Skip to main content

Advances, Systems and Applications

ES-PPDA: an efficient and secure privacy-protected data aggregation scheme in the IoT with an edge-based XaaS architecture


In an Internet of Things (IoT) system based on an anything as a service (XaaS) architecture, data are uploaded from heterogeneous nodes in a nonstandardized format and aggregated on the server side. Within this data-intensive architecture, privacy preservation is one of the most important issues. In response to this concern, there are numerous privacy-protection data aggregation (PPDA) solutions available for various IoT applications. Because of the limited resources of intelligent IoT devices, traditional PPDA cannot meet practical privacy and performance needs. To tackle this challenge, we provide a more efficient and secure PPDA solution that guarantees data security and integrity through Paillier homomorphic encryption and online/offline signing technology. Detailed security analysis shows that our system is unpredictable under a chosen message attack, and the data integrity may be guaranteed under the assumption of q-strong Diffie-Hellman (Q-SDH). We choose an M/G/1 priority queue model to maximize system performance. M/G/1 enhances queuing efficiency and accelerates channel access, thus reducing waiting time and increasing reliability. The experimental results show that our data aggregation scheme is reliable with low latency.


The Internet of Things (IoT) brings together “things” in the physical world. The traditional IoT model is cloud-based, with end devices solely responsible for data collection. Cloud-based subscription models are evolving to offer greater flexibility and efficiency to meet strong business demand. Anything as a service or everything as a service, also known as X as a service (XaaS), is a platform for SaaS, PaaS, and IaaS. XaaS provides built-in services such as software, networks, platforms, security services, and applications. XaaS also offers high cloud storage capacity and dynamic resource allocation, which reduces enterprise burden. XaaS maximizes performance while minimizing latency at peak loads. New XaaS models allow users to lease cloud resources on demand without having to purchase ownership and can be flexibly expanded upon request at a later stage. Cloud-based XaaS can guarantee a uniform format of different data sources after downloading, which is conducive to setting industry standards. XaaS holds great potential for smart services such as smart grids [1], smart healthcare [2], smart cities [3], and vehicle detection. However, due to bandwidth limitations and limited hardware resources, a traditional cloud-based paradigm can be difficult to accommodate, particularly for real-time services. Hence, edge-based XaaS has been increasing [4]. As shown in Fig. 1, data are collected via sensors and routed to edge servers for local aggregation, sharing, and extraction. The data are then forwarded to the cloud for final processing. Edge servers can be considered preprocessing units that deliver efficient local services using a combination of cloud servers. Thus, the consumption of physical resources can be significantly reduced.

Fig. 1
figure 1

Data aggregation in an edge-based XaaS architecture

Physical objects connected to an XaaS IoT based on the periphery operate on devices with limited resources and require effective communication protocols to enhance energy efficiency. Traditional internet status transfer protocols, such as REST, utilize event-based frameworks to minimize the number of messages sent. In an edge-based XaaS IoT, heterogeneous applications use these standards and protocols for aggregating edge-side data. Organizations such as OpenIoT, the AllSeen Alliance, and the IPSO Alliance are working to standardize communication protocols to ensure interoperability among vendor islands. The IoT in smart cities focuses on using light protocols, such as CoAP and XMPP, to connect sensor interfaces to physical supports. Organizations such as the IETF and the XMPP are working on expanding CoAP and XMPP. However, these efforts seek to improve protocols rather than provide integrated solutions.

Edge-based XaaS devices are vulnerable due to their distributed nature, which allows more attack paths for both internal and external attackers. Some devices are not completely reliable, revealing user privacy. Put another way, edge-based XaaS undermines the confidentiality, accuracy, and robustness of data aggregation protocols. External attackers can spy on communication channels between the entities involved, alter messages on the network, falsify signatures, or even launch rebroadcasting attacks.

In response to this concern, many privacy protection data aggregation (PPDA) systems have been suggested. Most use homeomorph cryptosystems to implement specific functions, such as summative computation, to ensure the privacy of data in transit. Other measures have been considered to improve the safety of the PPDA, such as dimensional reduction, data integrity verification, and random noise techniques.

However, existing PPDA regimes present practical difficulties.

  • Frequent data transfer is normal for an XaaS system based on the edge [4]. When performing live data processing tasks, high communication latency is not acceptable.

  • Authentication and validation of data sources are essential to prevent attackers from falsifying, altering, and replaying messages and signatures. However, authentication and validation require the support of edge devices, making it difficult to implement them in resource-constrained IoT devices [5].

In what follows, to address the above challenges, efficient and secure privacy-protection data aggregation (ES-PPDA) is suggested. ES-PPDA considers both security and efficiency. In ES-PPDA, the heavy computational costs associated with data integrity operations can be drastically reduced through online/offline signing mechanisms. The main contributions are summarized as follows:

  • Paillier homomorph encryption and online/offline signing are used to ensure data security and integrity.

  • A detailed security analysis is presented.

  • An M/G/1 priority queue model is utilized to optimize system performance. M/G/1 improves queuing efficiency and speeds up channel access, thus reducing wait time and increasing reliability. Experimental results show that ES-PPDA is reliable with low latency

The remaining content is organized as follows: Related work section reviews related work; Preliminaries section introduces background information; Proposed scheme section proposes the ES-PPDA scheme; Security analysis section carries out security analysis; Performance optimization section optimizes the scheme; Experiments section conducts performance testing; and Conclusion section concludes.

Related work

Recently, the aggregation of privacy data (PPDA) has received growing attention in areas such as smart grids [6] and vehicle detection systems [7, 8]. Some earlier work has considered uploading using homomorph cryptosystems [9, 10]. Subsequently, to further enhance the ability to protect privacy, it is necessary to add blind factors in the encryption steps, thus making them resistant to internal attacks [11, 12]. To prevent malicious aggregators, hatch hash [13] and random noise technology are introduced into PPDA schemes to ensure data integrity in the encrypted message forwarding process [14]. However, these systems do not consider the cost of designing a cryptosystem [15].

Recently, researchers have focused on reducing the cost of computing cryptographic operations in conventional PPDA systems [16]. By anticipating the demand for electricity in a smart grid system, a light and secure system was proposed. It can effectively meet safety and privacy requirements and further reduce the indirect costs of communications. An improved version for IoT fog computing systems allows multidimensional data to be compressed into composite dummy data and the early injection at the fog nodes can be filtered. Researchers have proposed a system for classifying and aggregating privacy data for vehicle sensor systems that resist data link attacks [17]. A PPDA scheme presuming that several locally authenticating accreditation bodies can be anonymous, a dual trap chameleon hash-based online/offline signing and verification method, was proposed [18]. The scheme proposed in [19] protects data privacy by hiding data transfers between the cloud and edge servers. The scheme proposed in [20] used RSA and RC4 to generate a key, which achieves higher security in the image. Recently, there have been data aggregation optimizations, for example, using a hybrid metaheuristic algorithm, i.e., a whale optimization algorithm (WOA) and simulated annealing (SA) algorithm, to select the optimal CH in an loT network cluster [21]; optimizations based on LSTM models [22]; and reducing network latency by increasing time slots and reducing the power consumption through weighted load balancing [23] (Table 1).

Table 1 Comparison of data aggregation schemes


This section presents several definitions and notations used in ES-PPDA schemes, including bilinear pairings, Paillier homomorph cryptosystems [24], online/offline signing, and security definitions.

Bilinear pairings

G and GT are two cyclic groups, g is the generator of group G, and p is the prime order. e : G × G → GT, satisfying [25]:

  • e(ua, vb) = e(u, v)ab, where u, vG, a, bZp;

  • \(e\left(g,g\right)\ne {1}_{G_T}\),

  • e(u, v) is computable, where u, vG.

Definition 1(q-strong Diffie-Hellman problem (q-SDH)). x is a random element in Zp. For\(\left(g,{g}^x,{g}^{\left({x}^2\right)},\dots, {g}^{\left({x}^q\right)}\right)\), and pair (m, ∑x), where mZp. The q-SDH is defined as an (q, t, ε) problem:

$$\Pr \left[A\left(g,{g}^x,\dots, {g}^{\left({x}^q\right)}\right)=\left(m,{\sum}_x\right),m\in {Z}_p^{\ast}\right]<\varepsilon$$

Paillier homomorph cryptosystem

A Paillier homomorph cryptosystem satisfies addition and multiplication homomorphism.

  1. (a)

    Key generation algorithm

    • Step 1 Pick two large prime numbers at random that satisfy gcd(pq, (p − 1)(q − 1)) = 1.

    • Step 2 Compute n = pq and λ =  lcm (p − 1, q − 1).

    • Step 3 Define \(L(x)=\frac{x-1}{n}\)

    • Step 4 Randomly select an integer g less than positive n2, and there existsμ = (L(gλmod n2))−1mod n.

    • Step 5 The public key is (n, g), and the private key is (λ, μ).

  2. (b)


    • Assume m is plaintext, 0 < m < n

    • Step 1 Select a random number r,0 < r < n, and gcd(r, n) = 1.

    • Step 2 Encrypt: c = gm ∙ rnmod n2

  3. (c)


    • Compute m = L(cλmod n2) ∙ μ mod n

Online/offline signing

The double trapdoor chameleon hash (DTCH) function is usually used for implementing online/offline signing. For the generator g1 of a prime number p1 and \({G}_{p_1}\), select two trapdoor keys \(y,z\in {Z}_{p_1}^{\ast }\). Then, compute hash: \({H}_{ch}\left(r,s,u\right)={g}_1^r{g}_2^r{g}_3^r\), where \({g}_2={g}_1^y\), \({g}_3={g}_1^y\). The DTCH function has the following properties [26]:

  • Computability: For pkG and the triad (r, o, o) Zp, Hch(r, s, u) can be computed in polynomial time.

  • Anti-collision: If a key is missing, two hash pairs (r1, s1, u1), (r2, s2, u2) cannot be found such that r1 ≠ r2 and Hch(r1, s1, u1) = Hch(r2, s2, u2).

  • Valve collision: Given Hch and (pk, sk), hash pair (r1, s1, u1) and additional message r2Zp, such that Hch(r1, s1, u1) = Hch(r2, s2, u2). First, a random u2 (or s2) is selected, and the value of u2 (or s2) can be calculated in polynomial time by s2 = ((r1 − r2) + (u1 − u2)y + s1z)z−1 or u2 = ((r1 − r2) + (s1 − s2)y + u1z)z−1.

Based on the above properties of the DTCH function, online/offline signing can be built using five algorithms:

  • Setup: When the security parameter 1λ is entered, it returns a public key Verpk and a private key Sigsk.

  • The offline signing algorithm turns off ∑off and St on the input signing key Sigsk.

  • If Verpk and ∑off are entered, it returns a valid ∑off value. Otherwise, reject is output.

  • Sign.on: Returns the online signing token ∑on input Sigsk, status information St, and message m.

  • Ver.on: When Verpk is entered, message M is displayed and returns accept. Otherwise, it returns reject. The signature of m is defined as ∑ = (∑on, ∑off).

Security rule

Definition 2 (Unforgeable). The mechanisms are unforgeable if under a chosen message attack, which can be considered an attacker challenge game. Suppose an opponent A can query trailers (sigon(sk, Sti, mi), sigoff(sk)) multiple times, where Stiis the status information of the signer [27]:

  • Initiation: Challenger C generates public/private keys (pk, sk) from 1k. Then, pk is given to Α.

  • query: The opponent requests and the challenger C replies with \({\sum}_i^{off}\) to the opponent, while the status information Sti is stored by itself. Assume that the opponent can make up to q1 queries at this stage.

  • Sign.on query: The opponent requests and the challenger C uses the Sti to calculate the online signature and then returns \({\sum}_i^{on}\) to the opponent. Assume that the opponent can make a maximum of q2 queries at this stage.

  • Forgery: Opponent A generate (m, ∑) and forward to C. The challenger C checks by Veron(pk, m, ∑). If the signature is valid, output 1 (success); otherwise, output 0 (failure).

The existing advantages of forging opponent A’s signature are as follows:

$${Adv}_A=\Pr \left[\begin{array}{l}{Ver}_{on}\left( pk,{m}^{\ast },{\sum}^{\ast}\right)=1:\left( pk, sk\right)\leftarrow \\ {} KeyGen\left({1}^k\right),\left({m}^{\ast },{\sum}^{\ast}\right)\leftarrow {A}^{\left({\sum}^{off},{\sum}^{on}\right)}\end{array}\right]$$

Proposed scheme

The notations used in this section are listed in Table 2.

Table 2 Notations and symbols

System model

The ES-PPDA system model is shown in Fig. 2 and consists of four components: cloud servers, edge servers (ESs), smart IoT devices (SDs), trust agencies (TAs) (or other control centers, (CCs)) [28].

Fig. 2
figure 2

ES-PPDA system model

A TA boots the entire system and distributes critical information and system parameters. When the configuration is finished, the TA disconnects.

A CC collects data packets from the edge. It then sends responses to the edge server (see steps 10, 11, and 12 in Fig. 2). The CC also offers registration services for the XaaS IoT.

An ES acts as an aggregator that processes encrypted data from an SD, and forwards and communicates between the CC and SD (see steps 8, 9, and 13 in Fig. 2). The ES also performs integrity verification (see steps 4 and 7 in Fig. 2).

An SD collects private data generated by sensors and transmits it to the CC in encrypted form via an ES (see steps 2, 3, 5, and 6 in Fig. 2).

Note: since an SD is typically a resource-constrained device, it cannot effectively carry out computationally complex privacy-protected data aggregation processes, particularly cryptography operations involved in data integrity mechanisms. This has led to the exploration of a lightweight/efficient PPDA optimization that supports edge-based XaaS architectures.


The proposed ES-PPDA scheme proceeds as follows:

  1. a)


    • Setup(k, k1) → (SPpub, msk): When two security parameters (k, k1) are input, it outputs SPpub and the master key msk.

  2. b)


    • Register(Xi, ki) → (αi, βi): When random Xi and blind factor ki are set, the output verifies public key Yi and registration knowledge (αi, βi).

    • \(Sign. off\left(y,z,{s}_i,{u}_i\right)\to \left( St,{H}_{ch_i},{\sum}_i^{off},{Ver}_{on}\right)\): When inputting random (y, z) and (si, ui), it outputs St, \({\sum}_i^{off}\) and Veron.

  3. c)

    Report Generation

    • \(Ver. off\left({Ver}_{pk},{\sum}_i^{off}\right)\to {b}_1\): When the input is Verpk and \({\sum}_i^{off}\), it outputs b1 {0, 1}, where b1 = 1 indicates that the offline verification result is accepted and b1 = 0 indicates that it is rejected.

    • Encrypt(PKp, mi, vi) → ci: When PKp, the message mi, and the integer vi are input, the output is the encrypted report ci.

    • \(Sign. on\left({c}_i, St,{s_i}^{\hbox{'}}\right)\to {\sum}_i^{on}\): For input (ci, St, si'), the output is an online signature \({\sum}_i^{on}\).

  4. d)

    Report Summary

    • \(Ver. on\left({\sum}_i^{on},{Ver}_{on}\right)\to {b}_2\): For input Veron and \({\sum}_i^{on}\), the output is b2 {0, 1}, where b2 = 1 indicates that the online verification result is accepted, and b2 = 0 indicates that the online verification result is rejected.

    • Aggregate(ci) → c: Output the aggregation result.

    • Sign. Agg(Xi, c) → (Yi, ∑Agg): For input c and Xi, it outputs the aggregate signature public key Yi and the aggregate signature ∑Agg.

  5. e)

    Report Reading

    • Ver. Agg(Yi, ∑Agg) → b3: For input Yi and ∑Agg, it outputs b3 {0, 1}, where b3 = 1 indicates that the verification result of aggregation is accepted, and b3 = 0 indicates that the verification result of aggregation is rejected.

    • Recover. Agg(c) → m: Output m.

  6. f)


    • \(\mathrm{Reponse}\left(e{\left({g}_1,{g}_1\right)}^{\overset{\sim }{\alpha }},\overset{\sim }{\beta },Q,Y,{M}_R\right)\to \left(\overset{\sim }{C_1},\overset{\sim }{C_2},\overset{\sim }{C_3}\right)\): For \(\overset{\sim }{\beta },Q\), public key \(\left(e{\left({g}_1,{g}_1\right)}^{\overset{\sim }{\alpha }},Y\right)\) and response message MR, the output is response ciphertext \(\left(\overset{\sim }{C_1},\overset{\sim }{C_2},\overset{\sim }{C_3}\right)\).

    • \(\mathrm{Recover}.\mathrm{Res}\left({ak}_i,\overset{\sim }{C_1},\overset{\sim }{C_2},\overset{\sim }{C_3}\right)\to {M}_R\): For input response ciphertext \(\left(\overset{\sim }{C_1},\overset{\sim }{C_2},\overset{\sim }{C_3}\right)\) and authorization key aki, the output is response message MR.

Security claims

We assume that both the TA and CC are completely trustworthy. The ES may be partly trustworthy, that is, it will not manipulate the sensitive user data, but may reveal personal information in the grouping process. Furthermore, the external opponent A threatens the data integrity and carries out attacks. It can spy on the transmitted data or invade the server in the ES and CC to steal the processed data. The opponent can actively falsify the signature of the data report and further damage the integrity of the data.

Security analysis

In what follows, we examine system security in terms of authentication, confidentiality, and privacy protection.


In ES-PPDA, we integrated Schnorr’s extended signature method into the recording step, which turned out to be safe under the discrete logarithmic hypothesis. The explanation is as follows:

$${g}_1^{\beta_i}{Y}_i^{H_2\left({\alpha}_i\right)}={g}_1^{\left({r}_i-{X}_i{H}_2\left({\alpha}_i\right)\right)}\cdot {g}_1^{X_i{H}_2\left({\alpha}_i\right)}={g}_1^{r_i}={\alpha}_i$$

An attacker cannot tamper with recording without knowing the true identifier of SDi, the IDi, because the IDi is obtained using hashing (Hi) and is a secret. Furthermore, although an attacker can steal the true identifier IDi of SDi, it still cannot obtain ri because ri is further hidden by a randomly selected blind factor ki, thus assuring that Xi is secure. Therefore, our scheme proves that the SD-CC authentication is secure.


We use the Paillier cryptosystem to encrypt all sensory data and aggregate encrypted text based on additive homomorphism. Confidentiality is assured based on the following three points.

First, SDi ‘s private data mi are encrypted as \({c}_i={g}^{m_i}\cdot {v_i}^n\operatorname{mod}{n}^2\). The Paillier cryptographic system is semantically secure under CPA based on q-SDH and does not reveal sensitive information.

Second, when aggregating reports, the ES cannot retrieve every individual’s full text, and the ciphertext received is aggregated as \(c={g}^{\sum_{i=1}^{\omega }{m}_i}\cdot {\left(\prod \limits_{i=1}^{\omega }{v}_i\right)}^n\operatorname{mod}{n}^2\). Therefore, the confidentiality and privacy of user data can be guaranteed even when the ES is not trusted.

Finally, let us assume that an outside attacker could spy on the entire communication channel SDi to the CC and simultaneously obtain a single ciphertext ci, aggregated ciphertext c, and plaintext m but still cannot recover a single plaintext mi. All plaintext is compressed through the process of aggregating reports. In summary, the confidentiality and privacy of each SDi ‘s private data can be well protected.

Integrity and unforgeability

In the proposed scheme, we develop a signing method that reduces the cost of calculation while ensuring data integrity. Here, we show that our system is robust under a chosen message attack. Because of definition 2, without asking for an Oracle token EZ online signature, an opponent may not counterfeit any probabilistic polynomial-time pair (m, ∑).

Performance optimization

Suppose we have N heterogeneous sensor nodes within an l × l region (i.e., rectangular industrial subunit). The data captured by the sensors fall into two categories: normal data (ND) and event data (ED). Low priority P1 nodes generate ND packets, and high priority Ph nodes generate ED packets when the value exceeds its threshold. Suppose that each node only supports one type of data, i.e., ND or ED. Similarly, M of N nodes send high-priority packets, namely, Ph packets, while the rest send only low-priority packets, namely, P1 packets. Network topologies are considered static for a certain period. The gateway and cloud center are expected to be connected via broadband wireless links, and latency and packet loss are negligible.

Sensor nodes are connected to the channel (CH) aggregator. Nodes, including CH and gateway, have child–parent relationships. All sensor nodes within a single CH compete for the respective parent node access channel for link resources. The data generated from the end node are aggregated to the CH and then forwarded to the gateway. Gateways and CHs are located in specific areas and generally have greater electrical power than sensor nodes. A CH can retrieve application-specific information, including priority and location. The waiting time for each priority depends upon the scheduling policy that the CH has adopted.

The M/G/1 queue method accommodates the randomness of devices for measuring network performance, including throughput, waiting time, packet loss rate, and resource consumption [29]. The M/G/1 queue system with priority may be divided into nonrepetitive and preemptive queue models. For nonrepetitive package planning, when the lower priority package starts to run, the ongoing task continues even though the top priority packet hits the queue. Additionally, the package should wait in the queue until the task for the package is complete. However, in scheduling priority packages, higher priority packages are handled first, and lower priority packages may be preemptive by backing up their context if the task has already been run. We propose to use an M/G/1 to CH priority queue model.

Priority data partitioning is built by the application layer taking into account the parameters of the MAC layer depending on industrial requirements and network conditions. IEEE 802.15.4 uses the carrier-sense multiple access with collision avoidance (CSMA/CA) conveyor to access wireless channels. However, it does not suit delayed industrial applications because it does not have priority characteristics and delayed intervention [30]. In industrial IoT systems, flow control, process monitoring, and fault detection subsystems must have media access mechanisms that are sensitive to delays and priorities.

Figure 3 shows a sequence diagram of various nodes in competition for channel access depending on the priority of the nodes. All packets in the lower priority queue need not be processed until the higher priority queue is blank. The Ph node still has a short, fixed withdrawal period, more frequent channel access detection, and many retreats. However, Pl nodes use longer, random withdrawal times, fewer detection frequencies, and shorter withdrawal times. Moreover, the clear channel assessment (CCA) detection time of a Pl node is more continuous than the CCA and Ph node removal period.

Fig. 3
figure 3

Channel access priority

CSMA/CA behavior is influenced by various MAC settings, such as minimum and maximum withdrawal indexes (macMinBE), the maximum withdrawal indexes (macMaxBE), the initial values of competing windows (CW), and the maximum backoffs (macMaxCSMABackoffs). The different values of these MAC settings significantly affect the performance of an IoT network. Instead of having to configure the same CSMA/CA parameter values (i.e., low priority and high priority) for both traffic types, each category may have its attributes assigned to it. This study defines [macMinBEh, macMaxBEh] and CWh as the high-priority nodes backoff window value interval and competition, and [macMinBEl, macMaxBEl] and CWl are defined as the values of low-priority nodes. In addition, by specifying different CSCM/CA parameters, it is possible to implement prioritized scheduling to reduce channel access times for high-priority packets, as shown in Fig. 4.

Fig. 4
figure 4

CSMA/CA FIFO scheduling and priority scheduling

For data aggregation with priority, the M/G/1 queue model with priority maintains the data priority category. Packets with priority 𝑖 have arrival rates of λi, λi {1, 2, …, P}, and follow a Poisson distribution. A lower value of i indicates a higher priority packet type. Within the system model, the priority rule is implemented. This means that the arrival of the i-priority packet immediately precedes the lower priority data and obtains service access.

The wait time for i priority packets Wi is the queue time before the CH. The average remaining service time of existing service packets and the CH service time are represented by Ri and Si, respectively. The total system delay is given by the sum of the packet’s wait time and serve time. Little’s law states that the expected wait time for the i-th priority packet is:

$$E\left[{W}_i\right]=\frac{\sum \limits_{j=1}^i{\rho}_jE\left[{R}_j\right]}{\left(1-\left({\rho}_1+\cdots +{\rho}_i\right)\right)\left(1-\left({\rho}_1+\cdots +{\rho}_{i-1}\right)\right)}$$

Where ρi = λiE[Si], E[Si] is the expected service time, and E[Ri] is the expected time remaining. E[Si] and \(E\left[{D}_i^{sys}\right]\) are the expected service time of the i-th priority packet and the expected system delay in the i-th priority queue, respectively, which are calculated by the following formula:

$$E\left[\hat{s_i}\right]=\frac{E\left[{S}_i\right]}{\left(1-\left({\rho}_1+\cdots +{\rho}_{i-1}\right)\right)}$$

Furthermore, the second moment can be expressed in the following manner:



ES-PPDA’s performance is assessed based on the anticipated latency and reliability of the system, which is implemented in MATLAB. The simulation parameters are identified in Table 3.

Table 3 Simulation parameters

System latency

Figure 5 shows the package latency having different prioritization and the quantity of nodes. The latency for high/low-priority packets increases with the quantity of nodes, as aggregating more packets leads to longer service durations. The latency of low-priority packets is longer than that of high-priority packets because we have to take into account the disruption of all high-priority packets.

Fig. 5
figure 5

Expected system latency

Additionally, Fig. 6 compares the performance of the proposed priority scenarios against the nonpriority scenarios. Nonpriority regimes show similar curves, but the latency exceeds priority methods. In addition, because of the preferential channel access and the preemptive priority rule, a high-priority packet is free from interference from a lower packet, thereby reducing the expected system time.

Fig. 6
figure 6

Performance comparison of the proposed priority scheduling to nonpriority scheduling

System reliability

Our scheme is modeled as a K-size M/G/1 priority queue. Each queue receives packet data frames per second using Poisson’s arrival process of λ. The probability of packages being in the queue is:

$${p}_i=\frac{\rho^i}{\sum \limits_{j=0}^K{\rho}^j}$$

A sensor node may not be capable of sending packets to the CH, including (a) if the buffer is full, (b) if the node cannot find a free channel, or (c) if the packet is thrown past the retry limit. Considering these aspects, the reliability of the 𝜂 system can be calculated as follows:

$$\eta =\left(1-{p}_k\right)\left(1-{p}_{cf}\right)\left(1-{p}_{cr}\right),$$

where pk is the probability of the entire buffer with K frames, provided by Eq. (9), pcf is the packet loss resulting from channel access failure, and pcr is the packet collapse resulting from retry.

Figure 7 illustrates the relationship between reliability and the node number of the entire system that is observable and that the reliability of the network increases and diminishes the number of nodes. Due to the node number, each node in the queue congestion problems are conflicts become more frequent, more frequent and packet retransmission. Then, as the queue becomes busier and delayed longer, the possibility of frame loss is also increased due to conflicts, retry constraints, and link constraints. It should be noted that high-priority nodes have greater network reliability than low-priority nodes because of the use of the priority channel planning mechanism and the queue strategy.

Fig. 7
figure 7

Performance evaluation in terms of reliability

An IoT network typically involves many sensors for detection. In a high-density IoT network, resource-constrained end devices may be limited by packet delay and data conflict. The end devices typically contain various data flows and face various reliability requirements. This paper proposes a cloud-based delay reduction plan using preferential channel access and data aggregation at CHs. Furthermore, the combined effects of packet planning and aggregation are considered using a preemptive M/G/1 queue model. Experimental results have shown that the priority system has significantly decreased the wait time and increased the reliability of the nonpriority system. Then, the network emulator tool was used to analyze system performance in real IoT applications such as e-health and industrial automation.

A future IoT network is expected to support a wide range of heterogeneous equipment/sensors in areas such as e-health and industrial control. In high-density deployment scenarios such as an industrial internet system, reliable communication links with low latency are difficult because of the latency of the system involved. Using the information offered by the application, the data from IoT nodes of two types, the high-priority nodes and low-priority nodes, allocate different MAC layer properties to provide priority channel access mechanisms for data processing with the heart of the cloud. Then, before sending the aggregated data to the cloud, using a separate low-priority, high-level queue, the m/G/1 preemptive queue model is adopted. The results show that, in comparison with the nonpriority regime, the basic method proposed in this paper can significantly improve the timing and reliability of an IoT system.


In this paper, we propose a secure and efficient PPDA solution for IoT systems based on an XaaS architecture. Our scheme greatly reduces the time of resource consumption. In addition, by taking advantage of edge computing, ES-PPDA can effectively transfer complex cryptographic operations to ES while minimizing the real-time cost. We select an M/G/1 queuing model to optimize the system performance. This optimization can be applied to an XaaS architecture IoT, for example, a smart grid. Experimental results show that the scheme is unassailable under the security model we defined. Performance evaluation experiments proved that the scheme is lightweight and highly efficient. However, our approach is somewhat vulnerable to malicious users such as ESs. Subsequently, we plan to make our security model robust.

Availability of data and materials

The datasets generated during and/or analyzed during the current study are available from the corresponding author upon reasonable request.



Privacy-protection data aggregation


Internet of Things


Anything as a service


Edge server


Smart IoT device


Trust agency


Control center


q-strong Diffie-Hellman


Double trapdoor chameleon hash


Efficient and secure PPDA


Normal data


Event data




Carrier-sense multiple access with collision avoidance


Clear channel assessment


  1. Bonomi F, Addepalli R (2018) Fog computing and its role in the internet of things. ACM.

  2. Fredj SB, Boussard M, Kofman D, Noirie L (2013) A scalable IoT service search based on clustering and aggregation. In: IEEE international conference on green computing & communications & IEEE internet of things & IEEE cyber. IEEE Computer Society.

  3. Fan T, Chen Y (2010) A scheme of data management in the internet of things. In: IEEE international conference on network infrastructure & digital content. IEEE.

  4. Shi W, Jie C, Quan Z, Li Y, Xu L (2016) Edge computing: vision and challenges. Internet Things J IEEE 3(5):637–646

    Article  Google Scholar 

  5. Hattab G, Cabric D (2018) Performance analysis of uplink cellular IoT using different deployments of data aggregators. In: GLOBECOM 2018 - 2018 IEEE global communications conference. IEEE.

  6. Darzi S, Akhbari B, Khodaiemehr H (2022) Lpm2da: a lattice-based privacy-preserving multi-functional and multi-dimensional data aggregation scheme for smart grid. Clust Comput 25(1):263–278

    Article  Google Scholar 

  7. Yang Y, Zhang L, Zhao Y, Choo K, Zhang Y (2022) Privacy-preserving aggregation-authentication scheme for safety warning system in fog-cloud based vanet. IEEE Trans Inf Forensics Secur PP(99):1–1

    Google Scholar 

  8. Jastaniah K, Zhang N, Mustafa MA (2022) Privacy-friendly flexible iot health data processing with user-centric access control

    Google Scholar 

  9. Bohli JM, Skarmeta A, Moreno MV, Dan G, Langendorfer P (2015) SMARTIE project: secure IoT data management for smart cities. In: 2015 international conference on recent advances in internet of things (RIoT). IEEE.

  10. Jin J, Gubbi J, Marusic S, Palaniswami M (2014) An information framework for creating a smart city through internet of things. IEEE Internet Things J 1(2):112–121

    Article  Google Scholar 

  11. Khodadadi F, Calheiros RN, Buyya R (2015) A data-centric framework for development and deployment of internet of things applications in clouds. In: IEEE tenth international conference on intelligent sensors. IEEE.

  12. Fonseca J, Ferraz C, Gama K (2016) A policy-based coordination architecture for distributed complex event processing in the internet of things: doctoral symposium. In: The 10th ACM international conference. ACM.

  13. Chen Q, Ayong YE, Zhang Q, Huang C (2022) A new edge perturbation mechanism for privacy-preserving data collection in iot. Chin J Electron 32:1–12.

  14. Luo W, Bai G (2011) Ensuring the data integrity in cloud data storage. In: 2011 IEEE international conference on cloud computing and intelligence systems. IEEE.

  15. Wu J, Sheng X, Li G, Yu K, Liu J (2022) An efficient and secure aggregation encryption scheme in edge computing. China Commun 19(3):13

    Article  Google Scholar 

  16. Chen L, Fu S, Lin L (2022) Privacy-preserving swarm learning based on homomorphic encryption. In: International conference on algorithms and architectures for parallel processing. Springer, Cham.

  17. Dhinakaran D, Joe Prathap PM (2022) Ensuring privacy of data and mined results of data possessor in collaborative ARM

    Book  Google Scholar 

  18. Bowers KD, Juels A, Oprea A (2009) HAIL: a high-availability and integrity layer for cloud storage

    Book  Google Scholar 

  19. Wang T, Yang Q, Shen X, Gadekallu TR, Wang W, Dev K (2022) A privacy-enhanced retrieval technology for the cloud-assisted internet of things. IEEE Trans Industr Inform 18(7):4981–4989

    Article  Google Scholar 

  20. Vashishtha M, Chouksey P, Rajput D, Reddy S, Reddy P, Gadekallu T, Patel H (2021) Security and detection mechanism in IoT-based cloud computing using hybrid approach. Int J Internet Technol Secur Trans 11:436–451

    Article  Google Scholar 

  21. Iwendi C, Maddikunta PKR, Gadekallu TR, Lakshmanna K, Bashir AK, Piran MJ (2021) A metaheuristic optimization approach for energy efficiency in the IoT networks. Softw Pract Exper 51:2558–2571

    Article  Google Scholar 

  22. Iwendi C, Khan S, Anajemba JH, Bashir AK, Noor F (2020) Realizing an efficient IoMT-assisted patient diet recommendation system through machine learning model. IEEE Access 8:28462–28474

    Article  Google Scholar 

  23. Ponnan S, Saravanan AK, Iwendi C, Ibeke E, Srivastava G (2021) An artificial intelligence-based quorum system for the improvement of the lifespan of sensor networks. IEEE Sensors J 21(15):17373–17385

    Article  Google Scholar 

  24. Falk J, BJöRK S (2000) Privacy and information integrity in wearable computing and ubiquitous computing. Iso/iec Jtc1/sc29/wg11 Mpeg00/n3705, La Baule, New York, p 177.

  25. Pietro RD, Mancini LV (2003) Security and privacy issues of handheld and wearable wireless devices. Commun ACM 46(9):74–79

    Article  Google Scholar 

  26. Frikken KB, Joseph IV (2008) An efficient integrity-preserving scheme for hierarchical sensor aggregation. In: ACM conference on wireless network security. ACM.

  27. Chen F, Liu AX (2012) Privacy- and integrity-preserving range queries in sensor networks. IEEE/ACM Trans Networking 20(6):1774–1787

    Article  Google Scholar 

  28. Yang J, He S, Lin Y, Lv Z (2015) Multimedia cloud transmission and storage system based on internet of things. Multimed Tools Appl 76:1–16.

  29. Xu LD, He W, Li S (2014) Internet of things in industries: a survey. IEEE Trans Industr Inform 10(4):2233–2243

    Article  Google Scholar 

  30. Dastjerdi AV, Buyya R (2016) Fog computing: helping the internet of things realize its potential. Computer 49(8):112–116

    Article  Google Scholar 

Download references


The authors wish to acknowledge Prof. Yulin Wang for his help with the paper structure and methodology.


The research received no funds.

Author information

Authors and Affiliations



Quan Chen: data curation, formal analysis, investigation, and methodology. Liangshun Wu: software, validation, visualization, and writing. Congshi Jiang: conceptualization, ideas, funding acquisition, project administration, resource allocation, and supervision. All authors reviewed the manuscript. The author(s) read and approved the final manuscript.

Corresponding author

Correspondence to Congshi Jiang.

Ethics declarations

Competing interests

The authors declare no conflicts of interest.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, Q., Wu, L. & Jiang, C. ES-PPDA: an efficient and secure privacy-protected data aggregation scheme in the IoT with an edge-based XaaS architecture. J Cloud Comp 11, 20 (2022).

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: