A Survey on Cryptographic Security and Information Hiding Technology for Cloud or Fog-Based IoT System

: Internet of Things (IoT) is an emerging paradigm involving intelligent sensor networks that incorporates embedded technology for collecting data, communicating with external environments. Recently, cloud computing together with fog computing has become an important research area of the Internet of Things because of big data processing capabilities. It is a promising technology that utilizes cloud or fog computing / architecture to improve sensor computing, storage, and communication capabilities. However, recently it has been shown that this computing/architecture may be vulnerable to various attacks because of the openness nature of the wireless network. Therefore, it becomes more and more important to ensure the security and privacy in these scenes. Encryption security and information hiding technology can provide authentication, confidentiality, integrity, anti-eavesdropping, availability and so on for these computing models or architectures. The purpose of this review is to look for original articles with novel ideas and solutions to address encryption security and information hiding technologies in cloud or fog-based Internet of Things systems. We hope this review will provide an opportunity for scientists, researchers and industry engineers to study original manuscripts and know developments in all aspects of security, privacy, trust, and covert communication issues in cloud or fog computing/architecture Internet of Things systems.


Related applications based on Cloud or Fog
Nowadays, since the Cloud and Fog technology can provide new paradigms for the development of distributed, heterogeneous and complex systems that are characterized by large storage space, large amounts of data, high-end computing capabilities and interoperable networks, a system based on Cloud or Fog can provide different conveniences for IoT [Arfat, Aqib, Mehmood et al. (2017)]. In this section, we will analyze the application of cloud and fog in the IoT.

Related applications based on the Cloud
In the IoT, because of the storage and computing limitations of related devices as well as the big data processing requirements, cloud computing or cloud architecture are brought into IoT applications. Dí az et al. [Díaz, Martí n and Rubio (2016)] present a survey of integrated components: cloud platforms, cloud infrastructures, and the middleware of IoT. At the same time, they also introduce existing data analytics techniques and integration proposals as well as address open research issues and challenges. Although cloud computing and the IoT are two distinct technologies, they have become an integral part of our lives. The adoptions of both become increasingly common, making them an important part of the future Internet. The new paradigm of combining cloud computing with the IoT is seen as a breakthrough for some application scenarios. Botta et al. [Botta, de Donato, Persico et al. (2016] pay their attention to the integration of Cloud and IoT, forming a paradigm called Cloud IoT. Beginning with an analysis of the fundamentals of the IoT and cloud computing, they discuss their complementarities and describe in detail the factors driving their integration. Moreover, they identify some open issues and future directions in this field, which provide the prospect of the Future Internet. Adopting the concept of combination of content-based image retrieval (CBIR) technology and cloud storage technology, Xia, Zhihua et al. [Xia, Lu, Qiu et al. (2019)] present a secure retrieval scheme for encrypted images in the YUV color space, which can help cloud users quickly access images and ensure the privacy of images. Stergiou et al. [Stergiou, Psannis, Kim et al. (2018)] also combine cloud computing with the IoT to discover the benefits of integration. They think the integration can restrict and eliminate the need of hardware equipment and have some features such as energy efficiency, computationally capable. They also present security issues in IoT and Cloud Computing integration. Younas et al. [Younas, Awan, Ghinea et al. (2018)] introduce new developments in cloud computing in the IoT. They speculate the cloud computing can provide new service level in the fields of enterprise, education, science, research and government organizations in the future. The work of Boukerche et al. [Boukerche and De Grande (2018)] combine cloud computing with the emerging vehicle network in the IoT to form a vehicular cloud that will facilitate intelligent transportation systems. Considering content-based image retrieval (CBIR) has been widely studied along with the increasing importance of images in daily life. Xia et al. [Xia, Xiong, Vasilakos et al. (2017)] propose a scheme dealing with the outsourcing of CBIR on the cloud servers. It supports CBIR over the encrypted images without revealing the sensitive information to the cloud server. Sheltami et al. [Sheltami, Shahra and Shakshuki (2018)] point out that cloud computing and its service models (SaaS, PaaS, and IaaS) and their features (such as on-demand services, fast resilience and scalability) still have many problems that prevent some applications from taking advantage of this computing paradigm. The latency, the long distance between the terminal and the cloud server may be the biggest problem for some real-time applications, such as online games and content delivery. As a new paradigm, fog computing can solve some problems of the cloud computing. Aazam et al. [(Aazam, St-Hilaire, Lung et al. (2016)] point out that the Fog is a localized form of the Cloud that underlies IoT. By analyzing the behavior of nodes and estimating resources, it can provide solutions to those applications requiring fast response times and minimizing latency in the IoT. Mutlag et al. [Mutlag, Ghani, Arunkumar et al. (2018)] introduce the advantages of fog computing in detail. Taking the field of medical care as an example, they analyze that fog computing is more suitable for real-time, high response time and low delay applications. Vehicular ad-hoc networks (VANETs) are the symbolic applications of realizing the intellectualized city using IoT concept. Kai et al. [Kai, Cong and Tao (2016)] describe the growing interest about fog computing in VANETs due to the special requirements of mobility, location awareness and low latency of VANETs. The integration of fog computing and VANETs can provide more services at the edge of an IoT. This integration deploys highly virtualized computing and communication facilities near mobile vehicles so that these vehicles can obtain services with low latency and short distance connections through fog computing. The paper also introduces current research status and prospects of fog computing in VANETs. Khan [Khan (2016)] investigate security threats and corresponding security issues. They analyze and categorize the existing security problems and possible solutions in the literature. By the comparison of the different threats faced by the different cloud platforms, various intrusion detection and prevention frameworks are suggested to solve security problems. It also analyzes the security mechanism between trusted cloud computing and cloud service providers. In addition, the future direction is put forward for cloud security and its possible countermeasures. Yang et al. [Yang, Han, Huang et al. (2018)] propose a new scheme called FREDP (File Remote Keying Encryption and Data Protection). The proposal involves three party interactions between mobile terminals, private cloud and public cloud. Private clouds share ciphertext files to the public cloud until the mobile terminal and trusted third-party private clouds complete the encryption of plaintext files using a remote keying encryption algorithm. In order to ensure the security of mobile terminals when using data, as a third party, private cloud periodically verifies the integrity of data in the public cloud. Finally, the mobile terminal and the private cloud decrypt the ciphertext file, allowing the mobile terminal users to use the data. Potey et al. [Potey, Dhote and Sharma (2016)] focus on the security of data storage in the Cloud. They use fully homomorphic encryption formats to keep data. These data are stored in the DynamoDB of the public cloud of Amazon Web services (AWS). The data processes are performed on encrypted form in public cloud and the result of data process can be downloaded on the client machine. In this proposal, user's data will never be stored in the public cloud in plain text so that it ensures user's data security. The work of Praveen et al. [Praveen, Kumar and Pja (2018)] makes a comprehensive investigation of various existing key policies and ciphertext policy attributes based encryption schemes using access structures and multi-privilege algorithms. In addition, the author also discusses the encryption of policy attributes of encrypted text, such as hiding strategy, proxy encryption, revocation mechanism and encryption based on hierarchical attributes. This paper proposes a new attribute based on encryption method. Singh et al. [Singh and Raman (2018)] propose a reversible data hiding scheme based on Shamir's secret sharing, which performs legal ownership verification in the encrypted domain. It blurs the cover information by spreading the information among random stocks and embedding owner-specific secret information into some encrypted stocks before outsourcing the media information to the cloud server.

Benarous et al. [ Benarous and
Kadri 201] provide a way to protect security, privacy, and authentication on future Vehicular Ad hoc Networks (VANETs) in terms of resource sharing and on-board cloud deployment. This approach effectively improves the security of cloud computing over VANET. The convenience of cloud computing has attracted smart campus to outsource their huge amount of data to cloud servers. Although the outsourcing of data can reduce the computational and storage burden on smart campus, the privacy preserving becomes the biggest concern. Xia et al. [Xia, Ma, Shen et al. (2018)] propose an effective and practical privacy-preserving computation outsourcing protocol for the local binary pattern (LBP) feature over huge encrypted images.

Encryption security and information hiding technology in fog computing
In Wang et al.'s [Wang, Zhang, Bhuiyan et al. (2018)], a hierarchical trust mechanism based on fog is proposed to solve the defects of trust mechanism in order to solve these network security defects. Moreover, the scheme performs well in saving network energy, quickly detecting malicious nodes and recovering misjudged nodes. Wang et al. [Wang, Wang and Domingo-Ferrer (2018)] propose the concept of anonymity and security aggregation schemes (ASAS) in fog-based public cloud computing. They not only use pseudonyms to hide and protect the identity of terminal devices, but also use homomorphic encryption technology to ensure data security. Wang et al. [Wang, Liu and Sun (2017)] propose a secure, privacy-preserving navigation scheme using fog-based VANET onboard space crowdsourcing. Fog nodes are used to generate and release crowdsourcing tasks, and to collaborate with finding the best route according to the real-time traffic information collected by vehicles in their coverage area. At the same time, vehicles carrying out crowdsourcing tasks can be reasonably rewarded. When the query vehicle enters its coverage area, the navigation results can be retrieved from each fog node in turn. And the next fog node can be reached according to the best route until it reaches the desired destination. The scheme satisfies the security and privacy requirements of authentication, confidentiality and conditional privacy protection. Some encryption primitives, including Elgamal encryption algorithm, AES, random anonymous credentials and group signatures, achieve this goal. Piao et al. [Piao, Shi, Yan et al. (2018)] propose a framework for differentiated privacy in the publication of government statistics based on fog computing. On this basis, a data publishing algorithm using MaxDiff histogram is developed, which can be used to protect user privacy based on fog computing. Applying differential method, Laplace noise is added to the original data set, and even if the attacker gains strong background knowledge.It can also prevent citizens' privacy leakage. According to the maximum frequency difference, the adjacent data boxes are grouped, and then a differential privacy histogram with minimum mean error is constructed.

The security of integration of cloud and fog
Because cloud computing, fog computing and the IoT all have their own security problems, the cloud or fog-based IoT system which combines them may also have similar security problems in cloud computing, fog computing and the IoT. Based on cloud or fog, there are security problems in the IoT system. Stergiou et al. ] regard there are many security and privacy holes in providing more green and sustainable computing to protect the ability of cloud computing (CC) infrastructure to process data in fog. A new cloud computing system is proposed, which integrates the IoT as the basic scenario of big data. In addition, the article tries to build a framework to protect network security and improve security. The proposed solution is to install a security wall between cloud servers and the Internet in order to eliminate privacy and security issues. Bousselham et al. [Bousselham, Abdellaoui and Chaoui (2017)] ensure security and privacy, a new security approach is designed using software-defined network (SDN) technology, using pseudonyms, key management, and revocation lists to provide authentication, confidentiality, integrity, and availability. Chen et al. [Chen, Lin, Castiglione et al. (2016)] protect the anonymity of passengers and ensure the robustness of payment systems, a new smart card-based MoD payment solution is proposed for mobile cloud authorized public transport systems, which not only ensures the anonymity of passengers, but also uses personal trust devices to protect passengers. Sensitive information so that he can enjoy multimedia content during long travel. Hussain et al. [Hussain, Rezaeifar, Lee et al. (2015)] propose a novel security and privacy-aware service called traffic information at the top of the cloud computing stack to prevent opponents from abusing user privacy and/or building profiles for target users. In addition, for location confidentiality and privacy, a novel location-based encryption technology is proposed, which can prevent internal and external attackers from manipulating the content of messages. In addition, the proposed TIaaS retains conditional privacy, and with the help of an effective revocation mechanism, revocation agencies can revoke any node in case of dispute. Libing et al. [Wu, Chen, Choo et al. (2018)] propose an efficient and secure searchable encryption protocol using the active gate permutation function (TPF). The protocol is designed for cloud-based IoT (also known as the "Internet of Things"), such as cloud computing on the battlefield and military clouds. Compared with other existing SE protocols, the proposed SE protocol has lower computational cost.

Conclusion
Through the above article, we discuss the security issues of cloud or fog-based (IoT) systems, including (1) Using pseudonyms, key management and revocation lists to provide authentication, confidentiality, integrity and availability. (2) Install safety wall to eliminate privacy and safety problems. (3) Ensure the anonymity of users based on smart cards. (4) Key technologies such as data encryption and hiding technology. This paper briefly analyzes the current research situation in various technical fields, and discusses the issues needing further study in view of the existing problems. Therefore, in the cloud or fog-based IoT system, we need to learn more from the security problems and solutions of each individual in the three to enhance the security of cloud or fog-based IoT system. The future of cryptographic security and information hiding technology in cloud or fogbased (IoT) systems will depend on the following areas: (1) The expansion of application patterns: providing "cloud or fog security components". (2) Encryption technology advances: protection of user privacy authentication, confidentiality, integrity, and availability.