Recent Trends and Challenges in Fog/Edge Computing for Internet of ThingsView this Special Issue
A New Private Information Encryption Method in Internet of Things under Cloud Computing Environment
The existence of Internet of Things (IoT) facilitates the collection and transmission of urban data information. However, it can leak users’ personal privacy information in smart cities. Therefore, we propose a new private information encryption method in IoT under cloud computing environment. Under IoT, according to the properties and acquisition time, privacy information can be divided into many subspaces. Then, we analyze the private information encryption with different levels. Based on the stream cipher mechanism, we design an encryption system model of information collection. In the subspace, the privacy information is encrypted and transferred to the relay node. After encrypting, they are segmented and restructured. The long privacy information is divided into smaller slices. Then, they are reintegrated after conversion. Finally, we use stream cipher and dual-key algorithm to complete freedom nondestructive transformation between plaintext and ciphertext to ensure the integrity of the encrypted private information. Experimental results show that the proposed method takes less time in the encryption and decryption process, which has better ciphertext conversion output effect and suffers fewer network attacks in the same encryption time. The message encryption and decryption time is less than that of other methods. In terms of calculation cost, the proposed method decreases by approximately 14%. What is more, it has higher security and improves the security and integrity of the privacy information collection process.
Increasing quantities of data are being generated and stored from our daily lives, leading to a rise in big data analytics. Our research focuses on urban data encryption technologies that are aimed at using the big urban data sets generated as people live, work, and move around a city. The Internet of Things (IoT)  is a great development of Internet interconnection technology after the Internet. It is no longer the interconnection between users in the simple sense, but the connection between things. But the development of the mobile Internet is faced with many problems, such as in the private process of information collection and transmission security encryption, which is needed to be solved. With the rapid development and wide application of mobile Internet technology and communication technology, interconnection makes the acquisition and application of private information become more agile [2, 3]. Due to the mobile Internet, information collection is easily invaded and attacked by malicious data in terms of stability or faces the risk of data being stolen. While network users enjoy timely and convenient personalized services, they usually need to disclose personal privacy information in exchange for corresponding services. Therefore, under the condition of IoT, the collection and transmission of information should be encrypted to ensure the security of the information system. Mobile Internet technology and communication technology have been rapidly developed and widely applied in private information encryption. The users enjoy convenient and personalized services but usually need to disclose personal privacy information as the price for the corresponding service at the same time. Private data owners that provide users with better quality of service must understand the users’ own sensitive information, the privacy information, and the contradiction between privacy information disclosure and the quality of service [4–6]. Privacy information security has gradually become a common concern of mobile Internet users and is also related to the Internet urgent problems for managers. Meanwhile, the owner of privacy data must understand users’ own sensitive information, which results in the contradiction between privacy information disclosure and service quality.
Elgendy et al.  proposed a novel framework to offload intensive computation tasks from the mobile device to the cloud. This framework used an optimization model to determine the offloading decision dynamically based on four main parameters, namely, energy consumption, CPU utilization, execution time, and memory usage. In addition, a new security layer was provided to protect the transferred data in the cloud from any attack. But this work cannot process tasks in parallel. Karthikeyan et al.  presented key exchange techniques based on secured energy efficiency in mobile cloud computing. The cloud providers must take strong security measures to protect the integrity and privacy of the healthcare-related data. But most of the researchers do not simultaneously pay attention to both integrity and privacy for Health-CPS. Therefore, Xu et al.  proposed a privacy-preserving data integrity verification model by using lightweight streaming authenticated data structures for Health-CPS. Elgendy et al.  presented a multiuser resource allocation and computation offloading model with data security to address the limitations of such devices. The computation and radio resources were jointly considered for multiuser scenarios to guarantee the efficient utilization of shared resources. Haseeb et al.  presented a Secure Sensor Cloud Architecture (SASC) for IoT applications to improve network scalability with efficient data processing and security. The proposed architecture comprised two main phases. Firstly, network nodes were grouped using unsupervised machine learning and exploited weighted-based centroid vectors for the development of intelligent systems. Secondly, the proposed architecture made use of sensor-cloud infrastructure for boundless storage and consistent service delivery. For the computational overhead and signature efficiency issues of traditional signature mechanisms, Zhu et al.  proposed a scheme of data integrity verification based on a short signature algorithm, which supported privacy protection and public auditing by introducing a trusted third party.
In the field of security encryption and transmission of mobile Internet data collection, many domestic and foreign scholars have conducted relevant exploration and research, mainly including symmetric information encryption technology represented by DES and  AES  and asymmetric information encryption technology represented by RSA .
These encryption technologies can realize the encrypted collection and transmission of Internet information according to the key management of the sender and the receiver. However, the calculation process of these existing encryption technologies is too complex, which requires higher suitability for application scenarios, and the security of overall data encryption needs to be improved. In order to solve the network users’ privacy information leakage problem, Zhang and Luo  put forward an encryption method based on metadata attributes. This method used the metadata attributes of privacy information object to evaluate data value of privacy information and classified the private information. According to the value level of privacy information, it selected the corresponding encryption method and gave privacy information encryption solution. But it ignored the integrity of the privacy information acquisition process resulting in the poor information encryption effect. Liu et al.  proposed a data encryption method based on dynamic key in the process of privacy information collection. This method adopted the retransmission packet synchronization updating the key of both sides. It used XOR algorithm to complete privacy information symmetry encryption. The keys and privacy information were as the input of the Hash algorithm. The Hash value was as the message digest to complete privacy information integrity authentication. This method effectively ensured the integrity of privacy information in acquisition process. However, the time and space complexity was higher. Wei-Wei  presented a research on information acquisition and encryption based on spatial-temporal chaos. The encryption level of information was analyzed, and the sequence generation process and density distribution of spatial-temporal chaotic encryption technology were studied. The information collection and encryption process under the condition of spatial-temporal chaotic encryption was given. Based on the stream cipher mechanism, the system encryption model was designed. Finally, the stream cipher and double-key algorithm were used. It completed the conversion between plaintext and ciphertext and realized the secure collection and transmission of information under the condition of mobile Internet. Sedghi et al.  proposed a generic model for the analysis of searchable encryption. Then, it identified the security parameters of searchable encryption schemes and proved information theoretical bounds on the security of the parameters. Yi et al.  showed that the customized data container (CDC) into DIBE (diffractive-imaging-based encryption) was introduced and a new phase retrieval algorithm (PRA) for plaintext retrieval was proposed. The PRA, designed according to the peculiarity of the CDC, combined two key techniques from previous approaches, i.e., input-support-constraint and median filtering. The proposed scheme could guarantee totally the reconstruction of the primary information despite heavy noise or occlusion, and its effectiveness and feasibility had been demonstrated with simulation results. However, some demerits are still in their schemes.
To solve the above problems, we propose a new private information encryption method in Internet of Things under cloud computing environment. The flow chart of secure encryption information acquisition is shown in Figure 1.
Our main contributions are as follows:(1)Mobile Internet privacy information can be divided into several subspaces according to its properties and acquisition time(2)All the encrypted privacy information is transmitted and stored in network relay node(3)When the node needs to read the privacy information, the data source node is required to request the corresponding subkey for the privacy information(4)The data source node determines whether to generate and return the appropriate child keys based on its policy
On the basis of the privacy information encryption method [21–23] via acquisition time, this paper introduces the segmentation and reorganization technology to divide the lengthy privacy information into smaller information slices and then integrates them after conversion. In addition, the mobile Internet node authentication is added to increase the effectiveness and reliability of the source of privacy information.
This paper is organized as follows. Section 2 gives the encryption hierarchy analysis in privacy information collection process. We introduce the information collection process encryption based on stream cipher in Section 3. Integrity optimization of privacy information encryption is verified in Section 4. Section 5 shows the experiments and results. There is a conclusion in Section 6.
2. Encryption Hierarchy Analysis in Privacy Information Collection Process
Under the cloud computing, information collection, acquisition, and transmission are more convenient. Encryption and security processing in information collection usually include three levels, namely, end-to-end encryption, encryption between nodes, and link encryption [24–26]. The hierarchy between data acquisition and transmission ensures the security of information acquisition to a large extent. Link encryption encrypts the communication path between two communication nodes and provides security authentication for data collection and transmission. Before collecting and transmitting link information, the nodes in sending and transmitting need to be encrypted. This information encryption method is usually used for the conversion of synchronous and asynchronous lines. The encryption processing of devices at both ends of the link should be carried out synchronously to improve the security of information acquisition . However, this encryption method requires frequent conversion of encryption devices, increasing the risk of loss in data collection.
Node encryption can increase the security of information collection. But for the intermediate nodes, it needs to decrypt and encrypt frequently. It is too complex and has high cost , because it will process all the node information in the link path. So the whole process of data collection requires transparency to users, which also increases the risk of information acquisition. End-to-end information encryption method has certain advantages, but some defects are still in encryption performance.
The plaintext of privacy information collection process is encrypted by bit operation. The number of iterations is large, and the encryption efficiency will decrease with the increase of the plaintext of privacy information. The plaintext is divided into many blocks, and each block generates an iterative sequence with different initial values separately. Encryption can effectively solve this problem, and the specific process is described below.
The privacy information is divided into $n$ blocks in the plaintext; the size of each block is . is the length of the plaintext, and the chunking strategy is as follows: the former blocks with equal length of privacy information is 4, and the th block is the rest of the privacy information, that is,
For each plaintext block, according to the Lorenz chaos mapping and Chen chaotic map, it generates the initial value and interference value. In the process of each iteration, it produces a random sequence value containing two random sequences, namely, the chaotic sequence value . The offset of the first character gets private information. denotes the iteration number of the Lorenz chaotic system. represents the initial iteration number of the Chen chaotic system. So the total iteration number is
The following formula can be used to calculate the corresponding chaotic sequence of each plaintext block.
In order to make the chaotic sequence generated by the Lorenz chaotic system and Chen chaotic system have coupling, we use the following formulas:
The corresponding chaotic sequence of two chaotic systems is divided into initial value sequence and interference sequence .
The initial value sequence can be regarded as the plaintext encryption sequence recursion generated by the initial value of two chaotic systems. The interference sequence makes a second interference for the privacy information ciphertext to enhance the security. To make more coupling between the Lorenz chaotic system and Chen chaotic system, we use the following equations:
After obtaining the encryption sequence, it is not possible to perform XOR operation with the private information in the plaintext, and the plaintext encryption sequence needs to be converted into a certain module space by using the following formulas:
After preparing plaintext encryption sequence, the encryption operation is performed. This process is aimed at randomly selecting multiple bytes in the plaintext block of privacy information to obtain its corresponding ASCII code . XOR operation with the encryption sequence will obtain intermediate results. And on this basis, XOR operation with the interference sequence will obtain the final ciphertext of privacy information.where represents the iteration number of the encrypted mixed chaotic system in the privacy information collection process.
3. Information Encryption Based on Stream Cipher
The private information encryption process under the condition of mobile Internet is composed of plaintext message space, encryption calculation, ciphertext message space, and decryption result.
For a given information collection plaintext and key, the plaintext should be firstly converted into ciphertext by an encryption algorithm. When the information receiver receives the ciphertext, the key source is obtained through the secret channel. And then, the ciphertext is converted into plaintext by a decryption algorithm. In ciphertext parsing, the appropriate key conversion function can be selected.
However, network attackers often take measures to intercept the ciphertext and obtain a certain element in the plaintext space. Therefore, under the condition of cloud computing, the information encryption system can classify and control the ciphertext based on three independent perspectives. In the context of cloud computing, encryption process of information collection based on chaos technology should follow the basic operating rules, namely, replacement rules and decryption rules. Every element in the plaintext information, such as sound, document, and image, is mapped and transformed into a ciphertext element according to certain password rules. The ciphertext information has been rearranged and combined to replace the plaintext information with ciphertext information.
Decryption based on chaotic technology improves the efficiency of data collection, encryption, and decryption. It reduces the risk of theft and disclosure during information distribution and storage. In essence, the setting of this mechanism is to improve the security of information collection and encryption and reduce the hidden danger of data security brought by the same key. Besides a public key, every mobile network user also holds a private key. The encryption technology based on chaotic information has higher security, smaller storage space, and lower requirements than traditional technology. According to the requirements of plaintext processing, the plaintext information is encrypted step by step according to the sequence of characters based on stream cipher by chaos technology [29–32].
Under the condition of the cloud computing, it uses the stream cipher to encrypt the sequence based on the characters in the process of information encryption process. In the conversion of plaintext and ciphertext, the bidirectional coupling image lattices and randomness test methods are used to verify the generated sequence values, so as to determine whether the sequence values of the chaotic technique match the stream cipher. In the process of transforming ciphertext into plaintext, the original plaintext information can be completely recovered by processing ciphertext signal as input value. The length of sequence value in a stream cipher scheme is adjustable, and the length of chromium point in key distribution will affect ciphertext conversion. The security level of stream cipher will determine the security of the plaintext information and the length of the containing characters.
4. Integrity Optimization of Privacy Information Encryption
Based on the privacy information encryption of acquisition time, we introduce segmentation recombinant technology, and the lengthy privacy information is divided into smaller slices. Fusion is performed after conversion. Mobile Internet node authentication is added to increase the validity and reliability of privacy information sources. The specific process is described as below.
Assume that represents the nodes of the mobile Internet. The network node randomly selected , , using hop. One of the nodes randomly divides the detected privacy information into patches. The network node retains only one patch and transmits the remaining slices of privacy information to the rest of the nodes of the mobile Internet using an encrypted method.
Suppose that the Internet node transmits privacy information to the node . The final aggregation result of the privacy information can be expressed as follows:
When the node of the mobile Internet has received the slices of encrypted privacy information of the remaining nodes, the subkeys of the nodes are used to decrypt them until the slices of privacy information of the remaining nodes are received. A weighted sum of them is conducted. Then we get
The aggregation privacy information of all mobile Internet nodes will transmit the final result to the sink node, so,
Privacy protection in the process of privacy information collection is realized by the privacy information recombination and aggregation. The aggregated privacy information is finally uploaded to the sink node, restoring the original privacy information and achieving the purpose of privacy protection.
5. Experimental Results and Analysis
In order to verify the comprehensive effectiveness of the proposed method, we conduct comparison experiments with BKG , ACBE , and DSSE  in terms of safety, integrity, and computational complexity. The experiment condition is Intel® Core™ i7-6700 CPU @ 3.40 GHz–3.41 GHz, Matlab 2017a.
The security of privacy information is often reflected by the antiaggressiveness in the collection process, which is directly related to the number of subkeys. Table 1 shows the key number with different methods which illustrates the encryption safety.
When the proposed method encrypts and transmits privacy information in the subspace, it needs to request the corresponding subkey of privacy information from the data source node. The data source node decides whether to authorize or not according to its own policy.
It can be seen from Table 1 that when the subkey number is 188 of the proposed method, the security performance of privacy information acquisition encryption is the same as BKG (701), ACBE (679), and DSSE (645). It can be concluded from the above analysis that under the same security performance condition, the method in this paper generates the minimum number of subkeys, which proves that it has a high security performance.
Table 2 displays the actual amount of encrypted privacy information data and additional overhead. PE% shows the proportion of encrypted data. AO% shows the additional overhead.
According to the analysis of Table 2, when using the method in this paper to encrypt private information, the additional cost caused by subspace division, information encryption transmission time, and data source node authorization is about 60%, which means that the extra cost is longer than the actual time of privacy information encryption operation. However, the BKG, ACBE, and DSSE methods have more costs, accounting for 85.47%, 84.79%, and 79.64%, respectively. In terms of the proportion of actual encrypted private data, since the BKG method uses nonretransmission data packets to update the key of both parties synchronously and adopts the XOR algorithm to complete symmetric encryption and decryption of privacy information, the actual amount of encrypted privacy data is large, reaching to 38.72%.
When the privacy information is encrypted by the proposed method, the privacy information is encrypted in the subspace and transmitted to the relay node. When the relay node needs to read the privacy information, only the child keys are generated for some data source nodes, and the total amount of actually encrypted privacy data is only 15.83%. The experimental results show that the proposed privacy encryption in this paper has low computational complexity.
BKG does not design the protection measure in the privacy information collection, which can lead to the loss of part of the encrypted privacy information. But in the new method, the information encrypted by segmentation and restructuring, the lengthy privacy information is divided into smaller slices. Through the integration of the reentry after conversion, it effectively guarantees the privacy information integrity in the process of polymerization. The comparison of the different methods is shown in Table 3.
It can be seen from the Table 3 that with the increasing amount of privacy information data, the integrity of information encrypted by different methods is higher. However, the new method in this paper is superior to other methods, mainly because the new method introduces authentication strategy, which can effectively ensure the integrity of privacy information in the IoT.
And message encryption and decryption processes are proved with our proposed scheme. We input two messages “I was rich” and “It is very difficult.” Table 4 is the result. It shows that the proposed method can encrypt and decrypt message accurately.
We also study the network malicious attack for security encryption in information collection process as shown in Table 5.
Table 5 shows the network attack number based on the four encryption technologies in different encryption times. At different encryption time points, the network attack number with the proposed encryption technology in this paper is the lowest, which also verifies the robustness of the encryption technology proposed in this paper.
In addition to analyzing the efficiency of information security, this paper also compares and verifies the information collection and transmission effects of encryption technology. The selected comparison technology is RSA encryption technology. Figure 2(a) shows the original plaintext image, and Figure 2(b) shows the encrypted image with the proposed method. It can be seen that the proposed encryption has good effect under cloud computing environment, with high security and confidentiality.
Figure 3(a) shows the effect of image decrypted by the new method, which is true and clear; it is consistent with the detailed information and display effect of the original image. Figure 3(b) shows the decryption effect processed by RSA technology. After comparison with the original image, it is found that some details are missing, and the gray-level information of the image is inconsistent with the original image.
The main reason for this situation is that the RSA technology does not adopt double-key decryption. In order to provide security to extend the length of the encoding, it leads to the inconsistency of some image character information before and after encryption. However, the encryption technology proposed in this paper has a very high security, changing the sequence length before and after the encryption of information, and has a high security. The original image is obtained from the decoded information without losing any detailed information. In the process of decryption, the MDS file is restored, and it improves the security and reliability of the decoded image.
Because chaotic algorithm has no obvious symmetry and periodicity requirement, it is more concise in problem processing, so it is very suitable for private information encryption. Chaos has rich hierarchical structure characteristics. This paper makes full use of the advantages of chaos technology to improve the security of mobile Internet users’ information collection and output. Then, we use stream cipher and dual-key algorithm to complete freedom nondestructive transformation between plaintext and ciphertext to ensure the integrity of the encrypted information. The experimental result proves the superiority of the proposed encryption technology. In the future, more deep learning methods will be applied to the private information encryption. And they will be applied to practical projects.
The data used to support the findings of this study are available from the corresponding author upon request.
Conflicts of Interest
The authors declare that there is no conflict of interest regarding the publication of this paper.
This work was supported by the Natural Science Foundation of Gansu Province of China (18JR3RE245).
S. Yin and J. Liu, “A K-means approach for map-reduce model and social network privacy protection,” Journal of Information Hiding and Multimedia Signal Processing, vol. 7, no. 6, pp. 1215–1221, 2016.View at: Google Scholar
J. Liu, S. Yin, H. Li, and L. Teng, “A density-based clustering method for K-anonymity privacy protection,” Journal of Information Hiding and Multimedia Signal Processing, vol. 8, no. 1, pp. 12–18, 2017.View at: Google Scholar
L. Meng, S. Yin, C. Zhao, H. Li, and Y. Sun, “An improved image encryption algorithm based on chaotic mapping and discrete wavelet transform domain,” International Journal of Network Security, vol. 22, no. 1, pp. 155–160, 2020.View at: Google Scholar
L. Teng, H. Li, J. Liu, and S. Yin, “An efficient and secure cipher-text retrieval scheme based on mixed homomorphic encryption and multi-attribute sorting method,” International Journal of Network Security, vol. 20, no. 5, pp. 872–878, 2018.View at: Google Scholar
J. Xu, L. Wei, W. Wu, A. Wang, Y. Zhang, and F. Zhou, “Privacy-preserving data integrity verification by using lightweight streaming authenticated data structures for healthcare cyber-physical system,” Future Generation Computer Systems, vol. 108, pp. 1287–1296, 2020.View at: Publisher Site | Google Scholar
Z. Zhang and J. Luo, “A data value classification and encryption mechanism based on metadata attributes,” Journal of Northwest University, vol. 46, no. 2, pp. 188–194, 2016.View at: Google Scholar
M. A. Wei-Wei, “Research on security encryption for information acquisition under mobile Internet,” Electronic Design Engineering, vol. 26, no. 23, 2018.View at: Google Scholar
X. Wang, S. Yin, H. Li, L. Teng, and S. Karim, “A modified homomorphic encryption method for multiple keywords retrieval,” International Journal of Network Security, 2020.View at: Google Scholar
M. Hwang, E. Cahyadi, C. Yang, and S. Chiou, “An improvement of the remote authentication scheme for anonymous users using an elliptic curve cryptosystem,” in 2018 IEEE 4th International Conference on Computer and Communications (ICCC), pp. 1872–1877, Chengdu, China, 2018.View at: Publisher Site | Google Scholar
C. Yang, Y. Lin, and M. Hwang, “Downlink relay selection algorithm for amplify-and-forward cooperative communication systems,” in 2013 Seventh International Conference on Complex, Intelligent, and Software Intensive Systems, pp. 331–334, Taichung, Taiwan, 2013.View at: Publisher Site | Google Scholar
L. Teng and H. Li, “A high-efficiency discrete logarithm-based multi-proxy blind signature scheme via elliptic curve and bilinear mapping,” International Journal of Network Security, vol. 20, no. 6, pp. 1200–1205, 2018.View at: Google Scholar