Study on Delay Optimization of Fog Computing Edge Nodes Based on the CPSO-LB Algorithm

With the development of modern science and technology as well as the steady advancement of urbanization, intelligent networks have emerged and are replacing traditional networks with the identity of next-generation networks. And information security is one of the most important research directions in the intelligent network construction. In order to resist the threat of privacy leakage during the data transmission of intelligent terminal, an original four-layer fog computing system which is suitable for intelligent network data collection, transmission, and processing structure is established in the paper. With the help of the Paillier algorithm for encryption and ﬁ ne-grained aggregation, the ﬁ ne-grained aggregated data as coe ﬃ cients are embed in the cloud node, and Horner ’ s rule is conformed for unary polynomials, which further aggregates to reduce the amount of transmitted data, so that communication overhead is reduced as well. Meanwhile, the resolvability of Horner ’ s rules allows EPSI to ﬁ nally obtain the subregional information plain text, and it is summed up to obtain cloud-level information data. Therefore, the comparative analysis of simulation experiments with other algorithms proves that the rational optimization of the research content in this paper plays a higher security role.


Introduction
The intelligent network is designed to combine traditional network and information network technologies to encourage family users to actively manage daily energy consumption and efficiently provide reference information needed by power supply companies for planning and regulation. Although the deployment of intelligent networks can bring huge socioeconomic benefits, severe information security risks also follow. During the transmission of information data, illegal attackers can master user's life habits by maliciously eavesdropping on the data, which can also cause huge property losses to users or suppliers by maliciously tampering with the data [1,2].
The network privacy protection research is usually dedicated to solve two kinds of security risks: intelligent terminal identity security risks and intelligent terminal data security risks. Identity security needs to consider the problem of identity distribution of each entity in the intelligent network and the problem of mutual authentication among different domains. Data security needs to ensure the confidentiality and integrity of the data to avoid data loss or leakage.
The work in the paper makes full use of decentralized computing and storage resources to achieve a better user experience, and its specific contributions are as follows [3][4][5]: (1) Lightweight Key Agreement Identity Authentication to Achieve Privacy Data Integrity. A key agreement scheme based on elliptic curve is applied to the identity authentication between layers, which can avoid bilinear pairing, and effectively reduces the calculation overhead. In addition, a certificateless mode is adopted in the paper, which effectively avoids the case of dishonest key generation center eavesdropping and forging user signatures.
(2) Achieving Fine-Grained Aggregation of Data Privacy and Confidentiality. The Paillier encryption algorithm is used to process private data, and its additive homomorphism is applied to sum the intelligent terminal data in an encrypted state, so that data aggregation on the premise of protecting the privacy of personal information can be completed. Therefore, the data aggregation is completed under the premise of protecting the privacy of personal information, which effectively resists the eavesdropping attack brought by the curiosity of fog node.
(3) Realizing Multigranular Security Aggregation of Cloud-Fog Collaboration. The Horner rules are used for further coarse-grained aggregation of fog node data, and the least multiplication operation strategy is applied to speed up the operation. Meanwhile, the final data results can be accurate to the range of a single fog node area and also ensure that the fog cloud cannot obtain personal information data, which is enough to provide differentiated user data services.

Materials and Methods
A fog computing network architecture suitable for intelligent network data collection, processing, and transmission is built in the paper, as shown in Figure 1. It consists of 4 layers: equipment layer, fog layer, cloud layer, and EPSI. In the constructed system model, cloud node coverage is divided into f subregions, and each region is assigned 1 jog node fog j , which corresponds to fog 1 , fog 2 , …, fog f , and there are the numbers of intelligent terminal SM ij (it indicates the i th intelligent terminal device under the j th fog node, i ∈ ½1, n) of n in the coverage of each fog node [6,7].
As can be seen from Figure 1, the system model mainly includes the following five entities: KGC (key generation cen-ter), intelligent terminal, fog node, cloud node, and EPSI (electric power service institutions).
(1) KGC. It is a third party that is not completely trusted and is mainly responsible for generating various keys and sending them to various entities, which has relatively strong computing power [8,9].
(2) Intelligent Terminal. The user information data are collected in real time, and it is encrypted. After negotiating with the corresponding fog node key, the encrypted data are signed and uploaded to the corresponding fog node periodically to wait for aggregation [10,11,15]. In addition, the user can send a request to the corresponding fog node to view the real-time data of the total amount of information in its coverage area so as to understand the regional information.
(3) Fog Node. It locates in the middle layer of intelligent terminal and cloud node, which dedicates to fully tap local computing power. There is a fog node in each subarea, and the fog node interacts with the intelligent terminal within its coverage area, which can effectively resist malicious injection attacks through identity authentication technology, perform finegrained aggregation on the authenticated data, and forward the aggregated data to the corresponding cloud node.
(4) Cloud Node. The cloud receives the aggregated cipher text from each fog node in its coverage area, avoids malicious injection through identity authentication, and uses Horner rules for the second aggregation to obtain a coarse-grained aggregation Analyze the fine-grained aggregated ciphertext of each fog node to decrypt the total power consumption plaintext of each sub-region (3) The threat of an attacker actively attacking. In addition to launching passive attacks through eavesdropping, attackers can also maliciously inject through camouflage and other methods, thereby destroying the authenticity and integrity of private data. Therefore, before receiving the data and performing the protocol operation, the fog node or the cloud node must authenticate the identity through key agreement to ensure that the data comes from the legal entity, and the data is sent to the legal entity

Results and Discussion
EPSI's scheduling analysis depends on the real-time information volume of each area, so the data will be read to the intelligent terminal of each area at a fixed time interval. However, there is a certain risk of privacy leakage in the process of reading and transmitting data, and there is a problem that the communication overhead of traditional data transmission is relatively large. Therefore, homomorphic encryption is used in the paper to ensure the privacy and confidentiality of data during transmission. What is more, the multigranular aggregation of the fog layer and the cloud layer can effectively reduce the amount of data transmitted, thereby reducing transmission consumption [19]. In particular, the data results of multigranularity aggregation can also improve the flexibility of scheduling. With the help of a lightweight identity authentication scheme with low computing overhead, it can save fog and cloud computing resources while resisting camouflage attacks. The privacy protection data aggregation scheme proposed in the paper consists of the key generation and distribution, the intelligent terminal data report, the fog node fine-grained report, the cloud node coarse-grained aggregation report, and EPSI aggregation report reading 5 parts.

Key Generation and Distribution
3.1.1. Paillier Key Generation and Distribution. KGC first randomly selects two large prime numbers p and q to satisfy gcd ½pq, ðp − 1Þðq − 1Þ = 1 and calculates N = pq as the public key for homomorphic encryption. Assuming LðuÞ = ðu − 1Þ/n, λ = lcm ðp − 1, q − 1Þ is calculated [20][21][22], a random integer gðg < N 2 Þ is chosen to ensure the existence of μ = ½Lðg λ mod n 2 Þ −1 mod N. The public key is (N, g), and the private key is (λ, μ). The key generation center sends the same set of public and private keys to each intelligent terminal within the coverage of the same fog node and sends the corresponding public key to the fog node, which provides the public and private keys to EPSI.

Key Generation and Distribution in the Key Agreement
Part. KGC randomly selects large prime numbers m P , m q , and Fðm P Þ to generate a pseudorandom elliptic curve Eðm P Þ and determines the generator P. If P is a base point of order m q on the elliptic curve, and the cyclic group generated by the base point P will be G. Then, a secure hash function is selected. The construction method of H 1 is to first perform the point multiplication operation on the elliptic curve to obtain the point X, add the horizontal and vertical coordinate values of X, and then modulo m q to complete the hash operation. The structure of H 2 is direct modulo. The construction method of H is to first 3 Wireless Communications and Mobile Computing add the points of 3 points on the elliptic curve, then do the point multiplication, and add the two coordinate values to do a hash operation [23].
KGC randomly generates x ∈ Z * q , calculates Y = x P , publicizes the parameters (m P , m q , P, H 1 , H 2 , and H), and keeps it confidential x. Each intelligent terminal SM ij , fog node fog j , and cloud node select account ID SM ij , ID fog j , and ID cloud to, respectively, register. After successful registration, KGC provides the intelligent terminal with a partial private key d SM ij , intelligent terminal public key R SM ij , and fog node public key R fog j and x. Next, KGC provides the fog node with some private keys d fog ij , intelligent terminal public key R SM ij , fog node public key R fog j , cloud node public key R cloud and x. Finally, KGC provides the cloud node with some private key d cloud , cloud node public key R cloud , fog node public key R fog j and x [24,25].
Among them, for the account ID SM ij , KGC selects r SM ij ∈ Z * q , generates a public key R SM ij = r SM ij P, and produces a partial private key d SM ij = ½r SM ij + xHðID SM ij , R SM ij Þ mod m p , thereby computing P SM ij = d SM ij P for calculating the final K 2 . For the account identity ID fog j , KGC generates the public key R fog j and part of the private key d fog j and also computes P fog j = d fog j P to calculate the final K 2 . For the account ID cloud , KGC generates the public key R cloud and part of the private key d cloud and computes P cloud = d cloud P to calculate the final K 2 . KGC sends these public keys and some private keys to intelligent terminal SM ij , fog node fog j , and the cloud node through secure channels, respectively [26,27].
After obtaining the public and private keys, user SM ij can determine whether some of the private keys given by KGC are valid by calculating whether H 1 ðID SM ij , R SM ij ÞY = d SM ij P is established. In addition, fog node fog j and the cloud node are the same.

Intelligent Terminal Data Report.
In order to prevent the user's private data from being exposed to eavesdroppers in the "intelligent terminal-fog" communication link, the private data in the paper are chosen to encrypt in the intelligent terminal. Moreover, the data generated by the intelligent terminal is generally uploaded to the fog node periodically, assuming that the time gap is 15 min. Then, the intelligent terminal encrypts the real-time information data every 15 minutes, generates a signature on the encrypted data after the two parties of the transmission complete the key agreement, and uploads the data report to the corresponding fog node, and finally, waits for the fog node to aggregate it [28,29].
Assuming that there are n intelligent terminals in a subregion, the information stored in the ith intelligent terminal SM ij in the subregion is x ij (0 ≤ i ≤ n, 0 ≤ j ≤ f ), and intelligent terminal SM ij will perform the following operations.

Key Negotiation between the Fog Node and Intelligent
Terminal. In order to prevent attackers from impersonating intelligent terminal and injecting false data or impersonating the fog node to eavesdrop on the data, this scheme builds a lightweight identity authentication based on the elliptic curve to confirm the identity of the operation user.
In order to prevent an attacker from eavesdropping on the key from KGC and pretending to be an intelligent terminal or node, the public key and some private keys are generated by KGC during system initialization. The long-term private key x SM ij and temporary private key a ij are generated by the intelligent terminal node itself, and the long-term private key x fog j and temporary private key b j are generated by the fog node itself.
Given the user SM ij identity ID SM ij , it calculates and sends the message ðID SM ij , h 1 , s, nonceÞ to fog node fog j , where nonce is the current time stamp. Next, wait for fog node fog j ' s reply report. If the reply report is a retransmission command, then rekey negotiation will be performed. If the response report is ðID fog j , h 3 , s, nonceÞ, then determine whether the nonce is the time stamp sent by the intelligent terminal before. If it is, then calculate the T fog j ′according to the formula to determine whether H 2 ðT fog j ′ + ID fog j + nonceÞ = h 3 is established. If it is true, according to formula (2), calculate K 1 , K 2 , and K 3 .
if it is not true, the negotiation fails, and fog node fog j will be required to resend the verification message. Finally, user SM ij calculates the K value according to 3.2.2. Raw Data Perception. The intelligent terminal uploads data every 15 minutes and generally consists of one integer and several decimals. In order to ensure the normal operation of the Paillier algorithm, the original data x ij is multiplied by 10 n before encryption and a rounding operation is performed to retain n digits after the decimal point. Three digits after the decimal point are retained in the simulation 4 Wireless Communications and Mobile Computing verification, but the proposed scheme can be generalized to more than one decimal point. It is calculated as follows: The more the number of reserved data bits, the greater the data calculation and transmission consumption will be, but the accuracy of the same data will be higher.

Original Data Encryption.
In order to ensure the confidentiality of private data, this section uses the Paillier algorithm to encrypt the intelligent terminal to protect it from the threat of malicious attacks. In this encryption scheme, it is assumed that each intelligent terminal and EPSI shares a private key and a public key, but the private key is completely hidden from the fog node and the cloud node. In particular, the public key and the private key have been generated and distributed by KGC in the generation of system parameters. The encryption process of private data is as follows: random number r ij ∈ Z * q is selected, and for any plain text x t ij , the public key (N, g) is used to encrypt the cipher text CCCC obtained as Each intelligent terminal packages the encrypted data c t ij and session key K ij into an intelligent terminal data report, which is uploaded to the corresponding fog node fog j every 15 minutes.

Fog Node
Fine-Grained Aggregation Report. The operation of directly uploading explosively increased intelligent terminal data to the cloud will generate a large amount of transmission energy consumption and increase the bandwidth burden, which can make it difficult to meet the needs of low-latency transmission. Therefore, this section reduces the data traffic at the core network by introducing a fog node and further reduces the amount of data by performing relevant calculations at the fog node, which can reduce data transmission energy consumption. What is more, the Paillier algorithm used by intelligent terminal encryption has good addition homomorphism, which can support the addition calculation of data in the encrypted state, and obtain the correct data result after decryption. In addition, this homomorphic encryption feature ensures the privacy of the data on the fog side, even if an attacker maliciously eavesdrops, who cannot obtain the private data plain text, thereby effectively protecting the data security.
3.3.1. Identity Negotiation between the Fog Node and Intelligent Terminal. Given the fog node fog j identity ID fog j , it checks whether the nonce sent from the intelligent terminal SM ij is time-sensitive; that is, the current time stamp nonce is obtained and verified whether nonce ′ − nonce ≤ Δnonce is established. If it is not established, the key negotiation fails, and user SM ij will be required to resend the authentication message. If it is true, the formulas (6), (7), and (8) will calculate and ðID fog j , h 3 , s, nonceÞ will be returned to user SM ij Then, according to formula (9), K 1 , K 2 , and K 3 are calculated.
Finally, fog node fog j calculates the K value according to 3.3.2. Fog Node Identity Authentication. The session key K ij is extracted from the data report sent from the intelligent terminal and compared with the corresponding session key K ij in the fog node. If they are consistent, the encrypted data in the data report will be received and will wait for the next aggregation. If they are inconsistent, they will be discarded. So far, the key agreement and identity authentication between the device layer and the fog layer are completed. The complete process is shown in Figure 2 3.3.3. Fog Node Fine-Grained Aggregation. At the fog node, for the data C j = fct 0 j , c t1 j ,⋯,c tn j g, it is encrypted in the user report sent by the coverage intelligent terminal and added aggregation; that is, the data is multiplied in C j : 3.3.4. Fog Node and Cloud Node Key Agreement. Before uploading, a key agreement is performed on the fog node fog j and cloud node again to calculate the session key K j 3.3.5. Fog Node Fine-Grained Aggregation Report Generation. The aggregated cipher text Sum j and session key K j of fog 5 Wireless Communications and Mobile Computing node fog j are packaged into a fine-grained aggregated report of the fog node and sent to the corresponding cloud node 3.4. Cloud Node Coarse-Grained Aggregation Report. The cloud received f encrypted aggregate data from f fog nodes within the coverage of the cloud node. In order to perform multigranular aggregation on the data in this area, the data obtained after the final EPSI decryption can be accurate to the fog node layer, and Horner rules are introduced in this section to complete the coarse-grained aggregation of the data. Horner rules can not only provide aggregation and parsing operations, since they use the least multiplication strategy, but also reduce the energy consumption caused by the calculation.
3.4.1. Cloud Node and Fog Node Key Agreement. Given the cloud node identity ID cloud , key agreement is performed with fog node fog j and the session key K j is calculated.
3.4.2. Cloud Node Identity Authentication. The session key K j from the fog node fine-grained aggregation report is compared with the corresponding session key K j in the cloud node. If they are consistent, the fine-grained aggregated data will be received in the fog node report and the next aggregation will be waited for. If they are inconsistent, they will be discarded.

Cloud Node Coarse-Grained Aggregation.
For the fog-level fine-grained aggregated data set Sum y = fSum 0 , Sum 1 , ⋯, Sum f g from the fog node, x h is selected to satisfy x h > Sum j ðj ∈ f0, 1, 2, ⋯, f gÞ as a parameter for Horner aggregation.

Cloud Node Coarse-Grained Aggregation Report
Generation. The n × f intelligent terminal data within the coverage of a cloud node is aggregated into a data Sum c in the cloud and transmitted to EPSI through a secure channel.

EPSI Aggregation Report
Reading. EPSI receives coarsegrained aggregated data from the cloud Sum c . Due to the resolvability of Horner's rule, the aggregated data can be parsed into fog-level fine-grained aggregated data of f fog nodes to provide differentiated data services for users.
3.5.1. Horner Analysis. The coarse aggregated data Sum c is analyzed in the cloud.
for i = 0 : f , Raw data Fog node ID fog i (elliptic curve parameters, d SM ij , Raw data (elliptic curve parameters, d fog i , Determine if nonce was issued by yourself Determine if nonce was issued by your determine whether nonce is time-effective Figure 2: Key agreement authentication process. 6 Wireless Communications and Mobile Computing Through the Horner rule analytical formula, the finegrained aggregated data of each fog node Sum j ðj ∈ f0, 1, 2, ⋯, f gÞ is obtained.

Decryption of Fog-Level Fine-Grained Aggregated Data.
The fog-level fine-grained aggregated data Sum j is decrypted to obtain the plaintext m Sum j of the fine-grained aggregated data in each fog node Since the original data is multiplied by 10 n before, the original data is uploaded and the rounding operation is performed to retain the n digits after the decimal point. After EPSI decrypted the privacy protection data to obtain the plain text m Sum j , it is necessary to divide the data by 10 n to restore the data.
EPSI performs data mining on the fine-grained aggregated data of these fog nodes, and the cloud-level aggregated data are obtained by adding them together to provide differentiated real-time data support for scheduling.
In addition, EPSI can also package and send the finegrained aggregated data of each subregion in plain text back to the fog node of each subregion, so that users can query with low latency and save EPSI computing processing resources.

Security Analysis.
This part mainly analyzes the security of this scheme from the aspects of privacy, confidentiality, and integrity and compares the security with the existing privacy protection data aggregation PPADA scheme.

Privacy.
Privacy data is always encrypted when it is uploaded to the fog node and the cloud node which do not have permission to obtain the decryption key. Therefore, even if the fog node or the cloud node tries to eavesdrop on the private data, it can only obtain the private data cipher text instead of the plain text. Finally, EPSI sends the total realtime information of each sub-region to the fog node in plain text. At this time, the fog node and the cloud node receive the total information volume of the subregion instead of the information volume of a single user, which can guarantee the privacy of data and effectively respond to threats on the fog node and the cloud node.

Confidentiality.
Privacy data is encrypted when it is transmitted in each unsecured communication link of the system model, and even if the eavesdropper eavesdrops on the private data cipher text, it cannot obtain valid data plain text without the decryption key. Finally, when EPSI sends the real-time data of each subregion back to the fog node, the transmission data is the total information volume of the subregion instead of the information volume of a single user, which does not expose user privacy. Therefore, it guarantees the confidentiality of the data and can effectively deal with the threat of eavesdropper eavesdropping on the communication link.

4.1.3.
Integrity. The solution in this paper uses a lightweight key agreement identity authentication. Before each data is uploaded, the two parties of the session conduct a key agreement to facilitate identity authentication when the data is uploaded. Once the session keys of the two parties are inconsistent, if one of the two parties in the session or both parties are not legal entities but the attacker is disguised, the identity authentication will fail, and the data will be discarded and reissued. Moreover, the identity authentication scheme effectively avoids malicious injections caused by the identity masquerading of the data sender and node eavesdropping attacks caused by the identity masquerading of the data recipient, which can ensure the integrity of the data.

Security Comparison.
The PPADA scheme, respectively, uses the Paillier encryption scheme and blind signature to ensure the confidentiality and integrity of the data. However, since the private data is decrypted in the fog node and compiled into the database, the privacy of the data cannot be guaranteed at this time. In particular, the data aggregation scheme combining the Horner rule and the Paillier encryption algorithm proposed in the paper can meet this challenge. While ensuring data privacy, the electricity bill is directly generated by the control center and passed back to each user through the fog node.
In summary, the scheme in the paper can guarantee the privacy, confidentiality, and integrity of data during transmission, which has more advantages in terms of security.

Identity Authentication
Performance. The performance of the identity authentication scheme is mainly compared in three aspects: the number of operations, the number of dot multiplications, and the number of communications between both parties in the key agreement. Security starts with four aspects: antieavesdropping on session keys, antieavesdropping on long-term public keys, antispoofing attacks, and two-way authentication. Compared with the scheme, the performance and safety are compared as shown in Table 1.
The number indicates the number of times, "√" indicates that this aspect of security, and "×" indicates that it does not have this aspect of security. In particular, "Φ1" stands for antieavesdropping of session keys, "Φ1" refers to antieavesdropping of long-term public keys, and "Φ1" indicates anti-identity fraud attacks. "Φ1" stands for two-way authentication.
As shown in Table 1, the identity authentication scheme in the paper is lower than other operations, point multiplication, and communication times, which reflects its lightness 7 Wireless Communications and Mobile Computing and also has the characteristics of antieavesdropping of session keys, antieavesdropping of long-term public keys, antiidentity fraud attacks, and two-way authentication. Through the comparison of the seven performance indicators in Table 1, the solution proposed in the paper is more secure than that of the literature.

Performance Comparison
Test. The performance of the proposed solution is evaluated in terms of the computational cost of each entity, communication overhead between entities, and resource distribution and compared with the existing PPUAC scheme, PADF scheme, and the constructed one-time aggregation scheme (called SIG-ADD), where the SIG-ADD achieves the same result as this solution; that is, EPSI can obtain the fine-grained aggregated data of each fog node in plain text. Supposing that the fog node performs fine-grained aggregation on the data from the intelligent terminal in the coverage area, then it is up loaded to the cloud node. What is more, the cloud node no longer aggregates the data but directly forwards it to EPSI, and EPSI uses the Paillier decryption algorithm to solve each fog node granular aggregated data plain text. The simulation data in this part comes from the real data of residents provided by the Energy Control Committee of the Irish Social Science Data Archive, which is shown in Table 2.
A large prime number m p = 3701 and m q = 37 are taken to generate the curve used for key negotiation, and Paillierencrypted large prime numbers p and q are randomly generated by a big integer class.

Calculation Overhead.
Assuming that the EPSI management area is divided into y sub-areas, there is one cloud node under each subarea, there are f fog nodes under each cloud node, and there are n intelligent terminals in each fog node area. In the simulation, it is assumed that there is 1 cloud node, i.e., y = 1; there are 3 fog nodes, i.e., f = 3: The symbol T eZ represents the computational cost of an exponential operation on Z * N 2 , the symbol T eZ refers to the computational cost of an exponential operation on G, the symbol T mG represents the computational cost of a multiplication operation on G, and the computational cost of bilinear pair operation is T p .
(i) Intelligent Terminal SM ij . Both the scheme in the paper and the SIG-ADD scheme use the Paillier algorithm for encryption, which requires a total of 2n times exponential modulus finger operations T eZ , and the key negotiation part requires a 2n times dot product algorithm. In particular, the PPUAC scheme requires 2n times exponential modulus multiplications T eZ and n times G multiplication T mG , while the PDAF scheme requires 2n exponential modulus multiplications T eZ , n times G multiplications T mG , and twice times bilinear pair calculation T p .
(ii) Fog Node fog j . In order to complete fine-grained aggregation, the scheme of this paper and the SIG-ADD scheme need to perform n times of multiplication operations on Z * 2 N and perform the key agreement (2n + 2f ) times multiplication algorithm. In addition, the PPUAC scheme requires (n + 2) times bilinear pair calculation T p and n times G to multiply T mG , while the PDAF scheme requires (n + f + 2) times bilinear pair calculation T p and (n + 1) times exponential modular multiplication operation T eZ .
(iii) Cloud Node. In the scheme of this paper, when performing coarse-grained aggregation, f times upper multiplication and key agreement 2f times the dot product algorithm on G are performed. The SIG-ADD scheme only performs 2f times the dot product algorithm for key agreement, and the PPUAC scheme performed (f + 2) times bilinear pair calculation T p and the f times the multiplication of T mG on the cloud node.
(iv) EPSI. The decryption of this program and the SIG-ADD program requires 2f times exponential modulus finger operation T eZ and 3f times G upper modulus operation T eG . In addition to these calculation  Among them, the upper multiplication operation Z * 2 N is negligible relative to T eZ and T p , and the point multiplication operation on the elliptic curve is generally replaced by cumulative point addition, and it can also be ignored.
The comparison of the computational costs of the four schemes in the entire system model is shown in Figure 3.
It can be seen that the calculation overhead generated by the scheme in this paper and the SIG-ADD scheme in the entire system model is almost the same and is much smaller than the PPUAC scheme and PDAF scheme. As the number of intelligent terminals increases, this advantage is more obvious. Since the scheme in this paper adopts a lightweight key agreement identity authentication scheme and compares with the complicated and cumbersome bilinear pairing authentication, the calculation overhead generated is smaller.

Communication Overhead.
Supposing that the symbol C usertofog indicates the length of data sent by the intelligent terminal user to the corresponding fog node, the symbol C fogtocloud indicates the length of data sent by the fog node to the corresponding cloud node, the symbol C cloudtoEPSI indicates the length of data sent by the cloud node to EPSI. If the parameter N is 64 bits, then the number of Paillier cipher text data bits will be 128 bits. So, it is C usertofog = 128 + ID SM ij + ID fog j + K j j, C fogtocloud = 128 + ID fog j + ID cloud j j+ K j j, Then, the total communication cost C all of this solution is C all = yfnC usertofog + yfC fogtocloud + yC cloutoEPSI : ð19Þ Among them, the C usertofog and C fogtocloud of the SIG-ADD scheme are consistent with the calculation formula of this scheme, while the calculation formula of C cloudtoEPSI is Therefore, the total communication cost C SIG−ADD of the SIG-ADD scheme is C SIG−ADD = yfnC usertofog + yfC fogtocloud + yfC cloudtoESI ′ : ð21Þ Supposing there are 3 cloud nodes, the length of each ID is 160 bits and the length of each session key K is 256 bits, the communication overhead of the scheme in this paper, the SIG-ADD scheme, the PPUAC scheme, and the PDAF scheme are analyzed in the intelligent terminal to the cloud node, cloud node to EPSI communication link under different fog node numbers. Figure 4 shows a comparison of the communication overhead of the four schemes for transmitting data on the link between the intelligent terminal and cloud node. Figure 5 shows the comparison of the communication overhead of the four schemes for transmitting data on the link between the cloud node and EPSI.
It can be seen from Figures 4 and 5 that in the communication link from the intelligent terminal to cloud node, the communication overhead of the PPUAC scheme and the PDAF scheme continues to increase with the increase of the f5og node. When the number of the fog node is 5, the communication overhead has, respectively, reached 13000 bits and 12000 bits. Meanwhile, the communication overhead of this scheme and the SIG-ADD scheme is almost the same 9 Wireless Communications and Mobile Computing at this stage. In the communication link from the cloud node to EPSI, the communication overhead of the SIG-ADD scheme increases linearly with the increase of the number of fog nodes, and when the number of fog nodes exceeds 3, the communication overhead has reached more than 8000 bits. The communication overhead of the scheme of this paper, PPUAC scheme, and PDAF scheme is maintained at the same level and the communication overhead of this scheme is lower. In summary, the total communication overhead of the solution in this paper on the entire communication link is much lower than that of the other three solutions. Additionally, as the fog node increases, the advantages of this solution are more obvious. It shows that the scheme in this paper is a lightweight privacy data multilevel aggregation scheme. Based on lightweight identity authentication and multilevel aggregation considerations, the data transmission overhead is effectively reduced.

Resource Distribution
Assessment. Different intelligent environments have different intelligent node networks and different rule sets. In order to verify the effectiveness of the distribution algorithm in the paper, the distribution mechanism in the paper is compared with the centralized distribution and ordinary distribution mechanisms. The two sets of data are designed as follows.

Wireless Communications and Mobile Computing
Under the same simulation environment of the intelligent node network, six groups of experiments with an increasing number of rules are set. The experiment numbers and corresponding rules are shown in Table 2, and the L (total) obtained by the above three allocation mechanisms in six sets of experiments is shown in Figure 6.
As can be seen from Figure 6, as the rules grow, the inference network becomes more complicated, and the delay of the centralized distribution increases sharply. Meanwhile, the real-time performance is very poor. Compared with the other three distributed real-time performances, the realtime performance has been significantly improved. Moreover, the real-time performance has been further improved on the basis of ordinary distribution with the algorithm proposed in the paper.
For the centralized distribution, it is not necessary to evaluate the resource balance. The Stdsen obtained by the distributed mechanism in six sets of experiments is shown in Table 3.
From Table 3, it can be obtained that the resource utilization of the algorithm in the paper is obviously better than that of the other three distributed types, and the optimization degree is more obvious when the number of rules is large.

Conclusions
A data aggregation scheme for intelligent network security and privacy protection in the paper is proposed based on fog computing in view of the hidden security risks faced by intelligent network data collection and transmission. Moreover, the key generation center in the solution is not completely trusted. In particular, by means of the pointplus-add feature of the elliptic curve, the authentication speed can be sped up. Meanwhile, with the advantage of data aggregation, the amount of data transmission can be lowered, which further reduces communication overhead. Therefore, simulation experiments have further confirmed the performance advantages of the proposed scheme in terms of security, practicality, calculation, and communication overhead. In the future, the theory of data space-time compression and network resource optimization will be considered integrating to further improve network system performance.

Data Availability
All data included in this study are available upon request by contact with the corresponding author.