1. Introduction
The goal of the sustainable utilization of marine resources is to maintain marine life to a certain level and avoid severe marine pollution from aquaculture or vessels. Marine aquatic resources have, as a result of increased human population and climate changes, been on a steep decline. As of current, the global marine catch totals between 85 to 93 million metric tonnes per year [
1], nevertheless, excessive fish catching can exhaust marine resources, which is why countries around the globe have, in recent years, been vehemently promoting aquaculture—especially because aquaculture might be the solution to creating an ample and reliable supply that will meet market needs. In the past, aquatic farms used to be land-based so as to lower costs, many sought out groundwater for water resources, and the overpumping led to land subsidence problem, e.g., in Bangkok [
2], in Shanghai [
3], and in Mekong Delta [
4]. With these in mind, many countries today are instead pushing for offshore aquaculture practices such as offshore cage farming. The practice of offshore aquaculture calls for zone management and cultivation monitoring so authorities can prevent aquafarmers from over-expanding their zone while monitoring whether a zone has been contaminated. Offshore aquafarmers, on the other hand, rely on radio communication and other forms of warning to prevent other vessels from colliding into their cultivation zone. For instance, in cage farming, when there is a typhoon, cages might get relocated to areas less impacted by the weather, which creates issues of zone management, moreover, warnings must be issued during said relocation for collision avoidance.
In light of all this, an offshore IoT-enabled (Internet of Things) vessel tracking system is much called for. Such a system can help keep track of each aquafarmer’s cultivation zone at all times while monitoring whether any such zone has been expanding or relocating its cages, moreover, government officials can utilize the IoT platform to effectively track and monitor offshore aquaculture zones, all the while reducing marine pollution and vessel collision.
Most vessels nowadays come with an Automatic Identification System (AIS) communication system, which is mainly used to locate the position of nearby vessels via GPS for collision avoidance. An AIS system’s GPS feature also helps the vessel with day-to-day navigation and specific procedures like entering a port. Nevertheless, because an AIS system is not encryption-protected in terms of data security [
5] and identity authentication [
6], it may fall prey to message modification attacks such as a launch of false distress signals or collision warnings. Moreover, a malicious party may initiate a denial-of-service attack to meltdown AIS communication while it carries out illegal activities. An AIS system downloads marine forecast information from the nearest marine authority however, if the AIS system and the facility in question fail to establish information security between them, this may give rise to various problems. For instance, if a hacker modifies weather forecast information, then vessels might be manipulated into taking detour or crowding a port for shelter. Hence, it is crucial for an AIS system to have a comprehensive network security mechanism that ensures message authentication, integrity, and non-repudiation.
The approach in [
7] was to utilize multi-access edge computing for computation and storage purposes, reducing the burden on the cloud or fog computing. The authors in [
8] constructed a computational model using mobile edge computing and cloud or fog computing that came with a security mechanism to ensure data security and in addition, the model requires the flexibility for future expansion. In [
9], the authors applied fog and mobile-edge computing to a mobile networking framework for pursuing a sustainable and innovative cellular network. The paper utilized hesitant fuzzy soft sets to resolve the defined multi-criteria decision making problem. With AIS communication, the system receives a plethora of data on other vessels however, since these are data that have never undergone encryption or message authentication, the system needs edge computing for data validation, for instance, determining whether a vessel is traveling at a reasonable speed or whether it has malicious intentions. To vessels that exhibit malicious behavior, the system reports them to the authority and as for legitimate vessels, their data is stored via cloud or fog computing, but the edge computing can effectively relieve the computational burden on the cloud and fog computing with the added ability of processing real-time information.
This paper introduces an edge computing-based network security mechanism for AIS-enabled IoT devices. Our proposed scheme offers the following advantages: (1) Farming zone management can be accomplished using the offshore IoT vessel tracking system, which also warns vessels about nearby farming zones via AIS communication to help prevent collision; (2) the AIS-tailored network security mechanism safeguards message authentication, integrity, and non-repudiation during all AIS communication; and (3) our use of edge computing to filter messages blocks malicious messages from causing vessel collision or course manipulation. Under this mechanism, the system first applies IoT technology to authenticate any AIS communication and then encrypts the message with bilinear pairing before sending it to the cloud server. If the system detects a maliciously modified message or fake message, it notifies the pertaining legal authority for further action. In the paper, message authentication covers two aspects: (1) Message integrity, for which we employ hash technologies to authenticate the integrity of a message, and (2) message validation, for which we examine GPS message contents to determine whether a vessel is issuing fake messages. For instance, if a vessel’s anticipated course, distance, or speed does not match its corresponding data in GPS messages, then the system calls out this fake message. Our system adopts a group key approach in inquiring vessels whether they have truly engaged in collision. The experiment results indicate that our proposed mechanism is not only feasible but also practically applicable. The choice of applying lightweight cryptography in the network security mechanism is to reduce computational complexity for edge computing and lighten the load for cloud computing.
2. Related Works
One of edge computing’s most appealing advantage is that it opens a door to better real-time service. Edge computing can offer users real-time service while easing the computational burden on fog computing. However, one challenge for edge computing is the potentially heavy load of computation, thus many researchers have devised solutions to improve computational capabilities [
10,
11,
12]. In [
10], the authors applied EdgeFlow in mobile edge computing for data offloading. When tasks are evenly distributed to individual edge devices, this not only prevents any single edge device from being overwhelmed with computational tasks but accomplishes real-time service at the same. In [
11], the authors worked on integrating edge computing with IoT to reinforce trust between IoT devices. In the past, IoT devices were usually independent equipment that processed information services single-handedly, which put a cap on how much loading it could handle. By introducing edge computing and reinforcing the trust mechanism between devices, the IoT devices become able to process large amounts of computation and gain better computational capabilities. The paper [
12] adopted many Small Cell Base Stations (SBS) for edge computing. SBS gives advantage because it is effective in data reception from different communication equipment and subsequent service computing and because it can perform distributed computing. These SBS features hugely improve edge computing’s efficacy.
Several studies address the issue of framework compatibility. The work of [
13] offers a comprehensive illustration of the differences in terms of framework and application among cloud, IoT, edge, and fog computing. The authors in [
14] combined software-defined networking with edge computing technology. The problem of compatibility stems from facts such as cloud and fog computing work under different frameworks. The common users hold a myriad of communication devices that somewhat differ in network structure. The use of software-defined networking to accomplish network cloudification and integration with edge computing can effectively solve the problem of framework compatibility.
Some researchers [
15,
16,
17,
18] are dedicated to resolving issues in resource allocation and latency. The authors in [
15] proposed a smart manufacturing computing framework. The paper applies a threshold greedy algorithm to determine resource requirements and computational capability, which significantly improves smart manufacturing’s effectiveness in resource allocation. Meanwhile, the authors of [
16] advocated that integrating edge computing into smart manufacturing yields a computational speed faster than that in fog or cloud computing. Additionally, edge computing can tailor task assignment individually for each smart device, increasing the efficacy of resource allocation. In [
17], the authors analyzed resource allocation in edge computing and introduced a mobile edge computing intrusion detection system. The paper used Lyapunov functions to prove the system’s stability, and the test yielded very promising results. The authors in [
18] suggested integrating edge computing into IoT devices to improve the quality of service. The paper also proposed a novel idea concerning task allocation in edge computing that would elevate the IoT device’s computational capabilities while reducing latency issues.
This work of [
19] discussed data security protection in edge computing. The authors mentioned that edge computing currently lacks protection against security, making it susceptible to cyberattacks and data breaches. Hence, edge computing is in need of lightweight encryption to safeguard its data security. The authors in [
20] adopted an ID-based distributed authentication of data. For any given party, they need only the other party’s ID to apply bilinear pairings for an authentication of legitimacy, which would subsequently verify the data’s integrity and authentication. Another proponent of ID-based cryptography, the paper [
21] applied ID-based encryption to construct a privacy and data security mechanism for vehicular ad hoc networks. Through an ID-based mechanism, the system was able to effectively generate anonymous IDs for vehicles, and when a vehicle engages in illegal activity, the system is capable of tracing that vehicle’s real ID. Meanwhile, the paper [
22] uses bilinear pairings to generate data signatures that could effectively authenticate the data’s accuracy. Also adopting pairing-based cryptography, the authors [
23] used bilinear pairings to create a security mechanism that does not make use of public/private key authentication. It can counteract the processing time wasted in public/private key authentication while still providing comprehensive security.
In our proposed system, we adopt bilinear pairings to construct a network security mechanism that integrates edge computing for the purpose of verifying data authenticity. In addition, the system utilizes IoT devices to conduct farming zone management in offshore aquatic farms. Our proposed system can serve as a relay station that assists vessels in the open sea with message authentication, enhancing the security of AIS communication systems and safety at sea for vessels.
3. Background
In this section, we will discuss the cryptographic techniques and concepts featured in this paper, including bilinear pairings and group key, and introduce our proposed system model.
3.1. Bilinear Pairings
Suppose
and
are additive groups and multiplicative groups, and they are both of the same prime order
q.
P,
Q is
’s generator and the bilinear pairing function is
. Then the bilinear pairings are defined as follows [
24,
25]:
- (1)
Bilinear: and ; ; for all ;
- (2)
Non-degeneracy: such that ;
- (3)
Computable: There exists an efficient algorithm to compute , for .
In [
26], bilinear pairings were successfully applied as an encryption method. The work of [
27] took a step further and accomplished fast encryption using bilinear pairings in an embedded system. In this paper, we employed ID-based Cryptography (IBC) [
28] for identity authentication. IBC is created on the basis of bilinear pairings. Two parties must each have a private key that uses the same secret key and subsequently, one side needs only to obtain their counterpart’s ID to generate a public key. Then, this party takes their own private key and their counterpart’s public key to create a bilinear map, which establishes a common session key that both sides can use for Symmetric Encryption (SE) of data.
3.2. Group Key: Basic Concepts
Our proposed system uses group key to generate the public/private keys between a vessel within range and the IoT vessel tracking system. Furthermore, the public/private keys are then used for encryption in data transmission and generating a common session key.
Suppose the IoT vessel tracking system is . ’s group public key is ; ’s group private key is ; ’s group public value is ; ’s group Hash-based Message Authentication Code (HMAC) public value is . Following all this, the vessel AIS communication systems are represented by . will generate, for , their public key , private key , and group public value . will send its secret key (v) to and it will serve as HMAC’s key. Upon calculation, I1 will give their group HMAC public value .
When
and
want to establish a common session key
, they only need their own private key and the other party’s public key to generate it. The computation is
. The two parties can simply use
to process symmetric encryption. If
wants to broadcast a message (
M) to other vessels,
can use
to compute a HMAC and then use
, a as HMAC’s session key while it releases
a,
, and
. Upon receiving the HMAC, other vessels can compute
, followed by using
to determine whether there is a match. If it is indeed a match, then it confirms that the message was sent by
and that
is a legitimate user.
Table 1 is an illustration of the symbols employed in this paper.
3.3. System Model
Figure 1 is an illustration of our proposed scheme. In this paper, we installed maritime positioning sensors
on the offshore aquafarm. These sensors utilize AIS communication to periodically broadcast messages that notify other vessels of the location of this stationary farm. Moreover, they help government units conduct offshore aquafarming management. Each of
represents one IoT vessel tracking system, which receives data via AIS communication and has access to 5G network. After
receives GPS data from
, the system judges whether there has been any change to the farming zone.
Meanwhile, also collects AIS communication data from all vessels and proceeds to determine whether every piece of information is correct. If any anomaly is detected, the system submits a warning to fog computing on the other hand, legitimate data is collected and then transmitted to fog computing. Our proposed communication method processes all message transmission using a network security mechanism. The proposed method utilized edge computing technologies to perform anomaly detection on the AIS communication data. Anomalies are reported to fog computing while managing authorities are notified for further actions. Our approach can effectively reduce the computational burden in fog computing. This paper judges a data packet’s validity by the vessel’s AIS system without the necessity of transmitting every packet to the cloud system or server for authentication, which will reduce the computing and communication workloads of the cloud system or server, enabling the AIS system to achieve the technical capacity that is comparable to edge computing. When the AIS system notices an abnormal packet, it will send the packet to the fog networking for storage and government agency reports and edge computing can reduce fog storage and distribute the calculation loading to each AIS system.
4. The Proposed Scheme
4.1. System Initialization and Group Symmetric Encryption
By applying bilinear pairings, the paper constructed an all-around network security mechanism. Suppose TA is an impartial government unit. The system will first compute security coefficient of TA and , such as the public and private keys, using the following equations:
- (1)
TA chooses as the secret key; r represents the public value.
- (2)
TA’s ID is for which the public key is and the private key is .
- (3)
TA’s public value is .
Next, we compute the public key and private key of using the following equation:
- (1)
In’s public key is ;
- (2)
In’s private key is .
represents TA-authenticated, legitimate stationary IoT equipment. The next step for
is to configure security coefficient such as group public key. For
. If
wishes to send private messages to
, then
’s group public key can be deduced from
’s ID.
can use its own
to compute a common session key using the equation:
Following the above, applies Symmetric Encryption (SE) using before transmitting the message to . Upon receiving the encrypted text, will first compute the common session key. Then, it will decrypt and authenticate whether the decrypted contents and are a match. If they are identical, it indicates message integrity. Since s is known only to I1, no other user can uncover s using their private key. In sum, is known only to and .
4.2. Group Message Broadcasting
The paper designed a group message broadcasting system for communication between stationary IoT devices or vessels in a group. Under our scheme, if, for instance, wants to relay vessel information to other vessels and devices in the group, then must first compute as well as the broadcast message . Then, will broadcast the message to all the vessels in the group. Upon reception, the other vessels begin to authenticate whether the message indeed came from by computing , in which . If the result is positive, then it confirms that the identity is authentic because only knows . Additionally, only knows v, which helps prove that the message was really relayed by . Meanwhile, undergoes HMAC decryption to compute the integrity and if the result is correct then it is an indication that the message has not been modified.
4.3. Group Key Update
regularly updates the key of each vessel in the group in order to prevent a secret key from overexposure and brute force attacks. Meanwhile, if a group member turns out malicious, engaging in false message relay, then in order to prevent this malicious vessel from flooding and interfering the system with a vast number of false messages, every member in every pair within will use the common session key unique to themselves and another paired member in to update its security coefficient using the following computation:
First of all, uses to encrypt the new security coefficient before submitting it to , next, computes the new , encrypts it using , and sends it back to . At this point, recalculates and generates ’s new group key, which then encrypts using and transmits it to . Upon reception, decrypts and uses that new group key to generate a new common session key, , which encrypts and sends to . Once has successfully decrypted and confirmed the message’s authenticity, the group key update is now complete.
4.4. Tracking Management System
The offshore aquaculture tracking system in this paper utilizes AIS communication and GPS sensors to track and position an aquatic farm. As shown in
Figure 1, this work installed stationary IoT devices
by the shore. These devices carry two types of wireless communication technologies—one is AIS communication and the other one is 5G network.
obtains the GPS location of tracking devices
via AIS communication.
issues AIS notification messages to other vessels, helping them avoid collision or entering a farming zone. Additionally,
are also capable of calculating whether
have been moved using the Algorithm 1.
Here,
stands for the previously obtained GPS location while
represents the current GPS location.
D represents the distance function of these two locations while
represents the speed as shown in the GPS data. Given the impact of wave motions in the sea, it may cause
to move within a slight range. With help from our tracking management system, we first determine whether the difference between the GPS location and the current location is greater than the threshold. If yes, then it is indication that the aquafarmer is expanding their farming zone, which can lead to disputes between farmers over farming zones and fish products. Another issue that can benefit from the tracking management system is that, during certain weather conditions, some aquafarmers will haul their farm to a zone less impacted by the weather. However, if they are to move their farm, they should notify the managing authority to prevent collision into other vessels. Last but not least, the managing authority can have knowledge of when and where a farm is being hauled to through our tracking system.
Algorithm 1 Determine whether the farming zone has shifted. |
ifthen Issue warning and notify the managing authority else Safe end if Determine whether the speed in the GPS data is above the threshold value; if yes, then the aquatic farm is on the move ifthen Issue warning and notify the managing authority else Safe end if
|
4.5. Edge Computing
The paper utilizes edge computing to determine whether any AIS communication data is trustworthy. An AIS system stores GPS data that serves mainly for the purpose of positioning a vessel. These GPS data include information such as vessel position, speed, and course. This work makes use of such GPS data as well as signal frequency as a referential tool to help identify and prevent malicious vessels from launching false signal attacks and interference. Our system will first identify the vessel’s speed. This is because vessels generally travel at a fixed speed hence, if there exists a speed difference between earlier and later data, and that difference is greater than the threshold value, then the system judges it an anomaly. The system then issues warnings and notifies the authority. The determination is based on the Algorithm 2.
Algorithm 2 Determination of vessel speed. |
Determine whether the difference between GPS-based speed from before and after is above the threshold value ifthen Issue warning and notify the managing authority else Safe end if
|
Here,
stands for vessel
’s speed as per the GPS data. Next, the system determines the vessel’s course. The rationale is that a vessel’s course can hardly make a swift turn of a significant angle. The algorithm applied here is Algorithm 3.
Algorithm 3 Determination of GPS-based heading angles. |
Determine whether the difference between the GPS-based heading angles is greater than the threshold value ifthen Issue warning and notify the managing authority else Safe end if
|
Here, stands for vessel ’s speed as shown in the GPS data. If a vessel issues an abnormal distress signal, the system will compute the number of times that the vessel’s AIS communication system has transmitted any data. If the number of times is scarce and yet it is calling for help, then the system issues a warning for the detection of anomaly. Under our proposed scheme, will transmit data on to TA, but TA only needs to store the data and not perform additional computation, which reduces computing in TA.
6. Conclusions
With global population growth, the demand for fish products has been increasing gradually. For accomplishing the aspiration of the sustainable utilization of marine resources, many farmers have developed mariculture for growing fish yield. This article monitored vessels and mariculture areas by AIS. When vessels approach a farming zone, the farming zone requires warnings to prevent vessels from colliding into farms. To solve the above-mentioned problem, the paper provided an AIS-based warning mechanism of a sustainable marine environment.
The highlight of our proposed system is the network security mechanism that utilizes the GPS data available in an AIS system for message detection to determine the reasonability of a vessel’s data. Our approach is to apply bilinear pairings in constructing a specific network security mechanism for sustainable marine. The advantages of our system include safeguarded authentication in terms of data origin, privacy, and integrity. Moreover, in order to relieve computational burden on fog computing, we introduced edge computing to help process and determine data accuracy, thus only if the data is accurate will it be uploaded in batches to fog computing. The upside is that fog computing now only needs to store the data and not conduct additional computing.
We put the proposed system to practice in actual operation, and the testing results proved that our system could effectively reduce fog computing’s computational burden. Furthermore, our proposed network security mechanism is capable of successful processing within reasonable computation time for a secure and sustainable marine environment. For each piece of broadcast information, it only took the system 9.47 ms to complete signature and authentication. In sum, our system is a mechanism of lightweight security and it can effectively ensure secure communication with vessels for the sustainable marine.