Privacy-Preserving Data Aggregation against False Data Injection Attacks in Fog Computing

As an extension of cloud computing, fog computing has received more attention in recent years. It can solve problems such as high latency, lack of support for mobility and location awareness in cloud computing. In the Internet of Things (IoT), a series of IoT devices can be connected to the fog nodes that assist a cloud service center to store and process a part of data in advance. Not only can it reduce the pressure of processing data, but also improve the real-time and service quality. However, data processing at fog nodes suffers from many challenging issues, such as false data injection attacks, data modification attacks, and IoT devices’ privacy violation. In this paper, based on the Paillier homomorphic encryption scheme, we use blinding factors to design a privacy-preserving data aggregation scheme in fog computing. No matter whether the fog node and the cloud control center are honest or not, the proposed scheme ensures that the injection data is from legal IoT devices and is not modified and leaked. The proposed scheme also has fault tolerance, which means that the collection of data from other devices will not be affected even if certain fog devices fail to work. In addition, security analysis and performance evaluation indicate the proposed scheme is secure and efficient.


Introduction
In recent years, cloud computing has developed rapidly with its advantages of ultra-large-scale storage, powerful computing power, high scalability, and low cost [1]. Any company or individual can access cloud computing servers through a payment mode [2][3][4][5][6]. At the same time, with the advancement of computer technology and the development of big data, artificial intelligence, and the Internet of Things (IoT), the demand for data interaction analysis for mass terminals has rapidly increased [7][8][9]. Under the circumstances, all data files are uploaded to the cloud for processing, which will be given cost and performance pressures to the network. Especially for IoT, it is difficult to meet the low latency requirements of real-time processing [10,11]. In 2012, Cisco proposed the concept of "fog computing" in [12] to address the high latency, the lack of support for mobility and location awareness of cloud computing. The idea is to transfer some of the storage and calculation operations on the cloud to the infrastructure device, that is, fog node, which belongs to the edge network. In other

Related Work
In 2004, the International Telecommunication Union (ITU) expanded the concept of the IoT: Interconnections at any time, anywhere, arbitrary objects, ubiquitous networks and ubiquitous computing [45]. Cisco [12] pointed that the Internet of Things as a delay-sensitive application, which requires high real-time performance. In the era of the Internet of Everything, a new platform called fog computing is needed to support it. The author considered fog computing as a new application and service, and that there is a fruitful interaction between cloud and fog, especially in data management and analysis. In simple terms, the fog is a cloud close to the ground.
In IoT, in order to reduce communication costs, it is essential to aggregate individual IoT device's data at associated fog device. In the previous researches, some privacy-preserving data aggregation schemes [10,26,27,30,37,46] are related to our PDAF scheme. In addition, blockchain technologies have been used for realizing fair payment in cloud computing and fog computing [47][48][49]. Zhang et al. [27] designed a privacy-preserving communication and power injection scheme over vehicle networks and 5G smart grid slice based on the Paillier encryption. In the scheme, a novel aggregation technique called hash-then-homomorphic is used to aggregate the blinded bids of different time slots. Mahmoud et al. [30] adopted two data different aggregation schemes using point addition and homomorphic encryption. Shen et al. [37] proposed a privacy-preserving multilevel user's data aggregation and control scheme, it extended the previous one-dimensional data aggregation to two dimensions and is more suitable for practical application environments. Zhou et al. [46] also proposed a multidimensinal data aggregation scheme and is fault-tolerant. However, Zhang et al. [26] considered the EPPI scheme based on point addition is safer and more efficient. In fact, EPPI guarantees that privacy will not be leaked even if all entities in the actual application scene are dishonest. But the EPPI scheme is not fault-tolerant. Although the above schemes are suitable for fog computing-enhanced IoT, they cannot aggregate all hybrid IoT devices' data into a single ciphertext. For fog computing-enhanced IoT, Lu et al. [10] designed a lightweight privacy-preserving data aggregation scheme which is secure and fault-tolerant, but the third-party trusted authority in this system will inevitably increase the communication overhead of the system. Different from the above schemes, in PDAF, the third-party trusted authority is not needed and data privacy is still preserved. We use the modified Paillier encryption to enable the fog device to aggregate hybrid IoT devices' data into a single ciphertext and keep it fault-tolerant.

Our Contribution
In PDAF, we have made improvements based on the Paillier homomorphic encryption scheme, each IoT device can generate two secret key and a blinding factor to mask its sensitive data, and it sends the masked data to the related fog node based on wireless network. Upon receiving packets from all hybrid IoT devices, the control center can only obtain the total within the limited range instead of directly reading data of a single IoT device. Because of the blinding factor, the control center also can correctly decrypt the aggregated data in the event that an IoT device fails to send messages to the fog device. In fact, the proposed PDAF scheme is fault-tolerant. In the second place, the PDAF scheme realizes privacy protection. We notice that the fog device and the control center are curious about the sensitive data to be reported by a single IoT device or the aggregated data by the fog device. In PDAF, the attacker will not get any privacy about the user, nor can it forge or change the ciphertext to be sent to the fog device. In addition, an efficient batch verification method is adopted in order to verify the signatures of multiple users instead of verifying one by one and the computation overhead of the fog device is reduced.

Organization
The remaining of this paper is organized as follows. In Section 2, we introduce our system model and review some preliminary knowledge. Then, we describe the proposed PDAF scheme in detail in Section 3. Next, we give the security and privacy analysis of the proposed PDAF scheme in Section 4, followed by performance evaluation in Section 5. Finally, in Section 6, we draw our conclusions.

Models and Security Requirements
In this section, we formalize our system model, adversary model, security requirements and design goal, and give a brief review on preliminary knowledge which will serve as the building blocks of the proposed PDAF scheme.

System Model
As shown in Figure 1, the considered system model of PDAF includes a control center, some fog devices at the network edge, and some hybrid IoT devices, which each hybrid IOT device involves a set of heterogeneous IoT devices U = {HID 1 , H ID 2 , ..., H ID n }.
• Control center. During communication, the control center generates system parameters and is responsible for registration of fog devices and IoT devices. It also collects all IoT devices data (m 1 , m 2 , ..., m n ) via fog devices periodically and analyzes the data replied by fog devices. Please note that CC cannot directly get m i (1 ≤ i ≤ n) which containing the user's privacy.
In addition, when an IoT device fails to send a message, it is also necessary to make the aggregation of other users' information unaffected. where, the control center communicates with the IoT devices via the Internet network. • Fog devices. A fog device is also a fog node and is the most critical part of the fog computing between the hybrid IoT devices and the control center. Fog devices can be memory routers, small servers or smart phones that are deployed at the edge network. In PDAF, the fog device will forward data packets from the control center to IoT devices in their jurisdictions, aggregate all IoT devices' data, and discover faulty IoT devices and report to control center for countermeasures. • Hybrid IoT devices. With sensing and communication capabilities, the IoT devices HID i (i = 1, 2, ..., n) are deployed at an area in need and enable to periodically report its sensing result m i to control center through the relevant fog device.

Adversary Model
In the proposed PDAF scheme, we assume all the entities are "honest-but-curious". More specifically, they can legitimately do their assigned tasks, but are also curious about the privacy of IoT devices, such as the control center that can intercept data from a single IoT device to gain private information about the device owner and other financial benefits information. Please note that although the entities are "curious", they cannot collude. Similarly, each IoT device also wants to know the data of other IoT devices to determine if it is profitable. In addition, certain IoT devices may fail and stop to report for some time. Here, we assume that each IoT device can only send packets within this fog computing coverage area. It is also possible that an attacker resides between an IoT device and the control center and tries to establish two scert keys such that the IoT device and the control center seems to communication directly. In addition, some IoT attackers and outsiders are also interested in other sensitive information in the fog computing. In PDAF, we focus on the privacy-preserving data aggregation, in which false data injection attacks and data modification can be prevented.

Security Requirements and Design Goal
Considering the IoT and fog computing practical application environment, in order to prevent from these attackers getting sensitive data of IoT devices, our scheme should meet the following security requirements: (1) Privacy Protection. Even if the attacker intercepts the communication data transmitted on the insecure channel, it cannot obtain the sensitive data of the IoT devices. The control center can decrypt the aggregated data but cannot get the individual information of a single device.
(2) Non-Repudiation and Unforgeability. The control center and the fog devices can verify the received data packets to ensure that the data packets come from the legal unit and has not been tampered, that is, the proposed scheme can defeat the false injection attack and detect the malicious attack. Besides, the adversary should not impersonate the control center, the fog devices, or the IoT devices.
Under the considered system model and security requirements, our design goal is to propose a privacy-preserving data aggregation scheme based on homomorphic encryption in fog computing. First, private data of IoT devices cannot be compromised. Second, the proposed scheme should be fault-tolerant. When certain IoT devices fail to work, they should be detected by the associated fog device and reported to the control center. Third, the control center and the fog device are able to authenticate the received packets to make sure that the packets have not been modified during the transmission and are really from legal IoT devices. Finally, if the proposed scheme effectively reduces the amount of channel transmission and improves the data processing efficiency of each entity, then the proposed scheme will be more practical.

Proposed PDAF Scheme
In this section, we propose a privacy-preserving data aggregation scheme based on homomorphic encryption in fog computing, which consists of the following parts: preliminaries, system initialization, data collection request, hybrid IoT devices report, privacy-preserving aggregated data generation, privacy-preserving aggregated data decryption, and fault tolerance mechanism. Figure 2 summarizes the six phases of the proposed scheme. The details are given in the following:

Preliminaries
In this subsection, we give a brief review of bilinear pairings and the Paillier encryption algorithm.

Paillier Encryption Algorithm
Paillier encryption is a homomorphic encryption algorithm that consists of three algorithms: key generation, encryption, and decryption. The special as follow: • Key Generation: Given a safety parameter κ, choose two large primes p and q, where | p |=| q |= κ, compute N = pq and λ = lcm(p − 1, q − 1), define the function L(u) = u−1 N , select the generator g ∈ Z * N 2 and get the public key pk = (N, g) and the secret key λ. • Encryption: Given a message M ∈ Z N , a random number r ∈ Z * N and calculate the ciphertext  iii sk H C ID ID T r P TS

System Initialization
(1) System parameters generated: In the system parameters generation stage, the control center (CC) selects the security parameter κ and generates (q, P 0 , G 1 , G 2 ,ê) by running gen(κ). Then, CC selects g as a generator of Z * N 2 , the security parameter κ 1 and two safe large prime numbers p, q. Computing a homomorphic encryption public key pair (N = p 1 q 1 , g) and the corresponding private key λ = lcm(p 1 − 1, q 1 − 1). Next, CC defines a function L(x) = x−1 N and chooses five secure cryptographic hash functions, q , H 4 : G 1 → Z * q and a random element sk cc as its secret key and calculates PK cc = sk cc P 0 as its public key. Finally, CC publishes the public parameters { (q, P 0 , G 1 , G 2 ,ê, N, H, H 1 , H 2 , H 3 , H 4 }. (2) Registration: -Fog Devices Registration.
The fog device (FD) chooses a random element sk f d as its secret key and calculates PK f d = sk f d P 0 as its public key. Choosing random number x ∈ Z * q and calculating secret key and calculates PK i = sk i P 0 as its public key. HID i Chooses random number where, ID i is the identity of the hybrid IoT device. Then, HID i sends the parameters {PK i , α i , β, ID i } to CC. After receiving the parameters {PK i , α i , β, ID i }, CC verifies whether the equation If passed, CC publishes the public parameters {PK i , ID i }, otherwise, refused to register.
(3) Blinding Factor Generated: After completing the registration, CC runs pseudo-random generator and generates n random numbers φ i ∈ Z N as a blinding factor for HID i under each FD region and computers φ 0 = −(φ 1 + φ 2 + ... + φ n mod N) as FD's blinding factor. Please note that φ i and φ 0 are satisfied ∑ n i=0 φ i ≡ 0 mod N. Then, CC sends φ 0 to the registered FD, and sends φ i to the registered HID i .

Data Collection Request
In PDAF, the control center can collect data from related fog devices during every time slot T s . To be specific, CC sends data collection request (Data_Req) packet that contains parameters {ID cc , ID f d , T s , r cc P 0 , TS, σ cc } to fog devices. Where, ID cc and ID f d is the identity of the control center and fog device respectively. Please note that r cc ∈ Z * q is a random number, each IOT device uses the secret key r cc P 0 to establish a one-time key shared with the control center. Timestamp TS and σ cc = sk cc H 2 (ID cc ID f d T s r cc P 0 TS) will be used for verifying by the fog devices. Then, the fog device runs the following steps after receiving the Data_Req packet: (1) According to the difference between the current time and the timestamp TS, FD checks the freshness of Data_Req packet. (2) FD verifies the signature by computing if ê (σ cc , P 0 ) = ê (H 2 (ID cc ID f d T s r cc P 0 TS), PK cc ) holds. (3) If the above equation holds, FD randomly chooses r f d ∈ Z * q , calculates r f d P 0 , puts r f d P 0 in the packet Data_Req, and broadcasts the packet that contains parameters {ID f d , ID CC , T s , r f d P 0 , r cc P 0 , TS, σ cc } in its area. Please note that r f d P 0 is used by hybrid IOT device HID i covered by the fog device in establishing a one-time key shared with the fog device.

Hybrid IoT Devices Report Generation
After receiving the packet Data_Req, hybrid IoT device HID i will report its sensing data m i to fog device at time slot T s . Specific steps are as follows: (1) The hybrid IoT device HID i chooses r i ∈ z * q , computers r i P 0 which is used by ID f d in establishing a shared one-time key between itself and the related fog device.
(2) HID i computes two shared keys as k i = H 1 (ê(PK cc , sk i r i r cc P 0 )), k i = H 1 (ê(PK f d , sk i r i r f d P 0 )), which will be used for hiding HID i 's sensing data m i . (3) HID i masks its sensing data m i and computes ciphertext C i and signature σ i , where Then HID i sends data collection reply Data_Rep packet that contains parameters {C i , ID i , ID f d , T s , r i P 0 , TS, σ i } to fog devices.

Privacy-Preserving Aggregated Data Generation
Upon receiving the Data_Rep packet, the fog device runs the following steps: ê(P 0 , Note that using the above verification method, the number of bilinear pairs can be reduced from 2 n/2 to n/2 + 1. Similarly, FD verifies the following equation. If it holds, the number of bilinear pairs also drops from 2 n/2 to n/2 + 1. (2) If the step 1 is verified, the fog device calculates Then, It runs the following data aggregation operations and get the aggregate ciphertext C and the corresponding signature σ, the specific process are as follows:

Privacy-Preserving Aggregated Data Decryption
Upon receiving the fog device reply packet Data_Rep, CC first verifies the Data_Rep to ensure the packets' authenticity and integrity according to the following equation: If it does hold, then CC calculates k i = H 1 (ê(PK i , sk cc r cc r i P 0 )) = H 1 (ê(PK f d , sk i r i r cc P 0 )).
Finally, it uses the private key λ to decrypt the aggregated ciphertext C by calculating

Fault Tolerance Mechanism
If some hybrid IoT devices breakdown, FD will not receive n Data_Rep packets. Then this phenomenon will directly affect the main features of the blinding factor, and ∑ i∈U i /U i φ i + φ 0 = 0 mod N, which will affect the correctness of the final data decryption. Where, U i means the set of all legitimate hybrid IoT devices and U i means the set of failed hybrid IoT devices (U i ∈ U i ).
FD needs to send the set U i to control center. After receiving the set U i , CC computes and replies to FD. After receiving H (T s ), computing At this time, in aggregated data decryption stage, CC uses the private key λ to decrypt the aggregated ciphertext C by calculating.

Security and Privacy Analysis
In this section, we give the security and privacy analysis of the proposed PDAF scheme.

Privacy Protection
Based on the Paillier encryption algorithm, in the hybrid IoT devices report generation stage, the sensitive data m i was blinded and the secret key k i and k i were added in the Paillier encryption algorithm to get the ciphertext C i = g m i +k i +k i H(T s ) φ i mod N 2 , HID i sends C i to the associated gateway instead of m i directly. Without the private key, it is infeasible to decrypt ciphertexts. Even if the adversary gets the data packet sent by tapping the wireless IoT device or the wireless communication channel, without knowing k i , k i and λ, the adversary cannot know the sensitive data m i because of these secret keys cannot be computed. Despite the control center has the secret key k i and λ, it cannot get k i , and thus cannot decrypt C i to recover m i . Similarly, the fog device is also unable to read sensitive data m i without k i and λ. In fact, k i = H 1 (ê(PK cc , sk i r i r cc P 0 )) and k i = H 1 (ê(PK f d , sk i r i r f d P 0 )) are computed by HID i . It is worth noting that the fog device only calculates k i = H 1 (ê(PK i , sk f d r f d r i P 0 )) = H 1 (ê(PK f d , sk i r i r f d P 0 )) at the privacy-preserving aggregated data generation phase and the control center only calculates k i = H 1 (ê(PK i , sk cc r cc r i P 0 )) = H 1 (ê(PK f d , sk i r i r cc P 0 )) at the privacy-preserving aggregated data decryption phase.
In the data aggregation stage, the aggregation operation by the fog device is performed in a ciphertext manner. For the control center, it only has the aggregated data M = L(C λ mod N 2 ) L(g λ mod N 2 ) mod N − ∑ n i=1 k i and just gets the data sum ∑ n i=1 m i . Even if an adversary has intruded into the control center database, privacy of a single device cannot be obtained. Like this, the individual sensing data privacy is still preserved.

Non-Repudiation and Unforgeability
In the proposed PDAF scheme, the private key is also used to sign the data packet to be sent by each entity before sending the message. Then, the data packet is verified based on the sender's public key. Although the process can be realized by homomorphic signatures and the verification method used in database [50][51][52][53], the efficiency is very low. In PDAF, it is ensured that adversaries cannot forge a new signature by eavesdropping on signed messages and thus cannot implement forgery attacks. In other words, the entities' private keys are properly kept by themselves, their messages sent has non-repudiation. Our program has the ability to discover the dishonest behavior of entities.
If the traditional one-to-one verification method is used, assuming that there are k signatures to be verified, a total of 2k bilinear pairing operations are required. To improve verification efficiency, we use a batch verification method. As described in step 1 of Section 3.2.4, k signatures are randomly assigned to equal-sized sets S 1 and S 2 , where |S 1 | = k 2 , |S 2 | = k 2 . Then the signatures in S 1 and S 2 are respectively verified, that is Based on the above batch verification method, the number of bilinear pairing operations is reduced from 2k to 2( k 2 + 1), and hence the efficiency of the algorithm is improved. Note that, the verification method can resist forgeries. For example, if the adversary aims to generate a forgery by computing In this case, the greatest probability that the adversary forges a valid signature is Obviously, when k is large enough, the above probability is negligible.

Performance Evaluation
In this section, the performance of the proposed PDAF scheme is evaluated in terms of the computation costs and communication overhead at the IoT devices, the fog device, and the control center.

Computation Cost
The proposed PDAF scheme achieves the privacy-preserving aggregation for hybrid IoT devices, in order to analyze this scheme more accurately, in terms of computation costs, we assume that there are n IoT devices associated with a fog device and will focus on measuring the time required for performing the cryptographic operations in the proposed scheme. where, we denote the computation costs of an exponentiation operation in G 1 , an exponentiation operation in G 2 , an exponentiation operation in Z * N 2 , a multiplication operation in Z * N 2 , a bilinear pairing operation and a Paillier decryption operation with T e 1 , T e 2 , T e Z , T m Z , T p , T pai , respectively.
For the control center, in order to generate a data collection request, CC needs to calculate r cc P 0 and σ cc = sk cc H 2 (ID cc ID f d T s r cc P 0 TS) which need 2T e 1 computation costs. In privacy-preserving aggregated data decryption phase, CC checks if ê(P 0 , σ) = ê(PK cc , H 2 (C ID f d ID cc T s r f d P 0 TS), computers k i = H 1 (ê(PK i , sk cc r cc r i P 0 )) and recovers the aggregated data M respectively involves 2T p , T p + T e 2 and T pai computation costs. Therefore, in time slot T s , the computation cost for the control center is 3T p + 2T e 1 + T e 2 + T pai . For the fog device, it needs (n + 5)T p + (n + 1)T m Z + 2T e 1 + 2T e Z + T e 2 computation costs. Specifically, FD checks if ê (σ cc , P 0 ) = ê (H 2 (ID cc ID f d T s r cc P 0 TS) needs 2T p + T e 1 . After receiving all the Data_Rep of HID i , (1 ≤ i ≤ n), the computation of the authenticity and integrity of n Data_Rep based on batch verification involves (n + 2)T p . To compute k i = H 1 (ê(PK i , sk f d r f d r i P 0 )), ) · H(T s ) φ 0 mod N 2 and σ = sk f d H 2 (C ID f d ID cc T s r f d P 0 TS), (T p + T e 2 ), ((n + 1)T m Z + 2T e Z ) and T e 1 are needed respectively. In PDAF, the computation costs for each hybrid IoT device is 2(T p + T e 2 + T e Z + T e 1 ). In fact, the computation costs for the secret key k i = H 1 (ê(PK cc , sk i r i r cc P 0 )), k i = H 1 (ê(PK f d , sk i r i r f d P 0 )) involves 2(T p + T e 2 ). To protect private information, HID i needs 2T e Z computation costs for the ciphertext C i = g m i +k i +k i H(T s ) φ i mod N 2 . To compute σ i = sk i H 2 (C i ID i ID f d T s r i P 0 TS), one T e 1 is needed. We represent the computation costs in Table 1.

Computation Costs
For the comparison with PDAF, in the following, we consider a traditional scheme, where all IoT devices blinded data C i are not aggregated into a ciphertext C by the fog device. Under this setting, for n IoT device data, the total computation cost of the control center will increase by (n − 1)T pai over the PDAF. The computation comparison is shown in Figure 3. Obviously, our PDAF scheme largely reduces the computation cost for the control center. In addition, in the security model of paper [10], a trusted third party is considered because the control center and fog devices are honest-but-curious which may be affected by malicious attacks. Based on the trusted third party, the security of the system is guaranteed, but the communication and computation overhead is high. In [30], although there is not a trusted third party, we find that the control center may be affected by undetected malwares and hence violates a single user's data. It is possible to obtain sensitive information based on the private key λ, and the data aggregation scheme based on Paillier homomorphic encryption cannot completely protect sensitive information because the control center has the private key λ. In our proposed scheme, it is worth mentioning that the third-party trusted authority is not considered. In fact, the control center and fog device in PDAF are also honest-but-curious, but there is no risk of privacy leakage similar to [30].

Communication Overhead
In PDAF, we respectively denote the communication overhead of control center to fog devices (CC-to-FD), fog device to hybrid IoT devices (FD-to-HID), hybrid IoT devices to fog device (HID-to-FD) and fog device to control center (FD-to-CC) by l c f , l f h , l h f , and l f c . In addition, then, we define the size of each identity as 2 bytes, 4 bytes for T s or time stamp TS, the length of the Paillier ciphertext is 2048 bits. Let G 1 be a 160-bit elliptic curve and the length of the signature is 160 bits. Firstly, in the control center to fog device communication, the length of Data_Req = {ID cc , ID f d , T s , r cc P 0 , TS, σ cc } is 52 bytes, that is l c f = 52. In the fog device to hybrid IoT device communication, the Data_Req packet is of the form {ID f d , ID cc , T s , r f d P 0 , r cc P 0 , TS, σ cc } and l f h = 72. In the hybrid IoT device to fog device communication, the data collection request response Data_Rep of HID i (1 ≤ i ≤ n) contains C i , ID i , ID f d , T s , r i P 0 , TS, σ i and it length l h f = 308 bytes. To reduce the communication overhead, the aggregated signature and ciphertext are sent to the control center by the fog device, which only need 275 bytes. The response message is of the form {C, ID cc , ID f d , T s , {r i P 0 } 1<i<n , TS, σ} and the size is l f c = 288 + 20n bytes where n is the number of hybrid IoT device. The communication overhead is listed in Table 2. Alternatively, if the traditional scheme is adopted, for n IoT device data, the length of l f c will increase to 288 + 256n bytes. As shown in Figure 4, we further show the change of the communication overhead with the hybrid IoT devices number n. It is shown that the PDAF scheme obviously reduces bandwidth usage and communication overhead for the FD-to-CC communication.
In summary, the proposed PDAF approach is privacy-preserving and efficient in terms of the computation cost and communication overhead.

Conclusions
In this paper, we have proposed a privacy-preserving data aggregation scheme based on the Paillier homomorphic encryption in fog computing and called PDAF. The idea realizes many security requirements such as privacy protection, non-repudiation, and unforgeability. The data aggregation technology based on homomorphic encryption not only can effectively protect the privacy of hybrid IoT devices but also can reduce the communication overhead of the system and improve the work efficiency of control centers and fog nodes. To improve the efficiency of data integrity checking, an efficient batch verification technology in use. In addition, blinding factor technology is also applied to our scheme, which makes the idea has better fault tolerance. Through analyzation of security and performance, the proposed scheme is reliable and efficient.