Received December 8, 2019, accepted December 17, 2019, date of publication December 20, 2019, date of current version December 31, 2019. Digital Object Identifier 10.1109/ACCESS.2019.2961270 Achieving Privacy-Preserving Subset Aggregation in Fog-Enhanced IoT HASSAN MAHDIKHANI 1 , SAMANEH MAHDAVIFAR 1 , RONGXING LU 1 , (Senior Member, IEEE), HUI ZHU 2 , (Senior Member, IEEE), AND ALI A. GHORBANI 1 , (Senior Member, IEEE) 1 Faculty of Computer Science, University of New Brunswick, Fredericton, NB E3B 5A3, Canada 2 School of Cyber Engineering, Xidian University, Xi’an 710071, China Corresponding author: Rongxing Lu (rlu1@unb.ca) This work was supported in part by the NSERC Discovery under Grant 04009, in part by the NBIF Start-Up under Grant Rif 2017-012, and in part by the NSFC under Grant 61672411. ABSTRACT Fog-enhanced IoT (Internet of Things) is a fast-growing technology in which many firms and industries are currently investing to develop their own real-time and low latency scenarios. Compared with the traditional IoT, fog-enhanced IoT can offer a higher level of efficiency and stronger security by providing local data pre-processing, filtering, and forwarding mechanisms. However, fog-enhanced IoT faces some security and privacy challenges, since fog nodes are deployed at the network edge and may not be fully trustable. In this paper, we present a new privacy-preserving subset aggregation scheme, called PPSA, in fog-enhanced IoT scenarios, that enables a query user to gain the sum of data from a subset of IoT devices. To identify the subset, inner product similarity of the normalized vectors in the query user side and each IoT device is securely computed. If the inner product is greater than the user’s specified threshold, IoT device’s data will be privately aggregated to form the final response. To successfully launch privacy-preserving subset aggregation in the proposed scheme, we employ the Paillier homomorphic encryption to encrypt user’s attribute vector, similarity threshold, IoT end-devices’ data, as well as the intermediate results. To the best of our knowledge, this work is the first one to address the privacy-preserving subset aggregation in fog-enhanced IoT. We analyze and extensively evaluate the efficiency and security of the proposed PPSA scheme, and the detailed analysis and results indicate that our proposed PPSA scheme can practically achieve privacy-preserving subset aggregation with significant communication and computational cost saving. INDEX TERMS Internet of Things, fog computing, privacy-preserving, subset aggregation. I. INTRODUCTION IoT (Internet of Things) has recently attracted considerable attentions from both academia and industry, as it can make a significant impact on every aspect of our daily lives, e.g., offering a wide range of services from smart home [1], smart building [2], smart health care [3], to smart grid [4]. To be more precise, IoT is a network of interrelated computing devices, namely IoT devices, each device is equipped with the capability of sensing the surrounding data. Besides, owning to the communicating capability, IoT devices can also report the sensed data to a third party, e.g, a cloud server, for further storing and processing the data. The associate editor coordinating the review of this manuscript and approving it for publication was Mohammad Anwar Hossain . Despite all the advantages involved with IoT, IoT still suffers from some security, privacy, and efficiency-related shortcomings [5]. For instance, as the number of IoT devices grows, more data are needed to be transmitted to the third party with higher frequency. Consequently, the underlying infrastructure would face big data issues in communication bandwidth and latency. To address this challenge, we can enhance IoT infrastructure with fog computing [6] to sub- stantially decrease the processing delay, provide real-time computation, reduce the volume of the reported data, and secure networking services. Essentially, fog computing extends the data processing capabilities of cloud computing by carrying out IoT-enabled applications at the edge of the network, with more real-time response. The goal of the fog-computing based IoT is to 184438 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/ VOLUME 7, 2019