IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 10, OCTOBER 2018 4519
Secure Data Storage and Searching for
Industrial IoT by Integrating Fog Computing and
Cloud Computing
Jun-Song Fu , Yun Liu , Han-Chieh Chao , Senior Member, IEEE,
Bharat K. Bhargava , Fellow, IEEE, and Zhen-Jiang Zhang , Member, IEEE
Abstract—With the fast development of industrial Internet
of things (IIoT), a large amount of data is being generated
continuously by different sources. Storing all the raw data
in the IIoT devices locally is unwise considering that the end
devices’ energy and storage spaces are strictly limited. In
addition, the devices are unreliable and vulnerable to many
threats because the networks may be deployed in remote
and unattended areas. In this paper, we discuss the emerg-
ing challenges in the aspects of data processing, secure
data storage, efficient data retrieval and dynamic data col-
lection in IIoT. Then, we design a flexible and economical
framework to solve the problems above by integrating the
fog computing and cloud computing. Based on the time la-
tency requirements, the collected data are processed and
stored by the edge server or the cloud server. Specifically,
all the raw data are first preprocessed by the edge server
and then the time-sensitive data (e.g., control information)
are used and stored locally. The non-time-sensitive data
(e.g., monitored data) are transmitted to the cloud server
to support data retrieval and mining in the future. A series
of experiments and simulation are conducted to evaluate
the performance of our scheme. The results illustrate that
the proposed framework can greatly improve the efficiency
and security of data storage and retrieval in IIoT.
Index Terms—Cloud computing, fog computing, indus-
trial Internet of things (IIoT), secure data storage and
retrieval.
Manuscript received November 28, 2017; revised December 24, 2017;
accepted January 1, 2018. Date of publication January 15, 2018; date
of current version October 3, 2018. This work was supported in part by
Fundamental Research Funds for the Central Universities under Grant
2015YJS027 and in part by Natural Science Foundation under Grant
61772064. Paper no. 17-2732. (Corresponding author: Yun Liu.)
J.-S. Fu, Y. Liu, and Z.-J. Zhang are with the School of Elec-
tronic and Information Engineering, Beijing Jiaotong University, Beijing
100044, China (e-mail: 14111005@bjtu.edu.cn; liuyun@bjtu.edu.cn;
zhangzhenjiang@bjtu.edu.cn).
H.-C. Chao is with the School of Information Science and Engineering,
Fujian University of Technology, Fuzhou 350118, China, with the School
of Mathematics and Computer Science, Wuhan Polytechnic University,
Wuhan 430023, China, with the Department of Electrical Engineering,
National Dong Hwa University, Hualien 974, Taiwan, and also with the
Department of Computer Science and Information Engineering, National
Ilan University, I-Lan 26041, Taiwan (e-mail: hcc@mail.ndhu.edu.tw).
B. K. Bhargava is with the Department of Computer Science, Purdue
University, West Lafayette, IN 47906 USA (e-mail: bbshail@purdue.edu).
Color versions of one or more of the figures in this paper are available
online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TII.2018.2793350
I. INTRODUCTION
A S WE step into the Internet of things (IoT) era, terabytesof data with different sources and structures are being pro-
duced worldwide per day. In recent years, IoT has been widely
used in the industrial field [1]–[5] and hence industrial IoT
(IIoT) appears. The generated data of IIoT are of great value
and they can be used to run the networks or extract knowledge
and rules. How to process, store, and manage the data securely
and efficiently is a great challenge. Fortunately, fog computing
and cloud computing provide us an opportunity to solve these
problems properly. Fog is close to the networks, i.e., the sources
of the data, and it can access the data in a time-efficient manner.
Consequently, the time-limited data should be processed and
stored locally to run the network normally [6], [7]. However,
storing all the data in the edge servers is unwise considering the
low stability and reliability. Moreover, retrieving and mining the
data stored by numerous edge servers in a distributed manner
is impractical. Cloud computing is treated as a promising IT
infrastructure, which can gather and organize huge IT resources
to support on-demand access service in a flexible and economi-
cal manner [8]. Pushed by the data storage requirement of IIoT
and attracted by these excellent features of cloud computing,
an intuitive approach is outsourcing the nontime-sensitive data
to the cloud [9]–[14] while guaranteeing both the security and
searchability of the data. Note that, though quite a large portion
of the data is stored in the cloud, the whole system needs to
employ the edge server as a fundamental tool. In fact, cloud
computing and edge computing are interdependent with each
other and they together form a service continuum between the
cloud and the end devices of IIoT [15]–[17].
In this paper, we design a data processing framework for IIoT
by integrating the functions of data preprocessing, storage and
retrieval based on both the fog computing and cloud computing.
The overall data processing system of IIoT consists of five main
entities as shown in Fig. 1: IIoT, Edge server, Proxy server,
Cloud server and Data users. The black arrows in the left half
figure represent the process of data collection, processing, and
outsourcing. The red arrows mainly in the right half figure rep-
resent the process of secure data query. The IIoT continuously
collects data from physical environments and then sends the data
to the edge server. The time-sensitive data are first extracted and
processed by the edge server and then the data will be dropped
1551-3203 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
4520 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 10, OCTOBER 2018
Fig. 1. System of data process, storage, and retrieval in IIoT.
if they will not be used in the future. However, some archived
data need to be preprocessed and uploaded to the cloud server
for storage and retrieval. The proxy server is responsible for im-
proving the quality of the data generated by a set networks and
making the data suitable for being stored in the cloud server.
Moreover, the data need to be encrypted by the proxy server
while maintaining both the security and searchability which
will be discussed in Section IV-C. When an authorized data
user wants to obtain some specific historical data, he just needs
to build a trapdoor with the help of the proxy server and then
send the trapdoor to the cloud server. Based on the trapdoor, the
cloud server searches the encrypted index structures by a search
engine to get the result and sends the encrypted data to the data
user. At last, the data user decrypts the search result to get the
plaintext data.
To store the data in a secure, searchable, and dynamic manner,
there are many challenges and considerations in the process of
designing our framework and they are presented as follows.
1) In general, the end devices of IIoT are redundantly de-
ployed and they may collect redundant, heterogeneous,
dynamic, one-sided and inaccurate data [18]. As a con-
sequence, the raw data are not suitable for being stored
and retrieved.
2) The ultimate goal of storing the data in the cloud is reusing
them in the future and hence searching a specific set of
data efficiently and accurately is an essential requirement
for the data users.
3) For security, we need to protect the data’s confidential-
ity without obvious decreasing of usability. Specifically,
privacy-preserving schemes should be designed and em-
ployed in the data storage system.
4) Considering that the data are dynamically collected and
some new data may be generated in the future, the data
in the cloud need to be organized dynamically and mean-
while the index structure also needs to support dynamic
update.
In this paper, we discuss the emerging challenges and basic so-
lutions to move the IIoT forward. Specifically, we design a data
processing framework for IIoT and attempt to solve the above
problems properly. The rest of this paper is organized as follows:
We first summarize the related work of our scheme in Section II
and present the network and system models in Section III.
We discuss the considerations when refining the raw data and
design an object-oriented data index structure based on retrieval
features (RF) and a privacy-preserving data retrieval scheme
based on secure kNN algorithm [19] in Section IV. Moreover, a
dynamic data collection method is also provided. The security
of our framework is analyzed in Section V. Performance evalu-
ation by both experiments and simulation is given in Section VI.
Finally, we conclude this paper in Section VII.
II. RELATED WORK
In this section, we mainly introduce the existing schemes of
data storage for IoT. Recently, with the emerging of IoT and
cloud computing, many IoT data storage schemes have been de-
signed based on cloud computing in the literatures. Jiang et al.
proposed a data storage framework [12] enabling efficient
storage of both structured and unstructured data. The frame-
work combines and extends multiple existing databases such
as Hadoop, NoSQL database and relational database to store
and manage diverse types of IoT data. The data users can ac-
cess the stored data through the interfaces provided by the cloud
server. However, a disadvantage of this framework is the long la-
tency which is an inherent property of cloud-based data storage
schemes. A framework including frontend layer, middle layer,
and backend layer [9] is proposed to seamlessly integrate IoT
data storage schemes to existing enterprise information systems.
This method can be easily accepted by the data owners consid-
ering that existing information systems are mature. To store a
huge amount of heterogeneous data, a hybrid approach [13] is
proposed to optimize data storage and retrieval which couples
the document and object-oriented strategies. Moreover, some
implementation details are also discussed. Kim et al. [14] de-
signed a polynomial-time algorithm for efficiently downloading
the packages from the cloud to the IoT devices. This approach
can compute the amount of power allocation based on buffer
backlog and the state of communication links to improve the
overall performance.
Except for cloud computing, the fog computing technology
is also employed to store and share the data in IoT. To support
the latency sensitive data processing and storage, an efficient
data sharing scheme [6] that allows smart devices to share
the data with others at the edge of the IoT is proposed. In
addition, the data users can search and retrieve interested
data by keywords and their secret keys. Simulation result
demonstrates that the proposed scheme has the potential to be
effectively used in the IoT. However, the size of the network is
strictly limited in the scheme and in addition it is impractical to
store a large amount of data for further processing and mining
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
FU et al.: SECURE DATA STORAGE AND SEARCHING FOR INDUSTRIAL IOT BY INTEGRATING FOG COMPUTING AND CLOUD COMPUTING 4521
considering the efficiency and security problems. Similar to
our framework proposed in this paper, some other schemes also
attempt to combine the fog computing and cloud computing to
improve the quality of service in terms of latency, security, and
flexibility. Sharma et al. [20] discussed the advantages of cloud
computing and edge computing, respectively. In summary, the
cloud computing can construct a shared pool of computing
and storage resources and the edge computing can process the
data in real time. By combining these two techniques, the pro-
posed framework can obtain the network-wide knowledge by
exploiting the historical information stored in the cloud center
and the knowledge can be used to guide the edge computing to
satisfy various performance requirements of heterogeneous IoT
networks. An attribute-based encryption scheme is proposed in
[21] to make full use of edge servers. The collected data are first
encrypted by the edge server before being outsourced to the
cloud server. Experimental results illustrate that the edge servers
bear a large portion of the workload. However, this scheme does
not support efficient data search and hence the functionalities
are limited. Choi et al. [22] took the lessons of designing an
operating system from the long history of operation systems
and designed a distributed operation system specifically for the
IoT, i.e., FogOS, which can manage both the cloud resources
and fog resources. In addition, FogOS is also a platform
of incentivizing and connecting individually owned IoT
devices.
III. NETWORK AND THREAT MODELS
We assume that a large number of IIoT terminal nodes are
randomly deployed in an interested area to monitor the surround-
ing physical environment such as the work status of machines
or the gas density in a factory. Each node consist the power
module, perceptive module, data processing module, communi-
cation module, etc. We further assume that each pair of sensor
nodes can negotiate a common session key to securely commu-
nicate with each other. The nodes in the network can transmit
the data to the edge server in a relay manner by employing
proper routing algorithms. The edge server is assumed to be
stronger than the common IIoT nodes in both power and com-
puting capability. We further assume that the edge server can
preprocess the raw data of IIoT efficiently and execute compli-
cated instructions to run the network properly. The edge server
is connected to the proxy server and cloud server by wire or
wireless links. The edge server and proxy server are assumed to
be honest to the IIoT. This is reasonable considering that they
are closer to the data sources in IIoT and they can be controlled
by the network operators in general. For example, we may de-
ploy an IIoT to monitor the status of industrial machines where
an edge server is employed to run the network. Apparently, the
edge server is deployed locally and it is totally controlled by
the industrial factory. However, the cloud server is public and
it is assumed to be “honest-but-curious” which is similar to the
models in [23] and [24]. Specifically, the cloud server can hon-
estly execute the instructions and however it is curious to infer
and analyze all the received data from the proxy server and data
users.
IV. FRAMEWORK OF SECURE DATA STORAGE AND
SEARCHING FOR IIOT
A. Data Integration and Fusion
Data integration and fusion is the most important basement
of the total framework and it is briefly discussed as follows. In
IIoT, the data are collected from multiple sources such as radio
frequency identification (RFID), GPS devices and smart meters,
and the data carriers can be messages, pictures, videos, numer-
ical data, etc. Even for one type of the data carriers, such as the
numerical data, the specific data models are various [25], includ-
ing probability model, fuzzy set model, possibility model, rough
set model, D-S evidence theory model, etc. Though integrating
massive structured, semistructured, and unstructured data into a
unified framework is a huge challenge, it is meaningful to merge
the data and create a comprehensive and meaningful view for
future utility [26]. Specifically, the data need to be first trans-
formed to a unified resource description framework and then
fused to eliminate the redundant data.
A novel concept called Information Object is proposed in
[27] to model the data coming from several sources and transfer
them to a unified structure for storage and mining. Further, an
event information management platform is designed to collect
and analyze heterogeneous data streams. In [28], a resource
description framework called heterogeneous event processing
(HEP) is proposed in which the representations of relational
and XML event streams are integrated. To decrease the storage
space in the cloud server and communication burdens of the
network, the data need to be fused at different levels according
to the requirements of the data users. An elaborate survey of
data fusion techniques at numerical level is presented in [25].
Moreover, Thing Broker [29] is designed to integrate totally
different IoT objects by employing abstracts to represent the
objects, while maintaining simple and flexible interfaces for
various applications.
The low quality of the data is another challenge, and some
false and missing values often appear because the end devices
are often unstable and unreliable. To guarantee the completeness
of the dataset, the imperfect data should be eliminated by the
outlier detection technique. In addition, the missing data values
should also be modified and predicted by the edge server. A
missing data prediction scheme for IoT is achieved in [30] by
implementing the least mean square dual prediction algorithm
and the optimal step size is obtained by minimizing the mean-
square derivation.
B. Object-Oriented Data Organization and Retrieval
After getting the high-quality data, an effective index struc-
ture needs to be built in order to improve the search efficiency. In
this paper, the data are organized around the monitored objects
of the IIoT. For example, a set of smart devices may be deployed
in an industrial machine to monitor its work status and thus all
the generated data about the machine share the same identifier
which is related to the monitored machine. This is reasonable
considering that the data fragmentations are meaningless un-
less they are collected together to describe the machine. To
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
4522 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 10, OCTOBER 2018
identify the monitored objects, an easy method is assigning se-
rial numbers to them and we can also add some basic description
information into the identifiers, such as the categories. How to
encrypt the object identifiers and search the interested data based
on the encrypted identifiers will be discussed in Section IV-C,
where an Identifier-Adelson-Velsky-Landis tree is built to im-
prove the search efficiency.
Except for searching the data by identifiers, the data users may
also want to search the data of the monitored objects by some
features. For example, the data users may query the monitored
data about the buildings around Purdue University which have
been used for about ten years. We assume that the top-k relevant
buildings’ data are needed. To support the feature-based data
query, we can describe each monitored object Oi by an n-
dimensional attribute vector AVi which is another identifier of
the stored data. An n-dimensional feature dictionary A with n
important features is employed to regulate the feature vectors.
For object Oi ,AVi [j] is the value on featureA[j] and the default
value is set as 0. Similarly, a query request is mapped to a query
vector Q. An open issue is how to transform the feature values
to numerical values and define the relevance scores between the
feature vectors and query vectors. In this paper, we assume that
the value of each feature ranges from 0 to 1 and the relevance
score between a query vector and a feature vector is defined as
the inner product of the two vectors.
To improve the search efficiency of feature-based data query,
we design an RF tree to organize the objects’ feature vectors
as hierarchical clusters. Given K n-dimensional feature vectors
AV1,AV2, . . . ,AVK in a cluster, the RF vector of the cluster
is defined as a quadruple (K,LS, SS, Vmax), where K is the
number of feature vectors in the cluster, LS is the linear sum of
theK vectors,SS is the square sum of theK vectors, andVmax is
defined as Vmax[j] = max(AV1[j],AV2[j], . . . , AVK [j]) and
AVi [j] is the jth dimension of vectorAVi . Based on a RF vector,
the center and radius of the cluster can be easily calculated as
discussed in [31]. Specifically, the center of the cluster can be
calculated as follows:
c = LS/K. (1)
The radius of the cluster is defined as follows:
R =
√
√
√
√
K∑
j=1
(AVj − c)2/K (2)
and it can be calculated based on the RF vector as follows:
R =
√
(SS − LS2/K) /K. (3)
As a consequence, the RF vector is an important summariza-
tion about the cluster.
An RF tree is presented in Fig. 2. It can be observed that the
tree is height balanced and we can easily infer this based on
the construction process of the tree which will be presented in
the following. The structure of the tree is mainly controlled by
three parameters: branching factors B1, B2 and a threshold T .
We call a node as a nonleaf node if it represents a macrocluster
and the node represents a microcluster is defined as a leaf node.
Each nonleaf node NLi contains at most B1 child nodes and it
Fig. 2. Structure of an RF tree.
is denoted as [RF,RF1, child1, . . . , RFB1 , childB1 ], where RF
is the RF vector of the whole cluster, RFi is the RF vector of the
ith subcluster and childi is the pointer to ith subcluster. A leaf
node Li contains at most B2 feature vectors and it is defined
as [RF, child1, . . . , childB2 ], where RF is the RF vector of
the cluster, childi is the pointer to the ith feature vector in the
cluster. Further, all the feature vectors in a leaf node must satisfy
a threshold requirement, i.e., the radius of a microcluster has to
be less than T .
The RF tree is constructed in an incremental manner and the
process of inserting a feature vector AVi into the RF tree is
presented as follows.
1) Identifying the leaf node: starting from the root node,AVi
recursively descends the RF tree by choosing the closest
child node according to the Euclidean distances between
AVi and the centers of the clusters.
2) Modifying the leaf node: when AVi reaches a leaf node
Li , we test whether node Li can “absorb” AVi without
violating the constraints ofB2 andT . If so,AVi is inserted
into Li and the RF vector of Li is updated to reflect this.
If not, we must split Li to two new leaf nodes. Node
splitting is done by choosing the farthest pair of feature
vectors as seeds, and redistributing the remaining vectors
based on the closest criteria. Apparently, the RF vectors
of the two new leaf nodes need to be recalculated in this
case.
3) Modifying the path from the root node to the leaf node:
after inserting AVi into a leaf node, we need to update
the RF vectors of all the nodes on the path from the root
node to the leaf node Li . In the absence of a split, this
simply involves updating RF vectors in order from the
leaf node to the root based on [31, Th. 4.1]. A leaf split
requires us to insert a new leaf node to the parent node. If
the parent node has space for the new leaf, we just need
to insert the new leaf node and then update the RF vector
of the parent node. In general, however, we may have to
split the parent node as well, and so up to the root. If the
root is split, the tree height increases by 1.
In the RF tree, all the feature vectors of the objects are orga-
nized based on their relative similarities. It is of high probability
that two similar vectors are assigned to the same cluster and this
property can greatly improve the search efficiency. For a query
vector Q provided by a data user, a parallel data search process
can be easily executed in the cloud server to get the top-k rele-
vant objects. Assume that there are l processors {p1, p2, . . . , pl}
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
FU et al.: SECURE DATA STORAGE AND SEARCHING FOR INDUSTRIAL IOT BY INTEGRATING FOG COMPUTING AND CLOUD COMPUTING 4523
sharing the same result listRL composed of the relevance scores
between the query vector and the current top-k relevant objects.
Given a query vector, RL is initialized by searching the feature
vectors in the most relevant leaf node. Then, all the necessary
search paths are selected from the root node to the leaf nodes
based on criteria Q · Vmax > Rk where Vmax is the last entry
contained in a node’s RF vector and Rk is the smallest relevance
score in RL. If the search can be continued on l′ search paths
and there are not less than l′ idle processors, any l′ processors
are selected and each processor is responsible for searching a
child path. Otherwise, the redundant paths are put into a waiting
queue and once an idle processor appears, it takes the oldest
path in the waiting queue to continue the search. If a leaf node
is scanned by a processor, the RL is updated for a time and ap-
parently Rk is also updated. In the search process, quite many
paths are pruned by the criteria Q · Vmax > Rk and the search
efficiency is greatly improved. The reasonability of the criteria
is given as follows. Based on the definition of Vmax , it can be
easily analyzed that the similarity between Q and any member
in the cluster is not larger than Q · Vmax and hence it is also not
larger than Rk . Therefore, any member in the cluster cannot be
a part of the search result if Q · Vmax ≤ Rk .
C. Privacy-Preserving Data Search
The IIoT data are very valuable and leaking them to the cloud
server or the unauthorized data users is unacceptable for the data
owners. To protect the security of the data completely, the data,
serial numbers, and feature vectors need to be encrypted before
being outsourced to the cloud server. Specifically, we encrypt
them by different schemes according their different characteris-
tics. Because the search processes are executed on the encrypted
index structures and the content of the data is not used, the data
can be encrypted by a proper symmetric encryption algorithm
with a set of symmetric secret keys. The serial-number-based
search returns the accurate results that contain a specified object
serial number and an easy way is mapping the serial numbers
to their hash values by a hash function. Further, we design an
ID-AVL tree for the hash values based on the AVL tree [32].
The AVL tree can be constructed in an incremental manner and
hence it can be easily updated based on the rotation operations
from time to time [32]. The most important property of the
tree is that that the left child nodes of a parent node always
have smaller values and the right child nodes always have larger
values. Consequently, the operations of lookup, insertion and
deletion a node in the tree all take O(log(N)) time in both the
average and worst cases where N is the number of the nodes
in the tree. In the search process, the data user first hashes the
serial number and then the cloud server searches the hash value
in the ID-AVL tree to locate the interested data without knowing
the exact serial number. In our framework, a searching process
equals to searching a specific node in the tree and hence the time
complexity is also O(log(N)).
Another challenge is how to encrypt the RF tree while main-
taining the searchability of it. In other words, we need to encrypt
all the feature vectors in the tree. In this paper, an encryption
scheme for the vectors is designed based on the secure kNN
algorithm [19] which has been widely used in privacy-
preserving document search schemes [23], [24]. The entries
LS and Vmax in a RF vector are treated as common feature vec-
tors when encrypting the RF tree. In the encryption algorithm,
the proxy server first randomly generates an n× n invertible
matrix M1. Given an feature vector AVi (represented by a col-
umn vector), it is encrypted by MT1 AVi and correspondingly the
trapdoor of a query vector Q (represented by a column vector)
is built by M−11 Q. The relevance score between AVi and Q,
which is defined as the inner product of them, can be calculated
by the encrypted vectors as AVi · Q = (MT1 AVi)T M−11 Q. As
a consequence, the relevance scores can be calculated accurately
by the cloud server without knowing the plaintext vectors in the
data search process. When a new query request is generated,
the data user first maps it to a trapdoor which is then sent to the
cloud server. Based on the encrypted RF tree, the feature vectors
can be ranked based on the relevance scores with the trapdoor
and the corresponding encrypted data are sent to the data user
in order.
As proved in [19], if the cloud server can access the encrypted
RF tree and trapdoors only, it cannot recover the plaintext of
the RF tree. However, if the cloud server knows some other
background information such as a set of plaintext feature vectors
and the corresponding encrypted vectors, it may calculate M1,
and consequently the whole encrypted RF tree can be decrypted
easily. To defend against this stronger threat model, we can split
AVi to AV′i and AV′′i , and split Q to Q′ and Q′′. Specifically,
a n-dimensional bit vector S is first randomly generated and if
S[j] = 0, AV′i [j], AV′′i [j] are set equal to AVi [j], and Q′[j],
Q′′[j] are set to two random numbers whose sum is Q[j]; if
S[j] = 1, the splitting process is similar except that the roles of
AVi andQ are switched. The split vectors are encrypted by two
invertible matrix M1 and M2, and specifically, AV′i and Q′ are
encrypted as MT1 AV′i and M−11 Q′; AV′′i and Q′′ are encrypted
as MT2 AV′′i and M−12 Q′′. In this way, the inner product of AVi
andQ can be calculated based on the four encrypted vectors [19].
The security of the scheme can be further improved by adding
some artificial dimensions. Both the feature vectors and query
vectors are extended from n-dimensions to (n + n′)-dimensions
and the values of AVi [m], Q[m] (n + 1 ≤ m ≤ n + n′) are
randomly generated while guaranteeing that the inner product
of the added dimensions is 0. Though all the feature vectors
share the same extended values, their encrypted formats are
totally different by combining the split technique.
D. Dynamic Data Collection Mechanism
With the development of modern industry, more and more
objects need to be monitored by the IIoT and the corresponding
data need to be outsourced to the cloud. In addition, some in-
formation about the outdated objects needs to be deleted from
the dataset. Therefore, the ID-AVL tree and the RF tree need
to be updated dynamically. When a new object appears in the
IIoT, we first assign a unique identifier to the object and the hash
value of the identifier is also calculated and sent to the cloud
server. Then, the hash value is inserted to the ID-AVL tree by
the cloud server and the structure of the tree is also updated.
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
4524 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 10, OCTOBER 2018
In addition, the ID-AVL tree also supports deleting operation.
Updating the RF tree is more complex, and we need to first
update the plaintext RF tree in the proxy server and then
synchronize the encrypted tree in the cloud server. Consider-
ing that the RF tree is incrementally constructed, it naturally
supports inserting new nodes into the tree. We can also delete a
feature vector from the RF tree with three steps including: Identi-
fying the feature vector, Modifying the leaf node, and Modifying
the path from the root node to the leaf node, which is similar to
the process of inserting a node into the tree. However, we may
need to combine nodes rather than split nodes and the update
process of RF vectors is also slightly different.
Another challenge is how to synchronize the encrypted RF
tree when the unencrypted RF tree changes. Specifically, a set
of update instructions should be designed to update RF vec-
tors, split two nodes, and combine two nodes. The process of
generating the instructions is presented as follows.
1) Generation of a RF vector update request: an RF vector
update request for node u in the encrypted tree is defined
as {u,RFnew}, where u is the node identifier and RFnew
is the new RF vector of the node.
2) Generation of a splitting request: a splitting request for
node u is defined as {u, u′, RF′, u′′,RF′′}, where u is
the split node, u′ and u′′ are the two new nodes derived
from u, and RF′, RF′′ are the corresponding RF vectors.
3) Generation of a combining request: the request of com-
bining two nodes u′, u′′ is defined as {u′, u′′, u,RFnew}
where u′ and u′′ are the two combined nodes, u is the
new node, and RFnew is the RF vector of u.
Based on the update request, the process of updating the
encrypted RF tree is presented as follows.
1) Updating the RF vector of a node: once an RF vector up-
date request {u,RFnew} is received by the cloud server,
it replaces the original RF vector of u by RFnew .
2) Splitting a node: once a splitting request
{u, u′, RF′, u′′,RF′′} is received, the cloud server
first finds the parent of u and deletes the pointer to u.
Then, two new pointers to u′ and u′′ are inserted to the
parent node.
3) Combining two nodes: once a combining request
{u′, u′′, u,RFnew} is received, the cloud server first finds
the parent node of u′ and u′′, and then delete the pointers
to u′ and u′′. At last, the pointer to u is inserted to the
parent node.
In addition, the monitored data of the existing objects are also
expanding considering that more and more data are generated
by the IIoT. In the cloud, the data of an object are stored in
a discrete way. For example, the proxy server can collect one
object’s data for a day and then outsource the data to the cloud
server. Further, the data can be clustered by the features and
then outsourced independently. Each minimum unit of the data
is called a data point and assigned a unique identifier in the
scope of a monitored object. To support fine-grained search, a
function that maps the plaintext description about a data point
to its identifier in the scope of a monitored object needs to be
designed. In this way, the data users can retrieve the data points
by a two-layer search manner, i.e., they first locate the interested
Fig. 3. Framework of data collection, storage, retrieval, and mining.
objects by ID-AVL tree or RF tree, and then access the specific
data points by the map function.
E. Overall Flowchart of IIoT Data Processing and Open
Issues
In this section, we present the flowchart of data processing
in IIoT from a wider view as shown in Fig. 3 and then discuss
some open issues. The IIoT devices are responsible for collect-
ing data which are aggregated and fused at the data level in a
collaborative way and then delivered to the edge server. After
receiving the data, the edge server needs to transform them into
a unified representation framework and fuse them at the feature
level for convenient storage. In addition, the false data and miss-
ing data should be also processed properly. To improve search
efficiency and support multiple search patterns, corresponding
index structures need to be constructed and the ID-AVL tree
and RF tree are built by the proxy server. To protect the feature
privacy, the RF tree is encrypted by the secure kNN algorithm.
At last, the proxy server outsources all the encrypted data, index
structures to the cloud. When the data users want to search the
data, they send the trapdoors of the queries to the cloud server
which can be used to search the encrypted index structures. The
cloud server is employed to store the data and execute the search
operations properly. The encrypted results are sent to the data
users and the data users can decrypt the encrypted data based
on their secret keys.
Moreover, the data users and IIoT can communicate with the
cloud server to execute specific instructions. Considering the
huge amount of the IIoT data, it is likely that the data users em-
ploy the cloud server to mine the data. An important application
of the cloud is parallel computing which is much more time
efficient than that of traditional computing techniques. In real
life, many applications are run on the cloud. In order to control
the IIoT devices which may be embedded in the smart factories,
the users can send instructions to the IIoT by the cloud directly.
In this case, we need to employ the mature communication
techniques such as 4G and WIFI.
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
FU et al.: SECURE DATA STORAGE AND SEARCHING FOR INDUSTRIAL IOT BY INTEGRATING FOG COMPUTING AND CLOUD COMPUTING 4525
V. SECURITY ANALYSIS
A. Data Security in the IIoT
In the predeployment phase, each IoT node is assigned with a
unique identity, a public key, and a secret key. Once the network
is deployed, each pair of the neighboring nodes generates a
shared session key to guarantee the data transmission security
between the two nodes. Moreover, each IoT node needs to have a
session key with the edge server. Therefore, the adversary cannot
eavesdrop on the encrypted information in the data transmission
process. If the adversary scatters some malicious nodes into the
network to act as the common IoT nodes, they cannot negotiate
the session key with any IoT node considering that they do
not have the legal identity, public key, and secret key. In the
worst case, the adversary may compromise some IoT nodes and
however he can obtain only the local data rather than all the data
received by the compromised nodes. Consider an example that
an IoT node sends the monitored information to the edge server
and a compromised node happen to locates on the routing path.
In this case, the compromised node cannot decrypt the package,
because the package is encrypted by the session key of the IoT
node and the edge server.
B. Data Security in the Edge Server and Proxy Server
As discussed in Section III, the edge server is assumed to be
reliable. Once the encrypted data packages are received, the edge
server first decrypts them and then processes them according to
the preset instructions. At last, the time-limited data are stored
in the edge server. The other data and the index structure are
encrypted by the proxy server before being outsourced to the
cloud server. In the process of delivering the ciphertext to the
cloud server, the ciphertext is further encrypted by a symmetric
encryption scheme to protect them from leaking.
C. Data Security in the Public Cloud Server
The cloud server stores a large amount of data generated by
the IIoT. However, all the data are stored in ciphertext form and
they cannot be decrypted without the data users’ secret keys. In
addition, the ID-AVL tree stores a set of hash values rather than
the plaintext identifier. Meanwhile, the RF tree is encrypted by
the secure kNN algorithm. Though the cloud server is curious
to infer the information beneath the encrypted vectors in the
encrypted RF tree, it cannot obtain the plaintext vector according
to the security of the kNN algorithm [19].
VI. PERFORMANCE EVALUATION
In this section, we evaluate the performance of the proposed
framework based on both real experiments and simulation. A
system prototype of the proposed framework is first built to
monitor the temperature of a factory workshop. Then, we test
our framework in terms of data transmission amount and storage
space, synchronization time and data retrieval efficiency. To be
fair, the proxy server is ignored in the experiments considering
that it is used to guarantee the security of the framework which
has been theoretically analyzed in Section V.
TABLE I
EXPERIMENTAL SETTINGS
Parameter Value
Number of nodes 6
Connection of the nodes
in the IIoT
IEEE 802.15.4
Connection of the edge
server and cloud server
The Internet
Edge server Laptop (2.6 GHz Intel Core processor, Window 7
operation system and a RAM of 4 GB)
Cloud server Desktop (3.6-GHz Intel Core processor, Windows 7
operation system, and a RAM of 8 GB)
Data fusion Average data fusion
Sensing interval 1 s
A. Experimental Settings
In the experiment, we deploy six temperature sensor nodes to
form a wireless linked IIoT and the network is used to monitor
the temperature of a factory workshop. The nodes communicate
with each other by the ZigBee protocol. We employ a laptop with
2.6-GHz Intel Core processor, Window 7 operation system, and
a RAM of 4 GB to act as an edge server. As discussed previ-
ously, the edge server is responsible for running the network and
preprocessing the raw data. The sensor nodes can communicate
with the edge server through one-hop or multihop manner. A
desktop computer with 3.6-GHz Intel Core processor, Windows
7 operation system, and a RAM of 8 GB is employed to act
as the cloud server. The edge server is connected to the cloud
server through Internet and it employs the average data fusion
algorithm to fuse the readings. The experimental settings are
summarized in Table I.
B. Data Transmission Amount and Storage Space in the
Cloud Server
In this section, we assume that the sensor nodes measure the
temperature every 1 s and then directly send the readings to
the edge server. After collecting the data, the edge server fuses
the readings and obtains an estimation of the factory workshop’s
temperature. The fusion results are sent to the cloud server every
10 min. We focus on the data transmission amount between the
edge server and the cloud server, and the storage space needed
to store the data in the cloud server. As presented in Fig. 4,
our framework can greatly decrease both the data transmission
amount and the size of storage space. This can be explained
by the fact that the raw data are preprocessed before being out-
sourced to the cloud server. In the prototype system, six sensor
nodes are employed and the edge server receives six readings
per second. Therefore, without our framework, the cloud server
needs to store six readings per second in average and in our
scheme it needs to store only one reading per second. In the-
ory, the data transmission amount and the storage space of our
scheme is about 1/6 to that of the original scheme. Simulation
result in Fig. 4 proves the correctness of the theoretically analy-
sis. The data transmission amount is slightly larger than that of
the storage space because of the heads of the packages which
contain some basic information about the packages.
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
4526 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 10, OCTOBER 2018
Fig. 4. Data transmission amount and storage space.
Fig. 5. Synchronization time.
C. Synchronization Time
In the proposed framework, there is an interesting tradeoff
between the data preprocess time and data transmission time. We
employ the synchronization time to measure the time efficiency
of our framework and it is defined as the time interval between
the time point that the IIoT nodes get the readings and that of
the cloud server receives these readings. In this experiment, we
assume that once the edge server receives all the readings of a
time point, it immediately fuse the readings and send the fusion
results to the cloud server. Without our framework, the edge
server directly sends the received readings to the cloud server
piece by piece. To be fair, the encryption process of our scheme
is ignored. The total time consumption of data preprocessing
and transmission is presented in Fig. 5. It can be observed that
our scheme is much more time-efficient than the traditional
schemes. This is reasonable considering that six links between
the edge server and cloud server need to be built in the traditional
schemes and in our scheme only one link is built. In addition, it
can be observed that fusing the data consumes very little time
compared with that of transmitting the data.
D. Data Retrieval Efficiency
The index structure is designed to efficiently retrieve the in-
terested data in an extremely large database. We employ the
simulation rather than experiments to thoroughly evaluate the
effectiveness of the RF tree and the ID-AVL tree considering
Fig. 6. Search proportion of the RF tree and ID-AVL tree.
Fig. 7. Search time of the RF tree and ID-AVL tree.
that the data generated by our sensors are too simple. We first
evaluate the performance of the RF tree and ID-AVL tree in 2-D
and 3-D feature vector spaces. The length of each feature vector
is normalized to 1 and each element in a vector is a nonnegative
number. As a consequence, all the vectors in 2-D space locate
on a quadrant. All the vectors are uniformly randomly gener-
ated. In addition, we employ the search proportion to measure
the search efficiency and it is calculated by the number of the
searched paths to all the paths in the tree. Each simulation is re-
peated for ten times and the results are presented in Fig. 6. It can
be observed that a large portion of the search paths are pruned in
the process of data retrieval. In addition, the search proportion
gradually decreases with the increasing of the number of feature
vectors. Apparently, the search proportion of ID-AVL is much
lower than that of the RF tree and it is about O(log(N)) vectors
need to be scanned as discussed in Section IV-C.
We further employ a real dataset: the Enron Email Data Set
[33] to test the search efficiency. The term frequency–inverse
document frequency (TF-IDF) model [34], [35] is used to gen-
erate the feature vectors of the emails. We compare the proposed
scheme with multi-keyword ranked search over encrypted data
(MRSE) and present the average search time on the cloud server
in Fig. 7. In MRSE, the feature vectors are stored in order and
each vector needs to be scanned for a time to get the search
result of a query. It can be observed that the search time in
MRSE scheme [23] linearly increases with the number of fea-
ture vectors in the cloud server. This is reasonable considering
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
FU et al.: SECURE DATA STORAGE AND SEARCHING FOR INDUSTRIAL IOT BY INTEGRATING FOG COMPUTING AND CLOUD COMPUTING 4527
that MRSE needs to scan all the feature vectors to find the search
result. The RF tree greatly increases the search efficiency be-
cause the RF vectors can lead the search request to the proper
feature vectors quickly. The ID-AVL tree performs the best be-
cause it is a balanced binary tree. In conclusion, our scheme
performs much better than MRSE in terms of search efficiency
no matter which search pattern is employed by the data users to
search the interested data.
E. Discussion
By basically testing the prototype system, it can be observed
that the proposed framework can significantly improve the data
storage efficiency of existing cloud-based data storage schemes.
Specifically, both the data transmission amount in the network
and data storage space in the cloud server are decreased. The
time consumption of data preprocessing in the edge server does
not significantly affect the synchronization time between the
edge server and cloud server. Moreover, our framework can
greatly improve the search efficiency compared with scanning
the database linearly. In summary, fog computing and cloud
computing together can provide secure and efficient data storage
for the IIoT. As a consequence, it is a trend to fuse these two
promising techniques.
VII. CONCLUSION
In this paper, a secure, flexible, and efficient data storage and
retrieval system is designed based on both the fog computing and
cloud computing techniques. The main challenges in terms of
data refinement, data organization, searchable encryption, and
dynamic data collection are summarized, and corresponding so-
lutions are also provided. Specifically, an RF tree is designed to
support efficient and accurate data retrieval and an index encryp-
tion scheme based on the secure kNN algorithm is proposed to
support privacy-preserving data search. A flowchart including
data mining and remote control is also presented from a wider
view. The functionalities of each module are discussed in detail
and some open issues are also given.
There are still many challenges in our framework. First, in this
paper, only two data retrieval manners are supported and how-
ever the data users may need more flexible data search methods.
Correspondingly, some new index structures need to be designed
and added into the framework. Second, before mining the data,
the data users need to first download the specific datasets and
generalize them for the privacy sake. An interesting open re-
search is privacy-preserving data mining in the cloud. Mature
homomorphic encryption schemes are urgently needed because
they can significantly improve the efficiency of our framework,
as the mining process can be directly operated on the encrypted
data by the cloud server.
REFERENCES
[1] L. D. Xu, “Enterprise systems: State-of-the-art and future trends,”
IEEE Trans. Ind. Informat., vol. 7, no. 4, pp. 630–640, Nov.
2011.
[2] L. Li, “Technology designed to combat fakes in the global supply chain,”
Bus. Horiz., vol. 56, no. 2, pp. 167–177, 2013.
[3] J. S. Fu, Y. Liu, H. C. Chao, and Z. J. Zhang, “Green alarm systems driven
by emergencies in industrial wireless sensor networks,” IEEE Commun.
Mag., vol. 54, no. 10, pp. 16–21, Oct. 2016.
[4] L. D. Xu, “Introduction: Systems science in industrial sectors,” Syst. Res.
Behav. Sci., vol. 30, no. 3, pp. 211–213, 2013.
[5] W. Zhang, Z. Zhang, and H. C. Chao, “Cooperative fog computing for
dealing with big data in the internet of vehicles: Architecture and hier-
archical resource management,” IEEE Commun. Mag., vol. 55, no. 12,
pp. 60–67, Dec. 2017.
[6] M. B. Mollah, M. A. K. Azad, and A. Vasilakos, “Secure data sharing and
searching at the edge of cloud-assisted internet of things,” IEEE Cloud
Comput., vol. 4, no. 1, pp. 34–42, Jan./Feb. 2017.
[7] S. Yi, Z. Hao, Z. Qin, and Q. Li, “Fog computing: platform and applica-
tions,” in Proc. 3rd IEEE Workshop Hot Topics Web Syst. Technol. Comput.
Soc., 2015, pp. 73–78.
[8] K. Ren, C. Wang, and Q. Wang, “Security challenges for the public cloud,”
IEEE Internet Comput., vol. 16, no. 1, pp. 69–73, Jan./Feb. 2012.
[9] S. Li, L. Xu, X. Wang, and J. Wang, “Integration of hybrid wireless
networks in cloud services oriented enterprise information systems,” En-
terprise Inf. Syst., vol. 6, no. 2, pp. 165–187, 2012.
[10] F. Tao, “A methodology towards virtualisation-based high performance
simulation platform supporting multidisciplinary design of complex prod-
ucts,” Enterprise Inf. Syst., vol. 6, no. 3, pp. 267–290, 2012.
[11] Q. Li, Z. Wang, W. Li, J. Li, C. Wang, and R. Du, “Applications integra-
tion in a hybrid cloud computing environment: Modeling and platform,”
Enterprise Inf. Syst., vol. 7, no. 3, pp. 237–271, 2013.
[12] L. Jiang, L. D. Xu, H. Cai, Z. Jiang, F. Bu, and B. Xu, “An IoT-oriented
data storage framework in cloud computing platform,” IEEE Trans. Ind.
Informat., vol. 10, no. 2, pp. 1443–1451, May 2014.
[13] M. Fazio, A. Celesti, A. Puliafito, and M. Villari, “Big data storage in the
cloud for smart environment monitoring,” Procedia Comput. Sci., vol. 52,
pp. 500–506, 2015.
[14] J. Kim, “Energy-efficient dynamic packet downloading for medical IoT
platforms,” IEEE Trans. Ind. Informat., vol. 11, no. 6, pp. 1653–1659,
Dec. 2015.
[15] M. Chiang and T. Zhang, “Fog and IoT: An overview of research oppor-
tunities,” IEEE Internet Things J., vol. 3, no. 6, pp. 854–864, Dec. 2016.
[16] E. Elmroth, P. Leitner, S. Schulte, and S. Venugopal, “Connecting fog
and cloud computing,” IEEE Cloud Comput., vol. 4, no. 2, pp. 22–25,
Mar./Apr. 2017.
[17] X. Masip-Bruin, E. Marı´n-Tordera, G. Tashakor, A. Jukan, and G. J. Ren,
“Foggy clouds and cloudy fogs: A real need for coordinated management
of fog-to-cloud computing systems,” IEEE Wireless Commun., vol. 23,
no. 5, pp. 120–128, Oct. 2016.
[18] M. Ma, P. Wang, and C. H. Chu, “Data management for internet of things:
Challenges, approaches and opportunities,” in Proc. IEEE Int. Conf. Green
Comput. Commun., IEEE Internet of Things, IEEE Cyber Phys. Soc. Com-
put., 2013, pp. 1144–1151.
[19] W. K. Wong, D. W. Cheung, B. Kao, and N. Mamoulis, “Secure kNN
computation on encrypted databases,” in Proc. ACM SIGMOD Int. Conf.
Manage. Data, 2009, pp. 139–152.
[20] S. K. Sharma and X. Wang, “Live data analytics with collaborative edge
and cloud processing in wireless IoT networks,” IEEE Access, vol. 5,
no. 99, pp. 4621–4635, Mar. 2017.
[21] Q. Huang, Y. Yang, and L. Wang, “Secure data access control with cipher-
text update and computation outsourcing in fog computing for internet of
things,” IEEE Access, vol. 5, no. 99, pp. 12941–12950, Jul. 2017.
[22] N. Choi, D. Kim, S. J. Lee, and Y. Yi, “A fog operating system for
user-oriented IoT services: Challenges and research directions,” IEEE
Commun. Mag., vol. 55, no. 8, pp. 44–51, Aug. 2017.
[23] N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, “Privacy-preserving multi-
keyword ranked search over encrypted cloud data,” IEEE Trans. Parallel
Distrib. Syst., vol. 25, no. 1, pp. 222–233, Jan. 2014.
[24] C. Chen et al., “An efficient privacy-preserving ranked keyword search
method,” IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 4, pp. 951–963,
Apr. 2016.
[25] B. Khaleghi, A. Khamis, F. O. Karray, and S. N. Razavi, “Multisensor
data fusion: A review of the state-of-the-art,” Inf. Fusion, vol. 14, no. 1,
pp. 28–44, 2013.
[26] H. Cai, B. Xu, L. Jiang, and A. V. Vasilakos, “IoT-based big data storage
systems in cloud computing: Perspectives and challenges,” IEEE Internet
Things J., vol. 4, no. 1, pp. 75–87, Feb. 2017.
[27] M. S. Dao, S. Pongpaichet, L. Jalali, K. Kim, R. Jain, and K. Zettsu,
“A real-time complex event discovery platform for cyber-physical-social
systems,” in Proc. ACM Int. Conf. Multimedia Retrieval, 2014, pp. 201–
208.
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
4528 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 10, OCTOBER 2018
[28] W. Wang and D. Guo, “Towards unified heterogeneous event processing
for the internet of things,” in Proc. 2012 3rd Int. Conf. IEEE Internet
Things, 2012, pp. 84–91.
[29] R. A. P. D. Almeida, M. Blackstock, R. Lea, R. Calderon, A. F. D. Prado,
and H. C. Guardia, “Thing broker: A twitter for things,” in Proc. 2013 ACM
Conf. Pervasive Ubiquitous Comput. Adjunct Publ., 2013, pp. 1545–1554.
[30] M. Wu, L. Tan, and N. Xiong, “Data prediction, compression, and recov-
ery in clustered wireless sensor networks for environmental monitoring
applications,” Inf. Sci., vol. 329, pp. 800–818, 2016.
[31] T. Zhang, R. Ramakrishnan, and M. Livny, “BIRCH: An efficient data
clustering method for very large databases,” ACM SIGMOD Rec., vol. 25,
no. 2, pp. 103–114, 1996.
[32] G. Adelson-Velsky and E. Landis, “An algorithm for the organization
of information,” USSR Acad. Sci., vol. 146, pp. 263–266, 1962. English
translation by Myron J. Ricci in Soviet Math. Doklady, vol. 3, pp. 1259–
1263, 1962.
[33] W. W. Cohen, Enron Email Data Set, 2015. [Online]. Available:
https://www.cs.cmu.edu/∼./enron/
[34] C. D. Manning, P. Raghavan, and H. Schu¨tze, Introduction to Information
Retrieval, vol. 1. Cambridge, U.K.: Cambridge Univ. Press, 2008, no. 1.
[35] Z. Xia, X. Wang, X. Sun, and Q. Wang, “A secure and dynamic multi-
keyword ranked search scheme over encrypted cloud data,” IEEE Trans.
Parallel Distrib. Syst., vol. 27, no. 2, pp. 340–352, Feb. 2016.
Jun-Song Fu received the B.S. degree in com-
munication engineering from Beijing Jiaotong
University, Beijing, China, in 2012, where he is
currently working toward the Ph.D. degree in the
Key Laboratory of Communication and Informa-
tion Systems.
His research interests include in-network data
processing, secret sharing and information pri-
vacy issues in distributed systems and Internet
of things.
Yun Liu received the M.S. and Ph.D. degrees
in electronics and communication engineering
from Beijing Jiaotong University, Beijing, China,
in 1989 and 2004, respectively.
She is a Professor of communication and in-
formation systems with Beijing Jiaotong Univer-
sity, Beijing, China; the Dean of the Department
of Communication Engineering, Beijing Jiaotong
University; the Director of the Key Laboratory
of Communication and Information Systems,
Beijing Municipal Commission of Education; and
the Director of the Institute of Network Consensus Security, Beijing Jiao-
tong University. In addition, she is an Evaluation Expert of State Scientific
and Technological Reward, State Natural Sciences Fund in Communi-
cation, National High Technology Research and Development Program.
She has authored/coauthored more than 300 research papers. She is
conducting research in wireless network security and privacy, Internet of
things and cloud computing security.
Dr. Liu is a Fellow of the Institution of Engineering and Technology
(IET), U.K.
Han-Chieh Chao (SM’04) received the M.S. and
Ph.D. degrees in electrical engineering from Pur-
due University, West Lafayette, IN, USA, in 1989
and 1993, respectively.
He is a joint appointed Distinguished Pro-
fessor of the Department of Computer Science
and Information Engineering and Electronic En-
gineering of National Ilan University (NIU), I-Lan,
Taiwan. He has been serving as the President
since August 2010 for NIU as well. He has au-
thored or coauthored five books and about 400
refereed professional research papers. His research interests include
high-speed networks, wireless networks, IPv6-based networks, digital
creative arts, e-Government and digital divide.
Dr. Chao was an Officer of Award and Recognition for IEEE Taipei
Section from 2010 to 2012 and a Fellow of the Institution of Engineering
and Technology (IET).
Bharat K. Bhargava (F’93) received the Ph.D.
degree in electrical engineering from Purdue
University, West Lafayette, IN, USA, in 1974.
He is a Professor of computer science with
Purdue University, West Lafayette, IN, USA. He
conducts research in security and privacy issues
in distributed systems and sensor networks. This
involves identity management, trust and privacy,
secure routing in internet and mobile networks
and dealing with malicious hosts, adaptability to
attacks, controlled data dissemination, and ex-
perimental studies.
Prof. Bhargava is the Editor-In-Chief of three journals and serves on
more than ten editorial boards of international journals. He is the Founder
of the IEEE Symposium on Reliable and Distributed Systems, IEEE Con-
ference on Digital Library, and the ACM Conference on Information and
Knowledge Management. He has authored or coauthored hundreds of
research papers. He was a recipient of five best paper awards in addition
to the Technical Achievement award and Golden Core award from IEEE.
Zhen-Jiang Zhang (M’14) received the Ph.D.
degree in communication and information sys-
tem from Beijing Jiaotong University, Beijing,
China, in 2008.
Since 2008, he has been an Assistant Profes-
sor with the Department of Electronic and Infor-
mation Engineering, Beijing Jiaotong University.
He has authored or coauthored about 60 profes-
sional research papers. His research interests
include wireless sensors networks techniques,
including multisource data fusion, security and
privacy, routing and energy management.
Authorized
licensed use limited to: Norges Teknisk-Naturvitenskapelige
Universitet. Downloaded on April 12,2021 at 08:09:52 UTC from IEEE
Xplore. Restrictions apply.
学霸联盟