A Secure IoT-Based Cloud Platform Selection Using Entropy Distance Approach and Fuzzy Set Theory

With the growing emergence of the Internet connectivity in this era of Gen Z, several IoT solutions have come into existence for exchanging large scale of data securely, backed up by their own unique cloud service providers (CSPs). It has, therefore, generated the need for customers to decide the IoT cloud platform to suit their vivid and volatile demands in terms of attributes like security and privacy of data, performance efficiency, cost optimization, and other individualistic properties as per unique user. In spite of the existence of many software solutions for this decision-making problem, they have been proved to be inadequate considering the distinct attributes unique to individual user. This paper proposes a framework to represent the selection of IoT cloud platform as a MCDM problem, thereby providing a solution of optimal efficacy with a particular focus in user-specific priorities to create a unique solution for volatile user demands and agile market trends and needs using optimized distance-based approach (DBA) aided by Fuzzy Set Theory.


Introduction
One of the greatest inventions of Gen Z, Internet has rapidly emerged over the last two decades, connecting people and organizations together into one giant family. This connectivity has generated the urgency of Internet of Things (IoT) [1], which involves sensors, software devices, and other technologies, for the purpose of maintaining the security and privacy of humongous data transmission among other devices and systems [2]. For this sole purpose, several distinct IoT platforms have come into existence with their own unique cloud service providers (CSP) at the backend. But, like every coin has two sides, i.e., it has also led to a problematic situation when it comes to the selection of ideal CSP for a selected set of attributes that purview a finite set of requirements, to assist the process of decisionmaking where one has to deliberate multiple attributes, possible scenarios, market trends, and user biases [3].
According to the best of research and knowledge and observation, no compatible and comprehensive study and solutions been done for this integrated set of requirements in the field of cloud service provider selection (CSPS). However, there exist a lot of work that includes some of our set of factors quality which elaborately and accurately formulates algorithm for some quality factors and some for the technical aspects [4,5]. Divergent from the preexisting schemes, thus, providing a flexible, realistic, and compatible methodology towards cloud service selection (CSS) considering all the possible factors under the sun required for an ideal cloud service.
1.1. Significance of the Research. In spite of the existence of many software solutions for this decision-making problem, they have been proved to be inadequate considering the distinct attributes unique to individual user.

Research Gaps in the IoT-Based Cloud Service Providers.
The requirement of decision-making among the various cloud service providers amalgamated with IoT applications has led to the emergence of several software solutions in recent years. However, multiple demerits can be observed in the performance and efficiency of these platforms [6]. The current short comings present in the IoT-based cloud service provider solutions involve numerous dimensions including the inefficiency of the platforms to extend for supporting the heterogeneous sensing technologies. Other demerits include the proprietorship of data, providing insinuations of privacy and security [7]. The processing and sharing of information can also be counted as another gap especially in scenarios where it is essential to support novel services. The absence of assistance provided by application developers is another shortcoming faced by several IoT cloud platforms [4]. Furthermore, most of these IoT platforms do not possess the property of expansion for the addition of new components to withstand the emergence of new technologies and provide economies of scale. Lastly, the delivery of the purchased software to the respective connected devices is also not supported by a majority of the marketplaces dedicated for IoT applications.
Multicriteria Decision-Making (MCDM) techniques provide a scientific and easy solution. MCDM deals with organizing variegated attributes which come under the purview of decision-making. It specializes in handling issues where the proximity of attributes is close, and human cognitive abilities are not able to take the logical decisions. It does so by performing bargains or trade-offs by replacing one criterion by equivalent another. This paper presents an integrated set of factors that contribute the solution to the problematic issue of the selection of an optimal IoT cloud platform.
In a nutshell, the qualities mentioned below make the proposed methodology novel when compared to state-ofthe-art techniques: (1) Identification and categorization of selection attributes (SA): after thorough and detailed studying of more than fifty research papers, few factors, i.e., selection attributes (SA) were filtered out. About 90 factors were carefully studied, and explicitly observed and relevant factors were mined out by removing redundant elements and those which were similar to each other. Finally, these factors were then categorized into broad three categories after extensive reasoning and filtration, namely,

Literature Review
This section of the research is concerned with the existing studies in the field of selecting optimal cloud computing service provider for IoT-based applications, where the problem of service selection has been represented as an MCDM problem. To search the relevant data, the keywords like Cloud Computing for IoT, Cloud Platforms for IoT Services, IoT based Cloud Service Selection, IoT Service Selection Attributes, and Cloud Service Selection for IoT were used. As a result of this research, a total of 104 research papers from various highly reputed journals and conferences were analyzed in detail. Now, these papers were screened by examining their primary focus, whether it is related to the cloud service selection or not. Then, in the second screening, the approaches used and the case studies mentioned along with the selection attributes (SA) which were mentioned in these research papers were deliberate to make a comparative study of the same. The comprehensive tabular literature survey is shown in Table 1. This paper presents and develops a hybrid decisionmaking framework using two methodologies, namely, Fuzzy Set Theory and Matrix Multicriteria Decision-Making (MMCDM) where identification and categorization of 14 selection attribute are prepared into three categories, namely, quality factors, technical factors, and economic factors. After removing redundant features and filtering unnecessary information, thereby making this framework relatively less vulnerable to prerequisites and limitations as compared to available frameworks and techniques in cloud computing service selection.

Security and Privacy Challenges in Cloud-Based IoT
Platforms. While IoT and its applications are well explored and secure, the cloud-based IoT platforms are still comparatively less explored and nascent in nature [18]. Categorized in two purviews, static and mobile-based platforms both have variegated challenges on grounds of security and privacy. There are multiple security challenges including identity privacy that deals with protection of details of user of the cloud devices like his/her personal real-world information. Other threats include disclosure of the real-time location of user termed as location privacy [19]. Node compromising attack is also one of the most enduring threats to user's privacy as it includes planned attacked to gain access to user's private information [20]. Removal or addition of transmission multiple layers is a very mundane breach performed by various IoT users; it involves manipulating the concept of reward Table 1 Citation/name Methodology Advantages Disadvantages [8] This study proposes a multistep approach to evaluate, categorize, and rate cloud-based IoT platforms via implementing Multicriteria Decision-Making (MCDM), probabilistic linguistic term sets (PLTSs), and finally, a probabilistic linguistic best-worst (PLBW) is used to score all platforms Though the proposed method seems complex but a real-time implementation via case study provides cogent proof of its efficiency. It also outperforms individual scoring, classification, and evaluating methods.
The data used in the case study is limited which explains the flow of the method but falls back to prove its cogency. Moreover, inclusion of latest hybrid techniques in the domain for comparative analysis could further edify the study's significance. [9] Cloud service provider selection approach is proposed via application of Multicriteria Decision-Making (MCDM), analytical hierarchical process (AHP), technique for order of preference by similarity to ideal solution (TOPSIS), and the best-worst method (BWM). Case study is presented to support the same.
The study successfully identifies and provides solutions the drawbacks of classical multicriteria decision-making (MCDM) approaches in terms of accuracy, time required, and complexity of computation. AHP is outperformed by proposed approach.
The use case scenario presented used stimulated scenarios and data that raises question against the cogency of the proposed study. [10] Additive manufacturing based cloudbased service providing framework is proposed to include both hard and soft services for the ease of customer use. These include data-based testing, design, 3D printing, remote control of printers, and face recognition using AI.
This study understands and provides solution to the real-time consumer or customer problems. Its feature providing framework proves to be easy, feasible, and effective.
The study only provides a framework along with it merit without any details of implementing or developing the framework for real world application. [11] The study is aimed at identifying various determinants that cause deprecation of various ministry of micro, small, and medium enterprises in India, contributing a huge impact on Indian economy. Data is collated from 500 Indian MSMEs. Multiple criteria include social influence, Internet of Things, perceived ease of use, trust, and perceived IT security risk among others.
This study evaluates real-time data from 500 MSMEs that proves its cogency. Moreover, it provides insight that can be directly deliberated by policy makers to create maximum impact.
A comparative analysis with other policy-making insight provider algorithms along with impact of implementing the recommended changes would create more clarity and value for the research. [12] A comparative analysis is performed to obtain the best cloud-based IoT platform for any business or organization by deliberating multiple criteria, functional and nonfunctional requirements among five giants, namely, Azure, AWS, SaS, ThingWorx, and Kaa IoT by application various techniques like analytical hierarchical process (AHP), K-means clustering, and statistical tests.
The hierarchal method of requirement classification provides edge to the method and various statistical tests implemented on the results obtained creates increased sense of cogency or significance to the study.
The cloud-based IoT platforms are limited creating false sense of performance in terms of evaluating more than 5 platforms. Moreover, requirement classification into hierarchy is very time and effort intensive. [13] IoT applications built via cloud-based platforms are assayed for any kind of security challenge or data inconsistency issues that arise due to third party auditors, phishing attacks. It also provides strategies to prevent the same.
The objective of the study is very relevant to the need of the hour, providing valid and much needed information. It also provides recommendations handle the same.
The scope of study is limited to theoretical analysis without any real data implementation or case study to prove the cogency of the points mentioned in the paper. 3.2. Distance-Based Approach. Distance-based approach (DBA) is an effective and efficient MCDM method. Identifying and defining the optimized state of the multiple attributes that are part of the process is the initial gradation in the proposed method. The optimal state represented by the vector OP is the set of best values of criteria over a range of alternatives. The best values can be maximum or minimum, defining the type of criteria.
Reference to Figure 1, as indicated, vector "OP" is the optimal point in a multidimensional space. It acts as a reference point to which the other values of all the alternatives are analyzed to one another quantitatively. In other words, an arithmetical difference of the current values of alternatives from their corresponding optimal values is taken, which represents the ability of the considered alternatives to achieve the optimal state. The decision-making issue which needs to be dealt with is searching for a viable solution on basis of its proximity to the optimal state.
In Figure 1, "H" represents the feasible region and "Alt" as the alternative. The distance-based technique is aimed at determining a point in the "H" region and is in closest proximity to the optimal point.
To implement the above approach, let i = 1, 2, 3, 4… n = alternatives, and j = 1, 2, 3, 4… m = selection attributes. A matrix is created to represent the entire set of alternatives along with their respective criteria, which is shown in (1).  This study poses to create a need for authorization in cloud-enabled IoT systems by assaying various security threats that such a set up encounters via two case studies in order. Proposing control-based authorization system The aim of the study very cogent and current, deliberating recent developments of cloud-based IoT applications. The case studies presented aid to the cause of study while contributing to the significance of the proposed framework.
The framework proposed for controlbased authorization lacks any sense of implementation or efforts towards prototype development. [15] An attack distribution detector is proposed to prevent malfunctioning of trust bounders in IoT-based applications, leading to severe data theft. A downsampler-encoder-based cooperative data generator is proposed to discriminate noisy data that may lead of data theft that malfunction trust boundaries.
The continuous updating and verification of the model provides it optimal results and performance to detection probable data thefts. The model outperforms primordial machine learning and deep learning techniques.
Inclusion of latest hybrid techniques in the domain for comparative analysis could further edify the study's significance. [16] Various cogent issues with IoT middleware are brought to attention while proposing a state of art IoT middleware that can integrate with MQTT, CoAP, and HTTP as application-layer protocols.
The problem addressed by In.IoT framework is cogent, and its relevance has been shown very accurately in the study.
A comparative analysis with classical middleware and latest hybrid techniques could further edify the significance of the study. [17] An intrusion detection technique for cloud-based IoT application is proposed by implementing machine learning, to obtain state of art accuracy and in-depth analysis of source or type of intrusion.
The survey of 95 developments in intelligence-based intrusion detection techniques provides the study significant relevance and ground for comparative analysis with proposed technique.
Though the study shows optimal accuracy, false-positive results still hamper its cogency.

Wireless Communications and Mobile Computing
This matrix is known as the decision matrix [d]. Now, we take the priority weights of these attributes according to the opinions of various experts and calculate their averages. We take the sum of these averages and divide the sum by each of these averages. The result is the creation of another matrix with only one row and columns equal to the number of attributes. This matrix is known as priority weights matrix [PW] as shown in (2).
Using the following Equations (3), (4) and (5), the decision matrix is standardized to minimize the impact of different units of measurement and to simplify the process.
where d j is the average of each attribute for all alternatives.
where S j is the standard deviation of each attribute for all alternatives.
where d ij is the value of each attribute for an alternative and d′ ij is the standardized value of each attribute for an alternative.
The final matrix is known as the standardized matrix [d′] and is represented as in (6). : The best value of each attribute is selected over the set of alternatives. The best values can be maximum or minimum values, depending on the type of attribute specified. The matrix formed using this set of values is known as the optimal matrix [O] as shown in (7).
The distance of each of the alternatives from its optimal state is calculated as the numerical difference between the values of each of the attributes and their corresponding optimum counterparts. The resulting values form a matrix called the distance matrix [O ′ ] as represented in (8).
Each value of this matrix is then squared and multiplied by their corresponding priority weights, as explained by Equation (9).

Wireless Communications and Mobile Computing
The resulting matrix is called the weighted distance matrix [W] as shown in (10).
Equation (11) is used to calculate the composite distance, "CD" between each alternative to the optimal state.
The one-column matrix formed as a result of this equation is called the composite distance matrix [CD] as shown in (12).
The last step of this method involves calculating the rank of each alternative by using their composite distance values. The smallest value gets the 1st rank, the second smallest value gets the 2nd rank, and so on. This is how the DBA MCDM approach is used for cloud service provider selection. Below, Figure 2 represents the model development of the methodology.

Estimation-of-Distribution
Algorithms. These algorithms are general metaheuristics applied in optimization to represent a recent alternative to classical approaches [21]. EDAs build probabilistic models of promising solutions by repeatedly sampling and selecting points from the underlying search space. EDAs typically work with a population of candidate solutions to the problem, starting with the population generated according to the uniform distribution over all admissible solutions [22]. Many distinct approaches have been proposed for the estimation of probability distribution,

Implementation, Results, and Discussions
Evaluating various cloud service providers using DBA (distance-based approach) methodology with Fuzzy Set Theory to calculate ranks based upon selection attributes is described by the following steps: (2) Identification of selection attributes: three major factors were identified which were, namely, quality factors, technical factors, and economic factors. They were further classified as: quality factors (functionality, reliability, usability, efficiency, maintainability, and portability), technical factors (storage capacity, CPU performance, memory utilization, platform design, and network speed), and economic factors (service induction cost, maintenance cost, and promotion cost) after the detailed analysis and intensive study of the cloud service providing industry and its various prerequisites along with understanding the market where this industry thrives ( Figure 3).  Wireless Communications and Mobile Computing distinguishes real-world problems based upon human comprehensive skills rather than absolute Boolean logic. In other words, the fuzzy system implements scales rather than 0/1 for coherent human understanding where 0 represents absolute fallacy, 1 represents absolute truth, and the middle values represent the fuzziness or the fuzzy values. In this study, we have implemented a triple fuzzy number scale which uses a triplet set of the form [a, b, c] with a sensory scale (Tables 2 and 3) [28]. A survey was conducted among a group of 40 selected experts associated with the technical field. The ( Table 2) questionnaire consisted of 14 pristine questions, based upon which a priority weights matrix was created consisting of the weights or values of the assorted attributes. While in the second questionnaire (Table 3), the nine already selected CSPs were appraised on the grounds of the 14 categorized selection attributes by an adept team of 5 experts. The extracted data from the questionnaires mentioned above were converted from a literal scale to TFN (Triple Fuzzy Number) scale, thereby averaged to a fuzzy number (4) Determination of weights and performance ratings: the expert-assigned linguistic terms were first converted into corresponding TFNs using the fuzzy scale and then defuzzied to get crisp score values. The data was extracted from the questionnaires and then evaluated using a combination of the mathematical formulas and concepts of aggregation and average (5) Creating performance rating matrices: a decision matrix of the performance ratings (Figure 4(a)) and a single-row matrix of the priority weights (Figure 4(b)) were created under the supervision of expert guidance using the fuzzy scale and MCDM (6) Calculating standardized matrix: root mean square of each selection attributes is carefully evaluated; furthermore, the mean previously determined is subtracted from each value and simultaneously divided by the corresponding root mean square of that particular selection attribute to get the standardized matrix ( Figure 5).
(7) Creating optimal and distance matrix: the optimal matrix is estimated by targeting the best values of each selected attribute of the standardized matrix ( Figure 6(a)), i.e., the maximum values for quality and technical factors and minimum values for economic factors. Additionally, the distance matrix is calculated by finding the distance between each value of a particular selection attribute with its corresponding best value (Figure 6(b)).
(8) Calculating weighted and composite distance matrix: by squaring the respective values of the distance matrix and multiplying them to the corresponding priority weights, the weighted distance matrix was obtained (Figure 7(a)). The matrix formed was then used to evaluate the composite distance matrix by calculating the square root of the total sum of each alternative (Figure 7(b)).   (9) Ranking of cloud service providers: finally, the alternatives are ranked in decreasing order of their corresponding values in the composite distance matrix. Therefore, the least rank or rank 1 is most preferable while the maximum rank, i.e., rank 9, is least preferable considering the given set of alternatives (Table 4).
The selection of cloud service providers is a problematic task as many decision-making parameters are taken into consideration like security, cost optimization, availability, reliability, and fault tolerance, to name a few. Most of the mentioned factors are not constant and individualistic wherein every consumer who requires a cloud service provider has an almost unique set of demands and requisites, each having selected set of attributes has a different weight than other, i.e., prioritized attributes are not rare. Considering the presented scenario, Multicriteria Decision-Making technique has shown significant efficacy and is implemented in the field widely as it provides both individualistic and concurrent results. Table 4 shows the ranking of nine cloud service providers based on fourteen carefully discerned attributes categorized in three categories, namely, quality factors (functionality, reliability, usability, efficiency, maintainability, and portability), technical factors (storage capacity, CPU performance, memory utilization, platform design, and network speed), and economic factors (service induction cost, maintenance cost, and promotion cost). The step-by-step gradation procedure described above where priority weights and decision matrix are extracted from surveys data using a fuzzy scale, which is then optimized-standardized and refined by priority weights as extracted from user survey data proves to be a simple, effective, and reliable method of action for selection of optimal cloud service provider. Figure 8 shows the graphical representation of the same.

Conclusion and Future Work
Taking into consideration the current extensive use in the cloud-based IoT services for building computation, storage, infrastructure, and other needs has led to a greater demand for an efficient methodology to drive which given cloud service provider meets one's unique and individualistic demands for fulfilling ever-changing solutions in the field of IoT. Given the scenario of current cloud-based IoT applications with multiple service providers and vivid requirements, a lot of decisionmaking criteria and methodologies already exist, some of which include TOPSIS that is a useful and straightforward technique for ranking several possible alternatives according to closeness to the ideal solution, or AHP, or VIKOR which is based on the aggregating fuzzy merit that represents the closeness of an alternative to the ideal solution by compromising between two or more options to get a unified opinion between multiple criteria, and PROMETHEE compares various measures available by the technique of outranking.
Despite the preexisting techniques to classify, evaluate, and rate various IoT-based cloud service providers due to continuously changing set of attributes, challenges user's privacy and security, user authentication, location privacy, disparate demands of customers, and colossus pool of available attributes ranging from performance, cost optimization to quality, it becomes very peculiar to get virtually concurrent results for one's ever-changing characteristics and agility even after discerning the given set of methodologies in the available literature. Therefore, this research meets all the scenarios mentioned above, demands and unique characteristics by using an optimized matrix methodology aided by distance-based approach (DBA), some of its salient features are as follows: (a) Considering a broad set of categories that are further graded into subattributes, i.e., performance, technical and economic factors are individually optimized to get ultimate efficacy (b) Simple, straightforward, reader-friendly, and easily captured and understood by anyone concept and procedure (c) It is obtained by taking into consideration priorities among attributes as extracted from a user by surveyed data Conclusively, in the presented research methodology, a distance-based approach with an optimized approach to 9 Wireless Communications and Mobile Computing consider priorities as set by data extracted from user survey in a simple, lucid yet compelling procedure to select an ideal cloud service provider for IoT applications. This study finds nine alternatives or popular cloud service providers and 14 attributes or deciding criteria.
Privacy and security are the two most emerging challenges in IoT applications as provided by cloud service providers due to the nascent nature of the field. Though IoTbased applications have already been explored from the aspects of privacy and security, implementing IoT applications via cloud-based platforms leads to a new set of possible threats. In future work, this study intends to evaluate variegated cloud-based IoT platforms from the aspects of security and privacy by analysing the same under the purview of three criteria. Firstly, the future work will deal with user's individualistic threats of privacy and security like location privacy, breach of personal information, protection of user's hardware and software devices, and user profile authentication. Other criteria include privacy and security challenges for a multilevel organization, namely, secure route establishment, isolation of malicious nodes, self-stabilization of the security protocol, and preservation of location privacy. Lastly, this study would assay multiple case studies of leading cloudbased IoT platforms' breach of security and privacy to perform a comparative analysis of the same.

Data Availability
The data will be provided based on a request by the evaluation team.

Consent
All the authors of this paper have shown their participation voluntarily.