID}_{N | 0} = {ID}_{Root} \end{matrix}$

In Level-1, $\begin{matrix} (6) & {ID}_{N | 1} = {ID}_{Root} ∥ {ID}_{C_{2}} \end{matrix}$ (depicting node $C_{2}$ from Level-1).

In Level-2, $\begin{matrix} (7) & {ID}_{N | 2} = {ID}_{Root} ∥ {ID}_{C_{2}} ∥ {ID}_{F_{2}} \end{matrix}$ (depicting node $F_{2}$ from Level-2).

In Level-3, $\begin{matrix} (8) & {ID}_{N | 3} = {ID}_{Root} ∥ {ID}_{C_{2}} ∥ {ID}_{F_{2}} ∥ {ID}_{U_{n}} \end{matrix}$ (depicting node $U_{n}$ from Level-3).

Described above, ‘∥’ represents a relationship of concatenation among string or ID’s. Following the relation-wise rules, the node identities of each in every level calculates in a pair-wise fashion. Table 3 and Table 4 shows the parameter sets along with the description carried by the developed HIBAF scheme.

Table 3

HIBAF parameter set I

Set of parameters	Symbols
List of parameters shared through a trusted PKG	$params$
Master Secret Key	$MK$
Public Key of user i	${ID}_{i}$
Secret Key of user i	${SK}_{i}$
Ciphertext	C
Plaintext	M
Cyclic additive group of prime order p	$G_{1}$
Cyclic multiplicative group of prime order p	$G_{2}$
Random Number Generator of prime order p	$Z_{p}^{*}$
Bilinear Pairing	$\hat{e}$
Hash Algorithm 1	$H_{1}$
Hash Algorithm 2	$H_{2}$
ID of Level-0	${ID}_{N \| 0}$
ID of Level-1	${ID}_{N \| 1}$
ID of Level-2	${ID}_{N \| 2}$
ID of Level-3	${ID}_{N \| 3}$
ID of Root	${ID}_{Root}$
ID of $C_{2}$	${ID}_{C_{2}}$
ID of $F_{2}$	${ID}_{F_{2}}$
ID of $U_{n}$	${ID}_{U_{n}}$

Table 4

HIBAF parameter set II

Set of parameters	Symbols
Public Key of Root	$X_{0}$
Public Key of node $C_{2}$	$X_{C_{2}}$
Public Key of node $F_{2}$	$X_{F_{2}}$
Public Key of node $U_{n}$	$X_{U_{n}}$
Secret Key of Root	$S_{0}$
Secret Key of node $C_{2}$	$S_{C_{2}}$
Secret Key of node $U_{n}$	$S_{U_{n}}$
Y-value of Root	$Y_{0}$
Y-value of node $C_{2}$	$Y_{C_{2}}$
Y-value of node $F_{2}$	$Y_{F_{2}}$
Y-value of node $U_{n}$	$Y_{U_{n}}$
Secret element of $C_{2}$	$ρ_{C_{2}}$
Secret element of node $F_{2}$	$ρ_{F_{2}}$
Secret element of node $U_{n}$	$ρ_{U_{n}}$
$ID$ of node $U_{1}$	${ID}_{U_{1}}$
$ID$ of node $U_{2}$	${ID}_{U_{2}}$
Public Key of node $C_{1}$	$X_{1}$
Public Key of node $F_{1}$	$X_{2}$
Public Key of node $U_{2}$	$X_{3}$
Secret element for message encryption ( $U_{1}$ → $U_{2}$ )	r

The fulfillment of the above-stated model requires six various steps:

Root (Level-0) PKG Setup, Mid-Level (Level-1) Setup, Lower-Level (Level-2) Setup, User-Level (Level-3) Setup, Encryption, and Decryption.

3.3.1. Root level setup

The Root PKG works as follows.

Generates two groups $G_{1}$ , $G_{2}$ of the same prime order p and an admissible pairing: $\begin{matrix} \hat{e} : G_{1} X G_{2} ⟶ G_{2} . \end{matrix}$

Chooses two cryptography hash functions, $\begin{matrix} H_{1} : {0, 1}^{*} \in G_{1} and H_{2} : G_{2} \in {0, 1}^{k} for some k . \end{matrix}$

Adopts an arbitrary set $S_{0} \in Z_{p}^{*}$ and sets to $X_{0} = H_{1} ({ID}_{Root})$ and $Y_{0} = S_{0} X_{0}$ .

The root PKG’s major unknown key is

S_{0}

, known only by the Root PKG and parameters of the system are

(G_{1}, G_{2}, \hat{e}, H_{1}, H_{2}, X_{0}, Y_{0})

remains as public towards the beneath level PKGs.

3.3.2. Mid-level setup

Let us consider, Level-1 consists of n nodes. In every node of Level-1, the root PKG accompanies with the below steps. Here, we have procured an haphazard node $C_{2}$ among the n nodes for lucidity.

At first, reckon the public key of node $C_{2}$ through $\begin{matrix} X_{C_{2}} = H_{1} ({ID}_{C_{2}}), \end{matrix}$ where ${ID}_{C_{2}} = {ID}_{Root} ∥ {ID}_{C_{2}}$ .

place the secret key of node $C_{2}$ : $\begin{matrix} S_{C_{2}} = S_{0} X_{C_{2}} . \end{matrix}$

Determine the secret element $ρ_{C_{2}} \in Z_{p}^{*}$ for node $C_{2}$ . In here, $ρ_{C_{2}}$ is known only to node $C_{2}$ and the root PKG.

Define the Y-value: $Y_{{ID}_{C_{2}}} = ρ_{C_{2}} X_{0}$ .

After completing the four steps successfully, in Level-1 all n nodes will get their secret elements and secret keys for keeping them as secret. The secret keys are known only to the individual nodes and the root PKG. The Y-value and public key are exposed.

3.3.3. Lower-level setup

. Let us assume that, the Level-2 exists with n nodes. In this section, $F_{2}$ supports as a child node of $C_{2}$ . For every child node (e.g.: $F_{2}$ ) in Level-2, the parent node describes as (e.g.: $C_{2}$ ) and follows:

Firstly, determine the public key of node $F_{2}$ through generating $\begin{matrix} X_{F_{2}} = H_{1} ({ID}_{F_{2}}); \end{matrix}$ where ${ID}_{F_{2}} = {ID}_{Root} ∥ {ID}_{C_{2}} ∥ {ID}_{F_{2}}$ .

Define the secret key of node $F_{2}$ : $\begin{array}{l} S_{F_{2}} & = S_{C_{2}} + ρ_{C_{2}} X_{F_{2}} \\ = S_{0} X_{C_{2}} + ρ_{C_{2}} X_{F_{2}} . \end{array}$

Adopt the secret key-element $ρ_{F_{2}} \in Z_{p}^{*}$ for node $F_{2}$ . In here, $ρ_{F_{2}}$ is known only to node $F_{2}$ and the connected parent node $C_{2}$ .

Determine the Y-value: $Y_{{ID}_{F_{2}}} = ρ_{F_{2}} X_{0}$ .

After generating the above four steps successfully, in Level-2 all n nodes will get their secret elements and secret keys for keeping them as secret. The secret keys are known only to the individual nodes of their parent nodes. The Y-value and the public key are published.

3.3.4. User-level setup

. Suppose that, for n there are j child nodes consist of $F_{2}$ . In Level-3; they correlate with each user. The parent node $F_{2}$ for every child node works as below. Here, we check out node $U_{n}$ as an unpredictable child node of node $F_{2}$ .

Firstly, determine the public key of node $U_{n}$ through generating $\begin{matrix} X_{U_{n}} = H_{1} ({ID}_{U_{n}}), \end{matrix}$ where ${ID}_{U_{n}} = {ID}_{Root} ∥ {ID}_{C_{2}} ∥ {ID}_{F_{2}} ∥ {ID}_{U_{n}}$ .

Define the secret key of node $U_{n}$ : $\begin{array}{l} S_{U_{n}} & = S_{F_{2}} + ρ_{F_{2}} X_{U_{n}} \\ = S_{0} X_{C_{2}} + ρ_{C_{2}} X_{F_{2}} + ρ_{F_{2}} X_{U_{n}} . \end{array}$

Adopt the secret key-element $ρ_{U_{n}} \in Z_{p}^{*}$ for node $U_{n}$ . Here, $ρ_{U_{n}}$ is known only to node $U_{n}$ and the connected parent node $F_{2}$ .

Determine the Y-value: $Y_{{ID}_{U_{n}}} = ρ_{U_{n}} X_{0}$ .

After generating the above four steps for every node successfully, in Level-3; all nodes will get their secret elements and secret keys for keeping them as secret. The secret keys are known only to the individual nodes of their parent nodes. The public key and the Y-value are exposed.

3.3.5. Encryption

Assume that $U_{1}$ and $U_{2}$ are two users in fog level. Their child node $C_{1}$ whose parent node is $F_{1}$ . If, user $U_{1}$ desires to forward a message to user $U_{2}$ . The user identities of $U_{1}$ and $U_{2}$ will act as below: $\begin{array}{l} {ID}_{U_{1}} = {ID}_{Root} ∥ {ID}_{C_{1}} ∥ {ID}_{F_{1}} ∥ {ID}_{U_{1}} \\ {ID}_{U_{2}} = {ID}_{Root} ∥ {ID}_{C_{1}} ∥ {ID}_{F_{1}} ∥ {ID}_{U_{2}} . \end{array}$

To encrypt message m with ${ID}_{U_{2}}$ , the user $U_{1}$ works around these steps:

Compute $\begin{array}{l} X_{1} = H_{1} ({ID}_{Root} ∥ {ID}_{C_{1}}) \\ X_{2} = H_{1} ({ID}_{Root} ∥ {ID}_{C_{1}} ∥ {ID}_{F_{1}}) \\ X_{3} = H_{1} ({ID}_{Root} ∥ {ID}_{C_{1}} ∥ {ID}_{F_{1}} ∥ {ID}_{U_{2}}) . \end{array}$

Chooses a random $r \in Z_{p}^{*}$ .

Outputs the ciphertext $\begin{matrix} C = ⟨ r X_{0}, r X_{1}, r X_{3}, H_{2} (g^{r}) \oplus m ⟩ \end{matrix}$ where, $g = \hat{e} (Y_{0}, X_{2})$ .

3.3.6. Decryption

After generating the ciphertext $C = ⟨ P_{0}, P_{1}, P_{2}, V ⟩$ , user $U_{2}$ may decrypt the ciphertext C through its secret $\begin{matrix} S_{U_{2}} = S_{0} X_{1} + ρ_{1} X_{2} + ρ_{2} X_{3} \end{matrix}$

Here, $ρ_{1}$ is the secret spot of node $F_{1}$ and node $C_{1}$ , whereas $ρ_{2}$ is the secret spot of node $U_{2}$ and node $F_{1}$ respectively.

Compute $\begin{matrix} d = \hat{e} (P_{0}, S_{U_{2}}) / \prod_{i = 2}^{3} \hat{e} (Y_{{ID}_{U_{2} | i}}, P_{i - 1}) \end{matrix}$ where $Y_{{ID}_{U_{2} | 2}} = ρ_{1} X_{0}$ , $Y_{{ID}_{U_{2} | 3}} = ρ_{2} X_{0}$ .

Outputs the message, $\begin{matrix} m = H_{2} (d) \oplus V . \end{matrix}$

3.4. Algorithms

The ways of calculating the master secret key and system parameters are presented in Algorithm 1. Also, the calculation for each node x is presented in Algorithm 2.

Algorithm 1:

Calculating the master secret key and system parameters

Algorithm 2:

Calculation for each node x

3.5. Security analysis

In this section, we analyze the security strengths of our new HIBAF scheme in the fog computing paradigm in terms of collusion attack resistance, data security, and the Bilinear Diffie–Hellman (BDH) problem.

Collusion Attack Resistance:

Our new HIBAF scheme is used to guarantee the security of the shared secret key. HIBAF provides identifiable statistics for each item of encrypted information and requires a unique secret key for decrypting the required file. Since each node of every level selects the secret element as a unique random number, our HIBAF scheme can defend against collusion attacks.

Data Security:

Our new HIBAF scheme offers four-layered protection. Each level’s protection relies upon the security of the previous level. If an adversary breaches the security system, he has to overcome this four-layered security. HIBAF scheme gives each node unique secret keys, which in flip preserves every node’s security separately. It is highly unlikely that an adversary can know each node’s secret keys and generate private keys. In case of an adversary tries to get entry to the file but he would not able to decrypt without the private key. Each node’s secret key is generated randomly, choosing a prime number for the secret element, solely available to the root PKG and the particular node. Therefore, our HIBAF scheme can stop the records theft assaults through impenetrable data transmissions. We can ensure the security assumption using the Bilinear Diffie–Hellman message authentication algorithm.

Bilinear Diffie–Hellman (BDH) Problem:

Given a randomly chosen $X \in G_{1}$ , as well as $a X$ , $b X$ , $c X$ , then compute $\hat{e} {(X, X)}^{abc}$ . In case of the BDH problem to be hard, $G_{1}$ and $G_{2}$ must be chosen for no known algorithm for efficiently solving the Diffie–Hellman problem in either $G_{1}$ or $G_{2}$ . According to Boneh and Franklin, if there exists a BDH parameter generator named $IG$ , then the advantage ${Adv}_{IG} (B)$ that an algorithm B has in solving the BDH problem is defined to be the probability that the algorithm B outputs $\hat{e} {(X, X)}^{abc}$ when the inputs to the algorithm are $G_{1}$ , $G_{2}$ , $\hat{e}$ , X, $a X$ , $b X$ , $c X$ , where $(G_{1}, G_{2}, \hat{e})$ is the output of $IG$ for sufficiently large security parameter $K > 0$ , X is a random generator of $G_{1}$ , and a, b, c are random elements of $Z_{p}^{*}$ . The BDH assumptions here is that ${Adv}_{IG} (B)$ is negligible for all efficient algorithms B.

4. Implementation and result

In this section, we elaborate simulation platform to provide insights into the implementation tools. We provide different analyses of our results alongside comparing with existing other work. We also inspect the results while differentiating the performance in fog compared to the cloud computing scenario.

4.1. Simulation platform

We have modeled a sub-network of the source to the destination module. The sub-networks’ primary source is a server, and the destination is a gateway or interpreter. In the sub-network, a client process is a primary TCP/IP communication through connecting and sharing data with a mail and web server, whereas a router is a primary source of information routing data throughout the connected cloud network.

The implementation of our scheme is conducted in NeSSi2, a discrete event simulator that runs on Java, a Python-based data analytic tool Octave and Matlab, a cross-platform tool for data distribution. We have evaluated our performance, considering response time, memory utilization,user task load and delay time. After that, we have compared our result with another cryptographic scheme: Attribute-Based Encryption (ABE). We have assumed different datasets, approximately 5 to 50 Mb, to analyze the performance. Moreover, we have used document type files with .txt, and .pdf file extensions. The blue lines in Figs 4 to 6 show the computation of HIBAF, and the red lines show the computation of ABE, respectively, in their necessary fields of comparison.

Fig. 4.

Response time analysis in cloud and fog environment.

Fig. 5.

Analysis of key updating in cloud and fog environment (a).

Fig. 6.

Analysis of key updating in cloud and fog environment (b).

Table 5 lists some device specifications which were used to create our customized simulation environment for implementing the result.

4.2. Results and comparison

We determined the simulated environment’s performance while varying the size of the dataset, and we measured the response time in terms of key generation time, processing time, encryption/decryption time, and delay time. We also measured the key update in fog and cloud computing scenarios. The results, graphs, and analysis are provided in the following paragraphs:

4.2.1. Response time analysis

Figure 4(1) shows that CPU time for our HIBAF approach almost linearly varies through varying sizes of the dataset. This figure indicates that HIBAF utilizes CPU at a decreasing rate in contrast to ABE. The CPU utilization is comparatively constant with increasing user loads, whereas ABE utilizes much less CPU when data sizes are substantial. Figure 4(2) depicts that HIBAF takes a larger encryption time for a small number of attributes, but with the increasing number of attributes, HIBAF takes much less encryption time compared to ABE. When the attribute number is 15, ABE consumes an equal time as HIBAF for considering encryption. However, as the variety of attributes increases, HIBAF consumes comparatively less encryption time in general. Figure 4(3) suggests that HIBAF requires higher decryption time in contrast to ABE as it supports four-layered hierarchies inside target devices. The decryption run-time for ABE increases rapidly through the increasing variety of attributes, but for HIBAF, it increases at a lower rate. From this figure, we have found that when the variety of attributes is at 30, both HIBAF and ABE requires almost an equal amount of decryption time. As a result, HIBAF requires higher decryption time with an increasing number of attributes than ABE, but it requires comparatively less decryption time than ABE when the attribute number is enormous. Figure 4(4) shows that HIBAF presents larger delays than ABE with the larger sizes of datasets for layering procedure verification and validation. Figure 4(5) shows that the encryption time of users in fog devices linearly varies with the number of users in the fog environment, but HIBAF requires a little longer processing information. Figure 4(6) emphasizes that the decryption time of users in a fog environment varies with the range of customers in a fog environment at a decreasing rate. Although HIBAF is slower for the lower number of users than ABE, as the number of users increases, both HIBAF and ABE consume similar decryption time.

Table 5
Device descriptions for simulation environments

No. Device criteria Specifications

1. TCP/IP Client Intel Core i3, 3.2 GHz, L3 Cache 8 mb, Graphics frequency: 280 MHz

2. TCP/IP Server Intel Core i7, 3.8 GHz Extreme, L3 Cache 16 mb, Graphics frequency: 300 MHz

3. Sniffing worm application (Outsider) port: 1337 (src, dest), 256-bytes, range: 3- 30 bits(max), key scan: 2–5 times (max), Attack initialization: true, delay: 10 ms, processing bits: 20

4. DDoS application (Outsider) port: 1337 (src), Port: 80 (dest), IP: Webserver (dest), Delay: 18 ms, Start clock tick: 150, packet size: 460 (start) 2000 (end), key scan: 3–7 times (max)

5. Router(Fire-wall) HIBAF modelled Hierarchy: stage-3, architecture: x-64, Fog nodes: 5 devices, Cloud nodes: 12 devices, Root node: 1 with 5 cloud devices

6. Client (outsider) Intel Core i5, 3.0 GHz, L3 Cache 8 mb, Graphics frequency: 220 MHz

7. Web Server Intel Core i7, 3.4 GHz, L3 Cache 20 mb, Graphics frequency: 280 MHz

8. Mail Server Intel Core i7, 3.6 GHz Extreme, L3 Cache 18 mb, Graphics frequency: 230 MHz

9. Data Type .text, .pdf, .doc, Attributes: file size (5 to 50) Mb approximately

10. Distribution Empirical (random)

No.	Device criteria	Specifications
1.	TCP/IP Client	Intel Core i3, 3.2 GHz, L3 Cache 8 mb, Graphics frequency: 280 MHz
2.	TCP/IP Server	Intel Core i7, 3.8 GHz Extreme, L3 Cache 16 mb, Graphics frequency: 300 MHz
3.	Sniffing worm application (Outsider)	port: 1337 (src, dest), 256-bytes, range: 3- 30 bits(max), key scan: 2–5 times (max), Attack initialization: true, delay: 10 ms, processing bits: 20
4.	DDoS application (Outsider)	port: 1337 (src), Port: 80 (dest), IP: Webserver (dest), Delay: 18 ms, Start clock tick: 150, packet size: 460 (start) 2000 (end), key scan: 3–7 times (max)
5.	Router(Fire-wall) HIBAF modelled	Hierarchy: stage-3, architecture: x-64, Fog nodes: 5 devices, Cloud nodes: 12 devices, Root node: 1 with 5 cloud devices
6.	Client (outsider)	Intel Core i5, 3.0 GHz, L3 Cache 8 mb, Graphics frequency: 220 MHz
7.	Web Server	Intel Core i7, 3.4 GHz, L3 Cache 20 mb, Graphics frequency: 280 MHz
8.	Mail Server	Intel Core i7, 3.6 GHz Extreme, L3 Cache 18 mb, Graphics frequency: 230 MHz
9.	Data Type	.text, .pdf, .doc, Attributes: file size (5 to 50) Mb approximately
10.	Distribution	Empirical (random)

4.2.2. Analysis of key updating in cloud and fog environments

Figure 5(1) illustrates that HIBAF takes a larger time for updating the secret key according to the increasing number of users while sharing on cloud devices than ABE. Figure 5(2) shows that HIBAF consumes significant time for secret key updating with an increasing number of users in a fog environment compared to ABE. Figure 5(3) shows that HIBAF requires extensive re-encrypted key updating time while sharing attributes in cloud environments in contrast to ABE. Also, Fig. 5(4) shows that HIBAF requires more time for re-encrypted key updating while sharing attributes through fog devices compared to ABE. Figure 6(5) emphasizes that HIBAF requires higher revocation time when sharing several documents via the cloud units and that ABE supports higher protection privileges under advanced encryption categories. Moreover, Fig. 6(6) indicates that ABE needs much less file revocation time in terms of sharing through fog environments than HIBAF, which simplifies the less impenetrable mechanism for a massive number of customers under the encryption technique. It also indicates that although HIBAF requires a considerable revocation time for a smaller number of files, it grows slowly when the number of files lies between 1000 to 3000.

4.2.3. Analysis of data management and HIBAF improvements in cloud and fog environment

Figure 7(1) suggests that memory utilization is more extensive in ABE in contrast to HIBAF in the case of file sharing, which describes the hierarchical property of reducing memory consumption. Figure 7(2) shows that HIBAF requires more time for key generation than ABE by file sharing among users. Figure 7(3) shows that the shared data sizes percentage among cloud devices in HIBAF is much more significant than ABE with the increasing number of users in a cloud environment. Also, Fig. 7(4) shows that both HIBAF and ABE require similar percentages of shared data sizes among fog devices with the increasing number of users in a fog environment. Moreover, Fig. 7(5) demonstrates that HIBAF achieves 33% improvements in fog compared to cloud architecture alongside data provisioning. HIBAF1 shows the run time delay while implemented in a cloud hierarchy, and HIBAF2 shows the run time delay while implemented in a fog hierarchy during data provisioning. We implemented the same dataset in both cloud and fog hierarchy and found that fog requires 33% less time to process data. Furthermore, Fig. 7(6) shows that HIBAF occupies greater disk-writes on the database while managing data through producing safety keys.

Fig. 7.

HIBAF improvements and data management analysis in cloud and fog environments.

5. Discussion

In this section, we discuss the potential significance and advantages of our proposed HIBAF scheme. The discussion also includes different applications, scopes, limitations, and future works for the devised scheme.

5.1. Significance

Our new HIBAF scheme ensures the transmission of non-public key and authentication to be accomplished locally. The HIBAF scheme reduces the required key generation’s computation cost when the root PKG delegates the key technology as per identification authentication through the distribution of workloads to lower-level PKGs. Also, every level has its secret key, which no longer affects other layers’ privacy in case of disclosure at any stage. Finally, it limits the key escrow problem and eliminates the necessity of including any required complicated certificate management.

5.2. Potential applications

With the growing number of versatile smart applications, the networks require scaling and request transmission of many data packets. To manage such a high volume of data packets, it is challenging to ensuring data confidentiality and security. Therefore, our proposed scheme entitled HIBAF provides an effective solution to this extent, which is applicable in large-scale networks and provides security at each level of the data management. It is applicable in several IoT-based smart applications to securely deploy within IoT devices that ensures the data privacy in the current fog and edge paradigm. Therefore, HIBAF is suitable for utilization and performance to manage even the large-scale network scenario with simplicity and efficiency. For example, online marketing, fraud detection, internet banking, and other research applications can benefit from deploying the proposed scheme.

5.3. Limitations and future work

Currently, the work can feature limited datasets such as images, graphs, and voice clips. We plan to combine our scheme with face or iris biometrics to improve personal protection. We also seek to analyze the overall performance to implement in various IoT-based smart applications. In the future, we akso plan to deploy the security scheme in bio-image processing, confidential video sharing, emergency voice surveillance paradigms for governmental issues. Thus, our work can help and attract the future network security researchers.

6. Conclusion

Data protection has been a significant issue in the fog computing paradigm, a resource-limited environment for the IoT ecosystem. Therefore, our new HIBAF infrastructure affords better security, yet less processing data transmission delays within the ecosystem. We conducted several experiments to assess our scheme’s efficiency in response time, CPU utilization, run-time encryption and decryption, key generation time, delay efficiency during key-generation, and database management in terms of the user loads. Moreover, we compared the work with other existing cryptographic schemes to monitor the effectiveness. Furthermore, we evaluated secret key updating time, re-encrypted key updating time, and file revoking time through DDoS attacks in both cloud and fog hierarchies. Finally, through evaluation, we observed that our scheme provides overall, 33% improvement in terms of data processing and management in a fog paradigm compared to the general cloud-IoT ecosystem.

Footnotes

Acknowledgements

This research is supported through the “ICT Innovation Fund (2016-17): ICT Division, Bangladesh” and also partlially supported through the Australian Research Council Discovery Project: DP190100314, ‘Re-Engineering Enterprise Systems for Microservices in the Cloud.’

Conflict of interest

The authors have no conflict of interest to report.

References

Aazam and

E.-N.

Huh, Fog computing and smart gateway based communication for cloud of things, in: Future Internet of Things and Cloud (FiCloud), 2014 International Conference on, IEEE, 2014, pp. 464–470. doi:10.1109/FiCloud.2014.83.

H.A.

Al Hamid,

S.M.M.

Rahman,

M.S.

Hossain,

Almogren and

Alamri, A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography, IEEE Access 5 (2017), 22313–22328. doi:10.1109/ACCESS.2017.2757844.

A.A.

Alli and

M.M.

Alam, The fog cloud of things: A survey on concepts, architecture, standards, tools, and applications, Internet of Things 9 (2020), 100177. doi:10.1016/j.iot.2020.100177.

Alotaibi,

Barnawi and

Buhari, Attribute-based secure data sharing with efficient revocation in fog computing, Int. J. Inf. Security 8(3) (2017), 203–222.

Alrawais,

Alhothaily,

Hu,

Xing and

Cheng, An attribute-based encryption scheme to secure fog communications, IEEE Access 5 (2017), 9131–9138. doi:10.1109/ACCESS.2017.2705076.

A.M.

Alshiky,

S.M.

Buhari and

Barnawi, Attribute-based access control (ABAC) for EHR in fog computing environment, International Journal on Cloud Computing: Services and Architecture (IJCCSA) 7(1) (2017), 27–34.

Arij,

Mohamed and

Meddeb, CASK: Conditional authentication and session key establishment in fog-assisted social IoT network, in: 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC), IEEE, 2019, pp. 114–119.

Bhatia and

Verma, Data security in mobile cloud computing paradigm: A survey, taxonomy and open research issues, The Journal of Supercomputing 73(6) (2017), 2558–2631. doi:10.1007/s11227-016-1945-y.

Blazy,

Kiltz and

Pan, (Hierarchical) identity-based encryption from affine message authentication, in: International Cryptology Conference, Springer, 2014, pp. 408–425.

10.

Boneh and

Franklin, Identity-based encryption from the Weil pairing, in: Annual International Cryptology Conference, Springer, 2001, pp. 213–229.

11.

A.A.

Diro,

Chilamkurti and

Kumar, Lightweight cybersecurity schemes using elliptic curve cryptography in publish-subscribe fog computing, Mobile Networks and Applications 22(5) (2017), 848–858. doi:10.1007/s11036-017-0851-8.

12.

M.T.

Dong and

Zhou, Fog computing: Comprehensive approach for security data theft attack using elliptic curve cryptography and decoy technology, Open Access Library J 3(9) (2016), 1.

13.

Dsouza,

G.-J.

Ahn and

Taguinod, Policy-driven security management for fog computing: Preliminary framework and a case study, in: Information Reuse and Integration (IRI), 2014 IEEE 15th International Conference on, IEEE, 2014, pp. 16–23.

14.

Fan,

Wang,

Li and

Yang, A secure and verifiable outsourced access control scheme in fog-cloud computing, Sensors 17(7) (2017), 1695. doi:10.3390/s17071695.

15.

Farjana,

Roy,

M.J.N.

Mahi and

Whaiduzzaman, An identity-based encryption scheme for data security in fog computing, in: Proceedings of International Joint Conference on Computational Intelligence, Springer, 2020, pp. 215–226. doi:10.1007/978-981-13-7564-4_19.

16.

Ficco,

Esposito,

Xiang and

Palmieri, Pseudo-dynamic testing of realistic edge-fog cloud ecosystems, IEEE Communications Magazine 55(11) (2017), 98–104. doi:10.1109/MCOM.2017.1700328.

17.

Gope, LAAP: Lightweight anonymous authentication protocol for D2D-aided fog computing paradigm, computers & security 86 (2019), 223–237. doi:10.1016/j.cose.2019.06.003.

18.

M.R.

Hossain,

Whaiduzzaman,

Barros,

S.R.

Tuly,

M.J.N.

Mahi,

Roy,

Fidge and

Buyya, A scheduling-based dynamic fog computing framework for augmenting resource utilization, Simulation Modelling Practice and Theory 111 (2021), 102336. doi:10.1016/j.simpat.2021.102336.

19.

Huang,

Yang and

Wang, Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of things, IEEE Access 5 (2017), 12941–12950. doi:10.1109/ACCESS.2017.2727054.

20.

Jiang,

Susilo,

Mu and

Guo, Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing, Future Generation Computer Systems 78 (2018), 720–729. doi:10.1016/j.future.2017.01.026.

21.

Kahvazadeh,

V.B.

Souza,

Masip-Bruin,

Marn-Tordera,

Garcia and

Diaz, Securing combined fog-to-cloud system through SDN approach, in: Proceedings of the 4th Workshop on CrossCloud Infrastructures & Platforms, ACM, 2017, p. 2.

22.

Li,

Li and

Liu, A dynamic multiple-keys game-based industrial wireless sensor-cloud authentication scheme, The Journal of Supercomputing 74(12) (2018), 6794–6814. doi:10.1007/s11227-018-2441-3.

23.

Li,

Wu,

Li,

Guan and

Guo, Fog computing-enabled secure demand response for Internet of energy against collusion attacks using consensus and ACE, IEEE Access 6 (2018), 11278–11288. doi:10.1109/ACCESS.2018.2799543.

24.

Li,

Dai and

Yang, Identity-based cryptography for cloud security, IACR Cryptology ePrint Archive 2011 (2011), 169.

25.

Lopez-Fenner,

Sepulveda,

L.F.

Bittencourt,

F.M.

Costa and

Georgantas, Privacy preserving multi party computation for data-analytics in the IoT-fog-cloud ecosystem, in: CICCSI 2020: IV International Congress of Computer Sciences and Information Systems, 2020.

26.

Lu,

Heung,

A.H.

Lashkari and

A.A.

Ghorbani, A lightweight privacy-preserving data aggregation scheme for fog computing-enhanced IoT, IEEE Access 5 (2017), 3302–3312. doi:10.1109/ACCESS.2017.2677520.

27.

Ma, Identity-based encryption with outsourced equality test in cloud computing, Information Sciences 328 (2016), 389–402. doi:10.1016/j.ins.2015.08.053.

28.

D.P.

Mozumder,

Mahi,

Whaiduzzaman and

M.J.N.

Mahi, Cloud computing security breaches and threats analysis, International Journal of Scientific & Engineering Research 8(1) (2017), 1287–1297.

29.

Mukherjee,

Wang,

Lu,

R.L.

Neupane,

Dunn,

Ren,

Su and

Calyam, Flexible IoT security middleware for end-to-end cloud–fog communication, Future Generation Computer Systems 87 (2018), 688–703. doi:10.1016/j.future.2017.12.031.

30.

Noura,

Salman,

Chehab and

Couturier, Preserving data security in distributed fog computing, Ad Hoc Networks 94 (2019), 101937. doi:10.1016/j.adhoc.2019.101937.

31.

Parikh,

Dave,

Patel and

Doshi, Security and privacy issues in cloud, fog and edge computing, Procedia Computer Science 160 (2019), 734–739. doi:10.1016/j.procs.2019.11.018.

32.

M.T.

Rahman and

M.J.N.

Mahi, Proposal for SZRP protocol with the establishment of the salted SHA-256 Bit HMAC PBKDF2 advance security system in a MANET, in: Electrical Engineering and Information & Communication Technology (ICEEICT), 2014 International Conference on, IEEE, 2014, pp. 1–5.

33.

Roman,

Lopez and

Mambo, Mobile edge computing, fog et al.: A survey and analysis of security threats and challenges, Future Generation Computer Systems 78 (2018), 680–698. doi:10.1016/j.future.2016.11.009.

34.

Roy,

A.R.

Shovon and

Whaiduzzaman, Combined approach of tokenization and mining to secure and optimize big data in cloud storage, in: 2017 IEEE Region 10 Humanitarian Technology Conference (R10-HTC), IEEE, 2017, pp. 83–88. doi:10.1109/R10-HTC.2017.8288912.

35.

Schridde,

Dörnemann,

Juhnke,

Freisleben and

Smith, An identity-based security infrastructure for cloud environments, in: Wireless Communications, Networking and Information Security (WCNIS), 2010 IEEE International Conference on, IEEE, 2010, pp. 644–649.

36.

Shamir, Identity-based cryptosystems and signature schemes, in: Workshop on the Theory and Application of Cryptographic Techniques, Springer, 1984, pp. 47–53.

37.

A.R.

Shovon,

Roy,

Sharma and

Whaiduzzaman, A restful e-governance application framework for people identity verification in cloud, in: International Conference on Cloud Computing, Springer, 2018, pp. 281–294.

38.

S.A.

Soleymani,

A.H.

Abdullah,

Zareei,

M.H.

Anisi,

Vargas-Rosales,

M.K.

Khan and

Goudarzi, A secure trust model based on fuzzy logic in vehicular ad hoc networks with fog computing, IEEE Access 5 (2017), 15619–15629. doi:10.1109/ACCESS.2017.2733225.

39.

Stojmenovic and

Wen, The fog computing paradigm: Scenarios and security issues, in: Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on, IEEE, 2014, pp. 1–8.

40.

Vishwanath,

Peruri and

J.S.

He, Security in fog computing through encryption, DigitalCommons@ Kennesaw State University, 2016.

41.

Wang,

Wang and

Domingo-Ferrer, Anonymous and secure aggregation scheme in fog-based public cloud computing, Future Generation Computer Systems 78 (2018), 712–719. doi:10.1016/j.future.2017.02.032.

42.

Wang, A privacy-preserving and accountable authentication protocol for IoT end-devices with weaker identity, Future Generation Computer Systems 82 (2018), 342–348. doi:10.1016/j.future.2017.09.042.

43.

Wazid,

A.K.

Das,

Kumar and

A.V.

Vasilakos, Design of secure key management and user authentication scheme for fog computing services, Future Generation Computer Systems 91 (2019), 475–492. doi:10.1016/j.future.2018.09.017.

44.

Whaiduzzaman and

Gani, Measuring security for cloud service provider: A third party approach, in: Electrical Information and Communication Technology (EICT), 2013 International Conference on, IEEE, 2014, pp. 1–6.

45.

Whaiduzzaman,

M.R.

Hossain,

A.R.

Shovon,

Roy,

Laszka,

Buyya and

Barros, A privacy-preserving mobile and fog computing framework to trace and prevent Covid-19 community transmission, IEEE Journal of Biomedical and Health Informatics 24(12) (2020), 3564–3575. doi:10.1109/JBHI.2020.3026060.

46.

Whaiduzzaman,

Naveed and

Gani, MobiCoRE: Mobile device based cloudlet resource enhancement for optimal task response, IEEE Transactions on Services Computing (2016).

47.

Whaiduzzaman,

Oliullah,

M.J.N.

Mahi and

Barros, AUASF: An anonymous users authentication scheme for fog-IoT environment, in: 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), IEEE, 2020, pp. 1–7.

48.

Whaiduzzaman,

S.R.

Tuly,

Haque,

Razon Hossain and

Barros, Credit based task scheduling process management in fog computing, in: Proceedings of the 24th Pacific Asia Conference on Information Systems (PACIS) 2020, Association for Information Systems (AIS), 2020.

49.

Zhang,

Zhou and

Fortino, Security and trust issues in fog computing: A survey, Future Generation Computer Systems 88 (2018), 16–27. doi:10.1016/j.future.2018.05.008.