Secure data aggregation using quantum key management in IoT networks

Abstract

The Internet of Things and Quantum Computing raise concerns, as Quantum IoT defines security that exploits quantum security management in IoT. The security of IoT is a significant concern for ensuring secure communications that must be appropriately protected to address key distribution challenges and ensure high security during data transmission. Therefore, in the critical context of IoT environments, secure data aggregation can provide access privileges for accessing network services. "Most data aggregation schemes achieve high computational efficiency; however, the cryptography mechanism faces challenges in finding a solution for the expected security desecration, especially with the advent of quantum computers utilizing public-key cryptosystems despite these limitations. In this paper, the Secure Data Aggregation using Quantum Key Management scheme, named SDA-QKM, employs public-key encryption to enhance the security level of data aggregation. The proposed system introduces traceability and stability checks for the keys to detect adversaries during the data aggregation process, providing efficient security and reducing authentication costs. Here the performance has been evaluated by comparing it with existing competing schemes in terms of data aggregation. The results demonstrate that SDA-QKM offers a robust security analysis against various threats, protecting privacy, authentication, and computation efficiency at a lower computational cost and communication overhead than existing systems.

Keywords

Internet of things security data aggregation access control quantum cryptography

1 Introduction

Sensor Networks have emerged as one of the most considerable IoT technologies [1] to enhance smart devices, bringing extensive complexity and overhead to processing data to the IoT system. Instinctively, off-loading the Cloud evaluation responsibilities can smash through the restrictions [2, 3]. The IoT cloud system enables computing and storage responsibilities from the Cloud to edge devices, mostly for data analysis and management, and provides authority for access and processing in IoT systems. The challenge of IoT and Cloud integration is to be solved [4]. In most cases, smart devices and communication in IoT environments are generally unreliable, exposing sensitive data to eavesdroppers and other security issues [5]. The data privacy concern is to execute end-to-end encryption to defend against security. Established protocols are considered to exploit the cryptosystem to initiate communications. most of the Cryptographic mechanisms are RSA [6], Elliptic Curve Cryptography algorithm [7], Diffie-Hellman Key Exchange algorithm [8], which necessitate efficient computation resources, which will cause the take apart of the security analysis based on the complexity of arithmetical functions [9, 10]. Quantum systems can break this complexity. Need to consider the security requirements brought by quantum computers [11]. The robust security clarification, Quantum Key Distribution, might work out the security issues on the condition of quantum keys [12]. So, the IoT systems are protected by Quantum key distribution considering a competent paradigm. Once efficient quantum computers are to be had, asymmetric cryptographic mechanisms regard complexity. The symmetric cryptosystem is not busted by quantum mechanisms needed for the determination of superior keys and classifying the applications and protocols, it requires different cryptographic dexterity forms [13].

IoT security requirements can be determined by end-user or cloud systems. For example, it can deploy End devices at the network edge and collect data from IoT, keep data at the edge or cloud devices, to a certain extent, then routing through a middleware. If there is data from any attacks, the intermediate service can also carry out the authentication to timely filter the vulnerabilities. The end-user cannot distinguish each attribute during the consecutive run of the aggregation process. Providing secure aggregation methods is necessary in IoT networks.

The most crucial challenge arises before data aggregation: ensuring secure communication between IoT and cloud systems. Additionally, while many of the aggregation schemes mentioned above can protect data transmission, they often come at an expensive cost. Simultaneously, with the advent of quantum computers, features such as data integrity and confidentiality cannot be guaranteed. Considering these factors, it is essential to introduce a quantum cryptography scheme to assess security issues in IoT and propose secure data aggregation using quantum key management. The method adopts the One-Time-Pad (OTP) technique [14] and uses quantum cryptography to prevent vulnerabilities. The quantum key distribution in the standard cipher comprehends the secure communication.

In this work, to address the above challenges, the SDA-QKM (Secure Data Aggregation using Quantum Key Management) scheme for IoT systems is proposed, which supports authentication verification during the data aggregation process. In QKM, the data integrity process conserves computational efficiency by using a One-Time-Pad (OTP) mechanism. Hence, it maintains middleware security compatibility at the system level, allowing users to manage keys for access control in services with privileged access. Devices must undergo authentication to ensure that aggregation is performed only by authorized services. The main contributions of the proposed SDA-QKM framework are summarized as follows:

The IoT architecture consists of a middleware/Access layer to improve the data aggregation for computation efficiency and their corresponding SDA-QKM framework. The device data needs to be secure enough. The user must have the proper authentication to access the data if a supposed unauthorized user attempts to decrypt the data. In that case, QKM provides encryption with an authorization verifier.

The aggregation process Consists of key Generation, verification, aggregation, Tracing and Key Stability checking processes. Secure data aggregation with OTP mechanisms to fix the responsibility for key distribution in the traditional stream cipher to analyze the securing data transmission. Here the session key is generated by QRNG and it is functional to OTP, which improves data privacy.

A comprehensive examination is performed, and it is observing the results. The Complete security analysis shows how the proposed SDA-QKM security model can achieve privacy, authentication source, integrity and also prove that quantum cryptography is well suitable for IoT systems.

In this work, extensive experiments evaluate the system efficiency in computational cost and communication overheads. This analysis shows that the aggregation services are significantly reduced compared with the traditional secure data aggregation schemes.

This paper remains structured in Section 2, summarizing the related work and getting into the background problem formulation in Section 3. The architecture and the proposed SDA-QKM model are presented in Sections 4 and 5. The Security and performance analysis are demonstrated in Sections 6 and 7, respectively. Finally, the conclusion is given in the Section 8.

2 Related work

IoT sensing environments pose certain security and privacy risks [15]. Additionally, vulnerabilities may lead to data expenditure, and aggregation can enhance efficiency by reducing the number of packets required for secure transmission. The complexity of authentication has been comprehensively discussed in [16-18].

Cirani et al. [19] The authorization is considered a progressively more Access to resources. Presented by a cryptographic scheme and protocols at network layers. The crypto scheme allows trusted communication by providing privacy protection based on a Public-Key Infrastructure, and introduces a two-step encryption method for handling processing time. Schiffman et. al. [20], the authors present a fine-grained sub-delegation mechanism. The critical challenge is applying these mechanisms to a constrained network. Xi Luo et al. [21] considered resource consumption and intended a transmission protocol concerning the symmetric cryptosystems, which provides lightweight encryptions to keep the data transmissions secure. Symmetric keys created and conserved by the semantic methods and protocols can battle key reorganization and attacks.

Rongxing lu et al. [22]. Contributed to data aggregation methods characterized by combining these cryptographic mechanisms, such as Paillier crypto encryption, CRT theorem, and one-way hashing techniques to track the authentication source, the edge network to the fault-tolerance, and FDI by external attackers. The outcome indicates efficiency in both computational and communication costs. Gerdes et al. [23] presented a DCAF scheme, introducing an authorization server for performing authorization to store a massive amount of information. The delegated tasks are handled by an external entity, aiming to be general and patently IoT integration. Wang, Boneh et al. [24, 25] introduced a secure aggregation scheme to ensure privacy protection, integrity, and authentication of data collected from IoT. Z. Guan et al. [26] contributed to preserving data, aggregation secrecy, and trust by using a pseudonym certificate.

Abdallah et al. [27] proposed a quantum cryptosystem. Secure aggregation involves computation operations that effectively reduce computational costs. M. Badra et al. [28] presented a homomorphic encryption and key management system. It requires resilience against different attacks. It has limited computational resources. Ahsan Saleem et al. [29] presented in privacy-preserving data aggregation (FESDA), OTP-based or pseudonym certificate, the Paillier crypto mechanism, and Hashing techniques used to reduce computations competently and improve FN. and CCs work efficiency. It verifies the integrity and authentication. It is proven and computationally expensive in terms of aggregation. Kursawe et al. [30] presented the crypto mechanism for Diffie-Hellman and the bilinear mapping scheme to generate masking values depending on secret sharing. Erkin Z et al. In [31], using Paillier homomorphism encryption to keep the masking values, a distributed Laplacian perturbation algorithm was offered to create Laplacian noise, high communication, and computational overheads. Rongxing Lu, et al. [32] In EPPA, agreeably the real-time data collection provisions in IoT applications. It uses multi-dimensional data aggregation. Compared with the fixed data aggregation approaches, the Paillier homomorphic crypto algorithm increases the aggregation sequence, reduces the computational cost, and extensively improves efficient communication with high-frequency.

Jithunbi et al. [33] presented a trust evaluation algorithm by applying a genetic algorithm with intelligent rules which helps to evaluate the real trust score of the individual node. Jianbing et al. [34] propose a secure data aggregation system with trapdoor hashing functions and a Paillier cryptosystem; both these methods can resist malicious gateway attacks. Selvakumar et al. [35] presented a verifiable threshold multi-authority access control model for a public cloud storage environment.

IoT systems exhibit significant ambiguity regarding network security. The current standard for IoT does not stipulate any requirements for detecting attacks [36]. Consequently, there is a heightened susceptibility to attacks due to numerous vulnerabilities. This prompts a revision of the feasible key solution for securing IoT through quantum cryptosystems [37]. Cryptosystems leverage standard mathematical functions to create and enhance effective security measures. Utilizing quantum procedures for data transmission ensures unhackable and secure communication [38]. This represents the most crucial advantage exploited by the quantum crypto mechanism. Whenever data is transmitted over a channel from the source to the destination and malicious entity attempts to interrupt the communications and easily detect the intruder in a network [39]. The hierarchical based key management scheme was discussed in [41, 42] which enhances the security of sensor nodes for wireless sensor networks. The recent work on quantum based security for public cloud based IoT systems was discussed in [43-45]. Most commonly they applied a lattice based signature scheme for encrypting the message.

The complete authorization does not do the above-mentioned secure data aggregation methods to the Edge network, and these schemes endure computational efficiency. In IoT, the Middleware desires to spend data each minute from the Sensing environments. Simultaneously, the access credential needs to remove the vulnerabilities during the data transmissions. Moreover, the proposed Authentication Cryptosystem involves managing keys used to QKM, explicitly considering minimizing the effort required by providing a secure communication and authorization structure. A proposed SDA-QKM system to prevent vulnerabilities. It ensures that the aggregation verification process is done by the Quantum key cryptography mechanism which efficiently conserves privacy protection and performs aggregated data from authorized service and user access to the network service.

3 Problem formulation

This session required the background information of cryptographic primitives, and it involved the following into the SDA-QKM scheme.

3.1 Bi-linear mapping

Assume M_a and M_b as two product categories that are prime pr, a bi-linear map can be defined as a function, k : M_aXM_a → M_b and contain the characteristics as follows:

Computing ability: An effective algorithm is presented to calculate k (i, j) ∈ M, for every i, j ∈ M.

Bilinear operation: For every i, j ∈ M and ∝, β ∈ Y_pr, it contains k (i^∝, j^β) = k (i, j) ^∝β.

Generating ability: If ’d’ is assumed as a generator of ‘M’, then k (d, d) will also be considered as a generator of M₁.

3.2 Quantum key cryptosystem

Quantum theory concepts to recognize the key distribution with verifiable security are referred to as the quantum key cryptosystem [10]. The Quantum key Cryptosystem encryption method supports and allows efficient computations of the encrypted data. This scheme considers the following processes, 1. Key Generation, 2. Encryption, 3. Decryption, 4. Key Stability checking, 5. Tracing Model.

Key Generation: GenOfKey(PU_key, MS_key, E). The authorized attribute considers n as the PU_key, MS_key, attribute set E as inputs, and produces SEC_key, a secret key for the user as output. Further, it will send the re-distribution key, SEC_key to the EDs.

Encryption: The encryption part has set the plain text m, and it has p bit, select a session key

using QRNG $S {S_{key}}_{r} \in Z_{N}^{*}$ . Then, the Ciphertext can be exact as C = Enc (m) = U_r ⨂ t_r ⨂ SS_key_r.

Decryption: The decryption part specified the cipher text C, the plain text can be recovered with the reverse permute C as m = D (C) = U_r-1 ⨂ U_r ⨂ SS_key_r.

Key Stability checking algorithm: KeyStb (PU_key, SEC_key) → 0 or 1.By entering the public key PU_key and the Secret key SEC_key, if SEC_key ensues the conditions of the phase of key stability check, then its output1; else, it outputs 0.

Tracing model: Trace (PU_key, SEC_key)→ N_id/⊥ If the settings of the key stability check are satisfied, it enters the public key PU_key, the secret key SEC_key, and creates the identity id of the user or the failure symbol ⊥.

4 System architecture

The collected data from Sensing Devices [SDs], is aggregated and forwarded through the access layer. The access control provides authorization for accessing data to have huge computational complexity. IoT middleware needs to manage a secure relationship with trusted devices to be authenticated and authorized in our system model. It needs to enforce authentication with all appliances, enabling verification of data origin and assigning unique identities that reuse security credentials. Suppose that there are numerous Sensing data being transmitted to their respective Edge device. Sensing data ensures transmission between end devices to protect from various security issues. Thus, the secure transmission provides authorized data from IoT devices. The middle layer comprises mutual Authentication between Edge Devices. It provides authorization to grant access rights to specific data resources. Incoming data from the IoT, since the computational capacity, can be pre-processed and aggregated Data is preferred to the enduring Access rights of each sensed data.

The system model is shown in Fig. 1, which has four parts: 1. [SDs] 2. Edge Devices [EDs] 3. Control centre [CC] and 4. Authority Center [AC].

[SDs]: It represents all IoT smart devices as the data communication between the SDs and the Control Center. The secure data is through the registered devices and transmitted to the Edge Device via the Access layer. Moreover, [SDs] perform cryptographic operations that provide secure data close to the CC.

Edge Devices [EDs]: It leverages the computational capacity of the Edge Devices. EDs are aggregated and forwarding it to the Control centre. EDs also ensure data integrity and authentication and computation efficiency of the aggregated data to the Edge Devices.

Control Center [CC]: CC has accessed both Edges and obtained secure data from CC. Decisions are made from SDs and send the consequent responses back to the [EDs]. CC receives the aggregated data using a secret key performed by decryption.

Authority Center [AC]: The trusted authority is entirely responsible for generating security parameters and a Master secret key According to the user’s data, AC verifies the identity and generates the Master keys.

Fig. 1

System model.

4.1 Adversarial model

In this scheme, the expected adversary can exploit an unauthorized source with normal data. However, it will not arbitrarily corrupt data but expose it to private information during the aggregation process. The data transmission between SDs and CC cannot be fully encrypted; an adversary could eavesdrop on insecure communication; and the attacker can exploit the network edges. The adversary can also instigate compromising data transmission. Moreover, we also consider internal and external attacks (FDI) to get confidential information through some adversaries in the communication channels. Therefore, the Edge devices are estimated to reject these forged data and not forward them to the CC. An adversary can instigate the data integrity, and eavesdrop to get valid data. In review, our Adversarial model must convince the privacy concern, source of authentication and integrity.

4.2 Security goal

The security goal can be mentioned above in the system models as consisting of the following objectives:

Authentication: The Control Center checks the data from the authorized source. Because [SDs] and the EDs have a similar shared secret key. The Edge devices ensure that the authenticated data. CC verifies the authentication source, which should be aggregated data. This is important to avoid defence against any internal or external attacks.

Privacy: if the attacker can intercept the data transmission between SD and ED. The Unauthorized user or external adversaries can’t obtain the IoT data. EDs could not decrypt the data, so they cannot achieve its privacy. Therefore, the Authority centre AC could decrypt the data but cannot acquire the single piece of information.

Integrity: AC detects if the data has been modified. The Sensing data’s integrity is conserved, and any illegitimate individual amendment should be detected.

Computation Efficiency: The SDA-QKM system must be efficient; the computation complexity should be condensed as much as feasible. Also, communication effectiveness is expected to aggregate requests. The control Centre should be less achievable; the computational costs and communication overheads should also be minimal.

5 SDA-QKM model

Quantum Key Management system efficiently protects the authorization for accessing data. Encryption and decryption are performed on the data computations. Secure aggregation requires some problems with the Public-key encryption to provide data with private keys to increase security. The attackers affect the sessions, but this is not positioned yet for specific reasons, mostly the high computational cost concerned with encryption and decryption of plain text and cipher texts. A QKM architecture is depicted under an Edge of the Network set up in Fig. 2, involving four parts: 1. [SDs], 2. Trusted Key Generation, 3. Authority Center and 4. Edge Devices.

The Trusted Key Generation is created to keep the transformed keys. The secure communication involving a Master key needs to be shared among all group members and encrypt and authenticate messages. The most commonly used crypto key Management system is Quantum key cryptography encryption. In QKM, the Master key is determined by exchanging public keys of two communication attributes, Authority Center to TKG. Since the public key itself does not provide authentication, a TKG of the master key can provide authentication.

Fig. 2

SDA-QKM model.

5.1 Workflow of the SDA-QKM scheme

The Secure data aggregation scheme efficiently conserves the authorization for accessing data and performing computations. The SDA-QKM system consists of the following algorithms: (i) Key Generation, (ii) Encryption and verification to EDs, (iii) Aggregation and verification at EDs, (iv) Decryption and verification at CC.

The above-described SDA-QKM method contains the following phases:

System Initialization: Based on security parameters, the Control Center generates public and private keys for ED. After that, EDs will be deployed at the edge of the network. At last, public parameters will be published by CC.

Registration: SDs select the ID, generate its private/public key, and register to the AC. Suppose the public key verifies the signature of the ID and the private key. AC takes the registration only when the public key verifies its signature.

SD-Encryption: Once data is uploaded, SD can encrypt that data and produce its corresponding signature. Once it’s done now, SD informs about cipher texts and their corresponding signature to their ED.

ED-Aggregation: First, each ED checks the cipher text validity, and it aggregates reports received from SDs only if they are valid. Every Edge Device generates a signature for the Cipher text, which is aggregated and data reported to the AC.

Decryption: The process of decryption with the secret key and recovering the aggregated plaintext. AC verifies the cipher text’s validity and is reported by the [EDs].

Tracing Model: To employ the ensuing game that runs between a competitor and an adversary to verify the tracing of the created scheme.

Initialization: After carrying out the registration algorithm, the competitor transfers the public key PU_key to the adversary.

Key Query: The adversary enquires the competitor to get the Secret keys of the user relevant to (N_{id
₁}, Q₁) , . . (N_{id
_s}, Q_s) .

Key Forgery: After the querying, the adversary produces the secret key ${SEC}_{key}^{*}$ of the user. To providing $Trace ({PU}_{key}, {SEC}_{key}^{*}) \to N_{id} / ⊥$ and $Trace ({PU}_{key}, {SEC}_{key}^{*}) \notin {N_{{id}_{1}}, \dots N_{{id}_{s}}}$ , the adversary can succeed in the game. which is represented as $G_{win} [Trace ({PU}_{key}, {SEC}_{key}^{*}) \notin {⊥} ⋃_{}^{} {N_{{id}_{1}}, \dots N_{{id}_{s}}}$

Key Stability Checking Process:

To employ the ensuing game that runs between a simulator and an adversary to define the model of key stability check based on [40]. Once the security parameter 1^φ is entered, the simulator calls an adversary and returns the public key PU_key, the ciphertext C, and two different keys ${SEC}_{{key}_{N_{{id}_{k}, Q_{k}}},} {\tilde{SEC}}_{{key}_{N_{{id}_{k}, Q_{k}}},}$ conforming to a similar set of attributes Q_k for a user R_k with N_{id
_k} to the adversary H. H will succeed in the game if the following necessities are met.

KeyStb (PU_key, SEC_{key_{N_{id_k,Q_k}},}) → 1

$KeyStb ({PU}_{key}, {\tilde{SEC}}_{{key}_{N_{{id}_{k}, Q_{k}}},}) \to 1$

D (PU_key, C, SEC_{key_{N_{id_k,Q_k}},})≠ ⊥

$D ({PU}_{key}, {C, \tilde{SEC}}_{{key}_{N_{{id}_{k}, Q_{k}}},}) \neq ⊥$

$\begin{matrix} D ({PU}_{key}, {C, SEC}_{{key}_{N_{{id}_{k}, Q_{k}}},}) \\ \neq D ({PU}_{key}, {C, \tilde{SEC}}_{{key}_{N_{{id}_{k}, Q_{k}}},}) \end{matrix}$

The listing of cryptographic symbols and their descriptions are shown in Table 1.

Table 1
List of notations

Symbol Description

E Attribute inputs

PU _key Public key

MS _key Master key

SS _key _r Session key

U _r Plain text

t _r Plain text contains t_r bits

∂ Security parameter

sigk _CertAuth Signature pair

verk _CertAuth Verification key

ED _i Edge Device

AC Authority Center

SD Smart Device

CC Control Center

K Bilinear Pairing k : M_aXM_a → M_b

η_i, η_ij Encrypted text generated by ED_i and SD_ij

δ_i, δ_ij Time interval ED_i and SD_ij

ϑ_i, ϑ_ij Signature created by ED_i and SD_ij

Symbol	Description
E	Attribute inputs
PU _key	Public key
MS _key	Master key
SS _key _r	Session key
U _r	Plain text
t _r	Plain text contains t_r bits
∂	Security parameter
sigk _CertAuth	Signature pair
verk _CertAuth	Verification key
ED _i	Edge Device
AC	Authority Center
SD	Smart Device
CC	Control Center
K	Bilinear Pairing k : M_aXM_a → M_b
η_i, η_ij	Encrypted text generated by ED_i and SD_ij
δ_i, δ_ij	Time interval ED_i and SD_ij
ϑ_i, ϑ_ij	Signature created by ED_i and SD_ij

Stage 1: System initialization and setup of the certifying authority

The System initialization setup init_{setup(ini^∂)}., CC requests to select system parameters. The authorized security parameters ∂ as the security variable for input and produces public key PU_key and the master key MS_key as output. The authority for certificate starts the system using the CertAuth algorithm as follows:

$\begin{matrix} CertAuth (1^{\partial}) & \leftarrow & ({MS}_{key} PS ({sigk}_{CertAuth}, \\ {verk}_{CertAuth})) . \end{matrix}$ (1)

Equation (1) considers parameter measures ∂ as inputs and delivers the system master key MS_key, public variables PS along with a signature pair and a verifying key (sigk_CertAuth, verk_CertAuth) as outputs.

Stage 2: Registering the users

In the SDA-QKM system, authentications are required to be indexed to the Control Center. Then, the authorized attributes are executed once they are completed effectively.

User Registration phase

The users userid_ij (j = 1, 2, . . , k) forward their identification information to the CCCertAuth. After getting the information CertAuth executes the RegUser process as below:

The control server selects an identity ID_{ED
_i} and generates the pairs of public and master key (PUkey_i , MS_{key
_i}) for edge server ED_i ( i = 1, 2, . . , s).The control server stores the key pair (IDES_i, MS_{key
_i}) and (ID_{ES
_i}, PUkey_i , MS_{key
_i}) in the ED_i.

If the user userid_ij (j = 1, 2, . . , k) wants to access the edge server ED_i then the registration process should be done. Now the user selects an identity ID_{userid
_ij} and creates its public key and master key (PU_{key
_i} , MS_{key
_i}), where PU_{key
_i.j} is the random number and MS_{key
_ij} = h^{PU
_{key
_i.j}}.

Now ID_{userid
_ij} obtain the time stamp δ and measures sig_ij = H (ID_{userid
_ij}||δ) ^{PU
_{key
_i.j}} and register (ID_{userid
_ij}, δ, sig_ij, MS_{key
_i}) in CC.

While receiving the registration request, CC should check the timestamp freshness and check $\begin{matrix} e ({sig}_{ij,}, h) = e (H ({ID}_{{userid}_{ij}} | | δ), \\ {MS}_{{key}_{ij}}) . \end{matrix}$

If it is wrong, the CC rejects else ID_{userid
_ij} successfully registered and stores (ID_{userid
_ij}, MS_{key
_i}) in CC and ED_i.

Session Key generation using Quantum Cryptography

The QKM uses a one-time pad (OTP) mechanism, where the session key’s feature has been identified as data security. The kernel of the conventional Quantum Random Number Generator (QRNG) is responsible for the quality of the produced random number. Moreover, it is prone to contain the fault of correlating for a more extended period and could fail in the localized randomness testing. Employed a quantum random number generator based on arriving time for generating a random number to avoid such defects. Session key generation was generated using QRNG. Algorithm 1. shows generate keys for encryption and decryption to users and CC, respectively. Moreover, it encrypts the data consumption and generates an on each encrypted value using QKM.

Algorithm 1: Generation of keys
Input:	The authorized attribute considers n as the PU_key, attribute set E
Output:	produces SEC_key, secret key
Step 1:	AC chooses s two random large prime numbers M_a and M_b
Step 2:	Compute SS_key by using QRNG where SS_key = [SS_key₁, SS_{key ₂}, … SS_key_s]
Step 3:	Generate GenOfKey(PU_key, MS_key, E).
Step 4:	End

GenOfKey(PU_key, MS_key, E): The authorized attribute considers n as the PU_key, MS_key, attribute set

E as inputs and produces SEC_key, a secret key for the user as the output. Further, it will send the re-distribution key, ${SEC}_{key}^{'}$ to the Edge Devices. $\begin{matrix} {SEC}_{key} = 〈 k_{1}^{'} = c, k_{2}^{'} = g^{\frac{β}{a + c}} H^{r}, L_{1} = g^{r}, L_{2} \\ = g^{ar}, {K_{z, 1} = g^{r_{z}}, K_{z, 2} \\ {= U_{z}^{r_{z}}}}_{z \in {SEC}_{{key}_{k}}} 〉 \end{matrix}$ Stage 3: SD-Encryption Report

In this process, each userid_ij (j = 1, 2, … . . k) will encrypt the input message m_ij and generates its signature and then reports the details to its ED_i (i = {1, 2, …, s}) .

The Quantum key-based cryptographic algorithm utilizes a one-time pad (OTP) mechanism that needs the same length of plaintext, Ciphertext, and the key. In this study, a stream cipher-based algorithm is presented. The plaintext size is broken up into various length sequences, which is the same as the keys’ length. Considering the first bit of the sequence SS_key||N||r_sk||r_n. it generates a permutation matrix and session key SS_{key
₀}. To ensure enhanced security to authorize identities once establishing the data communication, the key generating model, GenOfKey(PU_key, MS_key, E) utilizes a session key SS_key to update secret L = [l₁, l₂, …, l_n], which is the key generated by QRNG is SS_key = [SS_key₁, SS_key₂, … SS_key_n]

$L = {SS}_{key} oplus L$ (2)

Hence, every L is utilized to protect against impersonation attacks. The addition of the check code can decrease the communication rejection created by the channel noise. The regular sequence can be broken up into four portions, namely SS_key, N, r_sk, r_n. Employ L to retrieve SS_{key
₀}′ from N. where N is the authentication sequence generated using XOR of SS_key and L, which is $N_{1} = {SS}_{{key}_{0}} oplus L_{1} oplus {SS}_{{key}_{1}} ife = 1;;$ $N_{e} = {SS}_{{key}_{e - 1}} oplus L_{e} oplus {SS}_{{key}_{e}} ife \geq 1$ $\begin{matrix} {{SS}_{{key}_{0}} = N_{1} oplus {SS}_{{key}_{0}} oplus L_{1} ife = 1;; \\ {SS}_{{key}_{e}} = N_{i} oplus N_{e - 1} oplus L_{e} ife \geq 1 \end{matrix}$ (3) where we consider that if L₁ = 0, then SS_{key
₀} = 1, else SS_{key
₀} = 0 .

If a difference is found among SS_key′ and SS_key Evaluate the check code option, and if one error is noted in the stated sequence, the data communication is allowed. Hence, the data communication is authorized if it satisfies the following conditions:

If r_sk complements with key sequence, r_n will not match but compared to SS_key, SS_key′ will contain two varying bits alone where there will not be any fault identified, the key will be placed in N.

If r_sk complements with key sequence, r_sesk will not match but compared to SS_key. SS_key′ will contain one varying bit alone where there will be fault identified, the key will be placed no faults in N.

Algorithm 2 performing bilinear pairing encryption uses two permutations and diffusion to make encryption results complicated and decrease the computational costs.

Quantum Random Number Generator (QRNG) is responsible for generating the session key SS_key = [SS_key₁, SS_key₂,...... SS_key_s];

The plaintext T contains u bit that is broken up into v data bit fragments. If the length of the final sector is lesser than v, the same will be filled up with zero.

Build a permutation matrix l as per the ascending order of L. If the starting bit of the variable L is zero, the last permutation matrix FPERM is l and SS_key₀ is one, else the permutation matrix FPERM is l^-1 and SS_key₀ is Zero;

Perform permutation operation T as per the value of FPERM to get the value of t.

Perform encryption operation: if r = 1, then U₁ = SS_key₀ ⨂ t₁ ⨂ SS_key₁. if r > 1, then U_r=U_r-1 ⨂ t_r ⨂ SS_key;

Now, perform permutation operation U as per the value of FPERM to get the value of D.

Algorithm 2: Data encryption using Quantum key cryptosystem
Input:	plaintext, Initialize the parameters used as follows:
	SS_key = [SS_key₁, SS_key₂,....SS_key_n],
	L = [l₁, l, . . . . . . l_n],
	T = t [u], s = 1, flag = 0;
Output:	ciphertext
step 1:	while (u - v)<0 do for (r=0; r<v; v++) do
	if (r + flag < u) , thenT_s[r] = t [r + flag * v];
	else T_s[r] = 0;
	flag = flag+1; s=s+1;
step 2:	Build a permutation matrix l as per the ascending order of L.
step 3:	ifL[0] =0, then FPERM = l, SS_key₀ =1;
	else FPERM = l^-1, SS_key₀ =0;
	For every T_s= {t_1,t_2,....t_r} do
step 4:	Replace the variable T_s as per the value in FPERM
step 5:	ifs = 1, thenU₁ = SS_key₀ oplus t₁ oplus SS_key₁
	elseU_r= U_r-1 oplus t_roplusSS_key_r
step 6:	Replace the value of U as per the value in FPERM to get D.
step 7:	End

So the Ciphertext C_ij = U_ij. Then, userid_ij obtains the current timestamp t_ij, and generates a signature for the Ciphertext ϑ_ij = H (ID_{userid
_ij}||C_ij||t_ij) ^{MS
_key
_ij} using its master keyMS_key_ij. Finally, userid_ij reports the message {ID_{userid
_ij}, t_ij, C_ij, ϑ_ij} to its edge server ED_i.

Stage 4:ED-Aggregation Report

In this process, Each EDs checks the collected data from SDs and reports the aggregated data to AC.

Algorithm 3: Aggregation and verification at EDs
Input:	{ID_{userid _ij}, δ_ij, ciphertext_ij, ϑ_ij} from userid_ij
Output:	Aggregated Data
Step 1:	EDs receives {ID_{userid _ij}, δ_ij, ciphertext_ij, ϑ_ij}
Step 2:	Performs batch verification ciphertext
	$e (\prod_{j = 1}^{k} {ciphertext}_{ij}, h) = \prod_{j = 1}^{k} e (H ({ID}_{{userid}_{ij}} \| \| {ciphertext}_{ij} \| \| δ_{ij}), {PU}_{key}_{ij})$
Step 3:	At least one of the data is invalid
	If ( $e (\prod_{j = 1}^{k} {ciphertext}_{ij}, h)$ !=hold)
Step 4:	ED_i finds the invalid data using PU_key_ij) (j = 1, 2, … , k).
	e (ciphertext_ij, h) = e (H (ID_{userid _ij}\|\|ciphertext _ij\|\|δ_ij) ,
Step 5:	If( $e (\prod_{j = 1}^{k} {ciphertext}_{ij}, h)$ ==hold)
	$e (\prod_{j = 1}^{k} {ciphertext}_{ij}, h)$ is verified and accepted
Step 6:	ED_i aggregates the received data as
	$η_{i} = \prod_{j = 1}^{k} {ciphertext}_{ij}$
	Get timestamp →t_i
	Aggregated data ciphertext t_i = H (ID_{ED _i}\|\|η_i\|\|δ_i) ^{MS _key _i}
Step 7:	ED_i to CC. to get
	data {ID_{ED _i} η_i, ciphertext_i, δ_i}
Step 8:	end if
Step 9:	end if

When all the data received from user id_ij (j = 1, 2, … . , k), ED_i verifies the validity of ID_{userid
_ij} and checks its timestampδ_ij (j = 1, 2, … . , k) freshness. Once the data is discarded, it is identified as a failure.

After that ED_i performs the verification using batch verification $e (\prod_{j = 1}^{k} {ciphertext}_{ij}, h) = \prod_{j = 1}^{k} e (H ({ID}_{{userid}_{ij}} | | {ciphertext}_{ij} | | δ_{ij}), {PU}_{key}_{ij})$ , which significantly reduces the ${ED}_{i}^{'}$ communication, as well as computation costs.

If this condition is not on hold and any one of the data given by SD_ij (j = 1, 2, … . , ; ; k) is not valid, and ED_i can find the not valid data by verifying the condition e (ciphertext_ij, h) = e (H (ID_{userid
_ij}||ciphertext _ij||δ_ij) , PU_key_ij) (j = 1, 2, … , k).

On the other hand, when the reported data received from userid_ij (j = 1, 2, … . , k) valid. Then, ED_i will do the aggregation of all received data as $η_{i} = \prod_{j = 1}^{k} {ciphertext}_{ij}$ .

Then ED_i obtains the current timestamp t_i And produce a signature to the aggregated ciphertext t_i = H (ID_{ED
_i}||η_i||δ_i) ^{MS
_key
_i}.

Finally, ED_i submits the message {ID_{ED
_i} η_i, ciphertext_i, δ_i} to the CC.

Stage 5: Decryption and verification at the control Centre

Algorithm 4: Decryption and Verification at CC
Input:	Messages reported by s
	Edge Devices {ED₁, ED₂, …, ED_s} ,
Output:	Recovered aggregated by CC
Step 1:	CC received data from Edge Devices
Step 2:	Performs batch verification ciphertext
Step 3:	CC performs batch verification
	$e (\prod_{i = 1}^{s} ϑ_{i}, h) = \prod_{i = 1}^{s} e (H ({ID}_{{ED}_{i}} \| \| η_{i} \| \| δ_{i}), {MS}_{key}_{i})$ ,
Step 4:	If( $e (\prod_{j = 1}^{k} {ciphertext}_{ij}, h)$ !=hold at least one of the messages is invalid)
Step 5:	ED_i finds the invalid message using e (ϑ_i, h) = e (H (ID_{ED _i}\|\|η_i\|\|δ_i) , MS_key_i) (i = 1, 2, … , s).
Step 6:	If( $e (\prod_{j = 1}^{k} {ciphertext}_{ij}, h)$ ==hold)
Step 7:	$e (\prod_{j = 1}^{k} {ciphertext}_{ij}, h)$ is verified and accepted
Step 8:	ED_i aggregates the received messages
	as $\sum_{i = 1}^{s} \sum_{j = 1}^{k} {ud}_{ij}$
Step 9:	end if
Step 10:	end if

After receiving the data reported from s Edge Devices {ED₁, ED₂, …, ED_s} , CC checks the validity of ID_{ED
_i}. once that identifies of the messages reported by ID_{ED
_i} If failed, messages will discard the messages. The following steps explain the decryption process:

Perform reverse permutation D as per the value of FPERM to get the value of U.

Perform decryption operation: if r = 1, thent₁ = U₁ ⨂ SEC_key₀ ⨂ SEC_key_1.ifr > 1, t_r = U_r-1 ⨂ U_r ⨂ SEC_key_r

Perform reverse permutation operation t as per the value of FPERM to get the value of T.

Cut off the additional zero in the variable T to retrieve the required plaintext result.

Then CC performs batch verification $e (\prod_{i = 1}^{s} ϑ_{i}, h) = \prod_{i = 1}^{s} e (H ({ID}_{{ED}_{i}} | | η_{i} | | δ_{i}), {MS}_{key}_{i})$

This process will reduce the communication and computational cost for CC. If it is not on hold, identified of one message reported by ED_i (i = 1, 2, … , s) is not valid, and CC can identify the incorrect messages by using e (ϑ_i, h) = e (H (ID_{ED
_i}||η_i||δ_i) , MS_key_i) (i = 1, 2, … , s). ud_ij data user. Else if the data reported by ED_i (i = 1, 2, … . , s) are all successfully valid. Then, CC will aggregate its received data as $η = \prod_{i = 1}^{s} η_{i} = d \sum_{i = 1}^{s} {ud}_{ij} h \sum_{i = 1}^{s} \sum_{j = 1}^{k} {SEC}_{key}_{ij}$

By taking the Master key MS_key, AC can calculate

V = η^{{MS}_{key}} = {(\prod_{i = 1}^{s} η_{i})}^{{MS}_{key}}

= {(d \sum_{i = 1}^{s} \sum_{j = 1}^{k} {ud}_{ij} h \sum_{i = 1}^{i} \sum_{j = 1}^{k} {SS}_{key}_{ij})}^{p}

= d^{{MS}_{key}} \sum_{i = 1}^{s} \sum_{j = 1}^{k} {ud}_{ij}

= \hat{d} \sum_{i = 1}^{s} \sum_{j = 1}^{k} {ud}_{ij}

Then, CC can recover the plaintext aggregation $SDs \sum_{i = 1}^{s} \sum_{j = 1}^{k} {ud}_{ij}$ Using reverse permutation operation as mentioned above.

Stage 6: Algorithm for checking key stability:

KeyStb (PU_key, SEC_key) → 0 or 1 The key SEC_{key
_k} of the user is checked by the trusted Key Generator TKG to control whether it satisfies the states of the key stability check algorithm, the detailed procedures are as follows:

verify the key form SEC_{key
_k} and compare it with ${SEC}_{key} = {k_{1}^{'}, k_{2}^{'}, L_{1}, L_{2}, {{k_{z, 1}, k_{z, 2})}_{z \in E_{k}}}$

and $k_{1}^{'} \in Z_{N}^{*}$ , $k_{2}^{'}, L_{1}, L_{2}, k_{z, 1}, k_{z, 2} \in G$

Verify e (L₂, g) = e (L₁, g^a)

Verify $e (k_{2}^{'}, g^{a} g^{k_{1}^{'}}) = e {(g, g)}^{β} . e ({L_{2} L}_{1}^{k_{1}^{'}}, h)$

Verify ∃z ∈ E_k, s.t. e (k_z,2, g) = e (U_z, k_z,1) ≠1

The algorithm outputs 1 if the key SEC_{key
_k} contents the conditions of key stability check, otherwise, it outputs 0.

Stage 7: Tracing Algorithm:

Trace (PU_key, SEC_key)→ N_id/⊥. TKG takes control in this phase. When the key SEC_{key
_k} can’t able to succeed in the key stability check KeyStb (PU_key, SEC_key) → 0.then the output will be ⊥ else it extracts the information of the user identity N_{id
_k} using $D_{\underline{k}} (k_{1}^{'})$ with help of SEC_{key
_k}.

6 Security analysis

This section analyzes the security features and presents the defined security requirements mentioned above, with a primary focus on privacy protection, integrity, and source authentication

6.1 Privacy protection

This privacy protection process is to keep away from the leakage of userid_ij data usage and check-in are both conditions of external attack and internal attack. First, while it comes under external attack. it can eavesdrop on the messages sent to ED_i from userid_ij and also from ED_i to CC. If eavesdropping happens from an external attacker for the userid_ij and its data {ID_{userid
_ij}, δ_ij, η_ij, ϑ_ij}, where the Ciphertext is η_ij = U_ij. However, due to the quantum key cryptography being effectively selected secure for the ciphertext attack, the attacker cannot be able to retrieve the data ud_ij from userid_ij without knowing sesk_ijand MS_key. Besides, if ED_i aggregated data {ID_{ED
_ij}, δ_i, η_i, ϑ_i}, have been eavesdropped by an external attacker, where $η_{i} = d \sum_{i = 1}^{s} h \sum_{i = 1}^{s} \sum_{j = 1}^{k} {SS}_{key}_{ij}$ , and also the attacker not able to sum the l user’s data $\sum_{j = 1}^{k} {ud}_{ij}$ Without knowing of CC Master key MS_key.

So, the proposed method can provide strong privacy while under attacks by external. Second, when an internal attacker tries to access the ED′sor CC′s secret keys and it wants to retrieve the ED′s usage data. If an internal attacker trying to eavesdrop the userid_ij message {ID_{userid
_ij}, δ_ij, η_ij, ϑ_ij}, where the Cipher text is η_ij = U_ij. Even the attacker retrieves CC′s secret key p, and calculate $η_{ij}^{{MS}_{key}} = \hat{d} \sum_{i = 1}^{s} \sum_{j = 1}^{k} {ud}_{ij}$ . However, ${ud}_{ij}^{'} s$ security was ensured by the secret information sesk_ij, which is the blinding factor to keep away from the outflow of the userid_ij data handling. So, from this, now confirm that the proposed system can secure the privacy concern for the data users against internal attackers.

6.2 Integrity

Data integrity is an essential part of security by ensuring that the data is not damaged during transmission. The guarantee of data integrity for transmitted messages can be provided in our proposed work. Additionally EDs or CC can identify the tampered messages. For the data {ID_{userid
_ij}, δ_ij, η_ij, ϑ_ij}, received by ED_i which was reported by userid_ij, ED_i will check first about the validity of identity and timestamp freshness, and message integrity by checking if e (ciphertext_ij, h) = e (H (ID_{userid
_ij}||ciphertext _ij||δ_ij) , PU_key_ij) Hold.

As we can see that each part of the message {ID_{userid
_ij}, δ_ij, η_ij, ϑ_ij} is involved by verifying integrity; any tamper data will not hold. for that reason, the data reported by userid_ij able to be verified by ED_i. when the data {ID_{ED
_ij}, δ_i, η_i, ϑ_i} received from ED_i, the integrity of the data verified by CC. if the equation e (ϑ_i, h) = e (H (ID_{ED
_i}||η_i||δ_i) , MS_key_i) (i = 1, 2, … , s) is in hold. Any damage in the message will become that the equation is not on clutch then each part of {ID_{ED
_ij}, δ_i, η_i, ϑ_i}. Thus, the CC can ensure data integrity and the report by EDs.

6.3 Authentication

For source authentication, the validity of the message {ID_{userid
_ij}, δ_ij, η_ij, ϑ_ij} reported by userid_ij can be verified by ED_i, and {ID_{ED
_ij} {δ_i, η_i, ϑ_i} reported by ED_i can be verified by CC. also, the identity ID_{userid
_ij} and ID_{ED
_i} are stored in the message , and {ID_{ED
_ij}, δ_i, η_i, ϑ_i} respectively. So, the ED_i and CC can be sure about the message sources. ED_i and CC can identify the not valid messages like from which userid_ij and ED_i, respectively. also, userid_ij and signatures for ED_iσ_ij = H (ID_{ED
_i}||η_i||δ_i) ^{MS
_key
_i} are produced using the corresponding master keys MS_key_ij and MS_key_i, respectively.

Therefore, any adversary without userid_ij and ED_i cannot forge the correct messages {ID_{userid
_ij}, δ_ij, η_ij, ϑ_ij}, and {ID_{ED
_ij}, δ_i, η_i, ϑ_i} to imitate userid_ij and ED_i, respectively. Thus, the proposed system provides an efficient authentication source for all communications.

7 Performance evaluation

This session evaluates the performance aspects of the proposed SDA-QKM method in terms of communication and computational complication. As a comparison, consider three cryptographic systems, specifically, EPPA [32], SEDA [34], and LVPDA [35]. The proposed model is demonstrated using the simulation parameters using the 3.26 simulator. Deploys the nodes indiscriminately in smart devices.

The authorized centre is considered as Edge server and control centre. The number of things utilized 10 to 100, the Radio Propagation Model is Two Ray Ground, using COPE Application Layer Type and Yans. Wi-Fi channel model is SURF Traffic model. Simulation time is 1000 secs. The demonstrated results are shown and discussed below. In this scheme, the users are varied to perform communication and computation costs.

The simulation environment, performance metrics and simulation results are presented in this section. The simulation for the proposed model is carried out using Network Simulator (NS-3) and analysis is presented below. We evaluate the performance and validate the effectiveness of the proposed SDA-QKM through this simulation. A comparative study on the metrics, with existing protocols namely EPPA, SEDA, and LVPDA is also presented in the graphs below. The simulation parameters we considered are stated in Table 2.

Table 2
Simulation parameters

Parameter Value

Simulator NS-3.26

Simulation area(width *depth) 500X500m

Number of the control center 1

Number of smart devices 10 to 1000

Number of edge devices 10 to 100

Packet size 512 bytes

Queue size 100

Data rate 6 Mbps

Bandwidth 10 MHz

protocol SDA-QKM

Simulation Time 300Sec

Parameter	Value
Simulator	NS-3.26
Simulation area(width *depth)	500X500m
Number of the control center	1
Number of smart devices	10 to 1000
Number of edge devices	10 to 100
Packet size	512 bytes
Queue size	100
Data rate	6 Mbps
Bandwidth	10 MHz
protocol	SDA-QKM
Simulation Time	300Sec

In Table 3, we give the notations, operations handled to corresponding time costs with cryptographic functions.

Table 3

Notations in evaluation

Parameters	Description	Time (ms)
ω _p	Time of bilinear pairing	11.5785
ω _e2	Time of double exponentiation	0.3421
ω	exponentiation Time	0.2957
ω _s	scalar multiplication Time	0.2594
ω _mp	Time of map to point	0.5284
ω _i	Inversion time for the cyclic group	0.01975
ω _m	multiplication time in a group	0.0014

7.1 Computational complexity

In the SDA-QKM scheme, when the edge devices ED_i joins in the network, it needs 2ω_e2 to produce the CiphertextC_ij and ω_mp + ω_e to produce the corresponding signature σ_ij. Now, the total computation cost of each SD is 2ω_e2 + ω_mp + ω_e = 1.5083 ms. Each ED needs (k + 1) ω_p + 2 (k - 1) ω_m + kω_mp to perform batch verification, ω_e + kω_m to produce the aggregation of data, and ω_mp + ω_e for the signature generation σ_i. Therefore, the total cost for computing each ED is (ω_p + 3ω_m + ω_mp) k + ω_p - 2ω_m + 2ω_e = (12.111k + 12.1671) ms. Besides, the CC needs (s + 1) ω_p + 2 (s - 1) ω_m + sω_mp to do the batch verification, (s - 1) ω_m for aggregated data, and ω_e for calculation of V, now the total computation cost of CC is (ω_p + 3ω_m + ω_mp) s + ω_p - 3ω_m + ω_e) = 12.1111s + 11.87 ms.

Fig. 3

Computational cost comparison in the ED side.

Table 4 shows that our SDA-QKM scheme consumes less time for cryptographic operations as we have done security analysis above, particularly on the SDs side. Fig.3 shows the result comparison of computational cost with the other three schemes. And we can see that our computational cost is reduced at least 52.07% while compared with EPPA [32], SEDA [34], and LVPDA [35] since in their schemes, time cost rises significantly while the user’s increases. Fig. 4 indicates the results of computational cost between the four methods from the Control Center side. It shows that our proposed SDA-QKM works efficiently, even in the most complex operations.

Fig. 4

Computational cost comparison on CC side.

Table 4

Overall computational cost analysis

Number of users/ Computational cost	LVPDA [35]	SEDA [34]	EPPA [32]	SDA-QKM
0	0	0	0	0
200	2300	3400	8000	1100
400	5600	7600	16000	3500
600	7700	9800	24000	5600
800	9700	13400	31000	6700
1000	12300	16000	38000	8800

In Fig. 5 shows the overall computation cost comparison of our proposed work SDA-QKM with the existing three schemes. It proves that computational cost is much less compared to existing schemes by varying numbers of users. It is due to our data aggregation scheme which saves time during the aggregation process.

Fig. 5

Computational cost comparison vs number of users.

In Fig. 6 represents the computational cost for the verification and signature generation process and it shows our proposed work performs better than other existing schemes. Our SDA-QKM scheme was 30% lower than LVPDA [35], EPPA [32], and SEDA [34]. And also compared the aggregation cost which we calculated during the aggregation phase and is showed in Fig. 7. From the above all the results clearly show that our proposed SDA-QKM performs better than the other existing schemes in standings of overall computation, aggregation, verification, and signature.

Fig. 6

verification and signature cost comparison vs number of users.

Fig. 7

Aggregation cost comparison vs number of users.

7.2 Communication overhead

The communication overhead calculation of our SDA-QKM system incorporates the communication between SD-to-ED and ED-to-CC which assumes that there are s to ED and each ED contains k, SD in the data aggregation. While coming into the communication between SD-to-ED, each SD produces the individual report for the data and sends it to the ED in the form of {ID_{userid
_ij}, δ_ij, η_ij, ϑ_ij}, and its communication overhead will be 64+32+1280+1280 = 2656 bits. The ED gathers the complete reports from SD. Users in each time slot. Next part, we measure communication between ED-to-CC.while comes into the aggregation phase of the report; the CC will aggregate the SD′s separate reports and by using that it generates {ID_{ED
_ij}, δ_i, η_i, ϑ_i}. ED_i reports the aggregated message {ID_{ED
_ij}, δ_i, η_i, ϑ_i}To CC, and the communication overhead is 64+32+1280+1280= 2656 bits/sec. consequently, the communications cost of SD_ij and ED_i for one session’s, and data aggregation is 2656 bits for both, so one session total communication cost will be 2656sk + 2656s bits.

Furthermore, Table 5 shows the analysis of communication overhead from SD to ED and ED to CC. Fig. 8 and 9, intend the communication overhead in provisions of the SDs and EDs. With a comparison of existing schemes, our proposed system has the minimum total overhead in communication. The two coefficients, which are sk and s, are significantly lesser than the other three schemes, EPPA [32], SEDA [34], and LVPDA [35]. The tangible below rates are 63.4 % and 36% than EPPA, 34.8% and 52.10 % than SEDA and 26.69 and 33.19 % than LVPDA.

Fig. 8

Communication overhead comparison on SD to ED side.

Fig. 9

Communication overhead comparison on ED to CC side.

Table 5

Communication Overhead Analysis between SD to ED and ED to CC

	SD to ED				ED to CC
	LVPDA[35]	SEDA[34]	EPPA[32]	SDA-QKM	LVPDA[35]	SEDA[34]	EPPA[32]	SDA-QKM
0	0	0	0	0	0	0	0	0
10	140000	280000	200000	110000	140000	280000	320000	110000
20	270000	430000	340000	170000	370000	530000	640000	190000
30	490000	620000	530000	320000	590000	720000	930000	270000
40	630000	860000	740000	480000	730000	1060000	1450000	430000
50	750000	1040000	860000	560000	950000	1540000	1990000	560000
60	920000	1360000	1050000	710000	1180000	1960000	2550000	780000
70	1060000	1620000	1340000	830000	1460000	2320000	3040000	940000
80	1330000	1820000	1650000	980000	1630000	2920000	3650000	1020000
90	1490000	2120000	1780000	1070000	1890000	3180000	4080000	1120000
100	1580000	2270000	1960000	1190000	1980000	3570000	4340000	1230000

8 Conclusion

In this work, the Secure Data Aggregation process is simultaneously achieving the source of authentication, integrity, and privacy protection. With the use of QKM, the scheme supports completing the authorization done through the access layer with the concern of secure transmission. The proposed scheme exploits the bilinear homomorphic and Quantum Cryptography system. This section key is a unique aspect of generating quantum key cryptography. The session time is used to determine the random number generation within the time limit, which credits the section key generation. Our performance analysis illustrated that the proposed system provides a computation efficiency of around 40% in computation and communication overhead compared to the existing systems. Our future work, to increase the security requirements added more authoritative adversaries and active attack models.

References

Gubbi

, Buyya

, Marusic

and Palaniswami

, Internet of things (IoT): A vision, architectural elements, and future directions, Future Generation Computer System 29(7) (2013), 1645–1660.

Wang

, Wang

and Domingo-Ferrer

, Anonymous and secure aggregation scheme in fog-based public cloud computing, Future Generation Computer System 78 (2018), 712–719.

Wang

, Shen

, Liu

, Ren

, Li

A novel security scheme based on the instant encrypted transmission for Internet of things, Secure Communication Network (2018).

Selvakumar

, SaiRamesh

, Sabena

, Kannayaram

CLOUD COMPUTING-TMACS: A robust and verifiable threshold multi-authority access control system in public cloud storage, in: Smart Intelligent Computing and Applications: Proceedings of the Second International Conference on SCI 2018. Springer, Singapore (2019), Vol. 2, pp. 365–373.

Bulck

J.V.

, Mühlberg

J.T.

, Piessens

Vulcan: Efficient component authentication and software isolation for automotive control networks, in: Computer Security Applications Conference, Orlando (2017), doi: 10.1145/3134600.3134623-2017

Rivest

R.L.

, Shamir

and Adleman

L.M.

, A method for obtaining digital signatures and public-key cryptosystems, Communication ACM 21(2) (1978), 120–126.

Lara-Nino

C.A.

, Diaz-Perez

and Morales-Sandoval

, Elliptic curve lightweight cryptography: A survey, IEEE Access 6 (2018), 72514–72550.

Diffie

, Hellman , New directions in cryptography, IEEE Transaction of Information Theory 22(6) (1976), 644–654. doi: 10.1109/TIT.1976.1055638.

Jaithunbi

A.K.

, Sabena

and Sairamesh

, Preservation of data integrity in public cloud using enhanced vigenere cipher based obfuscation, Wireless Personal Communications 129(1) (2023), 271–284.

10.

Dhanalakshmi

, Sai Ramesh

and Selvakumar

, Intelligent energy-aware and secured QoS routing protocol with dynamic mobility estimation for wireless sensor networks, Wireless Networks 27 (2021), 1503–1514.

11.

Hoi-Kwong and Chau

H.F.

, Unconditional security of quantum key distribution over arbitrarily long distances, Science 283(5410) (1999), 2050–2056.

12.

Shor

, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Journal on Computing 26(5) (1997), 1484–1509.

13.

Paul

and Niethammer

, On the importance of cryptographic agility for industrial automation, at - Automatisierungstechnik 67(5) (2019), 402–416.

14.

, Zhang

and Huang

, Lightweight quantum encryption for secure transmission of power data in smart grid, IEEE Access 7 (2019).

15.

Song

et al. A privacy-preserving communication protocol for IoT Applications in smart homes, IEEE Internet Things J. 4(6) (2017), 1844–1852.

16.

Karthikeyan

, Velumani

, Kumar

, Inabathini

Analysis of data aggregation in wireless sensor network, in: 2nd International Conference on Electronics and Communication Systems (ICECS) (2015), pp. 14351439.

17.

Przydatek

, Song

, Perrig

SIA: secure informations aggregation in sensor networks, in: Proc. first international Conf. Embedded Network Sensor Systems (2003), 255–265.

18.

Akkaya

, Demirbas

and Aygun

R.S.

, The impact of data aggregation on the performance of wireless sensor networks, Wiley Wireless Communication Mobile Computing (WCMC) J (8) (2008), 171–193.

19.

Cirani

, Ferrari

and Veltri

, Enforcing security mechanisms in the IP-based Internet of things: An algorithmic overview, Algorithms 6(2) (2013), 197–226. Available: https://www-mdpi-com.web.bisu.edu.cn/1999-4893/6/2/197.

20.

Schiffman

, Zhang

and Gibbs

, DAuth: Fine-grained authorization delegation for distributed web application consumers, in: Proc. IEEE Int. Symp. Policies Distrib. Syst. Netw. (policy) 6(2) (2010), 95–102.

21.

Luo

, Yin

, Li

, Wang

, Fang

, Zhu

and Tian

, A lightweight privacy-preserving communication protocol for heterogeneous IoT environment, IEEE Access 4 (2016). Doi: 10.1109/access.2020.2978525.

22.

R.X.

, Heung

, Lashkari

A.H.

and Ghorbani

A.A.

, A lightweight privacy-preserving data aggregation scheme for fog computing-enhanced IoT, IEEE Access 5 (2017).

23.

Gerdes

, Bergmann

, Bormann

Delegated CoAP authentication and authorization framework (DCAF), IETF Internet-Draft, Tech. Rep. draft-Gerdes-ace-dcaf-authorize-00 (2014). Available: http://tools.ietf.org/html/draft-gerdesace-dcaf-authorize-00

24.

Wang

, Wang

and Domingo-Ferrer

, Anonymous and secure aggregation scheme in fog-based public cloud computing, Future Generation Computer Systems 78 (2018), 712–719.

25.

Boneh

, Lynn

, Shacham

Short signatures from the Weil pairing, in: International Conference on the Theory and Application of Cryptology and Information Security. Springer (2001), 514–532.

26.

Guan

, Zhang

, Wu

, Li

, Ma

and Hu

, Appa: An anonymous and privacy-preserving data aggregation scheme for fog enhanced IoT, Journal of Network and Computer Applications 125 (2019), 82–92.

27.

Abdallah

, Shen

A lightweight lattice-based homomorphic privacy-preserving data aggregation scheme for smart grid, IEEE Trans. on Smart Grid (2016).

28.

Badra

and Zeadally

, Lightweight and efficient privacy-preserving data aggregation approach for the smart grid, Ad Hoc Networks 64 (2017), 32–40.

29.

Saleem

, Khan

, Ur Rehman Malik

, Pervaiz

, Malik

, Alam

, Jindal

FESDA: Fog-enabled secure data aggregation in smart grid IoT network, IEEE Internet of Things Journal (2019) DOI 10.1109/JIOT.2019.2957314.

30.

Kursawe

, Danezis

, Kohlweiss

Privacy-friendly aggregation for the smart-grid, in: Proc. Int. Symp. Privacy Enhancing Technol. Symp. (2011), pp. 175–191.

31.

Erkin

, Tsudik

Private computation of spatial and temporal power consumption with smart meters, in: Proc. Int. Conf. Appl. Cryptography Network Security (2012), 561–577.

32.

, Liang

, Li

, Lin

and Shen

, EPPA: An efficient and privacy-preserving aggregation scheme for secure smart grid communications, IEEE Trans. Parallel Distrib. Syst. 23(9) (2012), 1621–1631.

33.

Jaithunbi

A.K.

, Sabena

and SaiRamesh

, Trust evaluation of public cloud service providers using genetic algorithm with intelligent rules, Wireless Personal Communications 121(4) (2021), 3281–3295.

34.

, Alharbi

, Lin

, Shen

Security-Enhanced data aggregation against malicious gateways in smart grid, in: Proc of IEEE GLOBECOM’15, San Diego, CA, USA (2015), pp. 1–6.

35.

Zhang

, Zhao

, Wu

and Chen

, LVPDA: A lightweight and verifiable privacy-preserving data aggregation scheme for edge-enabled IoT, IEEE Internet of Things Journal 7(5) (2020).

36.

Bhatt

, Babuta

and Sharma

, Quantum information processing and communication: Asian perspective, International Journal of Computer and Mathematical Sciences 7(2) (2018), 616–621.

37.

Nicola Jones Computing: The quantum company. Nature (2013). Available: https://www.nature.com/news/computingthe-quantum-company-1.13212

38.

Deutsch

, Barenco

and Ekert

, Universality in quantum computation, Proc. of the Royal Society A: Mathematical and Physical Sciences 449(1937) (1995), 669–677.

39.

Rieffel

and Polak

, An introduction to quantum computing for non-physicists, ACM Computing Surveys 32(3) (2000), 300–335.

40.

Ning

, Dong

, Cao

, Wei

and Lin

, White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes, IEEE Trans. Inf. Forensics Security 10(6) (2015), 12741288.

41.

Barati

, A hierarchical key management method for wireless sensor networks, Microprocessors and Microsystems 90 (2022), 104489.

42.

Alimoradi

, Barati

and Barati

, A hierarchical key management and authentication method for wireless sensor networks, International Journal of Communication Systems 35(6) (2022), e5076.

43.

Bagchi

, Maheshwari

, Bera

, Das

A.K.

, Park

, Lorenz

, Yau

D.K.Y.

Public blockchain-envisioned security scheme using post quantum lattice-based aggregate signature for internet of drones applications, IEEE Transactions on Vehicular Technology (2023).

44.

Dharminder

, Kumar

, Das

A.K.

, Bera

, Giri

, Jamal

S.S.

and Rodrigues

J.J.P.C.

, Secure cloud-based data storage scheme using postquantum integer lattices-based signcryption for IoT applications, Transactions on Emerging Telecommunications Technologies 33(9) (2022), e4540.

45.

Bagchi

, Bera

, Das

A.K.

, Shetty

, Vijayakumar

and Karuppiah

, Post quantum lattice-based secure framework using aggregate signature for ambient intelligence assisted blockchain-based IoT applications, IEEE Internet of Things Magazine 6(1) (2023), 52–58.