Susceptible data classification and security reassurance ...

Susceptible data classification and security reassurance in cloud-IoTbased computing environment

SOUMYA RAY, KAMTA NATH MISHRA* and SANDIP DUTTA

Department of Computer Science and Engineering, Birla Institute of Technology, Mesra, Ranchi, India

e-mail: [email protected]; [email protected]; [email protected]

MS received 1 October 2020; revised 10 August 2021; accepted 31 August 2021

Abstract. Susceptible data recognition has become a fundamental requirement in any network administration

system. Though, in suitable sharing and usage, the susceptible data could wipe out the user’s privacy. So,

susceptible data detection and its security re-assurance in a cloud-IoT (Internet of Things) integrated distributive

communication network are mandatory. In this paper, the authors have anticipated novel susceptible data

detection and re-assurance algorithms. The algorithms are capable to make out the identical attributes from

diverse data sources which are precised by the domain expert. In the proposed method, the sensitivity scores of

distinct attributes are measured as significant features for susceptible data identification and assurance. However,

the distinctions of sensitivity scores will be able to distinguish the susceptible data from the non-susceptible data

in a cloud-IoT integrated distributed computing environment. The authors have explicated various ways through

which susceptible data may be exposed in the distributed system environment. Moreover, the authors have

proposed novel algorithms for the security re-assurance of static/dynamic susceptible data. The decision

tables are considered for each of the definite cases of security re-assurance in a cloud-IoT enabled distributive

computing platform. These decision tables will facilitate the network managers to validate the legitimacy of the

requests which are arriving from various extents of distributive internetworked systems. In this research work,

the results of security re-assurance processes of static and dynamic susceptible data are authenticated through the

two dimensional (2D) and three dimensional (3D) graphic representations. The two- and three-dimensional

graphical representations designate that the requests initiated from inter/intra networks are being traced and the

illegitimate requests are being leftover by the automated model in a cloud-IoT environment. This process will

avert the attacks generated from identical internet protocol (IP) addresses. As a summing up it can be said that

the research paper primarily emphasizes an innovative approach to recognizing the susceptible data in a cloud-

IoT integrated distributive environment and the anticipated technique defends the susceptible data from unlawful

admittance by the intruders.

Keywords. Dynamic susceptible data; quasi identifier; static susceptible data; security assurance.

1. Introduction

At present, the cloud-IoT-based computation technology is

unavoidable to continue the enormous generation of storage

and data on demand. Most of the organizations are imple-

menting cloud for their IT services to trim down the charge

of building their setup. The cloud model is entirely based

on pay-per-usage representation. So, platform, software,

and infrastructure can easily be obtainable to the different

organizations based on their claim at a lesser cost. The

benefits of cloud computing are applicable in academics as

well as different knowledge-based systems. The most

important benefit of cloud computing is that data can be

mutually shared between different users, thus eventually

leads the cloud as a worldwide recognition to the industries

serving on the diverse domain [1–5]. Conversely, different

cloud consumers are disinclined to obtain the benefits of the

cloud due to security and privacy issues. Privacy protection

is the most important downside of this technology. Big

industries as well as various financial institutions maintain

their service information along with the customer’s data in

the cloud e.g., Federal Reserve Bank [5, 6]. Maximum data

are produced through diverse IoT-based devices. These data

are very confidential susceptible data. The security

breaching of data due to the seepage of information can

give out a gigantic monetary loss, leading to a negative

impact on the consumer’s state of mind. Encryption of data

can be the straight approach to maintain the security re-

assurance of data. This way out is not valid always as the

storage of data can be of different types. Most of the cloud-

IoT-based applications are used to run with non-encrypted

data sets only. Transferring and dealing out of encrypted*For correspondence

Sådhanå (2021) 46:215 � Indian Academy of Sciences

https://doi.org/10.1007/s12046-021-01740-ySadhana(0123456789().,-volV)FT3](0123456789().,-volV)

data through the network put away enormous bandwidth

and time. Susceptible data identification is a must to miti-

gate the dealing of the security reassurance process. Sus-

ceptible data detection can be achievable with the help of

the quasi-identifier technique [7, 8].

Quasi-identifiers (QIS) is represented as the grouping of

attributes that can exclusively make out persons by linking

peripheral data. Anonymity is associated with identifying a

person individually. In the absence of a person’s name, he/

she can be recognized by the SSN or Voter’s ID, etc.

[9–11]. A person can also be recognized by a blending of

attributes e.g., location, gender, and age. This is feasible

when the available data can be merged or joined with data

set listing definite information on these identities. For

instance, 84% of the inhabitants of the United States can

simply be recognized by the grouping of gender, zip code,

and Date of birth. So, erroneous publication of QIS will

direct to privacy seepage. Diverse privacy defending data

publishing methods eradicate the identifier attributes to

protect individual privacy, but attackers can easily get

susceptible information by concerning a few QIS collec-

tively [12–15].

The distributive approach to safeguard the privacy of

data is not prolific as the size of data in the cloud is

extremely large. Security re-assurance of susceptible data

(e.g., m-healthcare data) is also exigent in the cloud-IoT

model. The transient data through diverse networks pose

different security outbreaks and obliterate the whole justi-

fication of the data model [16, 17]. Appropriate imple-

mentation of data protection policy requirements must be

imposed by the cloud provider to endow with the security

of the susceptible data. Whenever a user will lay up sus-

ceptible data in the cloud, he should preserve the compli-

ance statement based on strategies set by the provider. The

user will supply the credentials linked to (log file, etc.) to

the provider and the process is termed as computer foren-

sics as e-discovery [18–20].

Notwithstanding numerous challenges to uphold the

security issues, proper susceptible data identification and

security re-assurance technique in cloud-IoT is essential.

The major contributions of the research paper are explained

below:

• A novel algorithm is designed to extract personal data

from the private data set.

• A novel susceptible data recognition algorithm using

quasi-identifiers is proposed and illustrates a compar-

ative analysis of the algorithm with the existing

algorithms. The architecture of the proposed model is

also presented as a part of the research paper.

• The decision tables are developed to provide the

security re-assurance of susceptible data over cloud

and IoT-based distributed domains.

• A comprehensive mathematical model of the suscep-

tible data identification and security re-assurance

technique is designed. This ultimately depicts the

complete flow of the identification and security re-

assurance process.

• The formal security analysis of the automated system

is also highlighted as a part of the research paper.

The remainder part of the paper is organized as follows.

The state of the art of the research is presented in section 2.

Susceptible data identification techniques are explained in

section 3. The mathematical model and architecture of the

proposed system are also explained in section 3. Security

re-assurance over susceptible data is highlighted in section

4. Section 5 depicts the results and analysis of the complete

research paper Finally, the authors conclude their research

work in section 6.

2. Related work

The objective of this section is to highlight the research in

the field of susceptible data identification and security re-

assurance in a cloud-IoT-based environment. Data is not

homogeneous in a distributed computing environment.

Data may be susceptible or non-susceptible. Susceptible

data recognition and its security assurance are mandatory

to protect the data from any vulnerable issues. The sus-

ceptible data may be transferred from one network to

another by using encryption technology. Most cloud

applications can easily decrypt the data. Traveling

encrypted data through the network path also consumes

huge bandwidth. The researchers [21, 22] face a challenge

to maintain the large heterogeneous dataset. In m-health-

care applications, diverse types of data are added to the

system and the size of data grows exponentially. The

map-educing technique may be the optimized solution in

this regard. Map-Reducing is a parallel processing

approach that is used to segregate the susceptible data

from non-susceptible data set easily.

In [23, 24] the K-anonymity model is suggested to pro-

vide the security re-assurance over the susceptible data set.

The model is not satisfactory as the type of data is not

identical in most of the cloud-IoT-based applications. The

moving data is more exposed to the intruders as compared

to data at rest. The researchers [25] have suggested that the

anonymization technique with the encryption of data can be

used to solve security issues. The destination end finds a

challenge in the de-anonymization process as it is more

time-consuming due to the size of the data.

To implement the security re-assurance over susceptible

data the researchers have provided different solutions. The

role of user and management people needs to be imple-

mented strictly. At the time of moving the client application

to the central cloud system, the user identities/authorization

should be set by the provider to prevent illegitimate access.

The existing algorithms must be integrated with security

protocols and complex network infrastructure to enhance

the susceptible data security mechanism [26, 27].

215 of 24 Sådhanå (2021) 46:215

On other hand, Chen and Zhao [28] have analyzed the

user apprehension concerning the transition of data to the

cloud. As per the researcher’s opinion, various organiza-

tions are unwilling to shift their data into the central cloud

server due to network security issues. The authors have

presented the security re-assurance technique linked to the

cloud-IoT-based integrated environment. Cao et al [29]

have illustrated the various security threats that can oblit-

erate the confidentiality and secrecy of the client’s infor-

mation. Several security threats are reviewed and some

solutions are provided to overcome the attacks. The impact

of the security attacks over the cloud-IoT-based systems is

also analyzed and proposed optimal solutions to cope up

with the problem.

Lauter et al [30] have explicated the idea of ‘‘third party

privacy’’ where the system manager modifies its secure

database system on an un-trusted server at a fixed time

interval. This perception assumes that network clients and

an un-trusted server are not intelligent enough to break

through the security of the database without appropriate

authorization. The authors have anticipated a ‘‘server-side’’indexing technique that allows the network manager to

modify data/information efficiently and securely. Multiple

clients can be able to view the data using the outsourced

database.

Lee et al [31] have explained the various privacy pro-

tection schemes in a cloud-IoT-based environment to

maintain data confidentiality in the distributed networking

environment. The authors do not specify the correspond-

ing implementation details and privacy-preserving algo-

rithm. Xu et al [32] anticipated four-layer susceptible data

privacy-preserving approaches to minimize the security

threats in cloud-IoT architecture. The research does not

provide any data identification technique in advance. Lu

et al [33] have stated various attribute-based encryption

techniques to protect the susceptible data. The entire

process makes complete use of fog servers. The suscep-

tible data are identified and before transferring it to the

cloud server it will be encrypted by the fog server. The

efficiency of the scheme is not satisfactory as searching

for susceptible data from the distributed environment is

time-consuming. Duet al [34] have explained a privacy-

preserving framework to maintain the susceptible data

security between the different distributed network archi-

tecture. The framework modeling is completely based on

a public-private key cryptographic system to prevent

attacks that originated from the external network. The

entire process consumes huge network bandwidth. This

ultimately leads to the computational overhead in the

system architecture.

The security and privacy of susceptible data can also be

achieved using blockchain technology. Blockchain is used

to provide privacy and security in a decentralized envi-

ronment. Dorri et al [35] have explained the IoT security

assurance technique using blockchain-based smart home

concepts. The smart home contains an online high-end

resourceful device called ‘‘miner’’ which is responsible for

the privacy and security of blockchain along with control-

ling and communication across the smart home. Rehman

et al [36] have nicely presented the susceptible data sharing

in a secured way using blockchain technology. The

decentralized architecture helps to provide service authen-

tication at the integrated cloud-IoT-based service layer.

They have designed specific cloud nodes to identify the

valid edge server which uses proof of authority (POA) as an

agreement between service providers.

Several researchers are carried out their research to

establish the advantages of a decentralized IoT-based

model over the centralized architecture. Wang et al [37]

have stated that confidentiality and privacy of transactions

among multiple parties are secured in the blockchain-based

IoT model. They have designed hierarchical storage

‘‘Chain Splitter’’ where most of the blockchains are stored

in the cloud and frequently used ones are kept in different

layers of IoT network. This will optimize the space of the

resource constraint IoT devices. Sagirlar et al [38] have

observed the significant weakness of centralized IoT

architecture in terms of maintenance, cost, and support of

real-time applications. To overcome the specific issues,

they have designed hybrid blockchain architecture for the

cloud-IoT-based systems. The end-to-end integration and

validation of data in IoT can be achieved using blockchain

technology. Shenet al [39] have explained the modular

architecture with proof of work (POW) mechanism of

blockchain to serve the general IoT-based application

effectively.

3. Susceptible data identification using quasiidentifier technique

Detection of information attributes that might have sus-

ceptible data is vital before releasing it to a third party.

Once recognized typical anonymization or de-identification

procedures can be useful to avoid seepage of susceptible

information. Seepage of susceptible information to a third

party may direct economic losses, security gaps, and indi-

vidual confidentiality concerns. So, susceptible data needs

to be recognized appropriately from the data set, and after

that proper security, reassurance technique is to be imple-

mented. In this research paper, the authors have utilized the

quasi-identifier technique to recognize the susceptible data

from a private data set. The quasi-identifier can be defined

by the subset of attributes that can distinguish maximum

tuples in the traditional database management system

[40, 41].

The proposed susceptible data recognition technique

inspiration is based on the perception of cloud-IoT-based

technology. The research paper has recognized the limited

attributes of a patient at the time of admitting him to a

hospital. Various hospitals under the identical group make

use of diverse database technology. There is no option of

Sådhanå (2021) 46:215 of 24 215

using a single homogeneous platform to collect all types of

patient data. The information transferring process in

between different network hospitals is not a very easy task.

Information is processed and composed in an IoT-based

distributive environment. The paper emphasizes the

assembling of data from diverse IoT devices and with the

help of API (Application Program Interface) the data hits

the central cloud server. The placing of the application

server in the central cloud system helps the authorized

persons to access data at any time as per their demand.

The authors have also considered that the encrypting of

susceptible data is inevitable before forwarding it to the

cloud storage or transferring it through the cloud-IoT

environment. Cloud service providers used to retain the

encryption/decryption key pair as per the prerequisite of the

user level. Cloud service providers are not always trust-

worthy. So, local level encryption is advantageous to dis-

pense further level of security as decryption is obligatory

before access to any susceptible data. This entire encryp-

tion/decryption procedure is based on a complex symmetric

key approach. Authorized users will obtain public and

private key pairs based on the exact identification number.

Data accessing is authorized after the successful authenti-

cation of the keys in the server. It is presumed that the

entire communication system does not sustain the network

cramming [42].

Figure 1 stipulates that the personal data of a patient is

specified as user input. The passing of input data through a

process/algorithm is used to extract the private data. The

susceptible data identification process using quasi-identi-

fiers is applied over the private data set. Data may not be

susceptible always. The passing of data between two dif-

ferent processes will generate the set of susceptible and

non-susceptible data. The two sets of data are stored/

archived for processing in the future.

3.1 Elimination of private data from personal data

The main purpose of this section is to do away with the

private data from personal data. The entire information

delimited in personal data cannot be considered his/her

private data always. The first name/last name of a person

can be his/her data, but it is not at all private data. The

credit card number/ bank account number of an individual

can be treated as his private data. The susceptible data and

private data are not always identical. Susceptible data is

defined by the domain expert. Consequently, to reveal the

susceptible data primarily we need to extract the private

data from the personal data. The recognition of private data

from any set of personal data is very exigent. The data is

not kept in a single place. It is always disseminated in

nature. The storage architecture of heterogeneous data is

also different [43, 44]. They can be accumulated in a

diverse relational database management system. The

recognition and identification of information are highly

reliant on the schema, attribute name, and data type of the

traditional database system. The primary key, unique key,

comments, and constraints declared in the diverse archi-

tectural systems play a key role to find out the private data

from the set of personal data.

The authors have noticed in many cases that attribute

tags are not indicative of the contents. The proposed

Algorithm 1 helps to identify the comments generated from

each database field. The novel algorithm extracts the

comments from each of the fields and produces the result

set after connecting the same with other linked attributes.

The authors have designed Algorithm 1 to remove the

private data from the personal data set. The schema of ’M’

sets of data is being considered as input and the schema of

non-private data ’D’ is produced as the output. The pro-

posed model reads each of the key attributes (like data type,

schema name, attribute name, unique key, primary key,

foreign key, constraint, and comments described in each

attribute) from the input data set and generates a schema of

non-private data set. All the attributes under SD are scanned

and compared with the primary key of the data set in steps

six to nine of the proposed Algorithm 1. Moreover, the non-

matching attributes are kept in temporary schema Ts. In the

subsequent phase, the scanning is executed in the tempo-

rary schema to read the comments declared in each of the

attributes. The comments which may not comprise names

are accumulated in the result set attribute Rs and the entire

information is sent back to the output data set.

The significance of the proposed Algorithm 1 is to

eradicate private data from personal data. A huge amount of

data related to patients is generated in the medical health-

care system or other business development systems. This

dataset is a combination of personal and private data of

patients/users. The recognition of susceptible data is prac-

tically not possible till the private data is filtered out from

the personal data using explicit data filtering methods. The

novel Algorithm 1 may scan the diverse data set andFigure 1. Process flow of Susceptible data identification.

215 of 24 Sådhanå (2021) 46:215

efficiently screens the private data from the personal data.

Algorithm 1 of figure 2 uses the different variables. Table 1

defines the denotation of the variables.

3.2 Recognition of susceptible data from privatedata

The authors have anticipated Algorithm 1 of figure 2 to

recognize the private data from the personal data set. But

the private data is not always susceptible. The main

objective is to figure out susceptible data attributes defined

by the domain experts using the quasi-identifier technique.

Here the authors have considered broadly the patient his-

tory information in the medical healthcare system. This

information comprises of different attributes like Patient

ID, First Name, Last Name, Age, Date of Birth, Sex, Patient

Contact Number, Contact Person Mobile Number, Contact

Person Name, Address, Relationship, Patient city address,

Patient post office, Patient Police Station, Patient Medical

History, and Medical Insurance Claim Related Information.

The susceptible data attributes are predicted by the

domain expert. Domain experts are used to providing

attributes susceptibility scores also. A domain expert can be

considered as a skilled individual who has sufficient

knowledge in the functional area e.g., a well-known doctor

with eight or more years of experience in private / gov-

ernment hospitals with suitable bachelor’s, master’s, and

research degrees in medical science may be recognized as a

medical domain expert. The IoT-based intelligent medical

expert system architecture developed by highly skilled

professionals can also be considered as a domain expert.

Likewise, a management graduate (MBA in business

development) with five or more years of appropriate

involvement in several transactional activities such as

credit distribution, fund management, and debit/credit card

limit sanction can be treated as a domain expert in the

financial sector. The domain experts are utilized to perform

their specific tasks and this is completely guided by the

rules and regulations of the Information Technology

industry.

The Susceptible attributes are defined as follow:

Rule: A rule condition Rx= R1 R2 R2 is a condition with

R1e {schema name, data type, attribute name, primary key,

unique key, foreign key, constraint, comments}

R2 e U U l U a U w U £ U f U d U r and is an operator

in {=! =, \[, B, C, ! contains, contains}.The continuous

medical assessment is collecting data with Type-2 diabetes

for the following information from all of the institutes

linked with the patients: Patient RegNo, Initial Info, date of

initial diagnosis, Initial HgbA1c, HDL cholesterol level,

Comorbid condition, result date, serum creatinine level,

result date, and medical institute. R2 considers all these

attributes and as an example, the Jason format is considered

to fill this information. This is an instance of R2 considering

the medical field. In a changed domain, R2 varies with

different Jason formats.

Now, the information is composed of conjugations and

disjunctions of proposed conditions along with the rule

susceptibility score. The evaluation of susceptibility score

is ranged amid ‘‘re [1, 5]’’, of an attribute that utmost

satisfies the rule. The attribute susceptibility score is

designed based on the prearranged survey format. As an

example, the healthcare domain experts will put question-

naires that will be filled up by the patients/medical atten-

dants. The obtained medical data is to be sorted out based

Algorithm 1: Exclusion of private data from personal data

Input: Schema of ‘M’ sets of data

Output: Schema of non-privacy data ‘D’

1 Algorithm

Exclusion_of_Private_Data_From_Personal

_Data (Schema of M sets of Data)

2 {

3 for each key ki SM where i=1…n

4 Read schema name, attribute name,

datatype, unique key, primary key, foreign

key, constraint, comments

5 Add it to SD

6 For individual attribute Aj SD

7 # confidentiality condition (1)

8 if Ai! = Pk

9 Add it to Ts

10 for individual attribute Ak Ts

11 # confidentiality condition (2)

12 if comments do not comprise name [fname,

name, etc.]

13 Add it to Rs

14 Return Rs

15 }// end of Algorithm 1

Figure 2. Elimination of private data from personal data.

Table 1. Symbols and notations.

Notation Meaning

ki Attribute key

SM Schema of M sets of data

SD Schema of non-privacy data D

Aj Attribute name

Pk Primary key

Ts Temporary schema

Rs Result set attribute

Sådhanå (2021) 46:215 of 24 215

on accurate diseases information because the susceptibility

score is not identical for all the diseases including critical

unending diseases. The incessant mathematical logic-based

inference formulates the scoring approach more accurately

for these critical diseases. Algorithm 2 is designed to rec-

ognize the susceptible data from the private data set. At this

time, a set of private data is passed as user input, and the

schema of susceptible data is retrieved as the output. The

proposed Algorithm 2 will scan the consequential set of

attributes obtained as an output from Algorithm 1 and

initially, the susceptibility score of individual attributes is

set to 1. Here, p’(xi) which is the initial pass of the certain

process p(x) checked with q (Ai), and the authors have

received the two possible outcomes of the ongoing process.

If the value is lesser than Aithen computation of xi?1= xi -

p(xi)/p’(xi) is prepared. Next, the difference of xi?1 -xi is

evaluated. If the evaluation outcome is smaller than the

threshold value u then the value of Axi is added by 1. The

control variable ’i’ will also be incremented till it will be

lower than the maximum number of pass N. But as soon as

the p’(xi) will be larger than the q(Ai) then it will filter out

the complete set of attributes from Rs whose susceptibility

score is larger than 5 and accumulate it in susceptible

schema set.

The significance of Algorithm 2 is to make out suscep-

tible data from the set of private data. The proposed algo-

rithm is designed based on susceptibility scores defined by

the domain expert/expert system. The proposed Algorithm-2 will extract only those attributes as susceptible whose

susceptibility score is larger than or identical to 5. Algo-

rithm-2 efficiently filters the susceptible attribute based on

the information given by the domain experts/expert

systems.

Let a process p(x), its initial pass p’(x), and initial esti-

mation to the susceptible score (’ss’) represented by ’x’.

The process considers a very small threshold value ’u’and

the highest number of passes are restricted to ’N’. The

susceptible data schema is represented by SSm. ‘q’ is

denoted by the quasi-identifier technique. The threshold

value can be defined as a checkpoint that halts the repetitive

process at a static point. The threshold value is computed

based on susceptible data attributes schemas by traversing

through various passes. The researchers have considered

healthcare data which may comprise of several schema

attributes and have a definite process to extract the sus-

ceptibility score for each of them. As per the proposed

Algorithm 2, the process requires several passes to produce

the susceptibility score. The parallel data processing tech-

nique is considered in the proposed scheme as the serial

data processing needs a longer time to process a single data

attribute. The researchers consider a threshold value and the

output of the two passes are compared using the parallel

processing technique. As soon as the threshold value is

attained the next schema attribute processing will be

initiated.

3.3 Projected mathematical model

The researchers have considered the susceptible data

recognition and security re-assurance (SDISA) technique

with the help of a mathematical model. The mathematical

structure is an imperceptible illustration of SDISA which

confirms the following:

a. The input collected and outputs obtained from every

stage of SDISA dispensation.

b. The connection between collected inputs, outputs, and

transitional phases.

c. The different states are produced from the primary to the

closing stages of dispensation.

d. The flow of data to the dissimilar processing states of

SDISA.

3.3.1 The assembly of SDISA components The

assembly of diverse components of the SDISA model can

be denoted by Eq. (1).

SDISA ¼ S;X

;R;Mf ;Nf ;

n oð1Þ

The symbolic depiction of Eq. (1) is explained as

follows.

S ! finite non-empty set of statesP! finite non-empty set of given input matrices pro-

vided to any components of SDISA

R ! finite non-empty set of receiving output matrices

obtained from any component of SDISA

Mf? State transformation function which takes SDISA

to the succeeding state. The succeeding state depends on

the preceding state.

Nf? The receiving output function depends on the input

elements and corresponding subsequent changes of states.

Each state can mainly be predictable as a distinct dis-

pensation unit whose legitimacy is exclusively reliant on

the collected input data from diverse IoT devices. The

receiving outputs from several states are kept in the cen-

tralized cloud platform. It may comprise non-susceptible

data also.

3.3.2 Interrelationship of SDISA components The

complete mathematical model of the SDISA based

components are explained as follows:

(i) Set of states (‘S’) The assumed inputs and receiving

outputs from the distinct states of SDISA are

recognized. The various in-between states processing

is reliant on the accepted inputs and outputs returned.

(ii) The input/ output sets (‘R’/ ‘R’) The given input

alphabet set R is the grouping of all those elements

which are considered as input to the projected model

at successive states. Therefore, it can be observed

that R= {y | y is an alphabet considered as given input

to the different states of the SDISA}

215 of 24 Sådhanå (2021) 46:215

The component of R is the diverse types of susceptible

data in (either in the form of static or dynamic) the form of

matrices of order i 9 j 9 kThe element of R is matrices of order i 9 j 9 k.

X¼ fYj Yi�j�k is a matrix order of i� j� kg

Let P e R,

) P19191 is the easiest element in R, which is a real

number. If P e R then [P]=Pl;m;n = p(l, m, n) 8l;m; ne{Z?�0}. Here Pl;m;n is an element of the matrix where ’P’

belongs to the lth row, mth column, and nth layer. The fol-

lowing conditions are true for element ‘p’.

• 0\ pl;m;n• p e Z?

R is the output alphabet set of all the elements received

as output after processing of various states of SDISA. The

following can be valid for R

R ¼ fY jYi�j�k is a three - dimensional matrixg

if P eR, then the elements of matrix P can be denoted as

pi9j9k. Matrix P can be denoted as [P]

) P½ � ¼ pi�j�k 8i; j; k 2 fZþ � 0g:

where i, j, k represents a row, column, and plane

respectively.

The simplest element of R will be P1�1�1 which is a

single element of {Z?-0}.

3.3.3 The state transition function (Mf) In the state

transition function of SDISA, the flow control occurs in

between diverse states. It is observed that input flow from

one state to another state is obligatory and output is reliant

on the changes of different states due to interrelated

processing activities. The state transition function ’Mf ’can

be denoted by Eq. (2) as follows:

Mf :X�

�S ! S ð2Þ

In Eq. (2),P�

is the set of all processes produced by the

essentials of R.

3.3.4 The output function (Nf ) This function displays

the output attained from each state. The output function ’Nf’

denoted and explained by the following Eq. (3)

Nf :X�

�S ! R� ð3Þ

In Eq. (3) R* is the set of all processes received by the

elements of ‘R’

The processing tasks carried out in this model are iso-

lated into various algorithms where each of the algorithms

can be signified by the states of SDISA. The true values for

every tuple of the above-mentioned equations Eqs. (1) to

(3) can be represented by Eq. (4) as follows:

S ¼ s0;s1;s2;s3

� �X

¼ PED;PRD; SSD;DSD

� �

R ¼ PED;PRD; SSD;DSD

� �

Mf : S�� ! S and Nf : S�� ! R

ð4Þ

In Eq. (4) PED is the personal data of a patient and PRD is

the private data obtained from the personal data through the

data extraction process. SSD is the static susceptible data

and DSD is the dynamic susceptible data. Through the

SDISA all the data are interconnected and linked with the

system. The whole system can send and accept information

from each other and these can be kept in the cloud for

further processing.

Now, if ‘p’ eP2

and ‘s’e S then Mf (s, p) authorizes the

dispensation accomplished on ‘p’ eP2

at states e S. Here,

’s’ is representing an algorithm. Primarily Mf maps an

algorithm and an output in the symbol ofP2

which is

apparent to be executed. Likewise, the output function ’R’

links input and an algorithm to accept output. In this way,

each module of SDISA is interlinked with each other and

associated with the cloud-IoT-based system architecture.

3.4 Architecture of the proposed model

In this section, the authors have explained the four-layer

mobile healthcare architecture system. The architecture

supports collaborative and distributive data management

along with three major criteria. First, data transfer and

accessing will be more optimized for localized data.

Distributive and direct data processing at any stage of the

healthcare system provides low response time and the

workload between different nodes will be minimal. The

overall interfaces should be designed in such a way that

user-level experiences at the time of registering and

accessing the system are satisfactorily improved. The

architecture can be extended to manage healthcare data for

users fit in different healthcare services, e.g., private clinics

and government hospitals. The primary objective of the

proposed healthcare system is to collaborate with the dif-

ferent network entities for better data management. More

detailed architecture with the network entities is given as

follows.

3.4.1 User layer: The mobile healthcare system

provides various application software and a huge amount

of data is generated at the time of providing services to

different users. Users are also using different healthcare

service providers in their systems. The major purpose of

this layer is to collect healthcare data from different

heterogeneous wearable devices (e.g., smart gloves, smart

Sådhanå (2021) 46:215 of 24 215

wriest devices) and sent it to the clinics, hospitals, and

any medical institution by authorized medical

professionals. These EMRs (Electronic Medical Records)

are stored in the respective institutions for immediate

treatment of critically ill patients. The data is further

uploaded to the central cloud system by the authorized

person so that it can be accessed from anywhere with a

valid identity. The healthcare data must be passed through

the secure data transmission medium with proper identity

authentication techniques. It is observed that data

accessing is prevented on time due to different attacks

in the system. The paper mainly focuses on the security

re-assurance of susceptible data while transferring through

the m-healthcare internetworking system architecture.

3.4.2 Faceless interaction layer: This layer is one of

the most important components of the m-healthcare system.

The layer supports accessing of data and responds to

patient’s requests through several channels irrespective of

the device or location. It provides necessary data to the

healthcare professionals that meet their needs. Patients can

get an improved experience with a self-service option to

access healthcare records by a simple interaction medium

in real-time. The entire communication between patients

and medical professionals is done through a multi-channel

integration networking system.

3.4.3 Application layer: The application layer controls

a large amount of healthcare data in a collaborative way

among the different network edges. This process is

beneficial for managing workloads among the different

nodes in the system. The application layer is useful to

reduce delay at the time of processing a bulk amount of

healthcare data. The fundamental functionalities of this

layer are given as follows.

3.4.3.a User registration The registration to the m-health

system is done in this layer. Users can register themselves

with valid identities. After the successful registration trus-

ted authority of the healthcare system will provide the

public/private key pair and digital signatures to them.

Thereafter users can access information from the remote

cloud system.

3.4.3.b Data storage The application layer stores raw

heterogeneous healthcare data in an encrypted format. The

past information related to data processing, storing, and

accessing is recorded in an ordered fashion. This process

will effectively reduce the information searching time from

the massive amount of data. The system also ensures to find

the leakage of information that happened due to security

attacks.

3.4.3.c Data processing and analysis of m-healthcaredata: Processing raw healthcare data is the most important

task after successful storing of data. Different formats of

data are stored in the healthcare domain. So, robust, com-

plex approaches related to cleaning, reduction, integrated

and normalized approaches are implemented. The appli-

cation layer also supports of non-revealing of susceptible

data to unauthorized users.

The healthcare service providers can process a large

amount of healthcare data dynamically. They support real-

time as well as the offline mode of processing based on

different scenarios. Data processing is done quickly for a

patient admitted to a critical care unit. The summarized

data analysis report is sent directly to the medical profes-

sionals for low latency response. Apart from the services

given to the critical care unit patient, the medical recom-

mendation to the patients and off-line analysis of data is the

important functionality of this layer.

3.4.4 Central layer: The central layer works as a top

security manager and is held responsible for the security

protection of different components of the m-healthcare

system. The entire data management operation is performed

in this layer. This layer stores and accesses all user-specific

information with its highest priority. The mapping

relationship among the different user’s data is also stored

in this layer. The central layer employs a global database to

maintain and update a large amount of healthcare

information. The major functionality of this layer is to

provide access control to the user based on the identity

authorization technique. Revocation of access control

operation is performed in special cases, e.g. if a user is

found doing malicious activity in the system and the

security of the system is compromised.

3.5 Data accessing technique

Mobile healthcare data is very susceptible data and it can be

static or dynamic. Whenever data is being accessed from

the inter/intra network then it will be validated by the

proposed algorithm. Decision tables are designed to iden-

tify the legitimate request and it is explained in section 5 of

the paper. The algorithms and the decision tables designed

in the paper indicate that only legitimate requests can

access susceptible data. Otherwise, data will be discarded

and saved the information in the database for further quick

identification of the request (figures 3, 4).

Figure 5 represents the architecture of the mobile

healthcare system. The function of the system solely

depends on the four layers. The layers are connected and

linked with the whole system also. The performance of

mobile healthcare is dependent on various factors like

repeated requests of the same data or increasing number

of spam emails etc. This ultimately slows down the

network. As a result, susceptible data accessing is halted

and request validation is stopped. The entire architecture

works in a decentralized environment. So, data accessing

and data storage issues are optimally handled as com-

pared to resource constraint IoT devices.

215 of 24 Sådhanå (2021) 46:215

4. Security re-assurance over susceptible data

Currently susceptible data safety in a cloud-IoT computing

environment is the main inspiring research area. Threats/

requests can be initiated from the inside of the system or

they can originate from outside of the network. In both

cases, the security over susceptible data is in danger.

Seepage of data (e.g., credit card dealings) can generate

enormous financial loss as well as delivers a vast impres-

sion on the client’s mindset [45, 46]. In this proposed

research article, the authors have recognized diverse types

of requests over susceptible data to curtail the security

problems and examine them. For the recognition of dis-

similar cases initiation of requests is very significant. The

request may be originated from the identical network where

the susceptible data is extant. It can be initiated from a

dissimilar network. In this research article, the authors have

presented four different cases to analyze the problem.

Based on identified cases the authors have provided

approvals to access susceptible data by a legitimate request.

Diverse parameters are set to investigate the authorization

issues which eventually diminish the security gaps over

susceptible data.

The authors have explicated the security re-assurance

over susceptible data based on the parameters which are

attained from the expert/intelligent network architecture.

An expert/intelligent network arrangement is an entirely

automated system where no human involvement is

needed to choose the parameters for the safety of the

network. This arrangement supports controlling the net-

work and this leads to protect the susceptible data from

illegal access. The definite parameters are utilized to

detect the suspicious IP addresses and the equivalent

data is preserved in a database system. Therefore, sub-

sequent time whenever a request is initiated to access

the susceptible data then it will be inevitably authenti-

cated by the database system, and the reply is forwarded

to the distributed network system. The positive reply

will reject the request instantaneously. This procedure

will support averting supplementary attacks from these

distrusted IP addresses. If the reply is negative, then the

demand will be confirmed based on intelligent network

constraints. For the efficacious endorsement of the

demand, it will be able to access the susceptible data.

This complete process doesn’t involve human commu-

nication. Henceforth, authentication of requests and

movement of data inside the network system is less

time-consuming and effective. The permission-based

security re-assurance analysis over susceptible data is

explicated below.

{

"Patient": {

"PatientRegNo": "JH3924534",

"InitialInfo": {

"LastName": "Banerjee",

"FirstName": "Ujjal",

"Middle": "kumar",

"YearofBirth": "2002/05/17",

"Sex": "male",

“Height”: “5.2”,

“Weight”: “85”,

"ContactInfo": ["Phone": "9855555555","Email": "[email protected]"]

},

"IntakeCriteria": {

"DmDxDate": "2005/03/20",

"InitialHgbA1c": "6.5",

"CoMorbid": [ "Hypertension", "CAD”]

},

"Labs": {

"LDLCholestrol": {

"LDLLevel": "122.5",

"LDLResultDate": "2012/07/20"

},

"SerumCreatinine": {

"CreatinineLevel": "1.4",

"CreatinineResultDate": "20/07/20"

}

},

"MedicalInstitute": {

"InstituteName": "North Calcutta Polyclinic ",

"InstituteEmail": [email protected],

“PinCode”: 700055

}

}

Figure 3. Jason file format of patient information.

Sådhanå (2021) 46:215 of 24 215

4.1 Demand is accessing stationary susceptibledata from local network (Case 1)

The demand is approaching from the network where sus-

ceptible data is extant. The network manager will preserve

the database internet protocol addresses from which any

damage or threat occurred already inside the network.

These are termed suspicious IP addresses. No demand is

acknowledged from these suspicious addresses. The

approval of demand is also a very significant consideration.

No demand is acknowledged to access susceptible data

without proper permission. The local request authentication

is done internally by the network manager. If the authen-

tication is successful, then the demand can access suscep-

tible data. Accessing susceptible data is a time-bound

process. Access rights will be revoked beyond the time

limit. The restrictions considered for the security re-assur-

ance over Case 1 are specified below.

P1: Request is approaching from the unauthenticated IP

address

P2: Request has any negative impact on the current

network.

P3: Request tries to access any susceptible data without

authorization

P4: Request tries to access data beyond its allotted time

P5: Request is related to any unauthorized entity for

damaging the network.

4.2 Demand is accessing stationary susceptibledata over the global network (Case 2)

The demand is initiated from a network where susceptible

data is not extant. In that situation, this will be very tough

for the network manager to authenticate the request

locally. The network manager will gather information

from adjacent networks to receive the suspicious IP

information. After receiving the information network

manager will consider the significance of the request. If

susceptible data is busy handling local requests till that

period global requests will not be entertained. The

importance of local demand is higher concerning global

requests for accessing susceptible data. After the valida-

tion of the whole history of the demand access write can

be provided over susceptible data. Accessing data is

restricted by a certain time limit. Access permission will

be withdrawn for the excess time limit. The network

manager will retain a close sight of the susceptible data.

Any anomalous state generates owing to accessing of data,

then access permission is revoked and the internet proto-

col addresses will be deposited in the suspicious database.

The restrictions considered for security re-assurance over

Case 2 are given below.

P1: Request is coming from the suspicious IP address

P2: Request has any negative impact on the adjacent

networks

Algorithm 2: Identification of Susceptible data from private data

Let a process p(x), its initial pass p'(x), and initial

estimation to the susceptible score ('ss') represented

by 'x'. The process considers a very small threshold

value ' highest number of passes are

restricted to 'N'. The susceptible data schema is

represented by . ‘q’ is denoted by the quasi-

identifier technique. The threshold value can be

defined as a checkpoint that halts the repetitive

process at a static point. The threshold value is

computed based on susceptible data attributes schemas by traversing through various passes. The

researchers have considered healthcare data which

may comprise of several schema attributes and have a

definite process to extract the susceptibility score for

each of them. As per the proposed Algorithm 2, the

process requires several passes to produce the

susceptibility score. The parallel data processing

technique is considered in the proposed scheme as

the serial data processing needs a longer time to

process a single data attribute. The researchers

consider a threshold value and the output of the two

passes are compared using the parallel processing

technique. As soon as the threshold value is attained

the next schema attribute processing will be initiated.

Input: A set of private data is passed in the process

Output: Schema of Susceptible data is generated

1 Algorithm Generation_Susceptible _Schema

_From _Private Data (Sets of Private Data)

2 {

3 i=1;

4 for each attribute Ai Rs

5 xAi=1 //sensitivity score

6 if p'(xi) < q(Ai)

7 {then go to step 11;}

8 else

9 {go to step 16 ;}

10 xi+1= xi -p(xi)/p'(xi);

11 if |xi+1 -xi|<12 Axi= Axi+1;

13 i=i+1;

14 if i ≤ N

15 {then go to step 6;}

16 else

17 {go to step 18;}

18 for each attribute Ai Rs

19 if xAi ≥ 5

20 Add Ai to ;

21 }// end of Algorithm 2

Figure 4. Identification of Susceptible data from private data.

215 of 24 Sådhanå (2021) 46:215

P3: Request has any previous history for accessing any

susceptible data of the current network.


without any request for extension of time


damaging the network

4.3 Demand is accessing locally movingsusceptible data through local network (Case 3)

The initiation of demand and susceptible data are in the

identical network, but data is not stationary. This will travel

between different nodes inside the network only. The

location of the susceptible data is not static. The network

Figure 5. The architecture of the proposed model.

Sådhanå (2021) 46:215 of 24 215

manager will authenticate the status of the demand by

inspecting the suspicious IP records. The admittance right

of the node where susceptible data is kept at a specific point

of the period is also considered. The node may be engaged

with internal network activities, then the demand cannot be

acknowledged. If the demand is authentic by the network

manager, then it can be placed into the queue. During the

movement of data, the demand cannot be granted. While

the node is free from its internal actions then admittance

writes of the data for that specific node will be granted. If

the admittance right is confirmed appropriately then the

demand can be able to get the data for a fixed time.

Admittance rights will be revoked for the spare time limit.

The constraints considered for security re-assurance over

case 3 are specified below.

P1: Request is approaching from the suspicious IP

address to access moving susceptible data

P2: Susceptible data is busy with its internal activities

P3: Access right of the susceptible data for a particular

node


without any request for the extension of time



4.4 Demand is accessing globally movingsusceptible data through the global network (Case4)

The demand initiates to access non-stationary susceptible

data from a dissimilar networking system. The position of

susceptible data is not fixed. It can travel between inter-

connected network architecture. Each time demand is try-

ing to contact susceptible data then it is the whole

obligation of the network manager to detect the location of

the data. As the networking systems are linked with each

other so they can simply forward their suspicious IP address

information. Consequently, the network manager will

modify the IP record. The global demand is not highly

significant concerning the local demand. So, if the data is

engaged in handling local demands till time no external

demand will be granted. Till that time demand must be kept

inside the queue. If the data is not engaged in any internal

processing, then access right for that data may be granted.

Identical data can have various access privileges based on

network architecture. Thus, the admittance write of the

node will be different as per the movement of data between

internetworking systems. After fruitful authentication by

the network manager demand can be permissible to access

data with a specified period. Access rights may be with-

drawn based on an excess time limit. The parameters

acknowledged for security re-assurance over Case 4 are

specified below.

P1: Request is coming from the suspicious IP address

P2: Susceptible data is busy with its internal activities

P3: Access right of the Susceptible data for a particular

node


without any request for the extension of time



5. Analysis of outcomes and thoughts

The initial part of this section elucidates the study of the

susceptible data identification algorithms and compares

them with the prevailing algorithms. The next part signifies

the analysis of the security re-assurance over susceptible

data with the support of decision tables and graphical

illustration.

5.1 Investigation of the susceptible datarecognition algorithm

The objective of the algorithm is to classify the susceptible

data from the set of private data. The authors have con-

sidered patient health information attributes previously

explicated in section 3.2. Patient Name (First name, Last

Name) is the sharable data set. The credit card number of a

patient is his private data. Domain expert provides the

susceptible data attributes for a definite purpose. The

schema or the attributes do not match straight away with

the information given by the domain expert.

In India mostly, three categories of medical treatments

are offered i.e., Allopathic medicine, Homeopathic

medicine, and Ayurvedic medicine. The patient medical

data must be restricted within these three segments. The

specific attribute is saved in different databases along

with non-identical names. Finding a definite attribute

among diverse heterogeneous records/files is a major

problem [47]. The domain expert will provide some

‘‘attribute/comment’’ through which the identification of

data can be originated. The anticipated Algorithm 2 of

figure 4 is used to extract the identical attribute/com-

ment from the large dataset. As an example, the

recognition of gender information in the healthcare

domain is not a very easy process. Different databases

will save information as sex, Lingo, etc. The projected

algorithm will explore the identical attributes from the

heterogeneous databases. It is noticed that medical spe-

cialists used to write various coded symbols in their

prescriptions. As an example, 26S/42N/0.5m. The con-

notation of the symbol is 26 years female, 42years male,

and � year child. This category of information is

mostly ambiguous to a person not associated with the

medical profession [48]. So, domain experts will specify

a few comments/attributes to recognize this symbol from

diverse databases. Algorithm 2 of figure 4 matches the

alike code efficiently.

215 of 24 Sådhanå (2021) 46:215

The susceptible value of the attributes is also considered

in the projected algorithm. Domain expert stipulates the

susceptibility score with a valid range. The proposed

algorithm checks the range and if the value is within the

susceptibility score then it will be added to a distinct list of

the susceptible attributes.

5.2 Evaluation of the projected susceptibilityalgorithm with the existing algorithm

At present, susceptible data recognition is a flourishing

research area. Various researchers from different domains

are continuing their research to explore a new dimension in

this field. The researchers have acknowledged diverse

constraints to clarify and rationalize their algorithm. In the

research paper, the authors have observed few parameters

from the existing papers like perception technique, De-

identifying methodology, basic practice, working model,

and extent of data set.

The identifying technique designates the category of

data. The data may not be always susceptible. The process

helps to extract the susceptible and non-susceptible data

individually. De-identifying of data is useful to maintain

the privacy of the susceptible data. The different data de-

identifying techniques include probabilistic de-identifica-

tion or screening using random sampling. Generalization

and substitution methodologies are used to ease the data

segregation process. The identification algorithm is fully

reliant on diverse computing rules. Rules can be framed

using the optimization algorithm technique which necessi-

tates several scans of the table. As per the architecture of

the distributed system, heterogeneous datasets are placed in

different locations. Accordingly, several scanning of

tables with the probabilistic method is apparent. The pre-

vailing algorithms primarily focus on the generic domain.

The working methodologies of the existing algorithms do

not show any optimal output for the change of execution

domain. Few of the prevailing algorithms execute in large

datasets but most of them are not able to provide an opti-

mized solution in this regard.

The authors have acknowledged susceptibility scores,

and a value of those scores is specified by the domain

expert. Attributes are screening from various sources and

the identical attributes specified by the domain experts

are recovered. If the attribute is within the scope of

susceptible score explicated by the domain experts, then

it can be considered as a susceptible attribute. This

anticipated Algorithm 2 of figure 4 cannot be restricted

to sole attributes and it may be executed well for unclean

data also. As the proposed algorithm filters data from

diverse sources, so cleaning is not feasible always. The

designing of Algorithms 1 & 2 has been experimented

with in the healthcare domain and approximations of

identical attributes retrieval are satisfactory. The proposed

algorithm’s execution works fine in the huge data set and

filtration of susceptible data is optimized. Table 2 anal-

yses the comparative study of the prevailing algorithms

with the proposed algorithm.

5.3 Analysis of security re-assuranceof susceptible data

Section 4 entirely depicts the diverse cases for security re-

assurance over susceptible data. The following section

designs the decision tables for each of the cases and based

on that network manager can simply validate the legitimacy

of the demand. The decision tables corresponding to the

algorithms are explained below.

5.3.1 Decision table for accessing stationarysusceptible data from the local networ In the first

case, the demand is arriving from the identical network

where the susceptible data is kept. The network manager

cannot directly permit the demand to access the susceptible

data till the demand is found to be genuine. The network

manager will set few parameters in the decision table to

validate the status of the demand (figures 6, 7, 8, 9). The

whole decision table is specified in Table 3. Figure 10

signifies a whole network where susceptible data is kept in

the server. Susceptible data is stationary. The system

arrangement linked to the local area network (LAN-2) is

providing a demand to access the secured data. The demand

cannot be approved promptly. This must be authorized

based on figure 6 of Algorithm 3 and table 3. If the

authentication is successful, then the demand will be

approved to access the data. Otherwise, it will be excluded,

and the demanded internet protocol address will be

transferred to the suspicious IP record file.

5.3.2 Decision table for accessing stationarysusceptible data from the global network The

demand and susceptible data are positioned in dissimilar

networks. The status of the demand is entirely unknown to

the network manager. Therefore, the network manager will

not directly permit the demand to get into the system. The

manager will validate the status of the demand from the

proposed decision table. The whole decision table along

with the parameters is explained in table 4.

Figure 11 illustrates a comprehensive network where

susceptible data is kept in the server. Susceptible data is

stationary. The server is linked to a local area network

(LAN-1). The demand is approaching from a different

network to access the susceptible data. The demand cannot

be approved instantaneously. This will be authenticated

based on figure 7 of Algorithm 4 and table 4. If the vali-

dation result is positive, then demand will be approved to

access the data. Else, it will be disallowed, and the

demanded IP information will be transferred to the suspi-

cious IP record file.

Sådhanå (2021) 46:215 of 24 215

Table

2.

Rel

ativ

ein

ves

tig

atio

no

fth

ep

roje

cted

sen

siti

vit

yd

ata

iden

tifi

cati

on

alg

ori

thm

wit

ho

ther

pre

vai

lin

gal

go

rith

ms.

Sn

o.

Au

tho

rsP

erce

pti

on

tech

niq

ue

De-

iden

tify

ing

met

ho

do

log

yT

he

exte

nt

of

dat

ase

tS

usc

epti

ble

sco

re

Wo

rkin

g

mo

del

Bas

icp

ract

ice

1

Heet

al

[49]

Su

scep

tib

leIn

form

atio

nN

on

eN

ot

Est

abli

shed

No

tE

stab

lish

edG

ener

ic

Pro

bab

ilis

tic

2

Lo

dha

and

Mis

hra

[50

,5

1]

Qu

asi

Iden

tifi

ers

Pro

bab

ilis

tic

gen

eral

izat

ion

and

det

ecti

on

No

tE

stab

lish

ed

No

tE

stab

lish

edG

ener

ic

Sem

anti

cm

od

elin

gap

pro

ach

3

Zh

ou

[52]

Qu

asi

Iden

tifi

ers

Ran

do

msa

mpli

ng

app

roac

hes

Est

abli

shed

Est

abli

shed

Gen

eric

Pro

bab

ilis

tic

4

Om

er[5

3]

No

min

alse

to

fat

trib

ute

s

that

reco

gn

ize

max

imu

mre

cord

s

Su

bst

itu

tio

nm

eth

odo

log

yE

stab

lish

ed

No

tE

stab

lish

edG

ener

ic

Heu

rist

icte

chniq

ue

5

Mo

ham

med

[54]

No

tsu

gges

ted

Dis

trib

ute

d

ano

nym

izat

ion

No

tE

stab

lish

ed

Est

abli

shed

Hea

lthca

re

Ran

do

mS

amp

ling

6

Alu

mu

lla

and

Bea

k

[55

,5

6]

Qu

asi

iden

tifi

ers

tech

niq

ue

Pri

vac

yp

rese

rvat

ion

mo

del

No

tE

stab

lish

ed

No

tes

tab

lish

edG

ener

ic

Gre

edy

app

roac

hfo

rb

ette

r

op

tim

izat

ion

7

Bra

ker

ski

[57]

and

Ray

etal

.[5

8]

No

tsu

gges

ted

Dis

trib

ute

d

ano

nym

izat

ion

tech

niq

ue

No

tE

stab

lish

ed

Est

abli

shed

Hea

lthca

re

Dec

om

po

siti

on

&ra

nd

om

sam

pli

ng

8

Pro

po

sed

alg

ori

thm

Su

scep

tib

led

ata

iden

tifi

cati

on

Dis

trib

ute

d

ano

nym

izat

ion

tech

niq

ue

Est

abli

shed

inth

eh

ug

e

dat

ase

t(t

hro

ug

h

hea

lth

care

dat

a)

Est

abli

shed

ina

larg

edat

aset

Hea

lthca

re

Pro

bab

ilis

tic

and

var

iou

s

scan

nin

gth

roug

hth

e

het

ero

gen

eou

sd

ata

set

215 of 24 Sådhanå (2021) 46:215

Algorithm 4: Algorithm for accessing stationary susceptible data from the global network

Inputs: Parameters passed; Output: Decision for

accessing the susceptible data

1 Algorithm Access_Satic_Susceptible_Data_Global_Net

(P1, P2, P3, P4, P5)

2 {

3 if ((P1==true) && (P5==true))

4 {printf (“Denial of service”);}

5 else if

6 ((P2==true) && (P5==true))

7 {printf (“Block the IP for sending

request”);}

8 else if

9 ((P2==true) && (P3==true))

10 {printf (“Report to network admin”);}

11 else if

12 ((P3==true) && (P4==true)

13 {printf (“Wait for the approval of access”);}

14 else

15 {printf (“Permitted to access”);}

16 } // end of Algorithm 4

Figure 7. Access to static susceptible data from the global

network.

Algorithm 5: Algorithm for accessing moving susceptible data from the local network

Inputs: Parameters passed; Output: Decision of

accessing the Susceptible data

1 Algorithm

Access_Moving_Susceptible_Data_Local_Net

(P1, P2, P3, P4, P5)

2 {

3 if ((P1==true) && (P5==true))


5 else if

6 ((P2==true) && (P5==true))

7 {printf (“Block the IP for sending request”);}

8 else if

9 ((P2==true) && (P3==true))


11 else if

12 ((P3==true) && (P4==true)


14 else



Figure 8. Access to moving Susceptible data from the local

network.

Algorithm 6: Algorithm for accessing moving susceptible data from the global network

Inputs: Parameters passed; Output: Decision of

accessing the susceptible data

1 Algorithm

Access_Moving_Susceptible_Data_Global_Net

(P1, P2, P3, P4, P5)

2 {

3 if ((P1==true) && (P5==true))


5 else if

6 ((P2==true) && (P5==true))


8 else if

9 ((P2==true) && (P3==true))


11 else if

12 ((P3==true) && (P4==true)


14 else



Figure 9. Access to moving Susceptible data from the global

network.

Algorithm 3: Algorithm for accessing stationary susceptible data from the local network

Inputs: Parameters passed; Output: Decision for

accessing the static susceptible data

1 Algorithm

Access_Satic_Susceptible_Data_Local_Net(P1, P2,

P3, P4, P5)

2 {

3 if ((P1==true) && (P2==true))

4 {printf (“Denial of Service for the request”);}

5 else if

6 ((P2==true) && (P5==true))


8 else if

9 ((P2==true) && (P3==true))

10 {printf (“Report to the network admin”);}

11 else if

12 ((P3==true) && (P4==true))


14 else

15 {printf (“permitted to access”);}


Figure 6. Access to static susceptible data from the local

network.

Sådhanå (2021) 46:215 of 24 215

5.3.3 Decision table for accessing moving susceptibledata from the local network The susceptible data is not

always stationary. It can travel between different nodes in

the intra network system. The network manager will set the

system parameters to design the decision table. The demand

will be validated through the decision table and only

authorized requests will be allowed to access the

susceptible data. The final decision table with the

restrictions is explicated in table 5.

Figure12 depicts the whole system illustration where

susceptible data is not stationary. It is traveling inside the

intra network system. The demand is willing to get the

susceptible data from the identical network. The demand

cannot be approved immediately. This will be considered

based on the proposed rules outlined in figure 8 of Algo-

rithm 5 and the equivalent table 5. Successful validation of

requests will be entertained to access the susceptible data.

5.3.4 Decision table for globally moving susceptibledata from the global network The movement of

susceptible data cannot be limited to an intra network

only. It can travel to internetwork adjacent to the host

network. Demand can also be initiated from the different

networks where susceptible data is not located. So, the

network manager will not approve the demand

instantaneously. The demand will be authorized based on

figure 8 of Algorithm 6 and table 6. If the authentication is

efficacious then demand will be allowed to access the

Table 3. Request is accessing stationary susceptible data from the local network.

S. no Parameter name Action status(Y/N) Y: allow N: Deny

1. The request is coming from the unauthenticated IP address Y N Y N

2. The request has a negative impact on the current network. Y Y Y N

3. The request tries to access any Susceptible data without authorization N N Y Y

4. The request tries to access data beyond its allotted time N N N Y

5. The request is related to any unauthorized entity for damaging the

network

N Y N N

ACTION statements

1 Denial of Service Y N N N

2 Report to the Network admin N N Y N

3 Wait for approval of access N N N Y

4 Block the IP for sending the request N Y N N

Figure 10. Request to access static susceptible data from the local network.

215 of 24 Sådhanå (2021) 46:215

susceptible data. The whole decision table along with the

network constraints is described in table 6.

5.3.5 Decision table for globally moving susceptibledata from the global network The movement of

susceptible data cannot be limited to an intra network

only. It can travel to internetwork adjacent to the host

network. Demand can also be initiated from the different

networks where susceptible data is not located. So, the

network manager will not approve the demand

instantaneously. The demand will be authorized based on

figure 8 of Algorithm 6 and table 6. If the authentication is

efficacious then demand will be allowed to access the

susceptible data. The whole decision table along with the

network constraints is described in table 6.

Figure 13 visibly depicts the whole illustration where

susceptible data is not stationary. It is traveling between

different networking systems. The demand is initiated from

the network where susceptible data is not located. The

demand cannot be approved promptly. This will be vali-

dated based on figure 9 of Algorithm 6 and table 6. The

successful validation of the demand can access the sus-

ceptible data.

5.4 Execution environment

The projected algorithms of security re-assurance over

susceptible data have been executed in the Cloud simula-

tion software. Cloud simulation software is used to provide

Table 4. Request is accessing static susceptible data through a global network.

S. no Parameter name Action status (Y/N) Y: allow N: Deny

1. The request is coming from the suspicious IP address Y N N N

2. The request has a negative impact on the adjacent networks. N Y Y N

3. The request has any previous history for accessing any Susceptible

data of the current network.

N N Y Y

4. The request tries to access data beyond its allotted time without any

request for an extension of time

N N N Y


network

Y Y N N

ACTION statements





Figure 11. Request to access static susceptible data from outside of the network.

Sådhanå (2021) 46:215 of 24 215

test services in a repeatable and controllable environment.

Here the researchers have utilized the 105 VM (virtual

machine) and each VM memory is 1024 KB in the dual-

core machine. Six cloudlets used to run with six different

parameters and four different data sets/sources are being

considered for the execution environment. The entire

physical memory of the Celeron machine (with CPU Clock

Speed 1.2-2.8 GHz) is applied to load the cloud simulator

environment. The individual pass-run key is limited to 100,

200, and 300.

5.5 Implementation level study for stationarysusceptible data

In the preceding sections, tables 3 and 4 are representing

the rule to access stationary susceptible data based on the

local and global demand. After merging both the tables and

exclusive of the alike constraints the authors used to obtain

the subsequent parameters:

P1: Request is approaching from unauthenticated suspi-

cious IP addresses

P2: Request harms the present network.

P3: Request harms the adjacent networks.

P4: Request tries to access susceptible data without

approval

P5: Request tries to access susceptible data beyond its

fixed time

P6: Request is associated with the illegal entity for

destroying the network.

When demand comes to access stationary susceptible

data, the authors have analyzed the effect of the above-

mentioned constraints. The researchers have made the

experiment through the simulators and observed the vari-

ations of the state during the individual pass. The complete

situation is represented by 2-dimensional and

Table 5. Request is accessing locally moving susceptible data through local network.

S. no. Parameter name Action status (Y/N) Y: allow N: Deny

1. The request is coming from the suspicious IP address to access

dynamic Susceptible data

Y N N N

2. Susceptible data is busy with its internal activities N Y Y N

3. Access right of the Susceptible data for a particular node N N Y Y

4. The request tries to access data beyond its allotted time without any

request for the extension of time

N N N Y


network

Y Y N N

Action statements





Figure 12. Request to access moving Susceptible data from the local network.

215 of 24 Sådhanå (2021) 46:215

3-dimensional graphical representation. In this graph, the

’x’ axis symbolizes the demand parameters and the ’y’ axis

denotes the normalized throughput. Throughput is mea-

sured by the number of demands controlled by individual

cloudlets per unit of time.

In Pass 1, P3 and P4 are having the maximum number of

successes whereas P2 is having the lowermost number of

successes. If the number of passes is augmented in pass 2,

then P1 will have a higher number of hits concerning pass

1. Here, P5 and P6 are also varying as per the deviations of

pass. Further, in pass 3 the constraints are altering and it is

detected by the authors that P2 has the lowermost number

of successes. This varying scenario of the constraints

specifies that based on the demands the defined system

delivers control of accessing illicit data. Otherwise, an

alteration in parameters would not be possible. The various

changes of parameters during Pass 1, Pass 2 and Pass 3 are

represented in figure 14 using a 2-dimensional graphic

illustration.

Figure 15 signifies the 3-dimensional graph of stationary

data demand, which displays that the constraints are vary-

ing based on deviations of passes. The demand cannot be

approved promptly. The altering states of passes with the

normalized throughput confirms that the demand is being

identified and authorized by the automated system.

Only genuine demands can access the susceptible data

and illegitimate appeal information is kept to the internal

record file of the anticipated system to avert further

occurrences.

5.6 Implementation level study of non-stationarysusceptible data

In the preceding sections, tables 5 and 6 are demonstrating

the guidelines to access moving susceptible data based on

the local and global demands. After merging both the

tables and excluding the identical constraints the authors

acknowledged values linked to the resulting parameters:

P’1: Request is approaching from a suspicious IP address

in the state where the susceptible data is moving in the

network.

P’2: Susceptible data is busy with its internal activities

P’3: Demand has any approval to access susceptible data

P’4: Access right of the susceptible data for a specific

node

P’5: Request tries to access susceptible data beyond its

allotted time

P’6: Request is related to any unauthorized entity for

damaging the current/adjacent network

When demand comes to access non-stationary suscepti-

ble data from any internetworking system, the authors have

analyzed the effect of the above-mentioned constraints. The

researchers have implemented the execution in a simulated

environment.

and with an individual pass, they have observed the

variations of states. The complete situation is described in

figures 16, and 17 using a 2-dimensional and 3-dimensional

graphical representation. Next, it was detected in Pass 1

that the constraints P’3 and P’4 acknowledged the maxi-

mum number of successes whereas parameter P’2 received

the lowermost number of successes. The constraints P’1,

P’4, and P’5 received an average number of successes. If

the quantity of passes is being augmented, then in pass 2 the

constraint P’2 received a greater number of successes in

assessment to pass 1. Further, it is noticed by the authors

that the throughput of parameter P’1 is higher in pass 2 as

compared to P’1 in pass 1. The parameters P’5 and P’6

were also varying after the alteration of the pass. Moreover,

it is detected that in pass 3 the constraints were varying

where parameter P’2 acknowledged the lowermost number

Table 6. Request is accessing globally moving susceptible data

through a global network.

S. no. Parameter name

Action status (Y/N) Y: allow

N: Deny

1.

The request is coming

from the suspicious IP

address

Y

N

N

N

2.

Susceptible data is busy

with its internal

activities

N

Y

Y

N

3.

Access right of the

Susceptible data for a

particular node

N

N

Y

Y

4.

The request tries to access

data beyond its allotted

time without any

request for the

extension of time

N

N

N

Y

5.

The request is related to

any unauthorized entity

for damaging the

network

Y

Y

N

N

Action statements

1

Denial of Service Y

N

N

N

2

Report to the Network

admin

N

N

Y

N

3

Wait for the approval of

access

N

N

N

Y

4

Block the IP for sending

the request

N

Y

N

N

Sådhanå (2021) 46:215 of 24 215

of successes in contrast to pass 2. This altering situation of

the network parameters specifies that based on demands

provided by the projected algorithms, illegitimate accessing

of data can be prevented in the distributed computing

environment. The 2-dimensional graphic illustration of

demands to access the non-stationary susceptible data is

depicted in figure 16.

Figure 17 indicates a 3-dimensional representation of

non-static susceptible data. The request parameters and the

corresponding throughputs are varying concerning the

change of passes from 100 to 300. The demands are

0

2

4

6

Pass 1 Pass 2 Pass 3

Nor

mal

ised

Th

roug

hput

Request Parameters

P1 P2 P3 P4 P5 P6

Figure 14. The 2-dimensional representation of static data

request.

Figure 15. The 3-dimensional representation of static data

request.

0

1

2

3

4

5

6

Pass 1 Pass 2 Pass 3Nor

mal

ised

Thr

ough

put

Request Parameters

P'1 P'2 P'3 P'4 P'5 P'6

Figure 16. The 2-dimensional representation of moving suscep-

tible data request.

P'1

P'4

0

2

4

6

Pass 1Pass 2

Pass 3

Requ

est P

aram

eter

s

Nor

mal

ised

Th

roug

hput

Figure 17. A 3-dimensional representation of moving data

request.

Figure 13. Request to access moving data from the global network.

215 of 24 Sådhanå (2021) 46:215

observed and validated by the network parameters set by

the automated model. The comprehensive information

about the illegitimate demands is kept to the internal

database management system of the proposed automated

model.

5.7 The case study analysis of medical healthcaresystems

The researchers have anticipated algorithms and the

equivalent decision tables to deliver security over suscep-

tible data. Patient information is exceedingly susceptible in

any medical healthcare domain. The entire medical test

information led for a patient is susceptible data and it must

not be revealed to any individual without the consensus of a

patient. The efficacy of the anticipated algorithm can be

signified with the support of a case learning where hospi-

tals, patients, and doctors are denoted by Eqs. (5), (6), and

(7).

Hospitals ¼ H1;H2; . . .. . .;HNf g ð5Þ

where Hi is representing ith hospital.

Patients ¼ P11;P12. . .Pmnf g ð6Þ

where Pij is representing ith hospital’s jith patient.

Doctors ¼ D11;D12. . .. . .Dmnf g ð7Þ

where Dij is representing ith hospital’s jth doctor.

Now, the subsequent three cases may occur for a patient

who is staying in a hospital in the town:

Case 1: The Patient Pij has visited the hospital Hi. Every

test report was led by the hospital. The test information may

be treated as susceptible data. After viewing the test data,

the specialists of the hospital Hi observed that no expert

doctor was present for this explicit disease handling at the

hospital. Therefore, the patient must be transferred to dif-

ferent hospital Hij where Hi and Hj are belonging to dis-

similar groups of hospitals. In this condition, the

susceptible data (the patient’s medical information) is to be

shifted from a different group of hospitals. The specialists

of the hospital Hi may not trust the test information directed

by Hj because the medical reports (Susceptible data) may

be altered by the invaders at hospital Hi. Therefore, the

patient’s medical tests must be done once more at the

hospital Hj which leads to an extra monetary burden and

time consuming to the seriously ill patient. The anticipated

security re-assurance over the susceptible data algorithm

confirms that no invader will be able to change the data

while moving it to a different network.

Case 2: The patient Pij has visited the hospital Hi. Every

test report was led by the hospital, but it was observed that

the expert doctors of this disease are not available. There-

fore, the specialists Hi recommended that the doctor Dij of

hospital Hi is the expert for the dealing of this treatment.

Here, the researchers are considering Hi and Hj are the

hospitals of the identical network. Thus, the patient will

move to the hospital j physically but all the test information

will be passed HiHj through the intranet working commu-

nication channel. As soon as the susceptible data is passed

within the identical network, the projected algorithms will

competently deliver whole security to avert any malprac-

tices over the susceptible data.

Case 3: The seriously ailing patient Pij visited the hos-

pital Hi. The patient was not able to take admission to the

hospital Hi because no expert doctor was free then. Here,

the authors consider that the patient’s health status is very

serious. Therefore, the patient must be under treatment

immediately. The patient is transferred to Hospital Hj

where experts are accessible, but getting appointments is

difficult due to the busy schedule of the doctors. Now the

family members of the patient explore the specialists nearer

to his location. Next, the patient will take admission to the

hospital, and detail medical reports are given to the spe-

cialists. Consequently, the susceptible data is transferred

between different states/cities. There may be a possibility

of tampering with data inside the network. The projected

algorithm will bring complete security re-assurance to

deliver susceptible data to the destination safely.

5.8 Automated permission-based securityof the proposed system

The authors have designed the permission-based security

for the cases explained in the previous section (section 4).

The security system is completely automated and the exe-

cution is completely dependent on the cloudlet running in

the cloud-IoT environment. The permission is validated

automatically based on the algorithms designed and cor-

responding decision tables generated from the algorithms.

There is no concept of human intervention and response

will be done in a time-bound process. When a request tries

to access susceptible data then the system will identify the

nature of the request whether it is static or dynamic. The

origination of the request will also be considered. After

that, the request will be forwarded to the appropriate cases

it finds to be suitable. Before admitting the request to access

susceptible data it will be checked by the cloudlet to the

matching decision table. If the validation is successful then

the request will be able to access the data. Otherwise, it will

be discarded.

Now a day’s, network security attacks are very much

common in the digitized world. These attacks are con-

ducted for unauthorized access of corporate, private, or

governmental information technology assets, and to

destroy/modify/steal the susceptible data. Many servers

store critical data such as credit card numbers, usernames,

passwords, Aadhar Card information, or other personally

identified information. The attackers try to get these sus-

ceptible data using suspicious IP addresses. Whenever the

Sådhanå (2021) 46:215 of 24 215

attacker sends a request through their IP addresses the

request cannot be granted instantly. It will be checked

automatically with the suspicious IP databases internally. If

the requested IP address information is not found in the

database, then it will be checked with the parameters

designed and developed from Algorithms 3 to 6 of our

proposed model. The activation status of the request is also

validated through the decision tables (tables 3 to 6) of the

proposed model. This IP address checking and validation

model is completely automated and hence no network

administrator involvement is needed to complete the vali-

dation of the request. Thus, further attacks from the same IP

addresses can be minimized. This model is trustable be-

cause it captures the unauthenticated requests originated

from the intra network or internetwork systems.

6. Conclusions

Presently, susceptible data recognition and security re-as-

surance in a centralized cloud-based system is the prime

research area. The major challenge of susceptible data

identification and security reassurance indicates that infor-

mation is being used and shared frequently in a cloud-IoT-

based distributed computing environment. The research

work initially presumes that susceptible data needs to be

protected from intruders to validate the network model. The

authors have designed novel algorithms to identify the

susceptible data from private data set and apply security re-

assurance mechanisms in this research work. To implement

the susceptible data security, the authors have analyzed

different cases of security re-assurance techniques in cloud-

IoT-based network architecture. The novel mathematical

model combines the different components of the internet-

working system to validate the input, processing, and out-

put of the system. The decision tables corresponding to the

novel algorithms authorize the access of susceptible data by

the request originated from inter/intra network. The secu-

rity model is completely automated and no human inter-

vention is needed to identify the illegitimate request.

The researchers have well thought-out the medical

healthcare data as a base to take out the whole research.

The supplementary susceptible data like debit / credit card

and other accounting data classification must be addressed

and joined / included with the accessible system architec-

ture. Additionally, the researchers may think about the

optimization of safety declaration techniques in distributed

surroundings as the forthcoming research direction.

References

[1] Patil R, Dudeja H and Modi C 2019 Designing an efficient

security framework for detecting intrusions in a virtual

network of cloud computing. Comput. Secur. 85: 402–422

[2] Ari A A A, Ngangmo O K, Titouna C, Thiare O,

Mohamadou A and Gueroui A M 2019 Enabling privacy

and security in Cloud of Things: Architecture, applications,

security & privacy challenges. Appl. Comput. Inform.,pp. 1–23

[3] Srinivas J, Mishra D and Mukhopadhyay S 2017 A mutual

authentication framework for wireless medical sensor net-

works. J. Med. Syst 41(5): 1–19

[4] Rabaninejad R, Attari M A, Asaar M R and Aref M R 2019

Comments on a lightweight cloud auditing scheme: security

analysis and improvement. J. Netw. Comput. Appl. 139:

49–56

[5] Chanal P M and Kakkasageri M S 2020 Security and privacy

in IoT: a survey. Wirel Personal Commun 115: 1668–1693

[6] Kelarestaghi K B, HeaslipK Fessmann V, Khalilikhah M and

Fuentes A 2018 Intelligenttransportationsystemsecurity:

Hackedmessage signs. SAE Int. J. Transp. CybersecurityPrivacy 1(2): 1–16

[7] Mo Y 2019 A data security storage method for IoT under

hadoop cloud computing platform. Int J Wirel Inf Netw 26:

152–157

[8] Kumar P and Chouhan L 2021 A secure authentication

scheme for IoT application in the smart home. Peer-to-PeerNetw. Appl 14: 420–438

[9] Khan M K, Chaturvedi A, Mishra D and Kumari S 2015 On

the security enhancement of integrated electronic patient

records information systems. Comput. Sci. Inf. Syst. 12(2):

857–872

[10] Shi W and Dustdar S 2016 The promise of edge computing.

Computer 49(5): 78–81

[11] Jordi C-R, Jordi H-J and Vicenc T 2015 A summary of

k-degree anonymous methods for privacy-preserving on

networks. Adv. Res. Data Privacy (567): 231–250

[12] Fatemeh A, Nasser Y, Shakery A and Chinaei A H 2016

Hierarchical anonymization algorithms against background

knowledge attack in data releasing. Knowl.-Based Syst. 101:

71–89

[13] Xu L and Wu F 2015 Cryptanalysis and improvement of a

user authentication scheme preserving uniqueness and

anonymity for connected health care. J. Med. Syst. 39(2):

1–9

[14] Sarkar M, Banerjee S, Badr Y and Sangaiah A K 2019

Configuring a trusted cloud service model for smart city

exploration using hybrid intelligence. Int J Ambient ComputIntell 8(3): 1–21

[15] Palanisamy B and Liu L 2015 Privacy-preserving data

publishing in the cloud: a multi-level utility controlled

approach. In: Proceedings of the IEEE 8th InternationalConference on Cloud Computing, USA, pp. 130–137

[16] Jin W, Yonghui Z, Youyuan W and Xiang G 2016 RPRep: a

robust and privacy-preserving reputation management

scheme for pseudonym-enabled VANETs. Int J Distrib SensNetw 12(3): 1–15

[17] Jiang Q, Ma J, Lu X and Tian Y 2015 An efficient two-factor

user authentication scheme with unlinkability for wireless

sensor networks. Peer Peer Netw. Appl. 8(6): 1070–

1081

[18] Hossain M M, Fotouhi M and Hasan R 2015 Towards an

analysis of security issues, challenges, and open problems in

the internet of things. in Services (SERVICES). In: IEEEWorld Congress on IEEE, pp. 21–28

215 of 24 Sådhanå (2021) 46:215

[19] Dey N, Hassanien A E, Bhatt C, Ashour A S and Satapathy S

C 2018 Internet of things and big data analytics toward next-

generation intelligence Berlin: Springer, pp. 3–549

[20] Mohan A 2014 Cybersecurity for personal medical devices

internet of things. In: Distributed Computing in SensorSystems (DCOSS), IEEE International Conference on. IEEE,

pp. 372–374

[21] Yoon S, Park H and Yoo H S 2015 Security issues on smart

home in IoT environment. In: Computer Science and itsApplications. Springer, pp. 691–696

[22] Kang J, Huang X, Yu R, Zhang Y, and Gjessing S 2015

Hierarchical mobile cloud with social grouping for secure

pervasive healthcare. In: Proceedings of 17th InternationalConference E-Health Networking., Application and. Services(HealthCom), pp. 609–614

[23] Tawalbeh L A, Mehmood R, Benkhlifa E and Song H 2016

Mobile cloud computing model and big data analysis for

healthcare applications. IEEE Access 4: 6171–6180

[24] Xia Q, Sifah E B, Smahi A, Amofa S and Zhang X 2017

BBDS: Blockchain-based data sharing for electronic medical

records in cloud environments. Information 8(2): 1–16

[25] Shaikh R and Sasikumar M 2015 Data classification for

achieving security in cloud computing. Proc. Comput. Sci.45: 493–498

[26] Shuijing H 2014 Data security: the challenges of cloud

computing. In: IEEE Sixth International Conference onMeasuring Technology and Mechatronics Automation,

pp. 203–206

[27] Kumar V, Ahmad M and Kumari A 2019 A secure elliptic

curve cryptography based mutual authentication protocol for

cloud-assisted TMIS. Telematics Inform. 38: 100–117

[28] Chen D and Zhao H 2012 Data security and privacy

protection issues in cloud computing. In: IEEE InternationalConference on Computer Science and Electronics Engineer-ing, Vol. 1, pp. 647–651

[29] Cao N, Wang C, Li M, Ren K and Lou W 2014 Privacy-

preserving multi-keyword ranked search over encrypted

cloud data. IEEE Trans Parallel Distrib Syst 25(1): 222–233

[30] Lauter K, Lopez-Alt A and Naehrig M 2014 Private

computation on encrypted genomic data. Tech.Rep. MSR-

TR-2014-93, pp. 3–27

[31] Seungcheol L, Lee J, Hong S and Kim J-H 2020 Lightweight

end-to-end blockchain for IoT applications. KSII Trans.Internet Inf. Syst. 14(8): 3224–3242

[32] Xu C, Ren J, Zhang D and Zhang Y 2018 Distilling at the

edge: a local differential privacy obfuscation framework for

IoT data analytics. IEEE Commun. Mag. 56(8): 20–25

[33] Lu R, Heung K, Lashkari A H and Ghorbani A A 2017 A

lightweight privacy-preserving data aggregation scheme for

fog computing-enhanced IoT. IEEE Access 5: 3302–

3312

[34] Du M, Wang K, Liu X, Guo S and Zhang Y 2019 A

differential privacy-based query model for sustainable fog

data centers. IEEE Trans. Sustain. Comput. 4(2): 145–155

[35] Ali D, Kanhere S S, Jurdak R, Gauravaram P 2017

Blockchain for IoT security and privacy: the case study of

a smart home. In: 2017 IEEE International Conference onPervasive Computing and Communications Workshops(PerCom Workshops), pp. 618–623

[36] Mubariz R, Javaid N, Awais M, Imran M and Naseer N 2019

Cloud-based secure service providing for IoTs using

blockchain. In: IEEE Global Communications Conference(GLOBECOM), pp. 1–7

[37] Gang W, Shi Z, Nixon M and Han S 2019 Chainsplitter:

towards blockchain-based industrial IoT architecture for

supporting hierarchical storage. In: IEEE InternationalConference on Blockchain (Blockchain), pp. 166–175

[38] Gokhan S, Carminati B, Ferrari E, Sheehan J D and Ragnoli

E 2018 Hybrid-IoT: hybrid blockchain architecture for the

internet of things-pow sub-blockchains. In: 2018 IEEEInternational Conference on Internet of Things (iThings)and IEEE Green Computing and Communications (Green-Com) and IEEE Cyber, Physical and Social Computing(CPSCom), and IEEE Smart Data (SmartData),pp. 1007–1016

[39] Shen J, Shen J, Chen X, Huang X and Susilo W 2017 An

efficient public auditing protocol with novel dynamic

structure for cloud data. IEEE Trans. Inf. Forensics Secur12(10): 2402–2415

[40] Tari Z, Yi X, Premarathne U S, Bertok P and Khalil I 2015

Security and privacy in cloud computing: vision, trends, and

challenges. IEEE Cloud Comput 2(2): 30–38

[41] Singh A and Chatterjee K 2017 Cloud security issues and

challenges: a survey. J. Netw. Comput. Appl. pp. 88–115

[42] Zhou J, Lin X, Dong X and Cao Z 2015 Psmpa: patient self-

controllable and multi-level privacy-preserving cooperative

authentication in distributedm-healthcare cloud computing

system. IEEE Trans. Parallel Distrib. Syst. 26(6):

1693–1703

[43] Zhou L, Varadharajan V and Hitchens M 2013 Integrating

trust with cryptographic role-based access control for secure

cloud data storage. In Trust, Security and Privacy inComputing and Communications (TrustCom), 2013 12thIEEE International Conference on, pp. 560–569

[44] Sendor J, Lehmann Y, Serme G and Santana de Oliveira A

2014 Platform level support for authorization in cloud

services with oauth 2. In: Proceedings of the IEEE Interna-tional Conference on Cloud Engineering, IC2E, (Washing-ton, DC, USA), pp. 458–465

[45] Elhabob R, Zhao Y, Sella I and Xiong H 2019 An efficient

certificateless public key cryptography with authorized

equality test in IIoT. J. Ambient Intell. Humaniz. Comput.pp. 1–19

[46] Xu P, Jin H, Wu Q and Wang W 2012 Public-key encryption

with fuzzy keyword search: a provably secure scheme under

keyword guessing attack. IEEE Trans. Comput. 62(11):

2266–2277

[47] Wang Y, Hassan A, Duan X and Zhang X 2019 An efficient

multiple-user location-based query authentication approach

for social networking. J. Inform. Secur. Appl. 47: 284–294

[48] Khokhar R H, Fung B C, Iqbal F, Alhadidi D and Bentahar J

2016 Privacy-preserving data mashup model for trading

person-specific information. Electron. Commerce Res. Appl17: 19–37

[49] He D, Zeadally S, Xu B and Huang X 2015 An efficient

identity-based conditional privacy-preserving authentication

scheme for vehicular ad hoc networks. IEEE Trans. Inf.Forensics Secur. 10(12): 2681–2691

[50] Lodha S and Thomas D 2007 Probabilistic anonymity. In:

Privacy, Security, and Trust in KDD, First ACM SIGKDDInternational Workshop, PinKDD, San Jose, CA, USA,

pp. 56–79

Sådhanå (2021) 46:215 of 24 215

[51] Mishra K N (2018) A novel mechanism for cloud data

management in distributed environment. In: Data-IntensiveComputing Applications for Big Data, pp. 267–291

[52] Zhou J, Cao Z, Dong X, Xiong N and Vasilakos A V 2015 A

secure and privacy-preserving key management scheme for

cloud-assisted wireless body area network in m-healthcare

social networks. Inf Sci 314: 255–276

[53] Omer A M and Mohamad M M B 2016 Simple and effective

method for selecting quasi-identifier. J Theor Appl InfTechnol 89(2): 512–517

[54] Mohammed N, Fung B C M, Hung P C K and Lee C 2010

Centralized and distributed anonymization for high-dimen-

sional healthcare data. ACM Trans. Knowl. Discovery Data4(4): 1–33

[55] Almulla S and Chon Y-Y 2010 Cloud computing security

management. In: 2nd International Conference On Engi-neering Systems Management and Its Applications, pp. 1–7

[56] Baek J, Vu Q, Liu J, Huang X and Xiang Y 2014 A secure

cloud computing-based framework for big data information

management of the smart grid. In: Cloud Computing, IEEETransactions, pp. 1–12

[57] Brakerski Z, Gentry C and Vaikuntanathan V 2012 Fully

homomorphic encryption without bootstrapping. In Innova-tions in Theoretical Computer Science, pp. 309–325

[58] Ray S, Mishra K N and Dutta S 2021 Sensitive data

identification and security assurance in cloud and IoT based

networks. Int J Comput Netw Inf Secur 13: 1–25

215 of 24 Sådhanå (2021) 46:215

Susceptible data classification and security reassurance ...

Documents

Transcript of Susceptible data classification and security reassurance ...