面向物联网的隐私数据安全问题研究

随着社会的发展,物联网已成为社会发展的重要新兴产业,在各个领域中广泛应用。物联网是基于互联网技术产生的,在物联网的运行过程中势必会产生大量数据,这些数据都是客户的隐私,切实保护好客户隐私是物联网进一步发展的首要条件。在面向物联网的隐私数据安全问题时,相关技术人员一定要清楚威胁物联网隐私数据安全的主要途径,加大安全防护力度,保护人们的隐私。文章从信息获取、信息传输以及信息处理3个途径,对隐私数据安全问题进行探讨,并提出一些加大隐私安全防护的举措。     

High energy‐efficient and privacy‐preserving secure data aggregation for wireless sensor networks

An efficient data process technology is needed for wireless sensor networks composed of many sensors with constrained communication, computational, and memory resources. Data aggregation is presented as an efficient and significant method to reduce transmitted data and prolong lifetime for wireless sensor networks. Meanwhile, many applications require preserving privacy for secure data aggregation. In this paper, we propose a high energy‐efficient and privacy‐preserving scheme for secure data aggregation. Because of the importance of communication overhead and accuracy, our scheme achieves less communication overhead and higher data accuracy besides providing for privacy preservation. For extensive simulations, we evaluate and conclude the performance of our high energy‐efficient and privacy‐preserving scheme. The conclusion shows that the high energy‐efficient and privacy‐preserving scheme provides better privacy preservation and is more efficient than existing schemes. Copyright © 2012 John Wiley & Sons, Ltd.     

低能耗的隐私数据安全融合方法

为解决物联网安全数据融合过程中,数据隐私保护与节点计算能力及能量受限之间的矛盾,在对现有方法优缺点分析的基础上,提出一种低能耗的隐私数据安全融合方法(LCSDA, low energy-consuming secure data aggregation),该方法根据最短路径原则选择邻居节点,并且采用Prim最小生成树算法建立簇内数据融合路径。仿真结果表明,该方法可以有效降低节点能耗和簇头节点被捕获的概率,同时保证节点数据的隐私性。     

A secure channel code‐based scheme for privacy preserving data aggregation in wireless sensor networks

Data aggregation is an efficient method to reduce the energy consumption in wireless sensor networks (WSNs). However, data aggregation schemes pose challenges in ensuring data privacy in WSN because traditional encryption schemes cannot support data aggregation. Homomorphic encryption schemes are promising techniques to provide end to end data privacy in WSN. Data reliability is another main issue in WSN due to the errors introduced by communication channels. In this paper, a symmetric additive homomorphic encryption scheme based on Rao‐Nam scheme is proposed to provide data confidentiality during aggregation in WSN. This scheme also possess the capability to correct errors present in the aggregated data. The required security levels can be achieved in the proposed scheme through channel decoding problem by embedding security in encoding matrix and error vector. The error vectors are carefully designed so that the randomness properties are preserved while homomorphically combining the data from different sensor nodes. Extensive cryptanalysis shows that the proposed scheme is secure against all attacks reported against private‐key encryption schemes based on error correcting codes. The performance of the encryption scheme is compared with the related schemes, and the results show that the proposed encryption scheme outperforms the existing schemes.     

An efficient data aggregation scheme with local differential privacy in smart grid

By integrating the traditional power grid with information and communication technology, smart grid achieves dependable, efficient, and flexible grid data processing. The smart meters deployed on the user side of the smart grid collect the users' power usage data on a regular basis and upload it to the control center to complete the smart grid data acquisition. The control center can evaluate the supply and demand of the power grid through aggregated data from users and then dynamically adjust the power supply and price, etc. However, since the grid data collected from users may disclose the user's electricity usage habits and daily activities, privacy concern has become a critical issue in smart grid data aggregation. Most of the existing privacy-preserving data collection schemes for smart grid adopt homomorphic encryption or randomization techniques which are either impractical because of the high computation overhead or unrealistic for requiring a trusted third party.In this paper, we propose a privacy-preserving smart grid data aggregation scheme satisfying Local Differential Privacy (LDP) based on randomized responses. Our scheme can achieve an efficient and practical estimation of power supply and demand statistics while preserving any individual participant's privacy. Utility analysis shows that our scheme can estimate the supply and demand of the smart grid. Our approach is also efficient in terms of computing and communication overhead, according to the results of the performance investigation.     

Dynamic searchable encryption with privacy protection for cloud computing

The dynamic searchable encryption schemes generate search tokens for the encrypted data on a cloud server periodically or on a demand. With such search tokens, a user can query the encrypted data whiles preserving the data's privacy; ie, the cloud server can retrieve the query results to the user but do not know the content of the encrypted data. A framework DSSE with Forward Privacy (dynamic symmetric searchable encryption [DSSE] with forward privacy), which consists of Internet of Things and Cloud storage, with the attributes of the searchable encryption and the privacy preserving are proposed. Compared with the known DSSE schemes, our approach supports the multiusers query. Furthermore, our approach successfully patched most of the security flaws related to the sensitive information's leakage in the DSSE schemes. Both security analysis and simulations show that our approach outperforms other DSSE schemes with respect to both effectiveness and efficiency.     

Quality of service‐aware approaches in fog computing

In recent years, fog computing, a novel paradigm, has emerged for location and latency‐sensitive applications. It is a powerful complement for cloud computing that enables provisioning services and resources outside the cloud near the end devices. In a fog system, the existence of several nonhomogenous devices, which are potentially mobile, led to quality of service (QoS) worries. QoS‐aware approaches are presented in various parts of the fog system, and several different QoS factors are taken into account. In spite of the importance of QoS in fog computing, no comprehensive study on QoS‐aware approaches exists in fog computing. Hence, this paper reviews the current research used to guarantee QoS in fog computing. This paper investigates the QoS‐ensuring techniques that fall into three categories: service/resource management, communication management, and application management (published between 2013 and October 2018). Regarding the selected approaches, this paper represents merits, demerits, tools, evaluation types, and QoS factors. Finally, on the basis of the reviewed studies, we suggest some open issues and challenges which are worth further studying and researching in QoS‐aware approaches in fog computing.     

PRDA: polynomial regression‐based privacy‐preserving data aggregation for wireless sensor networks

In wireless sensor networks, data aggregation protocols are used to prolong the network lifetime. However, the problem of how to perform data aggregation while preserving data privacy is challenging. This paper presents a polynomial regression‐based data aggregation protocol that preserves the privacy of sensor data. In the proposed protocol, sensor nodes represent their data as polynomial functions to reduce the amount of data transmission. In order to protect data privacy, sensor nodes secretly send coefficients of the polynomial functions to data aggregators instead of their original data. Data aggregation is performed on the basis of the concealed polynomial coefficients, and the base station is able to extract a good approximation of the network data from the aggregation result. The security analysis and simulation results show that the proposed scheme is able to reduce the amount of data transmission in the network while preserving data privacy. Copyright © 2013 John Wiley & Sons, Ltd.     

State-of-the-art survey of privacy-preserving data aggregation in wireless sensor networks

A state-of-the-art survey of privacy-preserving data aggregation techniques in wireless sensor networks was reviewed.Firstly,preliminaries were introduced,including network models,adversary models,and performance evaluation metrics.Secondly,existing related work was classified into several types according to privacy preservation techniques,such as homomorphic encryption,data perturbation,slicing-mixing technique,generalization,secure multiparty computation,and the key mechanisms of typical protocols were elaborated and analyzed.Finally,the promising future research directions were discussed.     

Load‐balanced data gathering in Internet of Things using an energy‐aware cuckoo‐search algorithm

This paper deals with the lifetime problem in the Internet of Things. We first propose an efficient cluster‐based scheme named “Cuckoo‐search Clustering with Two‐hop Routing Tree (CC‐TRT)” to develop a two‐hop load‐balanced data aggregation routing tree in the network. CC‐TRT uses a modified energy‐aware cuckoo‐search algorithm to fairly select the best cluster head (CH) for each cluster. The applied cuckoo‐search algorithm makes the CH role to rotate between different sensors round by round. Subsequently, we extend the CC‐TRT scheme to present two methods for constructing multi‐hop data aggregation routing trees, named “Cuckoo‐search Clustering with Multi‐Hop Routing Tree (CC‐MRT)” and “Cuckoo‐search Clustering with Weighted Multi‐hop Routing Tree (CC‐WMRT).” Both CC‐MRT and CC‐WMRT rely on a two‐level structure; they not only use an energy‐aware cuckoo‐search algorithm to fairly select the best CHs but also adopt a load‐balanced high‐level routing tree to route the aggregated data of CHs to the sink node. However, CC‐WMRT slightly has a better performance thanks to its low‐level routing strategy. As an advantage, the proposed schemes balance the energy consumption among different sensors. Numerical results show the efficiency of the CC‐TRT, CC‐MRT, and CC‐WMRT algorithms in terms of the number of transmissions, remaining energy, energy consumption variance, and network lifetime.     

Authentication scheme for industrial Internet of things based on DAG blockchain

Internet of things ( IoT) can provide the function of product traceability for industrial systems. Emerging blockchain technology can solve the problem that the current industrial Internet of things ( IIoT) system lacks unified product data sharing services. Blockchain technology based on the directed acyclic graph (DAG) structure is more suitable for high concurrency environments. But due to its distributed architecture foundation, direct storage of product data will cause authentication problems in data management. In response, IIoT based on DAG blockchain is proposed in this paper, which can provide efficient data management for product data stored on DAG blockchain, and an authentication scheme suitable for this structure is given. The security of the scheme is based on a discrete-logarithm-based assumption put forth by Lysyanskaya, Rivest, Sahai and Wolf(LRSW) who also show that it holds for generic groups. The sequential aggregation signature scheme is more secure and efficient, and the new scheme is safe in theory and it is more efficient in engineering.     

OW‐SVM: Ontology and whale optimization‐based support vector machine for privacy‐preserved medical data classification in cloud

Cloud is a multitenant architecture that allows the cloud users to share the resources via servers and is used in various applications, including data classification. Data classification is a widely used data mining technique for big data analysis. It helps the learners to discover hidden data patterns by training massive data collected from the real world. Because this trained model is the private asset of an entity, it should be protected from all other noncollaborative entities. Therefore, it is essential to take effective measures to preserve the confidential data. The objective of this paper is to preserve the privacy of the confidential data in the cloud environment by introducing the medical data classification method. In view of that, this paper presents a method for medical data classification using a novel ontology and whale optimization‐based support vector machine (OW‐SVM) approach. Initially, privacy‐preserved data are developed adopting Kronecker product bat approach, and then, ontology is built for the feature selection process. Ontology and whale optimization‐based support vector machine is then proposed by integrating ontology and whale optimization algorithm into SVM, in which ontology and whale optimization algorithm is used for the feasible selection of kernel parameters. The experiment is done using 3 heart disease datasets, such as Cleveland, Switzerland, and Hungarian. In a comparative analysis, the performance of the OW‐SVM approach is compared with that of K‐nearest neighbor, Naive Bayes, decision tree, SVM, and OW‐SVM, using accuracy, sensitivity, specificity, and fitness, as the evaluation metrics. The OW‐SVM approach could achieve maximum performance with accuracy of 83.21%, the sensitivity of 91.49%, specificity of 73%, and fitness of 81.955, outperforming existing comparative techniques.     

X‐Region: A framework for location privacy preservation in mobile peer‐to‐peer networks

While enjoying various LBS (location‐based services), users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer‐to‐peer (P2P) networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x‐region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x‐region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x‐region, together with three algorithms for generating an x‐region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.     

EEPPDA—Edge-enabled efficient privacy-preserving data aggregation in smart healthcare Internet of Things network

The Internet of Things-based smart healthcare provides numerous facilities to patients and medical professionals. Medical professionals can monitor the patient's real-time medical data and diagnose diseases through the medical health history stored in the cloud database. Any kind of attack on the cloud database will result in misdiagnosis of the patients by medical professionals. Therefore, it becomes a primary concern to secure private data. On the other hand, the conventional data aggregation method for smart healthcare acquires immense communication and computational cost. Edge-enabled smart healthcare can overcome these limitations. The paper proposes an edge-enabled efficient privacy-preserving data aggregation (EEPPDA) scheme to secure health data. In the EEPPDA scheme, captured medical data have been encrypted by the Paillier homomorphic cryptosystem. Homomorphic encryption is engaged in the assurance of secure communication. For data transmission from patients to the cloud server (CS), data aggregation is performed on the edge server (ES). Then aggregated ciphertext data are transmitted to the CS. The CS validates the data integrity and analyzes and processes the authenticated aggregated data. The authorized medical professional executes the decryption, then the aggregated ciphertext data are decrypted in plaintext. EEPPDA utilizes the batch verification process to reduce communication costs. Our proposed scheme maintains the privacy of the patient's identity and medical data, resists any internal and external attacks, and verifies the health data integrity in the CS. The proposed scheme has significantly minimized computational complexity and communication overhead concerning the existing approach through extensive simulation.     

Energy‐efficient and localized lossy data aggregation in asynchronous sensor networks

In wireless sensor networks, most data aggregation scheduling methods let all nodes aggregate data in every time instance. It is not energy efficient and practical because of link unreliability and data redundancy. This paper proposes a lossy data aggregation (LDA) scheme to reduce traffic and save energy. LDA selects partial child nodes to sample data at partial time slots and allows estimated aggregation at parent nodes or a root in a network. We firstly consider that all nodes sample data synchronously and find that the error between the real value of a physical parameter and that measured by LDA is bounded respectively with and without link unreliability. Detailed analysis is given on error bound when a confidence level is previously assigned to the root by a newly designed algorithm. Thus, each parent can determine the minimum number of child nodes needed to achieve its assigned confidence level. We then analyze a probability to bound the error with a confidence level previously assigned to the root when all nodes sample data asynchronously. An algorithm then is designed to implement our data aggregation under asynchronization. Finally, we implement our experiment on the basis of real test‐beds to prove that the scheme can save more energy than an existing algorithm for node selection, Distributive Online Greedy (DOG). Copyright © 2012 John Wiley & Sons, Ltd.     

Joint data aggregation and encryption using Slepian‐Wolf coding for clustered wireless sensor networks

This paper proposes a joint data aggregation and encryption scheme using Slepian‐Wolf coding for efficient and secured data transmission in clustered wireless sensor networks (WSNs). We first consider the optimal intra‐cluster rate allocation problem in using Slepian‐Wolf coding for data aggregation, which aims at finding a rate allocation subject to Slepian‐Wolf theorem such that the total energy consumed by all sensor nodes in a cluster for sending encoded data is minimized. Based on the properties of Slepian‐Wolf coding with optimal intra‐cluster rate allocation, a novel encryption mechanism, called spatially selective encryption, is then proposed for data encryption within a single cluster. This encryption mechanism only requires a cluster head to encrypt its data while allowing all its cluster members to send their data without performing any encryption. In this way, the data from all cluster members can be protected as long as the data of the cluster head (called virtual key) is protected. This can significantly reduce the energy consumption for performing data encryption. Furthermore, an energy‐efficient key establishment protocol is also proposed to securely and efficiently establish the key used for encrypting the data of a cluster head. Simulation results show that the joint data aggregation and encryption scheme can significantly improve energy efficiency in data transmission while providing a high level of data security. Copyright © 2009 John Wiley & Sons, Ltd.     

IP2DM: integrated privacy‐preserving data management architecture for smart grid V2G networks

With the development of battery vehicles, vehicle‐to‐grid (V2G) networks are becoming more and more important in smart grid. Although battery vehicles are environmentally friendly and flexible to use two‐way communication and two‐way electricity flow, they also raise privacy‐preservation challenges, such as location and movement privacy. On the one hand, utility companies have to monitor the grid and analyze user data to control the power production, distribution, scheduling, and billing process, while typical users need to access their data later online. On the other hand, users are not willing to provide their personal data because they do not trust the system security of the utility companies where their data stored, and it may potentially expose their privacy. Therefore, in this paper, we study data management of V2G networks in smart grid with privacy‐preservation to benefit both the customers and the utility companies. Both data aggregation and data publication of V2G networks are protected in the proposed architecture. To check its security, we analyze this architecture in several typical V2G networks attacks. We conduct several experiments to show that the proposed architecture is effective and efficient, and it can enhance user privacy protection while providing enough information for utility companies to analyze and monitor the grid. Copyright © 2016 John Wiley & Sons, Ltd.     

MDPA: multidimensional privacy‐preserving aggregation scheme for wireless sensor networks

In this paper, we propose a novel multidimensional privacy‐preserving data aggregation scheme for improving security and saving energy consumption in wireless sensor networks (WSNs). The proposed scheme integrates the super‐increasing sequence and perturbation techniques into compressed data aggregation, and has the ability to combine more than one aggregated data into one. Compared with the traditional data aggregation schemes, the proposed scheme not only enhances the privacy preservation in data aggregation, but also is more efficient in terms of energy costs due to its unique multidimensional aggregation. Extensive analyses and experiments are given to demonstrate its energy efficiency and practicability. Copyright © 2009 John Wiley & Sons, Ltd.     

Task offloading in an optimized power-performance manner

The cloud computing systems, such as the Internet of Things (IoT), are usually introduced with a three-layer architecture (IoT-Fog-Cloud) for the task offloading that is a solution to compensate for resource constraints in these systems. Offloading at the right location is the most significant challenge in this field. It is more appropriate to offload tasks to fog than to cloud based on power and performance metrics, but its resources are more limited than the resources of the cloud. This paper tries to optimize these factors in the fog by specifying the number of usable servers in the fog. For this purpose, we model a fog computing system using the queueing theory. Furthermore, binary search and reinforcement learning algorithms are proposed to determine the minimum number of servers with the lowest power consumption. We evaluate the cost of the fog in different scenarios. By solving the model, we find that the proposed dispatching policy is very flexible and outperformed the known policies by up to 31% and in no case is it worse than either of them, and the overall offloading cost increases when fog rejects tasks with a high probability. Our offloading method is more effective than running all fog servers simultaneously, based on simulation results. It is evident from the similarities between the simulation results and those derived from the analytical method that the model and results are valid.     

Toward intelligent resource management in dynamic Fog Computing-based Internet of Things environment with Deep Reinforcement Learning: A survey

Fog computing has already started to gain a lot of momentum in the industry for its ability to turn scattered computing resources into a large-scale, virtualized, and elastic computing environment. Resource management (RM) is one of the key challenges in fog computing which is also related to the success of fog computing. Deep learning has been applied to the fog computing field for some time, and it is widely used in large-scale network RM. Reinforcement learning (RL) is a type of machine learning algorithms, and it can be used to learn and make decisions based on reward signals that are obtained from interactions with the environment. We examine current research in this area, comparing RL and deep reinforcement learning (DRL) approaches with traditional algorithmic methods such as graph theory, heuristics, and greedy for managing resources in fog computing environments (published between 2013 and 2022) illustrating how RL and DRL algorithms can be more effective than conventional techniques. Various algorithms based on DRL has been shown to be applicable to RM problem and proved that it has a lot of potential in fog computing. A new microservice model based on the DRL framework is proposed to achieve the goal of efficient fog computing RM. The positive impact of this work is that it can successfully provide a resource manager to efficiently schedule resources and maximize the overall performance.