Future Generation Computer Systems 83 (2018) 208–218

Contents lists available at ScienceDirect

Future Generation Computer Systems

journal homepage: www.elsevier.com/locate/fgcs

Fog-based storage technology to fight with cyber threat

Tian Wang a , Jiyuan Zhou a , Minzhe Huang a , MD Zakirul Alam Bhuiyan b , Anfeng Liu c ,
Wenzheng Xu d , Mande Xie e, *
a
College of Computer Science and Technology, Huaqiao University, Xiamen, Fujian, China
b
Department of Computer and Information Sciences, Fordham University, New York, NY, USA
c
School of Information Science and Engineering, Central South University, Changsha, Hunan, China
d
College of Computer Science, Sichuan University, Chengdu, Sichuan, China
e
School of Computer Science and Engineering, Zhejiang Gongshang University, Hangzhou, Zhejiang, China

article info a b s t r a c t
Article history: The recent emergence of cloud computing has drastically influenced everyone’s perception of infrastruc-
Received 11 October 2017 ture architectures, data transmission and other aspects. With the advent of both mobile networks and
Received in revised form 18 November cloud computing, the computationally-intensive services are moving to the cloud, and the end user’s
2017
mobile device is used as an interface to access these services. However, cyber threats are also becoming
Accepted 22 December 2017
various and sophisticated, which will endanger the security of users’ private data. In traditional service
Available online 11 January 2018
mode, users’ data is totally stored in the cloud, they lose the right of control on their data and face cyber
Keywords: threats such as data loss and malicious modification. To this end, we propose a novel cloud storage scheme
Cloud computing based on fog computing. In our scheme, user’s private data is separately stored in the cloud and fog servers.
Fog computing By this way, the integrity, availability and confidentiality of user’s data can be ensured because the data is
Cloud storage retrieved from cloud as well as fog, which is safer. We implement a system prototype and design a series
Cyber security of mechanisms. Extensive experiments results also validate the proposed scheme and methods.
© 2018 Elsevier B.V. All rights reserved.

1. Introduction
Since the cloud computing was proposed, it has deeply in-
fluenced our life in different aspects. Depending on its powerful
computing and storage capability, cloud computing changes a lot
of traditional schema in computer realm [1,2]. Cloud storage is
a typical application which takes advantage of the huge storage
capacity of cloud computing. Many Internet giants like Google,
IBM and Tecent all have their own cloud storage service. These
cloud storage services have been widely accepted by personal and
enterprise users. Almost everyone who uses Internet has his own
cloud storage space from GB to TB. People increasingly prefer to
save their private data in the cloud. There are advantages and
disadvantages, cyber threats are growing up with the development
of cloud technology [3–6]. There are different kinds of cyber threats
in cloud storage service, such as data loss, malicious modification,
cloud server crash, etc. In history, there are some serious cyber
accidents, for example, Dropbox data leakage accident in 2016. The
leakage influenced about 64 million accounts. Much more serious
than Dropbox, YAHOO recently published that up to 3 billion ac-
counts’ information was stolen by hackers in 2013. These incidents
* Corresponding author.
E-mail address: xiemd@zjgsu.edu.cn (M. Xie).
caused great damage on the reputation of the company [7–9]. Tra-
ditional cloud computing model cannot satisfy user’s requirement
for cyber security anymore, so the fog computing, also termed edge
computing appears in our sight as a more intelligent computing
model.
Fog computing or edge computing is an extended computing
model based on cloud computing which is composed of a lot of fog
nodes. These nodes have a certain storage capacity and processing
capability [10,11]. However, there are also some debates on the
differences between the fog computing and edge computing, for
example, W. Shi et al. think edge computing is interchangeable
with fog computing, but edge computing focus more toward the
things side, while fog computing focus more on the infrastructure
side [12]. In this paper, we do not focus on the difference among
the different terms of the computing model. We consider them as
the same without essential difference. The main purpose of this
paper is using the features of fog computing to solve the problems
in traditional cloud storage field. In traditional cloud storage, user
uploads their file to the cloud server directly. Then the Cloud
Server Provider (CSP) will replace users to manage the data, so
users do not actually control the physical storage of their data
and it results in the separation of ownership and management
of data [13]. Therefore, we design a scheme which combines the
traditional cloud storage with fog computing model. Comparing to
traditional method like encryption, our scheme does not need to

https://doi.org/10.1016/j.future.2017.12.036
0167-739X/© 2018 Elsevier B.V. All rights reserved.
 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218
worry about encryption cracking. Specifically, in our scheme, user’s
private file will be divided into several parts. Then our system
saves the data in different cloud servers and user’s fog devices.
Since the fog server is actually controlled by users themselves, the
CSP cannot get any useful information without the data stored in
the fog server. Besides, we design a series of mechanisms, which
can ensure the integrity, availability and confidentiality of user’s
data. Furthermore, by utilizing the low-delay feature of the fog
computing, cloud storage with fog will have higher transmission
rate [14]. The main contributions of this work can be summarized
as follows:
• We propose a fog-based cloud storage scheme. The scheme
we proposed can prevent user’s private data suffering from
cyber threats such as data loss and malicious modification.
By storing data separately in different servers, user can
partly take charge of the management of data.
• We design a series of mechanisms to ensure the data se-
curity and the quality of service provided by the CSP. The
mechanisms include erasure code, malicious modification
detection and reputation evaluating. With these mecha-
nisms, user can enjoy safer and higher quality storage ser-
vice.
• We implement a system prototype named Easy-Save, which
allows users to upload and retrieve their private files. Easy-
Save also provides some advanced function such as CSP se-
lecting, malicious modified detection, administrator’s mode
and so on.
The remainder of this paper is organized as follows: Section 2
reviews related research works, Section 3 detailedly elaborates the
architecture and mechanisms of our scheme, Section 4 introduces
the system prototype — Easy-Save, Section 5 evaluates the system
with different experiments and Section 6 concludes this paper.
2. Related work
In this section, we will give several researches around the topics
of security in cloud computing, fog computing and edge comput-
ing. These topics have been studied extensively in cloud computing
security realm and other related field.
Security in Cyber Space: Security issues have always been the
primary focus no matter in academic or industrial sector [15].
There are a lot of excellent surveys about this topic, we list part of
them for readers to refer [16–18]. In paper [19], F. Shaikh et al. find
that main security threats include data loss, leakage of data, client’s
trust, user’s authentication, malicious users handling, wrong usage
of cloud computing and its services, hijacking of sessions while
accessing data. To solve these problems, a variety of methods are
developed to ensure the security in cloud computing. L. Kuafman
points out that the industry itself should establish coherent and
effective policy and governance to identify and implement proper
security methods [20]. Furthermore, there are some more specifi-
cally methods. C. Wang et al. propose a privacy-preserving public
auditing scheme which allow third party auditor (TPA) to help user
with checking the integrity of outsourced data when needed [21].
However, the TPA should meet some security requirements. In this
paper, authors utilize and uniquely combine the public key based
homomorphic authenticator with random masking to achieve the
privacy-preserving public cloud data auditing system, which meets
all requirements. Shen et al. propose an efficient public auditing
protocol with global and sampling blockless verification as well
as batch auditing, where data dynamics are substantially more
efficiently supported than the case with the state of the art [22].
D. Zissis proposes a Trusted Third Party (TTP) by enabling trust
and using cryptography to ensure the confidentiality, integrity
209
and authenticity of data and communications, while attempting to
address specific security vulnerabilities [23].
Different from the above methods which all include a third
part, encryption is also a hot research point. Paper [24] proposed
a privacy-preserving and copy-deterrence CBIR scheme using en-
cryption and watermarking techniques. This scheme can protect
the image content and image features well from the semi-honest
cloud server, and deter the image user from illegally distributing
the retrieved images. R. Arora et al. think encryption algorithms
play an important role in data security in cloud. By comparison
of different algorithms, it has been found that AES algorithm uses
least time to execute cloud data. Blowfish algorithm has least
memory requirement. DES algorithm consumes least encryption
time. RSA consumes longest memory size and encryption time [25].
Besides the encryption on the data directly, access control is also
a important way to protect data security. S. Yu et al. design a
secure, scalable and fine-grained data access control scheme which
combines techniques of attribute-based encryption (ABE), proxy
re-encryption, and lazy re-encryption [26]. From user’s aspect, a
trustworthy cloud environment can set user’s heart at rest. Hence
some researchers propose trust in cloud computing. Shen et al.
think cloud is semi-trusted and propose a framework for urban
data sharing by exploiting the attribute-based cryptography. The
scheme they proposed is secure and can resist possible attacks [27].
K. Khan et al. address the challenges of trust in cloud computing
and answer how can cloud providers earn their customers’ trust
when a third party is processing sensitive data in a remote machine
located in various countries [28]. However, these encryption make
search in cloud more difficult. Currently, searchable encryption is
a hot topic in the field of cloud computing. Paper [29–32] give
different solutions to relevant problem. Each of them achieves high
accuracy, security and efficient.
Fog/Edge Computing Model: Fog computing or termed edge
computing is a new computing model which is an extension of
cloud computing. There are more and more researches around
this topic in recent years. It was first proposed by Ciscos Bonomi
in 2011 [33]. In Bonomi’s view, fog computing is similar to the
cloud computing, the name of fog computing is very vivid. In
the nature, fog is closer to the ground than the cloud, so using
fog to describe the midcomputing model between cloud and the
sensor network is suitable. After the concept of the fog computing
being accepted by computer world. Many outstanding researches
spring up. However, different researchers have different views
about fog computing. The architecture of fog computing is always
a three-layers Mobile-Fog-Cloud hierarchy [34]. There are variety
of application scenarios for fog computing. I. Stojmenovic et al.
investigate fog computing advantages for services in several do-
mains, such as Smart Grid, wireless sensor networks, Internet of
Things (IoT) and software defined networks (SDNs) [35]. T. Gia et al.
enhance a health monitoring system by exploiting the concept of
fog computing at smart gateways providing advanced techniques
and services such as embedded data mining, distributed storage,
and notification service at the edge of network. The experiments
reveal that fog computing helps achieving more than 90% band-
width efficiency and offering low-latency real time response at the
edge of the network [36]. J. Zhu et al. propose a automating web site
performance optimization mechanism at edge servers. As a result,
a user’s webpage rendering performance is improved beyond that
achieved by simply applying those methods at the webserver or
CDNs [37].
For better and quick service provisioning, trimming and pre-
processing the data before sending to the cloud is very important.
M. Aazam et al. have presented Smart Gateway based communi-
cation, along with Fog computing, for the purpose of smart com-
munication and help lessen the burden on cloud [38]. However,
fog computing faces new security and privacy challenges besides
210 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218
Fig. 1. The architecture of the fog-based cloud storage scheme.
those inherited from cloud computing. S. Stolfo et al. point out that
the existing data protection mechanisms such as encryption has
failed in preventing data theft attacks, especially those perpetrated
by an insider to the cloud provider. They propose two ways of
using fog computing to prevent attacks such as the Twitter attack,
by deploying decoy information within the cloud by the cloud
service customer and within personal online social networking
profiles by individual users [35]. C.Dsouza et al. propose a policy-
based management of resources in fog computing, expanding the
current fog computing platform to support secure collaboration
and interoperability between different user-requested resources in
fog computing.
From above works we can see that security is still a primary
issue no matter in traditional cloud computing or in the burgeoning
fog computing. The contribution of our work consists both of the
security in cloud and fog. By combining the fog computing with
cloud computing, we provide a system prototype which includes
a series of secure mechanisms, so that user’s private data can be
securely stored and retrieved with low delay.
3. System architecture and mechanisms
In the traditional cloud storage realm, the most important is-
sues that users concern about are as follows: The storage capacity,
the QoS (Quality of Service) and the data security. However, the
storage capacity has not been a problem anymore after several
developments of technology. For example, IBM Cloud Object Stor-
age can attain massive scalability for any volume of data or any
business need, from petabyte to exabyte. The QoS includes reliabil-
ity, availability and disaster recovery, which depends on the CSP’s
service quality. However, the data security is the part which users
most concern about. In the traditional cloud storage architecture,
all of the user’s data is stored in the cloud server. Once there was
something wrong with the cloud server, user’s data will be under
threat. User needs a trustworthy cloud storage environment to
save their private files. Therefore, we propose a fog-based scheme
to improve traditional cloud storage and provide users with a safer
and high-quality service. As shown in Fig. 1, in our scheme, users
do not transfer data to the cloud severs directly. Fog servers are
introduced as the middle layer. Firstly, users’ data will be divided
into several data blocks. Secondly, users can select their trusting
CSPs according to the reputation values. After CSPs be confirmed,
users’ data will be separately uploaded to cloud servers and fog
servers in reasonable proportion. In our scheme, fog computing
devices can be seen as the intermediary function. They collect
and transfer data, besides, they also do some simple processing
and storage works. These functions are supported by the storage
and data processing capabilities of the fog devices. These features
are also the most obvious differences between the fog computing
model and the traditional cloud computing. Lastly, user’s data will
be reasonably allocated in different CSPs. Different from traditional
cloud storage scheme, user’s data is mainly divided into two parts,
one part (80%–90%) in the cloud server and another part (10%–20%)
in the fog server. The advantages of our scheme are as follows: 1.
Transmission delay can be sharply decreased. As fog computing
defines, it is closer to the ground than the cloud. The transfer rate
between fog computing layer and other layers is faster than the
rate directly between cloud layer and the bottom layer [39]. 2.
Data security can be better protected than traditional methods. For
user’s data is not completely stored in the cloud, attacker cannot
read whole information by part of the data. In the meantime, most
cyber threats will not bother users’ data anymore.
Furthermore, there is a reputation feedback mechanism in our
architecture. The mechanism is designed for users to evaluate the
CSPs’ services. As we can see in Fig. 1, there are many companies
which provide cloud storage service. Once there was something
wrong with a user’s data, user can influence the CSP’s reputation
value through the feedback mechanism. In conclusion, our fog-
based scheme for cloud storage can provide secure and high-
quality service to users. As for how it works, the theories will be
elaborated in the next section.
3.1. Security of data
From the consumers’ perspective, data security concerns re-
main a major barrier for the adoption of cloud storage [40]. Hence
how to protect user’s data security under the control of CSP is
the primary problem our system must to solve. The security of
data includes data integrity, availability and data privacy. For the
private files, confidentiality of data is especially sensitive. In our
scheme, we utilize Reed–Solomon code to ensure data security.
Reed–Solomon code is a kind of erasure code which always be
used in distributed storage field. The function of the Reed–Solomon
code is correcting error by redundant data which is generated
by original data. As shown in Fig. 2, parameter D represents the
original data. While the left part is an encode matrix which includes
an identity matrix and a Vandermonde matrix. In some cases,
the Vandermonde matrix can be replaced by Cauchy matrix. The
 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218
Fig. 2. Mechanism for data security.
elements of matrix X come from a finite field called Galois Field,
which is related to the original data D. Multiplied by matrix X , file
D is divided into k=4 data blocks and m=2 redundant data blocks.
The values of k and m are decided by the number of rows of the
matrix. According to the property of Reed–Solomon code, in the
k + m data blocks, if there are at least k data blocks, we can recover
the original data by multiplying the inverse matrix. While if the
number of data blocks is less than k, the original data cannot be
recovered. By taking advantage of this property of Reed–Solomon
code, our scheme can ensure the integrity and availability of user’s
data stored in the cloud. Our system can guarantee that attackers
cannot recover the full data with more than 95% data. For example,
we set the number of data blocks k=96, redundant data blocks m=4.
In this example, full data can be recovered only if we have more
than 96 data blocks. We store 95 data blocks in cloud server, so
attacker cannot recover the full data with the 95% data.
As for the privacy, the concept of privacy is not the same in
different countries, cultures or jurisdictions. Identification of pri-
vate information depends on the specific application scenario and
the law, and it is the primary task of privacy protection. However,
in our research, the data belongs to personal user or enterprise.
The content of data is usually private, especially for private files.
These files are not allowed to be read by others or CSPs. While
in traditional cloud storage, user’s data is totally stored in a cloud
server. It means that if the CSP was hacked, user’s data will face
several cyber threats. To solve the privacy issues in cloud storage,
we let a small part of data be stored in the fog server which is
more secure than the cloud server. Besides, we choose several CSPs
rather than one. The benefits of this approach are as follows: 1.
Privacy of the data can be further ensured since each CSP only
stores a part of data. Attackers or CSP cannot read the content from
any data fragment. 2. Promoting the competition between CSPs,
so that they will provide higher quality of service. If a CSP always
make mistakes, user will not select it anymore. In order to attract
users, CSPs must improve their service and safety level.
3.2. Malicious modification detection
For some purposes, attackers sometimes modify user’s data.
However, due to the limitation of erasure code, it can only solve
the problem of data loss. If data was modificated by malicious
attacker or administrator, erasure code makes no difference any-
more. Hence we add a malicious modification detection mecha-
nism in our scheme. There are a lot of methods used in malicious
modification detection. For example, Message-Digest Algorithm 5
(MD5) is a popular algorithm often used in consistency check. The
principle of MD5 is taking as input a message of arbitrary length
and produces as output a 128-bit ‘‘fingerprint’’ or ’’message digest’’
of the input. While there are some secure hidden dangers existing
in MD5, it can be cracked by sufficient comparisons or other meth-
ods. For example, X Wang et al. have broke MD5 in 2005 [41]. In
211
Algorithm 1: Malicious Modified Detection (MMD)
Encryption;
Input: originaltext , start_position, end_position.
Output: fingerprint.
a = MD5(originaltext), encrypt the plaintext with MD5 and get
message a;
fingerprint = sub(a, randomnumber , start_position, end_position),
replace the captured part with random number from star position
to end position;
Decryption;
Input: fingerprint , v erifytext , start_position, end_position.
a = capture(fingerprint , 0, start_position), front part of fingerprint;
b = capture(fingerprint , end_position, length(fingerprint)), latter
part of fingerprint;
fingerprint ′ = MD5(v erifytext);
a′ = capture(fingerprint ′ , 0, start_position), front part of
fingerprint’;
b′ = capture(fingerprint ′ , end_position, length(fingerprint)), latter
part of fingerprint;
flag = compare(a, b, a′ , b′ );
if flag = 1 then
retuen 1, Not Modified;
else
return 0, Modified ;
end
Output: 0 or 1.
our system, we design an improved algorithm based on MD5 which
is safer than traditional MD5 algorithm. As shown in Algorithm 1,
in encryption section, firstly, we do MD5 on the original text and
get message a. Then we get a 128 bit ‘‘fingerprint’’ by replacing
the middle section with a series of random numbers. By the mean
time, we record the start position and the end position. By this way,
the encryption level of the message-digest is improved for no one
can crack the random numbers. The ‘‘fingerprint’’ will be stored
in fog server for decryption. In decryption section, we firstly do
capture operation on the ‘‘fingerprint’’ by start position and end
position and get a and b which are the front part and latter part of
fingerprint. Then we do MD5 on the text we want to verify and get
‘‘fingerprint’’’. Do same operation on ‘‘fingerprint’’’ as the operation
on ‘‘fingerprint’’ and get a′ and b′ . Lastly, we compare a with a′ , b
with b′ and decide whether the text has been modified.
Return to our scheme, we use the MMD algorithm in upload-
ing process. Our system records the ‘‘fingerprint’’ of data blocks
generated by Reed–Solomon code. Every block matches a 128-
bit ‘‘fingerprint’’, and be stored in the fog server for safety. When
user downloads the data blocks from cloud server, the first step
is to check the consistency of every data blocks. After comparing
every data block’s ‘‘fingerprint’’, if the data block was modified,
our system will delete it and give a negative feedback to the CSP’s
reputation evaluating mechanism to warning other users. By this
way, we can avoid malicious modified, however, if the number
of the modified data blocks exceeds the upper limit, original data
will never be recovered. The CSP should be responsible for the
economic loss it caused.
3.3. Reputation evaluation
In our system, there is a reputation evaluating mechanism
for CSP. Every bad behavior caused by CSP will have a negative
influence on itself. The reputation values of CSPs will help users
selecting cloud server when they first use our system or change
their current CSPs. As shown in formula (1), ψ (i) represents the
reputation value of the CSP i. It is composed of two parts. The
212 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218
Table 1
Negative feedback levels of different scenarios.
Items
Long response time
Data loss (Slight)
Data modification (Slight)
Data loss (Serious)
Data modification (Serious)
Server crash
Note: Slight means within the limit while Serious means exceeding the limit.
front part is user’s grade, and another part is the basic value of
the CSP. Users can be divided into different kinds and they have
different weights ω(j). For example, personal user’s weight might
be lower than enterprise user’s weight since the damage degrees
are different between them. The u(j) represents the grade which
user gives to the CSP according to the CSP’s service. However, user’s
grade is subjective, we could not evaluate the quality of service
only from the perspective of users. Hence we add a Basic_Value
which comes from an objective perspective. Basic_Value consists
of some industry metrics, such as storage technology, price storage
performance and so on. This part will account for 70%–80% of the
whole value and will be updated once a year.
u(j) ∗ ω(j)
∑
j several data blocks and redundant data blocks will be generated
ψ (i) = + Basic_Value.
ω(j)
∑
j
The user rating can be expressed as formula (2). Parameter i
represents the month which means the user rating is monthly
updating and the new rating is based on the last month’s rating.
Parameter li is the negative feedback value. Different kinds of bad
behaviors of the CSP have different negative feedback value, for
example, data loss is not so serious as malicious modified. The spe-
cific is listed in Table 1. However, if the bad behavior caused data
permanently loss, the negative feedback will double its original
value. According to the reputation values of the CSPs, user is more
likely to find a CSP which can provide satisfied service.
u (i) = u(i − 1) − li .
4. System prototype
Based on the scheme and secure mechanisms described above,
we design a fog-based cloud storage system prototype named
Easy-Save with C++ and C# on Visual Studio 2013 Professional.
In the Easy-Save, we implement the Reed–Solomon code by using
Vandermonde matrix in Galois Field. Our system can now process 1
GB data within 1 s. It is just a prototype now, user can easily upload
or download their private file. The processes of uploading and
downloading is under the protection of secure mechanisms, but in
user’ view, they do not feel the existence of the fog server or any
operation did on their data. They feel like that data is transferred
directly between their devices and cloud server just as traditional
cloud storage did. But in fact, user’s data is partly stored in the fog
server after being processed. The rest of data is stored separately
in different cloud servers. In the next section, we will specifically
elaborate the work mechanism of Easy-Save.
4.1. System work mechanism
We firstly introduce the work mechanism in uploading process.
When a user uploading file to the cloud, the progress is shown as
ALGORITHM 2 . The first step is selecting CSPs according to the
reputation values, the next step is choosing file to upload. User can
select one or more cloud service according to their requirement,
the more CPSs user selecting, the safer their data will be. However,
Algorithm 2: Secure Uploading
Level
Input: f, CSP, Select file and CSP, f is the file we select.
Output: MMD code, confirmation message.
1
2
Select(f, CSP), Select file and CSP;
2 fi = Encode(k, m, f ), Do RS coding on selected file, parameter k is
5 the number of data blocks, m is the number of redundant data
5 blocks;
5
for i = 1; i <= k; i + + do
token[i] = MMD(fi );
Save(token[i]), Save token information to the fog server;
end
for i = 1; i <= k + m; i + + do
if i < m + 1 then
Upload2Fog(fi );
else
Upload2Cloud(fi );
end
end
the more CPSs user selecting, the more cost there will be. The
selected file will be encoded as desired by user. After encoding,
(1) and expressed as fi . All of the data blocks will be record by MMD
and the token message will be saved in the fog server. At last, m
redundant data blocks will be saved in the fog server and the others
will be upload to those cloud servers chosen by user.
When a user wants to download file from cloud. The progress is
shown as ALGORITHM 3 . The first step is download all of the data
blocks and redundant data blocks from cloud server and fog server
and counting the number of them. If the number of data blocks
is enough, skip to next step. Doing consistency verify on every
data blocks. Once there is modification on data blocks, system
will delete the modified data blocks and compute whether the
number of loss data exceeds the limit. If the number of data blocks
is enough to recover the original file, do decoding on the data
(2) blocks. There are some bad conditions as follows: The number
of data blocks is not enough to recover the original data after
downloading, the number of modified data blocks is exceeding the
limit of recovering. In these two conditions, user’s data cannot be
recovered forever, so we give strong negative feedback to the CSP.
While in other conditions, we only give slight negative feedback to
the CSP.
4.2. System interface
In this section, we will introduce part of interfaces of our system
Easy-Save. As shown in Fig. 3, subgraph (a) shows the uploading
interface. When user wants to upload his file, the first step is
selecting the upload path like most cloud storage system did, then
user needs to select the number of original data blocks and the
number of redundant data blocks by the drop-down list. The last
step is choosing CSPs, according to the user’s requirement, a user
can choose one more clouds for using. There is a table which lists
all of the reputation values of CSPs, user can select by their own
intentions. After confirming the above information, user’s data will
be encoded and separately stored in different places, a small part
in fog server and a great part in cloud servers.
When user wants to download their file from cloud server(s)
and fog server, the interface is shown as subgraph (b) in Fig. 3. User
can view the file from the file list which includes the information
of file name, size and date. User can select the file from the file
list. After the data blocks is completely downloaded, if there was
any problem, system will warn the user clearly and give a negative
 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218 213

(a) Uploading. (b) Downloading. (c) Management.

Fig. 3. Demonstration of easy-save system.

Table 2
Algorithm 3: Secure Downloading
Experiment environment.
Input: token[k], k, m, parameter k is the number of data blocks, m Operation system Windows 10
is the number of redundant data blocks. CPU Intel Core i7 2.50 GHz
Output: file f. Memory 8 GB
Select file to download and save them in f1 ...fj ; Programming language C++/C#
if j >= k then Compiler Visual Studio 2013 Professional
LAN speed 100 Mbps
for i = 1; i <= k + m; i + + do WAN speed 10 Mbps
if MMD(fi )! = token[i]&j − erro_count >= k then
Delete(fi );
Reputation_Feedback_Slight(CSPi );
of uploading, downloading. Furthermore, we consider different
erro_count + +;
conditions which are very likely to happen in system running
else process, for example, data loss and malicious modified. In theory,
Reputation_Feedback_Strong(CSPi ); these conditions will influence the performance, so we want to
return erro; find the rule and tendency of performance change under different
end degrees of data loss or modification. The size of testing data is
f =Decode(fi , k, m) 1,038,696 bytes and results are shown as follows.
end As we can see from Fig. 4, we simulate 1000 times uploading.
else We set 6 conditions with different colors for better distinction. The
Reputation_Feedback_Strong(CSPi ); parameter m represents the number of data blocks, the parameter k
return erro; represents the number of redundant data blocks. These two param-
end eters can be adjusted by users according to their requirements. As
shown in subgraph (a), despite some peculiar value in every condi-
tion, there is a obvious hierarchy between different conditions. For
more clearly view, we sort the 1000 results by ascending order. As
feedback to the background. In our example, data block 4 is modi- shown in subgraph (b), we can clearly see that the main difference
fied, however, the modification does not means the unavailability is caused by the value of m. According to the orange, purple and
of file. In most conditions, the file is still available even though red lines, we can find when the value of m increases, the time of
some mistakes happened. After all of the data blocks are verified, uploading increases. Moreover, the change of the value of k also
the original file will be generated by decoding process. Besides, we make some difference. As we can compare the orange line with
also design a administrator mode for administrators so that they the green–blue line, the bigger the value of k, the longer the time
can clearly see the data information separately in the cloud and of uploading. This phenomenon can be explained by the encoding
the fog. As shown in subgraph (c), administrator can clearly check efficiency. With the number of data blocks increases, the encoding
the storing status of data in cloud server and fog server. However, matrix’s complexity increases, which cause the generated time
administrators can do some advanced operations if they has the prolong.
permission. Of course, administrators’ operations could not touch Fig. 5 shows the results of 1000 times downloading tests. These
the user’s interests. downloading processes are normal, which means there is no data
loss or malicious modified happening. The parameters in down-
5. System evaluation and analysis
loading test are the same as the parameters in uploading parame-
The experiments are including two parts: First, we evaluate the ters. We do not repeat them again. As we can see in subgraph (a),
performance of our system under different conditions. Second, we except a few peculiar points, the values of different conditions are
do some analysis on our scheme. The experiment environment difficult to distinguish. For more clearly view, we also sort the 1000
parameters are shown as Table 2. results by ascending order. As shown in subgraph (b), the orange
line is slightly higher than the others. However, the blue line is
5.1. Performance testing obviously lower than the others. According to these two extreme
values, we can conclude that the bigger the m and k are, the longer
In this section, we test the performance of Easy-Save system the time of downloading is. This phenomenon can be explained by
from four main aspects. The experiments cover the performance the same theory as it in the uploading test. The decoding efficiency
214 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218

(a) Original order. (b) Ascending order.

Fig. 4. Performance of normally uploading (1000 times). (For interpretation of the references to color in this figure legend, the reader is referred to the web version of this
article.)

(a) Original order. (b) Ascending order.

Fig. 5. Performance of normally downloading (1000 times). (For interpretation of the references to color in this figure legend, the reader is referred to the web version of
this article.)

decreases with the increasing of decoding matrix’s complexity. The
decoding matrix is a inverse of encoding matrix. So the complexity
of the decoding matrix is related to the encoding matrix.
Fig. 6 shows the results of 1000 times downloading with data
loss. Data loss is the most common problem in cloud storage. In this
test, we want to see the performance of our system with different
degrees of data loss. By the way, the degrees of data loss in our
tests are set within the limit so that we can always recover the
original data. There is a new parameter lost which represents the
number of data loss. Furthermore, the parameter k is not marked
this time. The value of k is set as 3, so the maximum of lost is 3. As
shown in subgraph (a), except some peculiar values, there are some
boundaries between different conditions. Especially the boundary
between the green line and the light red line. For better analysis, we
sort the 1000 results again. The ascending order results is shown
in subgraph (b). We can see there is an obvious rule, when the
 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218 215

(a) Original order. (b) Ascending order.

Fig. 6. Performance of downloading with data loss (1000 times). (For interpretation of the references to color in this figure legend, the reader is referred to the web version
of this article.)

(a) Original order. (b) Ascending order.

Fig. 7. Performance of downloading with data modified (1000 times).

number of data loss increases the time of downloading increases.
On the other hand, we compare the subgraph (b) in Fig. 6 with the
subgraph (b) in Fig. 5. We find when the value of k is 3, the time of
downloading in Fig. 6 is longer than the time in Fig. 5.
We simulate malicious modification by changing the content of
data blocks in fog server rather than removing them. As shown
in Fig. 7, there is the result of 1000 times of downloading with
different conditions. By the way, the number of modified data is
set within the limits. The new parameter t represents the number
of data which is modified by us through background. The value of k
is still set as 3, so the maximum of t is also 3. As shown in subgraph
(a), we can clearly see the boundaries by different colors. There are
still a lot of noise points in subgraph (a), for a better view, we see
subgraph (b) which is the ascending order version of subgraph (a).
In subgraph (b), in the case of same value of m, when the value of t
increasing, the time of downloading increases with it. Furthermore,
the time of downloading with data modified is longer than the
time of normal downloading. This phenomenon is easily to explain,
216 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218
(a) Our scheme vs. traditional way in transmission rate (Data Blocks =
8 Redundant Blocks = 2).
Fig. 8. Delay in transmission.
(a) Our scheme vs. no reputation mechanism.
Fig. 9. Secure mechanism analysis.
because of once the system detects the modification, there will be
a sequence of operations.
5.2. Analysis
The above tests show that our system is feasible and efficient.
Besides the test of system performance, we also do some theory
analysis about our scheme from different aspects. As we mentioned
before, the fog server is closer to user’s device, so the transmis-
sion rate between fog server and user’s device is faster than the
transmission rate between cloud server and user’s device. For
cloud storage, delay is always a primary problem, so our scheme
takes advantages of the fog computing to solve the delay in file
transmission. As show in Fig. 8, we compare the transmission time
of traditional method and our scheme. We can see that our scheme
is most time-saving in every condition. Because in our scheme, part
of data is stored in the fog server, the time of downloading this part
of data is shorter than traditional downloading.
In our scheme, the reputation evaluating mechanism help user
to choose the CSP. On the one hand, user can get higher quality
of service than before. On the other hand, the CSPs can improve
themselves by the feedback from users. As we can see in Fig. 9,
subgraph (a) shows us the difference between our scheme and
traditional method, we can see that the number of failure of CSPs is
(b) Our scheme vs. traditional way in transmission rate (Data Blocks =
6 Redundant Blocks = 4).
(b) Multi-CSPs vs. one CSP.
decreasing month by month in our scheme. This is because of the
CSPs’ self-adjusting according to the feedback from users. Besides,
traditional cloud storage model only allow user to choose one CSP,
but our scheme allow user choose more CSPs. By this way the
security level can be further improved. As shown in subgraph (b),
we consider three conditions, one CSP, two CSPs and three CSPs. It
is obviously that the number of data loss is decreasing when the
number of CSPs adding. However, the economic cost will be higher
when user chooses more CSPs’ service.
6. Conclusion
In this work, we present a novel fog-based scheme for cloud
storage and design a system prototype based on this scheme.
The development of cloud computing brings a huge influence on
traditional computing model. Fog computing model is a power-
ful extension of cloud computing. We can utilize the features of
fog computing to make up new solutions or improve traditional
methods. In this paper, we combine the traditional cloud storage
with fog computing model. In cloud storage realm, how to solve the
cyber threat issues is always concerned by users and researchers.
In our scheme, we divide data into two parts, the big one is stored
in the cloud while the small one is stored in the fog. By this way, our
 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218
scheme can ensure the integrity, availability and confidentiality of
data. On the one hand, fog server is safer than cloud server. On
the other hand, attackers cannot get information by data fragment,
so our scheme can protect the confidentiality user’s data better
than traditional ways. Furthermore, both of the CSP and users can
benefit from the reputation evaluating mechanism we designed.
We also implement a system prototype based on the mechanisms
we proposed. After a series of performance tests, we prove that the
system is feasible and could be used in cloud storage applications.
Acknowledgments
Above work was supported in part by grants from the Na-
tional Natural Science Foundation (NSF) of China under Grant
Nos. 61772148, 61672441 and 61602330, the Fujian Provincial
Outstanding Youth Scientific Research Personnel Training Program
(HQU-TIANWANG) and the Foster Project for Graduate Student in
Research and Innovation of Huaqiao University under Grant No.
1611414016.
References
[1] X. Liu, S. Zhao, A. Liu, N. Xiong, A.V. Vasilakos, Knowledge-aware proactive
nodes selection approach for energy management in Internet of Things, Future
Gener. Comput. Syst. (2017). http://dx.doi.org/10.1016/j.future.2017.07.022.
[2] Y. Liu, A. Liu, S. Guo, Z. Li, Y.-J. Choi, H. Sekiya, Context-aware collect data with
energy efficient in cyber-physical cloud systems, Future Gener. Comput. Syst.
(2017). http://dx.doi.org/10.1016/j.future.2017.05.029.
[3] N.D.W. Cahyani, B. Martini, K.-K.R. Choo, A. Al-Azhar, Forensic data acquisition
from cloud-of-things devices: windows smartphones as a case study, Concurr.
Comput.: Pract. Exper. 29 (14) (2017) 1–16.
[4] B. Martini, K.-K.R. Choo, Distributed filesystem forensics: XtreemFS as a case
study, Digit. Investigation 11 (4) (2014) 295–313.
[5] C.F. Tassone, B. Martini, K.-K.R. Choo, Visualizing digital forensic datasets: a
proof of concept, J. Forensic Sci. 62 (5) (2017) 1197–1204.
[6] B. Martini, Q. Do, K.-K. Raymond Choo, Digital forensics in the cloud era:
the decline of passwords and the need for legal reform, Trends Issues Crime
Criminal Justice 1 (512) (2016) 1–16.
[7] C. Hooper, B. Martini, K.-K.R. Choo, Cloud computing and its implications for
cybercrime investigations in australia, Comput. Law Secur. Rev. 29 (2) (2013)
152–163.
[8] D. Quick, K.-K.R. Choo, Digital forensic intelligence: data subsets and open
source intelligence (DFINT+ OSINT): a timely and cohesive mix, Future Gener.
Comput. Syst. 78 (2018) 558–567.
[9] Y.-Y. Teing, A. Dehghantanha, K.-K.R. Choo, L.T. Yang, Forensic investigation of
P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as
a case study, Comput. Electr. Eng. 58 (2017) 350–363.
[10] K.-K.R. Choo, R. Lu, L. Chen, X. Yi, A foggy research future: Advances and
future opportunities in fog computing research, Future Gener. Comput. Syst.
78 (2018) 677–697.
[11] O. Osanaiye, S. Chen, Z. Yan, R. Lu, K. Choo, M. Dlodlo, From cloud to fog
computing: A review and a conceptual live VM migration framework, IEEE
Access 5 (99) (2017) 8284–8300.
[12] W. Shi, J. Cao, Q. Zhang, Y. Li, L. Xu, Edgecomputing: Vision and challenges, IEEE
Internet Things J. 3 (5) (2016) 637–646.
[13] L. Xiao, Q. Li, J. Liu, Survey on secure cloud storage, J. Data Acquis. Process.
31 (3) (2016) 464–472.
[14] T. Wang, J. Zeng, Y. Cai, H. Tian, Y. Chen, B. Wang, et al., Data collection from
WSNs to the cloud based on mobile Fog elements, Future Gener. Comput. Syst.
(2017). http://dx.doi.org/10.1016/j.future.2017.07.031.
[15] M. Xie, U. Bhanja, J. Shao, G. Zhang, G. Wei, LDSCD: A loss and DoS resistant
secure code dissemination algorithm supporting multiple authorized tenants,
Inform. Sci. 420 (2017) 37–48.
[16] S. Subashini, V. Kavitha, A survey on security issues in service delivery models
of cloud computing, J. Netw. Comput. Appl. 34 (1) (2011) 1–11.
[17] H. Takabi, J.B. Joshi, G.-J. Ahn, Security and privacy challenges in cloud com-
puting environments, IEEE Secur. Privacy 8 (6) (2010) 24–31.
[18] D.-G. Feng, M. Zhang, Y. Zhang, Z. Xu, Study on cloud computing security, J.
Softw. 22 (1) (2011) 71–83.
[19] F.B. Shaikh, S. Haider, Security threats in cloud computing, in: Internet Tech-
nology and Secured Transactions (ICITST), 2011 International Conference for,
IEEE, 2011, pp. 214–219.
217
[20] L.M. Kaufman, Data security in the world of cloud computing, IEEE Secur.
Privacy 7 (4) (2009) 61–64.
[21] C. Wang, Q. Wang, K. Ren, W. Lou, Privacy-preserving public auditing for data
storage security in cloud computing, in: Infocom, 2010 Proceedings IEEE, IEEE,
2010, pp. 1–9.
[22] J. Shen, J. Shen, X. Chen, X. Huang, W. Susilo, An efficient public auditing
protocol with novel dynamic structure for cloud data, IEEE Trans. Inform.
Forensics Secur. 12 (10) (2017) 2402–2415.
[23] D. Zissis, D. Lekkas, Addressing cloud computing security issues, Future Gener.
Comput. Syst. 28 (3) (2012) 583–592.
[24] Z. Xia, X. Wang, L. Zhang, Z. Qin, X. Sun, K. Ren, A privacy-preserving and copy-
deterrence content-based image retrieval scheme in cloud computing, IEEE
Trans. Inform. Forensics Secur. 11 (11) (2016) 2594–2608.
[25] R. Arora, A. Parashar, C.C.I. Transforming, Secure user data in cloud computing
using encryption algorithms, Int. J. Eng. Res. Appl. 3 (4) (2013) 1922–1926.
[26] S. Yu, C. Wang, K. Ren, W. Lou, Achieving secure, scalable, and fine-grained data
access control in cloud computing, in: Infocom, 2010 Proceedings IEEE, IEEE,
2010, pp. 1–9.
[27] J. Shen, D. Liu, J. Shen, Q. Liu, X. Sun, A secure cloud-assisted urban data
sharing framework for ubiquitous-cities, Pervasive Mobile Comput. (2017).
http://dx.doi.org/10.1016/j.pmcj.2017.03.013.
[28] K.M. Khan, Q. Malluhi, Establishing trust in cloud computing, IT Professional
12 (5) (2010) 20–27.
[29] Z. Fu, X. Wu, C. Guan, X. Sun, K. Ren, Toward efficient multi-keyword fuzzy
search over encrypted outsourced data with accuracy improvement, IEEE
Trans. Inform. Forensics Secur. 11 (12) (2016) 2706–2716.
[30] Z. Fu, K. Ren, J. Shu, X. Sun, F. Huang, Enabling personalized search over
encrypted outsourced data with efficiency improvement, IEEE Trans. Parallel
Distrib. Syst. 27 (9) (2016) 2546–2559.
[31] Z. Xia, X. Wang, X. Sun, Q. Wang, A secure and dynamic multi-keyword ranked
search scheme over encrypted cloud data, IEEE Trans. Parallel Distrib. Syst.
27 (2) (2016) 340–352.
[32] Z. Fu, F. Huang, X. Sun, A. Vasilakos, C.-N. Yang, Enabling semantic search
based on conceptual graphs over encrypted outsourced data, IEEE Trans. Serv.
Comput. (2016). http://dx.doi.org/10.1109/TSC.2016.2622697.
[33] F. Bonomi, R. Milito, J. Zhu, S. Addepalli, Fog computing and its role in the
internet of things, in: Proceedings of the First Edition of the MCC Workshop
on Mobile Cloud Computing, ACM, 2012, pp. 13–16.
[34] T.H. Luan, L. Gao, Z. Li, Y. Xiang, G. Wei, L. Sun, Fog computing: focusing on
mobile users at the edge, Comput. Sci. (2015) arXiv:1502.01815 [cs.NI].
[35] I. Stojmenovic, S. Wen, The fog computing paradigm: scenarios and security
issues, in: Computer Science and Information Systems, 2014, pp. 1–8.
[36] T.N. Gia, M. Jiang, A.M. Rahmani, T. Westerlund, P. Liljeberg, H. Tenhunen,
Fog computing in healthcare internet of things: A case study on ecg feature
extraction, in: IEEE International Conference on Computer and Information
Technology; Ubiquitous Computing and Communications; Dependable, Auto-
nomic and Secure Computing; Pervasive Intelligence and Computing, 2015, pp.
356–363.
[37] J. Zhu, D. Chan, P. Natarajan, H. Hu, Improving Web sites Performance Using
Edge Servers in Fog Computing Architecture, IEEE, 2015, pp. 320–323.
[38] M. Aazam, E.N. Huh, Fog computing and smart gateway based communication
for cloud of things, in: International Conference on Future Internet of Things
and Cloud, 2014, pp. 464–470.
[39] T. Wang, Y. Cai, W. Jia, S. Wen, G. Wang, H. Tian, Y. Chen, B. Zhong, Maximizing
real-time streaming services based on a multi-servers networking framework,
Comput. Netw. 93 (P1) (2015) 199–212.
[40] M.D. Munoz-Hernandez, M. Morales-Sandoval, J.J. Garcia-Hernandez, An end-
to-end security approach for digital document management, Comput. J. 59 (7)
(2016) 1076–1090.
[41] X. Wang, H. Yu, How to break MD5 and other hash functions, Eurocrypt 3494
(2005) 19–35.
Tian Wang received his B.Sc. and M.Sc. degrees in Com-
puter Science from the Central South University in 2004
and 2007, respectively. He received his Ph.D. degree in
City University of Hong Kong in 2011. Currently, he is a
professor in the Huaqiao University of China. His research
interests include wireless sensor networks, fog computing
and mobile computing.
218 T. Wang et al. / Future Generation Computer Systems 83 (2018) 208–218
Jiyuan Zhou received his B.S. degree in Tianjin Polytechnic
University in 2016. Currently, he is a master candidate in
Huaqiao University, China. His research interests include
security in wireless networks, fog computing and security
in cloud storage.
Minzhe Huang is a senior student in Huaqiao University,
Xiamen, China. His research field is fog computing and
security in cloud storage.
Md Zakirul Alam Bhuiyan received the Ph.D. degree and
the M. Eng. degree from Central South University, China,
in 2009 and 2013 respectively, and the B.Sc. degree from
International Islamic University Chittagong, Bangladesh,
in 2005, all in Computer Science and Technology. He is
currently an assistant professor (research) in the Depart-
ment of Computer and Information Sciences at Fordham
University. He is a member of the Center for Networked
Computing (CNC). Earlier, he worked as a post-doctoral
fellow at the Central South University, China, a research
assistant at the Hong Kong PolyU, and a software engineer
in industries. His research focuses on dependable cyber–physical systems, wireless
sensor network applications, network security, and sensor–cloud computing. He
has served as a managing guest editor, program chair, workshop chair, publicity
chair, TPC member, and reviewer of international journals/conferences. He is a
member of IEEE and a member of ACM.
Anfeng Liu is a Professor of School of Information Science
and Engineering, Central South University, China. He is
also a Member (E200012141M) of China Computer Feder-
ation (CCF). He received the M.Sc. and Ph.D. degrees from
Central South University, China, 2002 and 2005 respec-
tively, both majored in computer science. His major re-
search interests are Cyber–Physical Systems, Service net-
work, wireless sensor network. afengliu@gmail.csu.edu.
cn.
Wenzheng Xu received the B.Sc., ME, and Ph.D. de-
grees in computer science from Sun Yat-Sen University,
Guangzhou, P.R. China, in 2008, 2010, and 2015, respec-
tively. He currently is a Special Associate Professor at
Sichuan University and was a visitor at the Australian Na-
tional University. His research interests include wireless
ad hoc and sensor networks, online social networks, mo-
bile computing, approximation algorithms, combinatorial
optimization, and graph theory. He is member of the IEEE.
Mande Xie is currently a Professor in the Zhejiang Gong-
shang University. He received the Ph.D. degree in Circuit
& System from Zhejiang University in 2006. His research
interests include Wireless Sensor Networks (WSNs), Social
Network and Privacy Preservation.