Keywords

1 Introduction

The Internet of Mobile Things (IoMT), a subset of the Internet of Things, focuses on connecting mobile devices, such as smartphones, vehicles, and wearable devices, to the Internet [21]. The interconnection and collaboration of IoMT devices by the Internet will create a smarter world. According to a forecast, more than 50 billion mobile devices will connect to the Internet by 2025 [3].

Effective computing paradigms are needed to serve such massive IoMT devices. Nowadays, the computing paradigm of IoMT mainly includes Mobile Cloud Computing (MCC) and Mobile Edge Computing (MEC) [5]. MCC uses the cloud as a data storage and computing platform to provide global interconnection of mobile devices. However, The massive traffic of MCC not only makes the core network congested but also affects the real-time performance of mobile applications. MEC offload IoMT applications to the edge server, alleviating the network congestion and poor real-time performance. However, a large number of mobile edge servers need to be deployed to support a large number of mobile devices, which leads to huge investment costs and energy consumption [9, 10].

IoMT dispersed computing is a promising way to solve the above problems. The basic idea of the dispersed computing paradigm is to realize the “code and data” on-demand movement by designing new programmable protocols and algorithms, enabling the securely and collectively execution of tasks on geographically dispersed, ubiquitous, and heterogeneous computing platforms [4, 6]. These dispersed platforms include network elements, intelligent terminals, programmable sensors, and edge servers. In an IoMT dispersed computing scenario, users can use “local” or “nearby” available computing resources to carry out the application, significantly improving application and network performance while reducing energy consumption and investment costs [10]. However, the security of IoMT dispersed computing has not been studied in depth. The security of the “code and data” movement needs to be guaranteed.

In this paper, we discuss the security issues of IoMT dispersed computing. In response to these security issues, A secure dispersed computing scheme for the internet of mobile things is proposed. The proposed method realizes a decentralized service publication, discovery, and distribution mechanism through the consortium blockchain, which improves the usability, integrity, and authenticity of code movement. In addition, a computational offloading method based on security domain division is proposed, which improves the security of data movement by offloading tasks with different security risks to different security domains. The main contributions of this article are as follows:

  • We analyze the security issues involved in the movement of “code-data” in the IoMT dispersed computing.

  • We propose a decentralized service publication, discovery and distribution scheme. The proposed method applies the consortium blockchain and IPFS distributed file system to IoMT dispersed computing, ensuring the availability, integrity and authenticity of the code publication, discovery and distribution process.

  • We propose a security domain-based computing offloading scheme. For different users, the proposed method group dispersed devices into different domains. By scheduling IoMT tasks with different security risks to appreciate security domain devices, the confidentiality and privacy of data transmission, storage and processing are guaranteed.

The rest of the paper is organized as follows. The overview of related work is presented in Sect. 2. The motivation and objectives of our work are described in Sect. 3. A Secure Dispersed Computing Scheme for Internet of Mobile Things is elaborated in Sect. 4. The results of experiment of the proposed scheme and algorithm are discussed in Sect. 5. Finally, in Sect. 6, the conclusion of this work are presented.

2 Related Works

Although the security of internet of mobile things has been studied widely [17, 18, 22, 23], there is little research on the security of distributed computing, especially in the scenario of mobile Internet of things.

The research of dispersed computing paradigm is mainly focused on architecture and task scheduling. Schurgot et al. [20] describes the architecture of dispersed computing. The architecture consists of application layer, dispersed computing layer and physical layer. The application layer consists of applications and dispersed computing API for submitting tasks. The dispersed computing layer consists of dispersed computing task-aware computation, programmable nodes and network protocol stacks. Dispersed computing task-aware computing algorithms share transfer task details, data flow details, performance boundaries, and may even share job task graphs under the middleware “stack”. Programmable nodes and protocol stacks provide NCP lists, overlay network abstractions, flow performance details. The physical layer is various underlying networks.

Dispersed computing task scheduling mainly studies the task unloading problem of stream processing application modeled by Directed Acyclic Graph (DAG). Different from edge computing offloading, task offloading in the dispersed computing paradigm needs to jointly optimize computing offloading and network scheduling. Yang et al. [25] study the problem of chained task scheduling in dispersed computing networks. They propose a novel virtual queuing network encoding the state of the network and a Max-Weight type scheduling policy for the virtual queuing network. Rahimzadeh et al. [19] propose a scheduling system framework, SPARCLE, for stream processing applications in dispersed computing networks. The proposed method can complete the task assignment and resource allocation of a stream processing application in polynomial time. H. Wu et al. [7] proposed a dispersed computing offloading framework, formal the offloading problem into a multi-objective optimization problem, and design a bilateral matching algorithm to obtain the optimal task offloading strategy.

3 Motivation and Objectives

Figure 1 shows the IoMT dispersed computing paradigm [20, 26]. The IoMT dispersed computing includes the IoMT service provider, dispersed task-aware computation, and programmable nodes and protocol stacks. Its workflow is: (1) The IoMT device sends a service request which contains the service identifier to the dispersed task-aware computing module; (2) The dispersed task-aware computing module sends a request to the service discovery module; (3) The discovery module returns the service to the dispersed task-aware computing module; (4) The dispersed task-aware computing module calculates the task offloading plan, and offloads tasks of the services and flow tables to the appropriate DCP; (5) The IoMT device sends data to the first DCP.

Fig. 1.
figure 1

IoMT dispersed computing paradigm

Full size image

Although dispersed computing improves the responsiveness, reliability, real-time performance, and availability of IoMT applications through the “code and data” strategy movement and “forwarding and computing hop-by-hop”, there are the following security issues of IoMT dispersed computing.

  1. 1.

    Availability of Service Discovery

    In the IoMT scenario, the code of the application or service is usually not stored in the resource-constrained IoT device but the cloud or the hosting server of service providers. Moreover, service providers will provide a centralized service discovery mechanism. A simple way is to use this centralized mechanism directly by the dispersed task-aware computing module. However, the inherent availability limitations of the centralized system, such as single points of failure, network bandwidth and service capacity bottlenecks, contradict the high availability promised by dispersed computing.

  2. 2.

    Integrity and Authenticity of Services Distribution

    During the code distribution, the service code may be maliciously tampered with or replaced. Running malicious code threats to not only user data but also nodes themselves. In addition, the order of task execution may also be maliciously tampered with, causing code to be executed in an unexpected location and resulting in unavailability of services or leakage of user privacy.

  3. 3.

    Confidentiality of Data Transmission

    Due to the limited computing resources and battery life of some IoMT devices (such as smart bracelets, smart sensors, wireless headsets, etc.), it is hard to deploy heavy encryption algorithms. Data is easily sniffed maliciously during the transmission process between dispersed computing devices.

  4. 4.

    Privacy of Data Storage and Processing

    User data needs to be stored and processed on some uncontrolled devices. Storing unencrypted data on these devices will lead to a privacy leak. Even data are encrypted, it also needs to be decrypted before or during processing, which means there is still a problem of user privacy leakage if data needs to be processed on uncontrolled devices.

According to the above analysis, there are many security problems in IoMT dispersed computing. In the “code and data” movement, the availability, integrity, and authenticity of code publication, discovery, and distribution, as well as the confidentiality and privacy of data transmission, storage, and processing need to be guaranteed. To the best of our knowledge, Existing researches on dispersed computing mainly focuses on architecture design and task scheduling [7, 15, 19, 24,25,26], and there are little researches on security solutions in the IoMT dispersed computing scenario. Therefore, in this article, we propose a secure dispersed computing scheme for the Internet of Mobile Things, which has the following design objectives:

  • Improve the availability, integrity and authenticity of service publication, discovery and distribution in IoMT dispersed computing.

  • Improve the confidentiality and privacy of data transmission, storage and processing in IoMT dispersed computing.

4 Proposed Scheme

For the above two objectives, we propose a secure dispersed computing paradigm for the Internet of Mobile Things in this section. The proposed scheme includes a decentralized service publication and discovery scheme and a security domain-based task offloading model. The first scheme improves the availability of service publication and discovery by employing the consortium blockchain. Meanwhile, it also provides integrity and authenticity verification capabilities. The second scheme groups dispersed nodes into the private, organization, and public domains. By scheduling tasks with different security priorities to appropriate domain nodes, the confidentiality, integrity, and privacy of data transmission, storage, and processing are guaranteed as much as possible. We will describe the detail of the proposed two scheme in Sects. 4.1 and 4.2.

4.1 A Decentralized Service Publication, Discovery and Distribution Scheme

A decentralized service publication, discovery, and distribution scheme for IoMT dispersed computing is described in this section. Blockchain has been used successfully for many systems [1, 8, 11,12,13,14, 16]. We argue that blockchain is a promising technology to realizes a high-availability service discovery and high-trust code distribution of IoMT dispersed computing. The basic idea of the proposed scheme is to use the blockchain to store the metadata of IoMT services and to use the distributed file system to store service codes and models. IoMT service providers jointly manage and maintain the consortium blockchain. The distributed file system uses IPFS, which is a media protocol based on blockchain and uses distributed storage and content addressing technology [2]. IPFS address files according to their content hash value. Service providers publish service metadata to the blockchain and publish service codes to IPFS. Users initiate requests to the blockchain to obtain service metadata and requests to IPFS to obtain service codes. The proposed method improves the availability of service publication, discovery, and distribution by a decentralized design.

Fig. 2.
figure 2

A decentralized service publication and storage model

Full size image

Service Publication. Figure 2 shows the proposed service publication model. The IoMT services can be modeled as a Directed Acyclic Graph (DAG) in which and the nodes represent the tasks and the edge represent the dependencies [15, 26]. This model indicates the number and the order of the tasks. Meanwhile, it also makes the storage and verification of IoMT service stored in the blockchain and IPFS simple.

Due to the limitation of block capacity, the consortium blockchain only stores the service metadata. The metadata includes service identification (SID), task identification (TID), task security priority (SP), task-dependency hash, code hash, and digital signature of the service provider. SID is globally unique by a Globally Unique Identifier (GUID) algorithm. All service providers in the consortium blockchain use the same GUID algorithm. TID is the index of the topological sorting of tasks in a service. The metadata of each task is encapsulated as a transaction and published to the consortium blockchain. The transaction is published in the order of the topological sorting. The service provider first initiates task transactions that have no forward dependencies. After all consortium nodes reach a consensus on these tasks transactions, the service provider will continue to initiate subsequent task transactions. Each task transaction points to the transaction of the task it depends on through the hash pointer.

The service code is stored in IPFS, and the IPFS network is composed of resource servers of various service providers. IPFS uses the hash value of the file as the index of the file. The hash value of each task code is stored in the metadata. The user can quickly read and obtain the service code through the service metadata.

Fig. 3.
figure 3

A decentralized service discovery and distribution model

Full size image

Service Discovery and Distribution. As shown in Fig. 3, the service publication and distribution system include consortium blockchain, IPFS, control layer, and computing layer. The consortium blockchain is used to store the metadata of services and the IPFS is responsible for storing service data and code. The computing layer consists of dispersed computing devices called DCP. The control layer includes a multiple dispersed computing controller (DCC) and a DCC that manages a set of DCP. The user device first initiates a request to a DCC. The DCC receives the request and obtains the SID. Then, DCC initiates a service discovery request to a consortium blockchain node. After receiving the request, the consortium node gets the service ID from the request, queries all transactions whose SID is equal to this ID, and verifies the hash pointer of each transaction. After obtaining the metadata of all tasks, the consortium node will package this metadata into a service metadata and return it to DCC. Then, DCC parses the service metadata, obtains the hash value of all task codes, and then sends a request to IPFS to obtain the task code. Finally, DCC offloads the service to a suitable DCP for execution according to the scheduling strategy.

Availability, Integrity and Authenticity. First, the proposed method is based on the consortium blockchain and IPFS, and adopts a completely decentralized design, so that the system does not have a single point of failure. This method greatly improves the availability of service publication and discovery. At the same time, based on the IPFS decentralized storage system, service codes can be stored on multiple resource servers. Even if some consortium nodes or resource nodes fail, the service publication and discovery functions can still operate normally. Secondly, the metadata of the service is stored in the block of the consortium blockchain as transactions of tasks. In addition, the integrity of the dependencies of tasks in the service is protected by hash pointers between transactions. Therefore, any attempt to tamper with service metadata must simultaneously modify the entire blockchain. The task code is stored in IPFS, and the storage address is the code hash in the task metadata. The non-tampering feature of the blockchain can ensure the integrity of the service metadata and service code. Finally, the authenticity is guaranteed by the digital signature in the task data metadata. After DCC receives the service metadata returned by the consortium node, it uses the public key of the service provider to check the digital signature fields of all task metadata.

4.2 A Security Domain Division Based Computing Offloading Scheme

Offloading data or computing to the arbitrary DCP has the risk of privacy leakage. This section proposes a security domain-based computing offloading method. As shown in Fig. 4, for a user, DCC divides the DCP in its management domain into private domains, organizational domains, and public domains. By scheduling tasks with different security priorities to appropriate security domains, the confidentiality and privacy of data movement can be guaranteed.

Fig. 4.
figure 4

Security domain diviosn based task offloading model

Full size image

Security Domain Division. The geographically adjacent DCP are managed by a DCC. A management domain include a DCC and certain DC. We use \({MD}_j={DCC}_j\cup \left\{ {DCP}_{j,i}\ |1\le i\le N\right\} ,\ 1\le j\le M\) to represent the management domain j. U and O are used to represent user and organization set respectively. For a user u, using \({UInfo}_u=\left\{ {UID}_u,{OID}_u,{PubK}_u,{PubK}_o\right\} \) to represent, where \({UID}_u\) is the user ID, OrgID is the user organization ID, \({PubK}_u\) represents the user public key, and \({PubK}_o\) represents the user organization public. For \({DCP}_{j,i}\), its security group is represented by \({SG}_{j,i}=\{{UIDS}_{j,i},{OIDS}_{j,i},{PubG}_{j,i}\}\). \({UIDS}_{j,i}=\left\{ \left( {UID}_u,{Sig}_u\right) |u\in U\right\} \) is the user ID and array signature list of its owner, and \({OIDs}_{j,i}=\left\{ \left( {OID}_u,{Sig}_o\right) |o\in O\right\} \) is the ID list of the organization of the user. \({PubG}_{j,i}\) is a Boolean value that indicates whether the device is a public device.

A non-injective and non-surjective function \( dividing:\left( j,u\right) \rightarrow {SDP}_{j,u}\) is used to represent the security domain division problem of the user u in the management domain j. The \({SDP}_{j,u}=\left\{ {PriD}_{j,u},{OrgD}_{j,u},{PubD}_{j,u}\right\} \) represents the security domain of the user u in the management domain j. The \({PriD}_{j,u}=\left\{ {DCP}_{j,i}\ |1\le i\le N,1\le j\le M\ \right\} \) represents the private domain of the user u in the management domain j. The \({OrgD}_{j,u}=\left\{ {DCP}_{j,i}\ |1\le i\le N,1\le j\le M\right\} \) represents the organizational domain of the user u in the management domain j. And the \({PubD}_{j,u}=\left\{ {DCP}_{j,i}\ |1\le i\le N,1\le j\le M\},\ {PubG}_{j,i}=True\right\} \) represents the public domain of the user u in the management domain j. The solution of the function dividing needs to satisfy the constraints of formulas (1) and (2), where \({Sig}_u\in {UIDS}_{j,i}, \{{UID}_u,{OID}_u,{PubK}_u,{PubK}_o\}\subset {UInfo}_u\); \({PubK}^e\) and \({PubK}^N\) are the public exponent and modulus from the public key; Pad is the padding function; and Hash is the hashing function.

$$\begin{aligned} {{Sig}_u}^{{PubK}_u^e}=Pad(Hash({UID}_u))(mod{\ PubK}_u^N) \end{aligned}$$
(1)
$$\begin{aligned} {{Sig}_o}^{{PubK}_o^e}=Pad(Hash({OID}_u))(mod {\ PubK}_o^N) \end{aligned}$$
(2)

The solution process of the function dividing is shown in Algorithm 1.

figure a

Task Offloading. By scheduling tasks with different security risks to appropriate DCC, the security of data movement can be improved. For a user u, the IoMT service needed to offload is denoted as \(S_u=\left( {Task}_u,{SP}_u\right) \). \(Task=\left\{ {task}_{u,k}|\ 1\le k\le K\right\} \) is a set of tasks. \({SP}_u=\left\{ {SP}_{u,k}|1\le k\le K,{SP}_{u,k}\in h,m,l\right\} \) represents the task security risk, where h,m,l represents the high, medium, and low security risks of task \({task}_{u,k}\), respectively. We use \(resType=\left( cpu,memory,netband\right) \) to represent the resource type. The resource capacity currently available for \({DR}_{j,i}=\left\{ {DCP}_{j,i}^{type}|\ type\in resType\right\} \). The resource cost of task \({task}_{u,k}\) is modeled as \({TR}_{u,k}=\left\{ {tr}_{u,k}^{type}|ype\in resType\right\} \).

A non-injective and non-surjective function \(offloading:\left( j,u\right) \rightarrow \{{DCP}_{j,i}^{u,k}|1\le i\le N,1\le j\le M,1\le k\le K\}\) is used to represent the offloading problem of service \(S_u\) in management domain j. \({DCP}_{j,i}^{u,k}\) means to offload task \({task}_{u,k}\) to \({DCP}_{j,i}\). The solution of the function dividing needs to satisfy the constraints of formulas (3) and (4).

$$\begin{aligned} \begin{aligned} DCP_{j,i}^{u,k}\in \left\{ \begin{array}{c} PriD_{j,u}, if\,\,SP_{u,k}=h\\ PriD_{j,u}\cup OrgD_{j,u}, if\,\,SP_{u,k}=m\\ MD_j, if\,\,SP_{u,k}=l\\ \end{array} \right. \end{aligned} \end{aligned}$$
(3)
$$\begin{aligned} \sum _{m\in {dcpTasks}_i}{TR}_{u,k}<{DR}_{u,k},\forall \ i\in V \end{aligned}$$
(4)

The solution process of the function offloading is shown in Algorithm 2.

figure b

Confidentiality, Integrity and Privacy. The proposed method offloads tasks with different security risks to devices in different security domains near the user. Tasks with high security risks are offloaded to the user’s private device, which ensures the confidentiality and privacy of data storage and data processing.

5 Evaluation

we implement proposed algorithms with Python and evaluate the time consumption of the algorithms. The performance parameter of our experiment server is shown in Table 1.

Table 1. Configuration of the edge server
Full size table
Fig. 5.
figure 5

The time-consuming of the proposed security domain division and computing offloading algorithm

Full size image

IoMT devices will move across multiple DCC management domains. When an IoMT device requests a DCC to serve, the DCC should quickly calculate the security domain and task offloading schedule. It means that the proposed security domain division and task offloading algorithm need to complete the calculation in a short time. We implement the proposed algorithm in Python and evaluate its time-consuming.

The time-consuming of the proposed security domain division algorithm is shown in Fig. 5 (a). When the number of DCC devices is 50, completing the division takes 29 ms. When the number of DCC devices increases to 300, the division takes 164 ms. When the number of DCC devices reaches 500, it takes 290 ms. The experimental results show that the time consuming of the proposed security domain division algorithm increases linearly with the increase of DCC, and has good real-time performance and expansibility.

The time-consuming of the proposed task offloading algorithm is shown in Fig. 5 (b). In this experiment, we set the number of DCC to 500 and measure the time consumption of the algorithms under different tasks numbers. When the number of tasks is 1000, the algorithm takes about 7 ms to determine an offloading plan. When the number of tasks reaches 5000, it took 114 ms. When the number of tasks is 10000, calculating the offloading scheme takes 382 ms. The results show that the proposed task offloading algorithm can calculate a task offloading scheme in a short time.

6 Conclusion

In this paper, we discuss the security problems in IoMT dispersed computing paradigm and propose a secure dispersed computing scheme for the Internet of Mobile Things. The proposed scheme realizes a decentralized service publication, discovery, and distribution mechanism by employing consortium blockchain, which improves the availability and integrity of service discovery and distribution of dispersed computing systems. Moreover, we also propose a security domain division-based task offloading scheme. By offloading tasks with different security risks to devices in the different security domains, it can protect the confidentiality and privacy of user data as much as possible. Finally, we design a series of experiments to evaluate the proposed scheme. The experiment results prove the effectiveness of our scheme.