EPPSA: Efficient Privacy-Preserving Statistical Aggregation Scheme for Edge Computing-Enhanced Wireless Sensor Networks

In edge computing-enhanced wireless sensor networks (WSNs), multidimensional data aggregation can optimize the utilization of computation resources for data collection. How to improve the eﬃciency of data aggregation has gained considerable attention in both academic and industrial ﬁelds. This article proposes a new eﬃcient privacy-preserving statistical aggregation scheme (EPPSA) for WSNs, in which statistical data can be calculated without exposing the total number of sensor devices to control center. The EPPSA scheme supports multiple statistical aggregation functions, including arithmetic mean, quadratic mean, weighted mean, and variance. Furthermore, the EPPSA scheme adopts the modiﬁed Montgomery exponentiation algorithms to improve the aggregation eﬃciency in the edge aggregator. The performance evaluation shows that the EPPSA scheme gets higher aggregation eﬃciency and lower communication load than the existing statistical aggregation schemes.


Introduction
In recent years, wireless sensor networks (WSNs) have achieved an accelerated increase in deployment. WSNs are widely utilized in scenarios such as smart homes [1], vehicular ad hoc networks [2][3][4], industrial Internet of ings [5], and monitoring environments [6][7][8]. e sensor devices in WSNs are responsible for sensing real-time data and transmitting the sensed data to control center for data analysis and intelligent control. In a variety of WSN applications, some computations are too time-consuming for sensor devices. Edge computation is an effective solution for resource-limited sensor devices to gain edge devices' assistance, such as data aggregation and neural network models [9]. With the edge computation devices deployed near the target area, the computing load in WSN sensor devices could be distributed to the edge devices. With the help of edge computation devices, cloud data centers provide various services for numbers of applications [10][11][12][13].
To reduce data redundancy and communication delay, data aggregation has become one of the most practical techniques, which can be used in edge computing-enhanced WSNs. Usually, a gateway is an ideal edge device to perform data aggregation operations due to its high computational capability, and mobile edge computing (MEC) also provides an emergent paradigm that brings computation close to mobile sensors [14]. It is worth noting that data aggregation at edge gateways may suffer from some potential security risks [15]. Firstly, the data may be captured or falsified during the delivery process, considering WSNs are usually deployed in an unattended environment. Secondly, adversaries can invade the edge gateway for stealing users' private data. e traditional security approaches cannot be directly applied to edge computing-enhanced WSN data aggregation, since they may be conflicted with aggregation function [16]. Furthermore, due to the dynamic and heterogeneous characteristics of WSN devices, there exits difficulty for the sensed data to be collected, encrypted, used, and stored in accordance with the users' preferences [17,18].
To solve the above problems, homomorphic encryption algorithms have been considered to construct privacy-preserving single-dimensional aggregation schemes [19][20][21]. Furthermore, researchers proposed several multidimensional privacy-preserving data aggregation schemes, the core idea of which is to construct a conversion mechanism between multidimensional data and large integers [19,20,[22][23][24][25][26][27][28][29][30][31][32][33]. ese researches are centered on how to reduce computation costs and communication load while collecting and transmitting the data. Lu et al. [26] proposed an efficient privacy-preserving data aggregation (EPPA) scheme in smart grids. Merging multidimensional data by super-increasing sequence of large primes, Lu et al.'s scheme is more efficient than the one-dimensional data aggregation schemes. Using a polynomial method, Shen et al. [27] constructed a user-level polynomial to store multidimensional values in a single data space based on Horner's rule. Fault tolerance can be used to enhance the security and robustness of a data aggregation scheme. In [32], Mohammadali et al. presented a homomorphic privacypreserving data aggregation scheme with the fault tolerance property, so it can keep data secure even if the aggregator is malicious or curious.
Most secure data aggregation schemes only consider summation-based aggregation since the underlying additive homomorphic encryption only supports the modular addition operations. In practice, various types of statistics (e.g., mean, variance and standard deviation) might often need to be supported for data application [34]. erefore, it is necessary to design multifunctional secure data aggregation scheme supporting various data statistics. Zhang et al. [35] proposed a multifunctional secure data aggregation scheme (MODA). is scheme offers the building blocks for multifunctional aggregation by encoding raw data into welldefined vectors. Peng et al. [36] introduced a multifunctional aggregation scheme supporting diversified aggregation functions, including linear, polynomial, and continuous functions. Both of the above schemes implement the statistical functions computed by control center. For example, in [36], the ciphertext sum is generated in the edge device and the mean is calculated using the decrypted sum by control center. us, the total number of sensor devices is required to transmit to control center for calculating the mean by sum/total number.
In lots of WSN application scenarios (e.g., industrial monitoring), the total number of sensor devices represents industrial scale which should be kept secret. Smart factories use WSNs and edge computation to create new production forms with better efficiency and flexibility. e total number of sensor devices usually represents industrial production scale in a smart factory. Usually, control center is a thirdparty service from the cloud or a regulatory agency from the government side. Trade secrets can be learned and used by rivals if the scale of a factory's production is disclosed. erefore, it is necessary to compute statistical aggregation functions without exposing the total number of WSN sensor devices. In such a scenario, the control center could use statistical data for scientific analysis and intelligent decisionmaking but would not have any data about the industrial production scale of the smart factory.
In this article, we propose the first privacy-preserving statistical aggregation scheme without revealing the total number of sensor devices to control center for edge computing-enhanced WSNs. e contributions of this article can be summarized as follows: (i) We construct an efficient privacy-preserving statistical aggregation scheme based on the Paillier additive homomorphic encryption scheme and the ECDSA digital signature scheme, called EPPSA. e EPPSA scheme supports multiple statistical aggregation functions, including arithmetic mean, quadratic mean, weighted mean, and variance. (ii) In the EPPSA scheme, the mean values can be calculated by the edge device and control center cooperatively, while control center does not know the total number of sensor devices. Firstly, the edge device computes the mean value in ciphertext since it has calculated the sum of the data in ciphertext.. Secondly, after receiving the mean in ciphertext, control center calculates the correct mean by using the modified extended Euclidean algorithm to process the decrypted mean. e EPPSA scheme avoids calculating sum/total number and the total number of WSN sensor devices can be kept secret to control center. (iii) In the EPPSA scheme, we propose three modified Montgomery exponentiation algorithms to improve the aggregation efficiency in the edge device. Our idea is to avoid converting the data between the Montgomery domain and residue domain frequently during the whole process. e ciphertext data in the Montgomery domain can be aggregated by Montgomery multiplications, which are more efficient than ordinary modular multiplications. (iv) We implement the EPPSA scheme and compare it with the existing schemes. Compared with [28], the EPPSA scheme gets 62.5% aggregation performance improvement for 1024 bits modulus. Compared with [36], the EPPSA scheme gets 50% and 33% communication load decrease on arithmetic mean and variance statistics, respectively. e rest of this article is organized as follows: In Section 2, the problem formulation is presented. In Section 3, the related preliminaries are reviewed. In Section 4, the proposed EPPSA data aggregation scheme is given. In Section 5, the secure analysis is given. In Section 6, the performance evaluation and comparison are presented. Finally, Section 7 concludes this article.

Problem Formulation
In this section, the formalized system model, the security requirements, and design goals are presented.

System Model.
In the EPPSA scheme, a WSN system is comprised of four parts, namely trusted authority (TA), control center (CC), edge aggregator (EA), and sensor device (SD). e system describes a three-level topological structure, as shown in Figure 1.
(i) TA is a trusted third party, which is responsible for generating and distributing the secret keys to all the system participants. In the phase of system initialization, TA sets the ECDSA key pairs into the sensor devices, edge devices, and control center. TA distributes the Paillier public key to the sensor devices, edge devices, and the Paillier private key to control center separately by sending digital envelopes over the Internet. (ii) CC is a powerful service controller of a WSN sensing system. According to special application requirements, CC is responsible for analyzing the data statistics, for example, data mining. CC is assumed to be honest-but-curious. It means that CC attempts to mine valuable information while performing its specified tasks. (iii) EA is a wireless receiving equipment that is deployed at the edge of the WSN. EA is responsible for collection, aggregation, and transmission of sensor data. EA collects encrypted data from sensor devices, aggregates the data, and transmits the aggregated data to CC. EA is a high-performance computing device so that it can perform computationally expensive processes. (iv) SD is deployed at the intended area and is responsible for sensing and communication. SDs automatically sense and encrypt the particular data before sending them to EA. For example, ambient temperature sensors record the real-time temperature in an intelligent agricultural system and report the encrypted data to CC via EA.

Security
Requirements. In our system model, EA and CC are curious about SD's privacy data, but they cannot collude with each other. Moreover, there is an adversary α assumed to have the capability to eavesdrop on data during their transit. To protect data against internal and external attacks, the following security requirements should be fulfilled: (i) Data confidentiality. Even though data from SDs or EA is eavesdropped on by α during their transit, they cannot be identified. EA cannot infer the privacy information of SDs while aggregating statistic data. When CC receives the statistics data, for example, mean, variance, it cannot identify the individual data or number of SDs. (ii) Authentication. It should be guaranteed that the data are generated by legitimate SD entities. Otherwise, malicious operations from α, for example, replay attack, may undermine the accuracy of the statistics. Similarly, the aggregate data should be guaranteed to be generated by a legitimate EA. (iii) Data integrity. Accuracy and completeness of data in transmission should be guaranteed. When an adversary α forges or modifies the data, the malicious operations should be detected by the receiver.

Design Goal.
Our design goal is to design an efficient privacy-preserving statistical aggregation scheme. e following design goals should be achieved: (i) Security. e proposed scheme should satisfy the secure requirements mentioned above. e security goal is to prevent individual data and statistical data from being stolen by the adversary. In order to achieve this security goal, both internal and external behavior should be detected.
(ii) Efficiency. e proposed scheme should consider computation cost and communication load. On one hand, it is necessary to use lightweight encryption and signing primitives. On the other hand, methods should be adopted to reduce the consumption of aggregate computation.

e Paillier Cryptosystem.
e Paillier cryptosystem is a widely used public key encryption scheme with additive homomorphic property [37] and is standardized by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) in 2019 [38].
e Paillier cryptosystem consists of three parts, namely key generation, encryption, and decryption, which are described in Scheme 1.
e security of the Paillier encryption algorithm is based on the integer factoring problem. When choosing the parameter g, it is necessary to judge whether n is divisible by the order of g. is can be efficiently checked by testing whether gcd(L(g λ mod n 2 ), n) � 1, where function gcd(.) is the greatest common divisor function.
e Paillier cryptosystem has several interesting homomorphic properties, which are associated with the statistics given below: (1)

Mean Value Computation on Ciphertext of Paillier
Cryptosystem. Shah et al. [39] proposed a solution for noninteger mean value computation in the homomorphic encrypted domain. is method can be adopted by statistical aggregation scheme in WSNs. Let (d 1 , d 2 , . . . , d m ) be a set of numbers. e mean value, denoted by d mean , is the sum of the values divided by the total number of elements, d mean � i�m i�1 d i /m. In practice, the mean d mean may result in integer or float value. Using the homomorphic property of the Paillier cryptosystem given in (2), the mean can be calculated in the encrypted domain.
If the plain domain mean d mean is an integer, the encrypted domain mean Enc(d mean ) calculated by (2) results in the correct mean d mean after decryption. However, if the plain domain mean d mean is a decimal, the encrypted domain mean Enc(d mean ) calculated by (2) results in a large integer after decryption. For example, d mean � α/β, where α is not divisible by β. After decryption, Enc(d mean ) will result in αβ − 1 mod n 2 , which is a large integer. Reducing the large integer to the correct mean value is a two-dimensional lattice reduction problem and can be solved by the Lagrange-Gauss lattice reduction algorithm. Shah et al. proposed an efficient method to reduce the large integer called the modified extended Euclidean algorithm (MME).
e method is shown in Algorithm 1. e modulus n of Paillier cryptosystem and large integer value w can be considered as independent points in a two-dimensional lattice space ✓.
ese two basis vectors, (0, n) and (1, w), can be reduced for optimal values. Algorithm 1 computes the reduced value of w using adapted extended Euclidean algorithm, which is the correct mean value.

Montgomery Multiplication.
Montgomery multiplication (MM) is an efficient technique for computing modular multiplications [40]. Assuming an odd modulus n is a t-bit number, let r � 2 t . For integers 0 < a, b < k, the Montgomery multiplication is MM(a, b) � ab2 −t mod n. By taking r as a power of 2, the division becomes simple shifting. e process of MM is presented in Algorithm 2.
Utilizing the MM algorithm, the Montgomery exponentiation is present in Algorithm 3. For a number α, the corresponding number in the Montgomery domain is denoted by α.

The Proposed EPPSA Scheme
In this section, we propose the first privacy-preserving statistical aggregation scheme without revealing the total number of sensor devices to control center. In order to achieve the security goals, the edge device and control center calculates the statistics cooperatively, while control center does not know the total number of sensor devices. e Paillier cryptosystem is used as the encryption scheme and the ECDSA algorithm [41] is used as the signature scheme.
e EPPSA scheme consists of four phases including system initialization, data encryption, secure statistical aggregation, and secure statistics reading. In the system initialization phase, TA initializes the WSN system by generating and distributing the secret keys of the Paillier and ECDSA algorithms. In the data encryption phase, sensor device SD i collects raw data and encrypts these data to generate a data report. en sensor device sends the encrypted data report to EA via wireless networks. In the secure statistical aggregation phase, EA calculates sum and mean value in the encrypted domain and sends the statistical report to CC. In this phase, EA does not reveal the total
number of sensor devices to CC. In the secure statistics reading phase, CC decrypts the statistical report and calculates the quadratic mean and variance of each dimension. Finally, CC gets all the arithmetic mean, quadratic mean, weighted mean, and variance without knowing the total number of sensor devices. Furthermore, to achieve the improvement in aggregation performance, we present three modified Montgomery exponentiation algorithms. Using these algorithms, EPPSA avoids frequent conversion of exponentiation results between the Montgomery domain and residue domain.

Modified Montgomery Exponentiation Algorithms.
We modified Algorithm 3 to improve the aggregation performance. ree modified algorithms below map the result of modular exponentiation into the Montgomery domain.
Compared with Algorithm 3, Algorithm 4 removes the step θ � MM(θ, 1), which converts the result into the correct domain z * n . is denotes that the exponentiation result is still in the Montgomery domain. e result of exponentiation is denoted by θ to be distinguished from the one in Algorithm 3.
Compared with Algorithm 3, Algorithm 5 removes the step c � MM(c) and θ � MM(θ, 1). e base number and result of Algorithm 5 are both in the Montgomery domain and are denoted by c and θ, respectively, to be distinguished from the ones in Algorithm 3.
Compared with Algorithm 3, Algorithm 6 removes the step c � MM(c). e base number of Algorithm 6 is in the Montgomery domain and is denoted by c to be distinguished from the one in Algorithm 3.
Using these algorithms, encrypted data are converted to the Montgomery domain at the beginning of the process during the process.
en encrypted data are kept in the Montgomery domain for further computation. In the end, the results are reconverted back to the residue (non-Montgomery) domain. By reducing the conversions between the Montgomery domain and the residue domain, the aggregation operation can be accelerated.

System
Initialization. In the proposed system model, we assume that there are m SDs in WSN, which are denoted by ,1 , d i,2 , . . . , d i,j , . . . , d i,l ). Each D i gets an identity ID i and EA gets an identity ID EA . e data in a region can be denoted by a matrix Given secure parameters κ and κ 1 , TA initializes the parameters of the additive homomorphic encryption algorithm and digital signature algorithm. e key generation procedure is shown as follows: (i) Input: c, e, n, where n′ is computed by the extended Euclidean algorithm. Output: θ � c e mod n.

ALGORITHM 3: e Montgomery exponentiation
Input: n, w, where n is the modulus and w is the large number. Output: R w � MEE(n, w).  MM(a, b).
else return v ALGORITHM 2: e Montgomery multiplication Security and Communication Networks Step 1: TA chooses prime numbers p, q randomly, where |p| � |q| � κ. Let n � pq and λ � lcm(p − 1, q − 1). Choose g, with g ∈ Z * n 2 , and the order of g is a multiple of n. en, TA generates the encryption key (pk AHE , sk AHE ), where the encryption public key is pk AHE � (n, g) and decryption private key is sk AHE � (p, q, λ).
Step 2: TA chooses an Elliptic curve group Γ of an order q 1 with base point (generator) G, which is over the finite field Z p 1 of integers modulo a prime p 1 . e bit length of q 1 and p 1 should be set as the security parameter, that is, |p 1 | � |q 1 | � κ 1 . For each SD i (1 ≤ i ≤ m), TA chooses a secret key of digital signature sk DS ,i ←Z q 1 randomly. TA sets the public key of the digital signature pk DS ,i � sk i · G. e signature key of SD i is (pk DS,i ,sk DS,i ). e signature keys of EA, CC, and TA are generated in the same way, which are denoted by (pk DS,EA , sk DS,EA ), (pk DS,CC , sk DS,CC ), and (pk DS,TA , sk DS,TA ), respectively. e signature algorithm makes use of a hash function H: 0, 1 { } * ⟶ Z q 1 .
Step 3: Via a secure channel, TA sends the encryption public key pk AHE and the signature private key sk DS,i to SD i (1 ≤ i ≤ m). It sends the encryption public key pk AHE , the signature public key pk DS,i , and the signature private key sk DS,EA to EA. It sends the decryption private key sk AHE and the signature public key pk DS,EA to CC.
After key generation, TA distributes the encryption keys and signing keys. e key distribution procedure is shown as follows: Step 1: TA writes signature key pair (pk DS,i , sk DS,i ) into the senor device SD i (1 ≤ i ≤ m) before deploying the sensor device. TA writes the signature public key pk DS,i and the signature key pair (pk DS,EA , sk DS,EA ) into EA before deploying the edge device. TA sends the signature public key pk DS ,TA and pk DS ,EA to CC through the Internet and give the signature key pair (pk DS,CC , sk DS,CC ) to CC by a USB key device.
Step 2: Using the private key sk DS,TA , TA computes a digital signature on sk AHE denoted by σ AHE . Using CC's public key pk DS,CC , TA generates a digital envelope on the Paillier private key sk AHE and the signature σ AHE denoted by σ DE . TA sends the σ DE to CC through the Internet.
Step 3: After receiving the digital envelope σ DE , CC decrypts it and gets the Paillier private key sk AHE and the signature σ AHE . Using the public key pk DS ,TA , CC verifies the signature. If the verification is passed, the Pallier private key will be accepted.

Data Report Generation.
Each sensor device SD i , (1 ≤ i ≤ m), performs the following phases to get a data report: (i) Generate: e SD i firstly generates the raw data vector d i � (d i,1 , d i,2 , . . . , d i,j , . . . d i,l ).
en SD i calculates the corresponding quadratic data vector if e i � 1, then θ � MM(c, θ) (6) return θ ALGORITHM 4: e modified Montgomery exponentiation 1 (MME1) (i) Input: c, e, n, where n′ is computed by the extended Euclidean algorithm.
if e i � 1, then θ � MM(c, θ) (5) return θ ALGORITHM 5: e modified Montgomery exponentiation 2 (MME2) 6 Security and Communication Networks (c i , c 2 i , c i,wei σ i , TS, ID i ) reported from m sensor devices, EA performs the following steps to generate the statistical aggregation report:

Statistical Aggregation. After receiving the data
signature is achieved by σ EA � (sig EA mod q 1 , r x,EA mod q 1 ). (iv) Send: EA sends the data report (c EA , σ EA , TS, ID EA ) to CC.

Statistical Report Decryption.
After receiving the data report (c EA , σ EA , TS, ID EA ) reported from EA, EA performs the following steps to decrypt the statistical aggregation report:

Security Analysis
In this section, we analyze the security properties of the proposed EPPSA scheme, following the security requirements and design goals given in Section 2.  Proof 2. In the EPPSA scheme, the data are encrypted by the Paillier cryptosystem. According to Lamma 1, the result of encryption c i,j � g d i,j r n mod n in the Montgomery domain is Security and Communication Networks a valid format of the ciphertext. Meanwhile, the private key sk AHE is transmitted to CC in digital envelope. e sk AHE is encrypted by CC's public key pk DS ,CC so that α cannot get it. Since Paillier cryptosystem is provably secure against the chosen plaintext attack based on the decisional Diffie-Hellman problem, α cannot guess the plaintext in a nonnegligible probability without the private key sk AHE . Similarly, α cannot obtain statistics by eavesdropping on the transmission between EA and CC. In a word, the data and statistics in transmission are semantically secure.

Resistance to Replay Attack
Theorem 2. If a replayed data report is transmitted to EA, or a statistical report to CC, it can be detected. Proof 3. If an adversary α replays the data report (c re , σ new , TS new ) to aggregator EA, it needs to forge a new timestamp donated by timestamp new . Since the timestamp is new, α has to forge a new signature σ new of the replayed ciphertext c re . e security of the ECDSA system is based on the computational intractability of the discrete logarithm problem (DLP). e signature key pair (pk DS ,i , sk DS ,i ) is written to SD i directly when system initialization. us, α cannot guess the correct signature of the replayed report in a nonnegligible probability without the private key sk DS ,i . Similarly, the replay attack of the statistical report to CC can be detected for the same reason. In a word, the EPPSA scheme is resistant to replay attack.
checks the signature σ i by verifying the equation r x,i ′ mod q 1 � r x,i mod q 1 . If c i is manipulated, the hash value will be incorrect and the signature will not be validated.

Performance Evaluation and Comparison
In this section, our scheme is evaluated in terms of computation costs and communication costs. e performance results are compared with the scheme proposed in references [28,31,33,36].

Computation Cost.
Assume that there are m sensor devices SD i in the system and each of them reports an ldimensional data vector for both our EPPSA scheme and schemes in [28,31,33]. For the fairness of comparison, these schemes are assumed to get moduli with the same bit length. In our EPPSA scheme, the modified Montgomery exponentiations (Algorithms 4, 5, and 6) are used to keep the result of exponentiation in the Montgomery domain. at means the aggregation in EA only needs Montgomery multiplications. Let T MM and T OMM be the time cost of a Montgomery multiplication operation and an ordinary modular multiplication operation, respectively. And time cost of a Montgomery exponentiation is denoted by T ME . In our proposed EPPSA scheme, benefitting from the modified Montgomery exponentiations, (m − 1) · T MM is needed. In [28], the aggregation of each dimension is calculated by (m − 1) · T OMM . In [31], the aggregation of each dimension is calculated by (m − 1) · T OMM . In [33], the cost of aggregation is (m − 1) · T MM + T ME . A comparative summary of computation cost for m SDs aggregation is listed in Table 1.
To evaluate the performance, we execute the experiments on a Laptop with Windows 10 OS, Intel ® Core ™ i5-700U 2.50 GHz and 16 GB RAM. And we utilize the OpenSSL library (OpenSSL 1.1.1 h) to provide basic cryptographic primitives. For the evaluation of the EPPSA scheme, we set the n to be 512 and 1024 bits in the Paillier Cryptosystem, and the n 2 to be 1024 and 2048 bits. As the number of dimensions changes, we get the comparison of aggregation computation costs of 1024 bits in Figure 2(a), and the computation costs of 2048 bits in Figure 2(b). In summary, Figure 2 clearly shows that compared with schemes in [28,31,33], EPPSA has the smallest computation cost. For example, compared with [28], the EPPSA scheme gets 62.5% aggregation performance improvement on 1024 bits.  [28] (m − 1) · T OMM [31] (m − 1) · T OMM [33] (m − 1)T MM + T ME

Communication Cost.
Among the previous edge-aided aggregation schemes, the scheme in [36] is the only one that offers statistical functions. erefore, we compare the communication costs of the EPPSA scheme with the scheme in [36]. We consider the communication costs of arithmetic mean and variance for fairness. For the sake of instruction, we denote the bit length of the modulus by L.
In [36], EA needs to transmit the aggregated ciphertext of summation and counter to CC for arithmetic mean, in which the communication cost is 2L. In our EPPSA scheme, EA needs to send aggregated ciphertext of arithmetic mean to CC, in which the communication cost is L. In [36], EA needs to transmit the aggregated ciphertext of summation, quadratic summation, and counter to CC for variance, in which the communication cost is 3L. In our EPPSA scheme, EA needs to send aggregated ciphertext of arithmetic mean and quadratic mean to CC, in which the communication cost is 2L. Figure 3 shows the communication cost comparison of EPPSA and [36] in different bit lengths. It can be demonstrated that the communication cost of the EPPSA scheme decreases by 50% on arithmetic mean and 33% on variance.

Conclusion
In this article, we present an efficient privacy-preserving statistical aggregation scheme for edge computing-enhanced WSNs. e EPPSA scheme adopts the Paillier encryption scheme and ECDSA signature algorithm to guarantee data confidentiality, authentication, and data integrity. Compared with the existing multidimensional and multifunctional data aggregation schemes, the EPPSA scheme improves the efficiency of aggregation and decreases the communication load. Furthermore, the EPPSA scheme improves privacy protection by hiding the total number of devices in the data report. e EPPSA scheme can be applied in various WSN scenarios, such as smart factory, health care, and environmental monitoring.
Data Availability e data used in the experiments will be available upon request.