Qiyu Wu,Fucai Zhou,Jian Xu,Qiang Wang,Da Feng

DOI: https://doi.org/10.1016/j.jisa.2022.103270

IF: 4.96

2022-01-01

Journal of Information Security and Applications

Abstract:Since the rapid development of Internet of Things (IoT) has promoted the dramatic growth of data, data aggregation has received considerable attention, which can collect the sensed data from IoT devices and analyze them for high-quality information to greatly benefit our life. Nevertheless, these sensed data may be related to individual sensitive information and are vulnerable to security threats. To solve the problem, many secure data aggregation schemes have been proposed. However, most of them either have a high overhead, only support sum aggregation, or need the involvement of a trusted third party. They cannot strike a good balance between security, efficiency and functionality. In this paper, we propose a Secure and Efficient Multifunctional Data Aggregation without Trusted Authority (TA) in Edge-Enhanced IoT (SEMDA). In our method, combined with lightweight cryptographic techniques, a robust, multifunctional and fine-grained data aggregation scheme is constructed. In addition, considering the potential privacy disclosure caused by deep association between IoT data, we extend SEMDA to support differential privacy. A comprehensive security analysis of SEMDA is conducted under the honest-but-curious model, and the results show that our scheme not only achieves confidentiality and privacy, but also guarantees integrity and authentication. Meanwhile, extensive theoretical analyses and experimental evaluations demonstrate that SEMDA performs more efficiently with respect to computation and communication while retaining more desired properties.

Ming Zhang,Yanping Li,Yong Ding,Bo Yang

DOI: https://doi.org/10.1109/jiot.2023.3297772

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Data aggregation technology plays a very important role in improving the efficiency of data collection of the Internet of Things (IoT). Most data collected by sensor nodes (SNs) in IoT is multidimensional. However, there are a few existing multidimensional data aggregation schemes, which are almost based on homomorphic encryption and not suitable for resource-constrained IoT smart devices. In addition, when SNs cannot upload in time for some reason, such as device error or network interruption, the control center cannot get the correct aggregation result, i.e., robustness is not considered in most schemes. Therefore, we propose a lightweight and robust multidimensional data aggregation scheme for IoT. First, multidimensional data is packaged into 1-D data based on the Chinese remainder theorem (CRT), which greatly reduces communication and storage overhead. Second, the encryption in our scheme only uses addition operations without the costly additive homomorphic encryption. At the same time, our proposed scheme supports batch verification, which reduces the computation complexity of bilinear pairs by nearly half. Third, our scheme also supports dynamic SNs management and fault tolerance, enabling scalability and robustness. Finally, performance evaluation shows that our scheme has lower communication overhead and is more suitable for resource-constrained IoT scenarios.

Cong Peng,Min Luo,Huaqun Wang,Muhammad Khurram Khan,Debiao He

DOI: https://doi.org/10.1109/jiot.2021.3083136

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) enables terminal devices connecting with the Internet and provides various intelligent applications by analyzing devices data. As a typical IoT technique, edge computing provides a three-tier architecture to reduce communications and improve efficiency. Specifically, edge nodes are responsible for collecting and aggregating device data, and then send processed results to the cloud for subsequent analysis. However, the data aggregation function will compromise the privacy of device data. In this article, we proposed an efficient privacy-preserving multidimensional data aggregation scheme for IoT, called PMDA. The scheme uses the Chinese remainder theorem to design a homomorphic encryption method that encryptes a multiple-dimensional small integer vector into one ciphertext and keeps linear homomorphic properties per dimension. Combining with the signature mechanism and the batch verification method, the scheme guarantees nonrepudiation of device data and enhance verification efficiency at edge nodes. Through theoretical analysis, we demonstrate that the proposed scheme can achieve correctness, privacy, authentication, and integrity. After performance evaluation, we demonstrate that our scheme is superior to other schemes in terms of computation and communication costs. In particular, as the message dimension increases, our scheme computation costs almost a tenth of others at the 80-bits security level.

Tong Li,Chongzhi Gao,Liaoliang Jiang,Witold Pedrycz,Jian Shen

DOI: https://doi.org/10.1016/j.jnca.2018.09.018

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:With the development of smart devices, the Internet of Things (IoT) has found wide applications and extended various services of Internet. On intermediate nodes and edge nodes of the IoT network, the aggregation primitive is a basic function for forwarding data, which takes data sources of other nodes as input. To protect sensitive information of source nodes while enabling the aggregation computations, some works presented corresponding secure protocols. However, the aggregation node could return invalid results due to transition failures, software bugs, or computation delays. Thus, how to verify the results is a big challenge of secure aggregation protocols. In this paper, we focus on the verification problem, and propose a new publicly verifiable scheme for the aggregation operation. Different from existing solutions, our scheme enables a public verifier to test an aggregation result on the data of source nodes while protecting the data privacy. Security analysis shows that the proposed scheme can achieve the security properties. Finally, we provide the experimental evaluation that demonstrates the effectiveness of our scheme.

Yuwen Pu,Jin Luo,Chunqiang Hu,Jiguo Yu,Ruifeng Zhao,Hongyu Huang,Tao Xiang

DOI: https://doi.org/10.1155/2019/3985232

2019-01-01

Wireless Communications and Mobile Computing

Abstract:As the next generation of information and communication infrastructure, Internet of Things (IoT) enables many advanced applications such as smart healthcare, smart grid, smart home, and so on, which provide the most flexibility and convenience in our daily life. However, pervasive security and privacy issues are also increasing in IoT. For instance, an attacker can get health condition of a patient via analyzing real-time records in a smart healthcare application. Therefore, it is very important for users to protect their private data. In this paper, we present two efficient data aggregation schemes to preserve private data of customers. In the first scheme, each IoT device slices its actual data randomly, keeps one piece to itself, and sends the remaining pieces to other devices which are in the same group via symmetric encryption. Then, each IoT device adds the received pieces and the held piece together to get an immediate result, which is sent to the aggregator after the computation. Moreover, homomorphic encryption and AES encryption are employed to guarantee secure communication. In the second scheme, the slicing strategy is also employed. Noise data are introduced to prevent the exchanged actual data of devices from disclosure when the devices blend data each other. AES encryption is also employed to guarantee secure communication between devices and aggregator, compared to homomorphic encryption, which has significantly less computational cost. Analysis shows that integrity and confidentiality of IoT devices’ data can be guaranteed in our schemes. Both schemes can resist external attack, internal attack, colluding attack, and so on.

Yuan Su,Jiliang Li,Yanping Li,Zhou Su

DOI: https://doi.org/10.1109/tii.2022.3170156

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:The data aggregation technique has been widely adopted in the Internet of Things (IoT) to protect data privacy while ensuring data availability. Homomorphic encryption is a typical technique that guarantees accurate computing results. However, it brings heavy computation overhead for edge nodes and exposes the aggregated results to the central server, which significantly threatens the confidentiality of results. This article gets rid of the server-centric style existing in most data aggregation schemes and proposes a scalable and decentralized data aggregation scheme for edge-enabled IoT. In the proposed scheme, edge nodes can freely form, join, and exit from the data aggregation group to aggregate data correctly, securely, and efficiently. Besides, two structure-based data aggregation methods are proposed to reduce the aggregation overhead to $O(n\sqrt{n})$ with constant rounds, as opposed to $O(n\log n)$ with $O(n)$ round. Symmetric encryption and online/offline signature computation are adopted to mitigate the online computation burden. Moreover, the proposed scheme can rigorously defend against forgery attack, eavesdropping attack, and collusion attack. The performance evaluation and experiment results show that the proposed scheme improves the efficiency of communication with affordable computation costs for edge nodes.

Peng Hu,Yongli Wang,Bei Gong,Yongjian Wang,Yanchao Li,Ruxin Zhao,Hao Li,Bo Li

DOI: https://doi.org/10.1007/s12083-019-00849-6

IF: 3.488

2020-01-01

Peer-to-Peer Networking and Applications

Abstract:Data aggregation can effectively improve resource utilization in Internet of Vehicles (IoV), and has attracted broad attention recently. However, because of the particularity of nodes in IoV, data aggregation faces security challenges such as location privacy, data privacy and accuracy of aggregation results. To solve these challenges, in this paper, we propose a secure and lightweight privacy-preserving data aggregation scheme, named SLPDA, for IoV. Specifically, SLPDA employs Chinese Remainder Theorem to map multi-dimensional data to one-dimensional data, and uses masking technology to encrypt data, thus roadside units can realize lightweight data aggregation without plaintext. SLPDA also adopts Identity-based batch authentication technology to reduce authentication overhead. Detailed security analysis indicates that SLPDA can resist various security threats. In addition, the performance evaluations demonstrate that SLPDA is more efficient than the reported schemes in terms of computation complexity and communication overhead.

Yanxia Fu,Yanli Ren,Guorui Feng,Xinpeng Zhang,Chuan Qin

DOI: https://doi.org/10.3390/electronics10202464

IF: 2.9

2021-10-11

Electronics

Abstract:The popularity of mobile devices in Internet of Things has brought great convenience to the lives of the people. Massive data generated in the IoT are outsourced and stored on cloud platforms so that data aggregation and analysis can be performed on the massive data. However, these data often contain sensitive information of mobile devices, so effective protection of mobile user privacy is the primary condition for further development of IoT. Most of the current data aggregation schemes require a lot of interactions between users, and thus this paper designs a non-interactive secure multidimensional data aggregation scheme. This scheme adopts an additive secret sharing technique to mask the shared data and send it to two non-colluding servers, and then the servers aggregate the ciphertext respectively. Different from the existing schemes, our proposed scheme achieves non-interaction between users, and the aggregation result is kept confidential to the server and supports mobile users offline. Finally, we perform an experimental evaluation which proves the effectiveness of our scheme.

engineering, electrical & electronic,computer science, information systems,physics, applied

Chunqiang Hu,Jin Luo,Yuwen Pu,Jiguo Yu,Ruifeng Zhao,Hongyu Huang,Tao Xiang

DOI: https://doi.org/10.1007/978-3-319-94268-1_14

2018-01-01

Abstract:Internet of Things (IoT) provides the most flexibility and convenience in our various daily applications as the IoT devices can improve efficiency, accuracy and economic benefit in addition to reduced human intervention. However, security and privacy challenges are also arising in IoT. To address this challenge, in this paper, we present a privacy-preserving data aggregation scheme for IoT to preserve privacy of customers. In our scheme, the IoT devices slice their actual data, keep one piece to themselves, and send the remaining pieces to other group devices via symmetric key. Then each IoT device adds the received slices and the held piece together to get immediate result, which should be sent to the server after the computation. Finally, analysis shows that our scheme can guarantee the integrity, confidentiality of IoT device's data, and can resist external attack, internal attack and collusion attack and so on.

Jingwei Liu,Jinping Han,Longfei Wu,Rong Sun,Xiaojiang Du

DOI: https://doi.org/10.48550/arXiv.1811.03727

2018-11-09

Abstract:Along with the miniaturization of various types of sensors, a mass of intelligent terminals are gaining stronger sensing capability, which raises a deeper perception and better prospect of Internet of Things (IoT). With big sensing data, IoT provides lots of convenient services for the monitoring and management of smart cities and people's daily lives. However, there are still many security challenges influencing the further development of IoT, one of which is how to quickly verify the big data obtained from IoT terminals. Aggregate signature is an efficient approach to perform big data authentication. It can effectively reduce the computation and communication overheads. In this paper, utilizing these features, we construct a verifiable data aggregation scheme for Internet of Things, named VDAS, based on an improved certificateless aggregate signature algorithm. In VDAS, the length of the aggregated authentication message is independent of the number of IoT terminals. Then, we prove that VDAS is existentially unforgeable under adaptive chosen message attacks assuming that the computational Diffie-Hellman problem is hard. Additionally, the proposed VDAS achieves a better trade-off on the computation overheads between the resource-constrained IoT terminals and the data center.

Cryptography and Security

Mei Wang,Kun He,Jing Chen,Ruiying Du,Bingsheng Zhang,Zengpeng Li

DOI: https://doi.org/10.1016/j.future.2022.01.007

IF: 7.307

2022-01-01

Future Generation Computer Systems

Abstract:Privacy-preserving data aggregation is becoming a demanding necessity for many promising scenarios, e.g., health care analysis. Sensitive data are collected and aggregated in a privacy-preserving approach using current Internet of Things (IoT) technology, leading to immense challenge and consequent interest in developing secure computing algorithms for individual and organizational data. However, most existing solutions focus on specific evaluations (e.g., SUM), and they use heavy cryptographic techniques, which are far from practice for constrained IoT devices. The Trusted Execution Environment (TEE, implemented with Intel SGX) can assist in computing arbitrary functions and avoiding resource-consuming operations. Nevertheless, TEE is subject to several challenges because TEE is vulnerable to limited resource and even function violations, e.g., the attacker may bypass the boundary of TEE. In this paper, we propose a lightweight non-interactive privacy-preserving data aggregation scheme for resource-constrained devices, named PANDA, where TEE is introduced to bypass the trusted entities requirement and heavy overhead. Additionally, PANDA explores the certificate-aided function authorization to prevent leakage from unauthorized functions, and designs the public verifiable certificate management to detect the abnormal behaviors of the host to mitigate the external host compromise. We formalize PANDA with rigorous security analysis to indicate privacy protection against the compromised aggregator and analyst. The evaluation results show that PANDA has constant online communication cost and lightweight computation overhead for constrained devices, which is suitable for IoT applications.

Qiannan Wang,Haibing Mu

DOI: https://doi.org/10.3390/s21165369

2021-08-09

Abstract:Edge computing has been introduced to the Internet of Things (IoT) to meet the requirements of IoT applications. At the same time, data aggregation is widely used in data processing to reduce the communication overhead and energy consumption in IoT. Most existing schemes aggregate the overall data without filtering. In addition, aggregation schemes also face huge challenges, such as the privacy of the individual IoT device's data or the fault-tolerant and lightweight requirements of the schemes. In this paper, we present a privacy-preserving and lightweight selective aggregation scheme with fault tolerance (PLSA-FT) for edge computing-enhanced IoT. In PLSA-FT, selective aggregation can be achieved by constructing Boolean responses and numerical responses according to specific query conditions of the cloud center. Furthermore, we modified the basic Paillier homomorphic encryption to guarantee data privacy and support fault tolerance of IoT devices' malfunctions. An online/offline signature mechanism is utilized to reduce computation costs. The system characteristic analyses prove that the PLSA-FT scheme achieves confidentiality, privacy preservation, source authentication, integrity verification, fault tolerance, and dynamic membership management. Moreover, performance evaluation results show that PLSA-FT is lightweight with low computation costs and communication overheads.

Fucai Zhou,Qiyu Wu,Pengfei Wu,Jian Xu,Da Feng

DOI: https://doi.org/10.1016/j.comcom.2024.02.022

IF: 5.047

2024-01-01

Computer Communications

Abstract:With the development of Internet of Vehicles (IoV), organizations or institutions are increasingly interested in aggregating vehicle perception data to perform data analysis. Nevertheless, the existing solutions are difficult to meet the comprehensive requirements of IoV scenario, such as low latency, privacy preservation and rich functions. Additionally, it is more challenging that the aggregation node may return tampered or forged aggregation results for vulnerabilities or ulterior motives. To this end, we propose a Privacy-Preserving and Verifiable Data Aggregation Scheme for IoV (PPVDA), which allows the efficient aggregation for inner product over multi-dimensional data, and the data requester can verify the correctness and integrity of the aggregation results. By exploiting homomorphic MAC and secret sharing techniques, we construct a lightweight and verifiable mechanism for results as well as data privacy protection. We also conduct a comprehensive security analysis of PPVDA under the malicious security model. Moreover, extensive theoretical analyses and experimental evaluations demonstrate that PPVDA performs efficiently while retaining more desired properties. When dealing with 4×104 VNs, 3000 RSUs and 500-dimensional vectors, each EN side only takes about 74.5 ms and the DR side only takes about 3.8 ms, is therefore suitable for practical IoV scenarios.

Xiaoyi Yang,Yanqi Zhao,Dian Chen,Yong Yu,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/mnet.001.2200214

IF: 10.294

2022-01-01

IEEE Network

Abstract:In the Internet of things (IoT) networks, largescale IoT devices are connected to the Internet to collect users' data. As a distributed machine learning paradigm, federated learning (FL) collaboratively trains the global model by utilizing large-scale distributed devices, while protecting the privacy of the local data sets of each participant. Federated learning with secure aggregation employs an aggregation server (aggregator) to compute a multiparty sum of model parameter updates of each participants in a secure manner and further realizes the updates. However, existing schemes are usually based on semi-honest assumptions, which make them vulnerable to malicious clients. In addition, they address the random client dropouts problem by increasing the data size, which brings a large communication overhead. To solve these issues, we propose an accountable and verifiable secure aggregation for federated learning framework. Specifically, we employ an SMC protocol based on homomorphic proxy re-authenticators and homomorphic proxy re-encryption to execute secure aggregation, while integrating the blockchain to realize the function of penalty for malicious behavior. Our framework can guarantee the verifiability of data provenance and is accountable for malicious clients. To demonstrate the usability of our framework, we evaluate the specific cryptography schemes and develop a blockchain-based prototype system by using solidity language to test the performance of the framework.

Shuai Shang,Xiong Li,Ke Gu,Lei Li,Xiaosong Zhang,Vijayakumar Pandi

DOI: https://doi.org/10.1109/tii.2023.3315375

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:Edge-supported Industrial Internet of Things (IIoT) has received remarkable attention recently since edge computing can not only reduce bandwidth consumption but also decrease the response time of industrial systems. However, the sensed data in the industrial environment is considered private. Thus, the data cannot be directly aggregated at the server due to privacy leakage. Although several privacy-preserving-aggregated schemes have been proposed, their security goals are not strong enough. Besides, most schemes are inefficient for resource-constrained devices. Aiming at solving the abovementioned problems, this article proposes a robust privacy-preserving data aggregation scheme for edge-supported IIoT. Specifically, the scheme adopts the Paillier cryptosystem to protect the privacy of users. Additionally, it utilizes ECDSA signature to support batch verification of multiple signatures from different signers, which significantly improves efficiency. Security analysis shows that the proposed scheme not only guarantees the integrity of the data and mutual authentication among entities but also realizes differential privacy protection. Extensive experiments are conducted to compare our scheme with the related work. The results show that our method outperforms most of the compared schemes with respect to communication. Moreover, compared with the related work, our scheme reduces the computational cost by an average of 6.7%, 16.9%, and 27.8% in sensor, edge server, and control center sides, respectively.

Likang Lu,Jianzhu Lu

DOI: https://doi.org/10.14569/ijacsa.2022.01305115

IF: 0.9

2022-01-01

International Journal of Advanced Computer Science and Applications

Abstract:Verifiable Secret Sharing (VSS) is a fundamental tool of cryptography and distributed computing in Internet of Things. Since network bandwidth is a scarce resource, minimizing the number of verification data will improve the performance of VSS. Existing VSS schemes, however, face limitations in meeting the number of verification data and energy consumptions for low-end devices, which make their adoption challenging in resource-limited IoTs. To address above limitations, we propose a VSS scheme according to Nyberg's one-way Accumulator for one-way Hash Functions (NAHFs). The proposed VSS has two distinguished features: first, the security of the scheme is based on NAHFs whose computational requirements are the basic criteria for known IoT devices and, second, upon receiving only one veri-fication data, participants can verify the correctness of both their shares and the secret without any communication. Experimental results show that, compared to the Feldman scheme and Rajabi-Eslami scheme, the energy consumption of a participant in the proposed scheme is respectively reduced by at least 24% and 83% for a secret.

Peng Zeng,Bofeng Pan,Kim-Kwang Raymond Choo,Hong Liu

DOI: https://doi.org/10.1016/j.sysarc.2020.101713

IF: 5.836

2020-01-01

Journal of Systems Architecture

Abstract:In an edge computing-enhanced Internet of Things (IoT) setup, data can be processed closer to the IoT devices (i.e. at the network edge). However, security and privacy remain two key issues that need to be considered. In this paper, we propose the first multidimensional and multidirectional data aggregation (MMDA) scheme for privacy-preserving edge computing-enhanced IoT communications. In MMDA, the data of each IoT device are described as an n-dimensional vector and m IoT devices' data are listed as a matrix D of order m x n. MMDA enables an edge device (acting as a gateway) to aggregate the multidimensional data of the m IoT devices in two directions: row aggregation and column aggregation. Such data can then be employed to compute the summation of data in each row and each column of D in a privacy-preserving way. Unlike existing multidimensional data aggregation schemes that have only the column aggregation, MMDA allows an additional row aggregation. This allows the capability to provide more statistical information to an IoT control center for analysis and processing. MMDA also adopts the batch verification technology to reduce authentication costs. Extensive analysis shows that MMDA is practicable in terms of computation cost, security, and fault-tolerance.

Likang Lu,Jianzhu Lu

2022-01-01

Abstract:Verifiable secret sharing (VSS) is a fundamental tool of cryptography and distributed computing in Internet of things (IoTs). Since network bandwidth is a scarce resource, minimizing the number of verification data will improve the performance of VSS. Existing VSS schemes, however, face limitations in meeting the number of verification data and energy consumptions for low-end devices, which make their adoption challenging in resource-limited IoTs. To address above limitations, we propose a VSS scheme according to Nyberg’s oneway accumulator for one-way hash functions (NAHFs). The proposed scheme has two distinguished features: first, the security of the scheme is based on NAHFs whose computational requirements are the basic criteria for known IoT devices and, second, upon receiving only one verification data, participants can verify the correctness of both their shares and the secret without any communication. Experimental results demonstrate that, compared to the Feldman scheme and RajabiEslami scheme, the energy consumption of a participant in the proposed scheme is respectively reduced by at least 24% and 83% for a secret.

Yue Gao,Zhiqing Huang,Jun He

DOI: https://doi.org/10.1117/12.2684676

2023-01-01

Abstract:As an important step in the IoT workflow, IoT data aggregation transmits, filters, analyzes and synthesizes data collected by IoT devices such as sensors to help people make decisions and evaluate. However, the traditional IoT data aggregation model relies on a central data aggregator, such as a third-party cloud server, and uses traditional encryption technology to process data, which may face problems such as original data leakage and calculation errors, and it is difficult to ensure that data participants can safely participate in the aggregation. Due to its homomorphic characteristics and performance improvements in recent years, homomorphic encryption technology makes it possible to use homomorphic encryption technology to protect data privacy during data transmission and calculation. In addition, as a non-tamperable ledger technology, the blockchain can be used to store evidence, specifically to store the promises made by the commitment mechanism, and complete the verification of data consistency and correctness.

Wenjuan Tang,Ju Ren,Kun Deng,Yaoxue Zhang

DOI: https://doi.org/10.1109/jiot.2019.2923261

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:With rapid development of e-healthcare systems, patients that are equipped with resource-limited e-healthcare devices (Internet of Things) generate huge amount of health data for health management. These health data possess significant medical value when aggregated from these distributed devices. However, efficient health data aggregation poses several security and privacy issues such as confidentiality disclosure and differential attacks, as well as patients may be reluctant to contribute their health data for aggregation. In this paper, we propose a privacy-preserving heath data aggregation scheme that securely collects health data from multiple sources and guarantee fair incentives for contributing patients. Specifically, we employ signature techniques to keep fair incentives for patients. Meanwhile, we add noises into the health data for differential privacy. Furthermore, we combine Boneh-Goh-Nissim cryptosystem and Shamir's secret sharing to keep data obliviousness security and fault tolerance. Security and privacy discussions show that our scheme can resist differential attacks, tolerate healthcare centers failures, and keep fair incentives for patients. Performance evaluations demonstrate cost-efficient computation, communication and storage overhead.