An approach for data integrity authentication and protection in fog computing

Abstract

The data integrity verification process in cloud has become more promising research area in several Internet of Things (IoT) applications. The traditional data verification approaches use encryption in order to preserve data. Moreover, fog computing is considered as extensively employed virtualized platform and it affords various services including storage as well as services interconnected to computing and networking between user and data center based on standard cloud computing. Moreover, fog computing is an extensive description of cloud computing. Thus, fog servers effectively decrease the latency by integrating fog servers. In this paper, novel model for data integrity authentication and protection is designed in IoT cloud-fog model. This method mainly comprises fog nodes, cloud server, IoT nodes, and key distribution center. Here, dynamic and secure key is produced based on the request to key distribution center based on hashing, Exclusive OR (XOR), homomorphic encryption and polynomial. The fog nodes are employed to encrypt the data gathered from IoT nodes as well as allocate the nearby nodes based on Artificial Bee Colony-based Fuzzy-C-Means (ABC FCM) – based partitioning approach. The proposed data integrity authentication approach in IoT fog cloud system outperformed than other existing methods with respect to detection rate, computational time and memory usage of 0.8541, 34.25 s, and 54.8 MB, respectively.

Keywords

Data integrity authentication fog computing key distribution center artificial bee colony-based fuzzy-c-means

1. Introduction

Due to the development of new technologies and concepts, like intelligent transportation, mobile internet, smart city as well as amount of devices linked to internet is rising, thus more effective processing and powerful resources are required. The incorporation of cloud and IoT becomes more expected preference. The cloud computing is introduced for accumulating and processing large number of data gathered through IoT. Moreover, network devices are utilized for distantly monitoring and controlling any physical entity under new network conditions, which generates sensible decisions through implanting computing resources and communication in physical devices. The combination of IoT network and cloud has significantly enhanced the people’s lives and work effectiveness, and it has been preferred by more number of peoples [12]. However, obtaining data integrity verification model for huge scale IoT data in cloud storage has become as modern topic for further applications in IoT. The combination of cloud and IoT eradicates the trouble of regulation and local storage. Accordingly, cloud service providers can definitely gain the user control data, which critically threatens data security [24, 25]. Consequently, IoT data integrity verification model is great significance for effectual cloud storage [13]. Furthermore, individual users select to accumulate their data on cloud owing to the rapid development of information sharing and trade. However, users misplace the control of the data, while the data’s are accumulated on cloud. Hence, how to authenticate the integrity of data accumulated on cloud becomes as more significant concern [14].

Data Integrity Verification (DIV) is one of the immense responsibilities with cloud data, due to the involvement probability in malevolent behaviours of cloud user as well as cloud provider is very high. Thus, there are various ways to address the cloud provider issues. Additionally, decryption and encryption process are effectively utilized by user, even though it need large functional overhead and processing time [26, 27]. Moreover, data auditing approaches [15] are also utilized for solving high cloud provider issue. The data integrity verification becomes a significant security challenge in cloud technology. Consequently, downloading the entire data for integrity verification will considerably improve the computation and communication overhead. The cloud service provider is selected for obscuring the data corruption or loss in order to maintain the user’s trust, while cloud storage devices are damaged or hackers steal the outsourced data. In addition, cloud service provider saves the storage space by deleting less accessed data or reveals users’ privacy information [28]. Therefore, cloud users must identify the effectual approach for verifying outsourced data integrity [16]. The essential security concerns in data outsourcing are raised critically. Besides, cloud service provider may hide the data loss incidents for maintaining the reputation. In addition, external adversary may deform the user’s data on cloud server for political and financial causes. An effective and secure verification technique is habitually needed by users in order to guarantee the data integrity [17].

The IoT data integrity verification has huge impact for effectual cloud storage. The existing data integrity verification techniques for cloud storage are mainly based on erasure codes [20], asymmetric cryptographic techniques [19], and hash function [18]. Moreover, data integrity verification approaches is also developed, which is separated into two models, like Proofs of Retrievability (POR) and Provable Data Possession (PDP) model. Moreover, conventional approaches use trusted Third Party Auditors (TPA) for performing auditing tasks as well as users burden is highly decreased during the verification stage [13]. In recent days, growing attention model is applied for verifying data integrity in cloud storage system. In addition, POR [21] was also introduced for data integrity verification, and this model was not only authenticating the data integrity accumulated in cloud but also guarantees data retrievability with error correcting code. Besides, the method designed in [22] effectively verifies data integrity in cloud storage. This approach integrates block tags into single one with Rivest-Shamir-Adleman (RSA) – based Homomorphic Verifiable Tag (HVT) without downloading all data. Moreover, existing works specified that the integrity verification approach utilizes more computational and communication resources, because it employed RSA integers. A public data integrity verification model was developed with BLS signature in [23]. However, BLS consumes very less computation and communication resources. On the other hand, malicious attacker could access outsourced data in interactive proof system, which threatens the privacy of data.

The IoT system attaches every entity, like mobile devices, computers and wearable smart devices to the Internet, after that information sharing and communication is performed. The cloud computing is introduced for accumulating and processing large number of data gathered through IoT. The limitations in the various existing authentication approaches are listed below:

•
The data, which are accumulated in cloud may be corrupted or misplaced because of external malicious attacks, hardware failures, necessary software errors, and damage from cloud service providers [1].
•
The training model in distributed machine learning model may deeply affect and training results was not accurate, while network attacks counterfeit the data [2].
•
Data integrity is one of most significant security concerns, since users do not own their data after data outsourcing to cloud servers.

These challenges and the restrictions are mainly considered as motivation for developing a novel data integrity authentication scheme.

The major intention of this research work is to develop an approach for data integrity authentication and protection in Fog-IoT system. The network mainly comprises four entities, like IoT nodes, fog nodes, cloud server and key distribution center. This algorithm is devised by five phases, such as IoT and fog node registration key generation, authentication, data encryption phase and data decryption phase. Initially, in IoT and fog node registration stage, IoT devices and fog nodes are registered to cloud server. After that, key generation phase is performed in which dynamic and secure key is produced based on the request to key distribution center by various models, like Hashing, Homomorphic encryption, XOR, and polynomial. Once key generation process is completed, then authentication phase is carried out where IoT and fog nodes are authenticated with cloud server by means of session password, and keys. The next phase is data encryption stage in which fog nodes are utilized to encrypt the data composed from IoT nodes, and then allocate to neighbor fog nodes using ABC-FCM-based partitioning approach [11]. The last stage is data decryption phase where data is decrypted by server for the retrieval process, when all the shares are obtained from fog nodes.

The main contribution of this research is explained as follows. Proposed data integrity authentication and protection in IoT-cloud-fog computing: The data integrity authentication and protection scheme is developed for data security and authentication in IoT-cloud-fog computing. This network model consists of IoT nodes, fog nodes, cloud server and key distribution center. Here, fog nodes are utilized to encrypt the data collected from the IoT nodes, and then distribute to neighbor fog nodes using ABC-FCM-based partitioning approach.

The residual sections of the paper are arranged in following way: Section 2 explains conventional data integrity authentication techniques in fog computing. Section 3 illustrates the system model of IoT-fog model. Section 4 explicates the proposed data integrity authentication model. Section 5 deliberates the results of developed approach with regards to existing techniques, and Section 6 concludes the paper.
2. Literature review

The literature survey of existing data integrity verification techniques are explained with benefits and limitations. Junfeng Tian and Xuan Jing [1] presented cloud data integrity verification technique for connected tags. In this method, operation logs were grouped based on the operation kind. Moreover, homomorphic hash function was applied into integrity verification of operation logs for understanding stronger privacy protection. This method effectively decreased audit overhead, although failed to obtain effective performance dynamic update operations. Xiao-Ping Zhao and Rui Jiang [2] modelled Distributed Machine Learning Oriented Data Integrity Verification (DML-DIV) model in cloud computing structure. At first, Provable Data Possession (PDP) sampling auditing approach for obtaining data integrity verification. After that, random number was produced as well as Discrete Logarithm Problem (DLP) was applied for making proof and ensuring privacy protection during verification process. Finally, identity-based cryptography and two step key generation model for producing data owner’s private or public key pair. This model efficiently opposes forgery and tampering attack, but still this model needs more computing and waiting time which is the major drawback. Xiuqing Lu et al. [3] developed integrity verification model for cloud computing in IoT devices. The lightweight auditing model was introduced for both integrity verification and block tag generation. In addition, Version Based_Merkle Hash Tree (VB_MHT) model was designed for improving security in integrity verification of shared data. The computational cost was highly reduced, even though the storage capacity was high in this model. However, the data integrity of the model needed to be improved. May Altulyan et al. [4] introduced unified structure for data integrity protection in smart cities. The holistic model was introduced to guarantee data integrity. Besides, fog computing was employed for concealing data with block chain overload. Moreover, this model accumulates normal data and sensitive data into block chain with no difficult pre-processing process. This algorithm affords resiliency against various threats, although failed to solve energy consumption and latency issues.

Walid I. Khedr et al. [5] designed Cryptographic Accumulator Provable Data Possession (CAPDP) method for data integrity verification in cloud storage. The data owner performs unrestricted amount of data verifications against total database, when restricting computational overhead. Moreover, this model supports several features, like dynamic data operators and blocks less verification. This algorithm effectively reduced burden and cost of verification process. Kashif Munir and Lawan A. Mohammed [6] presented data integrity approach in fog computing. This approach employs four techniques, namely KeyGen, SigGen, GenProof and VerifyProof model. This model decreases storage overhead, although failed to include more techniques for demonstrable estimation process Wei Tong et al. [7] modelled two Integrity Checking protocols for mobile Edge computing, termed ICE-basic and ICE-batch for data integrity. Here, the third-party verifier was permitted for checking data integrity on edges. In addition, remote data integrity checking model was applied for edge storage and effective batch verification. This model was effectual in communication and computational complexity, although failed to manage restricted operation abilities to maintain the system. Hui Tian et al. [8] developed Bilinear mapping approach for secure data storage in fog to cloud computing. Here, tag transforming model depends on bilinear mapping model was applied for converting tags, which are produced by mobile sinks. Besides, zero knowledge proof method was employed for verifying data integrity in IoT. This method successfully obtains public auditing, which enhances the performance of secure data storage in fog to cloud system. However, this model failed to attain effectual auditing for load balancing of multiple auditors and big data.

In the proposed method, the dynamic and secure key is produced based on Hashing, Homomorphic encryption, XOR, and polynomial. Also, the data encryption is done with ABC-FCM algorithm, which has fast convergence. Moreover, the ABC-FCM- based partitioning approach is used to allocate the neighbor fog nodes. Besides, the modulation function and Chebyshev polynomial enhance the performance of the data authentication of the proposed method.

3. System model

The cloud enabled IoT model is more promising, which has the capacity to afford services and storage to IoT users. Here, different devices are considered to connect with IoT network so that millions of data is produced in fraction of second. This network model mainly relies on centralized data centers, such as cloud is not practicable for IoT data, due to more distance. Therefore, fog computing is more necessary for permitting data processing at network edge, which improves the service quality through offering fast responses to sensor request. This system representation comprises cloud, fog node and IoT network. Every IoT network includes $E$ devices where all device is denoted as $N_{c}$ such that $c\in[{1,E}]$ . Furthermore, the devices $E$ are connected to fog nodes. Therefore, every fog node is indicated as $U_{h}$ , where $h\in[{1,q}]$ is responsible to accumulate data with set of devices $Q_{s}$ in which $s\in[{1,q}]$ . Commonly, for every application session $a$ and IoT device $N_{c}$ generates data, and it is illustrated as $V_{c}^{r}$ . Due to the accumulation and deal of data, fog node is competent to exchange a data based on $q-1$ other fog nodes, and it is present in adjacent. Moreover, fog node includes secret key $K$ as well as creates new nonce after the conclusion of new session $t$ . After every session $t$ , fog node creates dynamic key $I_{c}$ from its static key $K$ and produced nonce. All fog node poses capacity for obtaining one way hash function and stream cipher. After every session $t$ , fog node $U_{h}$ converts accumulated data $V_{c}^{r}$ into $b$ session, in which $v_{c}^{r1},\ldots v_{c}^{rb}$ . The fog separates $({b-1})$ portions over $c-1$ of its nearby, which is based on selected replication scheme thus preserving one for itself. Additionally, every fog node $N_{c}$ are connected to various clouds $Y_{o}$ where $o\in[{1,f}]$ , such that $U_{h}$ assigned stored and processed data for related certified clouds. Figure 1 depicts the system model for data integrity authentication in IoT fog cloud.

Figure 1.

System model of data integrity authentication in IoT fog cloud.

4. Proposed data integrity authentication in IoT-fog-cloud model

This section explains about the developed data integrity authentication model in IoT-fog-cloud system. In this technique, network structure includes IoT nodes, fog nodes, cloud server and key distribution center. This developed approach comprises five phases, like IoT and fog node registration, key generation, authentication, data encryption and data decryption phase. In IoT as well as fog node registration phase, IoT devices and fog nodes are registered to cloud server. Moreover, in key generation phase, dynamic and secure key are generated based on the request to KDC using various functions, like XOR, Hashing, Homomorphic encryption and Polynomial. Afterwards, authentication phase is done where IoT and fog nodes are authenticated with cloud server by session password, and keys. The fourth phase is data encryption phase in which fog nodes are employed to encrypt the data gathered from IoT nodes, and then allocate to neighbor fog nodes by ABC-FCM- based partitioning approach [11]. The final phase is data decryption phase in which data is decrypted by server for retrieval process, while every share is obtained from fog nodes. Figure 2 shows the overall framework of the developed authentication approach.

Figure 2.

Overall framework of the devised authentication approach.

Table 1 explicates the symbol description of the data integrity authentication model in IoT fog cloud computing system.

Table 1

Symbol description of the data integrity authentication model in IoT fog cloud computing

Symbol	Description
$N_{ID}^{FN}$	ID of fog node
$N_{ID}^{FN\ast}$	Password of fog node
$S_{ID}$	Server ID
$S_{PD}$	Server password
$h(.)$	Hashing function
a	Random number
$P^{S}$	Private key of server
r	Random number
$\oplus$	EX-OR operation
$N_{ID}^{IN}$	ID of IoT device
$N_{ID}^{IN\ast}$	Password of IoT device
$SP^{IN\ast}$	Input data
$C$	Chebyshev polynomial
$A_{1},A_{2}$	Authentication message
$S_{P}^{FN}$	Session password of fog node
$S_{P}^{ID}$	Session password of IoT node
$P_{K}$	Private key
$S_{K}$	Secure key

4.1 Sever registration

Figure 3 represents the process of server registration fordata integrity authentication model in IoT fog cloud computing. Initially, the server ID $S_{ID}$ and server password $S_{PD}$ is stored in key distribution phase as $S_{ID}^{\ast}$ , and $S_{PD}^{\ast}$ . Moreover, private key of server is computed in key distribution phase. The private key of server is generated by concatenating saved server ID $S_{ID}^{\ast}$ with random number $a$ and it is multiplied with random number $h$ . In addition, the result is further multiplied with saved server password $S_{PD}^{\ast}$ and the result is stored in cloud server as $P^{S\ast}$ .

$\displaystyle P^{S}=h({S_{ID}^{\ast}||a})\ast S_{PD}^{\ast}$ (1)

where $h(.)$ denotes hashing function, and $a$ indicates random number. If the server private key $P^{S}$ is equal to saved server private key $P^{S\ast}$ , then the cloud server is registered in key distribution phase.

Figure 3.

Sever registration.

4.2 IoT device and fog node registration

After server registration process, fog node ID $N_{ID}^{FN}$ is saved in cloud server as $N_{ID}^{FN\ast}$ . Then, the password of fog node is computed by multiplying saved fog node ID $N_{ID}^{FN\ast}$ with random number $r$ as well as XOR operation is performed for resultant value with random number $a$ . The created fog node password is expressed as,

$\displaystyle N_{PD}^{FN}=({N_{ID}^{FN\ast}\ast r})\oplus a$ (2)

where $r$ deliberates random number, and $\oplus$ implies XOR function.

The generated fog node password is saved in fog node as $N_{PD}^{FN\ast}$ , and it is passed to cloud sever. If fog node password $N_{PS}^{FN}$ is similar to saved fog node password $N_{PS}^{FN\ast}$ , then fog node is registered at cloud server. Consequently, IoT device ID $N_{ID}^{IN}$ is saved in cloud server as $N_{ID}^{IN\ast}$ . Meanwhile, the password of IoT node is estimated by multiplication of saved cloud IoT device ID $N_{ID}^{IN\ast}$ with random number and XOR function is applied among the resultant value and random number $a$ .

$\displaystyle N_{PD}^{IN}=({N_{ID}^{IN\ast}\ast r})\oplus a$ (3)

Thus, the password of IoT nodes created in cloud server is saved in IoTnodes as $N_{PD}^{ID\ast}$ . If the pass of IoT node $N_{PD}^{IN}$ is equal to saved password of IoTnodes $N_{PD}^{IN\ast}$ , then IoT node is registered in cloud server. Figure 4 depicts the registration process of IoT and Fog node.

Figure 4.

IoT device and Fog node registration.

4.3 Key generation

Once the fog and IoT node is registered in cloud server, then key generation is carried out. At first, public key $P_{K}$ is generated in key distribution center and the secure key is computed by,

$\displaystyle S_{K}=S_{ID}^{\ast}\ast h({S_{PD}^{\ast}||a})\oplus P^{S}$ (4)

The saved server password $S_{PD}^{\ast}$ is concatenating with random number $a$ , and it is multiplied with saved server as well as XOR operator is performed with resultant value and private key of server. Then, the access request is sent is key distribution center from cloud server, so that the estimated secure key $S_{K}$ is saved as $S_{K}^{\ast}$ in cloud server. Meanwhile, private key generation for fog nodes is computed by concatenating saved fog node ID and saved secure key where hashing function is applied. Moreover, modulation function is applied for the resultant value as well as the multiplication of saved public key and fog node password.

$\displaystyle P^{FN}=h({N_{ID}^{FN\ast}||{S_{K}^{\ast}}})\bmod({P_{K}^{\ast}% \ast N_{PD}^{FN\ast}})$ (5)

Thus, the generated private key for fog nodes is saved in fog node as $P^{FN\ast}$ . Similarly, private key generation for IoT nodes is computed by concatenating saved IoT node ID and saved secure keyand then multiplied with the hashing function. In addition, modulation function is employed between the final value and also multiplication of saved public key and IoT node password.

$\displaystyle P^{IN}=h({N_{ID}^{IN\ast}||{S_{K}^{\ast}}})\bmod({P_{K}^{\ast}% \ast N_{PD}^{IN\ast}})$ (6)

Finally, the generated private key for IoT nodes $P^{IN}$ is stored in fog nodes phase as $P^{IN\ast}$ . Figure 5 depicts the key generation process of data integrity authentication and protection in IoT cloud fog computing model.

Figure 5.

Key generation phase.

4.4 Authentication

Figure 6 deliberates the authentication process of data integrity authentication and protection. Here, the fog node sends a request to cloud server, where session password of fog and IoT node are generated for authentication. The session password of fog node is created by concatenation of fog node ID, private key of fog node and random number $r$ and hashing function is applied again the result is multiplied with chebyshev polynomial term $C$ . The session password of fog node is expressed as,

$\displaystyle S_{P}^{FN}=C\ast h({N_{PD}^{FN}||{P^{FN}||r}})$ (7)

where $C$ represents Chebyshev polynomial, and it is illustrated as,

$\displaystyle C=4x^{3}-3x$ (8) $\displaystyle x=h({N_{ID}^{FN\ast}||{P_{K}||{S_{K}}}})\ast P^{S\ast}$ (9)

Moreover, the session password of fog node is saved as $S_{P}^{FN\ast}$ in fog node. In addition, the authentication message $A_{1}$ is defined as,

$\displaystyle A_{1}=h({N_{ID}^{FN}||{S_{P}^{FN\ast}}})\bmod a$ (10)

Afterwards, the authenticated message is transmitted to cloud server and it is illustrated as,

$\displaystyle\tilde{A}_{1}=h({N_{ID}^{FN\ast}||{S_{P}^{FN}}})\bmod a$ (11)

If $A_{1}=\tilde{A}_{1}$ , then fog node is authenticated. Consequently, IoT node sends a request cloud server thus, session password of fog node is generated, which is denoted as,

$\displaystyle S_{P}^{IN}=C\ast h({N_{PD}^{IN}||{P^{IN}||r}})$ (12)

The session password of fog node is produced by concatenation of random number $r$ , IoT node ID, and created private key for IoT node $P^{IN}$ , where hashing function employed and the final value is multiplied with chebyshev polynomial $C$ , where $C$ denotes Chebyshev polynomial and it is specified as,

$\displaystyle C=4x^{3}-3x$ (13) $\displaystyle x=h({N_{ID}^{IN\ast}||{P_{K}||{S_{K}}}})\ast P^{S\ast}$ (14)

Thus, the session password of IoT node is saved in IoT node phase as $S_{P}^{IN\ast}$ . In addition the authentication message $A_{2}$ is denoted as,

$\displaystyle A_{2}=h({N_{ID}^{IN}||{S_{P}^{IN\ast}}})\bmod a$ (15)

The authentication message $A_{2}$ is a referred as concatenation value of IoT node ID $N_{ID}^{IN}$ and saved session password of fog node $S_{P}^{IN\ast}$ in which hashing function is performed and the resultant value is modulated with random number $a$ . The authenticated message $A_{2}$ is broadcasted to cloud server, which is given by,

$\displaystyle\tilde{A}_{2}=h({N_{ID}^{IN\ast}||{S_{P}^{IN}}})\bmod a$ (16)

The authentication message saved in cloud server is defined as the concatenation of saved IoT node ID $N_{ID}^{IN\ast}$ and session password of fog node $S_{P}^{IN}$ , where hashing function is applied and final value is modulated with random number $a$ . If $A_{2}=\tilde{A}_{2}$ , then the IoT node is authenticated.

Figure 6.

Authentication phase.

4.5 Data encryption at fog node

IoT node senses the data and transfers the collected data to the fog node. Let $D$ be the input data and the encrypted data is specified as,

$\displaystyle D^{E}=E({D,K})$ (17) $\displaystyle K=h({N_{ID}^{FN}||P})\ast P^{FN}$ (18)

where $P$ denotes security parameter.

4.5.1 Artificial bee colony-based Fuzzy-c-means-basedpartitioning

Here, the fog node partitions $D^{E}$ into $h$ number of partitions or shares based on ABC-FCM clustering [11] and distributes to the neighbouring fog nodes. The FCM algorithm has the advantages of easy implementation and fast convergence, but it has the demerit of weak local search ability. To overcome this problem, the ABC algorithm is combined with FCM to enhance the performance of data encryption. The major merits of the ABC algorithm are the proper exploration ability and simplicity.

$\displaystyle D^{E}=({D_{1}^{E}||{D_{2}^{E}||\ldots||{D_{n}^{E}}}})$ (19)

The distance sum among cluster center and pixels generates objective function of FCM approach, which is expressed as,

$\displaystyle R=\sum\limits_{p=1}^{C}{\sum\limits_{q=1}^{D}{T_{pq}^{o}d({m_{p}% ,n_{q}})}}$ (20)

where $D$ indicates number of clusters. Here, number of clusters is identical to required number of partitioning area. The cluster center is denoted as $n_{q}$ , number of nodes is specified as $C$ , $o$ implies Fuzzifier intensity, which is greater than 1. Additionally, membership function $T_{pq}$ of attribute $m_{p}$ to cluster $q$ should convince the below expression.

$\displaystyle T_{pq}\in[{0,1}];\sum\limits_{q=1}^{D}{T_{pq}=1;0<\sum\limits_{p% =1}^{C}{T_{pq}<C}}$ (21)

The dissimilarity among $m_{p}$ and $n_{q}$ is estimated by $d({m_{p},n_{q}})$ is expressed as,

$\displaystyle d({m_{p},n_{q}})=|{m_{p}-n_{q}}|^{2}=|{m_{p}-n_{q}}|^{G}\ast P_{% d}\ast|{m_{p}-n_{q}}|$ (22)

where $P_{d}$ denotes positive symmetric definite matrix. Moreover, gradient descent model is utilized for optimizing Eq. (21).

$\displaystyle T_{pq}=1\left/\sum\limits_{g=1}^{D}{\left({\frac{d({m_{p},n_{q}}% )}{d({m_{p},n_{q}})}}\right)^{({2/o-1})}}\right.$ (23)

In addition, the cluster center $n_{q}$ is illustrated as,

$\displaystyle n_{q}=\frac{\sum\nolimits_{p=1}^{C}{T_{pq}^{o}m_{p}}}{\sum% \nolimits_{p=1}^{C}{T_{pq}^{o}}}$ (24)

The objective function $R$ is optimized by FCM technique based on Eq. (20) in interactive manner.

On the hand ABC is conventional optimization approach, which is functioned, based on fuzzy clustering. The ABC algorithm has strong global searching capability. Generally, ABC comprises three sets of bees, such as scout bees, onlooker and employer. Here, the information regarding the food sources are performed by employee bees. Additionally, more information related to nectar amount, distance, nest food source direction is also afforded. Besides, scout bees search a new food source around the nest surroundings, where as onlooker bee waits in hive as well as depends on information transmitted by employee bees for finding food source. Here, the employment of nectar source as well as desertion of source is defined as ABC technique. Every employer bee producesnew interest of regions in neighbourhood by below expression,

$\displaystyle W_{p}=H_{p}+({H_{p}-H_{g}})\times\omega$ (25)

where $g$ is integer, and $\omega$ denotes random number among $[{-1,1}]$ . Additionally, the scout bee is estimated by,

$\displaystyle\textit{Chance}_{g}=\frac{\textit{nectar}_{g}^{k}}{\sum\nolimits_% {p=1}^{B}{\textit{nectar}_{p}^{k}}}$ (26)

where $\textit{nectar}_{g}$ specifies number nectar in food source $g$ , $\sum\nolimits_{p=1}^{B}{\textit{nectar}_{p}^{k}}$ implies whole amount of nectar sources around hive and $k$ denotes parameter. Additionally, the amount of soldiers for scout bee is computed by,

$\displaystyle\textit{Soldiers}_{p}=\chi+\left({\frac{S_{p}^{\alpha}}{F^{\alpha% }}}\right)+\sigma$ (27)

where percentage of soldiers selected for $p^{\text{th}}$ scout bee is specified as $\textit{Soldiers}_{p}$ , $\alpha$ represents constant, $S_{p}$ implies preference of $p^{\text{th}}$ scout bee, and total amount of scout bee is depicted as $F$ .

4.6 Data decryption

When the user request for the data, then the server retrieves the original data using key $K$ after receiving all the shares from fog nodes that is expressed as,

$\displaystyle D^{\ast}=de({D^{E},K})$ (28)

The data is decrypted only when all the shares the obtained.

5. Results and discussion

The results and discussion of developed data integrity authentication approach in IoT-fog-cloud structure is described in this section.

5.1 Experimental setup

The implementation of developed data integrity authentication method is carried out in Python tool with windows 10 OS, 4 GB RAM, and Intel processor. For the experimentation the cluster size is considered as 3.

5.2 Dataset description

The implementation is performed usingthree datasets, namely Cleveland and Hungarian datasets taken from Heart disease dataset in UCI Machine Learning Repository [9] and Dermatology database [10].

ClevelandandHungarian dataset: In general, this dataset includes 303 instances with 14 attributes. The 14 attributes are chest pain category, patient identification number, social security integer, characteristics of patient, age, chest pain position, and so on. In general, Cleveland data is utilized by machine learning researches. Moreover, Cleveland and Hungariandatabase is multivariate in nature. The capacity of instance considered is 303 with 75 attributes, which are integer, categorical, and real. The total quantity of webhits obtained is 1558777.

Dermatology database: This data is multivariate type, and it comprises categorical and integer attribute behaviours. This data includes 34 features where 33 are linear valued and one is irrelevant. In this database, differential classification of erythemato-squamous diseases is most important dilemma. The diseases present in this group are pityriasisrosea, cronic dermatitis, lichen planus, psoriasis, seboreic dermatitis, pityriasis and rubrapilaris. This dataset contains 366 instances as well as 232965 web hits.

5.3 Performance metrics

The performance metrics utilized for developed data integrity authentication in IoT fog cloud approach are detection rate, computational time and memory usage, and it is explicated as follows.

Computational time: It is referred as the time taken by controllers to process the messages and its unit is denoted in seconds.

Detection rate: Detection rate is another metric, which is computed by the ratio of number of malicious nodes, which are exposed accurately with regards to nodes count available in IoT-fog model.

$\displaystyle DR=\frac{{K}_{m}}{{K}_{c}}$ (29)

where ${K}_{m}$ indicates malicious nodes count, which are exposed perfectly, and ${K}_{c}$ denotes whole count of nodes present in a network.

Memory usage: Memory usage is defined as memory consumed by developed data integrity authentication technique in IoT-fog-cloud model.

5.4 Comparative methods

The performance of proposed data integrity authentication technique is compared with other existing approaches, namely cloud data integrity verification model [1], DML-DIV approach [2], and VB_MHT method [3].

Cloud data integrity verification model: In this technique, a new auditing scheme was implemented for operation logs (OLs) and a homomorphic hash function was implemented for the integrity verification.

DML-DIV approach: In this method, the Provable Data Possession (PDP) was utilized for verification of data integrity and a blinding factor adapted for the privacy protection.

VB_MHT method: In this method, a lightweight and secure integrity verification technique was implemented and data sharing model was utilized for sharing the data to the authorized users. Here, the MHT was implemented to enhance the shared data security.

5.5 Comparative analysis

The section exposes the comparative analysis of developed data integrity authentication approach in IoT-fog-cloud model in terms of computational time, detection rate and memory usage with various key sizes based on database-1, 2 and 3.

5.5.1 Comparative analysis using dataset-1

Figure 7 displays comparative analysis of developed data integrity authentication model based on database-1 in terms of computational time, detection rate and memory usage. Figure 7a portrays the comparative analysis of computational time by shifting key size. When the key size is 256, computational time of existing methods, such as cloud data integrity verification, DML-DIV, and VB_MHT methods and developed data integrity authentication model are 89.35 s, 72.41 s, 58.54 s, and 34.04 s. Figure 7b depicts comparative analysis of detection rate with respect to different key size. Moreover, detection rate attained by existing cloud data integrity verification is 0.7142, DML-DIV is 0.7541, VB_MHT is 0.8142, where as developed data integrity authentication method is 0.8352 in key size 256. Additionally, the percentage improvement of developed privacy preservation model, while compared with cloud data integrity verification, DML-DIV, and VB_MHT are 14.48%, 9.71%, and 2.51%. Figure 7c shows comparative analysis of memory usage with regards to various sizes of key. The memory usage obtained by cloud data integrity verification, DML-DIV, and VB_MHT and developed data integrity authentication approaches are 55.4 MB, 55.1 MB, 54.8 MB, and 54.3 MB for 256 key size. Along with this, percentage improvement of developed approach with existing cloud data integrity verification, DML-DIV, and VB_MHT are 1.98%, 1.54%, and 1.08%.

Figure 7.

Comparative analysis using dataset-1 with a) Computational time, b) Detection rate and c) Memory usage.

5.5.2 Comparative analysis using dataset-2

The comparative analysis of developed data integrity authentication approach based on database-2 with respect to computational time, detection rate and memory usage is specified in Fig. 8. Figure 8a shows comparative analysis of computational time with regards to various sizes of key. The computational time obtained by cloud data integrity verification, DML-DIV, and VB_MHT and developed data integrity authentication approaches are 85.74 s, 61.24 s, 50.54 s, and 33.54 s for 256 key size. Figure 8b portrays the comparative analysis of detection rate by altering key size. When the key size is 256, detection rate of existing methods, such as cloud data integrity verification, DML-DIV, and VB_MHT methods and developed data integrity authentication model are 0.6985, 0.7254, 0.7825, and 0.8142. Along with this, percentage improvement of developed approach with existing cloud data integrity verification, DML-DIV, and VB_MHT are 1.98%, 1.54%, and 1.08%. Figure 8c depicts comparative analysis of memory usage with respect to different key size. Moreover, memory usage attained by existing cloud data integrity verification is 54.5 MB, DML-DIV is 54.1 MB, VB_MHT is 53.6 MB, where as developed data integrity authentication method is 53.4 MB in key size 256. Additionally, the percentage improvement of developed privacy preservation model, while compared with cloud data integrity verification, DML-DIV, and VB_MHT are 2.01%, 1.73%, and 1.65%.

Figure 8.

Comparative analysis using dataset-2 with a) Computational time, b) Detection rate and c) Memory usage.

5.5.3 Comparative analysis using dataset-3

Figure 9 displays comparative analysis of developed data integrity authentication model based on database-3 in terms of computational time, detection rate and memory usage. Figure 9a portrays the comparative analysis of computational time by shifting key size. When the key size is 256, computational time of existing methods, such as cloud data integrity verification, DML-DIV, and VB_MHT methods and developed data integrity authentication model are 81.25 s, 59.35 s, 54.84 s, and 31.25 s. Figure 9b depicts comparative analysis of detection rate with respect to different key size. Moreover, detection rate attained by existing cloud data integrity verification is 0.7041, DML-DIV is 0.7451, VB_MHT is 0.7985, where as developed data integrity authentication method is 0.8362 in key size 256. Additionally, the percentage improvement of developed privacy preservation model, while compared with cloud data integrity verification, DML-DIV, and VB_MHT are 15.80%, 10.89%, and 4.50%. Figure 9c shows comparative analysis of memory usage with regards to various sizes of key. The memory usage obtained by cloud data integrity verification, DML-DIV, and VB_MHT and developed data integrity authentication approaches are 56.7 MB, 56.2 MB, 55.8 MB, and 55.4 MB for 256 key sizes. Along with this, percentage improvement of developed approach with existing cloud data integrity verification, DML-DIV, and VB_MHT are 2.29%, 1.88%, and 1.58%.

Table 2
Comparative discussion

Dataset	Metrics	Cloud data integrity verification scheme	DML-DIV scheme	VB_MHT model	Proposed data integrity authentication model
Dataset-1	Computational time (s)	90.54	74.51	61.52	37.52
	Detection rate	0.7254	0.7654	0.8254	0.8541
	Memory usage (MB)	57.1	56.8	56.5	55.2
Dataset-2	Computational time (s)	87.54	74.86	53.24	34.25
	Detection rate	0.7041	0.7451	0.8041	0.8254
	Memory usage (MB)	55.8	55.6	55.1	54.8
Dataset-3	Computational time (s)	86.25	62.25	56.74	35.21
	Detection rate	0.7142	0.7582	0.8041	0.8451
	Memory usage (MB)	58.2	57.9	57.4	57.1

Figure 9.

Comparative analysis based on dataset-3 with a) Computational time, b) Detection rate and c) Memory usage.

5.6 Comparative discussion

Table 2 depicts the comparative discussion of developed data integrity authentication method using database-1, 2 and 3 in terms of computational time, detection rate and memory usage. The computational time of developed data integrity authentication technique is 37.52 s, where as cloud data integrity verification approach, DML-DIV model, and VB_MHT scheme is 90.54 s, 74.51 s and 61.52 s for key size 512. Likewise, detection rate obtained by cloud data integrity verification, DML-DIV, and VB_MHT methods, are 0.7254, 0.7654, 0.8254, and 0.8541, where as developed data integrity authentication technique obtained detection rate of 0.8541 in 512 key size. When the key size is 512, memory usage obtained by cloud data integrity verification technique is 57.1 MB, DML-DIV algorithm is 56.8 MB, VB_MHT method is 56.5 MB and developed data integrity authentication approach obtained 55.2 MB. Hence, the proposed data integrity authentication method achieved high detection rate using dataset-1 as well as less memory usage and computational time using dataset-2.

6. Conclusion

This paper presents a data integrity authentication approach in Fog IoT system. Here, network system includes four entities, namely IoT nodes, fog nodes, cloud server and key distribution center. In this model, IoT devices and fog nodes are registered to cloud server in IoT and fog node registration stage. Moreover, dynamic and secure key is produced based on the request to key distribution center by means of XOR, hashing, Homomorphic encryption and Polynomial process in key generation phase. Afterwards, IoT and fog nodes are authenticated with cloud server using the session key and password in authentication stage. Afterwards, data encryption process is done in which fog nodes are employed in order encrypt the data gathered from IoT nodes. In addition, the data collected from IoT nodes are distributed to neighbouring fog nodes based on ABC FCM-based partitioning method. Finally, data is decrypted by server for retrieval process such that data decryption is carried out. The performance of developed data integrity authentication algorithm is evaluated using detection rate, computational time and memory usage with the range of 0.8541, 34.25 s, and 54.8 MB. Furthermore, the developed approach can be extended by including other effective optimization algorithm.

Footnotes

Author’s Bios

M.N. Babitha received B. E in Computer Science and Engineering from Bangalore University, Karnataka, India in 1997. M. Tech in 2005. She is pursuing her Ph. D degree in Computer Science and Engineering at SSAHE University. Tumakuru, Karnataka India since 2018. She is currently working as an assistant Professor in the department of Computer Science and Engineering at Sri Siddhartha Institute of Technology, Tumakuru, Karnataka, India. She has 20 years of teaching experience. Her research interests include cloud computing and Big Data. Email: babithamn@ssit.edu.in.

M. Siddappa received his doctoral degree from Dr. MGR University, Tamilnadu, India in the year 2010. Currently he is working as Professor and Head in the Department of Computer Science and Engineering, Sri Siddhartha Institute of Technology, Tumakuru, Karnataka. He has 30 years of teaching experience. He has published more than 76 papers in reputed journals and International conferences. His area of interests includes computer networks, Artificial Intelligence, Image processing and Cloud computing. He has guided more than 10 Research scholars. He has been nominated as Margadarshak under Margadarshan scheme AICTE Delhi. Email: siddappam@ssit.edu.in.

References

Tian

and Jing

, Cloud data integrity verification scheme for associated tags, Computers & Security 95 (2020), 101847.

Zhao

X.P.

and Jiang

, Distributed machine learning oriented data integrity verification scheme in cloud computing environment, IEEE Access 8 (2020), 26372–26384.

Pan

and Xian

, An integrity verification scheme of cloud storage for internet-of-things mobile terminal devices, Computers & Security 92 (2020), 101686.

Altulyan

Yao

Kanhere

S.S.

Wang

and Huang

, A unified framework for data integrity protection in people-centric smart cities, Multimedia Tools and Applications 79(7) (2020), 4989–5002.

Khedr

W.I.

Khater

H.M.

and Mohamed

E.R.

, Cryptographic accumulator-based scheme for critical data integrity verification in cloud storage, IEEE Access 7 (2019), 65635–65651.

Mohammed

L.A.

and Munir

, Secure third party auditor (tpa) for ensuring data integrity in fog computing, International Journal of Network Security & Its Applications (IJNSA) 10 (2018).

Tong

Jiang

and Zhong

, Privacy-preserving data integrity verification in mobile edge computing, in: IEEE 39th International Conference on Distributed Computing Systems (ICDCS), 2019, pp. 1007–1018.

Tian

Nan

Chang

C.C.

Huang

and Du

, Privacy-preserving public auditing for secure data storage in fog-to-cloud computing, Journal of Network and Computer Applications 127 (2019), 59–69.

UCI Machine learning repository, https://archive.ics.uci.edu/ml/datasets, Accessed on July 2021.

10.

Dermatology Data Set, https://archive.ics.uci.edu/ml/datasets/Dermatology, Accessed on July 2021.

11.

Pravin Kumar

S.K.

Sumithra

M.G.

and Saranya

, Artifcial bee colony-based fuzzy c means (ABC-FCM) segmentation algorithm and dimensionality reduction for leaf disease detection in bioinformatics, The Journal of Supercomputing 75(12) (2019), 8293–8311.

12.

Zhu

Yuan

Chen

Zha

Jia

and Xin

, A secure and efficient data integrity verification scheme for cloud-IoT based on short signature, IEEE Access 7 (2019), 90036–90044.

13.

Wang

and Zhang

, Blockchain based data integrity verification for large-scale IoT data, IEEE Access 7 (2019), 164996–165006.

14.

Yue

Zhang

Tian

and Peng

, Blockchain based data integrity verification in P2P cloud storage, in: IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), 2018, pp. 561–568.

15.

Saxena

and Dey

, Data integrity verification: A novel approach for cloud computing, Sādhanā 44(3) (2019), 1–12.

16.

Ping

Zhan

and Wang

, Public data integrity verification scheme for secure cloud storage, Information 11(9) (2020), 409.

17.

Zhang

and Liang

, Cryptographic public verification of data integrity for cloud storage systems, IEEE Cloud Computing 3(5) (2016), 44–52.

18.

Guo

and Stojmenovic

, Fool me if you can: Mimicking attacks and anti-attacks in cyberspace, IEEE Transactions on Computers 64(1) (2015), 139–151.

19.

Wang

Chow

S.S.M.

Wang

Ren

and Lou

, Privacy-preserving public auditing for secure cloud storage, IEEE Transactions on Computers 62(2) (2013), 362–375.

20.

Yang

Luan

T.H.

Liang

Zhou

and Shen

, Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data, IEEE Transactions on Dependable and Secure Computing 13(3) (2016), 312–325.

21.

Juels

and Kaliski

B.S.

Jr, PORs: Proofs of Retrievability for Large Files, in: Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007, pp. 584–597.

22.

Ateniese

Pietro

R.D.

Mancini

L.V.

and Tsudik

, Scalable and Efficient Provable Data Possession, in: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, 2008.

23.

Shacham

and Waters

, Compact proofs of retrievability, Springer 5350 (2008), 90–107.

24.

Menaga

and Saravanan

, Application of artificial intelligence in the perspective of data mining, In: Book: Artificial Intelligence in Data Mining, Academic Press, 2021, 133–154.

25.

Menaga

and Saravanan

, GA-PPARM: constraint-based objective function and genetic algorithm for privacy preserved association rule mining, Evolutionary Intelligence, 2021, 1–12.

26.

Desogus

and Casu

, A diagnostic approach to corporate sustainability based on normalized net margins and extended present value, International Journal of Financial Management 9(2) (2019), 8–16.

27.

Desogus

, The stochastic dynamics of business evaluations using markov models, International Journal of Contemporary Mathematical Sciences 15(1) (2020), 53–60.

28.

Veeraiah

and Krishna

B.T.

, Intrusion Detection Based on Piecewise Fuzzy C-Means Clustering and Fuzzy Naïve Bayes Rule, Multimedia Research 1(1) (2018), 27–32.

An approach for data integrity authentication and protection in fog computing

Abstract

Keywords

1. Introduction

3. System model

5.1 Experimental setup

5.2 Dataset description

5.3 Performance metrics

5.5 Comparative analysis

5.5.1 Comparative analysis using dataset-1

Table 2 Comparative discussion

6. Conclusion

Footnotes

Author’s Bios

References

Table 2
Comparative discussion